Skip to content

MiniMax: quota utilization history and reset-time display#1983

Closed
Yuxin-Qiao wants to merge 7 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-quota-utilization
Closed

MiniMax: quota utilization history and reset-time display#1983
Yuxin-Qiao wants to merge 7 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-quota-utilization

Conversation

@Yuxin-Qiao

Copy link
Copy Markdown
Contributor

Summary

Split from #1821 (PR C). Merge after #1981 (can land in parallel with the dashboard PR).

  • Record MiniMax Session / Weekly quota utilization samples
  • Subscription Utilization submenu (Codex-style chart)
  • Menu bar nearest reset window for MiniMax
  • MenuBarMetricWindowResolver nearest-reset helper

Test plan

  • swift build
  • swift test --filter UsageStorePlanUtilization
  • swift test --filter MenuBarResetTimeDisplay

Merge order

  1. MiniMax: Token Plan recharge credits and web session enrichment #1981 (credits + web enrichment)
  2. This PR

Made with Cursor

Yuxin-Qiao and others added 2 commits July 8, 2026 11:29
Add token_plan_credit enrichment for cookie-backed refreshes, MiniMax Agent
desktop cookie import, API-token web enrichment resolver, and menu credit display.

Co-authored-by: Cursor <cursoragent@cursor.com>
Record Session and Weekly quota samples, show subscription utilization charts,
and prefer the nearest MiniMax reset window in the menu bar.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper

clawsweeper Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codex review: needs changes before merge. Reviewed July 8, 2026, 9:44 AM ET / 13:44 UTC.

Summary
The branch adds MiniMax quota utilization recording/charting and nearest reset-time display while also carrying stacked MiniMax web-session credit enrichment, token-cost flag changes, docs, changelog, and tests.

Reproducibility: yes. Source inspection at the latest head shows MiniMax token-cost support is enabled while the cost fetcher and provider-snapshot bridge still have no MiniMax path, and the desktop cookie importer can reach Keychain-backed decryption without an opt-out gate.

Review metrics: 3 noteworthy metrics.

  • Diff size: 41 files, +2876/-193. The branch spans provider auth/enrichment, menu UI, docs, changelog, and tests, so green CI alone would not settle the merge boundary.
  • Stack dependency: 2 open adjacent PRs. The PR body depends on the credit split and overlaps the dashboard split's MiniMax token-cost path.
  • Source blockers since last review: 0 source files changed after prior reviewed SHA. The latest commit changed tests only, so the prior token-cost source blocker remains unresolved.

Root-cause cluster
Relationship: canonical
Canonical: #1983
Summary: This PR is the quota-utilization split from the closed broad MiniMax PR, with open adjacent split PRs for credit/web-session enrichment and dashboard/token-cost support.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🦪 silver shellfish
Result: blocked by patch quality or review findings.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Keep MiniMax token-cost support disabled in this branch or rebase after the dashboard PR that provides the usage-summary token snapshot path.
  • Resolve the MiniMax Agent cookie/Keychain opt-out blocker in the prerequisite web-session PR before merging this stacked branch.

Risk before merge

  • [P1] MiniMax token-cost support is enabled in this quota split while this head has no MiniMax token snapshot path, so cost refresh can surface an unsupported-provider error for MiniMax users.
  • [P1] The branch carries MiniMax desktop/browser/manual cookie enrichment from the prerequisite PR; the automatic Agent cookie path can enter Keychain-backed decryption before honoring the Keychain opt-out setting.
  • [P1] The PR is stacked across open MiniMax credit and dashboard splits, so merge order matters: this branch should not land as a standalone main merge without resolving those prerequisite contracts.

Maintainer options:

  1. Fix split blockers before merge (recommended)
    Keep MiniMax supportsTokenCost false unless the dashboard token snapshot path is present, gate Agent cookie import behind KeychainAccessGate, and remove the release-owned changelog edit.
  2. Merge only after stack resolution
    Wait for the credit and dashboard PRs to merge or be explicitly accepted, then rebase this branch so reviewers assess only the quota-specific remainder.
  3. Pause for a narrower split
    Close or pause this branch if maintainers want MiniMax credential enrichment and dashboard cost support reviewed separately before quota UI changes land.
Copy recommended automerge instruction
@clawsweeper automerge

Special instructions:
Keep MiniMax ProviderTokenCostConfig.supportsTokenCost false unless the MiniMax usage-summary token snapshot implementation is present; honor KeychainAccessGate.isDisabled before any MiniMaxDesktopCookieImporter Keychain-backed decryption path; remove the CHANGELOG.md MiniMax entries and keep release-note context in the PR body; preserve the MiniMax quota utilization and reset-time behavior.

Next step before merge

  • [P2] A repair lane can address the concrete source blockers, but final merge still needs maintainer approval for the MiniMax credential boundary.

Maintainer decision needed

  • Question: Should this quota-utilization PR be allowed to carry MiniMax Agent/browser web-session enrichment and token-cost enablement before the credit and dashboard splits land, or should it be narrowed/rebased after those PRs?
  • Rationale: Automation can repair the source blockers, but the permanent MiniMax cookie/session and Keychain boundary is a maintainer product/security decision.
  • Likely owner: Peter Steinberger — Peter has the strongest current-main history across the MiniMax provider and repository-level credential/privacy behavior.
  • Options:
    • Repair then merge after prerequisites (recommended): Fix the token-cost flag, Keychain opt-out, and changelog issues here, then merge only after the credit and dashboard split contracts are accepted.
    • Accept the stacked boundary here: Maintainers may intentionally let this PR carry the web-session and token-cost behavior, accepting the larger credential and upgrade review surface.
    • Request a narrower quota branch: Ask for a quota/history/reset-time-only branch that excludes MiniMax Agent cookie import and dashboard/token-cost changes.

Security
Needs attention: The inherited MiniMax desktop-cookie importer can enter a Keychain-backed decryption path before honoring the Keychain opt-out setting.

Review findings

  • [P1] Keep MiniMax token cost disabled until dashboard support lands — Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31
  • [P2] Honor Keychain opt-out before Agent cookie import — Sources/CodexBarCore/Providers/MiniMax/MiniMaxWebEnrichmentResolver.swift:85
  • [P3] Remove the release-owned changelog entries — CHANGELOG.md:7-8
Review details

Best possible solution:

Keep MiniMax token-cost support disabled in this quota split unless the dashboard token-snapshot path lands first, resolve the MiniMax web-session boundary in the prerequisite PR, and keep release notes in the PR body.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection at the latest head shows MiniMax token-cost support is enabled while the cost fetcher and provider-snapshot bridge still have no MiniMax path, and the desktop cookie importer can reach Keychain-backed decryption without an opt-out gate.

Is this the best way to solve the issue?

No. The quota/history direction is useful, but this split should not enable MiniMax token-cost support or carry unresolved Agent cookie behavior unless the prerequisite dashboard and credit boundaries are already accepted.

Full review comments:

  • [P1] Keep MiniMax token cost disabled until dashboard support lands — Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift:31
    This branch still flips MiniMax supportsTokenCost to true, but this head has no MiniMax provider-snapshot bridge and CostUsageFetcher still rejects MiniMax as unsupported. Keep the flag false here or include the dashboard split's usage-summary token snapshot path so MiniMax does not expose cost refresh behavior that cannot succeed.
    Confidence: 0.94
  • [P2] Honor Keychain opt-out before Agent cookie import — Sources/CodexBarCore/Providers/MiniMax/MiniMaxWebEnrichmentResolver.swift:85
    Late discovery for this PR: the MiniMax Agent candidate path can call MiniMaxDesktopCookieImporter.importSession(), and that importer can query Safe Storage through Keychain before checking KeychainAccessGate.isDisabled. Gate the desktop importer/decryption path before any Keychain-backed read so the user opt-out is real.
    Confidence: 0.9
    Late finding: first raised on code an earlier review cycle already covered.
  • [P3] Remove the release-owned changelog entries — CHANGELOG.md:7-8
    Late discovery for this PR: repository policy keeps CHANGELOG.md release-owned, so feature branches should keep this wording in the PR body instead of editing the unreleased changelog directly.
    Confidence: 0.86
    Late finding: first raised on code an earlier review cycle already covered.

Overall correctness: patch is incorrect
Overall confidence: 0.91

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against aa401f1d8b74.

Label changes

Label changes:

  • add rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦞 diamond lobster and patch quality is 🦪 silver shellfish.
  • remove rating: 🦐 gold shrimp: Current PR rating is rating: 🦪 silver shellfish, so this older rating label is no longer current.

Label justifications:

  • P2: This is a normal-priority MiniMax provider feature with concrete correctness and credential-boundary blockers but limited blast radius to MiniMax users.
  • merge-risk: 🚨 compatibility: The PR changes MiniMax cost capability flags, dashboard URLs, provider defaults, and release-visible behavior that existing MiniMax users can notice after upgrade.
  • merge-risk: 🚨 auth-provider: The PR changes MiniMax credential-source ordering and enriches API-token refreshes from web cookies and group-id context.
  • merge-risk: 🚨 security-boundary: The PR adds automatic MiniMax Agent desktop cookie import and a Keychain-backed Safe Storage decryption path.
  • rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦞 diamond lobster and patch quality is 🦪 silver shellfish.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (linked_artifact): The linked split parent provides live MiniMax Plus screenshots for the utilization UI and redacted CLI output for the same web-session enrichment stack.
  • proof: sufficient: Contributor real behavior proof is sufficient. The linked split parent provides live MiniMax Plus screenshots for the utilization UI and redacted CLI output for the same web-session enrichment stack.
Evidence reviewed

Security concerns:

  • [medium] Keychain opt-out bypass for MiniMax Agent cookies — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177
    MiniMaxDesktopCookieImporter.importSession() can derive encrypted cookie keys through KeychainSecurity.copyMatching after KeychainNoUIQuery.apply, but the PR does not gate that path on KeychainAccessGate.isDisabled.
    Confidence: 0.9

Acceptance criteria:

  • [P1] swift test --filter MenuCardModelTests.
  • [P1] swift test --filter MiniMaxProviderTests.
  • [P1] swift test --filter MiniMaxWebEnrichmentResolverTests.
  • [P1] swift test --filter UsageStorePlanUtilization.
  • [P1] swift test --filter MenuBarResetTimeDisplay.

What I checked:

Likely related people:

  • Peter Steinberger: Current-main blame and GitHub commit history tie Peter to the MiniMax provider descriptor, billing summaries, provider registration, fallback handling, and the repository-level Keychain/privacy boundary. (role: feature-history owner and recent area contributor; confidence: high; commits: 17cdc54b26fa, af202b462bdf, 22a07ef225df; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBarCore/CostUsageFetcher.swift)
  • Yuxin-Qiao: Yuxin has prior merged MiniMax token-plan/quota display and reset-time menu-bar work on main in addition to proposing this split PR. (role: recent MiniMax and reset-display contributor; confidence: high; commits: d00c6c0f523d, 645ca833df31, da3b758f4bcc; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBar/MenuCardView+MiniMax.swift, Sources/CodexBar/StatusItemController+CountdownRefresh.swift)
  • XWind: XWind carried several MiniMax token-plan quota, fallback, and display commits in the same provider surface this PR extends. (role: adjacent MiniMax token-plan contributor; confidence: medium; commits: 65a41cbee9b3, 90368202df70, bfff3dfe494a; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBar/MenuCardView+MiniMax.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (4 earlier review cycles)
  • reviewed 2026-07-08T03:45:42.981Z sha a568631 :: needs changes before merge. :: [P1] Restore the debug-aware button title overload | [P2] Keep the browser cooldown expectation aligned with the gate
  • reviewed 2026-07-08T04:31:01.468Z sha 9cf14ab :: needs changes before merge. :: [P1] Preserve Codex reset refresh scheduling | [P2] Keep silent Codex cards silent when credits are absent
  • reviewed 2026-07-08T05:49:54.617Z sha 6e6efba :: needs changes before merge. :: [P1] Preserve Codex reset refresh scheduling
  • reviewed 2026-07-08T06:41:02.386Z sha 6398590 :: needs changes before merge. :: [P1] Keep token cost disabled until the dashboard code lands

Move menuBarResetTimeWindow into the countdown refresh extension.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jul 8, 2026
Restore now-parameter signatures, debug button titles, and Codex combined-lane
selection while keeping MiniMax-specific reset-time routing.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels Jul 8, 2026
Yuxin-Qiao and others added 2 commits July 8, 2026 13:43
Co-authored-by: Cursor <cursoragent@cursor.com>
Keep menuBarResetTimeWindow for reset-time display while reusing upstream
projection-based scheduling for Codex lane transitions.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jul 8, 2026
Sync browser gate expectations to upstream and drop usage_summary host
requests that this PR does not emit.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. labels Jul 8, 2026
@Yuxin-Qiao

Copy link
Copy Markdown
Contributor Author

Closing for now — need to revisit the approach; current changes need more work before merge.

@Yuxin-Qiao Yuxin-Qiao closed this Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant