fix(cli): follow 307 redirects in MiniMax OAuth httpx clients

[amitgaur]

What & Why

The MiniMax OAuth API endpoints have moved from api.minimax.io to account.minimax.io and the old paths now respond with HTTP 307. httpx defaults to follow_redirects=False (unlike requests), so the device-code and token-refresh flows currently fail with:

MiniMax OAuth authorization failed: Temporary Redirect

This patch adds follow_redirects=True to the two httpx.Client instances in hermes_cli/auth.py used by the MiniMax OAuth flow:

1. The client wrapping _minimax_request_user_code + _minimax_poll_token (device-code flow).
2. The client used by _refresh_minimax_oauth_state (refresh-token flow).

This is forward-compatible: if the endpoints move again, the redirect chain is followed automatically. Note also that the upstream redirects are asymmetric (/oauth/code -> oauth2/device/code, /oauth/token -> oauth2/token), so a hardcoded URL fix would need to special-case both paths -- redirect-following sidesteps that. The constants at lines ~78-79 (MINIMAX_OAUTH_GLOBAL_BASE etc.) are intentionally untouched; if maintainers want hardcoded URLs as defense-in-depth that's a separate change.

How to test

Repro before patch (without the fix, both POSTs return 307):

curl -i -X POST https://api.minimax.io/oauth/code
# -> HTTP/2 307, location: https://account.minimax.io/oauth2/device/code

curl -i -X POST https://api.minimax.io/oauth/token
# -> HTTP/2 307, location: https://account.minimax.io/oauth2/token

After patch:

• hermes model -> "MiniMax via OAuth browser login" completes the device-code flow successfully.
• Token refresh on a stored credential succeeds.
• pytest tests/test_minimax_oauth.py -- all 15 existing tests still pass.

Test plan

• Verified end-to-end against a real MiniMax Plus account on macOS (Darwin 25.4.0, Python 3.11).
• tests/test_minimax_oauth.py (15 tests, mocked httpx) all pass after the change.
• Cross-platform: change is a one-keyword kwarg on httpx.Client; no platform-specific surface.

Notes / scope

• One logical change. Bug fix only. No refactor, no new tests.
• A separate issue has been filed for an unrelated MiniMax server-side bug (stale verification_uri host) -- not bundled here.
• A separate issue has been filed for a hermes setup quick-wizard UX bug (auth errors swallowed silently) -- not bundled here.

[teknium1]

Salvaged via #19392 onto current main — your commit's authorship was preserved. Thanks @amitgaur!

[teknium1]

Thanks @amitgaur — great diagnosis and clean fix. Landed on main as 65bebb9 via cherry-pick, so your authorship is preserved in git log (Author: Amit Gaur <amitgaur@gmail.com>). GitHub shows this PR as closed rather than merged because of the cherry-pick path, but the change is live.

Community user hit the exact "MiniMax OAuth authorization failed: Temporary Redirect" in Discord today, so the timing was perfect — appreciated.