fix(minimax): harden OAuth dashboard and runtime#24123
Closed
austinpickett wants to merge 8 commits into
Closed
Conversation
Handle MiniMax OAuth expiry values consistently across CLI and dashboard flows, fix CLI status/add behavior, and force pooled OAuth runtime requests through Anthropic Messages. Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
🔎 Lint report:
|
| Rule | Count |
|---|---|
invalid-argument-type |
2 |
First entries
hermes_cli/auth.py:4056: [invalid-argument-type] invalid-argument-type: Argument to function `get_api_key_provider_status` is incorrect: Expected `str`, found `(str & ~Literal["spotify"] & ~Literal["nous"] & ~Literal["openai-codex"] & ~Literal["qwen-oauth"] & ~Literal["google-gemini-cli"] & ~Literal["minimax-oauth"] & ~Literal["copilot-acp"]) | None`
hermes_cli/auth.py:4054: [invalid-argument-type] invalid-argument-type: Argument to bound method `dict.get` is incorrect: Expected `str`, found `(str & ~Literal["spotify"] & ~Literal["nous"] & ~Literal["openai-codex"] & ~Literal["qwen-oauth"] & ~Literal["google-gemini-cli"] & ~Literal["minimax-oauth"] & ~Literal["copilot-acp"]) | None`
✅ Fixed issues (2):
| Rule | Count |
|---|---|
invalid-argument-type |
2 |
First entries
hermes_cli/auth.py:4052: [invalid-argument-type] invalid-argument-type: Argument to bound method `dict.get` is incorrect: Expected `str`, found `(str & ~Literal["spotify"] & ~Literal["nous"] & ~Literal["openai-codex"] & ~Literal["qwen-oauth"] & ~Literal["google-gemini-cli"] & ~Literal["copilot-acp"]) | None`
hermes_cli/auth.py:4054: [invalid-argument-type] invalid-argument-type: Argument to function `get_api_key_provider_status` is incorrect: Expected `str`, found `(str & ~Literal["spotify"] & ~Literal["nous"] & ~Literal["openai-codex"] & ~Literal["qwen-oauth"] & ~Literal["google-gemini-cli"] & ~Literal["copilot-acp"]) | None`
Unchanged: 4305 pre-existing issues carried over.
Diagnostics are surfaced as warnings — this check never fails the build.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the MiniMax OAuth integration across CLI, dashboard (web_server), and runtime provider resolution by normalizing MiniMax token expiry formats and preventing stale configuration from routing MiniMax OAuth traffic to the wrong API path.
Changes:
- Centralizes MiniMax
expired_inparsing to correctly handle both TTL-seconds and unix-ms absolute expiry values, and reuses it in login/refresh and the dashboard poller. - Updates
hermes authbehaviors for MiniMax OAuth:auth statusdispatches to MiniMax OAuth status, andauth add minimax-oauthnow initiates the login flow and persists a usable pool entry. - Forces pooled
minimax-oauthruntime credentials to useanthropic_messagestransport to avoid stalechat_completionsconfig causing/anthropic/chat/completions404s; adds regression tests for all touched flows.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
web/package.json |
Adds a Node engine constraint to warn early on unsupported Node versions for the Vite 7-based dashboard build. |
hermes_cli/auth.py |
Adds centralized MiniMax expiry normalization and routes generic auth status to MiniMax OAuth status. |
hermes_cli/web_server.py |
Uses the shared MiniMax expiry resolver in the dashboard poller to avoid out-of-range timestamps. |
hermes_cli/auth_commands.py |
Makes auth add minimax-oauth start the OAuth flow and persist an OAuth pool entry (access + refresh + base URL). |
hermes_cli/runtime_provider.py |
Forces pooled MiniMax OAuth runtime to anthropic_messages regardless of stale config api_mode. |
tests/test_minimax_oauth.py |
Adds unit coverage for expiry normalization, refresh absolute-ms handling, and generic auth status dispatch. |
tests/hermes_cli/test_web_oauth_dispatch.py |
Adds regression coverage for dashboard poller handling absolute-ms expired_in. |
tests/hermes_cli/test_runtime_provider_resolution.py |
Adds regression coverage ensuring pool-based MiniMax OAuth resolution forces anthropic_messages. |
tests/hermes_cli/test_auth_commands.py |
Adds regression coverage ensuring auth add minimax-oauth initiates login and persists a pool entry. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Avoid the quarantined mistralai package in broad extras and mark an already POSIX-gated process-group kill for the Windows footgun scanner. Co-authored-by: Cursor <cursoragent@cursor.com>
Keep the platform command e2e suite focused on the /new reset path by disabling destructive slash confirmation in its mocked runner fixture. Co-authored-by: Cursor <cursoragent@cursor.com>
Update stale gateway and auxiliary-client tests for current defaults, harden media delivery and API kwargs helpers for partial fixtures, and keep process-scan tests on the intended ps fallback path. Co-authored-by: Cursor <cursoragent@cursor.com>
Keep plugin auth assertions focused on middleware behavior and patch vision fast-path config readers directly in the native-vision test. Co-authored-by: Cursor <cursoragent@cursor.com>
Keep auth status output from echoing provider-sourced values so CodeQL does not flag token-derived metadata as clear-text sensitive logging. Co-authored-by: Cursor <cursoragent@cursor.com>
Prevent CodeQL from treating the CLI provider argument as sensitive data in auth status output. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
|
Merged via #24165 — cherry-picked your MiniMax OAuth commit (4817327) onto current main with your authorship preserved via rebase-merge. Dropped the mistralai-extra / Node-engines / process_registry-comment hunks since those were unrelated to the MiniMax fix; please resubmit the mistralai PyPI-quarantine fix as its own PR if you want it in. Thanks for the thorough fix and tests! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Fixes several MiniMax OAuth regressions found during dashboard login and runtime testing:
expired_invalues when they arrive as either TTL seconds or unix-ms absolute timestamps, preventingyear 58391 is out of rangein CLI and dashboard OAuth flows.hermes auth status minimax-oauthreport the actual MiniMax OAuth auth store state.hermes auth add minimax-oauthstart the MiniMax OAuth login flow instead of requiring credentials to already exist.minimax-oauthruntime credentials throughanthropic_messagesso stalemodel.api_mode: chat_completionsconfig cannot send requests to the wrong/anthropic/chat/completionspath and trigger MiniMax nginx 404s.web/package.jsonNode engine requirement matching Vite 7 so old Node versions warn before dashboard builds fail atcrypto.hash.Related Issue
No single issue. Related open PRs found while checking for duplicates: #22020, #22240, #22830, #23639.
Type of Change
Changes Made
hermes_cli/auth.py: centralize MiniMax expiry parsing, apply it to login/refresh, and route generic auth status to MiniMax OAuth status.hermes_cli/web_server.py: use the same MiniMax expiry parser when the dashboard poller saves OAuth state.hermes_cli/auth_commands.py: makeauth add minimax-oauthinitiate login and persist a usable OAuth pool entry.hermes_cli/runtime_provider.py: force pooledminimax-oauthcredentials to use Anthropic Messages transport.tests/: add regression coverage for MiniMax expiry parsing, dashboard OAuth completion, auth command behavior, status dispatch, and stale API mode handling.web/package.json: declare the Node version required by Vite 7.How to Test
hermes dashboard, verifyhermes auth status minimax-oauth, then sendhiusingminimax-oauth/MiniMax-M2.7.Checklist
Code
fix(scope):,feat(scope):, etc.)pytest tests/ -qand all tests passDocumentation & Housekeeping
docs/, docstrings) — or N/Acli-config.yaml.exampleif I added/changed config keys — or N/ACONTRIBUTING.mdorAGENTS.mdif I changed architecture or workflows — or N/AFor New Skills
N/A
Screenshots / Logs
Focused tests passed locally:
Manual dashboard flow succeeded after the fixes: MiniMax OAuth connected,
hermes auth status minimax-oauthreported logged in, and a simplehiprompt completed againstMiniMax-M2.7.Made with Cursor