Commit Graph

21 Commits

Author SHA1 Message Date
Peter Steinberger
8310c565e0 feat(onboarding): add provider sign-in (#104502)
* feat(onboarding): add provider sign-in flows

* fix(oauth): keep callback compatibility

* fix(onboarding): reconcile lost auth outcomes

* fix(onboarding): lock auth cancellation at commit

* fix(onboarding): close provider auth lifecycle gaps

* fix(onboarding): make terminal auth failures dismissable

* fix(onboarding): satisfy native app checks

* fix(onboarding): reconcile absent auth sessions

* fix(onboarding): bound provider auth sessions

* fix(onboarding): open provider auth links safely

* test(onboarding): use scanner-safe auth fixtures

* revert: keep established onboarding auth fixtures

* fix(onboarding): close provider auth cancellation gaps

* fix(gateway): retain uncollected wizard results

* fix(onboarding): bind provider reconciliation attempt

* fix(i18n): avoid guessing moved string identities

* style(onboarding): normalize remote auth choices efficiently

* fix(protocol): refresh optional provider auth choices

* test(gateway): cover provider auth dispatch order

* refactor(macos): split onboarding setup support

* fix(macos): refresh merged native checks
2026-07-11 13:00:17 -07:00
Alix-007
8f8aad9ae6 fix(minimax): add timeouts to OAuth HTTP requests (#102862)
* fix(minimax): add timeouts to OAuth HTTP requests

* fix(minimax): remove duplicate OAuth abort signals

* refactor(minimax): keep OAuth timeout internal

* test(minimax): make OAuth timeout proof deterministic

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:02:34 -07:00
lsr911
4a96c06615 fix(minimax): bound OAuth JSON response via shared provider reader (#96322)
Use readProviderJsonResponse (shared 16 MiB default cap) instead of
unbounded response.json() for MiniMax OAuth authorization code endpoint.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
2026-07-01 01:54:42 -07:00
Vincent Koc
8aa58c5fb0 fix(minimax): bound oauth token bodies 2026-06-19 19:18:38 +02:00
Vincent Koc
e7e85f5436 fix(minimax): bound oauth error bodies 2026-06-19 19:18:38 +02:00
Peter Steinberger
96e5812426 docs: document medium extension sources 2026-06-04 21:33:54 -04:00
Matthew Schleder
6a96058f50 fix(minimax): use account oauth endpoints
Routes MiniMax OAuth device-code and token polling directly to account-hosted OAuth2 endpoints for global and CN regions, avoiding guarded-fetch cross-origin redirect body stripping. Keeps provider API base URLs unchanged and adds regression coverage for both endpoint pairs.

Proof: local minimax OAuth tests, oxfmt check, lint, autoreview clean, official MiniMax CLI/source check, live MiniMax endpoint probes, and CI run 26729242892 on 6bfe20eb06.

Co-authored-by: Matt Schleder <schledermatthew@gmail.com>
2026-05-31 20:44:41 -04:00
Peter Steinberger
22cb7fb6b7 chore(lint): enable no-promise-executor-return 2026-05-31 23:06:13 +01:00
Peter Steinberger
7eeea30d8c fix(minimax): clamp oauth poll interval 2026-05-31 01:37:45 -04:00
Peter Steinberger
a9cbec912e fix(minimax): validate oauth authorization expiry 2026-05-30 05:23:53 -04:00
Vincent Koc
6d362dbe9a fix(minimax): guard oauth token fetches (#88088) 2026-05-29 18:50:20 +01:00
Peter Steinberger
604a6b5452 fix(minimax): reject unsafe oauth expiry 2026-05-29 13:15:00 -04:00
NianJiu
d4e42d61c9 fix(minimax): normalize OAuth token expiry to absolute millisecond timestamp (#83480)
* fix(minimax): normalize OAuth token expiry to absolute millisecond timestamp

MiniMax returns expired_in from the token endpoint as a relative duration
in seconds (standard OAuth expires_in semantics), but the auth profile
store's hasUsableOAuthCredential() expects an absolute millisecond
timestamp.  Without conversion the token appears perpetually expired,
triggering a slow OAuth refresh network call to api.minimaxi.com on
every request — the root cause of the 30-50s auth-stage delay.

Fixes #83449.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(minimax): cover oauth expiry normalization

* fix: polish minimax oauth expiry normalization (#83480) (thanks @NianJiuZst)

* fix: update minimax raw fetch allowlist (#83480)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-05-24 05:21:22 +01:00
Peter Steinberger
c1f31f3870 refactor: trim provider helper exports 2026-05-01 16:25:10 +01:00
Peter Steinberger
ce2444403e refactor: trim provider oauth runtime seams 2026-03-28 02:08:29 +00:00
wangchunyue
4e849ac127 fix: ensure env proxy dispatcher before MiniMax and OpenAI Codex OAuth flows (openclaw#52228)
Verified:
- pnpm install --frozen-lockfile
- NPM_CONFIG_CACHE=/tmp/openclaw-npm-cache-52228 pnpm build
- pnpm check
- pnpm test:macmini (failed on inherited pre-existing plugin contract test: src/plugins/contracts/registry.contract.test.ts missing deepseek in bundled provider contract registry outside this PR surface)

Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-23 09:26:34 -05:00
Peter Steinberger
62ddc9d9e0 refactor: consolidate plugin sdk surface 2026-03-20 19:24:10 +00:00
Peter Steinberger
f6948ce405 refactor: shrink sdk helper surfaces 2026-03-20 15:43:14 +00:00
Vincent Koc
9a9db87952 fix(release): isolate config doc surfaces and sdk exports 2026-03-18 17:14:15 -07:00
Peter Steinberger
46f49eb6eb refactor: shrink plugin sdk public surface 2026-03-18 23:31:08 +00:00
Peter Steinberger
47a9c1a893 refactor: merge minimax bundled plugins 2026-03-16 02:26:45 +00:00