@nextclaw/server 0.6.5 → 0.6.7

package/dist/index.d.ts

@@ -57,6 +57,7 @@ type ProviderConnectionTestResult = {
 type ProviderAuthStartResult = {
     provider: string;
     kind: "device_code";
+    methodId?: string;
     sessionId: string;
     verificationUri: string;
     userCode: string;
@@ -64,6 +65,9 @@ type ProviderAuthStartResult = {
     intervalMs: number;
     note?: string;
 };
+type ProviderAuthStartRequest = {
+    methodId?: string;
+};
 type ProviderAuthPollRequest = {
     sessionId: string;
 };
@@ -417,6 +421,18 @@ type ProviderSpecView = {
             en?: string;
             zh?: string;
         };
+        methods?: Array<{
+            id: string;
+            label?: {
+                en?: string;
+                zh?: string;
+            };
+            hint?: {
+                en?: string;
+                zh?: string;
+            };
+        }>;
+        defaultMethodId?: string;
         supportsCliImport?: boolean;
     };
     defaultModels?: string[];
@@ -692,6 +708,11 @@ type UiServerEvent = {
     payload: {
         run: ChatRunView;
     };
+} | {
+    type: "session.updated";
+    payload: {
+        sessionKey: string;
+    };
 } | {
     type: "config.reload.started";
     payload?: Record<string, unknown>;
@@ -771,4 +792,4 @@ declare function deleteSession(configPath: string, key: string): boolean;
 declare function updateRuntime(configPath: string, patch: RuntimeConfigUpdate): Pick<ConfigView, "agents" | "bindings" | "session">;
 declare function updateSecrets(configPath: string, patch: SecretsConfigUpdate): SecretsView;
 
-export { type AgentBindingView, type AgentProfileView, type ApiError, type ApiResponse, type AppMetaView, type BindingPeerView, type ChannelSpecView, type ChatCapabilitiesView, type ChatCommandOptionView, type ChatCommandView, type ChatCommandsView, type ChatRunListView, type ChatRunState, type ChatRunView, type ChatTurnRequest, type ChatTurnResult, type ChatTurnStopRequest, type ChatTurnStopResult, type ChatTurnStreamEvent, type ChatTurnView, type ConfigActionExecuteRequest, type ConfigActionExecuteResult, type ConfigActionManifest, type ConfigActionType, type ConfigMetaView, type ConfigSchemaResponse, type ConfigUiHint, type ConfigUiHints, type ConfigView, type CronActionResult, type CronEnableRequest, type CronJobStateView, type CronJobView, type CronListView, type CronPayloadView, type CronRunRequest, type CronScheduleView, type MarketplaceApiConfig, type MarketplaceInstallKind, type MarketplaceInstallSkillParams, type MarketplaceInstallSpec, type MarketplaceInstalledRecord, type MarketplaceInstalledView, type MarketplaceInstaller, type MarketplaceItemSummary, type MarketplaceItemType, type MarketplaceItemView, type MarketplaceListView, type MarketplaceLocalizedTextMap, type MarketplacePluginContentView, type MarketplacePluginInstallKind, type MarketplacePluginInstallRequest, type MarketplacePluginInstallResult, type MarketplacePluginManageAction, type MarketplacePluginManageRequest, type MarketplacePluginManageResult, type MarketplaceRecommendationView, type MarketplaceSkillContentView, type MarketplaceSkillInstallKind, type MarketplaceSkillInstallRequest, type MarketplaceSkillInstallResult, type MarketplaceSkillManageAction, type MarketplaceSkillManageRequest, type MarketplaceSkillManageResult, type MarketplaceSort, type ProviderAuthImportResult, type ProviderAuthPollRequest, type ProviderAuthPollResult, type ProviderAuthStartResult, type ProviderConfigUpdate, type ProviderConfigView, type ProviderConnectionTestRequest, type ProviderConnectionTestResult, type ProviderCreateRequest, type ProviderCreateResult, type ProviderDeleteResult, type ProviderSpecView, type RuntimeConfigUpdate, type SecretProviderEnvView, type SecretProviderExecView, type SecretProviderFileView, type SecretProviderView, type SecretRefView, type SecretSourceView, type SecretsConfigUpdate, type SecretsView, type SessionConfigView, type SessionEntryView, type SessionEventView, type SessionHistoryView, type SessionMessageView, type SessionPatchUpdate, type SessionsListView, type UiChatRuntime, type UiServerEvent, type UiServerHandle, type UiServerOptions, buildConfigMeta, buildConfigSchemaView, buildConfigView, createCustomProvider, createUiRouter, deleteCustomProvider, deleteSession, executeConfigAction, getSessionHistory, listSessions, loadConfigOrDefault, patchSession, startUiServer, testProviderConnection, updateChannel, updateModel, updateProvider, updateRuntime, updateSecrets };
+export { type AgentBindingView, type AgentProfileView, type ApiError, type ApiResponse, type AppMetaView, type BindingPeerView, type ChannelSpecView, type ChatCapabilitiesView, type ChatCommandOptionView, type ChatCommandView, type ChatCommandsView, type ChatRunListView, type ChatRunState, type ChatRunView, type ChatTurnRequest, type ChatTurnResult, type ChatTurnStopRequest, type ChatTurnStopResult, type ChatTurnStreamEvent, type ChatTurnView, type ConfigActionExecuteRequest, type ConfigActionExecuteResult, type ConfigActionManifest, type ConfigActionType, type ConfigMetaView, type ConfigSchemaResponse, type ConfigUiHint, type ConfigUiHints, type ConfigView, type CronActionResult, type CronEnableRequest, type CronJobStateView, type CronJobView, type CronListView, type CronPayloadView, type CronRunRequest, type CronScheduleView, type MarketplaceApiConfig, type MarketplaceInstallKind, type MarketplaceInstallSkillParams, type MarketplaceInstallSpec, type MarketplaceInstalledRecord, type MarketplaceInstalledView, type MarketplaceInstaller, type MarketplaceItemSummary, type MarketplaceItemType, type MarketplaceItemView, type MarketplaceListView, type MarketplaceLocalizedTextMap, type MarketplacePluginContentView, type MarketplacePluginInstallKind, type MarketplacePluginInstallRequest, type MarketplacePluginInstallResult, type MarketplacePluginManageAction, type MarketplacePluginManageRequest, type MarketplacePluginManageResult, type MarketplaceRecommendationView, type MarketplaceSkillContentView, type MarketplaceSkillInstallKind, type MarketplaceSkillInstallRequest, type MarketplaceSkillInstallResult, type MarketplaceSkillManageAction, type MarketplaceSkillManageRequest, type MarketplaceSkillManageResult, type MarketplaceSort, type ProviderAuthImportResult, type ProviderAuthPollRequest, type ProviderAuthPollResult, type ProviderAuthStartRequest, type ProviderAuthStartResult, type ProviderConfigUpdate, type ProviderConfigView, type ProviderConnectionTestRequest, type ProviderConnectionTestResult, type ProviderCreateRequest, type ProviderCreateResult, type ProviderDeleteResult, type ProviderSpecView, type RuntimeConfigUpdate, type SecretProviderEnvView, type SecretProviderExecView, type SecretProviderFileView, type SecretProviderView, type SecretRefView, type SecretSourceView, type SecretsConfigUpdate, type SecretsView, type SessionConfigView, type SessionEntryView, type SessionEventView, type SessionHistoryView, type SessionMessageView, type SessionPatchUpdate, type SessionsListView, type UiChatRuntime, type UiServerEvent, type UiServerHandle, type UiServerOptions, buildConfigMeta, buildConfigSchemaView, buildConfigView, createCustomProvider, createUiRouter, deleteCustomProvider, deleteSession, executeConfigAction, getSessionHistory, listSessions, loadConfigOrDefault, patchSession, startUiServer, testProviderConnection, updateChannel, updateModel, updateProvider, updateRuntime, updateSecrets };

package/dist/index.js

@@ -28,7 +28,96 @@ import {
   SessionManager,
   getWorkspacePathFromConfig
 } from "@nextclaw/core";
+
+// src/ui/provider-overrides.ts
 import { findBuiltinProviderByName, listBuiltinProviders } from "@nextclaw/runtime";
+var MINIMAX_PORTAL_PROVIDER_SPEC = {
+  name: "minimax-portal",
+  keywords: ["minimax-portal", "minimax"],
+  envKey: "MINIMAX_PORTAL_TOKEN",
+  displayName: "MiniMax Portal",
+  modelPrefix: "minimax-portal",
+  litellmPrefix: "minimax-portal",
+  skipPrefixes: ["minimax-portal/"],
+  envExtras: [],
+  isGateway: false,
+  isLocal: false,
+  detectByKeyPrefix: "",
+  detectByBaseKeyword: "",
+  defaultApiBase: "https://api.minimax.io/v1",
+  defaultModels: ["minimax-portal/MiniMax-M2.5", "minimax-portal/MiniMax-M2.5-highspeed"],
+  stripModelPrefix: false,
+  modelOverrides: [],
+  logo: "minimax.svg",
+  apiBaseHelp: {
+    zh: "OAuth Global \u9ED8\u8BA4\u4F7F\u7528 https://api.minimax.io/v1\uFF1BOAuth \u4E2D\u56FD\u533A\u9ED8\u8BA4\u4F7F\u7528 https://api.minimaxi.com/v1\u3002",
+    en: "OAuth Global uses https://api.minimax.io/v1 by default; OAuth CN uses https://api.minimaxi.com/v1."
+  },
+  auth: {
+    kind: "device_code",
+    protocol: "minimax_user_code",
+    displayName: "MiniMax OAuth",
+    baseUrl: "https://api.minimax.io",
+    deviceCodePath: "/oauth/code",
+    tokenPath: "/oauth/token",
+    clientId: "78257093-7e40-4613-99e0-527b14b39113",
+    scope: "group_id profile model.completion",
+    grantType: "urn:ietf:params:oauth:grant-type:user_code",
+    usePkce: true,
+    defaultMethodId: "cn",
+    methods: [
+      {
+        id: "global",
+        label: {
+          zh: "Global\uFF08\u6D77\u5916\uFF09",
+          en: "Global"
+        },
+        hint: {
+          zh: "\u9002\u7528\u4E8E\u6D77\u5916\u7528\u6237\uFF0C\u9ED8\u8BA4 API Base \u4E3A https://api.minimax.io/v1\u3002",
+          en: "For international users. Default API base: https://api.minimax.io/v1."
+        },
+        baseUrl: "https://api.minimax.io",
+        defaultApiBase: "https://api.minimax.io/v1"
+      },
+      {
+        id: "cn",
+        label: {
+          zh: "\u4E2D\u56FD\u533A\uFF08CN\uFF09",
+          en: "China Mainland (CN)"
+        },
+        hint: {
+          zh: "\u9002\u7528\u4E8E\u4E2D\u56FD\u533A\u7528\u6237\uFF0C\u9ED8\u8BA4 API Base \u4E3A https://api.minimaxi.com/v1\u3002",
+          en: "For Mainland China users. Default API base: https://api.minimaxi.com/v1."
+        },
+        baseUrl: "https://api.minimaxi.com",
+        defaultApiBase: "https://api.minimaxi.com/v1"
+      }
+    ],
+    note: {
+      zh: "\u901A\u8FC7\u6D4F\u89C8\u5668\u5B8C\u6210 MiniMax OAuth \u6388\u6743\u540E\u5373\u53EF\u4F7F\u7528\uFF0C\u65E0\u9700\u624B\u52A8\u586B\u5199 API Key\u3002",
+      en: "Complete MiniMax OAuth in browser to use this provider without manually entering an API key."
+    }
+  }
+};
+var SERVER_BUILTIN_PROVIDER_OVERRIDES = [MINIMAX_PORTAL_PROVIDER_SPEC];
+var SERVER_BUILTIN_PROVIDER_OVERRIDE_MAP = new Map(
+  SERVER_BUILTIN_PROVIDER_OVERRIDES.map((provider) => [provider.name, provider])
+);
+function listServerBuiltinProviders() {
+  const merged = /* @__PURE__ */ new Map();
+  for (const provider of listBuiltinProviders()) {
+    merged.set(provider.name, provider);
+  }
+  for (const provider of SERVER_BUILTIN_PROVIDER_OVERRIDES) {
+    merged.set(provider.name, provider);
+  }
+  return Array.from(merged.values());
+}
+function findServerBuiltinProviderByName(name) {
+  return SERVER_BUILTIN_PROVIDER_OVERRIDE_MAP.get(name) ?? findBuiltinProviderByName(name);
+}
+
+// src/ui/config.ts
 var MASK_MIN_LENGTH = 8;
 var EXTRA_SENSITIVE_PATH_PATTERNS = [/authorization/i, /cookie/i, /session/i, /bearer/i];
 var PREFERRED_PROVIDER_ORDER = [
@@ -46,7 +135,7 @@ var PREFERRED_PROVIDER_ORDER = [
 var PREFERRED_PROVIDER_ORDER_INDEX = new Map(
   PREFERRED_PROVIDER_ORDER.map((name, index) => [name, index])
 );
-var BUILTIN_PROVIDERS = listBuiltinProviders();
+var BUILTIN_PROVIDERS = listServerBuiltinProviders();
 var BUILTIN_PROVIDER_NAMES = new Set(BUILTIN_PROVIDERS.map((spec) => spec.name));
 var CUSTOM_PROVIDER_WIRE_API_OPTIONS = ["auto", "chat", "responses"];
 var CUSTOM_PROVIDER_PREFIX = "custom-";
@@ -107,7 +196,7 @@ function ensureProviderConfig(config, providerName) {
   if (isCustomProviderName(providerName)) {
     return null;
   }
-  const spec = findBuiltinProviderByName(providerName);
+  const spec = findServerBuiltinProviderByName(providerName);
   if (!spec) {
     return null;
   }
@@ -375,7 +464,7 @@ function buildConfigView(config) {
   const uiHints = buildUiHints(config);
   const providers = {};
   for (const [name, provider] of Object.entries(config.providers)) {
-    const spec = findBuiltinProviderByName(name);
+    const spec = findServerBuiltinProviderByName(name);
     providers[name] = toProviderView(config, provider, name, uiHints, spec);
   }
   return {
@@ -424,6 +513,12 @@ function buildConfigMeta(config) {
         kind: spec.auth.kind,
         displayName: spec.auth.displayName,
         note: spec.auth.note,
+        methods: spec.auth.methods?.map((method) => ({
+          id: method.id,
+          label: method.label,
+          hint: method.hint
+        })),
+        defaultMethodId: spec.auth.defaultMethodId,
         supportsCliImport: Boolean(spec.auth.cliCredential)
       } : void 0,
       defaultModels: normalizeModelList(spec.defaultModels ?? []),
@@ -554,7 +649,7 @@ function updateProvider(configPath, providerName, patch) {
   if (!provider) {
     return null;
   }
-  const spec = findBuiltinProviderByName(providerName);
+  const spec = findServerBuiltinProviderByName(providerName);
   const isCustom = isCustomProviderName(providerName);
   if (Object.prototype.hasOwnProperty.call(patch, "displayName") && isCustom) {
     provider.displayName = normalizeOptionalDisplayName(patch.displayName) ?? "";
@@ -689,7 +784,7 @@ async function testProviderConnection(configPath, providerName, patch) {
   if (!provider) {
     return null;
   }
-  const spec = findBuiltinProviderByName(providerName);
+  const spec = findServerBuiltinProviderByName(providerName);
   const hasApiKeyPatch = Object.prototype.hasOwnProperty.call(patch, "apiKey");
   const providedApiKey = normalizeOptionalString(patch.apiKey);
   const currentApiKey = normalizeOptionalString(provider.apiKey);
@@ -1037,7 +1132,6 @@ import {
   loadConfig as loadConfig2,
   saveConfig as saveConfig2
 } from "@nextclaw/core";
-import { findBuiltinProviderByName as findBuiltinProviderByName2 } from "@nextclaw/runtime";
 var authSessions = /* @__PURE__ */ new Map();
 var DEFAULT_AUTH_INTERVAL_MS = 2e3;
 var MAX_AUTH_INTERVAL_MS = 1e4;
@@ -1047,6 +1141,12 @@ function normalizePositiveInt(value, fallback) {
   }
   return Math.floor(value);
 }
+function normalizePositiveFloat(value) {
+  if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) {
+    return null;
+  }
+  return value;
+}
 function toBase64Url(buffer) {
   return buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
 }
@@ -1073,6 +1173,113 @@ function resolveDeviceCodeEndpoints(baseUrl, deviceCodePath, tokenPath) {
 function resolveAuthNote(params) {
   return params.zh ?? params.en;
 }
+function resolveLocalizedMethodLabel(method, fallbackId) {
+  return method.label?.zh ?? method.label?.en ?? fallbackId;
+}
+function resolveLocalizedMethodHint(method) {
+  return method.hint?.zh ?? method.hint?.en;
+}
+function normalizeMethodId(value) {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function resolveAuthMethod(auth, requestedMethodId) {
+  const protocol = auth.protocol ?? "rfc8628";
+  const methods = (auth.methods ?? []).filter((entry) => normalizeMethodId(entry.id));
+  const cleanRequestedMethodId = normalizeMethodId(requestedMethodId);
+  if (methods.length === 0) {
+    if (cleanRequestedMethodId) {
+      throw new Error(`provider auth method is not supported: ${cleanRequestedMethodId}`);
+    }
+    return {
+      protocol,
+      baseUrl: auth.baseUrl,
+      deviceCodePath: auth.deviceCodePath,
+      tokenPath: auth.tokenPath,
+      clientId: auth.clientId,
+      scope: auth.scope,
+      grantType: auth.grantType,
+      usePkce: Boolean(auth.usePkce)
+    };
+  }
+  let selectedMethod = methods.find((entry) => normalizeMethodId(entry.id) === cleanRequestedMethodId);
+  if (!selectedMethod) {
+    const fallbackMethodId = normalizeMethodId(auth.defaultMethodId) ?? normalizeMethodId(methods[0]?.id);
+    selectedMethod = methods.find((entry) => normalizeMethodId(entry.id) === fallbackMethodId) ?? methods[0];
+  }
+  const methodId = normalizeMethodId(selectedMethod?.id);
+  if (!selectedMethod || !methodId) {
+    throw new Error("provider auth method is not configured");
+  }
+  if (cleanRequestedMethodId && methodId !== cleanRequestedMethodId) {
+    throw new Error(`provider auth method is not supported: ${cleanRequestedMethodId}`);
+  }
+  return {
+    id: methodId,
+    protocol,
+    baseUrl: selectedMethod.baseUrl ?? auth.baseUrl,
+    deviceCodePath: selectedMethod.deviceCodePath ?? auth.deviceCodePath,
+    tokenPath: selectedMethod.tokenPath ?? auth.tokenPath,
+    clientId: selectedMethod.clientId ?? auth.clientId,
+    scope: selectedMethod.scope ?? auth.scope,
+    grantType: selectedMethod.grantType ?? auth.grantType,
+    usePkce: selectedMethod.usePkce ?? Boolean(auth.usePkce),
+    defaultApiBase: selectedMethod.defaultApiBase
+  };
+}
+function parseExpiresAtMs(value, fallbackFromNowMs) {
+  const normalized = normalizePositiveFloat(value);
+  if (normalized === null) {
+    return Date.now() + fallbackFromNowMs;
+  }
+  if (normalized >= 1e12) {
+    return Math.floor(normalized);
+  }
+  if (normalized >= 1e9) {
+    return Math.floor(normalized * 1e3);
+  }
+  return Date.now() + Math.floor(normalized * 1e3);
+}
+function parsePollIntervalMs(value, fallbackMs) {
+  const normalized = normalizePositiveFloat(value);
+  if (normalized === null) {
+    return fallbackMs;
+  }
+  if (normalized <= 30) {
+    return Math.floor(normalized * 1e3);
+  }
+  return Math.floor(normalized);
+}
+function buildMinimaxErrorMessage(payload, fallback) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload)) {
+    return fallback;
+  }
+  const record = payload;
+  if (typeof record.error_description === "string" && record.error_description.trim()) {
+    return record.error_description.trim();
+  }
+  if (typeof record.error === "string" && record.error.trim()) {
+    return record.error.trim();
+  }
+  const baseMessage = record.base_resp?.status_msg;
+  if (typeof baseMessage === "string" && baseMessage.trim()) {
+    return baseMessage.trim();
+  }
+  return fallback;
+}
+function classifyMiniMaxErrorStatus(message) {
+  const normalized = message.toLowerCase();
+  if (normalized.includes("deny") || normalized.includes("rejected")) {
+    return "denied";
+  }
+  if (normalized.includes("expired") || normalized.includes("timeout") || normalized.includes("timed out")) {
+    return "expired";
+  }
+  return "error";
+}
 function resolveHomePath(inputPath) {
   const trimmed = inputPath.trim();
   if (!trimmed) {
@@ -1137,70 +1344,125 @@ function setProviderApiKey(params) {
   const next = ConfigSchema2.parse(config);
   saveConfig2(next, params.configPath);
 }
-async function startProviderAuth(configPath, providerName) {
+async function startProviderAuth(configPath, providerName, options) {
   cleanupExpiredAuthSessions();
-  const spec = findBuiltinProviderByName2(providerName);
+  const spec = findServerBuiltinProviderByName(providerName);
   if (!spec?.auth || spec.auth.kind !== "device_code") {
     return null;
   }
+  const resolvedMethod = resolveAuthMethod(spec.auth, options?.methodId);
   const { deviceCodeEndpoint, tokenEndpoint } = resolveDeviceCodeEndpoints(
-    spec.auth.baseUrl,
-    spec.auth.deviceCodePath,
-    spec.auth.tokenPath
+    resolvedMethod.baseUrl,
+    resolvedMethod.deviceCodePath,
+    resolvedMethod.tokenPath
   );
-  const pkce = spec.auth.usePkce ? buildPkce() : null;
-  const body = new URLSearchParams({
-    client_id: spec.auth.clientId,
-    scope: spec.auth.scope
-  });
-  if (pkce) {
-    body.set("code_challenge", pkce.challenge);
-    body.set("code_challenge_method", "S256");
+  const pkce = resolvedMethod.usePkce ? buildPkce() : null;
+  let authorizationCode = "";
+  let tokenCodeField = "device_code";
+  let userCode = "";
+  let verificationUri = "";
+  let intervalMs = DEFAULT_AUTH_INTERVAL_MS;
+  let expiresAtMs = Date.now() + 6e5;
+  if (resolvedMethod.protocol === "minimax_user_code") {
+    if (!pkce) {
+      throw new Error("MiniMax OAuth requires PKCE");
+    }
+    const state = toBase64Url(randomBytes(16));
+    const body = new URLSearchParams({
+      response_type: "code",
+      client_id: resolvedMethod.clientId,
+      scope: resolvedMethod.scope,
+      code_challenge: pkce.challenge,
+      code_challenge_method: "S256",
+      state
+    });
+    const response = await fetch(deviceCodeEndpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json",
+        "x-request-id": randomUUID()
+      },
+      body
+    });
+    const payload = await response.json().catch(() => ({}));
+    if (!response.ok) {
+      throw new Error(buildMinimaxErrorMessage(payload, response.statusText || "MiniMax OAuth start failed"));
+    }
+    if (payload.state && payload.state !== state) {
+      throw new Error("MiniMax OAuth state mismatch");
+    }
+    authorizationCode = payload.user_code?.trim() ?? "";
+    userCode = authorizationCode;
+    verificationUri = payload.verification_uri?.trim() ?? "";
+    if (!authorizationCode || !verificationUri) {
+      throw new Error("provider auth payload is incomplete");
+    }
+    tokenCodeField = "user_code";
+    intervalMs = Math.min(parsePollIntervalMs(payload.interval, DEFAULT_AUTH_INTERVAL_MS), MAX_AUTH_INTERVAL_MS);
+    expiresAtMs = parseExpiresAtMs(payload.expired_in, 6e5);
+  } else {
+    const body = new URLSearchParams({
+      client_id: resolvedMethod.clientId,
+      scope: resolvedMethod.scope
+    });
+    if (pkce) {
+      body.set("code_challenge", pkce.challenge);
+      body.set("code_challenge_method", "S256");
+    }
+    const response = await fetch(deviceCodeEndpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json"
+      },
+      body
+    });
+    const payload = await response.json().catch(() => ({}));
+    if (!response.ok) {
+      const message = payload.error_description || payload.error || response.statusText || "device code auth failed";
+      throw new Error(message);
+    }
+    authorizationCode = payload.device_code?.trim() ?? "";
+    userCode = payload.user_code?.trim() ?? "";
+    verificationUri = payload.verification_uri_complete?.trim() || payload.verification_uri?.trim() || "";
+    if (!authorizationCode || !userCode || !verificationUri) {
+      throw new Error("provider auth payload is incomplete");
+    }
+    intervalMs = normalizePositiveInt(payload.interval, DEFAULT_AUTH_INTERVAL_MS / 1e3) * 1e3;
+    const expiresInSec = normalizePositiveInt(payload.expires_in, 600);
+    expiresAtMs = Date.now() + expiresInSec * 1e3;
   }
-  const response = await fetch(deviceCodeEndpoint, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-      Accept: "application/json"
-    },
-    body
-  });
-  const payload = await response.json().catch(() => ({}));
-  if (!response.ok) {
-    const message = payload.error_description || payload.error || response.statusText || "device code auth failed";
-    throw new Error(message);
-  }
-  const deviceCode = payload.device_code?.trim() ?? "";
-  const userCode = payload.user_code?.trim() ?? "";
-  const verificationUri = payload.verification_uri_complete?.trim() || payload.verification_uri?.trim() || "";
-  if (!deviceCode || !userCode || !verificationUri) {
-    throw new Error("provider auth payload is incomplete");
-  }
-  const intervalMs = normalizePositiveInt(payload.interval, DEFAULT_AUTH_INTERVAL_MS / 1e3) * 1e3;
-  const expiresInSec = normalizePositiveInt(payload.expires_in, 600);
-  const expiresAtMs = Date.now() + expiresInSec * 1e3;
   const sessionId = randomUUID();
   authSessions.set(sessionId, {
     sessionId,
     provider: providerName,
     configPath,
-    deviceCode,
+    authorizationCode,
+    tokenCodeField,
+    protocol: resolvedMethod.protocol,
+    methodId: resolvedMethod.id,
     codeVerifier: pkce?.verifier,
     tokenEndpoint,
-    clientId: spec.auth.clientId,
-    grantType: spec.auth.grantType,
+    clientId: resolvedMethod.clientId,
+    grantType: resolvedMethod.grantType,
+    defaultApiBase: resolvedMethod.defaultApiBase ?? spec.defaultApiBase,
     expiresAtMs,
     intervalMs
   });
+  const methodConfig = (spec.auth.methods ?? []).find((entry) => normalizeMethodId(entry.id) === resolvedMethod.id);
+  const methodLabel = methodConfig ? resolveLocalizedMethodLabel(methodConfig, resolvedMethod.id ?? "") : void 0;
+  const methodHint = methodConfig ? resolveLocalizedMethodHint(methodConfig) : void 0;
   return {
     provider: providerName,
     kind: "device_code",
+    methodId: resolvedMethod.id,
     sessionId,
     verificationUri,
     userCode,
     expiresAt: new Date(expiresAtMs).toISOString(),
     intervalMs,
-    note: resolveAuthNote(spec.auth.note ?? {})
+    note: methodHint ?? methodLabel ?? resolveAuthNote(spec.auth.note ?? {})
   };
 }
 async function pollProviderAuth(params) {
@@ -1219,9 +1481,9 @@ async function pollProviderAuth(params) {
   }
   const body = new URLSearchParams({
     grant_type: session.grantType,
-    client_id: session.clientId,
-    device_code: session.deviceCode
+    client_id: session.clientId
   });
+  body.set(session.tokenCodeField, session.authorizationCode);
   if (session.codeVerifier) {
     body.set("code_verifier", session.codeVerifier);
   }
@@ -1233,17 +1495,47 @@ async function pollProviderAuth(params) {
     },
     body
   });
-  const payload = await response.json().catch(() => ({}));
-  if (!response.ok) {
-    const errorCode = payload.error?.trim().toLowerCase();
-    if (errorCode === "authorization_pending") {
+  let accessToken = "";
+  if (session.protocol === "minimax_user_code") {
+    const raw = await response.text();
+    let payload = {};
+    if (raw) {
+      try {
+        payload = JSON.parse(raw);
+      } catch {
+        payload = {};
+      }
+    }
+    if (!response.ok) {
+      const message = buildMinimaxErrorMessage(payload, raw || response.statusText || "authorization failed");
       return {
         provider: params.providerName,
-        status: "pending",
-        nextPollMs: session.intervalMs
+        status: "error",
+        message
       };
     }
-    if (errorCode === "slow_down") {
+    const status = payload.status?.trim().toLowerCase();
+    if (status === "success") {
+      accessToken = payload.access_token?.trim() ?? "";
+      if (!accessToken) {
+        return {
+          provider: params.providerName,
+          status: "error",
+          message: "provider token response missing access token"
+        };
+      }
+    } else if (status === "error") {
+      const message = buildMinimaxErrorMessage(payload, "authorization failed");
+      const classified = classifyMiniMaxErrorStatus(message);
+      if (classified === "denied" || classified === "expired") {
+        authSessions.delete(params.sessionId);
+      }
+      return {
+        provider: params.providerName,
+        status: classified,
+        message
+      };
+    } else {
       const nextPollMs = Math.min(Math.floor(session.intervalMs * 1.5), MAX_AUTH_INTERVAL_MS);
       session.intervalMs = nextPollMs;
       authSessions.set(params.sessionId, session);
@@ -1253,42 +1545,63 @@ async function pollProviderAuth(params) {
         nextPollMs
       };
     }
-    if (errorCode === "access_denied") {
-      authSessions.delete(params.sessionId);
+  } else {
+    const payload = await response.json().catch(() => ({}));
+    if (!response.ok) {
+      const errorCode = payload.error?.trim().toLowerCase();
+      if (errorCode === "authorization_pending") {
+        return {
+          provider: params.providerName,
+          status: "pending",
+          nextPollMs: session.intervalMs
+        };
+      }
+      if (errorCode === "slow_down") {
+        const nextPollMs = Math.min(Math.floor(session.intervalMs * 1.5), MAX_AUTH_INTERVAL_MS);
+        session.intervalMs = nextPollMs;
+        authSessions.set(params.sessionId, session);
+        return {
+          provider: params.providerName,
+          status: "pending",
+          nextPollMs
+        };
+      }
+      if (errorCode === "access_denied") {
+        authSessions.delete(params.sessionId);
+        return {
+          provider: params.providerName,
+          status: "denied",
+          message: payload.error_description || "authorization denied"
+        };
+      }
+      if (errorCode === "expired_token") {
+        authSessions.delete(params.sessionId);
+        return {
+          provider: params.providerName,
+          status: "expired",
+          message: payload.error_description || "authorization session expired"
+        };
+      }
       return {
         provider: params.providerName,
-        status: "denied",
-        message: payload.error_description || "authorization denied"
+        status: "error",
+        message: payload.error_description || payload.error || response.statusText || "authorization failed"
       };
     }
-    if (errorCode === "expired_token") {
-      authSessions.delete(params.sessionId);
+    accessToken = payload.access_token?.trim() ?? "";
+    if (!accessToken) {
       return {
         provider: params.providerName,
-        status: "expired",
-        message: payload.error_description || "authorization session expired"
+        status: "error",
+        message: "provider token response missing access token"
       };
     }
-    return {
-      provider: params.providerName,
-      status: "error",
-      message: payload.error_description || payload.error || response.statusText || "authorization failed"
-    };
-  }
-  const accessToken = payload.access_token?.trim();
-  if (!accessToken) {
-    return {
-      provider: params.providerName,
-      status: "error",
-      message: "provider token response missing access token"
-    };
   }
-  const spec = findBuiltinProviderByName2(params.providerName);
   setProviderApiKey({
     configPath: params.configPath,
     provider: params.providerName,
     accessToken,
-    defaultApiBase: spec?.defaultApiBase
+    defaultApiBase: session.defaultApiBase
   });
   authSessions.delete(params.sessionId);
   return {
@@ -1297,7 +1610,7 @@ async function pollProviderAuth(params) {
   };
 }
 async function importProviderAuthFromCli(configPath, providerName) {
-  const spec = findBuiltinProviderByName2(providerName);
+  const spec = findServerBuiltinProviderByName(providerName);
   if (!spec?.auth || spec.auth.kind !== "device_code" || !spec.auth.cliCredential) {
     return null;
   }
@@ -2640,8 +2953,20 @@ function createUiRouter(options) {
   });
   app.post("/api/config/providers/:provider/auth/start", async (c) => {
     const provider = c.req.param("provider");
+    let payload = {};
+    const rawBody = await c.req.raw.text();
+    if (rawBody.trim().length > 0) {
+      try {
+        payload = JSON.parse(rawBody);
+      } catch {
+        return c.json(err("INVALID_BODY", "invalid json body"), 400);
+      }
+    }
+    const methodId = typeof payload.methodId === "string" ? payload.methodId.trim() : void 0;
     try {
-      const result = await startProviderAuth(options.configPath, provider);
+      const result = await startProviderAuth(options.configPath, provider, {
+        methodId
+      });
       if (!result) {
         return c.json(err("NOT_SUPPORTED", `provider auth is not supported: ${provider}`), 404);
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nextclaw/server",
-  "version": "0.6.5",
+  "version": "0.6.7",
   "private": false,
   "description": "Nextclaw UI/API server.",
   "type": "module",
@@ -15,11 +15,11 @@
   ],
   "dependencies": {
     "@hono/node-server": "^1.13.3",
-    "@nextclaw/openclaw-compat": "^0.2.0",
-    "@nextclaw/runtime": "^0.1.1",
     "hono": "^4.6.2",
     "ws": "^8.18.0",
-    "@nextclaw/core": "^0.7.2"
+    "@nextclaw/openclaw-compat": "0.2.2",
+    "@nextclaw/runtime": "0.1.2",
+    "@nextclaw/core": "0.7.3"
   },
   "devDependencies": {
     "@types/node": "^20.17.6",