@ottocode/sdk 0.1.201 → 0.1.203

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/sdk",
-	"version": "0.1.201",
+	"version": "0.1.203",
 	"description": "AI agent SDK for building intelligent assistants - tree-shakable and comprehensive",
 	"author": "nitishxyz",
 	"license": "MIT",

package/src/config/src/paths.ts

@@ -35,29 +35,31 @@ export function getGlobalAuthPath(): string {
 	return joinPath(getGlobalConfigDir(), 'auth.json');
 }
 
-// Secure location for auth secrets (not in config dir or project)
-// - Linux: $XDG_STATE_HOME/otto/auth.json or ~/.local/state/otto/auth.json
-// - macOS: ~/Library/Application Support/otto/auth.json
-// - Windows: %APPDATA%\otto\auth.json
-export function getSecureAuthPath(): string {
+export function getSecureBaseDir(): string {
 	const platform = process.platform;
 	if (platform === 'darwin') {
-		return joinPath(
-			getHomeDir(),
-			'Library',
-			'Application Support',
-			'otto',
-			'auth.json',
-		);
+		return joinPath(getHomeDir(), 'Library', 'Application Support', 'otto');
 	}
 	if (platform === 'win32') {
 		const appData = (process.env.APPDATA || '').replace(/\\/g, '/');
 		const base = appData || joinPath(getHomeDir(), 'AppData', 'Roaming');
-		return joinPath(base, 'otto', 'auth.json');
+		return joinPath(base, 'otto');
 	}
 	const stateHome = (process.env.XDG_STATE_HOME || '').replace(/\\/g, '/');
 	const base = stateHome || joinPath(getHomeDir(), '.local', 'state');
-	return joinPath(base, 'otto', 'auth.json');
+	return joinPath(base, 'otto');
+}
+
+export function getSecureOAuthDir(): string {
+	return joinPath(getSecureBaseDir(), 'oauth');
+}
+
+// Secure location for auth secrets (not in config dir or project)
+// - Linux: $XDG_STATE_HOME/otto/auth.json or ~/.local/state/otto/auth.json
+// - macOS: ~/Library/Application Support/otto/auth.json
+// - Windows: %APPDATA%\otto\auth.json
+export function getSecureAuthPath(): string {
+	return joinPath(getSecureBaseDir(), 'auth.json');
 }
 
 // Global content under config dir

package/src/core/src/index.ts

@@ -133,6 +133,7 @@ export type {
 	MCPToolInfo,
 	MCPTransport,
 	MCPOAuthConfig,
+	MCPScope,
 	StoredOAuthData,
 	OttoOAuthProviderOptions,
 	CallbackResult,

package/src/core/src/mcp/index.ts

@@ -4,6 +4,7 @@ export type {
 	MCPServerStatus,
 	MCPTransport,
 	MCPOAuthConfig,
+	MCPScope,
 } from './types.ts';
 
 export { MCPClientWrapper, type MCPToolInfo } from './client.ts';

package/src/core/src/mcp/lifecycle.ts

@@ -1,5 +1,5 @@
 import { MCPServerManager } from './server-manager.ts';
-import type { MCPConfig, MCPServerConfig } from './types.ts';
+import type { MCPConfig, MCPServerConfig, MCPScope } from './types.ts';
 import { promises as fs } from 'node:fs';
 import { join } from 'node:path';
 
@@ -11,11 +11,15 @@ export function getMCPManager(): MCPServerManager | null {
 
 export async function initializeMCP(
 	config: MCPConfig,
+	projectRoot?: string,
 ): Promise<MCPServerManager> {
 	if (globalMCPManager) {
 		await globalMCPManager.stopAll();
 	}
 	globalMCPManager = new MCPServerManager();
+	if (projectRoot) {
+		globalMCPManager.setProjectRoot(projectRoot);
+	}
 	await globalMCPManager.startServers(config.servers);
 	return globalMCPManager;
 }
@@ -41,7 +45,7 @@ export async function loadMCPConfig(
 		const globalServers = await readMCPServersFromFile(globalPath);
 		for (const s of globalServers) {
 			seen.add(s.name);
-			servers.push(s);
+			servers.push({ ...s, scope: 'global' });
 		}
 	}
 
@@ -50,9 +54,9 @@ export async function loadMCPConfig(
 	for (const s of projectServers) {
 		if (seen.has(s.name)) {
 			const idx = servers.findIndex((existing) => existing.name === s.name);
-			if (idx >= 0) servers[idx] = s;
+			if (idx >= 0) servers[idx] = { ...s, scope: 'project' };
 		} else {
-			servers.push(s);
+			servers.push({ ...s, scope: 'project' });
 		}
 	}
 
@@ -81,11 +85,30 @@ async function readMCPServersFromFile(
 	}
 }
 
+function resolveConfigPath(
+	projectRoot: string,
+	globalConfigDir: string | undefined,
+	scope: MCPScope,
+): string {
+	if (scope === 'global' && globalConfigDir) {
+		return join(globalConfigDir, 'config.json');
+	}
+	return join(projectRoot, '.otto', 'config.json');
+}
+
+async function ensureConfigDir(configPath: string): Promise<void> {
+	const dir = configPath.replace(/[/\\][^/\\]+$/, '');
+	await fs.mkdir(dir, { recursive: true });
+}
+
 export async function addMCPServerToConfig(
 	projectRoot: string,
 	server: MCPServerConfig,
+	globalConfigDir?: string,
 ): Promise<void> {
-	const configPath = join(projectRoot, '.otto', 'config.json');
+	const scope: MCPScope = server.scope ?? 'global';
+	const configPath = resolveConfigPath(projectRoot, globalConfigDir, scope);
+
 	let json: Record<string, unknown> = {};
 	try {
 		const text = await fs.readFile(configPath, 'utf-8');
@@ -98,37 +121,48 @@ export async function addMCPServerToConfig(
 
 	const servers = mcp.servers as MCPServerConfig[];
 	const idx = servers.findIndex((s) => s.name === server.name);
+
+	const { scope: _scope, ...serverWithoutScope } = server;
 	if (idx >= 0) {
-		servers[idx] = server;
+		servers[idx] = serverWithoutScope;
 	} else {
-		servers.push(server);
+		servers.push(serverWithoutScope);
 	}
 
-	await fs.mkdir(join(projectRoot, '.otto'), { recursive: true });
+	await ensureConfigDir(configPath);
 	await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
 }
 
 export async function removeMCPServerFromConfig(
 	projectRoot: string,
 	name: string,
+	globalConfigDir?: string,
 ): Promise<boolean> {
-	const configPath = join(projectRoot, '.otto', 'config.json');
-	let json: Record<string, unknown> = {};
-	try {
-		const text = await fs.readFile(configPath, 'utf-8');
-		json = JSON.parse(text);
-	} catch {
-		return false;
-	}
+	const paths = [
+		...(globalConfigDir ? [join(globalConfigDir, 'config.json')] : []),
+		join(projectRoot, '.otto', 'config.json'),
+	];
+
+	for (const configPath of paths) {
+		let json: Record<string, unknown> = {};
+		try {
+			const text = await fs.readFile(configPath, 'utf-8');
+			json = JSON.parse(text);
+		} catch {
+			continue;
+		}
 
-	const mcp = json.mcp as Record<string, unknown> | undefined;
-	if (!mcp || !Array.isArray(mcp.servers)) return false;
+		const mcp = json.mcp as Record<string, unknown> | undefined;
+		if (!mcp || !Array.isArray(mcp.servers)) continue;
 
-	const servers = mcp.servers as MCPServerConfig[];
-	const idx = servers.findIndex((s) => s.name === name);
-	if (idx < 0) return false;
+		const servers = mcp.servers as MCPServerConfig[];
+		const idx = servers.findIndex((s) => s.name === name);
+		if (idx < 0) continue;
 
-	servers.splice(idx, 1);
-	await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
-	return true;
+		servers.splice(idx, 1);
+		await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
+		return true;
+	}
+
+	return false;
 }

package/src/core/src/mcp/oauth/store.ts

@@ -1,5 +1,6 @@
 import { promises as fs } from 'node:fs';
 import { join } from 'node:path';
+import { getSecureOAuthDir } from '../../../../config/src/paths.ts';
 
 export interface StoredOAuthData {
 	tokens?: {
@@ -22,14 +23,7 @@ export class OAuthCredentialStore {
 	private storePath: string;
 
 	constructor(storePath?: string) {
-		this.storePath =
-			storePath ??
-			join(
-				process.env.HOME ?? process.env.USERPROFILE ?? '',
-				'.config',
-				'otto',
-				'oauth',
-			);
+		this.storePath = storePath ?? getSecureOAuthDir();
 	}
 
 	private filePath(serverName: string): string {

package/src/core/src/mcp/server-manager.ts

@@ -2,6 +2,7 @@ import { MCPClientWrapper, type MCPToolInfo } from './client.ts';
 import type { MCPServerConfig, MCPServerStatus } from './types.ts';
 import { OAuthCredentialStore } from './oauth/store.ts';
 import { OttoOAuthProvider } from './oauth/provider.ts';
+import { createHash } from 'node:crypto';
 
 type IndexedTool = {
 	server: string;
@@ -14,17 +15,36 @@ export class MCPServerManager {
 	private authProviders = new Map<string, OttoOAuthProvider>();
 	private pendingAuth = new Map<string, string>();
 	private oauthStore = new OAuthCredentialStore();
+	private serverScopes = new Map<string, 'global' | 'project'>();
 	private _started = false;
+	private projectRoot: string | null = null;
 
 	get started(): boolean {
 		return this._started;
 	}
 
+	setProjectRoot(projectRoot: string): void {
+		this.projectRoot = projectRoot;
+	}
+
+	private oauthKey(serverName: string): string {
+		const scope = this.serverScopes.get(serverName);
+		if (scope === 'project' && this.projectRoot) {
+			const hash = createHash('sha256')
+				.update(this.projectRoot)
+				.digest('hex')
+				.slice(0, 8);
+			return `${serverName}_proj_${hash}`;
+		}
+		return serverName;
+	}
+
 	async startServers(configs: MCPServerConfig[]): Promise<void> {
 		await this.stopAll();
 
 		for (const config of configs) {
 			if (config.disabled) continue;
+			this.serverScopes.set(config.name, config.scope ?? 'global');
 			await this.startSingleServer(config);
 		}
 		this._started = true;
@@ -38,7 +58,8 @@ export class MCPServerManager {
 			const hasStaticAuth =
 				config.headers?.Authorization || config.headers?.authorization;
 			if (!hasStaticAuth) {
-				const provider = new OttoOAuthProvider(config.name, this.oauthStore, {
+				const key = this.oauthKey(config.name);
+				const provider = new OttoOAuthProvider(key, this.oauthStore, {
 					clientId: config.oauth?.clientId,
 					callbackPort: config.oauth?.callbackPort,
 					scopes: config.oauth?.scopes,
@@ -104,6 +125,7 @@ export class MCPServerManager {
 		this.toolsMap.clear();
 		this.authProviders.clear();
 		this.pendingAuth.clear();
+		this.serverScopes.clear();
 		this._started = false;
 	}
 
@@ -137,8 +159,9 @@ export class MCPServerManager {
 				.filter(([, v]) => v.server === name)
 				.map(([k]) => k);
 			const config = client.serverConfig;
+			const key = this.oauthKey(name);
 			const _authenticated = this.oauthStore
-				.isAuthenticated(name)
+				.isAuthenticated(key)
 				.catch(() => false);
 
 			statuses.push({
@@ -161,8 +184,9 @@ export class MCPServerManager {
 				.filter(([, v]) => v.server === name)
 				.map(([k]) => k);
 			const config = client.serverConfig;
+			const key = this.oauthKey(name);
 			const authenticated = await this.oauthStore
-				.isAuthenticated(name)
+				.isAuthenticated(key)
 				.catch(() => false);
 
 			statuses.push({
@@ -194,7 +218,9 @@ export class MCPServerManager {
 		const transport = config.transport ?? 'stdio';
 		if (transport === 'stdio') return null;
 
-		const provider = new OttoOAuthProvider(config.name, this.oauthStore, {
+		this.serverScopes.set(config.name, config.scope ?? 'global');
+		const key = this.oauthKey(config.name);
+		const provider = new OttoOAuthProvider(key, this.oauthStore, {
 			clientId: config.oauth?.clientId,
 			callbackPort: config.oauth?.callbackPort,
 			scopes: config.oauth?.scopes,
@@ -272,7 +298,8 @@ export class MCPServerManager {
 	async getAuthStatus(
 		name: string,
 	): Promise<{ authenticated: boolean; expiresAt?: number }> {
-		const tokens = await this.oauthStore.loadTokens(name);
+		const key = this.oauthKey(name);
+		const tokens = await this.oauthStore.loadTokens(key);
 		if (!tokens?.access_token) return { authenticated: false };
 		return {
 			authenticated: true,
@@ -282,6 +309,7 @@ export class MCPServerManager {
 
 	async restartServer(config: MCPServerConfig): Promise<void> {
 		await this.stopServer(config.name);
+		this.serverScopes.set(config.name, config.scope ?? 'global');
 		await this.startSingleServer(config);
 	}
 

package/src/core/src/mcp/types.ts

@@ -1,4 +1,5 @@
 export type MCPTransport = 'stdio' | 'http' | 'sse';
+export type MCPScope = 'global' | 'project';
 
 export interface MCPOAuthConfig {
 	clientId?: string;
@@ -21,6 +22,8 @@ export interface MCPServerConfig {
 	oauth?: MCPOAuthConfig;
 
 	disabled?: boolean;
+
+	scope?: MCPScope;
 }
 
 export interface MCPConfig {

package/src/index.ts

@@ -108,6 +108,8 @@ export { createOpencodeModel } from './providers/src/index.ts';
 export type { OpencodeProviderConfig } from './providers/src/index.ts';
 export { createMoonshotModel } from './providers/src/index.ts';
 export type { MoonshotProviderConfig } from './providers/src/index.ts';
+export { createMinimaxModel } from './providers/src/index.ts';
+export type { MinimaxProviderConfig } from './providers/src/index.ts';
 export {
 	createCopilotFetch,
 	createCopilotModel,
@@ -171,6 +173,8 @@ export {
 	getGlobalToolsDir,
 	getGlobalCommandsDir,
 	getSecureAuthPath,
+	getSecureBaseDir,
+	getSecureOAuthDir,
 	getHomeDir,
 } from './config/src/paths.ts';
 export {
@@ -358,6 +362,7 @@ export type {
 	MCPToolInfo,
 	MCPTransport,
 	MCPOAuthConfig,
+	MCPScope,
 	StoredOAuthData,
 	OttoOAuthProviderOptions,
 	CallbackResult,

package/src/providers/src/catalog-manual.ts

@@ -36,6 +36,12 @@ const isAllowedZaiModel = (id: string): boolean => {
 	return false;
 };
 
+const isAllowedMinimaxModel = (id: string): boolean => {
+	if (id === 'MiniMax-M2.5') return true;
+	if (id === 'MiniMax-M2.1') return true;
+	return false;
+};
+
 const SETU_SOURCES: Array<{
 	id: ProviderId;
 	npm: string;
@@ -66,6 +72,11 @@ const SETU_SOURCES: Array<{
 		npm: '@ai-sdk/openai-compatible',
 		family: 'openai-compatible',
 	},
+	{
+		id: 'minimax',
+		npm: '@ai-sdk/anthropic',
+		family: 'minimax',
+	},
 ];
 
 function cloneModel(model: ModelInfo): ModelInfo {
@@ -95,6 +106,7 @@ function buildSetuEntry(base: CatalogMap): ProviderCatalogEntry | null {
 			if (id === 'anthropic') return isAllowedAnthropicModel(model.id);
 			if (id === 'google') return isAllowedGoogleModel(model.id);
 			if (id === 'zai') return isAllowedZaiModel(model.id);
+			if (id === 'minimax') return isAllowedMinimaxModel(model.id);
 			return true;
 		});
 		return sourceModels.map((model) => {

package/src/providers/src/catalog.ts

@@ -3924,6 +3924,30 @@ export const catalog: Partial<Record<ProviderId, ProviderCatalogEntry>> = {
 					output: 131072,
 				},
 			},
+			{
+				id: 'minimax/minimax-m2.5',
+				label: 'MiniMax M2.5',
+				modalities: {
+					input: ['text'],
+					output: ['text'],
+				},
+				toolCall: true,
+				reasoningText: true,
+				attachment: false,
+				temperature: true,
+				releaseDate: '2026-02-12',
+				lastUpdated: '2026-02-12',
+				openWeights: true,
+				cost: {
+					input: 0.3,
+					output: 1.2,
+					cacheRead: 0.03,
+				},
+				limit: {
+					context: 204800,
+					output: 131072,
+				},
+			},
 			{
 				id: 'mistralai/codestral-2508',
 				label: 'Codestral 2508',
@@ -6986,6 +7010,31 @@ export const catalog: Partial<Record<ProviderId, ProviderCatalogEntry>> = {
 					output: 131072,
 				},
 			},
+			{
+				id: 'glm-5',
+				label: 'GLM-5',
+				modalities: {
+					input: ['text'],
+					output: ['text'],
+				},
+				toolCall: true,
+				reasoningText: true,
+				attachment: false,
+				temperature: true,
+				knowledge: '2025-04',
+				releaseDate: '2026-02-11',
+				lastUpdated: '2026-02-11',
+				openWeights: true,
+				cost: {
+					input: 1,
+					output: 3.2,
+					cacheRead: 0.2,
+				},
+				limit: {
+					context: 204800,
+					output: 131072,
+				},
+			},
 			{
 				id: 'gpt-5',
 				label: 'GPT-5',
@@ -7416,6 +7465,31 @@ export const catalog: Partial<Record<ProviderId, ProviderCatalogEntry>> = {
 					npm: '@ai-sdk/anthropic',
 				},
 			},
+			{
+				id: 'minimax-m2.5',
+				label: 'MiniMax M2.5',
+				modalities: {
+					input: ['text'],
+					output: ['text'],
+				},
+				toolCall: true,
+				reasoningText: true,
+				attachment: false,
+				temperature: true,
+				knowledge: '2025-01',
+				releaseDate: '2026-02-12',
+				lastUpdated: '2026-02-12',
+				openWeights: true,
+				cost: {
+					input: 0.3,
+					output: 1.2,
+					cacheRead: 0.06,
+				},
+				limit: {
+					context: 204800,
+					output: 131072,
+				},
+			},
 			{
 				id: 'minimax-m2.5-free',
 				label: 'MiniMax M2.5 Free',
@@ -8134,6 +8208,87 @@ export const catalog: Partial<Record<ProviderId, ProviderCatalogEntry>> = {
 		api: 'https://api.moonshot.ai/v1',
 		doc: 'https://platform.moonshot.ai/docs/api/chat',
 	},
+	minimax: {
+		id: 'minimax',
+		models: [
+			{
+				id: 'MiniMax-M2',
+				label: 'MiniMax-M2',
+				modalities: {
+					input: ['text'],
+					output: ['text'],
+				},
+				toolCall: true,
+				reasoningText: true,
+				attachment: false,
+				temperature: true,
+				releaseDate: '2025-10-27',
+				lastUpdated: '2025-10-27',
+				openWeights: true,
+				cost: {
+					input: 0.3,
+					output: 1.2,
+				},
+				limit: {
+					context: 196608,
+					output: 128000,
+				},
+			},
+			{
+				id: 'MiniMax-M2.1',
+				label: 'MiniMax-M2.1',
+				modalities: {
+					input: ['text'],
+					output: ['text'],
+				},
+				toolCall: true,
+				reasoningText: true,
+				attachment: false,
+				temperature: true,
+				releaseDate: '2025-12-23',
+				lastUpdated: '2025-12-23',
+				openWeights: true,
+				cost: {
+					input: 0.3,
+					output: 1.2,
+				},
+				limit: {
+					context: 204800,
+					output: 131072,
+				},
+			},
+			{
+				id: 'MiniMax-M2.5',
+				label: 'MiniMax-M2.5',
+				modalities: {
+					input: ['text'],
+					output: ['text'],
+				},
+				toolCall: true,
+				reasoningText: true,
+				attachment: false,
+				temperature: true,
+				releaseDate: '2026-02-12',
+				lastUpdated: '2026-02-12',
+				openWeights: true,
+				cost: {
+					input: 0.3,
+					output: 1.2,
+					cacheRead: 0.03,
+					cacheWrite: 0.375,
+				},
+				limit: {
+					context: 204800,
+					output: 131072,
+				},
+			},
+		],
+		label: 'MiniMax (minimax.io)',
+		env: ['MINIMAX_API_KEY'],
+		npm: '@ai-sdk/anthropic',
+		api: 'https://api.minimax.io/anthropic/v1',
+		doc: 'https://platform.minimax.io/docs/guides/quickstart',
+	},
 	copilot: {
 		id: 'copilot',
 		models: [

package/src/providers/src/env.ts

@@ -11,6 +11,7 @@ const ENV_VARS: Record<ProviderId, string> = {
 	zai: 'ZAI_API_KEY',
 	'zai-coding': 'ZAI_CODING_API_KEY',
 	moonshot: 'MOONSHOT_API_KEY',
+	minimax: 'MINIMAX_API_KEY',
 };
 
 export function providerEnvVar(provider: ProviderId): string {

package/src/providers/src/index.ts

@@ -72,5 +72,7 @@ export { createOpencodeModel } from './opencode-client.ts';
 export type { OpencodeProviderConfig } from './opencode-client.ts';
 export { createMoonshotModel } from './moonshot-client.ts';
 export type { MoonshotProviderConfig } from './moonshot-client.ts';
+export { createMinimaxModel } from './minimax-client.ts';
+export type { MinimaxProviderConfig } from './minimax-client.ts';
 export { createCopilotFetch, createCopilotModel } from './copilot-client.ts';
 export type { CopilotOAuthConfig } from './copilot-client.ts';

package/src/providers/src/minimax-client.ts

@@ -0,0 +1,24 @@
+import { createAnthropic } from '@ai-sdk/anthropic';
+import { catalog } from './catalog-merged.ts';
+
+export type MinimaxProviderConfig = {
+	apiKey?: string;
+	baseURL?: string;
+};
+
+export function createMinimaxModel(
+	model: string,
+	config?: MinimaxProviderConfig,
+) {
+	const entry = catalog.minimax;
+	const baseURL =
+		config?.baseURL || entry?.api || 'https://api.minimax.io/anthropic/v1';
+	const apiKey = config?.apiKey || process.env.MINIMAX_API_KEY || '';
+
+	const instance = createAnthropic({
+		apiKey,
+		baseURL,
+	});
+
+	return instance(model);
+}

package/src/providers/src/utils.ts

@@ -124,6 +124,7 @@ export type UnderlyingProviderKey =
 	| 'openai'
 	| 'google'
 	| 'moonshot'
+	| 'minimax'
 	| 'glm'
 	| 'openai-compatible'
 	| null;
@@ -136,6 +137,7 @@ export function getUnderlyingProviderKey(
 	if (provider === 'openai') return 'openai';
 	if (provider === 'google') return 'google';
 	if (provider === 'moonshot') return 'moonshot';
+	if (provider === 'minimax') return 'minimax';
 	if (provider === 'copilot') return 'openai';
 
 	if (provider === 'zai' || provider === 'zai-coding') return 'glm';
@@ -158,6 +160,7 @@ export function getModelFamily(
 	if (provider === 'openai') return 'openai';
 	if (provider === 'google') return 'google';
 	if (provider === 'moonshot') return 'moonshot';
+	if (provider === 'minimax') return 'minimax';
 	if (provider === 'copilot') return 'openai';
 	if (provider === 'zai' || provider === 'zai-coding') return 'glm';
 
@@ -191,6 +194,9 @@ export function getModelFamily(
 		) {
 			return 'glm';
 		}
+		if (lowerModel.includes('minimax')) {
+			return 'minimax';
+		}
 	}
 
 	// 2) Check model's family field in catalog

package/src/types/src/provider.ts

@@ -11,7 +11,8 @@ export type ProviderId =
 	| 'setu'
 	| 'zai'
 	| 'zai-coding'
-	| 'moonshot';
+	| 'moonshot'
+	| 'minimax';
 
 /**
  * Provider family for prompt selection
@@ -21,6 +22,7 @@ export type ProviderFamily =
 	| 'anthropic'
 	| 'google'
 	| 'moonshot'
+	| 'minimax'
 	| 'openai-compatible';
 
 export type ModelProviderBinding = {