@zhangferry-dev/tokendash 1.6.1 → 1.6.2

package/dist/server/quota/adapters/minimax.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const minimaxAdapter: QuotaAdapter;

package/dist/server/quota/adapters/minimax.js

@@ -0,0 +1,77 @@
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { fetchJsonWithTimeout, HttpError, classifyHttpError, windowFromCounts, unixToIso } from '../helpers.js';
+import { readStoredCredential } from '../credentialsFile.js';
+export const minimaxAdapter = {
+    provider: 'minimax',
+    displayName: 'MiniMax Coding Plan',
+    async isConfigured() {
+        return !!resolveCredential();
+    },
+    async fetch() {
+        const cred = resolveCredential();
+        if (!cred) {
+            throw new QuotaError({ state: 'not_configured', message: 'set MINIMAX_API_KEY (Subscription Key)' });
+        }
+        let data;
+        try {
+            data = (await fetchJsonWithTimeout(`${cred.base}/v1/token_plan/remains`, {
+                headers: {
+                    Authorization: `Bearer ${cred.key}`,
+                    'Content-Type': 'application/json',
+                },
+            }));
+        }
+        catch (err) {
+            throw classifyFetchError(err);
+        }
+        if (data.base_resp?.status_code && data.base_resp.status_code !== 0) {
+            throw new QuotaError({
+                state: 'upstream_unavailable',
+                message: data.base_resp.status_msg || `MiniMax error ${data.base_resp.status_code}`,
+            });
+        }
+        const windows = [];
+        for (const m of data.model_remains ?? []) {
+            const model = m.model_name ?? 'MiniMax';
+            const intervalTotal = m.current_interval_total_count ?? 0;
+            const intervalRemaining = m.current_interval_usage_count ?? 0;
+            // used = total - remaining (the "*_usage_count" fields are misnamed).
+            if (intervalTotal > 0) {
+                windows.push(windowFromCounts(`minimax_5h_${model}`, `5-Hour · ${model}`, Math.max(0, intervalTotal - intervalRemaining), intervalTotal, { durationMins: 300, resetsAt: unixToIso(m.end_time) }));
+            }
+            const weeklyTotal = m.current_weekly_total_count ?? 0;
+            const weeklyRemaining = m.current_weekly_usage_count ?? 0;
+            if (weeklyTotal > 0) {
+                windows.push(windowFromCounts(`minimax_weekly_${model}`, `Weekly · ${model}`, Math.max(0, weeklyTotal - weeklyRemaining), weeklyTotal, { durationMins: 10080 }));
+            }
+        }
+        const snap = baseSnapshot('minimax', 'MiniMax Coding Plan', { windows });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function classifyFetchError(err) {
+    if (err instanceof HttpError) {
+        const c = classifyHttpError(err);
+        return new QuotaError(c);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+function resolveCredential() {
+    // 0. Key entered in-app (via the credential sheet) — highest priority.
+    const stored = readStoredCredential('minimax');
+    if (stored) {
+        const region = (process.env.MINIMAX_REGION || '').toLowerCase();
+        const base = stored.baseUrl || (region === 'cn' ? 'https://www.minimaxi.com' : 'https://www.minimax.io');
+        return { key: stored.apiKey, base };
+    }
+    const key = process.env.MINIMAX_API_KEY || process.env.MINIMAX_SUBSCRIPTION_KEY;
+    if (!key)
+        return null;
+    // minimax.io = global, minimaxi.com = China.
+    const region = (process.env.MINIMAX_REGION || '').toLowerCase();
+    const base = region === 'cn'
+        ? (process.env.MINIMAX_BASE_URL || 'https://www.minimaxi.com')
+        : (process.env.MINIMAX_BASE_URL || 'https://www.minimax.io');
+    return { key, base };
+}

package/dist/server/quota/cache.d.ts

@@ -0,0 +1,20 @@
+import type { QuotaSnapshot } from './types.js';
+/**
+ * Per-provider quota cache.
+ *
+ * Keeps the last successful snapshot so a transient refresh failure returns
+ * stale-but-useful data (marked freshness "stale") instead of erasing it.
+ * The cache is in-memory only — quota snapshots are live and short-lived,
+ * so disk persistence (unlike the usage cache) adds no value.
+ */
+export declare class QuotaCache {
+    private readonly ttlMs;
+    private readonly store;
+    constructor(ttlMs?: number);
+    /** Fresh cached snapshot, or null if expired / absent. */
+    getFresh(provider: string): QuotaSnapshot | null;
+    /** Last successful snapshot regardless of TTL (for stale-while-revalidate). */
+    getStale(provider: string): QuotaSnapshot | null;
+    set(snapshot: QuotaSnapshot): void;
+    clear(provider?: string): void;
+}

package/dist/server/quota/cache.js

@@ -0,0 +1,44 @@
+/**
+ * Per-provider quota cache.
+ *
+ * Keeps the last successful snapshot so a transient refresh failure returns
+ * stale-but-useful data (marked freshness "stale") instead of erasing it.
+ * The cache is in-memory only — quota snapshots are live and short-lived,
+ * so disk persistence (unlike the usage cache) adds no value.
+ */
+export class QuotaCache {
+    ttlMs;
+    store = new Map();
+    constructor(ttlMs = 60_000) {
+        this.ttlMs = ttlMs;
+    }
+    /** Fresh cached snapshot, or null if expired / absent. */
+    getFresh(provider) {
+        const entry = this.store.get(provider);
+        if (!entry)
+            return null;
+        if (Date.now() > entry.expiresAt)
+            return null;
+        return { ...entry.snapshot, freshness: 'cached' };
+    }
+    /** Last successful snapshot regardless of TTL (for stale-while-revalidate). */
+    getStale(provider) {
+        const entry = this.store.get(provider);
+        if (!entry)
+            return null;
+        return { ...entry.snapshot, freshness: 'stale' };
+    }
+    set(snapshot) {
+        this.store.set(snapshot.provider, {
+            snapshot,
+            expiresAt: Date.now() + this.ttlMs,
+            updatedAt: Date.now(),
+        });
+    }
+    clear(provider) {
+        if (provider)
+            this.store.delete(provider);
+        else
+            this.store.clear();
+    }
+}

package/dist/server/quota/credentialsFile.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Reads the cross-process credential bridge file written by the Swift app's
+ * CredentialSheet (~/.tokendash/credentials.json). Adapters check this FIRST —
+ * before env vars and settings.json — so a key entered in-app wins.
+ *
+ * Read fresh on each call (no cache) so a credential saved via the sheet takes
+ * effect on the very next quota refresh. The file is tiny, so the cost is nil.
+ */
+export interface StoredCredential {
+    apiKey: string;
+    baseUrl?: string;
+}
+export declare function readStoredCredential(provider: string): StoredCredential | null;

package/dist/server/quota/credentialsFile.js

@@ -0,0 +1,23 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+export function readStoredCredential(provider) {
+    try {
+        const path = join(homedir(), '.tokendash', 'credentials.json');
+        if (!existsSync(path))
+            return null;
+        const all = JSON.parse(readFileSync(path, 'utf8'));
+        const entry = all?.[provider];
+        if (entry && typeof entry === 'object' && typeof entry.apiKey === 'string') {
+            const apiKey = entry.apiKey;
+            if (!apiKey)
+                return null;
+            const baseUrl = entry.baseUrl;
+            return { apiKey, baseUrl: typeof baseUrl === 'string' ? baseUrl : undefined };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/server/quota/helpers.d.ts

@@ -0,0 +1,39 @@
+import type { QuotaWindow } from './types.js';
+/** Shared helpers for provider adapters. */
+/** Convert a Unix timestamp (seconds or ms) to ISO 8601, or undefined. */
+export declare function unixToIso(unix: number | string | null | undefined): string | undefined;
+/** Clamp a percentage to 0-100. */
+export declare function clampPercent(v: number): number;
+/** Build a QuotaWindow from used/limit percentages. */
+export declare function windowFromPercent(id: string, label: string, usedPercent: number, opts?: {
+    durationMins?: number;
+    resetsAt?: string;
+    used?: number;
+    limit?: number;
+    modelName?: string;
+    isUnlimited?: boolean;
+}): QuotaWindow;
+/** Build a QuotaWindow from absolute used/limit counts. */
+export declare function windowFromCounts(id: string, label: string, used: number, limit: number, opts?: {
+    durationMins?: number;
+    resetsAt?: string;
+    modelName?: string;
+}): QuotaWindow;
+/**
+ * Fetch JSON with a timeout. Adapters that hit HTTP APIs use this so they
+ * share redaction + abort behavior. Returns parsed JSON or throws.
+ */
+export declare function fetchJsonWithTimeout(url: string, opts?: {
+    headers?: Record<string, string>;
+    timeoutMs?: number;
+}): Promise<unknown>;
+export declare class HttpError extends Error {
+    readonly status: number;
+    readonly body: string;
+    constructor(status: number, body: string);
+}
+/** Map an HTTP status to a coarse auth/upstream classification. */
+export declare function classifyHttpError(err: HttpError): {
+    state: 'auth_failed' | 'rate_limited' | 'upstream_unavailable';
+    message: string;
+};

package/dist/server/quota/helpers.js

@@ -0,0 +1,93 @@
+/** Shared helpers for provider adapters. */
+/** Convert a Unix timestamp (seconds or ms) to ISO 8601, or undefined. */
+export function unixToIso(unix) {
+    if (unix === null || unix === undefined || unix === '')
+        return undefined;
+    const n = typeof unix === 'string' ? parseInt(unix, 10) : unix;
+    if (!Number.isFinite(n) || n <= 0)
+        return undefined;
+    // Codex/MiniMax use seconds or ms; disambiguate by magnitude.
+    const ms = n > 1e12 ? n : n * 1000;
+    return new Date(ms).toISOString();
+}
+/** Clamp a percentage to 0-100. */
+export function clampPercent(v) {
+    if (!Number.isFinite(v))
+        return 0;
+    return Math.max(0, Math.min(100, v));
+}
+/** Round to 1 decimal place so 61.1999... → 61.2, integers unchanged. */
+function round1(v) {
+    return Math.round(v * 10) / 10;
+}
+/** Build a QuotaWindow from used/limit percentages. */
+export function windowFromPercent(id, label, usedPercent, opts = {}) {
+    const used = round1(clampPercent(usedPercent));
+    return {
+        id,
+        label,
+        usedPercent: used,
+        remainingPercent: round1(100 - used),
+        durationMins: opts.durationMins,
+        resetsAt: opts.resetsAt,
+        used: opts.used,
+        limit: opts.limit,
+        modelName: opts.modelName,
+        isUnlimited: opts.isUnlimited,
+    };
+}
+/** Build a QuotaWindow from absolute used/limit counts. */
+export function windowFromCounts(id, label, used, limit, opts = {}) {
+    if (limit <= 0) {
+        return { id, label, usedPercent: 0, remainingPercent: 100, used, limit, isUnlimited: true, ...opts };
+    }
+    const pct = round1(clampPercent((used / limit) * 100));
+    return {
+        id,
+        label,
+        usedPercent: pct,
+        remainingPercent: round1(100 - pct),
+        used,
+        limit,
+        ...opts,
+    };
+}
+/**
+ * Fetch JSON with a timeout. Adapters that hit HTTP APIs use this so they
+ * share redaction + abort behavior. Returns parsed JSON or throws.
+ */
+export async function fetchJsonWithTimeout(url, opts = {}) {
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), opts.timeoutMs ?? 8_000);
+    try {
+        const res = await fetch(url, { headers: opts.headers, signal: ctrl.signal });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new HttpError(res.status, body.slice(0, 200));
+        }
+        return await res.json();
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+export class HttpError extends Error {
+    status;
+    body;
+    constructor(status, body) {
+        super(`HTTP ${status}`);
+        this.status = status;
+        this.body = body;
+        this.name = 'HttpError';
+    }
+}
+/** Map an HTTP status to a coarse auth/upstream classification. */
+export function classifyHttpError(err) {
+    if (err.status === 401 || err.status === 403) {
+        return { state: 'auth_failed', message: 'credential rejected by provider' };
+    }
+    if (err.status === 429) {
+        return { state: 'rate_limited', message: 'provider throttled the request' };
+    }
+    return { state: 'upstream_unavailable', message: `provider returned HTTP ${err.status}` };
+}

package/dist/server/quota/index.d.ts

@@ -0,0 +1,5 @@
+import { QuotaCache } from './cache.js';
+import { QuotaService } from './quotaService.js';
+export type { QuotaSnapshot, QuotaWindow, QuotaProviderStatus, QuotaResponse, QuotaProviderId } from './types.js';
+export declare const quotaCache: QuotaCache;
+export declare const quotaService: QuotaService;

package/dist/server/quota/index.js

@@ -0,0 +1,23 @@
+/**
+ * Quota module entry point.
+ *
+ * Builds the singleton adapter registry + service. The rest of the server
+ * imports `quotaService` from here; adapters are wired in registration order,
+ * which becomes the dashboard display order.
+ */
+import { QuotaAdapterRegistry } from './adapter.js';
+import { QuotaCache } from './cache.js';
+import { QuotaService } from './quotaService.js';
+import { codexAdapter } from './adapters/codex.js';
+import { claudeAdapter } from './adapters/claude.js';
+import { glmAdapter } from './adapters/glm.js';
+import { minimaxAdapter } from './adapters/minimax.js';
+import { kimiAdapter } from './adapters/kimi.js';
+const registry = new QuotaAdapterRegistry();
+registry.register(claudeAdapter);
+registry.register(codexAdapter);
+registry.register(glmAdapter);
+registry.register(minimaxAdapter);
+registry.register(kimiAdapter);
+export const quotaCache = new QuotaCache();
+export const quotaService = new QuotaService(registry, quotaCache);

package/dist/server/quota/quotaService.d.ts

@@ -0,0 +1,37 @@
+import type { QuotaSnapshot, QuotaProviderId, QuotaResponse } from './types.js';
+import type { QuotaAdapterRegistry } from './adapter.js';
+import { QuotaCache } from './cache.js';
+/**
+ * Deep quota service. Owns discovery, concurrency, deduplication, caching,
+ * stale-while-revalidate, timeouts, and error classification. Adapters only
+ * detect + fetch + normalize; everything cross-cutting lives here.
+ */
+export declare class QuotaService {
+    private readonly registry;
+    private readonly cache;
+    private readonly configuredCache;
+    /** Cap concurrent upstream calls so a slow provider can't block the others. */
+    private readonly fetchTimeoutMs;
+    /** In-flight promises keyed by provider id, to dedupe concurrent requests. */
+    private readonly inflight;
+    constructor(registry: QuotaAdapterRegistry, cache?: QuotaCache, configuredCache?: QuotaProviderId[] | null, fetchTimeoutMs?: number);
+    /**
+     * List provider ids that are configured locally. Cheap (no network).
+     * The dashboard only shows these — not-configured providers are excluded.
+     */
+    discover(): Promise<QuotaProviderId[]>;
+    /**
+     * Fetch one provider's snapshot. Fresh if available; stale-but-retained
+     * on failure; never throws (errors become structured statuses).
+     */
+    fetchOne(provider: QuotaProviderId): Promise<QuotaSnapshot | null>;
+    /**
+     * Fetch all configured providers concurrently. Partial success: one
+     * provider's failure never breaks the others. Order = registry order.
+     */
+    fetchAll(): Promise<QuotaResponse>;
+    /** Force a refresh of all configured providers, bypassing the cache. */
+    refreshAll(): Promise<QuotaResponse>;
+    private fetchWithTimeout;
+    private handleFailure;
+}

package/dist/server/quota/quotaService.js

@@ -0,0 +1,141 @@
+import { QuotaError } from './adapter.js';
+import { QuotaCache } from './cache.js';
+import { validateQuotaSnapshot } from './schemas.js';
+/**
+ * Deep quota service. Owns discovery, concurrency, deduplication, caching,
+ * stale-while-revalidate, timeouts, and error classification. Adapters only
+ * detect + fetch + normalize; everything cross-cutting lives here.
+ */
+export class QuotaService {
+    registry;
+    cache;
+    configuredCache;
+    /** Cap concurrent upstream calls so a slow provider can't block the others. */
+    fetchTimeoutMs;
+    /** In-flight promises keyed by provider id, to dedupe concurrent requests. */
+    inflight = new Map();
+    constructor(registry, cache = new QuotaCache(), configuredCache = null, fetchTimeoutMs = 8_000) {
+        this.registry = registry;
+        this.cache = cache;
+        this.configuredCache = configuredCache;
+        this.fetchTimeoutMs = fetchTimeoutMs;
+    }
+    /**
+     * List provider ids that are configured locally. Cheap (no network).
+     * The dashboard only shows these — not-configured providers are excluded.
+     */
+    async discover() {
+        const all = this.registry.list();
+        const checks = await Promise.all(all.map(async (a) => ({ id: a.provider, configured: await safeIsConfigured(a) })));
+        return checks.filter((c) => c.configured).map((c) => c.id);
+    }
+    /**
+     * Fetch one provider's snapshot. Fresh if available; stale-but-retained
+     * on failure; never throws (errors become structured statuses).
+     */
+    async fetchOne(provider) {
+        // 1. Fresh cache hit
+        const fresh = this.cache.getFresh(provider);
+        if (fresh)
+            return fresh;
+        const adapter = this.registry.get(provider);
+        if (!adapter)
+            return null;
+        // 2. Dedupe concurrent requests for the same provider
+        let p = this.inflight.get(provider);
+        if (!p) {
+            p = this.fetchWithTimeout(adapter).finally(() => this.inflight.delete(provider));
+            this.inflight.set(provider, p);
+        }
+        return p;
+    }
+    /**
+     * Fetch all configured providers concurrently. Partial success: one
+     * provider's failure never breaks the others. Order = registry order.
+     */
+    async fetchAll() {
+        const ids = this.configuredCache ?? (await this.discover());
+        const byId = new Map();
+        const snapshots = await Promise.all(ids.map((id) => this.fetchOne(id)));
+        // Preserve registry order regardless of completion order.
+        for (const adapter of this.registry.list()) {
+            const snap = snapshots.find((s) => s?.provider === adapter.provider);
+            if (snap)
+                byId.set(adapter.provider, snap);
+        }
+        return { providers: this.registry.list().map((a) => byId.get(a.provider)).filter((s) => !!s) };
+    }
+    /** Force a refresh of all configured providers, bypassing the cache. */
+    async refreshAll() {
+        // Cache-clear only the freshness gate; stale data is still retained by fetchOne on failure.
+        this.configuredCache?.forEach(() => { });
+        for (const adapter of this.registry.list()) {
+            this.cache.clear(adapter.provider);
+        }
+        return this.fetchAll();
+    }
+    async fetchWithTimeout(adapter) {
+        try {
+            const snapshot = await withTimeout(adapter.fetch(), this.fetchTimeoutMs, adapter.provider);
+            const validated = validateQuotaSnapshot(snapshot);
+            this.cache.set(validated);
+            return validated;
+        }
+        catch (err) {
+            return this.handleFailure(adapter, err);
+        }
+    }
+    handleFailure(adapter, err) {
+        let status;
+        if (err instanceof QuotaError) {
+            status = err.status;
+        }
+        else if (err instanceof TimeoutError) {
+            status = { state: 'timed_out', message: `upstream did not respond within ${this.fetchTimeoutMs}ms` };
+        }
+        else {
+            status = { state: 'error', message: redact(err), category: 'unexpected' };
+        }
+        // Retain last good snapshot as stale.
+        const stale = this.cache.getStale(adapter.provider);
+        if (stale) {
+            return { ...stale, freshness: 'stale', status };
+        }
+        // No prior data — surface the structured error so the user can act on it.
+        return {
+            provider: adapter.provider,
+            displayName: adapter.displayName,
+            fetchedAt: new Date().toISOString(),
+            freshness: 'stale',
+            windows: [],
+            status,
+        };
+    }
+}
+class TimeoutError extends Error {
+    constructor(provider) {
+        super(`quota fetch timed out: ${provider}`);
+        this.name = 'TimeoutError';
+    }
+}
+function withTimeout(p, ms, provider) {
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => reject(new TimeoutError(provider)), ms);
+        p.then((v) => { clearTimeout(timer); resolve(v); }, (e) => { clearTimeout(timer); reject(e); });
+    });
+}
+async function safeIsConfigured(adapter) {
+    try {
+        return await adapter.isConfigured();
+    }
+    catch {
+        return false;
+    }
+}
+/** Strip anything that looks like a token/key from an error before it surfaces. */
+function redact(err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return msg.replace(/(sk-[A-Za-z0-9_-]{6,})[A-Za-z0-9_-]*/g, '$1…')
+        .replace(/(Bearer\s+)[A-Za-z0-9._-]+/gi, '$1…')
+        .slice(0, 200);
+}