From 39bf4241e4f5075f9b218292855f6c8e5491de94 Mon Sep 17 00:00:00 2001 From: orchestrator Date: Sat, 9 May 2026 22:37:03 -0700 Subject: [PATCH] fix(secrets): wire dev-department LLM env to MiniMax-M2.7 (Token Plan key) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Every workspace.yaml pins runtime: claude-code + model: MiniMax-M2.7, but dev-lead/.env.example provisioned CLAUDE_CODE_OAUTH_TOKEN (Anthropic-direct) — so a freshly-imported dev-department workspace had a Claude OAuth token and a MiniMax model reference that don't match, and would fail to call the model. - dev-lead/.env.example: replace the LLM block with the Claude-Code->MiniMax Anthropic-compat wiring (ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic + ANTHROPIC_AUTH_TOKEN=), with a note that the same value is in the operator SSOT as MINIMAX_API_KEY and how to switch back to Anthropic-direct. - SECRETS_MATRIX.md: 'All workspaces' row now states MiniMax-M2.7 (Token Plan key) as the current default LLM, with the SSOT pointer. Endpoint verified live: POST https://api.minimax.io/anthropic/v1/messages with the Token Plan key -> 200, MiniMax-M2.7 response. Key provisioned in SSOT per internal#211. Note: no post-rebuild-setup.sh found in this repo; if one exists elsewhere (parent template / CP tooling) and hardcodes the LLM env, it needs the same update. --- SECRETS_MATRIX.md | 2 +- dev-lead/.env.example | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/SECRETS_MATRIX.md b/SECRETS_MATRIX.md index d45978c..ba74ceb 100644 --- a/SECRETS_MATRIX.md +++ b/SECRETS_MATRIX.md @@ -10,7 +10,7 @@ The platform supports per-workspace `.env` files (loaded by `org_import.go` and | Role | Secrets it gets | Scope of action enabled | |---|---|---| -| **All workspaces** (org-root `.env`) | `CLAUDE_CODE_OAUTH_TOKEN` (or model-specific equivalent: `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`) | Run the LLM. Required for any agent to think. | +| **All workspaces** (org-root `.env`) | **Current default (MiniMax-M2.7 — `model:` in every workspace.yaml):** `ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic` + `ANTHROPIC_AUTH_TOKEN=`. Alternatives: `CLAUDE_CODE_OAUTH_TOKEN` / `ANTHROPIC_API_KEY` (Anthropic-direct), or `OPENAI_API_KEY`. | Run the LLM. Required for any agent to think. The MiniMax Token Plan key is in the operator SSOT as `MINIMAX_API_KEY` (+ `MINIMAX_BASE_URL`); see `internal#211`. | | **PM** | `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID` (CEO comms only) | Send Telegram messages to CEO. Max 2-3/day per SHARED_RULES rule 11. | | **Dev Lead, Core Lead, App Lead, CP Lead, Infra Lead, SDK Lead** | `GH_TOKEN` (write) | `tea pr merge`, `tea issue close`, `tea pr review --approve` on the team's repo. SHARED_RULES rule 9: Leads merge in their domain. | | **Triage Operator** | `GH_TOKEN` (write, org-wide) | Cross-org triage: close stale, label, escalate. May merge mechanical PRs only. | diff --git a/dev-lead/.env.example b/dev-lead/.env.example index edfad6e..a4e711c 100644 --- a/dev-lead/.env.example +++ b/dev-lead/.env.example @@ -7,8 +7,22 @@ # from rule 10 (CI green + qa-agent + security-auditor-agent + uiux-agent # APPROVED or N/A waiver). -# --- LLM --- -CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-... +# --- LLM: MiniMax-M2.7 via MiniMax "Token Plan" key --- +# This workspace's runtime is `claude-code` and workspace.yaml pins +# `model: MiniMax-M2.7`. Claude Code reaches MiniMax through MiniMax's +# Anthropic-compatible endpoint, so the auth env it needs is: +ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic +ANTHROPIC_AUTH_TOKEN=sk-cp-... +# Get the token from https://platform.minimax.io/user-center/payment/token-plan +# ("Token Plan Key"). The operator's unified credentials file exposes the same +# value as MINIMAX_API_KEY (+ MINIMAX_BASE_URL=https://api.minimax.io); see +# internal#211. If the platform runtime maps `model:` -> endpoint itself, then +# MINIMAX_API_KEY alone is enough and these two ANTHROPIC_* lines can be dropped. +# +# To run this team on Anthropic-direct instead, set +# CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-... +# (or ANTHROPIC_API_KEY=sk-ant-...), drop the ANTHROPIC_BASE_URL line, and +# change `model:` in the workspace.yaml files accordingly. # --- GitHub (full repo write — Dev Lead merges) --- # Generate a fine-grained PAT with scope: -- 2.45.2