Skip to content

fix(usage): improve Claude and MiniMax plan label detection#2498

Open
Gi99lin wants to merge 3 commits into
diegosouzapw:mainfrom
Gi99lin:fix/claude-minimax-plan-labels
Open

fix(usage): improve Claude and MiniMax plan label detection#2498
Gi99lin wants to merge 3 commits into
diegosouzapw:mainfrom
Gi99lin:fix/claude-minimax-plan-labels

Conversation

@Gi99lin
Copy link
Copy Markdown
Contributor

@Gi99lin Gi99lin commented May 21, 2026

Summary

  • Claude: skip generic Claude Code plan when OAuth has no tier; prefer bootstrap organization_rate_limit_tier; UI ignores default_claude_ai org type and maps default_claude_max_* to Max badges.
  • MiniMax: parse plan_name / subscribe titles from API; infer Starter/Plus/Max from session quota totals when title is missing; tighten auth-error detection to API status message only.

Complements PR #2496 (Antigravity tier only) — no overlap in scope.

Test plan

  • provider-limits-ui.test.ts — Claude bootstrap tiers, MiniMax title normalization
  • usage-service-hardening.test.ts — MiniMax plan from plan_name and inferred Max tier; Claude default plan is undefined without tier

@Gi99lin @cursoragent
fix(usage): improve Claude and MiniMax plan label detection
acfdfc0 
Parse MiniMax plan titles and infer tier from quota totals; skip generic
Claude Code fallback when OAuth has no tier. UI maps default_claude_max_* and
Starter badges correctly.

Co-authored-by: Cursor <cursoragent@cursor.com>
@Gi99lin Gi99lin requested a review from diegosouzapw as a code owner May 21, 2026 14:37
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances plan identification and normalization for MiniMax and Claude providers. Key changes include the addition of utility functions to extract and clean plan labels from API payloads, the implementation of usage-based plan inference for MiniMax, and refinements to the UI normalization logic to prevent false positives when matching plan tiers. Feedback suggests extending the use of word-boundary regex to other tier keywords like 'PRO' and 'LITE' to ensure consistent and robust detection across all providers.

Comment thread src/app/(dashboard)/dashboard/usage/components/ProviderLimits/utils.tsx Outdated
Comment on lines 498 to 500
if (/(?:^|[^A-Z])MAX(?:[^A-Z]|$)/.test(upper)) {
return { key: "ultra", label: "Max", variant: "success", rank: 4, raw };
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The new regex for MAX correctly prevents false positives from substrings like MINIMAX. However, other tier keywords like PRO, LITE, or PLUS are still using upper.includes(), which could lead to similar issues if they appear as substrings in future provider names or labels (e.g., APPROVE, LITERAL). Consider applying a similar word-boundary regex to these checks for consistency and robustness.

@Gi99lin @cursoragent
refactor(usage): use word-boundary tier tokens for PRO, LITE, PLUS
04f2fc5 
Address PR review: share hasTierToken helper with MAX matching to avoid
substring false positives across plan label normalization.

Co-authored-by: Cursor <cursoragent@cursor.com>
kilo-code-bot[bot]
kilo-code-bot Bot reviewed May 21, 2026
View reviewed changes
Comment thread src/app/(dashboard)/dashboard/usage/components/ProviderLimits/utils.tsx Outdated

/** Match tier tokens as whole words (avoids MINIMAX → Max, APPROVE → Pro, etc.). */
function hasTierToken(upper: string, token: string): boolean {
const pattern = new RegExp(`(?:^|[^A-Z])${token}(?:[^A-Z]|$)`);
Copy link
Copy Markdown

@kilo-code-bot kilo-code-bot Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Unescaped regex injection risk

The token parameter is passed directly into new RegExp() without escaping special regex characters. While current callers use safe hardcoded tokens ("MAX", "PRO", "STARTER", "LITE", "PLUS"), future callers could accidentally pass tokens containing regex metacharacters like *, +, ., ?, [, ], causing unexpected behavior or ReDoS.

Consider using a regex escape utility: token.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')

Comment thread open-sse/services/usage.ts
response.status === 403 ||
apiStatusCode === 1004 ||
authLikeMessage.test(combinedMessage)
authLikeStatusMessage.test(apiStatusMessage)
Copy link
Copy Markdown

@kilo-code-bot kilo-code-bot Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Narrowed auth error detection scope

Changed from testing combinedMessage (status_msg + raw response text) to only apiStatusMessage. If the upstream API returns auth-related errors in other response fields or the raw body (but not in status_msg), they won't be detected as auth failures anymore.

The fallback at line 422 (apiStatusMessage || combinedMessage) helps with error message formatting but not with detection. Consider whether combinedMessage should still be tested as a fallback condition.

@kilo-code-bot
Copy link
Copy Markdown

kilo-code-bot Bot commented May 21, 2026
edited
Loading

Code Review Summary

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 1
Issue Details (click to expand)

WARNING

File Line Issue
src/app/(dashboard)/dashboard/usage/components/ProviderLimits/utils.tsx 64 hasTierToken doesn't escape token parameter before using in new RegExp(). While current callers use safe hardcoded tokens, future callers could pass regex metacharacters causing unexpected behavior.

SUGGESTION

File Line Issue
open-sse/services/usage.ts 420 MiniMax auth detection narrowed from combinedMessage to only apiStatusMessage. Auth errors appearing in other response fields won't be detected. Consider keeping combinedMessage as fallback detection.
Other Observations (not in diff)

No issues found outside the diff.

Files Reviewed (4 files)
  • open-sse/services/usage.ts - 1 suggestion (auth detection scope narrowing)
  • src/app/(dashboard)/dashboard/usage/components/ProviderLimits/utils.tsx - 1 warning (unescaped regex token)
  • tests/unit/provider-limits-ui.test.ts - Tests look comprehensive and well-structured
  • tests/unit/usage-service-hardening.test.ts - Test assertions updated correctly for new behavior

Reviewed by qwen3.6-plus · 429,838 tokens

@Gi99lin @cursoragent
fix(usage): harden tier token matching per review
a57162a 
Escape regex tokens in hasTierToken, apply word-boundary checks to
PREMIUM/LIGHT/PAID, and add regression tests for MiniMax/APPROVE false positives.

Co-authored-by: Cursor <cursoragent@cursor.com>
@kilo-code-bot
Copy link
Copy Markdown

kilo-code-bot Bot commented May 21, 2026

Kilo Code Review could not run — your account is out of credits.

Add credits or switch to a free model to enable reviews on this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kilo-code-bot kilo-code-bot[bot] kilo-code-bot[bot] left review comments

@diegosouzapw diegosouzapw Awaiting requested review from diegosouzapw diegosouzapw is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Gi99lin