feat(provider): add MiMo Free -- keyless Xiaomi MiMo public tier#129
Merged
Conversation
Xiaomi MiMo exposes a free public tier gated by a short-lived JWT that
is bootstrapped from a public endpoint using a machine fingerprint.
Implementation:
- src/adapters/mimo-free.ts: custom ProviderAdapter wrapping openai-chat.
- getMimoJwt(): bootstraps a JWT from api.xiaomimimo.com/api/free-ai/bootstrap
using a SHA-256 machine fingerprint; caches in-process with exp-aware TTL
(5 min early refresh buffer).
- injectMimoSystemMarker(): idempotently prepends the anti-abuse system
message required by the upstream gate (returns 403 without it).
- buildRequest(): async -- fetches JWT, builds body via openai-chat base,
injects marker, sets required headers (X-Mimo-Source, User-Agent,
x-session-affinity, Authorization: Bearer JWT).
- fetchResponse(): retries once on 401/403 with a freshly bootstrapped JWT.
- resetMimoJwtCache(): exported for testing.
- src/server/adapter-resolve.ts: register the 'mimo-free' adapter name.
- src/providers/registry.ts: add mimo-free entry (keyOptional, featured,
liveModels, defaultModel: mimo-auto).
Tests (16 unit tests in tests/mimo-free-provider.test.ts):
- Registry shape (adapter, baseUrl, authKind, keyOptional, featured, liveModels)
- providerConfigSeed propagation
- Key-login map and featured list presence
- System marker injection: prepend, idempotent, non-object passthrough
- Fingerprint: hex format and stability
- JWT cache: fetch-and-cache, error propagation, resetMimoJwtCache re-fetch
- Adapter buildRequest: correct URL, Authorization header, system marker
All 36 tests pass (16 new + 20 parity).
…onal key field in AddProviderModal
Owner
|
Merged into dev and released in v2.7.19 — thanks! Since the bootstrap contract mirrors the official MiMoCode client rather than public docs, we stacked privacy/robustness fixes (65d3fdc): the bootstrap |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds MiMo Free (mimo-free) as a new keyless provider backed by Xiaomi MiMo's free public tier.
How it works
Xiaomi MiMo's free chat endpoint at �pi.xiaomimimo.com/api/free-ai is gated by two anti-abuse mechanisms:
Additional required headers: X-Mimo-Source: mimocode-cli-free, a Chrome-like User-Agent, and x-session-affinity: ses_.
On 401/403, the adapter flushes the JWT cache and retries once with a fresh token.
New files
esetMimoJwtCache, injectMimoSystemMarker, generateMimoFingerprint for testability.
GUI: Free badge + optional key field
Tests
17 new unit tests in ests/mimo-free-provider.test.ts:
All 39 tests pass.
Risk
Medium-low. The JWT bootstrap makes one outbound network call per server lifetime (cached until 5 min before expiry). This call fails gracefully -- a bootstrap error surfaces as a 500 to the requesting client, not a crash. The public tier may be rate-limited, changed, or revoked by Xiaomi MiMo at any time. No existing providers are affected.