Cloudflare challenge (cf-mitigated: challenge) blocks opencode-sse, causing 403 on all agent requests

[kenlngojobs]

Bug Description

MiniMax Agent daemon receives Cloudflare HTML challenge page instead of OpenCode API response, causing all mavis agent requests to fail with 403.

Environment

• Product: MiniMax Agent (desktop app)
• OS: Windows 11
• Region: HKG (Hong Kong)

Evidence from logs

• Component: opencode-sse
• cf-mitigated: challenge
• cf-ray: a01e5c448f0108d1-HKG (and 5 others, see below)
• Response title: Just a moment...
• Response body: Cloudflare HTML challenge page (JavaScript challenge)
• Response server: cloudflare

Full list of cf-ray IDs from the same session

• a01e53769f45ccbf-HKG
• a01e5590598aa8ad-HKG
• a01e55906b1a8546-HKG
• a01e5593ed6909c8-HKG
• a01e5c448f0108d1-HKG
• a01e5c517e2c04e9-HKG
• a01e5c799c0608b8-HKG

Ruled out on user end

• ✅ No local proxy configured (netsh winhttp show proxy = Direct access)
• ✅ Windows Firewall allows outbound
• ✅ Usage quota: 27 / 15,000 tokens (not exceeded)
• ✅ api.minimax.chat reachable from PowerShell directly — only MiniMax Agent daemon receives the challenge
• ✅ The codex_sandbox_offline_block_* firewall rules were unrelated and disabled

Root cause

Cloudflare is intercepting the MiniMax Agent daemon's SSE/API requests and returning a browser challenge page. The Node.js background process cannot execute JavaScript challenges, so it surfaces the 403 to the user.

Request

Please escalate to the platform/API team. MiniMax Agent's OpenCode SSE integration needs either:

1. Cloudflare challenge-bypass handling for verified MiniMax Agent traffic, or
2. Whitelisting of MiniMax Agent's request signature with Cloudflare