feat: Z.AI rate limit handling and GitHub Copilot PAT support

Problem: Multiple issues with rate limit detection and API authentication.

Solution: Comprehensive fixes for Z.AI rate limit handling, improved header
capture for curl streaming, and static PAT support for GitHub Copilot.

Rate Limit Handling (Z.AI):
- Handle Z.AI rate limit code 1310 (weekly/monthly limit exhaustion)
- Parse x-ratelimit-user-retry-after header for accurate reset times
- Improve human-readable time formatting (hours/days instead of seconds)
- Add debug logging to capture all rate limit headers for diagnosis
- Fix header parsing to properly extract X-RateLimit-User-Retry-After

Curl Streaming Fixes:
- Buffer chunks during streaming and deliver after headers are parsed
- Create response object lazily with correct headers after header file is read
- Add debug logging for header parsing to diagnose header capture issues
- Ensure callback receives correct response object with parsed headers

GitHub Copilot Static PAT Support:
- Allow static API key fallback when GitHub authentication is unavailable
- Support fine-grained PATs (ghu_ prefix) with individual endpoint directly
- Set using_exchanged_token flag when using PAT for proper header support
- Skip GitHub auth checks when static API key is configured
- Fix billing multiplier check for when model prefix is used

Config Storage Fix:
- Prevent flat api_base from overriding per-provider storage
- Check for provider-specific api_keys before falling back

Documentation:
- Standardize MiniMax model recommendation for all sub-agents
- Add comprehensive system prompt and documentation review

Bug Fixes:
- Add missing log_info import in PromptManager
- Remove duplicate empty elsif block in ResponseHandler error handling

Testing:
- Verified Z.AI rate limit codes 1308 and 1310 are handled correctly
- Verified curl streaming properly captures and delivers rate limit headers
- Verified GitHub Copilot works with both GitHub auth and static PATs
- All unit tests pass

Author: fewtarius

AGENTS.md

@@ -111,6 +111,17 @@ Terminal Output (with color/theme)
 
 ---
 
+## Model Selection
+
+**Use MiniMax for all sub-agents:**
+```
+agent_operations(operation: "spawn", task: "...", working_dir: "./CLIO", model: "minimax/minimax-m2.7")
+```
+
+MiniMax-M2.7 via MiniMax is the recommended default for all standard tasks: investigation, QA, implementation, code review, refactoring, documentation.
+
+---
+
 ## Code Style
 
 **Perl Conventions:**

VERSION

@@ -1 +1 @@
-20260418.5
+20260419.1

lib/CLIO.pm

@@ -7,15 +7,15 @@ use strict;
 use warnings;
 use utf8;
 
-our $VERSION = '20260418.5';
+our $VERSION = '20260419.1';
 
 =head1 NAME
 
 CLIO - Command Line Intelligence Orchestrator
 
 =head1 VERSION
 
-Version 20260418.5
+Version 20260419.1
 
 =head1 DESCRIPTION
 

lib/CLIO/Compat/HTTP.pm

@@ -403,9 +403,9 @@ sub _request_via_curl_streaming {
 
     # Read and deliver chunks incrementally
     my $accumulated_content = '';
-    my $resp_obj;
     my $read_buf;
     my $chunk_size = 4096;  # Read in 4KB chunks for responsive streaming
+    my @chunks;  # Buffer chunks to deliver after headers are parsed
 
     # sysread on the pipe will block until data arrives or be interrupted by signals
     # The ALRM signal handler (set by Chat.pm) fires every second, causing EINTR
@@ -423,23 +423,7 @@ sub _request_via_curl_streaming {
         last if $bytes == 0;  # EOF
 
         $accumulated_content .= $read_buf;
-        
-        # Create response object lazily (we don't have headers yet from pipe mode)
-        if (!$resp_obj) {
-            $resp_obj = bless {
-                success => 1,  # Assume success, will verify later
-                status => 200,
-                reason => 'OK',
-                content => '',
-                headers => {},
-            }, 'CLIO::Compat::HTTP::Response';
-        }
-        
-        # Deliver chunk to callback
-        eval { $callback->($read_buf, $resp_obj, undef); };
-        if ($@) {
-            log_warning('HTTP::curl_streaming', "Callback error: $@");
-        }
+        push @chunks, $read_buf;  # Buffer chunk for later delivery
     }
 
     close($curl_fh);
@@ -466,9 +450,11 @@ sub _request_via_curl_streaming {
     my %resp_headers;
 
     if (open(my $hfh, '<', $hdr_file)) {
+        log_debug('HTTP::curl_streaming', "Parsing headers from $hdr_file");
         while (my $line = <$hfh>) {
             chomp $line;
             $line =~ s/\r$//;
+            log_debug('HTTP::curl_streaming', "Header line: $line");
             if ($line =~ /^HTTP\/[\d.]+\s+(\d+)\s*(.*)$/) {
                 $status = $1;
                 $reason = $2 // '';
@@ -477,6 +463,9 @@ sub _request_via_curl_streaming {
             }
         }
         close $hfh;
+        log_debug('HTTP::curl_streaming', "Parsed " . scalar(keys %resp_headers) . " headers: " . join(", ", keys %resp_headers));
+    } else {
+        log_debug('HTTP::curl_streaming', "Failed to open header file $hdr_file: $!");
     }
 
     # If no HTTP status was parsed from headers, check curl exit code
@@ -514,13 +503,27 @@ sub _request_via_curl_streaming {
         log_debug('HTTP', "Streaming complete: status=$status, " . length($accumulated_content) . " bytes, exit_code=$exit_code");
     }
 
-    return {
+    # Create response object with correct headers (parsed from header file)
+    # and deliver buffered chunks to callback
+    my $final_response = bless {
         success => ($status >= 200 && $status < 300),
         status => $status,
         reason => $reason,
         headers => \%resp_headers,
         content => $accumulated_content,
-    };
+    }, 'CLIO::Compat::HTTP::Response';
+    
+    # Deliver buffered chunks to callback with correct response object
+    if ($callback) {
+        for my $chunk (@chunks) {
+            eval { $callback->($chunk, $final_response, undef); };
+            if ($@) {
+                log_warning('HTTP::curl_streaming', "Callback error: $@");
+            }
+        }
+    }
+    
+    return $final_response;
 }
 
 =head2 request

lib/CLIO/Core/API/ResponseHandler.pm

@@ -344,6 +344,24 @@ sub handle_error_response {
                 $reset_timestamp = $passed_headers->header('X-RateLimit-Reset');
             }
         }
+        
+        # Debug: log all rate limit headers for weekly/monthly limit diagnosis
+        if ($detected_rate_limit_code && $detected_rate_limit_code =~ /user_weekly_rate_limited|user_monthly_rate_limited/i) {
+            my $header_debug = 'Rate limit headers debug: ';
+            if (ref($passed_headers) eq 'HASH') {
+                $header_debug .= "hash{retry-after}=$passed_headers->{'retry-after'}, ";
+                $header_debug .= "hash{x-ratelimit-user-retry-after}=$passed_headers->{'x-ratelimit-user-retry-after'}, ";
+                $header_debug .= "hash{x-ratelimit-reset}=$passed_headers->{'x-ratelimit-reset'}";
+            } elsif (ref($passed_headers) && $passed_headers->can('header')) {
+                $header_debug .= "object{" . ref($passed_headers) . "}";
+                $header_debug .= " Retry-After=" . (defined($passed_headers->header('Retry-After')) ? "'" . $passed_headers->header('Retry-After') . "'" : 'undef');
+                $header_debug .= " X-RateLimit-User-Retry-After=" . (defined($passed_headers->header('X-RateLimit-User-Retry-After')) ? "'" . $passed_headers->header('X-RateLimit-User-Retry-After') . "'" : 'undef');
+                $header_debug .= " X-RateLimit-Reset=" . (defined($passed_headers->header('X-RateLimit-Reset')) ? "'" . $passed_headers->header('X-RateLimit-Reset') . "'" : 'undef');
+            } else {
+                $header_debug .= "passed_headers is " . (defined($passed_headers) ? "'$passed_headers' (" . ref($passed_headers) . ")" : 'undef');
+            }
+            log_info('ResponseHandler', $header_debug);
+        }
 
         if ($error =~ /retry in ([\d.]+)\s*s(?:econds?)?/i) {
             $retry_after = int($1) + 1;
@@ -390,17 +408,34 @@ sub handle_error_response {
         log_debug('ResponseHandler', "Rate limit check: detected_code=$detected_rate_limit_code, retry_after=$retry_after, reset_ts=$reset_timestamp");
         log_debug('ResponseHandler', "Rate limit error_obj: " . encode_json($error_obj)) if $error_obj;
         if ($detected_rate_limit_code && $detected_rate_limit_code =~ /user_weekly_rate_limited|user_monthly_rate_limited/i) {
-            # For weekly/monthly limits, use reset_timestamp if available to get accurate time
+            # For weekly/monthly limits, we need the actual reset time from x-ratelimit-user-retry-after
+            # The short retry-after header (e.g., "4") is misleading for weekly limits
             my $actual_retry_after;
-            if ($reset_timestamp && $reset_timestamp =~ /^\d+$/ && $reset_timestamp > time()) {
+            my $long_retry_header;
+            
+            # Try to get the long-duration retry header specifically
+            if (ref($passed_headers) eq 'HASH') {
+                $long_retry_header = $passed_headers->{'x-ratelimit-user-retry-after'};
+            } elsif ($passed_headers && $passed_headers->can('header')) {
+                $long_retry_header = $passed_headers->header('X-RateLimit-User-Retry-After');
+            }
+            
+            if ($long_retry_header && $long_retry_header =~ /^\d+$/) {
+                # x-ratelimit-user-retry-after is already in seconds
+                $actual_retry_after = int($long_retry_header);
+                log_info('ResponseHandler', "Using x-ratelimit-user-retry-after: ${actual_retry_after}s");
+            } elsif ($reset_timestamp && $reset_timestamp =~ /^\d+$/ && $reset_timestamp > time()) {
                 $actual_retry_after = int($reset_timestamp - time());
             } elsif (defined $self->{_rate_limit_reset_in} && $self->{_rate_limit_reset_in} > 0) {
                 # Use cached reset time from previous successful responses
                 $actual_retry_after = $self->{_rate_limit_reset_in};
                 log_info('ResponseHandler', "Using cached rate limit reset time: ${actual_retry_after}s");
             } else {
                 # API didn't provide accurate reset time - don't show misleading value
-                log_info('ResponseHandler', "No reset time available: _rate_limit_reset_in=" . 
+                log_info('ResponseHandler', "No reset time available: long_retry_header=" . 
+                    (defined $long_retry_header ? $long_retry_header : 'undef') . 
+                    ", retry_after_header=" . (defined $retry_after_header ? $retry_after_header : 'undef') .
+                    ", reset_timestamp=$reset_timestamp, _rate_limit_reset_in=" . 
                     (defined $self->{_rate_limit_reset_in} ? $self->{_rate_limit_reset_in} : 'undef'));
                 $actual_retry_after = undef;
             }
@@ -412,10 +447,13 @@ sub handle_error_response {
             my $expiration_str = '';
             if (defined($actual_retry_after) && $actual_retry_after > 0) {
                 my $days = int($actual_retry_after / 86400);
+                my $hours = int(($actual_retry_after % 86400) / 3600);
                 if ($days > 0) {
-                    $expiration_str = sprintf(" This limit expires in %ds (%d days).", $actual_retry_after, $days);
+                    $expiration_str = sprintf(" This limit expires in ~%d hours (%d days).", $actual_retry_after / 3600, $days);
+                } elsif ($hours > 0) {
+                    $expiration_str = sprintf(" This limit expires in ~%d hours.", $hours);
                 } else {
-                    $expiration_str = sprintf(" This limit expires in %ds.", $actual_retry_after);
+                    $expiration_str = sprintf(" This limit expires in ~%d minutes.", int($actual_retry_after / 60));
                 }
             }
 
@@ -451,7 +489,7 @@ sub handle_error_response {
             }
 
             log_info('ResponseHandler', "Weekly/monthly rate limit detected: $detected_rate_limit_code" . 
-                (defined($actual_retry_after) ? ", expires in ${actual_retry_after}s" : " (reset time unknown)"));
+                (defined($actual_retry_after) ? sprintf(", expires in %d seconds (~%.1f hours)", $actual_retry_after, $actual_retry_after / 3600) : " (reset time unknown)"));
 
             # Build result directly for weekly/monthly limits (skip else/elsif chains)
             my $weekly_result = { success => 0, error => $error, _error => $error };
@@ -463,9 +501,10 @@ sub handle_error_response {
             log_debug('ResponseHandler', "Final error being returned: $error");
             return $weekly_result;
         }
-        # Handle Z.AI usage limit (code 1308) - non-retryable, resets at specific time
+        # Handle Z.AI usage limit (codes 1308 and 1310) - non-retryable, resets at specific time
         # Error message format: "Usage limit reached for 5 hour. Your limit will reset at 2026-04-17 07:03:43"
-        elsif ($detected_rate_limit_code && $detected_rate_limit_code == 1308) {
+        # Code 1310: "Weekly/Monthly Limit Exhausted. Your limit will reset at 2026-04-24 02:02:21"
+        elsif ($detected_rate_limit_code && ($detected_rate_limit_code == 1308 || $detected_rate_limit_code == 1310)) {
             my $actual_retry_after;
             my $reset_str;
 
@@ -556,8 +595,8 @@ sub handle_error_response {
                 }
             }
 
-            log_info('ResponseHandler', "Z.AI usage limit detected (code=1308)" . 
-                (defined($actual_retry_after) ? ", expires in ${actual_retry_after}s" : " (reset time unknown)"));
+            log_info('ResponseHandler', "Z.AI usage limit detected (code=$detected_rate_limit_code)" . 
+                (defined($actual_retry_after) ? sprintf(", expires in %d seconds (~%.1f hours)", $actual_retry_after, $actual_retry_after / 3600) : " (reset time unknown)"));
 
             my $zai_result = { success => 0, error => $error, _error => $error };
             $zai_result->{retryable} = 0;
@@ -594,7 +633,6 @@ sub handle_error_response {
                 $zai_rl_type, $detected_rate_limit_code, $retry_after);
             $error = $retry_info;
             log_info('ResponseHandler', "Z.AI $zai_rl_type limit (code=$detected_rate_limit_code), retry_after=${retry_after}s");
-        } elsif ($user_message) {
         } elsif ($user_message) {
             $retry_info = sprintf("%s Retrying in %d seconds.", $user_message, $retry_after);
             $error = $retry_info;

lib/CLIO/Core/APIManager.pm

@@ -511,16 +511,18 @@ sub _get_api_key {
             return $github_token;
         }
 
-        # GitHub Copilot provider requires GitHub authentication
-        log_warning('APIManager', "GitHub Copilot not authenticated");
-        return '';
+        # GitHub Copilot not authenticated via GitHub - will fall through to check static key
+        log_info('APIManager', "GitHub Copilot not authenticated via GitHub, checking for static key");
     }
 
-    # Priority 2: Config api_key (for non-GitHub Copilot providers)
+    # Priority 2: Config api_key (fallback for GitHub Copilot or primary for other providers)
     if ($self->{config} && $self->{config}->can('get')) {
         my $key = $self->{config}->get('api_key');
         if ($key && length($key) > 0) {
             log_debug('APIManager', "Using API key from Config");
+            # Set using_exchanged_token so Editor-Version header is sent
+            # This is needed for github_copilot to recognize the PAT properly
+            $self->{using_exchanged_token} = 1 if $is_copilot_provider;
             return $key;
         }
     }
@@ -3233,6 +3235,33 @@ sub _handle_streaming_http_error {
     # Use streaming headers if available (passed from _finalize_streaming_response)
     my $headers = $s->{streaming_headers} || $resp->headers;
 
+    # Debug: log ALL headers from the response to see what's actually available
+    if ($headers && ref($headers) && $headers->can('header')) {
+        my @header_names = $headers->header_field_names();
+        if (@header_names) {
+            my $all_headers_str = join(", ", map { "$_=" . (defined($headers->header($_)) ? "'" . $headers->header($_) . "'" : 'undef') } @header_names);
+            log_debug('APIManager', "All response headers (${\scalar(@header_names)}): $all_headers_str");
+        } else {
+            log_info('APIManager', "Headers object exists but has NO fields - headers hash dump:");
+            # Dump the internal hash directly to see what it actually contains
+            if (ref($headers) eq 'CLIO::Compat::HTTP::Headers') {
+                my %h = %{$headers->{headers}} if ref($headers->{headers}) eq 'HASH';
+                while (my ($k, $v) = each %h) {
+                    log_info('APIManager', "  header[$k] = $v");
+                }
+            }
+        }
+    } else {
+        log_debug('APIManager', "Headers object: " . (defined($headers) ? (ref($headers) || $headers) : 'undef'));
+    }
+    
+    # Also check what streaming_headers contains
+    if ($s->{streaming_headers}) {
+        log_debug('APIManager', "streaming_headers ref: " . ref($s->{streaming_headers}));
+    } else {
+        log_debug('APIManager', "streaming_headers is undef");
+    }
+
     log_debug('APIManager', "handle_error_response returned, sending to error handler");
     my $error_result = eval {
         $self->{response_handler}->handle_error_response($resp, $s->{json}, 1,

lib/CLIO/Core/Config.pm

@@ -178,14 +178,27 @@ sub load {
                     $config{api_base} = $stored_base;
                     log_debug('Config', "Using stored api_base for provider '$config{provider}': $config{api_base}");
                 } elsif ($config{provider} eq 'github_copilot') {
-                    # For GitHub Copilot, try to get user-specific API endpoint
-                    my $user_api_base = $self->_get_copilot_user_api_endpoint();
-                    if ($user_api_base) {
-                        $config{api_base} = $user_api_base;
-                        log_debug('Config', "Using user-specific GitHub Copilot API: $config{api_base}");
+                    # Check if a static PAT is configured for this provider
+                    # ghu_ tokens are fine-grained PATs that work with individual endpoint
+                    my $api_keys = $config{api_keys} || {};
+                    my $provider_key = $api_keys->{$config{provider}};
+                    my $direct_key = $config{api_key};
+                    my $static_pat = $provider_key || $direct_key;
+                    
+                    if ($static_pat && $static_pat =~ /^ghu_/) {
+                        # Fine-grained PAT (ghu_) - use individual endpoint directly
+                        $config{api_base} = 'https://api.individual.githubcopilot.com';
+                        log_debug('Config', "Using individual endpoint for fine-grained PAT");
                     } else {
-                        $config{api_base} = $provider_config->{api_base};
-                        log_debug('Config', "Using default GitHub Copilot API: $config{api_base}");
+                        # For GitHub Copilot, try to get user-specific API endpoint
+                        my $user_api_base = $self->_get_copilot_user_api_endpoint();
+                        if ($user_api_base) {
+                            $config{api_base} = $user_api_base;
+                            log_debug('Config', "Using user-specific GitHub Copilot API: $config{api_base}");
+                        } else {
+                            $config{api_base} = $provider_config->{api_base};
+                            log_debug('Config', "Using default GitHub Copilot API: $config{api_base}");
+                        }
                     }
                 } else {
                     $config{api_base} = $provider_config->{api_base};

lib/CLIO/Core/PromptManager.pm

@@ -6,7 +6,7 @@ package CLIO::Core::PromptManager;
 use strict;
 use warnings;
 use utf8;
-use CLIO::Core::Logger qw(log_error log_debug log_warning);
+use CLIO::Core::Logger qw(log_error log_debug log_warning log_info);
 use CLIO::Util::ConfigPath qw(get_config_file);
 use CLIO::Util::TextSanitizer qw(sanitize_text);
 use Carp qw(croak);

lib/CLIO/UI/Chat.pm

@@ -1503,6 +1503,17 @@ sub _check_auth_migration {
         require CLIO::Core::GitHubAuth;
         my $auth = CLIO::Core::GitHubAuth->new(debug => 0);
 
+        # Check if a static API key is configured - if so, skip auth checks
+        # The api_key could be set via /api set key or stored in api_keys for provider
+        my $static_key = $self->{config}->get('api_key');
+        my $api_keys = $self->{config}->get('api_keys') || {};
+        $static_key ||= $api_keys->{$provider};
+        
+        if ($static_key) {
+            log_info('Chat', "Static API key configured for github_copilot, skipping GitHub auth");
+            return;
+        }
+        
         # Check for migration needs first
         my $reason = $auth->needs_reauth();
         if ($reason) {
@@ -1642,7 +1653,9 @@ sub _prepopulate_session_data {
             if ($model =~ m{^([a-z][a-z0-9_.-]*)/(.+)$}i && CLIO::Providers::provider_exists($1)) {
                 $model_provider = $1;
             }
-            if ($provider eq 'github_copilot' && (!$model_provider || $model_provider eq 'github_copilot')) {
+            # Get billing multiplier only for GitHub Copilot provider
+            # Check both config provider AND model prefix (--model github_copilot/...)
+            if (($provider eq 'github_copilot' || $model_provider eq 'github_copilot') && (!$model_provider || $model_provider eq 'github_copilot')) {
                 eval {
                     require CLIO::Core::GitHubCopilotModelsAPI;
                     my $models_api = CLIO::Core::GitHubCopilotModelsAPI->new(debug => $self->{debug});