@gajae-code/ai 0.1.1

package/src/utils/oauth/xiaomi.ts

@@ -0,0 +1,137 @@
+/**
+ * Xiaomi MiMo login flow.
+ *
+ * Xiaomi MiMo provides OpenAI-compatible models via
+ * https://api.xiaomimimo.com/v1.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open browser to Xiaomi MiMo API key console
+ * 2. User copies their API key
+ * 3. User pastes the API key into the CLI
+ */
+
+import type { OAuthController } from "./types";
+
+const PROVIDER_ID = "xiaomi";
+const PROVIDER_NAME = "Xiaomi MiMo";
+const STANDARD_AUTH_URL = "https://platform.xiaomimimo.com/#/console/api-keys";
+const STANDARD_API_BASE_URL = "https://api.xiaomimimo.com/v1";
+const TOKEN_PLAN_SGP_API_BASE_URL = "https://token-plan-sgp.xiaomimimo.com/v1";
+const TOKEN_PLAN_AMS_API_BASE_URL = "https://token-plan-ams.xiaomimimo.com/v1";
+const TOKEN_PLAN_KEY_PREFIX = "tp-";
+const STANDARD_VALIDATION_MODEL = "mimo-v2-flash";
+const TOKEN_PLAN_VALIDATION_MODEL = "mimo-v2.5";
+
+function isTokenPlanKey(apiKey: string): boolean {
+	return apiKey.startsWith(TOKEN_PLAN_KEY_PREFIX);
+}
+
+const VALIDATION_TIMEOUT_MS = 15_000;
+
+async function validateXiaomiApiKey(apiKey: string, signal?: AbortSignal): Promise<void> {
+	// For token-plan keys try SGP first, then AMS as fallback.
+	// Standard sk- keys only hit the one endpoint.
+	const endpoints = isTokenPlanKey(apiKey)
+		? [
+				{ baseUrl: TOKEN_PLAN_SGP_API_BASE_URL, model: TOKEN_PLAN_VALIDATION_MODEL },
+				{ baseUrl: TOKEN_PLAN_AMS_API_BASE_URL, model: TOKEN_PLAN_VALIDATION_MODEL },
+			]
+		: [{ baseUrl: STANDARD_API_BASE_URL, model: STANDARD_VALIDATION_MODEL }];
+
+	let lastError: Error | null = null;
+
+	for (const ep of endpoints) {
+		// Fresh timeout per endpoint so SGP→AMS fallback works after a regional
+		// timeout: a shared AbortSignal.timeout would stay aborted and instantly
+		// abort the AMS fetch.
+		const timeoutSignal = AbortSignal.timeout(VALIDATION_TIMEOUT_MS);
+		const requestSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;
+		try {
+			const response = await fetch(`${ep.baseUrl}/chat/completions`, {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/json",
+					"x-api-key": apiKey,
+				},
+				body: JSON.stringify({
+					model: ep.model,
+					max_tokens: 1,
+					messages: [{ role: "user", content: "ping" }],
+				}),
+				signal: requestSignal,
+			});
+
+			if (response.ok) {
+				return;
+			}
+
+			// 401 means this endpoint didn't accept the key; try the next one
+			if (response.status === 401) {
+				let details = "";
+				try {
+					details = (await response.text()).trim();
+				} catch {
+					// ignore body parse errors, status is enough
+				}
+				lastError = new Error(
+					details
+						? `${PROVIDER_NAME} API key validation failed (${response.status}): ${details}`
+						: `${PROVIDER_NAME} API key validation failed (${response.status})`,
+				);
+				continue;
+			}
+
+			// Non-auth errors are real failures
+			let details = "";
+			try {
+				details = (await response.text()).trim();
+			} catch {
+				// ignore body parse errors, status is enough
+			}
+			const message = details
+				? `${PROVIDER_NAME} API key validation failed (${response.status}): ${details}`
+				: `${PROVIDER_NAME} API key validation failed (${response.status})`;
+			throw new Error(message);
+		} catch (e) {
+			// Only re-throw AbortError when the caller explicitly cancelled.
+			// Timeout aborts (from AbortSignal.timeout) should fall through to
+			// the next endpoint so SGP→AMS fallback works during regional outages.
+			if (e instanceof DOMException && e.name === "AbortError" && signal?.aborted) {
+				throw e;
+			}
+			lastError = e instanceof Error ? e : new Error(String(e));
+		}
+	}
+	throw lastError ?? new Error(`${PROVIDER_NAME} API key validation failed`);
+}
+
+/**
+ * Login to Xiaomi MiMo.
+ *
+ * Opens browser to API keys page, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export async function loginXiaomi(options: OAuthController): Promise<string> {
+	if (!options.onPrompt) {
+		throw new Error(`${PROVIDER_NAME} login requires onPrompt callback`);
+	}
+	options.onAuth?.({
+		url: STANDARD_AUTH_URL,
+		instructions: "Copy your API key from the Xiaomi MiMo console",
+	});
+	const apiKey = await options.onPrompt({
+		message: "Paste your Xiaomi API key (sk-... or token-plan tp-...)",
+		placeholder: "sk-... or tp-...",
+	});
+	if (options.signal?.aborted) {
+		throw new Error("Login cancelled");
+	}
+	const trimmed = apiKey.trim();
+	if (!trimmed) {
+		throw new Error("API key is required");
+	}
+
+	options.onProgress?.(`Validating ${PROVIDER_ID} API key...`);
+	await validateXiaomiApiKey(trimmed, options.signal);
+	return trimmed;
+}

package/src/utils/oauth/zai.ts

@@ -0,0 +1,60 @@
+/**
+ * Z.AI login flow.
+ *
+ * Z.AI is a platform that provides access to GLM models through an OpenAI-compatible API.
+ * API docs: https://docs.z.ai/guides/overview/quick-start
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. User gets their API key from https://z.ai/settings/api-keys
+ * 2. User pastes the API key into the CLI
+ */
+
+import { validateOpenAICompatibleApiKey } from "./api-key-validation";
+import type { OAuthController } from "./types";
+
+const AUTH_URL = "https://z.ai/manage-apikey/apikey-list";
+const API_BASE_URL = "https://api.z.ai/api/coding/paas/v4";
+const VALIDATION_MODEL = "glm-4.7";
+
+/**
+ * Login to Z.AI.
+ *
+ * Opens browser to API keys page, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export async function loginZai(options: OAuthController): Promise<string> {
+	if (!options.onPrompt) {
+		throw new Error("Z.AI login requires onPrompt callback");
+	}
+
+	// Open browser to API keys page
+	options.onAuth?.({
+		url: AUTH_URL,
+		instructions: "Copy your API key from the dashboard",
+	});
+
+	// Prompt user to paste their API key
+	const apiKey = await options.onPrompt({
+		message: "Paste your Z.AI API key",
+		placeholder: "sk-...",
+	});
+
+	if (options.signal?.aborted) {
+		throw new Error("Login cancelled");
+	}
+
+	const trimmed = apiKey.trim();
+	if (!trimmed) {
+		throw new Error("API key is required");
+	}
+
+	options.onProgress?.("Validating API key...");
+	await validateOpenAICompatibleApiKey({
+		provider: "Z.AI",
+		apiKey: trimmed,
+		baseUrl: API_BASE_URL,
+		model: VALIDATION_MODEL,
+		signal: options.signal,
+	});
+	return trimmed;
+}

package/src/utils/oauth/zenmux.ts

@@ -0,0 +1,15 @@
+/** ZenMux login flow (API key paste, validated via /models). */
+import { createApiKeyLogin } from "./api-key-login";
+
+export const loginZenMux = createApiKeyLogin({
+	providerLabel: "ZenMux",
+	authUrl: "https://zenmux.ai/settings/keys",
+	instructions: "Create or copy your ZenMux API key",
+	promptMessage: "Paste your ZenMux API key",
+	placeholder: "sk-...",
+	validation: {
+		kind: "models-endpoint",
+		provider: "ZenMux",
+		modelsUrl: "https://zenmux.ai/api/v1/models",
+	},
+});

package/src/utils/overflow.ts

@@ -0,0 +1,137 @@
+import type { AssistantMessage } from "../types";
+
+/**
+ * Regex patterns to detect context overflow errors from different providers.
+ *
+ * These patterns match error messages returned when the input exceeds
+ * the model's context window.
+ *
+ * Provider-specific patterns (with example error messages):
+ *
+ * - Anthropic: "prompt is too long: 213462 tokens > 200000 maximum"
+ * - OpenAI: "Your input exceeds the context window of this model"
+ * - Google: "The input token count (1196265) exceeds the maximum number of tokens allowed (1048575)"
+ * - xAI: "This model's maximum prompt length is 131072 but the request contains 537812 tokens"
+ * - Groq: "Please reduce the length of the messages or completion"
+ * - OpenRouter: "This endpoint's maximum context length is X tokens. However, you requested about Y tokens"
+ * - llama.cpp: "the request exceeds the available context size, try increasing it"
+ * - LM Studio: "tokens to keep from the initial prompt is greater than the context length"
+ * - GitHub Copilot: "prompt token count of X exceeds the limit of Y"
+ * - MiniMax: "invalid params, context window exceeds limit"
+ * - Kimi For Coding: "Your request exceeded model token limit: X (requested: Y)"
+ * - Anthropic 413: "request_too_large" / "Request exceeds the maximum size" (payload too large)
+ * - HTTP 413 variants: "Payload Too Large" / "Request Entity Too Large"
+ * - z.ai / GLM: Returns finish_reason: "model_context_window_exceeded" mapped to error message
+ * - z.ai: Does NOT error, accepts overflow silently - handled via usage.input > contextWindow
+ * - Ollama: Silently truncates input - not detectable via error message
+ */
+const OVERFLOW_PATTERNS = [
+	/prompt is too long/i, // Anthropic
+	/input is too long for requested model/i, // Amazon Bedrock
+	/exceeds the context window/i, // OpenAI (Completions & Responses API)
+	/input token count.*exceeds the maximum/i, // Google (Gemini)
+	/maximum prompt length is \d+/i, // xAI (Grok)
+	/reduce the length of the messages/i, // Groq
+	/maximum context length is \d+ tokens/i, // OpenRouter (all backends)
+	/exceeds the limit of \d+/i, // GitHub Copilot
+	/exceeds the available context size/i, // llama.cpp server
+	/requested tokens?.*exceed.*context (window|length|size)/i, // llama.cpp / OpenAI-compatible local servers
+	/context (window|length|size).*(exceeded|overflow|too small)/i, // Generic local server variants
+	/(prompt|input).*(too long|too large).*(context|n_ctx)/i, // llama.cpp phrasing variants
+	/requested tokens?.*(exceeds?|greater than).*(n_ctx|context)/i, // llama.cpp n_ctx variants
+	/greater than the context length/i, // LM Studio
+	/context window exceeds limit/i, // MiniMax
+	/exceeded model token limit/i, // Kimi For Coding
+	/context[_ ]length[_ ]exceeded/i, // Generic fallback
+	/too many tokens/i, // Generic fallback
+	/token limit exceeded/i, // Generic fallback
+	/request_too_large/i, // Anthropic 413 (request body too large)
+	/request exceeds the maximum size/i, // Anthropic 413 variant
+	/payload too large/i, // Generic HTTP 413 variant
+	/entity too large/i, // Generic HTTP 413 variant
+	/\b413\b.*\b(request|payload|entity)\b.*\btoo large\b/i, // "413 Request Entity Too Large" variants
+	/model_context_window_exceeded/i, // z.ai non-standard finish_reason surfaced as error text
+];
+/**
+ * Check if an assistant message represents a context overflow error.
+ *
+ * This handles two cases:
+ * 1. Error-based overflow: Most providers return stopReason "error" with a
+ *    specific error message pattern.
+ * 2. Silent overflow: Some providers accept overflow requests and return
+ *    successfully. For these, we check if usage.input exceeds the context window.
+ *
+ * ## Reliability by Provider
+ *
+ * **Reliable detection (returns error with detectable message):**
+ * - Anthropic: "prompt is too long: X tokens > Y maximum"
+ * - OpenAI (Completions & Responses): "exceeds the context window"
+ * - Google Gemini: "input token count exceeds the maximum"
+ * - xAI (Grok): "maximum prompt length is X but request contains Y"
+ * - Groq: "reduce the length of the messages"
+ * - Cerebras: 400/413 status code (no body)
+ * - Mistral: 400/413 status code (no body)
+ * - HTTP 413 payload/entity-too-large variants
+ * - OpenRouter (all backends): "maximum context length is X tokens"
+ * - llama.cpp: "exceeds the available context size"
+ * - LM Studio: "greater than the context length"
+ * - Kimi For Coding: "exceeded model token limit: X (requested: Y)"
+ * - Anthropic 413: "request_too_large" (request body exceeds size limit)
+ * - HTTP 413: "Payload Too Large" / "Request Entity Too Large"
+ *
+ * **Unreliable detection:**
+ * - z.ai: Sometimes accepts overflow silently (detectable via usage.input > contextWindow),
+ *   sometimes returns rate limit errors. Pass contextWindow param to detect silent overflow.
+ * - Ollama: Silently truncates input without error. Cannot be detected via this function.
+ *   The response will have usage.input < expected, but we don't know the expected value.
+ *
+ * ## Custom Providers
+ *
+ * If you've added custom models via settings.json, this function may not detect
+ * overflow errors from those providers. To add support:
+ *
+ * 1. Send a request that exceeds the model's context window
+ * 2. Check the errorMessage in the response
+ * 3. Create a regex pattern that matches the error
+ * 4. The pattern should be added to OVERFLOW_PATTERNS in this file, or
+ *    check the errorMessage yourself before calling this function
+ *
+ * @param message - The assistant message to check
+ * @param contextWindow - Optional context window size for detecting silent overflow (z.ai)
+ * @returns true if the message indicates a context overflow
+ */
+export function isContextOverflow(message: AssistantMessage, contextWindow?: number): boolean {
+	// Case 1: Check error message patterns
+	if (message.stopReason === "error" && message.errorMessage) {
+		// Check known patterns
+		if (OVERFLOW_PATTERNS.some(p => p.test(message.errorMessage!))) {
+			return true;
+		}
+
+		// Cerebras and Mistral return 400/413 with no body for context overflow.
+		// Proxy providers (e.g. api.synthetic.new) wrap upstream 400/413 no-body
+		// responses in a JSON envelope, so the status code phrase may appear
+		// anywhere in the message rather than at its start.
+		// Note: 429 is rate limiting (requests/tokens per time), NOT context overflow
+		if (/\b4(00|13)\s*(status code)?\s*\(no body\)/i.test(message.errorMessage)) {
+			return true;
+		}
+	}
+
+	// Case 2: Usage-based overflow (silent or provider-specific)
+	if (contextWindow) {
+		const inputTokens = message.usage.input + message.usage.cacheRead + message.usage.cacheWrite;
+		if (inputTokens > contextWindow) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+/**
+ * Get the overflow patterns for testing purposes.
+ */
+export function getOverflowPatterns(): RegExp[] {
+	return [...OVERFLOW_PATTERNS];
+}

package/src/utils/parse-bind.ts

@@ -0,0 +1,54 @@
+/**
+ * Shared `host:port` parser used by the auth-broker and auth-gateway boot
+ * paths. Centralized so the two servers can't drift on what they accept (the
+ * gateway used to silently allow empty hostnames; this fixes it).
+ */
+
+export interface ParsedBind {
+	hostname: string;
+	port: number;
+}
+
+function parsePort(raw: string, bind: string): number {
+	if (!/^\d+$/.test(raw)) {
+		throw new Error(`Invalid bind '${bind}'; port must be an integer.`);
+	}
+	const port = Number.parseInt(raw, 10);
+	if (!Number.isFinite(port) || port < 0 || port > 65535) {
+		throw new Error(`Invalid bind '${bind}'; port out of range.`);
+	}
+	return port;
+}
+
+/**
+ * Parse a `host:port` (or bare `port`, which assumes loopback) string.
+ *
+ * Accepts:
+ *   - `"4000"`            → `127.0.0.1:4000`
+ *   - `"0.0.0.0:4000"`    → as written
+ *   - `"[::1]:4000"`      → as written (brackets retained, Bun handles them)
+ *
+ * Rejects:
+ *   - empty input
+ *   - empty hostname (`":4000"`)
+ *   - non-integer / out-of-range port
+ */
+export function parseBind(raw: string): ParsedBind {
+	const trimmed = raw.trim();
+	if (trimmed.length === 0) {
+		throw new Error("Invalid bind; expected 'host:port' or 'port'.");
+	}
+	if (/^\d+$/.test(trimmed)) {
+		return { hostname: "127.0.0.1", port: parsePort(trimmed, raw) };
+	}
+	const lastColon = trimmed.lastIndexOf(":");
+	if (lastColon < 0) {
+		throw new Error(`Invalid bind '${raw}'; expected 'host:port' or 'port'.`);
+	}
+	const hostPart = trimmed.slice(0, lastColon);
+	const portPart = trimmed.slice(lastColon + 1);
+	if (hostPart.length === 0) {
+		throw new Error(`Invalid bind '${raw}'; host must not be empty.`);
+	}
+	return { hostname: hostPart, port: parsePort(portPart, raw) };
+}

package/src/utils/provider-response.ts

@@ -0,0 +1,30 @@
+import type { Api, Model, ProviderResponseMetadata, StreamOptions } from "../types";
+
+export function normalizeProviderResponse(
+	response: Response,
+	requestId?: string | null,
+	metadata?: Record<string, unknown>,
+): ProviderResponseMetadata {
+	const headers: Record<string, string> = {};
+	response.headers.forEach((value, key) => {
+		headers[key.toLowerCase()] = value;
+	});
+	const providerResponse: ProviderResponseMetadata = {
+		status: response.status,
+		headers,
+	};
+	if (requestId !== undefined) providerResponse.requestId = requestId;
+	if (metadata !== undefined) providerResponse.metadata = metadata;
+	return providerResponse;
+}
+
+export async function notifyProviderResponse(
+	options: Pick<StreamOptions, "onResponse"> | undefined,
+	response: Response,
+	model?: Model<Api>,
+	requestId?: string | null,
+	metadata?: Record<string, unknown>,
+): Promise<void> {
+	if (!options?.onResponse) return;
+	await options.onResponse(normalizeProviderResponse(response, requestId, metadata), model);
+}

package/src/utils/retry-after.ts

@@ -0,0 +1,110 @@
+export type HeadersLike = Headers | Record<string, string | undefined> | undefined | null;
+
+const RETRY_AFTER_HINT = "retry-after-ms=";
+
+export function formatErrorMessageWithRetryAfter(error: unknown, headers?: HeadersLike): string {
+	const message = error instanceof Error ? error.message : JSON.stringify(error);
+	if (message.includes(RETRY_AFTER_HINT)) {
+		return message;
+	}
+
+	const retryAfterMs = getRetryAfterMsFromHeaders(headers ?? getHeadersFromError(error));
+	if (retryAfterMs === undefined) {
+		return message;
+	}
+
+	return `${message} ${RETRY_AFTER_HINT}${retryAfterMs}`;
+}
+
+export function getRetryAfterMsFromHeaders(headers: HeadersLike): number | undefined {
+	if (!headers) return undefined;
+
+	const retryAfter = parseRetryAfterHeader(getHeaderValue(headers, "retry-after"));
+	const resetMs = parseResetHeader(getHeaderValue(headers, "x-ratelimit-reset-ms"), "ms");
+	const resetSeconds = parseResetHeader(getHeaderValue(headers, "x-ratelimit-reset"), "s");
+
+	const candidates = [retryAfter, resetMs, resetSeconds].filter((value): value is number => value !== undefined);
+	if (candidates.length === 0) return undefined;
+	return Math.max(...candidates);
+}
+
+function getHeadersFromError(error: unknown): HeadersLike {
+	if (!error || typeof error !== "object") return undefined;
+	const record = error as { headers?: unknown; response?: { headers?: unknown }; cause?: unknown };
+	const direct = extractHeaders(record.headers) ?? extractHeaders(record.response?.headers);
+	if (direct) return direct;
+	if (record.cause) return getHeadersFromError(record.cause);
+	return undefined;
+}
+
+function extractHeaders(value: unknown): HeadersLike {
+	if (!value) return undefined;
+	if (value instanceof Headers) return value;
+	if (typeof value === "object") return value as Record<string, string | undefined>;
+	return undefined;
+}
+
+function getHeaderValue(headers: Headers | Record<string, string | undefined>, name: string): string | undefined {
+	if (headers instanceof Headers) {
+		const value = headers.get(name);
+		return value ?? undefined;
+	}
+
+	const target = name.toLowerCase();
+	for (const [key, value] of Object.entries(headers)) {
+		if (key.toLowerCase() === target && typeof value === "string") {
+			return value;
+		}
+	}
+	return undefined;
+}
+
+function parseRetryAfterHeader(value: string | undefined): number | undefined {
+	if (!value) return undefined;
+	const trimmed = value.trim();
+	if (!trimmed) return undefined;
+
+	const numeric = Number(trimmed);
+	if (Number.isFinite(numeric)) {
+		if (numeric <= 0) return undefined;
+		return Math.ceil(numeric * 1000);
+	}
+
+	const dateMs = Date.parse(trimmed);
+	if (!Number.isNaN(dateMs)) {
+		const delay = dateMs - Date.now();
+		return delay > 0 ? Math.ceil(delay) : undefined;
+	}
+
+	return undefined;
+}
+
+function parseResetHeader(value: string | undefined, unit: "ms" | "s"): number | undefined {
+	if (!value) return undefined;
+	const numeric = Number(value);
+	if (!Number.isFinite(numeric) || numeric <= 0) return undefined;
+
+	const nowMs = Date.now();
+	let targetMs: number | undefined;
+
+	if (unit === "ms") {
+		if (numeric > 1e12) {
+			targetMs = numeric;
+		} else if (numeric > 1e9) {
+			targetMs = numeric * 1000;
+		} else {
+			return Math.ceil(numeric);
+		}
+	} else {
+		if (numeric > 1e12) {
+			targetMs = numeric;
+		} else if (numeric > 1e9) {
+			targetMs = numeric * 1000;
+		} else {
+			return Math.ceil(numeric * 1000);
+		}
+	}
+
+	if (targetMs <= nowMs) return undefined;
+	return Math.ceil(targetMs - nowMs);
+}

package/src/utils/retry.ts

@@ -0,0 +1,54 @@
+import { scheduler } from "node:timers/promises";
+import { extractHttpStatusFromError, isRetryableError } from "@gajae-code/utils";
+
+/**
+ * GitHub Copilot intermittently rejects preview models (gpt-5.3-OpenAI code backend,
+ * gpt-5.4, gpt-5.4-mini, ...) with HTTP 400 `model_not_supported`, even
+ * though the model is listed as enabled on the user's account via `/models`.
+ *
+ * Root cause: Copilot's request-routing backend is rolled out per OAuth
+ * client. Our OAuth client id is shared with opencode; VS Code uses its own
+ * client and sees full availability, so the same account may succeed in VS
+ * Code and flap between 200/400 here. See opencode#13313 and copilot-cli#2597.
+ *
+ * Retrying the identical request 2-3 times almost always lands on a backend
+ * that has the model, so we wrap the initial request with a short retry loop.
+ */
+export function isCopilotTransientModelError(error: unknown): boolean {
+	if (extractHttpStatusFromError(error) !== 400) return false;
+	if (!error || typeof error !== "object") return false;
+	const info = error as { code?: unknown; error?: { code?: unknown } | null };
+	const code = typeof info.code === "string" ? info.code : info.error?.code;
+	return code === "model_not_supported";
+}
+
+const COPILOT_MODEL_RETRY_MAX_ATTEMPTS = 3;
+const COPILOT_MODEL_RETRY_BASE_DELAY_MS = 400;
+
+/**
+ * Wrap an initial Copilot request so transient `model_not_supported` 400s are
+ * retried a small number of times. No-op for non-Copilot providers.
+ *
+ * The callback **MUST** create a fresh in-flight request each invocation — a
+ * once-consumed AsyncIterable cannot be re-iterated.
+ */
+export async function callWithCopilotModelRetry<T>(
+	fn: () => Promise<T>,
+	options: { provider: string; signal?: AbortSignal; retryBaseDelayMs?: number },
+): Promise<T> {
+	if (options.provider !== "github-copilot") return fn();
+
+	let lastError: unknown;
+	const retryBaseDelayMs = options.retryBaseDelayMs ?? COPILOT_MODEL_RETRY_BASE_DELAY_MS;
+	for (let attempt = 0; attempt < COPILOT_MODEL_RETRY_MAX_ATTEMPTS; attempt++) {
+		try {
+			return await fn();
+		} catch (error) {
+			lastError = error;
+			if (!isCopilotTransientModelError(error) && !isRetryableError(error)) throw error;
+			if (attempt === COPILOT_MODEL_RETRY_MAX_ATTEMPTS - 1) break;
+			await scheduler.wait(retryBaseDelayMs * (attempt + 1), { signal: options.signal });
+		}
+	}
+	throw lastError;
+}