tiger-agent 0.2.0 → 0.2.2

package/README.md

@@ -1,15 +1,30 @@
 # 🐯 Tiger Agent
 
-**Made by AI Research Group, Department of Civil Engineering, King Mongkut's University of Technology Thonburi (KMUTT)**
+[![npm version](https://img.shields.io/npm/v/tiger-agent.svg)](https://www.npmjs.com/package/tiger-agent)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org)
+
+**Cognitive AI Agent** with persistent long-term memory, multi-provider LLM support, self-learning, and Telegram bot integration — designed for 24/7 autonomous operation on Linux.
 
-Tiger is a **Cognitive AI Agent** with persistent long-term memory, multi-provider LLM support, self-learning, and Telegram bot integration — designed for 24/7 autonomous operation on Linux.
+Made by **AI Research Group, Department of Civil Engineering, KMUTT**
+
+---
+
+## 🆕 What's New — v0.2.0
+
+- **npm global install** — `npm install -g tiger-agent`, no git clone needed
+- **Multi-provider LLM** — 5 providers (Kimi, Z.ai, MiniMax, Claude, Moonshot) with auto-fallback
+- **Daily token limits** — per-provider limits with automatic switching at UTC midnight
+- **`tiger` CLI** — unified command: `tiger onboard`, `tiger start`, `tiger telegram`, `tiger stop`
+- **Telegram `/api` & `/tokens`** — switch providers and monitor usage from chat
+- **Encrypted secrets** — optional at-rest encryption for API keys
 
 ---
 
 ## 🎯 Why Tiger?
 
-| Feature | Tiger Bot | Generic AI Assistants |
-|---------|-----------|----------------------|
+| Feature | Tiger | Generic AI Assistants |
+|---------|-------|-----------------------|
 | **Memory** | Persistent lifetime memory (Vector DB) | Forgets when session ends |
 | **Learning** | Self-training every 12 hours | Static, never improves |
 | **Security** | Audit logs + Encryption + Hardened perms | No audit trail |
@@ -24,24 +39,22 @@ Tiger is a **Cognitive AI Agent** with persistent long-term memory, multi-provid
 npm install -g tiger-agent
 ```
 
-No git clone needed.
-
 ---
 
 ## 🚀 Quick Start
 
 ```bash
-tiger onboard     # First-time setup wizard
+tiger onboard     # First-time setup wizard (run once)
 tiger start       # Start CLI chat
 ```
 
 CLI exit: `/exit` or `/quit`
 
-For Telegram:
+**Telegram bot:**
 
 ```bash
-tiger telegram              # Foreground
-tiger telegram --background # Background daemon
+tiger telegram              # Start in foreground
+tiger telegram --background # Start as background daemon
 tiger stop                  # Stop daemon
 tiger status                # Check daemon status
 ```
@@ -58,13 +71,13 @@ tiger status                # Check daemon status
 
 ## 🎮 Run Modes
 
-| Mode | Global install | From source | Use Case |
-|------|---------------|-------------|----------|
-| **CLI** | `tiger start` | `npm run cli` | Interactive terminal |
-| **Telegram** | `tiger telegram` | `npm run telegram` | Bot foreground |
-| **Background** | `tiger telegram --background` | `npm run telegram:bg` | 24/7 daemon |
-| **Stop** | `tiger stop` | `npm run telegram:stop` | Kill daemon |
-| **Status** | `tiger status` | — | Check daemon |
+| Mode | Command | Use Case |
+|------|---------|----------|
+| **CLI** | `tiger start` | Interactive terminal chat |
+| **Telegram** | `tiger telegram` | Telegram bot (foreground) |
+| **Background** | `tiger telegram --background` | 24/7 daemon |
+| **Stop** | `tiger stop` | Kill background daemon |
+| **Status** | `tiger status` | Check if daemon is running |
 
 Background logs: `~/.tiger/logs/telegram-supervisor.log`
 
@@ -72,12 +85,13 @@ Background logs: `~/.tiger/logs/telegram-supervisor.log`
 
 ## 🔧 Setup Wizard
 
-`tiger onboard` (global) or `npm run setup` (from source) configures:
+`tiger onboard` creates and configures:
 
-- `~/.tiger/.env` — non-secret settings
-- `~/.tiger/.env.secrets` — API keys and tokens (mode 600)
+- `~/.tiger/.env` — settings and provider config
+- `~/.tiger/.env.secrets` — API keys (mode 600, gitignored)
 
-Options during setup:
+Setup options:
+- Choose LLM provider and API keys
 - Persistent vs temporary vector DB
 - Optional `sqlite-vec` acceleration
 - Optional encrypted secrets file
@@ -95,6 +109,13 @@ Options during setup:
 | `ALLOW_SKILL_INSTALL` | `false` | Enable ClawHub skill install |
 | `VECTOR_DB_PATH` | `~/.tiger/db/memory.sqlite` | SQLite vector DB path |
 | `DATA_DIR` | `~/.tiger/data` | Context files directory |
+| `OWN_SKILL_UPDATE_HOURS` | `24` | Hours between `ownskill.md` regenerations (min 1) |
+| `SOUL_UPDATE_HOURS` | `24` | Hours between `soul.md` regenerations (min 1) |
+| `REFLECTION_UPDATE_HOURS` | `12` | Hours between reflection cycles (min 1) |
+| `MEMORY_INGEST_EVERY_TURNS` | `2` | Ingest durable memory every N conversation turns |
+| `MEMORY_INGEST_MIN_CHARS` | `140` | Minimum combined chars in a turn to trigger memory ingest |
+
+Config lives in `~/.tiger/.env` after running `tiger onboard`.
 
 ---
 
@@ -104,15 +125,15 @@ Tiger supports **5 providers** with automatic fallback and daily token limits.
 
 ### Supported Providers
 
-| Provider | ID | Default Model | API Key |
-|----------|----|--------------|---------|
+| Provider | ID | Default Model | API Key Variable |
+|----------|----|--------------|-----------------|
 | Kimi Code | `kimi` | `k2p5` | `KIMI_CODE_API_KEY` |
 | Kimi Moonshot | `moonshot` | `kimi-k1` | `MOONSHOT_API_KEY` |
-| Z.ai (Zhipu) | `zai` | `glm-5` | `ZAI_API_KEY` (format: `id.secret`) |
+| Z.ai (Zhipu) | `zai` | `glm-4.7` | `ZAI_API_KEY` (format: `id.secret`) |
 | MiniMax | `minimax` | `abab6.5s-chat` | `MINIMAX_API_KEY` |
 | Claude (Anthropic) | `claude` | `claude-sonnet-4-6` | `CLAUDE_API_KEY` |
 
-### `.env` Configuration
+### `.env` Example
 
 ```env
 ACTIVE_PROVIDER=zai
@@ -137,8 +158,8 @@ MOONSHOT_TOKEN_LIMIT=100000
 1. Uses `ACTIVE_PROVIDER` for all requests
 2. On **429** (rate limit) or **403** (quota exceeded) — switches to next in `PROVIDER_ORDER`
 3. When a provider's daily token limit is reached — skipped for the rest of the day
-4. Providers with no API key are silently skipped
-5. Token usage tracked in `~/.tiger/db/token_usage.json`, resets at UTC midnight
+4. Providers with no API key configured are silently skipped
+5. Token usage resets at UTC midnight (`~/.tiger/db/token_usage.json`)
 
 ---
 
@@ -147,44 +168,60 @@ MOONSHOT_TOKEN_LIMIT=100000
 | Command | Description |
 |---------|-------------|
 | `/api` | Show all providers with token usage |
-| `/api <id>` | Switch provider (e.g. `/api claude`) |
+| `/api <id>` | Switch active provider (e.g. `/api claude`) |
 | `/tokens` | Show today's token usage per provider |
+| `/limit` | Show daily token limits per provider |
+| `/limit <provider> <n>` | Set daily token limit (0 = unlimited, e.g. `/limit zai 100000`) |
 | `/help` | Show all commands |
 
 ---
 
 ## 🧠 Memory & Context
 
-Context files loaded every turn (from `~/.tiger/data/`):
+### Context Files
+
+Loaded on every turn from `~/.tiger/data/`:
 
-- `soul.md` — Agent personality
-- `human.md` / `human2.md` — User profile
-- `ownskill.md` — Known skills (auto-refreshed every 24h)
+| File | Purpose |
+|------|---------|
+| `soul.md` | Agent identity, principles, and stable preferences |
+| `human.md` | User profile — goals, patterns, preferences |
+| `human2.md` | Running update log written after every conversation turn |
+| `ownskill.md` | Known skills, workflows, and lessons learned |
 
-Auto-refresh cycles (configurable via `.env`):
+### Auto-Refresh Cycles
 
-| Cycle | Variable | Default |
-|-------|----------|---------|
-| Skill summary | `OWN_SKILL_UPDATE_HOURS` | 24h |
-| Soul refresh | `SOUL_UPDATE_HOURS` | 24h |
-| Reflection | `REFLECTION_UPDATE_HOURS` | 12h |
-| Memory ingest | `MEMORY_INGEST_EVERY_TURNS` | every N turns |
+Tiger periodically regenerates these files using the LLM. All durations are configurable in `.env` (minimum 1 hour).
 
-Vector memory DB: `~/.tiger/db/memory.sqlite`
+| Cycle | `.env` Variable | Default | What It Does |
+|-------|----------------|---------|--------------|
+| **Skill summary** | `OWN_SKILL_UPDATE_HOURS` | `24` | Rewrites `ownskill.md` with updated skills, workflows, and lessons derived from recent conversations |
+| **Soul refresh** | `SOUL_UPDATE_HOURS` | `24` | Rewrites `soul.md` to reflect any evolved identity, operating rules, or preferences |
+| **Reflection** | `REFLECTION_UPDATE_HOURS` | `12` | Extracts long-term memory bullets from recent messages and appends them to `soul.md`, `human.md`, `ownskill.md`, and the vector DB |
+| **Memory ingest** | `MEMORY_INGEST_EVERY_TURNS` | `2` | After every N conversation turns, distils durable preference or workflow facts into the vector DB |
+
+> **Note:** Refresh timers for `soul.md` and `ownskill.md` are tracked in the DB (not file modification time), so reflection appends do not reset the 24-hour clock.
+
+Example `.env` — tighten cycles for an active bot:
 
-Optional `sqlite-vec` acceleration:
 ```env
-SQLITE_VEC_EXTENSION=/path/to/sqlite_vec
+OWN_SKILL_UPDATE_HOURS=12
+SOUL_UPDATE_HOURS=12
+REFLECTION_UPDATE_HOURS=6
+MEMORY_INGEST_EVERY_TURNS=2
+MEMORY_INGEST_MIN_CHARS=140
 ```
 
-Memory commands (from source):
-```bash
-npm run memory:init      # Initialize DB
-npm run memory:stats     # Show stats
-npm run memory:migrate   # Migrate from /tmp/
-npm run memory:vec:check # Check sqlite-vec
+### Vector Memory
+
+Stored in `~/.tiger/db/memory.sqlite`. Optional `sqlite-vec` extension enables fast ANN search:
+
+```env
+SQLITE_VEC_EXTENSION=/path/to/sqlite_vec
 ```
 
+Without it, Tiger falls back to cosine similarity in Python — slower but fully functional.
+
 ---
 
 ## 🛠️ Built-in Tools
@@ -202,17 +239,19 @@ npm run memory:vec:check # Check sqlite-vec
 
 | Feature | Detail |
 |---------|--------|
-| **Credential Storage** | Externalized to `~/.tiger/.env.secrets` (mode 600) |
+| **Credential Storage** | `~/.tiger/.env.secrets` with mode 600 |
 | **Database Security** | `~/.tiger/db/` with hardened permissions |
 | **Audit Logging** | Sanitized skill logs at `~/.tiger/logs/audit.log` |
 | **Auto Backup** | Daily SQLite backups, 30-day retention |
 | **Secret Rotation** | Built-in 90-day rotation reminders |
 
-### Encrypted Secrets (optional)
+### Optional: Encrypted Secrets
 
 ```bash
-export SECRETS_PASSPHRASE='your-long-passphrase'
-node scripts/encrypt-env.js --in .env.secrets --out .env.secrets.enc
+# Run from ~/.tiger after onboard
+export SECRETS_PASSPHRASE='your-passphrase'
+node $(npm root -g)/tiger-agent/scripts/encrypt-env.js \
+  --in .env.secrets --out .env.secrets.enc
 rm .env.secrets
 ```
 
@@ -239,18 +278,18 @@ rm .env.secrets
 | Bot stuck on one provider | `/api <name>` in Telegram to switch manually |
 | Provider silently skipped | No API key set, or daily limit reached — check `/tokens` |
 | `401` auth error | Wrong or missing API key |
-| `403` quota error | Daily quota exhausted — auto-switches; top up billing or raise `*_TOKEN_LIMIT` |
+| `403` quota error | Daily quota exhausted — auto-switches; raise `*_TOKEN_LIMIT` |
 | `429` rate limit | Auto-switches to next provider in `PROVIDER_ORDER` |
 | Z.ai auth fails | Key must be `id.secret` format (from Zhipu/BigModel console) |
-| Shell tool disabled | Set `ALLOW_SHELL=true` in `.env` |
-| Stuck processes | `pkill -f "node src/cli.js"` then restart |
+| Shell tool disabled | Set `ALLOW_SHELL=true` in `~/.tiger/.env` |
+| Stuck processes | `pkill -f tiger-agent` then restart |
 | Reset token counters | Delete `~/.tiger/db/token_usage.json` and restart |
 
 ---
 
 ## 📁 Data Directory
 
-After global install, all runtime data lives in `~/.tiger/`:
+All runtime data lives in `~/.tiger/`:
 
 ```
 ~/.tiger/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tiger-agent",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Cognitive AI agent with persistent memory, multi-provider LLM, and Telegram bot",
   "type": "commonjs",
   "main": "src/cli.js",

package/scripts/onboard.js

@@ -42,7 +42,7 @@ async function askHidden(prompt) {
         buf += ch; stdout.write('*');
       }
     }
-    function cleanup() { stdin.off('data', onData); stdin.setRawMode(false); stdin.pause(); }
+    function cleanup() { stdin.off('data', onData); stdin.setRawMode(false); stdin.resume(); }
     stdin.on('data', onData);
   });
 }
@@ -181,7 +181,7 @@ Config will be saved to: ${TIGER_HOME}
   }
 
   // ── Active provider ────────────────────────────────────────────────────────
-  console.log('\nAvailable providers: kimi, zai (Zhipu GLM-5), minimax, claude, moonshot');
+  console.log('\nAvailable providers: kimi, zai (Zhipu GLM-4.7), minimax, claude, moonshot');
   const activeProv = (await ask('Active provider (zai): ')).trim() || 'zai';
   const provOrder = (await ask(`Provider fallback order (${activeProv},claude,kimi,minimax,moonshot): `)).trim()
     || `${activeProv},claude,kimi,minimax,moonshot`;
@@ -231,8 +231,8 @@ Config will be saved to: ${TIGER_HOME}
     '',
     '# ── Z.ai (Zhipu GLM)',
     envLine('ZAI_API_KEY', zaiKey),
-    envLine('ZAI_BASE_URL', 'https://open.bigmodel.cn/api/paas/v4'),
-    envLine('ZAI_MODEL', 'glm-5'),
+    envLine('ZAI_BASE_URL', 'https://api.z.ai/api/coding/paas/v4'),
+    envLine('ZAI_MODEL', 'glm-4.7'),
     envLine('ZAI_TIMEOUT_MS', '30000'),
     '',
     '# ── MiniMax',

package/src/agent/mainAgent.js

@@ -124,22 +124,21 @@ function buildSystemPrompt(contextText, memoriesText) {
     .join('\n');
 }
 
-function shouldRefreshFile(filePath, updateHours) {
-  try {
-    const stat = fs.statSync(filePath);
-    const maxAgeMs = updateHours * 60 * 60 * 1000;
-    return Date.now() - stat.mtimeMs >= maxAgeMs;
-  } catch (err) {
-    return true;
-  }
+const OWNSKILL_META_KEY = 'ownskill_last_updated_ts';
+const SOUL_META_KEY = 'soul_last_updated_ts';
+
+function shouldRefreshByMeta(metaKey, updateHours) {
+  const lastTs = Number(getMeta(metaKey, 0) || 0);
+  if (!lastTs) return true;
+  return Date.now() - lastTs >= updateHours * 60 * 60 * 1000;
 }
 
 function shouldRefreshOwnSkill() {
-  return shouldRefreshFile(ownSkillPath, ownSkillUpdateHours);
+  return shouldRefreshByMeta(OWNSKILL_META_KEY, ownSkillUpdateHours);
 }
 
 async function maybeUpdateOwnSkillSummary(conversationIdValue) {
-  if (!shouldRefreshOwnSkill()) return;
+  if (!shouldRefreshByMeta(OWNSKILL_META_KEY, ownSkillUpdateHours)) return;
 
   const recent = getRecentMessages(conversationIdValue, 80);
   const transcript = recent
@@ -175,10 +174,11 @@ async function maybeUpdateOwnSkillSummary(conversationIdValue) {
   const next = String(message.content || '').trim();
   if (!next) return;
   fs.writeFileSync(path.resolve(ownSkillPath), `${next}\n`, 'utf8');
+  setMeta(OWNSKILL_META_KEY, Date.now());
 }
 
 async function maybeUpdateSoulSummary(conversationIdValue) {
-  if (!shouldRefreshFile(soulPath, soulUpdateHours)) return;
+  if (!shouldRefreshByMeta(SOUL_META_KEY, soulUpdateHours)) return;
 
   const recent = getRecentMessages(conversationIdValue, 80);
   const transcript = recent
@@ -210,6 +210,7 @@ async function maybeUpdateSoulSummary(conversationIdValue) {
   const next = String(message.content || '').trim();
   if (!next) return;
   fs.writeFileSync(path.resolve(soulPath), `${next}\n`, 'utf8');
+  setMeta(SOUL_META_KEY, Date.now());
 }
 
 async function maybeIngestTurnMemory(conversationIdValue, userText, assistantText) {

package/src/apiProviders.js

@@ -155,13 +155,18 @@ function buildProviders(env) {
 
     zai: {
       id: 'zai',
-      name: 'Z.ai (Zhipu)',
-      baseUrl: (env.ZAI_BASE_URL || 'https://open.bigmodel.cn/api/paas/v4').replace(/\/$/, ''),
-      chatModel: env.ZAI_MODEL || 'glm-5',
+      name: 'Z.ai',
+      baseUrl: (env.ZAI_BASE_URL || 'https://api.z.ai/api/coding/paas/v4').replace(/\/$/, ''),
+      chatModel: env.ZAI_MODEL || 'glm-4.7',
       embedModel: env.ZAI_EMBED_MODEL || '',
       apiKey: env.ZAI_API_KEY || '',
       userAgent: '',
-      authHeaders: (key) => ({ Authorization: `Bearer ${zhipuJwt(key)}` }),
+      // api.z.ai uses plain Bearer; old bigmodel.cn used Zhipu JWT
+      authHeaders: (key) => {
+        const baseUrl = (env.ZAI_BASE_URL || '').toLowerCase();
+        if (baseUrl.includes('bigmodel.cn')) return { Authorization: `Bearer ${zhipuJwt(key)}` };
+        return { Authorization: `Bearer ${key}` };
+      },
       chatPath: '/chat/completions',
       embedPath: '/embeddings',
       formatRequest: standardFormat,

package/src/config.js

@@ -79,16 +79,8 @@ const rawApiKey =
     ? process.env.KIMI_CODE_API_KEY || process.env.KIMI_API_KEY || ''
     : process.env.MOONSHOT_API_KEY || process.env.KIMI_API_KEY || '';
 const kimiApiKey = cleanEnvValue(rawApiKey);
-// Only hard-fail on missing kimi key when kimi/moonshot is the active provider.
-// If ACTIVE_PROVIDER is set to another provider, the key is optional.
 const activeProvider = cleanEnvValue(process.env.ACTIVE_PROVIDER || '').toLowerCase();
-const kimiIsActive = !activeProvider || activeProvider === 'kimi' || activeProvider === 'moonshot';
-if (!kimiApiKey && kimiIsActive) {
-  if (kimiProvider === 'code') {
-    throw new Error('Missing required env: KIMI_CODE_API_KEY (or KIMI_API_KEY)');
-  }
-  throw new Error('Missing required env: MOONSHOT_API_KEY (or KIMI_API_KEY)');
-}
+// Missing API keys are allowed — providers with no key are silently skipped at request time.
 
 const defaultBaseUrl =
   kimiProvider === 'code' ? 'https://api.kimi.com/coding/v1' : 'https://api.moonshot.cn/v1';

package/src/llmClient.js

@@ -21,39 +21,56 @@ const tokenManager = require('./tokenManager');
 
 // ─── Low-level fetch wrapper ─────────────────────────────────────────────────
 
-async function fetchProvider(provider, endpoint, body) {
+function sleep(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
+
+async function fetchProvider(provider, endpoint, body, maxRetries = 3) {
   const key = provider.apiKey;
   const headers = { 'Content-Type': 'application/json', ...provider.authHeaders(key) };
   if (provider.userAgent) headers['User-Agent'] = provider.userAgent;
 
-  const timeout = provider.timeout || 30000;
-  const ctrl = new AbortController();
-  const timer = setTimeout(() => ctrl.abort(), timeout);
-
-  let res;
-  try {
-    res = await fetch(`${provider.baseUrl}${endpoint}`, {
-      method: 'POST',
-      headers,
-      body: JSON.stringify(body),
-      signal: ctrl.signal
-    });
-  } catch (err) {
-    clearTimeout(timer);
-    if (err && err.name === 'AbortError') {
-      throw Object.assign(new Error(`Timeout after ${timeout}ms (${provider.name})`), { status: 0 });
+  let lastErr;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    if (attempt > 0) {
+      const delay = Math.min(attempt * 2000, 10000); // 2s, 4s, 6s … capped at 10s
+      process.stderr.write(`[llm] 429 on ${provider.name}, retrying in ${delay}ms (attempt ${attempt}/${maxRetries})\n`);
+      await sleep(delay);
+    }
+
+    const timeout = provider.timeout || 30000;
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), timeout);
+
+    let res;
+    try {
+      res = await fetch(`${provider.baseUrl}${endpoint}`, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify(body),
+        signal: ctrl.signal
+      });
+    } catch (err) {
+      clearTimeout(timer);
+      if (err && err.name === 'AbortError') {
+        throw Object.assign(new Error(`Timeout after ${timeout}ms (${provider.name})`), { status: 0 });
+      }
+      throw Object.assign(new Error(`Network error (${provider.name}): ${err.message}`), { status: 0 });
+    } finally {
+      clearTimeout(timer);
+    }
+
+    if (!res.ok) {
+      const text = await res.text().catch(() => '');
+      lastErr = Object.assign(new Error(`HTTP ${res.status} from ${provider.name}: ${text}`), { status: res.status });
+      if (res.status === 429 && attempt < maxRetries) continue; // retry on rate limit
+      throw lastErr;
     }
-    throw Object.assign(new Error(`Network error (${provider.name}): ${err.message}`), { status: 0 });
-  } finally {
-    clearTimeout(timer);
-  }
 
-  if (!res.ok) {
-    const text = await res.text().catch(() => '');
-    throw Object.assign(new Error(`HTTP ${res.status} from ${provider.name}: ${text}`), { status: res.status });
+    return res.json();
   }
 
-  return res.json();
+  throw lastErr;
 }
 
 // ─── chatCompletion ──────────────────────────────────────────────────────────
@@ -63,7 +80,7 @@ async function chatCompletion(messages, options = {}) {
   const activeId = tokenManager.getCurrentProvider();
   const candidates = [activeId, ...tokenManager.getNextCandidates(activeId)];
 
-  let lastError = null;
+  let firstError = null;
 
   for (const providerId of candidates) {
     if (!providerId) continue;
@@ -81,7 +98,7 @@ async function chatCompletion(messages, options = {}) {
     try {
       data = await fetchProvider(provider, provider.chatPath, body);
     } catch (err) {
-      lastError = err;
+      if (!firstError) firstError = err; // keep the active provider's error
 
       // 429 = rate limit, 403 = quota exhausted — both warrant a fallback
       if (err.status === 429 || err.status === 403) {
@@ -93,9 +110,8 @@ async function chatCompletion(messages, options = {}) {
         continue;
       }
 
-      // Any other error: try next candidate silently; surface only if all fail
-      lastError = err;
-      continue;
+      // Any other error (auth, network, server error) — surface immediately
+      throw err;
     }
 
     const { message, tokens } = provider.parseResponse(data);
@@ -114,7 +130,7 @@ async function chatCompletion(messages, options = {}) {
     return message;
   }
 
-  throw lastError || new Error('All providers failed or exhausted.');
+  throw firstError || new Error('All providers failed or exhausted.');
 }
 
 // ─── embedText ───────────────────────────────────────────────────────────────

package/src/telegram/bot.js

@@ -76,6 +76,47 @@ function handleApiCommand(arg) {
   return `✅ Switched to *${p.name}* (\`${target}\`)\nModel: \`${p.chatModel}\``;
 }
 
+// ─── /limit command ───────────────────────────────────────────────────────────
+
+function handleLimitCommand(arg) {
+  if (!arg) {
+    const status = tokenManager.getStatus();
+    const lines = ['⚙️ *Token Limits* (0 = unlimited)', ''];
+    for (const s of status) {
+      const limitStr = s.limit > 0 ? s.limit.toLocaleString() : '∞ unlimited';
+      const active = s.active ? ' ✅' : '';
+      lines.push(`\`${s.id}\`: ${limitStr}${active}`);
+    }
+    lines.push('');
+    lines.push('Use `/limit <provider> <number>` to set a limit.');
+    lines.push('Use `/limit <provider> 0` for unlimited.');
+    lines.push('Providers: ' + KNOWN_PROVIDERS.map((n) => `\`${n}\``).join(', '));
+    return lines.join('\n');
+  }
+
+  const parts = arg.trim().split(/\s+/);
+  if (parts.length !== 2) {
+    return '❌ Usage: `/limit <provider> <number>`\nExample: `/limit claude 0`';
+  }
+
+  const [providerArg, valueArg] = parts;
+  const id = providerArg.toLowerCase();
+  if (!KNOWN_PROVIDERS.includes(id)) {
+    return `❌ Unknown provider: \`${id}\`\nAvailable: ${KNOWN_PROVIDERS.map((n) => `\`${n}\``).join(', ')}`;
+  }
+
+  const n = Number(valueArg);
+  if (isNaN(n) || n < 0 || !Number.isFinite(n)) {
+    return '❌ Limit must be a non-negative number. Use `0` for unlimited.';
+  }
+
+  const result = tokenManager.setLimit(id, n);
+  if (!result.ok) return `❌ ${result.error}`;
+
+  const limitStr = n === 0 ? '∞ unlimited' : n.toLocaleString() + ' tokens/day';
+  return `✅ *${id}* limit set to *${limitStr}*`;
+}
+
 // ─── /tokens command ──────────────────────────────────────────────────────────
 
 function handleTokensCommand() {
@@ -102,6 +143,7 @@ function startTelegramBot() {
   bot.setMyCommands([
     { command: 'api',    description: 'Show or switch active API provider' },
     { command: 'tokens', description: 'Show token usage for today' },
+    { command: 'limit',  description: 'Show or set daily token limit per provider' },
     { command: 'help',   description: 'Show all available commands' }
   ]).catch((err) => {
     process.stderr.write(`[telegram] setMyCommands failed: ${err.message}\n`);
@@ -127,8 +169,8 @@ function startTelegramBot() {
     const MD = { parse_mode: 'Markdown' };
 
     // ── Slash commands ────────────────────────────────────────────────────
-    if (text.startsWith('/api')) {
-      const arg = text.slice(4).trim() || null;
+    if (text.startsWith('/api') || text.startsWith('/ap ') || text === '/ap') {
+      const arg = text.startsWith('/api') ? text.slice(4).trim() || null : text.slice(3).trim() || null;
       await safeSend(bot, chatId, handleApiCommand(arg), MD);
       return;
     }
@@ -138,6 +180,12 @@ function startTelegramBot() {
       return;
     }
 
+    if (text.startsWith('/limit')) {
+      const arg = text.slice(6).trim() || null;
+      await safeSend(bot, chatId, handleLimitCommand(arg), MD);
+      return;
+    }
+
     if (text === '/help' || text === '/start') {
       const helpText = [
         '🤖 *Tiger Bot Commands*',
@@ -145,11 +193,11 @@ function startTelegramBot() {
         '/api \\- Show current provider & token stats',
         '/api `<name>` \\- Switch active API provider',
         '/tokens \\- Show token usage for today',
+        '/limit \\- Show daily token limits per provider',
+        '/limit `<name> <n>` \\- Set limit \\(0 = unlimited\\)',
         '/help \\- Show this message',
         '',
-        '*Available providers:* ' + KNOWN_PROVIDERS.join(', '),
-        '',
-        '_Token limits & auto\\-switch configured in .env_'
+        '*Available providers:* ' + KNOWN_PROVIDERS.join(', ')
       ].join('\n');
       await safeSend(bot, chatId, helpText, { parse_mode: 'MarkdownV2' });
       return;

package/src/tokenManager.js

@@ -107,6 +107,21 @@ function getCurrentProvider() {
   return state.activeProvider;
 }
 
+/**
+ * Set the daily token limit for a provider at runtime.
+ * limit = 0 means unlimited. Returns { ok } or { ok: false, error }.
+ */
+function setLimit(id, limit) {
+  ensureInit();
+  const known = ['kimi', 'moonshot', 'zai', 'minimax', 'claude'];
+  if (!known.includes(id)) return { ok: false, error: `Unknown provider: ${id}` };
+  const n = Number(limit);
+  if (isNaN(n) || n < 0) return { ok: false, error: 'Limit must be a non-negative number (0 = unlimited)' };
+  state.limits[id] = Math.floor(n);
+  saveUsageFile();
+  return { ok: true };
+}
+
 /**
  * Manually switch to a named provider.
  * Returns { ok, provider } or { ok: false, error }
@@ -214,6 +229,7 @@ module.exports = {
   init,
   getCurrentProvider,
   setProvider,
+  setLimit,
   recordTokens,
   isOverLimit,
   getNextCandidates,