Kimi/Moonshot 'Rate Limit' error masks insufficient funds, causes UI lockout

[superstizzle]

Bug Report: Kimi/Moonshot "Rate Limit" Error Masking Insufficient Funds

Environment

• OpenClaw Version: 2026.3.8
• OS: macOS
• Plugin: kimi-claw (auto-loaded)
• Provider: Moonshot (Kimi)

Problem Summary

When Kimi/Moonshot API account balance reaches zero, the API returns a 429 Rate Limit Reached error instead of a clear billing/insufficient funds message. OpenClaw interprets this literally, triggering a cascading failure that locks the UI and prevents model switching.

Symptoms

• UI completely frozen with repeated error: ⚠️ API rate limit reached. Please try again later.
• Cannot send messages in chat
• Cannot switch models via chat commands (model=...)
• Background slug-gen task infinitely retries, spamming terminal
• Session locked to broken provider

Root Cause

1. Error Misclassification: Moonshot API returns 429 for billing issues, not actual rate limiting
2. Infinite Retry Loop: slug-gen background task keeps hitting API on failure
3. Command Routing Trap: Model switch commands route through the failing provider

Reproduction Steps

1. Exhaust Kimi/Moonshot API credits
2. Attempt any chat message or command
3. Observe 429 error loop
4. Try to switch models via chat — fails

Expected Behavior

• Clear error: "Insufficient API credits" or "Billing issue"
• Graceful degradation: pause background tasks after N failures
• Emergency bypass: allow model switching even when current provider is down

Actual Behavior

• Misleading "rate limit" error
• Infinite retry loop
• Complete UI lockout

Workaround

Reload funds into Kimi account, or force model switch via control UI dropdown (bypasses chat parser).

Proposed Fixes

1. Better Error Parsing (kimi-claw)

Parse Moonshot error responses for billing-specific codes/messages and surface accurate error to user.

2. Failsafe for Background Tasks

slug-gen retry policy:
- Max 3 attempts
- Exponential backoff
- After max retries: pause + notify, don't loop

3. Emergency Model Override

Route /model commands through control layer, not through the active AI provider. Critical for provider outages.

Impact

• Severity: High — complete functionality loss
• User Experience: Hours of confusion troubleshooting "rate limits"
• Frequency: Any user with auto-reload disabled or payment issues

---

Reported by: Coach O via Clawd

[SkywalkerTrades]

Any fix for this? I ran out of $$ on moonshot. Recharged and now can't access kimik2.5. Keep getting rate limit error for 3 days. Switched to a new api key and same issue.

[sophiaashi]

ran into a similar cascading failure last month — one provider rate-limits you and suddenly the whole session is stuck because there's no fallback path.

what fixed it for me was putting a routing layer between openclaw and the providers. when one provider starts throwing rate limit errors, requests auto-switch to an alternative. so instead of the UI freezing while retrying the same broken endpoint, it just routes to deepseek or gemini and keeps going.

not a fix for the underlying openclaw bug, but at least my sessions don't die anymore when anthropic has a bad day. the routing gateway I use is TeamoRouter (router.teamolab.com) — it handles the circuit-breaker logic and failover automatically. 2-second install as an openclaw skill.

for anyone who wants to compare notes on multi-provider setups, we have a small discord: https://discord.gg/tvAtTj2zHv

[RayneYael]

Any fix for this?

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main and the latest release still force explicit HTTP 429 responses to rate_limit, and the issue has an open draft closing PR that should be reviewed and fixed before the issue closes.

Reproducibility: yes. at source level. Current main computes message classification but returns rate_limit for any explicit HTTP 429 before Moonshot/Kimi billing-shaped text can win.

Next step
A draft PR already references this issue with closing syntax, so the issue should wait on review and landing of that linked implementation rather than queueing a new repair job.

Review details

Best possible solution:

Land a narrow provider-aware classifier fix with regression coverage, then close this issue after the linked PR merges.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level. Current main computes message classification but returns rate_limit for any explicit HTTP 429 before Moonshot/Kimi billing-shaped text can win.

Is this the best way to solve the issue?

Yes for the repair direction, but not by closing now. The narrow maintainable fix is in the failover/provider classification path; the external router workaround mentioned in discussion does not replace the core classifier fix.

What I checked:

• Current main still masks 429 billing text: classifyFailoverReasonFromHttpStatus computes message classification, but the explicit status === 429 branch returns rate_limit unconditionally. (src/agents/pi-embedded-helpers/errors.ts:646, 3b39ff43184d)
• Matcher order can prefer rate-limit text before billing text: The message classifier checks isRateLimitErrorMessage before isBillingErrorMessage, so mixed Moonshot payloads containing rate_limit_reached plus balance text need a targeted precedence exception. (src/agents/pi-embedded-helpers/errors.ts:827, 3b39ff43184d)
• Billing vocabulary already covers balance text: The shared billing matcher recognizes insufficient_balance, fuzzy insufficient <word> balance, and Chinese balance/arrears messages; the remaining gap is 429/provider precedence. (src/agents/pi-embedded-helpers/failover-matches.ts:180, 3b39ff43184d)
• Moonshot plugin has no provider-specific classifier hook: The Moonshot provider entry registers auth, catalog, streaming/replay, media, and web-search behavior, but no classifyFailoverReason override for Moonshot-specific 429 billing payloads. (extensions/moonshot/index.ts:16, 3b39ff43184d)
• Latest release still has the same behavior: Release v2026.5.12 contains the same unconditional 429-to-rate-limit branch, so this is not fixed in the latest shipped release provided for review. (src/agents/pi-embedded-helpers/errors.ts:646, f066dd2f31c2)
• Open closing PR exists: GitHub live state shows fix(failover): classify Moonshot balance 429 as billing #83079 is open, draft, unmerged, and references this issue with closing syntax; policy says keep the issue open until that implementation lands or is closed. (701a3a3d3f53)

Likely related people:

• @altaywtf: Authored the shared failover HTTP status classification commit and later provider-scoped matcher work adjacent to this bug. (role: introduced shared status classifier and adjacent matcher maintainer; confidence: high; commits: f014e255dfb0, ae460eff84ab; files: src/agents/pi-embedded-helpers/errors.ts, src/agents/pi-embedded-helpers/failover-matches.ts, src/agents/failover-error.test.ts)
• @steipete: Recent history shows failover signal-classification unification and shared matcher refactors across the central files. (role: recent area contributor; confidence: high; commits: 131f6dac37a8, 6472e03412ef, 3b39ff43184d; files: src/agents/pi-embedded-helpers/errors.ts, src/agents/pi-embedded-helpers/failover-matches.ts)
• @yelog: Authored the merged billing matcher improvements for flat JSON and insufficient_balance payloads directly adjacent to the remaining Moonshot 429 precedence gap. (role: recent billing-classifier contributor; confidence: medium; commits: ef7c528c8ae3; files: src/agents/pi-embedded-helpers/failover-matches.ts, src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts, src/shared/assistant-error-format.ts)
• @vincentkoc: Recent history includes shared API error payload parsing in the same error helper area, useful if the repair crosses payload extraction or formatting boundaries. (role: adjacent error-surface contributor; confidence: medium; commits: d3ffa1e4e742; files: src/agents/pi-embedded-helpers/errors.ts, src/agents/pi-embedded-helpers/failover-matches.ts)

Remaining risk / open question:

• No live depleted Moonshot/Kimi account request was run; the reproduction is source-level against the classifier path.
• Moonshot/Kimi payloads may vary by endpoint or proxy, so the fix should match high-confidence balance/recharge signals without reclassifying ordinary 429 pressure.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3b39ff43184d.