fix: validate chutes model token metadata

extensions/chutes/models.test.ts

@@ -145,6 +145,41 @@ describe("chutes-models", () => {
     });
   });
 
+  it("falls back from malformed live token metadata", async () => {
+    const mockFetch = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => ({
+        data: [
+          {
+            id: "provider/bad-window",
+            context_length: -1,
+            max_output_length: 16384.5,
+          },
+          {
+            id: "provider/bad-max-output",
+            context_length: Number.POSITIVE_INFINITY,
+            max_output_length: 0,
+          },
+        ],
+      }),
+    });
+
+    await withLiveChutesDiscovery(mockFetch, async () => {
+      const models = await discoverChutesModels("malformed-token-metadata");
+
+      expect(requireChutesModel(models, 0)).toMatchObject({
+        id: "provider/bad-window",
+        contextWindow: 128000,
+        maxTokens: 4096,
+      });
+      expect(requireChutesModel(models, 1)).toMatchObject({
+        id: "provider/bad-max-output",
+        contextWindow: 128000,
+        maxTokens: 4096,
+      });
+    });
+  });
+
   it("discoverChutesModels retries without auth on 401", async () => {
     const mockFetch = vi.fn().mockImplementation((url, init) => {
       if (init?.headers?.Authorization === "Bearer test-token-error") {

extensions/chutes/models.ts

@@ -5,6 +5,7 @@ import {
   ssrfPolicyFromHttpBaseUrlAllowedHostname,
 } from "openclaw/plugin-sdk/ssrf-runtime";
 import {
+  asPositiveSafeInteger,
   normalizeLowercaseStringOrEmpty,
   normalizeOptionalString,
 } from "openclaw/plugin-sdk/string-coerce-runtime";
@@ -616,8 +617,9 @@ export async function discoverChutesModels(accessToken?: string): Promise<ModelD
             cacheRead: 0,
             cacheWrite: 0,
           },
-          contextWindow: entry.context_length || CHUTES_DEFAULT_CONTEXT_WINDOW,
-          maxTokens: entry.max_output_length || CHUTES_DEFAULT_MAX_TOKENS,
+          contextWindow:
+            asPositiveSafeInteger(entry.context_length) ?? CHUTES_DEFAULT_CONTEXT_WINDOW,
+          maxTokens: asPositiveSafeInteger(entry.max_output_length) ?? CHUTES_DEFAULT_MAX_TOKENS,
           compat: {
             supportsUsageInStreaming: false,
           },