#11693: Model Provider Failover for Default and Session Model When Rate Limiting or Other Errors Occur

The README documents two new Node.js failover utilities added under update/. default-model-failover.js probes a prioritized list of candidate models and updates the global OpenClaw config's agents.defaults.model.primary (preserving existing keys like fallbacks), with automatic timestamped backups before any modification. session-failover.js performs the same probe-and-switch logic for individual session entries in a sessions JSON store, mirroring OpenClaw's applyModelOverrideToSessionEntry behavior including auth profile cleanup. The README covers usage examples for both scripts, explains the lightweight provider-specific probing strategy (HTTP checks for OpenAI/Anthropic, env var heuristics for others), documents environment variable caveats for non-standard provider key names, and includes a safety checklist for operators before running or automating the utilities. [README.md](https://github.com/user-attachments/files/25159062/README.md) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds two Node.js utilities under `update/` for operational model failover: - `update/default-model-failover.js` probes a prioritized list of provider/model pairs and updates the global OpenClaw config’s `agents.defaults.model.primary`, creating a timestamped backup before writing. - `update/session-failover.js` probes candidates and writes per-session `providerOverride`/`modelOverride` into a sessions JSON store, attempting to mirror core session override behavior. The implementation follows existing config/session key conventions in the repo (e.g., `agents.defaults.model.primary`, session override fields), but there are a couple of correctness mismatches vs documented/core behavior that should be addressed before merging. <h3>Confidence Score: 4/5</h3> - Mostly safe to merge, but fix session override cleanup parity and correct the README claim about backups. - Changes are isolated to new `update/` utilities and documentation, with no runtime impact on the main app. Main remaining risk is that `session-failover.js` claims to mirror core behavior but currently leaves stale auth override metadata, which can alter effective auth/profile selection after failover; and README contains a concrete behavior guarantee that isn’t true when the config file doesn’t exist. - update/session-failover.js, update/README.md <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->