Improve Mistral rate-limit handling and add cooldown probe scripts

[Android-PowerUser]

Motivation

• Make requests to Mistral more robust by honoring server rate-limit hints and avoiding rapid retries that trigger 429s.
• Ensure streaming/command execution state is reset before a new reasoning run to avoid unwanted cancellation.
• Provide reproducible probe scripts to measure real-world Mistral cooldown behavior for tuning client-side backoff.

Description

• Enhanced Mistral client logic in PhotoReasoningViewModel by increasing the base MISTRAL_MIN_INTERVAL_MS from 1100 to 1500 and adding an overloaded markKeyCooldown that accepts an extraDelayMs to apply server-requested delays.
• Added parsing helpers parseRetryAfterMs and parseRateLimitResetDelayMs to extract Retry-After and x-ratelimit-reset headers and use the larger of these values to schedule the next allowed key use.
• Made retry accounting dynamic by computing maxAttempts from available keys, updated retry/failure messages and error conditions to reference maxAttempts, and reset stopExecutionFlag at the start of reason().
• Added two probe utilities scripts/mistral_cooldown_probe.py and scripts/mistral_cooldown_probe.sh to measure minimal cooldown delays in two modes (based on last token time and based on request start), using curl against the Mistral endpoint.

Testing

• Built the app locally with ./gradlew assembleDebug and the build completed successfully.
• Ran the project's unit tests with ./gradlew test and existing tests passed.
• Performed static checks with ./gradlew check and no new lint errors were reported; the new probe scripts were added but not executed in CI.

---

Codex Task

[amazon-q-developer]

Summary

This PR enhances Mistral rate-limit handling by increasing the minimum interval from 1.1s to 1.5s and adding support for server-provided rate-limit headers (Retry-After and x-ratelimit-reset). The cooldown probe scripts provide valuable testing capabilities.

Critical Issues Found

Security & Functionality Blockers:

• Hardcoded API key in probe script creates immediate security vulnerability (CWE-798)
• Missing os module import causes script to crash on execution
• No validation for required API key leads to authentication failures

Recommendation: Address the security vulnerability immediately by using environment variables for API keys. The probe scripts cannot function without these fixes.

---

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

[amazon-q-developer]

🛑 Security Vulnerability: Hardcoded API key exposed in repository. This key grants access to your Mistral API account and will be permanently visible in git history, leading to unauthorized usage and potential account compromise.¹

Suggested change

	MISTRAL_API_KEY = "zsEegAJFadHH4uooe2lW0HVNmy1rpqGT"
	MISTRAL_API_KEY = os.getenv("MISTRAL_API_KEY", "")

Footnotes

1. CWE-798: Use of Hard-coded Credentials - https://cwe.mitre.org/data/definitions/798.html ↩

[amazon-q-developer]

🛑 Crash Risk: Missing import for os module causes NameError when accessing environment variable. Script will fail immediately on execution.

Suggested change

	import json
	import subprocess
	import time
	import json
	import os
	import subprocess
	import time

[amazon-q-developer]

🛑 Crash Risk: Missing validation for required API key will cause authentication failure. Script proceeds with empty string when environment variable is not set, resulting in 401 Unauthorized errors from Mistral API.

Suggested change

	if __name__ == "__main__":
	step_delays = list(range(100, 3001, 100))
	if __name__ == "__main__":
	if not MISTRAL_API_KEY:
	raise ValueError("MISTRAL_API_KEY environment variable must be set")
	step_delays = list(range(100, 3001, 100))