runtime: skip auto-compaction for non-token overflow

[trungutt]

Stacked on #2818. Review after that one merges.

When a request is rejected because the whole request body is too big to send (e.g. HTTP 413, large paste, oversized attachment), the runtime today reacts the same way it reacts to a token-count overflow: it tries to recover by compacting the conversation.

Compaction is itself a model call. It has to send the same conversation history that just got rejected, including the oversized turn. So that call is rejected too. Then the runtime gives up — but only after burning a second provider call and several seconds of wall-clock latency, and the user sees a "context window exceeded — try /compact" message that is actively wrong (compaction is exactly what just failed, and starting a new session is the only thing that helps).

The same trap applies to media-size rejections: there is no media-stripping path during compaction yet, so the offending attachment gets resent and the compaction call fails the same way.

Today                                       After this change
─────                                       ─────────────────
User sends an oversized message             User sends an oversized message
   │                                           │
   ▼                                           ▼
Provider → wire-level rejection             Provider → wire-level rejection
   │                                           │
   ▼                                           ▼
"context overflow" → start compaction       Recognise: compaction cannot help
   │                                           │
   ▼                                           ▼
Compaction model call                       Skip compaction entirely
   │   (with same oversized history)           │
   ▼                                           ▼
Rejected again, same reason                 Emit a specific, actionable error
   │                                           │
   ▼                                           ▼
Give up; show "context window exceeded"     User sees the right message

What this change achieves

• A wire-level overflow (request body too large) is surfaced immediately with the structured error code introduced in modelerrors: make overflow errors more specific #2818, instead of being routed through a compaction attempt that is guaranteed to fail.
• A media-size overflow is treated the same way, because the current compaction path cannot remove the offending attachment.
• Token-count overflow — the case compaction actually helps — is unchanged. Auto-compaction still fires there, with the same limits and the same retry semantics as before.

[docker-agent]

Assessment: 🟡 NEEDS ATTENTION

[docker-agent]

Assessment: 🟢 APPROVE

The implementation is correct and the logic is well-structured. Both overflow-kind classification and the compaction-skip decision are sound.

What was checked:

• OverflowKind type and constants (tokens, wire, media) — correct
• classifyOverflow two-tier classification (structured Tier 1 before substring Tier 2, media before wire before tokens) — correct priority ordering
• OverflowKindOf fallback chain for legacy *ContextOverflowError wraps — correct; defaults to OverflowKindTokens as historical behaviour
• handleStreamError skip-compaction branch: wire/media overflows return streamErrorFatal → runTurn returns turnExit → outer loop terminates immediately. No circuit-breaker bypass, no infinite retry.
• FormatError switch: non-overflow errors (OverflowKindOf returns "") correctly fall through to err.Error(). All three overflow kinds have actionable messages.
• classifyErrorCode switch covers all three new overflow kinds with distinct error codes.
• Test coverage: TestHandleStreamError_WireOverflowSkipsCompaction and TestHandleStreamError_MediaOverflowSkipsCompaction directly exercise the new skip paths. TestClassifyOverflow covers Tier 1 and Tier 2 patterns including the 413-wins-over-token-prose case.

Hypotheses investigated and dismissed:

1. Counter not incremented for wire/media = defeated circuit-breaker: Wire/media overflow always returns streamErrorFatal, which exits the loop via turnExit. The counter is irrelevant because there is no re-entry.
2. "content length exceeds" misclassification: That entry is pre-existing, unchanged code (context line in diff, not a + line) — outside the scope of this review.