metadata JSON → the per-key controls (each null when absent/invalid): the PAID credit cap + the rate-limit share %. Defensive — a bad value reads as "no override"; the share is clamped to [1,100] to mirror the auth-time clamp.
metadata JSON → the per-key controls (each null when absent/invalid): the PAID credit cap + the rate-limit share %. Defensive — a bad value reads as "no override"; the share is clamped to [1,100] to mirror the auth-time clamp.