fix: Infrastructure - GitHub token, API validation, cost controls

Team 3: Infrastructure & Config

Fixed:
- #4: GitHub Ingestor now works without token for public repos
  - Token is now optional
  - Uses unauthenticated requests (with rate limit warning) when no token
  - Private repos still require token

- #14: Added startup API key validation
  - get_config() now validates API keys at startup
  - Raises clear error if neither OPENAI_API_KEY nor MINIMAX_API_KEY is set
  - Fail-fast instead of silent failures

- #10: Added CostConfig for rate limiting and budget controls
  - max_tokens_per_run: limit tokens per generation
  - max_cost_usd: budget cap in dollars
  - track_usage: enable/disable usage tracking
  - price_per_million_tokens: pricing by model

opus_orchestrator/utils/github_ingest.py

@@ -19,13 +19,21 @@ class GitHubIngestor:
     
     def __init__(self, token: Optional[str] = None):
         self.token = token or os.environ.get("GITHUB_TOKEN")
-        if not self.token:
-            raise ValueError("GitHub token required. Set GITHUB_TOKEN or pass token.")
         
-        self.headers = {
-            "Authorization": f"token {self.token}",
-            "Accept": "application/vnd.github.v3+json",
-        }
+        # Token is optional - only required for private repos
+        # Public repos can be accessed without authentication
+        if self.token:
+            self.headers = {
+                "Authorization": f"token {self.token}",
+                "Accept": "application/vnd.github.v3+json",
+            }
+        else:
+            # No token - use unauthenticated requests (rate limited)
+            self.headers = {
+                "Accept": "application/vnd.github.v3+json",
+            }
+            print("⚠️  No GitHub token provided. Using unauthenticated requests (rate limited).")
+        
         self.base_url = "https://api.github.com"
     
     def get_contents(self, repo: str, path: str = "") -> list[dict]: