fix(plugins): dedupe provider-prefixed model refs in runtime LLM allowlist policy

nxmxbbd · nxmxbbd · commit a2c4437fcf4a · 2026-05-21T19:58:45.000+08:00
The plugin runtime LLM policy gate and the gateway fallback subagent policy gate each build allowlist keys and resolved-selection keys via ad-hoc `${normalized.provider}/${normalized.model}` concatenation. When a provider plugin manifest contributes `prefixWhenBare` (e.g. OpenRouter) and the resolved selection's `modelId` already carries the provider segment, the concatenation produces a double-prefixed key (`openrouter/openrouter/gpt-5.4-mini`). The user-typed allowlist entry does not carry the duplicate prefix, so `Set.has` misses and the diagnostic surfaces a confusing `openrouter/openrouter/...` string. Swap the five concat sites to the existing canonical `modelKey()` helper (`src/agents/model-ref-shared.ts`), which dedupes when `model` already starts with `${provider}/`. Both pair sides remain symmetric (allowlist Set construction + resolved lookup), so the policy gate keeps the same contract, and the diagnostic now surfaces the deduped, user-recognizable ref. Closes #84887.
diff --git a/src/gateway/server-plugins.test.ts b/src/gateway/server-plugins.test.ts
@@ -1031,6 +1031,36 @@ describe("loadGatewayPlugins", () => {
     );
   });
 
+  test("uses deduped resolved ref in fallback override deny diagnostic (#84887)", async () => {
+    const serverPlugins = serverPluginsModule;
+    const runtime = await createSubagentRuntime(serverPlugins, {
+      plugins: {
+        entries: {
+          "voice-call": {
+            subagent: {
+              allowModelOverride: true,
+              allowedModels: ["openrouter/gpt-5.4-mini"],
+            },
+          },
+        },
+      },
+    });
+    serverPlugins.setFallbackGatewayContext(createTestContext("fallback-prefixed-model-deny"));
+    await expect(
+      gatewayRequestScopeModule.withPluginRuntimePluginIdScope("voice-call", () =>
+        runtime.run({
+          sessionKey: "s-prefixed-model-deny",
+          message: "use trusted override",
+          provider: "openrouter",
+          model: "openrouter/gpt-5.5",
+          deliver: false,
+        }),
+      ),
+    ).rejects.toThrow(
+      'model override "openrouter/gpt-5.5" is not allowlisted for plugin "voice-call".',
+    );
+  });
+
   test("uses least-privilege synthetic fallback scopes without admin", async () => {
     const serverPlugins = serverPluginsModule;
     const runtime = await createSubagentRuntime(serverPlugins);
diff --git a/src/gateway/server-plugins.ts b/src/gateway/server-plugins.ts
@@ -1,6 +1,6 @@
 import { randomUUID } from "node:crypto";
 import { performance } from "node:perf_hooks";
-import { normalizeModelRef, parseModelRef } from "../agents/model-selection.js";
+import { modelKey, normalizeModelRef, parseModelRef } from "../agents/model-selection.js";
 import { applyPluginAutoEnable } from "../config/plugin-auto-enable.js";
 import type { OpenClawConfig } from "../config/types.openclaw.js";
 import { normalizePluginsConfig } from "../plugins/config-state.js";
@@ -127,7 +127,7 @@ function normalizeAllowedModelRef(raw: string): string | null {
     return null;
   }
   const normalized = normalizeModelRef(providerRaw, modelRaw);
-  return `${normalized.provider}/${normalized.model}`;
+  return modelKey(normalized.provider, normalized.model);
 }
 
 export function setPluginSubagentOverridePolicies(cfg: OpenClawConfig): void {
@@ -227,7 +227,7 @@ function resolveRequestedFallbackModelRef(params: {
 }): string | null {
   if (params.provider && params.model) {
     const normalizedRequest = normalizeModelRef(params.provider, params.model);
-    return `${normalizedRequest.provider}/${normalizedRequest.model}`;
+    return modelKey(normalizedRequest.provider, normalizedRequest.model);
   }
   const rawModel = params.model?.trim();
   if (!rawModel || !rawModel.includes("/")) {
@@ -237,7 +237,7 @@ function resolveRequestedFallbackModelRef(params: {
   if (!parsed?.provider || !parsed.model) {
     return null;
   }
-  return `${parsed.provider}/${parsed.model}`;
+  return modelKey(parsed.provider, parsed.model);
 }
 
 // ── Internal gateway dispatch for plugin runtime ────────────────────
diff --git a/src/plugins/runtime/runtime-llm.runtime.test.ts b/src/plugins/runtime/runtime-llm.runtime.test.ts
@@ -306,6 +306,43 @@ describe("runtime.llm.complete", () => {
     expect(hoisted.prepareSimpleCompletionModelForAgent).not.toHaveBeenCalled();
   });
 
+  it("uses the deduped resolved ref in the allowlist deny diagnostic (#84887)", async () => {
+    hoisted.resolveSimpleCompletionSelectionForAgent.mockReturnValue({
+      provider: "openrouter",
+      modelId: "openrouter/gpt-5.5",
+      agentDir: "/tmp/openclaw-agent",
+    });
+
+    const runtimeContext = resolveContextEngineCapabilities({
+      config: {
+        ...cfg,
+        plugins: {
+          entries: {
+            "lossless-claw": {
+              llm: {
+                allowModelOverride: true,
+                allowedModels: ["openrouter/gpt-5.4-mini"],
+              },
+            },
+          },
+        },
+      },
+      sessionKey: "agent:main:session:abc",
+      contextEnginePluginId: "lossless-claw",
+      purpose: "context-engine.compaction",
+    });
+
+    await expect(
+      runtimeContext.llm!.complete({
+        model: "openrouter/gpt-5.5",
+        messages: [{ role: "user", content: "summarize" }],
+      }),
+    ).rejects.toThrow(
+      'model override "openrouter/gpt-5.5" is not allowlisted for plugin "lossless-claw"',
+    );
+    expect(hoisted.prepareSimpleCompletionModelForAgent).not.toHaveBeenCalled();
+  });
+
   it("keeps context-engine attribution and host-derived policy inside plugin runtime scope", async () => {
     const runtimeContext = resolveContextEngineCapabilities({
       config: {
diff --git a/src/plugins/runtime/runtime-llm.runtime.ts b/src/plugins/runtime/runtime-llm.runtime.ts
@@ -1,5 +1,5 @@
 import type { Api, Message } from "@earendil-works/pi-ai";
-import { normalizeModelRef } from "../../agents/model-selection.js";
+import { modelKey, normalizeModelRef } from "../../agents/model-selection.js";
 import type { NormalizedUsage, UsageLike } from "../../agents/usage.js";
 import { normalizeUsage } from "../../agents/usage.js";
 import type { OpenClawConfig } from "../../config/types.openclaw.js";
@@ -235,7 +235,7 @@ function normalizeAllowedModelRef(raw: string): string | null {
     return null;
   }
   const normalized = normalizeModelRef(provider, model);
-  return `${normalized.provider}/${normalized.model}`;
+  return modelKey(normalized.provider, normalized.model);
 }
 
 function buildPolicyFromEntry(entry: {
@@ -402,7 +402,7 @@ export function createRuntimeLlm(options: CreateRuntimeLlmOptions = {}): PluginR
           ? normalizeModelRef(selection.provider, selection.modelId)
           : null;
         const resolvedModelRef = normalizedSelection
-          ? `${normalizedSelection.provider}/${normalizedSelection.model}`
+          ? modelKey(normalizedSelection.provider, normalizedSelection.model)
           : null;
         assertAllowedModelOverride({
           resolvedModelRef,
