fix(runtime-llm): avoid duplicate provider prefix in allowlist diagnostics

zhangguiping-xydt · zhangguiping-xydt · commit ee9f3b6a52b4 · 2026-05-21T20:22:51.000+08:00
normalizeAllowedModelRef() and the resolved override ref interpolated ${provider}/${model} after normalizeModelRef(), so a provider-qualified model id like openrouter/gpt-5.4-mini surfaced as openrouter/openrouter/gpt-5.4-mini in the allowlist set and policy denial message, masking the actionable model ref. Route both sites through modelKey() (src/agents/model-ref-shared.ts) so the provider segment is collapsed when the model id already starts with it. Add regression tests covering allowlist hit and denial paths for the OpenRouter shape. Fixes #84887
diff --git a/src/plugins/runtime/runtime-llm.runtime.test.ts b/src/plugins/runtime/runtime-llm.runtime.test.ts
@@ -306,6 +306,92 @@ describe("runtime.llm.complete", () => {
     expect(hoisted.prepareSimpleCompletionModelForAgent).not.toHaveBeenCalled();
   });
 
+  it("matches allowlist entries for provider-qualified model ids without doubling the provider prefix", async () => {
+    const runtimeContext = resolveContextEngineCapabilities({
+      config: {
+        ...cfg,
+        plugins: {
+          entries: {
+            "lossless-claw": {
+              llm: {
+                allowModelOverride: true,
+                allowedModels: ["openrouter/gpt-5.4-mini"],
+              },
+            },
+          },
+        },
+      },
+      sessionKey: "agent:main:session:abc",
+      contextEnginePluginId: "lossless-claw",
+      purpose: "context-engine.compaction",
+    });
+
+    hoisted.prepareSimpleCompletionModelForAgent.mockResolvedValue(
+      createPreparedModel("openrouter/gpt-5.4-mini"),
+    );
+    hoisted.resolveSimpleCompletionSelectionForAgent.mockImplementation(
+      (params: { agentId: string }) => ({
+        provider: "openrouter",
+        modelId: "openrouter/gpt-5.4-mini",
+        agentDir: `/tmp/${params.agentId}`,
+      }),
+    );
+
+    await runtimeContext.llm!.complete({
+      agentId: "main",
+      model: "openrouter/gpt-5.4-mini",
+      messages: [{ role: "user", content: "summarize" }],
+    });
+
+    expectSingleCallFirstArg(hoisted.prepareSimpleCompletionModelForAgent, {
+      agentId: "main",
+      modelRef: "openrouter/gpt-5.4-mini",
+    });
+  });
+
+  it("reports denials for provider-qualified model ids without doubling the provider prefix", async () => {
+    const runtimeContext = resolveContextEngineCapabilities({
+      config: {
+        ...cfg,
+        plugins: {
+          entries: {
+            "lossless-claw": {
+              llm: {
+                allowModelOverride: true,
+                allowedModels: ["openrouter/gpt-5.4-mini"],
+              },
+            },
+          },
+        },
+      },
+      sessionKey: "agent:main:session:abc",
+      contextEnginePluginId: "lossless-claw",
+      purpose: "context-engine.compaction",
+    });
+
+    hoisted.resolveSimpleCompletionSelectionForAgent.mockImplementation(
+      (params: { agentId: string }) => ({
+        provider: "openrouter",
+        modelId: "openrouter/gpt-5.5",
+        agentDir: `/tmp/${params.agentId}`,
+      }),
+    );
+
+    let caught: unknown;
+    try {
+      await runtimeContext.llm!.complete({
+        model: "openrouter/gpt-5.5",
+        messages: [{ role: "user", content: "summarize" }],
+      });
+    } catch (error) {
+      caught = error;
+    }
+    const message = caught instanceof Error ? caught.message : String(caught);
+    expect(message).toContain('"openrouter/gpt-5.5"');
+    expect(message).not.toContain("openrouter/openrouter/");
+    expect(hoisted.prepareSimpleCompletionModelForAgent).not.toHaveBeenCalled();
+  });
+
   it("keeps context-engine attribution and host-derived policy inside plugin runtime scope", async () => {
     const runtimeContext = resolveContextEngineCapabilities({
       config: {
diff --git a/src/plugins/runtime/runtime-llm.runtime.ts b/src/plugins/runtime/runtime-llm.runtime.ts
@@ -1,4 +1,5 @@
 import type { Api, Message } from "@earendil-works/pi-ai";
+import { modelKey } from "../../agents/model-ref-shared.js";
 import { normalizeModelRef } from "../../agents/model-selection.js";
 import type { NormalizedUsage, UsageLike } from "../../agents/usage.js";
 import { normalizeUsage } from "../../agents/usage.js";
@@ -235,7 +236,7 @@ function normalizeAllowedModelRef(raw: string): string | null {
     return null;
   }
   const normalized = normalizeModelRef(provider, model);
-  return `${normalized.provider}/${normalized.model}`;
+  return modelKey(normalized.provider, normalized.model);
 }
 
 function buildPolicyFromEntry(entry: {
@@ -402,7 +403,7 @@ export function createRuntimeLlm(options: CreateRuntimeLlmOptions = {}): PluginR
           ? normalizeModelRef(selection.provider, selection.modelId)
           : null;
         const resolvedModelRef = normalizedSelection
-          ? `${normalizedSelection.provider}/${normalizedSelection.model}`
+          ? modelKey(normalizedSelection.provider, normalizedSelection.model)
           : null;
         assertAllowedModelOverride({
           resolvedModelRef,
