fix(models): strip @profile suffix from model selection

[mcaxtr]

Fixes #10882

Summary

When using /model provider/model@profile:name syntax, the @profile suffix was included in the model name during allowlist lookup, causing a "model not allowed" error even when the model is properly configured.

Repro Steps

1. Configure an allowlist with nvidia/moonshotai/kimi-k2.5
2. Send /model nvidia/moonshotai/kimi-k2.5@nvidia:default
3. Result: "model not allowed" error because the key becomes nvidia/moonshotai/kimi-k2.5@nvidia:default instead of nvidia/moonshotai/kimi-k2.5

Root Cause

resolveModelRefFromString() in src/agents/model-selection.ts passed the full input (including @profile suffix) to parseModelRef(). The inline directive path (extractModelDirective() in src/auto-reply/model.ts) already strips @profile before calling resolution, but the session reset path (applyResetModelOverride() → buildSelectionFromExplicit()) does not — it calls resolveModelRefFromString() with the raw token.

Fixing at the resolveModelRefFromString() level ensures all code paths that resolve model refs correctly strip the @profile suffix, regardless of whether the caller pre-strips it.

Behavior Changes

• resolveModelRefFromString() now strips @profile suffix before alias lookup and parseModelRef() call
• No change to parseModelRef() itself (profile stripping is an application-level concern, not a model-ref concern)
• Existing callers that already strip @profile (inline directive path) are unaffected — double-stripping is safe

Codebase and GitHub Search

• Searched for all callers of resolveModelRefFromString — confirmed session reset path and directive handling path both benefit
• Searched for @ handling in model resolution — extractModelDirective() already strips but resolveModelRefFromString did not
• No existing PRs or claims on [Bug]: /model command with explicit @profile suffix fails with "model not allowed" #10882

Tests

4 new tests in src/agents/model-selection.test.ts — all 4 fail before fix, pass after:

• Strip @profile suffix from provider/model input (nvidia/moonshotai/kimi-k2.5@nvidia:default)
• Strip @profile suffix from single-segment model input (gpt-5@myprofile)
• Strip @profile suffix with colon in profile name (google/gemini-flash-latest@google:bevfresh)
• Resolve alias with @profile suffix (kimi@nvidia:default)

Full test suite: 220 tests pass across 36 files. Build and lint clean.

lobster-biscuit

Sign-Off

• Models used: Claude Opus 4.6
• Submitter effort: autonomous (TDD)
• Agent notes: Fix applied at deepest shared layer (resolveModelRefFromString) to benefit all code paths. The inline directive path already handled this correctly; the session reset path did not.

Greptile Overview

Greptile Summary

This PR updates resolveModelRefFromString() to strip a trailing @profile suffix from model tokens before alias lookup and parseModelRef() parsing, fixing allowlist key mismatches when users specify /model provider/model@profile:name. It also adds unit tests covering provider/model inputs, single-segment inputs, aliases, and profile names containing colons to ensure all resolution paths behave consistently.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk.
• Change is narrowly scoped to stripping @profile suffixes before alias lookup/parsing, with added unit tests covering the affected cases. No other resolution logic is altered, and the new behavior is consistent across callers.
• No files require special attention

[ivalsaraj]

Feature: support multiple aliases per model (for per-profile routing)
Currently agents.defaults.models uses model ID as the key, so only one alias is possible per model. Users with multiple OAuth profiles for the same model (e.g. two Codex accounts) can't have codex-one/codex-two as usable aliases — they're forced into auth.order with no ergonomic per-profile alias.

[steipete]

Closing as AI-assisted stale-fix triage.

Linked issue #10882 ("[Bug]: /model command with explicit @Profile suffix fails with "model not allowed"") is currently CLOSED and was closed on 2026-02-23T04:39:36Z with state reason NOT_PLANNED.
Given that issue state, this fix PR is no longer needed in the active queue and is being closed as stale.

If the underlying bug is still reproducible on current main, please reopen this PR (or open a new focused fix PR) and reference both #10882 and #11198 for fast re-triage.

[steipete]

Closed after AI-assisted stale-fix triage (closed issue duplicate/stale fix).