fix(agents): normalize volcengine-plan and byteplus-plan provider IDs for auth lookup

[justinhuangcode]

Summary

• Normalize volcengine-plan → volcengine and byteplus-plan → byteplus in normalizeProviderId() so auth profile lookup finds credentials stored under the base provider name
• The configure flow stores credentials as volcengine:default with provider: "volcengine", but the default coding model (volcengine-plan/ark-code-latest) uses volcengine-plan as its provider — causing subagent auth failures

Test plan

• Added test case for volcengine-plan and byteplus-plan normalization
• All 40 existing model-selection.test.ts tests pass

Closes #31731

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d21d322dcf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep coding-plan provider IDs distinct in normalization

Mapping volcengine-plan/byteplus-plan to their base providers here changes model parsing globally (parseModelRef() and normalizeModelRef() call normalizeProviderId()), so a configured default like volcengine-plan/ark-code-latest is rewritten to volcengine/ark-code-latest. That breaks provider routing because the runtime defines separate provider configs for base vs coding plans (src/agents/models-config.providers.ts:709-739,987-1002) with different base URLs and model catalogs; the base providers do not carry the coding defaults, so these onboarded defaults can resolve as unknown models or hit the wrong endpoint.

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Summary

Fixes auth profile lookup for volcengine-plan and byteplus-plan coding models by normalizing their provider IDs to base names (volcengine and byteplus) in the normalizeProviderId() function.

• Resolves subagent auth failures caused by mismatch between how credentials are stored (volcengine:default) and how coding models reference them (volcengine-plan/ark-code-latest)
• Implementation consistent with existing provider normalization patterns (see lines 54-60 for similar bedrock/aws-bedrock → amazon-bedrock normalization)
• Aligns with how environment variables are already looked up in model-auth.ts (lines 282-288) and provider configs in models-config.providers.ts (lines 988-1001), which already share credentials between base and -plan variants
• Test coverage added for both normalizations

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Simple, focused bug fix that follows existing patterns in the codebase. The change is well-tested and aligns with how other parts of the system already handle these providers. No breaking changes or edge cases identified.
• No files require special attention

_{Last reviewed commit: d21d322}

[justinhuangcode]

Reworked based on the code review feedback — thank you for the catch.

Before: Modified global normalizeProviderId(), which affected all 44 files / 165 call sites and could break provider routing for volcengine-plan/byteplus-plan models.

After: Added a scoped normalizeProviderIdForAuth() function used only in listProfilesForProvider() (auth profile lookup). This correctly maps volcengine-plan → volcengine and byteplus-plan → byteplus for credential matching, mirroring how resolveEnvApiKey already handles these providers — without touching model routing.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 34c9175361

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Normalize provider consistently during auth order validation

This change makes listProfilesForProvider("volcengine-plan"/"byteplus-plan") return base-provider credentials, but resolveAuthProfileOrder still validates each candidate with normalizeProviderId(cred.provider) === providerKey (src/agents/auth-profiles/order.ts:45), so those newly returned profiles are filtered out immediately. In the onboarding/default flow (volcengine-plan/ark-code-latest with stored volcengine:default creds), auth order remains empty and resolveApiKeyForProvider still falls through to a missing-key error unless an env var is present.

Useful? React with 👍 / 👎.

[steipete]

Landed via temp rebase onto main.

• Gate: pnpm exec vitest run src/agents/model-selection.test.ts src/agents/auth-profiles/order.test.ts
• Land commit: 78b0c86
• Merge commit: aab87ec

Thanks @justinhuangcode!

[justinhuangcode]

Landed via temp rebase onto main.
Thanks @justinhuangcode!

Thanks for the thorough review and landing!