Agents: trust explicit allowlist refs beyond catalog

src/agents/model-selection.ts

@@ -400,22 +400,23 @@ export function buildAllowedModelSet(params: {
   }
 
   const allowedKeys = new Set<string>();
-  const configuredProviders = (params.cfg.models?.providers ?? {}) as Record<string, unknown>;
+  const syntheticCatalogEntries = new Map<string, ModelCatalogEntry>();
   for (const raw of rawAllowlist) {
     const parsed = parseModelRef(String(raw), params.defaultProvider);
     if (!parsed) {
       continue;
     }
     const key = modelKey(parsed.provider, parsed.model);
-    const providerKey = normalizeProviderId(parsed.provider);
+    // Explicit allowlist entries are always trusted, even when bundled catalog
-    if (isCliProvider(parsed.provider, params.cfg)) {
+    // data is stale and does not include the configured model yet.
-      allowedKeys.add(key);
+    allowedKeys.add(key);
-    } else if (catalogKeys.has(key)) {
+
-      allowedKeys.add(key);
+    if (!catalogKeys.has(key) && !syntheticCatalogEntries.has(key)) {
-    } else if (configuredProviders[providerKey] != null) {
+      syntheticCatalogEntries.set(key, {
-      // Explicitly configured providers should be allowlist-able even when
+        id: parsed.model,
-      // they don't exist in the curated model catalog.
+        name: parsed.model,
-      allowedKeys.add(key);
+        provider: parsed.provider,
+      });
     }
   }
 
@@ -423,9 +424,10 @@ export function buildAllowedModelSet(params: {
     allowedKeys.add(defaultKey);
   }
 
-  const allowedCatalog = params.catalog.filter((entry) =>
+  const allowedCatalog = [
-    allowedKeys.has(modelKey(entry.provider, entry.id)),
+    ...params.catalog.filter((entry) => allowedKeys.has(modelKey(entry.provider, entry.id))),
-  );
+    ...syntheticCatalogEntries.values(),
+  ];
 
   if (allowedCatalog.length === 0 && allowedKeys.size === 0) {
     if (defaultKey) {