• apps/web/src/app/cloud-agent-fork/review/[reviewId]/route.ts
• apps/web/src/app/cloud-agent-fork/review/[reviewId]/route.test.ts
• apps/web/src/lib/bot/model.ts
• apps/web/src/lib/bot/model.test.ts
• apps/web/src/lib/bot/agent-runner.ts

• The route now resolves the model from the review's platform_integration_id via getIntegrationById rather than getReviewConfig. A provenance guard rejects integrations whose platform, owned_by_user_id, or owned_by_organization_id differ from the review's, redirecting to fix_session_failed without creating a session. Since codeReviews.get already enforces the caller's access to the review, tying the integration to the review's owner is a reasonable authorization boundary and prevents cross-owner model leakage via a tampered platform_integration_id.
• resolveBotModelSlug validates metadata.model_slug with zod (trim + min(1)) and falls back to DEFAULT_BOT_MODEL for null integration, missing/empty/non-string slugs, and non-object metadata. Strictly safer than the previous inline cast in agent-runner.ts.
• Unlinked reviews (platform_integration_id is null) and deleted integrations (getIntegrationById returns null) both resolve to DEFAULT_BOT_MODEL and still create a session, as covered by tests.
• No module-scope transport-owning clients or cached DB handles introduced; this is a Next.js route using the shared db, so no Worker/DO memory-leak concern.
• getIntegrationById is called without an organizationId scope filter, but the subsequent owner-equality check enforces ownership, so no authorization gap.

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit 3cdd59b)

Status: No Issues Found | Recommendation: Merge

Executive Summary

Reviewed the fix-session model-resolution change in the Cloud Agent review route and its tests; the logic is sound, both tRPC caller paths resolve correctly, and the new failure-path coverage is adequate.