inherit delegated model selection and improve Ollama Cloud flow

[AiRC-ai]

Summary

• treat inherit as a sentinel for delegated provider/model selection so subagents correctly fall back to the active parent session instead of passing inherit through literally
• persist auth override updates for fixed declarative providers and refresh the provider/model picker after saving so the UI reflects changes immediately
• surface live Ollama Cloud models without canonical filtering while still mapping ollama_cloud to canonical metadata so context limits and related model metadata resolve correctly

Validation

• cargo fmt --all
• cargo test -p goose summon -- --test-threads=1
• cargo test -p goose declarative_providers -- --test-threads=1
• cargo test -p goose test_map_to_canonical_model -- --test-threads=1
• cargo test -p goose with_canonical_limits -- --test-threads=1
• source bin/activate-hermit && cd ui/desktop && pnpm run typecheck
• source bin/activate-hermit && just package-ui

Manual verification

• delegated agents inherit the active parent provider/model when inherit is specified
• updating an Ollama Cloud API key persists correctly through the provider settings flow
• the Ollama Cloud model list refreshes and repopulates after provider updates
• canonical context window metadata is shown correctly for Ollama Cloud models

Notes

This branch combines the tested subagent inheritance fixes with the Ollama Cloud and declarative provider flow improvements into a single reviewable change set.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 37d221228b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid deleting shared API key when disabling fixed-provider auth

In update_custom_provider, the non-editable requires_auth == false branch deletes existing_config.api_key_env and then drops any shadow override. For fixed declarative providers that still default to requires_auth: true, this means the disable-auth toggle is not actually persisted, but the stored secret is still erased, so the provider will fail on next use; this can also break other providers that reuse the same env var key (for example MOONSHOT_API_KEY). Persist an explicit auth override or avoid deleting the secret in this path.

Useful? React with 👍 / 👎.