#16815: feat: add Kilo provider and OpenRouter routing params

## Summary - add KILO_API_KEY support in model auth and expected shell env keys - add OpenRouter-style routing extra params handling for kilo/openrouter payloads - add disableTools resolution from model extra params in runner attempt logic - extend e2e tests for Kilo extra params and routing behavior ## Validation - corepack pnpm tsgo - corepack pnpm exec vitest run -c vitest.e2e.config.ts src/agents/pi-embedded-runner-extraparams.e2e.test.ts <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds Kilo as a new OpenRouter-compatible provider with `KILO_API_KEY` env support, OpenRouter-style provider routing overrides (`provider: {...}` payload injection), and per-model `disableTools` resolution from extra params. - Registers `KILO_API_KEY` in model auth (`model-auth.ts`) and shell env expected keys (`io.ts`) - Extracts `mergeExtraParams` helper from inline logic in `applyExtraParamsToAgent` for reuse - Adds `resolveOpenRouterRoutingFromExtraParams` to parse `openrouterDataCollection`, `openrouterAllowFallbacks`, `openrouterRequireParameters`, `openrouterProviderOnly`, and `openrouterProviderOrder` from model config params - Adds `createOpenRouterRoutingWrapper` that injects `provider: {...}` into OpenAI-compatible payloads for `openrouter` and `kilo` providers (gated by `isOpenRouterLikeModel`) - Adds `resolveDisableToolsFromExtraParams` to allow per-model tool disabling via config params, used in `attempt.ts` to determine whether to create tools - Tests cover disableTools boolean/string parsing, override re-enabling, routing resolution, and end-to-end routing payload injection for Kilo models <h3>Confidence Score: 4/5</h3> - This PR is safe to merge — well-structured additions with comprehensive test coverage and no logic errors found. - The changes are clean and well-scoped: env key registration, helper extraction, new routing/tool-disable features, and thorough e2e tests. The code follows existing patterns, key parsing functions handle edge cases correctly, and the stream function wrapper chain is properly ordered. No security issues, no regressions to existing behavior, and the merge of inline logic into reusable helpers is a net improvement. - No files require special attention. _{Last reviewed commit: d8016c3} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->