Fetch GonkaGate model catalog during MiMoCode setup

AGENTS.md

@@ -30,11 +30,12 @@ Current honest state:
   installer runtime
 - `src/install/` contains the runtime contracts, dependency adapters,
   orchestration, managed writes, rollback, redaction, and verification helpers
-- `moonshotai/kimi-k2.6` is MiMoCode-validated for the current
-  `@mimo-ai/cli` `0.1.0` baseline and is the recommended public default
-- `minimaxai/minimax-m2.7` and
-  `qwen/qwen3-235b-a22b-instruct-2507-fp8` remain MiMoCode candidates, not
-  public validated models
+- the runtime collects the GonkaGate key before the model picker, calls
+  `GET https://api.gonkagate.com/v1/models`, and writes every returned model
+  into `provider.gonkagate.models`
+- `moonshotai/kimi-k2.6` has MiMoCode validation proof for the current
+  `@mimo-ai/cli` `0.1.0` baseline, but the public picker is now backed by the
+  live GonkaGate model catalog rather than a hardcoded validated allowlist
 
 If implementation status, package name, security flow, config locations,
 transport contract, or verified MiMoCode baseline changes, this file must be
@@ -46,10 +47,11 @@ The intended happy path is:
 
 1. user runs `npx @gonkagate/mimo-code-setup`
 2. installer validates local `mimo`
-3. installer offers only MiMoCode-validated GonkaGate models
-4. installer asks for `user` or `project` scope
-5. installer collects a GonkaGate `gp-...` key through a hidden prompt,
+3. installer collects a GonkaGate `gp-...` key through a hidden prompt,
    `GONKAGATE_API_KEY`, or `--api-key-stdin`
+4. installer calls `GET /v1/models` with that key and offers all returned
+   GonkaGate models
+5. installer asks for `user` or `project` scope
 6. installer writes the minimum safe MiMoCode config layers
 7. installer verifies durable MiMoCode config and current-session effective
    config
@@ -68,6 +70,7 @@ change.
 - intended public npm entrypoint: `npx @gonkagate/mimo-code-setup`
 - stable provider id: `gonkagate`
 - canonical base URL: `https://api.gonkagate.com/v1`
+- runtime model catalog source: `GET https://api.gonkagate.com/v1/models`
 - current transport target: `chat_completions`
 - current provider package: `@ai-sdk/openai-compatible`
 - future `/v1/responses` support should be added by migration, not product
@@ -90,6 +93,8 @@ change.
 - canonical installer-owned cache-key setting:
   `provider.gonkagate.options.setCacheKey = false`
 - project config must not own the secret binding
+- public setup must fetch the model catalog after safe API-key intake instead
+  of exposing a hardcoded model allowlist
 - installer success must be based on effective MiMoCode config, not only file
   writes
 - raw `mimo --pure debug config` output must not be printed because `{file:...}`
@@ -120,11 +125,11 @@ change.
 - `docs/specs/mimo-code-setup-prd/spec.md` is the product source of truth
 - `src/cli.ts` is the public runtime entrypoint and calls `src/install/`
   through `src/cli/` parse/execute/render seams
-- `src/install/` contains successful setup orchestration for the validated
-  public registry and preserves the blocked path for custom candidate-only
-  registries
+- `src/install/` contains successful setup orchestration for safe secret
+  intake, live GonkaGate model-catalog fetch, dynamic provider catalog writes,
+  and effective-config verification
 - `src/constants/` pins package, provider, transport, config, and
-  model-registry contracts
+  model-validation metadata contracts
 - `bin/gonkagate-mimo-code.js` is a thin wrapper over `dist/cli.js`
 - `.github/workflows/` contains CI, release-please, and npm publish workflows
 - `.agents/skills/` and `.claude/skills/` contain mirrored local skill packs
@@ -137,14 +142,14 @@ This repo currently does:
 - define the product contract for the MiMoCode setup tool
 - provide npm packaging, CI, release-please, and publish scaffolding
 - provide a public CLI entrypoint that can configure MiMoCode when the local
-  `mimo` baseline, secret input, and effective-config verification pass
+  `mimo` baseline, secret input, live model-catalog fetch, and
+  effective-config verification pass
 - provide docs and tests that protect the current runtime contract
 - provide mirrored local skills for repo-aware agent work
-- expose `moonshotai/kimi-k2.6` as the current MiMoCode-validated public model
+- expose every model returned by GonkaGate `GET /v1/models` as a setup choice
 
 This repo currently does not do:
 
-- expose candidate-only GonkaGate models as public setup choices
 - write direct MiMoCode `auth.json`
 - mutate shell profiles
 - generate `.env` files
@@ -200,12 +205,17 @@ Current public entrypoint and split parse/execute/render seams.
 
 Runtime implementation for installer contracts, dependency injection,
 platform/path helpers, managed writes, rollback, verification, and redacted
-results. The default public registry currently exposes `moonshotai/kimi-k2.6`
-after MiMoCode validation proof.
+results. The default public flow fetches the GonkaGate model catalog from
+`/v1/models` after safe API-key intake.
+
+### `src/install/model-catalog.ts`
+
+Trust-boundary parser and fetch adapter for `GET /v1/models`. Keep it strict
+about response shape and redaction-safe about failures.
 
 ### `src/constants/`
 
-Package, provider, transport, path, and model-registry constants.
+Package, provider, transport, path, and model-validation constants.
 
 ### `.agents/skills/` and `.claude/skills/`
 
@@ -225,14 +235,14 @@ When behavior changes:
 - keep scaffold docs and future runtime docs explicitly labeled so they cannot
   contradict each other silently
 
-Additional public model exposure is blocked until each model is
-MiMoCode-validated:
+Live catalog exposure must stay distinct from MiMoCode validation claims:
 
-- do not write docs that claim candidate model setup success before
-  model-validation proof exists
-- add runtime behavior tests before claiming any new end-user capability
-- update the curated model registry truth when MiMoCode validation status
-  changes
+- do not claim every `/v1/models` entry has full MiMoCode workflow validation
+  unless matching proof exists
+- add runtime behavior tests before changing catalog fetch, model selection, or
+  provider catalog write behavior
+- update the validation proof ledger when a model gains or loses
+  MiMoCode-specific validation status
 
 ## Validation
 

CHANGELOG.md

@@ -28,6 +28,8 @@
   redacted verification, and candidate-only custom-registry blocking
 - MiMoCode validation for `moonshotai/kimi-k2.6` as the recommended public
   default
+- live GonkaGate `/v1/models` catalog fetch after safe API-key intake, with
+  every returned model written into `provider.gonkagate.models`
 
 ## [0.1.0] - 2026-06-11
 

README.md

@@ -50,10 +50,10 @@ npx @gonkagate/mimo-code-setup
 The happy path is:
 
 1. The CLI checks that `mimo` is installed and supported.
-2. It selects a MiMoCode-validated GonkaGate model.
-3. It asks whether GonkaGate should be activated for `user` or `project`
+2. It asks for your GonkaGate API key in a hidden prompt.
+3. It calls `GET /v1/models` and offers every model returned by GonkaGate.
+4. It asks whether GonkaGate should be activated for `user` or `project`
    scope.
-4. It asks for your GonkaGate API key in a hidden prompt.
 5. It writes the managed config, verifies the result, and tells you to go back
    to plain `mimo`.
 
@@ -106,9 +106,11 @@ npx @gonkagate/mimo-code-setup
 Under the hood, the shipped runtime:
 
 - validates local `mimo`
-- resolves the validated model and activation scope
 - accepts the secret only through a hidden prompt, `GONKAGATE_API_KEY`, or
   `--api-key-stdin`
+- fetches the live GonkaGate model catalog from
+  `https://api.gonkagate.com/v1/models`
+- resolves the selected model and activation scope
 - writes only the minimum safe MiMoCode config layers
 - verifies the durable plain-`mimo` outcome and the current session's effective
   MiMoCode outcome
@@ -165,28 +167,22 @@ rely on inherited per-user ACLs instead of portable `chmod`-style enforcement.
 
 ## Current Product Truth
 
-The current validated MiMoCode model is:
-
-- `moonshotai/kimi-k2.6`
-
-The curated registry also carries candidate entries for future gated MiMoCode
-proof:
-
-- `minimaxai/minimax-m2.7`
-- `qwen/qwen3-235b-a22b-instruct-2507-fp8`
-
-The runtime is curated-model-first:
+The runtime is live-catalog-first:
 
 - the stable provider id is `gonkagate`
 - the managed user-level provider key is `provider.gonkagate`
 - the canonical base URL is `https://api.gonkagate.com/v1`
+- the setup model list is fetched from
+  `https://api.gonkagate.com/v1/models` after safe API-key intake
 - the current provider package is `@ai-sdk/openai-compatible`
 - the current transport target is `chat_completions`
 - future migration should add `responses` support without renaming the product
 - the selected setup model remains the activation default through `model` and
   `small_model`
-- the curated registry can carry compatibility metadata, provider options,
-  model options, and headers when a validated MiMoCode flow needs them
+- `provider.gonkagate.models` is generated from every model returned by
+  `/v1/models`
+- `docs/model-validation.md` tracks MiMoCode workflow proof separately from
+  live catalog availability
 
 ## Verification And Config Precedence
 
@@ -195,11 +191,11 @@ Success is based on effective MiMoCode config.
 
 For durable verification, `mimo --pure debug config` is the final truth source.
 The installer uses that resolved result to verify `model`, `small_model`,
-`provider.gonkagate`, the validated transport and base URL shape, and the
-validated model catalog shape.
+`provider.gonkagate`, the current transport and base URL shape, and the live
+model catalog shape.
 
 The installer also runs `mimo models gonkagate` and checks that the selected
-validated GonkaGate model is visible to MiMoCode.
+GonkaGate model is visible to MiMoCode.
 
 MiMoCode override state matters here:
 
@@ -245,6 +241,14 @@ of portable `chmod`-style enforcement.
 
 WSL remains supported too.
 
+## Development Checks
+
+Before treating setup behavior, docs, or package changes as ready, run:
+
+```bash
+npm run ci
+```
+
 ## Docs
 
 - [Documentation Index](docs/README.md)

docs/README.md

@@ -4,10 +4,11 @@ This directory contains the product and contributor-facing documentation for
 `@gonkagate/mimo-code-setup`.
 
 - `specs/mimo-code-setup-prd/spec.md` is the product source of truth.
-- `how-it-works.md` summarizes the planned installer architecture.
+- `how-it-works.md` summarizes the installer architecture.
 - `security.md` defines the secret-handling and config-ownership contract.
-- `model-validation.md` tracks curated model validation status.
+- `model-validation.md` tracks MiMoCode workflow proof separately from live
+  `/v1/models` catalog availability.
 - `troubleshooting.md` lists expected blocker classes and safe diagnostics.
 
-The repository currently has a development scaffold, not a shipped installer
-runtime. Keep that distinction explicit when editing docs.
+The repository currently has an installer runtime. Keep docs aligned with the
+implemented flow when editing setup behavior.

docs/how-it-works.md

@@ -2,9 +2,9 @@
 
 `mimo-code-setup` configures MiMoCode to use GonkaGate as a custom provider.
 The current repository contains the product contract and installer runtime.
-`moonshotai/kimi-k2.6` is the current MiMoCode-validated public default;
-additional GonkaGate models remain gated until their own validation records
-exist.
+The public model picker is populated from GonkaGate `GET /v1/models` after
+safe API-key intake, so it follows the live GonkaGate model catalog instead of
+a hardcoded allowlist.
 
 ## Planned Flow
 
@@ -14,10 +14,12 @@ exist.
    files.
 3. Collect a GonkaGate API key through safe inputs only:
    `GONKAGATE_API_KEY`, hidden interactive prompt, or `--api-key-stdin`.
-4. Store the secret under `~/.gonkagate/mimo-code/api-key`.
-5. Write user-level provider config for `provider.gonkagate`.
-6. Write only activation settings for project scope.
-7. Verify durable config and current-session effective config without printing
+4. Fetch `https://api.gonkagate.com/v1/models` with Bearer auth and build the
+   setup picker from every returned model id.
+5. Store the secret under `~/.gonkagate/mimo-code/api-key`.
+6. Write user-level provider config for `provider.gonkagate`.
+7. Write only activation settings for project scope.
+8. Verify durable config and current-session effective config without printing
    raw resolved config.
 
 ## MiMoCode Surfaces
@@ -62,9 +64,16 @@ The intended managed provider shape is:
       },
       "models": {
         "moonshotai/kimi-k2.6": {
-          "name": "Kimi K2.6",
+          "name": "moonshotai/kimi-k2.6",
           "limit": {
-            "context": 262000,
+            "context": 0,
+            "output": 0
+          }
+        },
+        "minimaxai/minimax-m2.7": {
+          "name": "minimaxai/minimax-m2.7",
+          "limit": {
+            "context": 0,
             "output": 0
           }
         }
@@ -74,6 +83,10 @@ The intended managed provider shape is:
 }
 ```
 
+The concrete `models` object is generated from the live `/v1/models` response.
+The API model ids are also the MiMoCode model keys under
+`provider.gonkagate.models`.
+
 `setCacheKey` is disabled because live GonkaGate chat-completions requests
 reject the non-standard `promptCacheKey` parameter emitted by the AI SDK when
 cache keys are enabled.

docs/model-validation.md

@@ -1,19 +1,22 @@
 # Model Validation
 
-The current curated registry has one MiMoCode-validated public model:
-`moonshotai/kimi-k2.6`.
+The runtime setup picker is populated from GonkaGate `GET /v1/models` after
+safe API-key intake. This document is not the public picker allowlist; it is
+the MiMoCode workflow proof ledger.
 
-Validated entries:
+Current MiMoCode-validated workflow proof exists for:
 
-- `moonshotai/kimi-k2.6` - Kimi K2.6, 262K context, recommended default.
+- `moonshotai/kimi-k2.6` - Kimi K2.6, 262K context.
 
-Candidate entries are refreshed from the public GonkaGate models page. GonkaGate
-availability metadata is not MiMoCode validation proof.
+The current public GonkaGate models page also lists:
 
 - `minimaxai/minimax-m2.7` - MiniMax M2.7, 205K context.
 - `qwen/qwen3-235b-a22b-instruct-2507-fp8` - Qwen3 235B A22B
   Instruct 2507 FP8, 262K context.
 
+GonkaGate `/v1/models` availability is setup-catalog proof, not full MiMoCode
+workflow validation proof.
+
 Live MiMoCode validation for Kimi uses the full GonkaGate slug as the MiMoCode
 model key, so the effective model ref is
 `gonkagate/moonshotai/kimi-k2.6`. Short aliases such as
@@ -23,8 +26,8 @@ The managed provider config sets `provider.gonkagate.options.setCacheKey` to
 `false`. Live GonkaGate chat-completions requests reject the non-standard
 `promptCacheKey` parameter emitted when AI SDK cache keys are enabled.
 
-Before a model can become public validated runtime behavior, validation must
-prove:
+Before a model can be documented as MiMoCode workflow-validated, validation
+must prove:
 
 - MiMoCode TUI startup with the selected model active
 - `mimo run` with the selected model
@@ -45,13 +48,14 @@ prove:
 - a dry or fixture-backed chat path uses `@ai-sdk/openai-compatible`
 - effective config verification detects wrong base URL, wrong transport, and
   provider gating blockers
-- docs and tests name the model as validated only after the proof exists
+- docs and tests name the model as MiMoCode workflow-validated only after the
+  proof exists
 
 The registry types already allow transport, adapter package, provider options,
 model options, model headers, limits, and migration metadata so MiMoCode-specific
 requirements can be added without changing the public shape later.
 
 Validation records are represented in `src/constants/model-validation.ts`.
 Contract tests reject any registry entry marked `validated` without a matching
-record. Additional live GonkaGate proof is a gated validation activity and is
-not part of default CI.
+record. Additional live GonkaGate workflow proof is a gated validation activity
+and is not part of default CI.