#12907: feat: add Gonka.ai as optional LLM provider with ECDSA signing

## Summary - Adds [Gonka.ai](https://gonka.ai) as an optional inference provider (decentralized AI network running Qwen3-235B-A22B) - Gonka uses ECDSA Secp256k1 request signing instead of standard API keys, requiring a native provider implementation - Default provider remains **anthropic** — all changes are purely additive ## Changes ### Types & Schemas - `src/config/types.models.ts` — add `"gonka"` to `ModelApi`, `"private-key"` to `ModelProviderAuthMode` - `src/config/zod-schema.core.ts` — add corresponding Zod literals ### Provider - `src/agents/models-config.providers.ts` — `buildGonkaProvider()` with vLLM compat flags (`supportsStore: false`, `supportsDeveloperRole: false`, `maxTokensField: "max_tokens"`) + implicit provider resolution - `src/agents/model-selection.ts` — provider aliases: `gonka-ai`, `gonka.ai` → `gonka` ### Authentication - `src/agents/model-auth.ts` — `"private-key"` auth mode support, `GONKA_PRIVATE_KEY` env var resolution ### Stream Integration - `src/agents/gonka-stream.ts` (**new**) — Phase 3 ECDSA signing (matching Python SDK v0.2.4), vLLM body normalization, endpoint discovery with TTL caching, transfer agent whitelist (v0.2.9), URL rewriting for endpoint ↔ transfer address matching - `src/agents/pi-embedded-runner/run/attempt.ts` — conditional `initGonkaStream()` hook for gonka provider ### Dependencies - `@cosmjs/crypto@^0.38.1` — Secp256k1 ECDSA signing - `gonka-openai@^0.2.2` — endpoint discovery and address derivation ## Configuration ```bash export GONKA_PRIVATE_KEY="<hex-encoded-secp256k1-private-key>" ``` The provider auto-registers when `GONKA_PRIVATE_KEY` is set, following the same pattern as other implicit providers (minimax, moonshot, etc). ## Test plan - [x] `pnpm build` — no errors - [x] `pnpm check` — TypeScript and lint clean - [x] All changes are additive — existing providers and tests unaffected - [ ] Manual test with gonka private key and model selection 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a new optional model provider, `gonka`, including config/schema support, provider alias normalization (`gonka.ai`/`gonka-ai`), implicit provider registration when `GONKA_PRIVATE_KEY` is present, and a new `gonka-stream` integration that signs OpenAI-compatible chat-completions requests with Secp256k1 ECDSA. The main behavioral integration point is in the embedded runner, where the default `streamSimple` stream function is conditionally replaced with a signed variant for the gonka provider. The provider is configured as `openai-completions` with vLLM compatibility flags. <h3>Confidence Score: 3/5</h3> - This PR is close to mergeable but has a few functional integration issues that will break Gonka usage in common configurations. - Core changes are additive and scoped, but the Gonka stream initialization bypasses existing auth resolution (can silently run unsigned), and `resolveModelAuthMode` does not actually return the new `private-key` mode, affecting runtime behavior/UX. The vLLM normalization also mutates unknown message objects in a way that can throw at runtime. - src/agents/pi-embedded-runner/run/attempt.ts, src/agents/model-auth.ts, src/agents/gonka-stream.ts <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->