PEN-110: expose daemon models for distributed onboarding

[wauputr4]

Summary

• include live healthy daemon-advertised model IDs in the authenticated /v1/models response without exposing daemon node metadata
• add coverage for daemon model visibility, stale/disabled/unhealthy filtering, and route duplicate handling
• document self-serve distributed onboarding and add scripts/distributed-onboarding-smoke.sh

Links

• Multica: PEN-110
• GitHub: P14: Add self-serve user API key onboarding for distributed proxy #67

Verification

• PASS: git diff --check
• PASS: bash -n scripts/distributed-onboarding-smoke.sh
• BLOCKED: cargo fmt --all -- --check and CARGO_TARGET_DIR=/tmp/mizan-cargo-target-pen-110 cargo test -p mizan-api providers::tests::list_public_models -- --nocapture (cargo is not installed in this runtime)

[gemini-code-assist]

Code Review

This pull request refactors the public models listing API to include capabilities from active, healthy, and non-stale daemon nodes, and adds automated smoke tests and documentation for self-serve distributed onboarding. The review feedback highlights two key improvements: first, making the list_models API more resilient by gracefully skipping daemon nodes with malformed JSON rather than failing the entire request with a 500 error; second, securing the json_field helper in the smoke test script by passing arguments to Python via sys.argv instead of direct shell variable interpolation.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

If a single daemon node has corrupted or invalid JSON in model_ids_json, calling list_models will fail the entire request with a 500 Internal Server Error due to the use of the ? operator on parse_json_vec.\n\nTo make the public models listing API more resilient and fault-tolerant, we should log a warning and skip the misconfigured daemon node instead of failing the entire API call.

    for (provider_family, model_ids_json) in daemon_rows {\n        let model_ids = match parse_json_vec(&model_ids_json, "daemon_node.model_ids_json") {\n            Ok(ids) => ids,\n            Err(error) => {\n                warn!(error = %error, "failed to parse daemon node model IDs, skipping node");\n                continue;\n            }\n        };\n        for model_id in model_ids {\n            if !seen_model_ids.insert(model_id.clone()) {\n                continue;\n            }

[gemini-code-assist]

Directly interpolating the shell variable $1 into the Python script string can lead to syntax errors or command injection vulnerabilities if the field name contains special characters.\n\nIt is safer and more robust to pass the field name as a command-line argument to the Python process and access it via sys.argv.

Suggested change

	json_field() {
	python3 -c 'import json,sys; data=json.load(sys.stdin); print(data["'$1'"])'
	}
	json_field() {\n python3 -c 'import json,sys; data=json.load(sys.stdin); print(data[sys.argv[1]])' "$1"\n}