Skip to content
Revka Revka
Docs
revka models, providers & auth

revka models, providers & auth

Refresh and inspect model catalogs, list providers, and manage subscription/OAuth auth profiles.

This page covers three related parts of the revka CLI: the revka models group for refreshing and inspecting per-provider model catalogs, the revka providers command for listing every supported back-end, and the revka auth group for managing OAuth and subscription authentication profiles (the credentials behind providers like OpenAI Codex, Gemini, and Anthropic subscription tokens).

Reach for these commands when you want to discover which models a provider currently offers, change your default model, confirm an API key works, or log in to a subscription provider that authenticates with OAuth instead of a plain API key.

For the conceptual side of providers — the full catalog, region routing, reliability, and custom endpoints — see Custom providers & local LLMs and the Provider catalog. For configuring credentials in config.toml, see Config: provider, agent & routing.

revka models

Section titled “revka models”

Provider model catalogs are fetched live from each provider’s models endpoint and cached on disk. The cache lives at <workspace>/state/models_cache.json and entries are considered fresh for 12 hours. After that they are reported as stale, but stale entries are never deleted — they remain available as a fallback when a live refresh fails.

revka models refresh

Section titled “revka models refresh”

Fetch a provider’s current model catalog and write it to the cache.

Terminal window
revka models refresh                       # refresh the configured default provider
revka models refresh --provider openrouter # refresh a specific provider
revka models refresh --all                 # refresh every live-discovery provider
revka models refresh --force               # ignore the fresh cache and fetch now
FlagMeaning
--provider <ID>Refresh a specific provider. Defaults to the configured default_provider.
--allRefresh every provider that supports live model discovery. Cannot be combined with --provider.
--forceIgnore a fresh cache entry and force a live fetch.

Without --force, a refresh that finds a fresh (under 12 hours old) cache entry prints the cached list instead of hitting the network, and reminds you that revka models refresh --force --provider <ID> fetches the latest immediately.

If the live fetch fails or the provider returns an empty list, Revka falls back to the most recent cached catalog (even if it is stale) and tells you how old it is, so a transient provider outage does not leave you without a model list.

revka models list

Section titled “revka models list”

Print the cached model list for a provider. This reads only the cache — it never fetches — so run revka models refresh first if the cache is empty.

Terminal window
revka models list                     # list cached models for the default provider
revka models list --provider anthropic

The currently configured default_model is marked with a *. The output also shows how long ago the cache was written. If no cache exists for the provider, the command tells you which revka models refresh command to run.

revka models set

Section titled “revka models set”

Write a new default_model into config.toml.

Terminal window
revka models set claude-sonnet-4-20250514

This is a convenience wrapper around editing the default_model key directly. Use a model ID that matches your provider’s format — for example OpenRouter uses provider/model-name (anthropic/claude-sonnet-4-6), while Anthropic uses the bare model ID.

revka models status

Section titled “revka models status”

Show the active model configuration and cache freshness for the default provider.

Terminal window
revka models status

The output reports the configured provider, model, and temperature, then the cached model count, how long ago the cache was written, and whether it is fresh (under 12 hours) or stale.

Providers that support live discovery

Section titled “Providers that support live discovery”

revka models refresh (and --all) only works for providers that expose a queryable model catalog:

openrouter, openai, openai-codex, anthropic, groq, mistral, deepseek, xai,
together-ai, gemini, ollama, llamacpp, sglang, vllm, osaurus, astrai,
avian, venice, fireworks, novita, cohere, moonshot, glm, zai, qwen, nvidia,
opencode-go

Any custom:<URL> endpoint also supports live discovery. Refreshing any other provider returns Provider '<id>' does not support live model discovery yet. For those providers, set the model manually with revka models set.

revka providers

Section titled “revka providers”

List every supported provider with its canonical ID, display name, aliases, and a marker for the one currently active in your config.

Terminal window
revka providers

The output marks the active provider with (active) and tags providers that run locally (such as Ollama) with [local]. Two synthetic entries are always shown:

  • custom:<URL> — point Revka at any OpenAI-compatible endpoint.
  • anthropic-custom:<URL> — point Revka at any Anthropic-compatible endpoint.

Use a provider ID (or one of its aliases) as the value of default_provider in config.toml, the -p/--provider flag on revka agent, or the REVKA_PROVIDER environment variable. For the full catalog with base URLs, env vars, and capabilities, see the Provider catalog.

Auth management

Section titled “Auth management”

Most providers authenticate with a plain API key set in config.toml or an environment variable. A few authenticate through OAuth or subscription tokens instead — there is no static API key to paste. The revka auth commands manage those credentials.

Auth profiles are stored separately from config.toml in ~/.revka/auth-profiles.json (a single encrypted JSON file in the config directory) and are keyed by provider plus a profile name (default: default). Multiple profiles let you keep, for example, a personal and a work subscription side by side and switch between them.

Subscription/OAuth providers include:

ProviderAuth style
openai-codex (alias codex)OAuth — browser or device-code flow, or import existing Codex credentials
geminiOAuth login
anthropicSubscription setup token / paste-token

See OAuth & subscription providers for how each provider uses these credentials at request time, and Secrets, pairing & device auth for credential storage.

revka auth login

Section titled “revka auth login”

Start an OAuth login for a subscription provider.

Terminal window
revka auth login --provider openai-codex
revka auth login --provider openai-codex --device-code
revka auth login --provider openai-codex --import ~/.codex/auth.json
revka auth login --provider gemini --profile work
FlagMeaning
--provider <ID>Provider to authenticate (e.g. openai-codex, gemini). Required.
--profile <NAME>Profile name to store the credentials under. Default: default.
--device-codeUse the OAuth device-code flow instead of the redirect flow. Useful on headless hosts.
--import <PATH>Import an existing auth.json instead of starting a new login. Currently only openai-codex; defaults to ~/.codex/auth.json. Conflicts with --device-code.

The default (non-device-code) flow opens a browser to authorize, then completes by capturing the redirect. On a machine without a browser, use --device-code, or complete the redirect manually with revka auth paste-redirect.

revka auth paste-redirect

Section titled “revka auth paste-redirect”

Finish an OAuth login by pasting the redirect URL (or raw authorization code) that the provider returned — used when the browser redirect could not be captured automatically.

Terminal window
revka auth paste-redirect --provider openai-codex --input "<URL_OR_CODE>"
FlagMeaning
--provider <ID>Provider being authenticated.
--profile <NAME>Profile name. Default: default.
--input <URL_OR_CODE>The full redirect URL or the raw OAuth code. If omitted, you are prompted for it.

revka auth paste-token

Section titled “revka auth paste-token”

Store a subscription or setup token directly — used for Anthropic subscription auth, where you supply a token value rather than running a browser flow.

Terminal window
revka auth paste-token --provider anthropic --token "<VALUE>"
revka auth paste-token --provider anthropic --auth-kind api-key
FlagMeaning
--provider <ID>Provider (e.g. anthropic).
--profile <NAME>Profile name. Default: default.
--token <VALUE>The token value. If omitted, you are prompted to enter it interactively (so it stays out of your shell history).
--auth-kind <KIND>Override how the token is sent: authorization or api-key.

revka auth setup-token

Section titled “revka auth setup-token”

Interactive alias of paste-token, intended for the Anthropic subscription setup-token flow.

Terminal window
revka auth setup-token --provider anthropic

It accepts the same --provider and --profile flags and prompts for the token value.

revka auth refresh

Section titled “revka auth refresh”

Refresh an access token from its stored refresh token. Supported for openai-codex and gemini.

Terminal window
revka auth refresh --provider openai-codex
revka auth refresh --provider openai-codex --profile work
revka auth refresh --provider gemini
FlagMeaning
--provider <ID>Provider whose token to refresh.
--profile <NAME_OR_ID>Profile name or full profile id. Optional.

Long-running deployments refresh tokens automatically in-process; this command is for forcing a refresh manually.

revka auth use

Section titled “revka auth use”

Set the active profile for a provider when you keep more than one.

Terminal window
revka auth use --provider openai-codex --profile work
FlagMeaning
--provider <ID>Provider to switch.
--profile <NAME>Profile name or full profile id to make active.

revka auth logout

Section titled “revka auth logout”

Remove a stored auth profile.

Terminal window
revka auth logout --provider openai-codex
revka auth logout --provider openai-codex --profile work
FlagMeaning
--provider <ID>Provider to log out of.
--profile <NAME>Profile to remove. Default: default.

revka auth list

Section titled “revka auth list”

List all stored auth profiles across providers.

Terminal window
revka auth list

revka auth status

Section titled “revka auth status”

Show the active profile per provider and each token’s expiry.

Terminal window
revka auth status

Use this to confirm which subscription credentials are in effect and whether any token is close to expiring.

Section titled “Related pages”
Built by Kumiho. Revka is open source under MIT/Apache-2.0.
Home revka.ai GitHub

Get started

Revka documentation Installation Quickstart Onboarding wizard (revka onboard) Install the Python MCP sidecars macOS update & uninstall How Revka works

Core concepts

The agent loop Autonomy levels & approvals Agents, teams & swarms Sessions & conversation state Security model

Guides

Run the dashboard Chat with your agent Connect a messaging channel Set up Telegram & Matrix Set up Mattermost & Nextcloud Talk Browser automation Kumiho graph memory Custom providers & local LLMs Expose your gateway with a tunnel

CLI reference

CLI overview & environment revka agent revka gateway, daemon & service revka cron revka channel & integrations revka models, providers & auth revka memory & estop revka skills, workflows & sop revka doctor, status & self-test revka hardware & peripheral revka install, update, migrate, completions & ACP

Gateway API

Gateway API overview Pairing & authentication Status, health, config & tools endpoints Cron, sessions & attachments API Agents, skills & teams API Workflows & Architect API Memory graph & Asset Browser API MCP proxy & discovery API Webhook ingress Realtime: WebSocket, SSE & Live Canvas Cost, audit, ClawHub & credentials API TLS, rate limiting, WebAuthn & static serving

Dashboard

Dashboard overview Workflows, editor & runs Agents, teams & canvas Assets & memory explorer Skills, tools & integrations pages Cron, cost & config pages Operator chat assistant Logs, audit, doctor, pairing & skins pages

Channels

Channels overview Telegram, Discord & Slack Matrix, Mattermost & Nextcloud Talk Signal, Nostr & IRC WhatsApp (Cloud API & Web) Lark, Feishu, DingTalk, WeCom, QQ & Mochat Bluesky, X/Twitter & Reddit Email, iMessage, Linq & automation Voice, TTS & transcription

Providers & models

Provider quickstart Provider catalog Cloud API providers (Gemini, Bedrock, Azure) Local, self-hosted & custom endpoints OAuth & subscription providers China-region providers Routing, reliability & tuning

Tools

Tools overview Filesystem & code tools Browser & web tools Media & vision tools Scheduling & SOP tools Code agents, delegation & pipelines Communication & escalation tools Productivity integration tools Cloud, security, data & runtime tools

Memory

Memory overview Kumiho setup Kumiho memory tools Graph model: spaces, items & provenance Response cache, hardware RAG & isolation

Workflows & SOP

Workflows & SOP overview Your first workflow Workflow YAML reference Step types reference Variables, expressions & triggers Runs, approvals & checkpoints Built-in workflows & orchestration patterns SOP reference: syntax, triggers & execution Verifiable Intent (commerce gating)

Cron & scheduling

Cron overview & expressions Agent jobs & delivery Declarative jobs & scheduler config

Security & audit

Policy, commands & sandboxing OTP gating & emergency stop Secrets, pairing & device auth Audit log Prompt injection, leak detection & trust Enterprise IAM (Nevis)

Deployment & ops

Runtime modes, adapters & resource limits Run as a background service Docker, Compose & one-click PaaS Network deployment, Raspberry Pi & proxy Updating, runbook & troubleshooting Observability & tracing Cost tracking & budgets Heartbeat & lifecycle hooks

Hardware

Hardware quickstart Supported boards reference Flashing firmware GPIO tools Raspberry Pi (self-hosted) Aardvark I2C/SPI/GPIO & datasheets Robot Kit

MCP & extensibility

Revka as an MCP server Connecting to external MCP servers Skills system WASM plugins Integration catalog

Ecosystem

Desktop app Operator MCP Spawning & coordinating agents A2A protocol & cloud agents Specialized suites: CanonWorks, Manus & nodes

Reference

Configuration overview Config: provider, agent & routing Config: channels, tools & integrations Config: gateway, memory, security & platform Cargo feature flags & ADRs