@bogyie/opencode-kiro-plugin 0.3.11 → 0.3.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/plugin.js +16 -61
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -40,7 +40,7 @@ The plugin resolves credentials in this order:
|
|
|
40
40
|
|
|
41
41
|
OpenCode startup does not start Kiro login or model discovery. The plugin injects `provider.kiro` with an `auto` placeholder model so Kiro appears in OpenCode's provider connector. Model discovery runs only when you explicitly call the `kiro_refresh_models` plugin tool; if discovery succeeds, later model-list requests use the latest in-memory cache. If discovery fails, the previous cache remains in use.
|
|
42
42
|
|
|
43
|
-
You can open OpenCode's provider connector, choose Kiro, and select `Kiro device login`.
|
|
43
|
+
You can open OpenCode's provider connector, choose Kiro, and select `Kiro device login`. The connector runs `kiro-cli login --use-device-flow`, waits for the local Kiro CLI session to become authenticated, then stores a local transport marker in OpenCode auth. If `login.identityProvider`, `login.region`, `login.license`, or `login.extraArgs` are configured, those options are passed to `kiro-cli login` along with `--use-device-flow`. After login succeeds, the plugin also tries to refresh the runtime model cache. If no OpenCode connector marker or API key is configured, direct fetch still reads the active Kiro CLI session token and calls Kiro's REST/EventStream endpoint directly. If an API/model call fails with an auth error, the selected transport starts the same configured Kiro CLI login flow and retries the request once. `cli-chat` mode uses the official `kiro-cli chat --no-interactive` surface and depends on the local Kiro CLI login state. `acp` mode uses the official `kiro-cli acp` surface, but is still treated as an explicit backend while its real-world protocol behavior is validated across Kiro CLI versions.
|
|
44
44
|
|
|
45
45
|
For AWS IAM Identity Center login, configure the default device-flow Start URL separately from the API region:
|
|
46
46
|
|
|
@@ -62,7 +62,7 @@ For AWS IAM Identity Center login, configure the default device-flow Start URL s
|
|
|
62
62
|
}
|
|
63
63
|
```
|
|
64
64
|
|
|
65
|
-
For IAM Identity Center,
|
|
65
|
+
For IAM Identity Center, configure `login.identityProvider` and `login.region` in plugin options so they are passed to `kiro-cli login --use-device-flow`.
|
|
66
66
|
|
|
67
67
|
Use the `kiro_status` plugin tool to inspect provider id, backend, region, auth method, and discovered model count. Use `kiro_refresh_models` when you explicitly want to run the configured model discovery command and update the in-memory model cache. Secrets are redacted in diagnostics.
|
|
68
68
|
|
package/dist/plugin.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { tool } from "@opencode-ai/plugin";
|
|
2
2
|
import { KiroAcpTransport } from "./acp-transport.js";
|
|
3
|
-
import {
|
|
3
|
+
import { credentialFromKiroDeviceAuthKey, detectAuth, isKiroDeviceAuthKey, readKiroCliSessionCredential, resolveApiKey, startKiroCliLoginOnce, runKiroLoginFlowOnce, } from "./auth.js";
|
|
4
4
|
import { KiroCliChatTransport } from "./cli-transport.js";
|
|
5
5
|
import { loadOptions } from "./config.js";
|
|
6
6
|
import { createKiroFetch } from "./fetch-adapter.js";
|
|
@@ -53,10 +53,6 @@ function bearerToken(init) {
|
|
|
53
53
|
const match = header?.match(/^Bearer\s+(.+)$/i);
|
|
54
54
|
return match?.[1] || undefined;
|
|
55
55
|
}
|
|
56
|
-
function inputString(inputs, key) {
|
|
57
|
-
const value = inputs?.[key];
|
|
58
|
-
return typeof value === "string" && value.trim() ? value.trim() : undefined;
|
|
59
|
-
}
|
|
60
56
|
export function effectiveBackend(options, accessToken) {
|
|
61
57
|
const apiKey = accessToken || process.env.KIRO_API_KEY;
|
|
62
58
|
if (options.backend === "acp")
|
|
@@ -164,36 +160,26 @@ export function createKiroPlugin() {
|
|
|
164
160
|
localServer = await startLocalKiroServer(localFetch);
|
|
165
161
|
return localServer;
|
|
166
162
|
};
|
|
167
|
-
const
|
|
168
|
-
const
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
const authorization = await authorizeKiroDevice({
|
|
172
|
-
region: idcRegion,
|
|
173
|
-
...(startUrl ? { identityProvider: startUrl } : {}),
|
|
163
|
+
const authorizeCliDeviceLogin = async () => {
|
|
164
|
+
const session = startKiroCliLoginOnce({
|
|
165
|
+
...options.login,
|
|
166
|
+
useDeviceFlow: true,
|
|
174
167
|
});
|
|
175
|
-
|
|
168
|
+
await session.waitForPrompt(options.requestTimeoutMs);
|
|
176
169
|
return {
|
|
177
|
-
url,
|
|
178
|
-
instructions:
|
|
170
|
+
url: session.url,
|
|
171
|
+
instructions: session.instructions,
|
|
179
172
|
method: "auto",
|
|
180
173
|
callback: async () => {
|
|
181
|
-
const
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
const key = encodeKiroDeviceAuthKey(credential);
|
|
174
|
+
const authenticated = await session.waitForAuth();
|
|
175
|
+
if (!authenticated)
|
|
176
|
+
return { type: "failed" };
|
|
177
|
+
await refreshModels(true).catch(() => []);
|
|
186
178
|
return {
|
|
187
179
|
type: "success",
|
|
188
|
-
key,
|
|
189
|
-
access: key,
|
|
190
|
-
refresh: credential.refreshToken,
|
|
191
|
-
expires: credential.expiresAt,
|
|
180
|
+
key: "kiro-plugin-local-transport",
|
|
192
181
|
metadata: {
|
|
193
|
-
source: "kiro-device-
|
|
194
|
-
region: credential.region,
|
|
195
|
-
oidcRegion: credential.oidcRegion,
|
|
196
|
-
...(credential.profileArn ? { profileArn: credential.profileArn } : {}),
|
|
182
|
+
source: "kiro-cli-device-flow",
|
|
197
183
|
},
|
|
198
184
|
};
|
|
199
185
|
},
|
|
@@ -225,39 +211,8 @@ export function createKiroPlugin() {
|
|
|
225
211
|
methods: [
|
|
226
212
|
{
|
|
227
213
|
type: "oauth",
|
|
228
|
-
label:
|
|
229
|
-
authorize: async () =>
|
|
230
|
-
},
|
|
231
|
-
{
|
|
232
|
-
type: "oauth",
|
|
233
|
-
label: "Kiro device login (custom)",
|
|
234
|
-
prompts: [
|
|
235
|
-
{
|
|
236
|
-
type: "text",
|
|
237
|
-
key: "startUrl",
|
|
238
|
-
message: options.login.identityProvider
|
|
239
|
-
? `IAM Identity Center Start URL (current: ${options.login.identityProvider}, leave blank to keep)`
|
|
240
|
-
: "IAM Identity Center Start URL (leave blank for AWS Builder ID)",
|
|
241
|
-
placeholder: "https://your-company.awsapps.com/start",
|
|
242
|
-
},
|
|
243
|
-
{
|
|
244
|
-
type: "text",
|
|
245
|
-
key: "idcRegion",
|
|
246
|
-
message: options.login.region && options.login.region !== "us-east-1"
|
|
247
|
-
? `IAM Identity Center region (current: ${options.login.region}, leave blank to keep)`
|
|
248
|
-
: "IAM Identity Center region (leave blank for us-east-1)",
|
|
249
|
-
placeholder: "us-east-1",
|
|
250
|
-
},
|
|
251
|
-
{
|
|
252
|
-
type: "text",
|
|
253
|
-
key: "profileArn",
|
|
254
|
-
message: options.profileArn
|
|
255
|
-
? `Profile ARN (current: ${options.profileArn}, leave blank to keep)`
|
|
256
|
-
: "Profile ARN (optional, improves region/profile routing for IAM Identity Center)",
|
|
257
|
-
placeholder: "arn:aws:codewhisperer:us-east-1:123456789012:profile/XXXXXXXXXX",
|
|
258
|
-
},
|
|
259
|
-
],
|
|
260
|
-
authorize: async (inputs) => authorizeDeviceLogin(inputs),
|
|
214
|
+
label: "Kiro device login",
|
|
215
|
+
authorize: async () => authorizeCliDeviceLogin(),
|
|
261
216
|
},
|
|
262
217
|
{
|
|
263
218
|
type: "api",
|