@kervnet/opencode-kiro-auth 1.5.1

package/dist/plugin/request.js

@@ -0,0 +1,239 @@
+import * as crypto from 'crypto';
+import * as os from 'os';
+import { KIRO_CONSTANTS } from '../constants.js';
+import { buildHistory, extractToolNamesFromHistory, historyHasToolCalling, truncateHistory } from '../infrastructure/transformers/history-builder.js';
+import { findOriginalToolCall, getContentText, mergeAdjacentMessages, truncate } from '../infrastructure/transformers/message-transformer.js';
+import { convertToolsToCodeWhisperer, deduplicateToolResults } from '../infrastructure/transformers/tool-transformer.js';
+import { convertImagesToKiroFormat, extractAllImages, extractTextFromParts } from './image-handler.js';
+import { resolveKiroModel } from './models.js';
+export function transformToCodeWhisperer(url, body, model, auth, think = false, budget = 20000, reductionFactor = 1.0) {
+    const req = typeof body === 'string' ? JSON.parse(body) : body;
+    const { messages, tools, system } = req;
+    const convId = crypto.randomUUID();
+    if (!messages || messages.length === 0)
+        throw new Error('No messages');
+    const resolved = resolveKiroModel(model);
+    let sys = system || '';
+    if (think) {
+        const pfx = `<thinking_mode>enabled</thinking_mode><max_thinking_length>${budget}</max_thinking_length>`;
+        sys = sys.includes('<thinking_mode>') ? sys : sys ? `${pfx}\n${sys}` : pfx;
+    }
+    const msgs = mergeAdjacentMessages([...messages]);
+    const lastMsg = msgs[msgs.length - 1];
+    if (lastMsg && lastMsg.role === 'assistant' && getContentText(lastMsg) === '{')
+        msgs.pop();
+    const cwTools = tools ? convertToolsToCodeWhisperer(tools) : [];
+    const toolResultLimit = Math.floor(250000 * reductionFactor);
+    let history = buildHistory(msgs, resolved, sys, toolResultLimit);
+    const historyLimit = Math.floor(850000 * reductionFactor);
+    history = truncateHistory(history, historyLimit);
+    const curMsg = msgs[msgs.length - 1];
+    if (!curMsg)
+        throw new Error('Empty');
+    let curContent = '';
+    const curTrs = [];
+    const curImgs = [];
+    if (curMsg.role === 'assistant') {
+        const arm = { content: '' };
+        let th = '';
+        if (Array.isArray(curMsg.content)) {
+            for (const p of curMsg.content) {
+                if (p.type === 'text')
+                    arm.content += p.text || '';
+                else if (p.type === 'thinking')
+                    th += p.thinking || p.text || '';
+                else if (p.type === 'tool_use') {
+                    if (!arm.toolUses)
+                        arm.toolUses = [];
+                    arm.toolUses.push({ input: p.input, name: p.name, toolUseId: p.id });
+                }
+            }
+        }
+        else
+            arm.content = getContentText(curMsg);
+        if (curMsg.tool_calls && Array.isArray(curMsg.tool_calls)) {
+            if (!arm.toolUses)
+                arm.toolUses = [];
+            for (const tc of curMsg.tool_calls) {
+                arm.toolUses.push({
+                    input: typeof tc.function?.arguments === 'string'
+                        ? JSON.parse(tc.function.arguments)
+                        : tc.function?.arguments,
+                    name: tc.function?.name,
+                    toolUseId: tc.id
+                });
+            }
+        }
+        if (th)
+            arm.content = arm.content
+                ? `<thinking>${th}</thinking>\n\n${arm.content}`
+                : `<thinking>${th}</thinking>`;
+        if (arm.content || arm.toolUses) {
+            history.push({ assistantResponseMessage: arm });
+        }
+        curContent = 'Continue';
+    }
+    else {
+        const prev = history[history.length - 1];
+        if (prev && !prev.assistantResponseMessage)
+            history.push({ assistantResponseMessage: { content: 'Continue' } });
+        if (curMsg.role === 'tool') {
+            if (curMsg.tool_results) {
+                for (const tr of curMsg.tool_results)
+                    curTrs.push({
+                        content: [{ text: truncate(getContentText(tr), toolResultLimit) }],
+                        status: 'success',
+                        toolUseId: tr.tool_call_id
+                    });
+            }
+            else {
+                curTrs.push({
+                    content: [{ text: truncate(getContentText(curMsg), toolResultLimit) }],
+                    status: 'success',
+                    toolUseId: curMsg.tool_call_id
+                });
+            }
+        }
+        else if (Array.isArray(curMsg.content)) {
+            curContent = extractTextFromParts(curMsg.content);
+            for (const p of curMsg.content) {
+                if (p.type === 'tool_result') {
+                    curTrs.push({
+                        content: [{ text: truncate(getContentText(p.content || p), toolResultLimit) }],
+                        status: 'success',
+                        toolUseId: p.tool_use_id
+                    });
+                }
+            }
+            const unifiedImages = extractAllImages(curMsg.content);
+            if (unifiedImages.length > 0) {
+                curImgs.push(...convertImagesToKiroFormat(unifiedImages));
+            }
+        }
+        else
+            curContent = getContentText(curMsg);
+        if (!curContent)
+            curContent = curTrs.length ? 'Tool results provided.' : 'Continue';
+    }
+    const request = {
+        conversationState: {
+            chatTriggerType: KIRO_CONSTANTS.CHAT_TRIGGER_TYPE_MANUAL,
+            conversationId: convId,
+            currentMessage: {
+                userInputMessage: {
+                    content: curContent,
+                    modelId: resolved,
+                    origin: KIRO_CONSTANTS.ORIGIN_AI_EDITOR
+                }
+            }
+        }
+    };
+    const toolUsesInHistory = history.flatMap((h) => h.assistantResponseMessage?.toolUses || []);
+    const allToolUseIdsInHistory = new Set(toolUsesInHistory.map((tu) => tu.toolUseId));
+    const finalCurTrs = [];
+    const orphanedTrs = [];
+    for (const tr of curTrs) {
+        if (allToolUseIdsInHistory.has(tr.toolUseId))
+            finalCurTrs.push(tr);
+        else {
+            const originalCall = findOriginalToolCall(messages, tr.toolUseId);
+            if (originalCall) {
+                orphanedTrs.push({
+                    call: {
+                        name: originalCall.name || originalCall.function?.name || 'tool',
+                        toolUseId: tr.toolUseId,
+                        input: originalCall.input ||
+                            (originalCall.function?.arguments ? JSON.parse(originalCall.function.arguments) : {})
+                    },
+                    result: tr
+                });
+            }
+            else {
+                curContent += `\n\n[Output for tool call ${tr.toolUseId}]:\n${tr.content?.[0]?.text || ''}`;
+            }
+        }
+    }
+    if (orphanedTrs.length > 0) {
+        const prev = history[history.length - 1];
+        if (prev && !prev.userInputMessage) {
+            history.push({
+                userInputMessage: {
+                    content: 'Running tools...',
+                    modelId: resolved,
+                    origin: KIRO_CONSTANTS.ORIGIN_AI_EDITOR
+                }
+            });
+        }
+        history.push({
+            assistantResponseMessage: {
+                content: 'I will execute the following tools.',
+                toolUses: orphanedTrs.map((o) => o.call)
+            }
+        });
+        finalCurTrs.push(...orphanedTrs.map((o) => o.result));
+    }
+    if (history.length > 0)
+        request.conversationState.history = history;
+    const uim = request.conversationState.currentMessage.userInputMessage;
+    if (uim) {
+        uim.content = curContent;
+        if (curImgs.length)
+            uim.images = curImgs;
+        const ctx = {};
+        if (finalCurTrs.length)
+            ctx.toolResults = deduplicateToolResults(finalCurTrs);
+        if (cwTools.length)
+            ctx.tools = cwTools;
+        if (Object.keys(ctx).length)
+            uim.userInputMessageContext = ctx;
+        const hasToolsInHistory = historyHasToolCalling(history);
+        if (hasToolsInHistory) {
+            const toolNamesInHistory = extractToolNamesFromHistory(history);
+            if (toolNamesInHistory.size > 0) {
+                const existingTools = uim.userInputMessageContext?.tools || [];
+                const existingToolNames = new Set(existingTools.map((t) => t.toolSpecification?.name).filter(Boolean));
+                const missingToolNames = Array.from(toolNamesInHistory).filter((name) => !existingToolNames.has(name));
+                if (missingToolNames.length > 0) {
+                    const placeholderTools = missingToolNames.map((name) => ({
+                        toolSpecification: {
+                            name,
+                            description: 'Tool',
+                            inputSchema: { json: { type: 'object', properties: {} } }
+                        }
+                    }));
+                    if (!uim.userInputMessageContext)
+                        uim.userInputMessageContext = {};
+                    uim.userInputMessageContext.tools = [...existingTools, ...placeholderTools];
+                }
+            }
+        }
+    }
+    const machineId = crypto
+        .createHash('sha256')
+        .update(auth.profileArn || auth.clientId || 'KIRO_DEFAULT_MACHINE')
+        .digest('hex');
+    const osP = os.platform(), osR = os.release(), nodeV = process.version.replace('v', ''), kiroV = KIRO_CONSTANTS.KIRO_VERSION;
+    const osN = osP === 'win32' ? `windows#${osR}` : osP === 'darwin' ? `macos#${osR}` : `${osP}#${osR}`;
+    const ua = `aws-sdk-js/1.0.0 ua/2.1 os/${osN} lang/js md/nodejs#${nodeV} api/codewhispererruntime#1.0.0 m/E KiroIDE-${kiroV}-${machineId}`;
+    return {
+        url: KIRO_CONSTANTS.BASE_URL.replace('{{region}}', auth.region),
+        init: {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Accept: 'application/json',
+                Authorization: `Bearer ${auth.access}`,
+                'amz-sdk-invocation-id': crypto.randomUUID(),
+                'amz-sdk-request': 'attempt=1; max=1',
+                'x-amzn-kiro-agent-mode': 'vibe',
+                'x-amz-user-agent': `aws-sdk-js/1.0.0 KiroIDE-${kiroV}-${machineId}`,
+                'user-agent': ua,
+                Connection: 'close'
+            },
+            body: JSON.stringify(request)
+        },
+        streaming: true,
+        effectiveModel: resolved,
+        conversationId: convId
+    };
+}

package/dist/plugin/response.d.ts

@@ -0,0 +1,3 @@
+import { ParsedResponse } from './types';
+export declare function parseEventStream(rawResponse: string): ParsedResponse;
+export declare function estimateTokens(text: string): number;

package/dist/plugin/response.js

@@ -0,0 +1,95 @@
+import { parseAwsEventStreamBuffer } from '../infrastructure/transformers/event-stream-parser.js';
+import { cleanToolCallsFromText, deduplicateToolCalls, parseBracketToolCalls } from '../infrastructure/transformers/tool-call-parser.js';
+export function parseEventStream(rawResponse) {
+    const parsedFromEvents = parseEventStreamChunk(rawResponse);
+    let fullResponseText = parsedFromEvents.content;
+    let allToolCalls = [...parsedFromEvents.toolCalls];
+    const rawBracketToolCalls = parseBracketToolCalls(rawResponse);
+    if (rawBracketToolCalls.length > 0) {
+        allToolCalls.push(...rawBracketToolCalls);
+    }
+    const uniqueToolCalls = deduplicateToolCalls(allToolCalls);
+    if (uniqueToolCalls.length > 0) {
+        fullResponseText = cleanToolCallsFromText(fullResponseText, uniqueToolCalls);
+    }
+    return {
+        content: fullResponseText,
+        toolCalls: uniqueToolCalls,
+        stopReason: parsedFromEvents.stopReason,
+        inputTokens: parsedFromEvents.inputTokens,
+        outputTokens: parsedFromEvents.outputTokens
+    };
+}
+function parseEventStreamChunk(rawText) {
+    const events = parseAwsEventStreamBuffer(rawText);
+    let content = '';
+    const toolCallsMap = new Map();
+    let stopReason;
+    let inputTokens;
+    let outputTokens;
+    let contextUsagePercentage;
+    for (const event of events) {
+        if (event.type === 'content' && event.data) {
+            content += event.data;
+        }
+        else if (event.type === 'toolUse') {
+            const { name, toolUseId, input } = event.data;
+            if (name && toolUseId) {
+                if (toolCallsMap.has(toolUseId)) {
+                    const existing = toolCallsMap.get(toolUseId);
+                    existing.input = existing.input + (input || '');
+                }
+                else {
+                    toolCallsMap.set(toolUseId, {
+                        toolUseId,
+                        name,
+                        input: input || ''
+                    });
+                }
+            }
+        }
+        else if (event.type === 'toolUseInput') {
+            const lastToolCall = Array.from(toolCallsMap.values()).pop();
+            if (lastToolCall) {
+                lastToolCall.input = lastToolCall.input + (event.data.input || '');
+            }
+        }
+        else if (event.type === 'toolUseStop') {
+            stopReason = 'tool_use';
+        }
+        else if (event.type === 'contextUsage') {
+            contextUsagePercentage = event.data.contextUsagePercentage;
+        }
+    }
+    const toolCalls = Array.from(toolCallsMap.values()).map((tc) => {
+        let parsedInput = tc.input;
+        if (typeof tc.input === 'string' && tc.input.trim()) {
+            try {
+                parsedInput = JSON.parse(tc.input);
+            }
+            catch (e) {
+                parsedInput = tc.input;
+            }
+        }
+        return {
+            toolUseId: tc.toolUseId,
+            name: tc.name,
+            input: parsedInput
+        };
+    });
+    if (contextUsagePercentage !== undefined) {
+        const totalTokens = Math.round((200000 * contextUsagePercentage) / 100);
+        outputTokens = estimateTokens(content);
+        inputTokens = Math.max(0, totalTokens - outputTokens);
+    }
+    return {
+        content,
+        toolCalls,
+        stopReason: stopReason || (toolCalls.length > 0 ? 'tool_use' : 'end_turn'),
+        inputTokens,
+        outputTokens
+    };
+}
+export function estimateTokens(text) {
+    return Math.ceil(text.length / 4);
+}

package/dist/plugin/server.d.ts

@@ -0,0 +1,24 @@
+import type { KiroRegion } from './types';
+export interface KiroIDCTokenResult {
+    email: string;
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    clientId: string;
+    clientSecret: string;
+}
+export interface IDCAuthData {
+    verificationUrl: string;
+    verificationUriComplete: string;
+    userCode: string;
+    deviceCode: string;
+    clientId: string;
+    clientSecret: string;
+    interval: number;
+    expiresIn: number;
+    region: KiroRegion;
+}
+export declare function startIDCAuthServer(authData: IDCAuthData, startPort?: number, portRange?: number): Promise<{
+    url: string;
+    waitForAuth: () => Promise<KiroIDCTokenResult>;
+}>;

package/dist/plugin/server.js

@@ -0,0 +1,166 @@
+import { createServer } from 'node:http';
+import { getErrorHtml, getIDCAuthHtml, getSuccessHtml } from './auth-page';
+import * as logger from './logger';
+async function tryPort(port) {
+    return new Promise((resolve) => {
+        const testServer = createServer();
+        testServer.once('error', () => resolve(false));
+        testServer.once('listening', () => {
+            testServer.close();
+            resolve(true);
+        });
+        testServer.listen(port, '127.0.0.1');
+    });
+}
+async function findAvailablePort(startPort, range) {
+    for (let i = 0; i < range; i++) {
+        const port = startPort + i;
+        const available = await tryPort(port);
+        if (available)
+            return port;
+    }
+    throw new Error(`No available ports in range ${startPort}-${startPort + range - 1}. Please close other applications using these ports.`);
+}
+export async function startIDCAuthServer(authData, startPort = 19847, portRange = 10) {
+    return new Promise(async (resolve, reject) => {
+        let port;
+        try {
+            port = await findAvailablePort(startPort, portRange);
+            logger.log(`Auth server will use port ${port}`);
+        }
+        catch (error) {
+            logger.error('Failed to find available port', error);
+            reject(error);
+            return;
+        }
+        let server = null;
+        let timeoutId = null;
+        let resolver = null;
+        let rejector = null;
+        const status = { status: 'pending' };
+        const cleanup = () => {
+            if (timeoutId)
+                clearTimeout(timeoutId);
+            if (server)
+                server.close();
+        };
+        const sendHtml = (res, html) => {
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(html);
+        };
+        const poll = async () => {
+            try {
+                const body = {
+                    grantType: 'urn:ietf:params:oauth:grant-type:device_code',
+                    deviceCode: authData.deviceCode,
+                    clientId: authData.clientId,
+                    clientSecret: authData.clientSecret
+                };
+                const res = await fetch(`https://oidc.${authData.region}.amazonaws.com/token`, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify(body)
+                });
+                const responseText = await res.text();
+                let d = {};
+                if (responseText) {
+                    try {
+                        d = JSON.parse(responseText);
+                    }
+                    catch (parseError) {
+                        logger.error(`Auth polling error: Failed to parse JSON (status ${res.status})`, parseError);
+                        throw parseError;
+                    }
+                }
+                if (res.ok) {
+                    const acc = d.access_token || d.accessToken, ref = d.refresh_token || d.refreshToken, exp = Date.now() + (d.expires_in || d.expiresIn || 0) * 1000;
+                    let email = 'builder-id@aws.amazon.com';
+                    try {
+                        const infoRes = await fetch('https://view.awsapps.com/api/user/info', {
+                            headers: { Authorization: `Bearer ${acc}` }
+                        });
+                        if (infoRes.ok) {
+                            const info = await infoRes.json();
+                            email = info.email || info.userName || email;
+                        }
+                        else {
+                            logger.warn(`User info request failed with status ${infoRes.status}; using fallback email`);
+                        }
+                    }
+                    catch (infoError) {
+                        logger.warn(`Failed to fetch user info; using fallback email: ${infoError?.message || infoError}`);
+                    }
+                    status.status = 'success';
+                    if (resolver)
+                        resolver({
+                            email,
+                            accessToken: acc,
+                            refreshToken: ref,
+                            expiresAt: exp,
+                            clientId: authData.clientId,
+                            clientSecret: authData.clientSecret
+                        });
+                    setTimeout(cleanup, 2000);
+                }
+                else if (d.error === 'authorization_pending') {
+                    setTimeout(poll, authData.interval * 1000);
+                }
+                else {
+                    status.status = 'failed';
+                    status.error = d.error_description || d.error;
+                    logger.error(`Auth polling failed a: ${status.error}`);
+                    if (rejector)
+                        rejector(new Error(status.error));
+                    setTimeout(cleanup, 2000);
+                }
+            }
+            catch (e) {
+                status.status = 'failed';
+                status.error = e.message;
+                logger.error(`Auth polling error b: ${e.message}`, e);
+                if (rejector)
+                    rejector(e);
+                setTimeout(cleanup, 2000);
+            }
+        };
+        server = createServer((req, res) => {
+            const u = req.url || '';
+            if (u === '/' || u.startsWith('/?'))
+                sendHtml(res, getIDCAuthHtml(authData.verificationUriComplete, authData.userCode, `http://127.0.0.1:${port}/status`));
+            else if (u === '/status') {
+                res.writeHead(200, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify(status));
+            }
+            else if (u === '/success')
+                sendHtml(res, getSuccessHtml());
+            else if (u === '/error')
+                sendHtml(res, getErrorHtml(status.error || 'Failed'));
+            else {
+                res.writeHead(404);
+                res.end();
+            }
+        });
+        server.on('error', (e) => {
+            logger.error(`Auth server error on port ${port}`, e);
+            cleanup();
+            reject(e);
+        });
+        server.listen(port, '127.0.0.1', () => {
+            timeoutId = setTimeout(() => {
+                status.status = 'timeout';
+                logger.warn('Auth timeout waiting for authorization');
+                if (rejector)
+                    rejector(new Error('Timeout'));
+                cleanup();
+            }, 900000);
+            poll();
+            resolve({
+                url: `http://127.0.0.1:${port}`,
+                waitForAuth: () => new Promise((rv, rj) => {
+                    resolver = rv;
+                    rejector = rj;
+                })
+            });
+        });
+    });
+}

package/dist/plugin/storage/locked-operations.d.ts

@@ -0,0 +1,5 @@
+import type { ManagedAccount } from '../types';
+export declare function withDatabaseLock<T>(dbPath: string, fn: () => Promise<T>): Promise<T>;
+export declare function createDeterministicId(email: string, authMethod: string, clientId?: string, profileArn?: string): string;
+export declare function mergeAccounts(existing: ManagedAccount[], incoming: ManagedAccount[]): ManagedAccount[];
+export declare function deduplicateAccounts(accounts: ManagedAccount[]): ManagedAccount[];

package/dist/plugin/storage/locked-operations.js

@@ -0,0 +1,91 @@
+import { createHash } from 'node:crypto';
+import { existsSync, promises as fs } from 'node:fs';
+import lockfile from 'proper-lockfile';
+import { isPermanentError } from '../health';
+const LOCK_OPTIONS = {
+    stale: 10000,
+    retries: {
+        retries: 5,
+        minTimeout: 100,
+        maxTimeout: 1000,
+        factor: 2
+    },
+    realpath: false
+};
+export async function withDatabaseLock(dbPath, fn) {
+    const lockPath = `${dbPath}.lock`;
+    if (!existsSync(dbPath)) {
+        const dir = dbPath.substring(0, dbPath.lastIndexOf('/'));
+        await fs.mkdir(dir, { recursive: true });
+        await fs.writeFile(dbPath, '');
+    }
+    let release = null;
+    try {
+        release = await lockfile.lock(dbPath, LOCK_OPTIONS);
+        return await fn();
+    }
+    finally {
+        if (release) {
+            try {
+                await release();
+            }
+            catch (e) {
+                console.warn('Failed to release lock:', e);
+            }
+        }
+    }
+}
+export function createDeterministicId(email, authMethod, clientId, profileArn) {
+    const parts = [email, authMethod, clientId || '', profileArn || ''].join(':');
+    return createHash('sha256').update(parts).digest('hex');
+}
+export function mergeAccounts(existing, incoming) {
+    const accountMap = new Map();
+    for (const acc of existing) {
+        accountMap.set(acc.id, acc);
+    }
+    for (const acc of incoming) {
+        const existingAcc = accountMap.get(acc.id);
+        if (existingAcc) {
+            const hasPermanentError = isPermanentError(existingAcc.unhealthyReason) || isPermanentError(acc.unhealthyReason);
+            accountMap.set(acc.id, {
+                ...existingAcc,
+                ...acc,
+                lastUsed: Math.max(existingAcc.lastUsed || 0, acc.lastUsed || 0),
+                usedCount: Math.max(existingAcc.usedCount || 0, acc.usedCount || 0),
+                limitCount: Math.max(existingAcc.limitCount || 0, acc.limitCount || 0),
+                rateLimitResetTime: Math.max(existingAcc.rateLimitResetTime || 0, acc.rateLimitResetTime || 0),
+                isHealthy: hasPermanentError ? false : existingAcc.isHealthy || acc.isHealthy,
+                failCount: Math.max(existingAcc.failCount || 0, acc.failCount || 0),
+                lastSync: Math.max(existingAcc.lastSync || 0, acc.lastSync || 0)
+            });
+        }
+        else {
+            accountMap.set(acc.id, acc);
+        }
+    }
+    return Array.from(accountMap.values());
+}
+export function deduplicateAccounts(accounts) {
+    const accountMap = new Map();
+    for (const acc of accounts) {
+        const existing = accountMap.get(acc.id);
+        if (!existing) {
+            accountMap.set(acc.id, acc);
+            continue;
+        }
+        const currLastUsed = acc.lastUsed || 0;
+        const existLastUsed = existing.lastUsed || 0;
+        if (currLastUsed > existLastUsed) {
+            accountMap.set(acc.id, acc);
+        }
+        else if (currLastUsed === existLastUsed) {
+            const currAddedAt = acc.expiresAt || 0;
+            const existAddedAt = existing.expiresAt || 0;
+            if (currAddedAt > existAddedAt) {
+                accountMap.set(acc.id, acc);
+            }
+        }
+    }
+    return Array.from(accountMap.values());
+}

package/dist/plugin/storage/migrations.d.ts

@@ -0,0 +1,2 @@
+import type { Database } from 'bun:sqlite';
+export declare function runMigrations(db: Database): void;