@kervnet/opencode-kiro-auth 1.7.5 → 1.7.7

package/dist/core/auth/token-refresher.d.ts

@@ -12,6 +12,8 @@ export declare class TokenRefresher {
     private accountManager;
     private syncFromKiroCli;
     private repository;
+    private lastSyncTime;
+    private readonly SYNC_COOLDOWN_MS;
     constructor(config: TokenRefresherConfig, accountManager: AccountManager, syncFromKiroCli: () => Promise<void>, repository: AccountRepository);
     refreshIfNeeded(account: ManagedAccount, auth: KiroAuthDetails, showToast: ToastFunction): Promise<{
         account: ManagedAccount;

package/dist/core/auth/token-refresher.js

@@ -6,6 +6,8 @@ export class TokenRefresher {
     accountManager;
     syncFromKiroCli;
     repository;
+    lastSyncTime = 0;
+    SYNC_COOLDOWN_MS = 5000; // Only sync once per 5 seconds
     constructor(config, accountManager, syncFromKiroCli, repository) {
         this.config = config;
         this.accountManager = accountManager;
@@ -27,7 +29,10 @@ export class TokenRefresher {
         }
     }
     async handleRefreshError(error, account, showToast) {
-        if (this.config.auto_sync_kiro_cli) {
+        // Only sync if cooldown period has passed
+        const now = Date.now();
+        if (this.config.auto_sync_kiro_cli && now - this.lastSyncTime > this.SYNC_COOLDOWN_MS) {
+            this.lastSyncTime = now;
             await this.syncFromKiroCli();
         }
         this.repository.invalidateCache();

package/dist/core/request/error-handler.js

@@ -62,9 +62,9 @@ export class ErrorHandler {
             await this.sleep(w);
             return { shouldRetry: true };
         }
-        if ((response.status === 402 || response.status === 403) &&
-            this.accountManager.getAccountCount() > 1) {
-            let errorReason = response.status === 402 ? 'Quota' : 'Forbidden';
+        // Handle 403 Forbidden - might be invalid/stale token
+        if (response.status === 403) {
+            let errorReason = 'Forbidden';
             let isPermanent = false;
             try {
                 const errorBody = await response.text();
@@ -84,10 +84,25 @@ export class ErrorHandler {
             }
             if (isPermanent) {
                 account.failCount = 10;
+                this.accountManager.markUnhealthy(account, errorReason);
+                await this.repository.batchSave(this.accountManager.getAccounts());
+                if (this.accountManager.getAccountCount() > 1) {
+                    showToast(`${errorReason} (${account.email}). Switching account...`, 'warning');
+                    return { shouldRetry: true, switchAccount: true };
+                }
+                throw new Error(errorReason);
             }
-            this.accountManager.markUnhealthy(account, errorReason);
+            // For non-permanent 403, force token expiry to trigger refresh
+            account.expiresAt = 0;
+            await this.repository.batchSave(this.accountManager.getAccounts());
+            showToast('Token expired. Refreshing...', 'info');
+            return { shouldRetry: true };
+        }
+        // Handle 402 Payment Required (quota exceeded)
+        if (response.status === 402 && this.accountManager.getAccountCount() > 1) {
+            this.accountManager.markUnhealthy(account, 'Quota');
             await this.repository.batchSave(this.accountManager.getAccounts());
-            showToast(`${errorReason} (${account.email}). Switching account...`, 'warning');
+            showToast(`Quota exceeded (${account.email}). Switching account...`, 'warning');
             return { shouldRetry: true, switchAccount: true };
         }
         return { shouldRetry: false };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kervnet/opencode-kiro-auth",
-  "version": "1.7.5",
+  "version": "1.7.7",
   "description": "OpenCode plugin for AWS Kiro (CodeWhisperer) with IAM Identity Center profile support",
   "type": "module",
   "main": "dist/index.js",