@zhafron/opencode-kiro-auth 1.2.8 → 1.3.0

package/README.md

@@ -7,14 +7,13 @@ OpenCode plugin for AWS Kiro (CodeWhisperer) providing access to Claude Sonnet a
 
 ## Features
 
-- AWS Builder ID (IDC) authentication with seamless device code flow.
-- Intelligent multi-account rotation prioritized by lowest usage.
-- Automated token refresh and rate limit handling with exponential backoff.
-- Native thinking mode support via virtual model mappings.
-- Decoupled storage for credentials and real-time usage metadata.
-- Configurable request timeout and iteration limits to prevent hangs.
-- Automatic port selection for auth server to avoid conflicts.
-- Usage tracking with automatic retry on sync failures.
+- **Multiple Auth Methods**: Supports AWS Builder ID (IDC) and Kiro Desktop (CLI-based) authentication.
+- **Auto-Sync Kiro CLI**: Automatically imports and synchronizes active sessions from your local `kiro-cli` SQLite database.
+- **Gradual Context Truncation**: Intelligently prevents error 400 by reducing context size dynamically during retries.
+- **Intelligent Account Rotation**: Prioritizes multi-account usage based on lowest available quota.
+- **High-Performance Storage**: Efficient account and usage management using native Bun SQLite.
+- **Native Thinking Mode**: Full support for Claude reasoning capabilities via virtual model mappings.
+- **Automated Recovery**: Exponential backoff for rate limits and automated token refresh.
 
 ## Installation
 
@@ -54,10 +53,14 @@ Add the plugin to your `opencode.json` or `opencode.jsonc`:
 
 ## Setup
 
-1. Run `opencode auth login`.
-2. Select `Other`, type `kiro`, and press enter.
-3. Follow the terminal instructions to complete the AWS Builder ID authentication.
-4. Configuration template will be automatically created at `~/.config/opencode/kiro.json` on first load.
+1. **Authentication via Kiro CLI (Recommended)**:
+   - Perform login directly in your terminal using `kiro-cli login`.
+   - The plugin will automatically detect and import your session on startup.
+2. **Direct Authentication**:
+   - Run `opencode auth login`.
+   - Select `Other`, type `kiro`, and press enter.
+   - Follow the instructions for **AWS Builder ID (IDC)**.
+3. Configuration will be automatically managed at `~/.config/opencode/kiro.db`.
 
 ## Configuration
 
@@ -65,6 +68,7 @@ The plugin supports extensive configuration options. Edit `~/.config/opencode/ki
 
 ```json
 {
+  "auto_sync_kiro_cli": true,
   "account_selection_strategy": "lowest-usage",
   "default_region": "us-east-1",
   "rate_limit_retry_delay_ms": 5000,
@@ -82,46 +86,28 @@ The plugin supports extensive configuration options. Edit `~/.config/opencode/ki
 
 ### Configuration Options
 
-- `account_selection_strategy`: Account rotation strategy (`sticky`, `round-robin`, `lowest-usage`)
-- `default_region`: AWS region (`us-east-1`, `us-west-2`)
-- `rate_limit_retry_delay_ms`: Delay between rate limit retries (1000-60000ms)
-- `rate_limit_max_retries`: Maximum retry attempts for rate limits (0-10)
-- `max_request_iterations`: Maximum loop iterations to prevent hangs (10-1000)
-- `request_timeout_ms`: Request timeout in milliseconds (60000-600000ms)
-- `token_expiry_buffer_ms`: Token refresh buffer time (30000-300000ms)
-- `usage_sync_max_retries`: Retry attempts for usage sync (0-5)
-- `auth_server_port_start`: Starting port for auth server (1024-65535)
-- `auth_server_port_range`: Number of ports to try (1-100)
-- `usage_tracking_enabled`: Enable usage tracking and toast notifications
-- `enable_log_api_request`: Enable detailed API request logging
-
-### Environment Variables
-
-All configuration options can be overridden via environment variables:
-
-- `KIRO_ACCOUNT_SELECTION_STRATEGY`
-- `KIRO_DEFAULT_REGION`
-- `KIRO_RATE_LIMIT_RETRY_DELAY_MS`
-- `KIRO_RATE_LIMIT_MAX_RETRIES`
-- `KIRO_MAX_REQUEST_ITERATIONS`
-- `KIRO_REQUEST_TIMEOUT_MS`
-- `KIRO_TOKEN_EXPIRY_BUFFER_MS`
-- `KIRO_USAGE_SYNC_MAX_RETRIES`
-- `KIRO_AUTH_SERVER_PORT_START`
-- `KIRO_AUTH_SERVER_PORT_RANGE`
-- `KIRO_USAGE_TRACKING_ENABLED`
-- `KIRO_ENABLE_LOG_API_REQUEST`
+- `auto_sync_kiro_cli`: Automatically sync sessions from Kiro CLI (default: `true`).
+- `account_selection_strategy`: Account rotation strategy (`sticky`, `round-robin`, `lowest-usage`).
+- `default_region`: AWS region (`us-east-1`, `us-west-2`).
+- `rate_limit_retry_delay_ms`: Delay between rate limit retries (1000-60000ms).
+- `rate_limit_max_retries`: Maximum retry attempts for rate limits (0-10).
+- `max_request_iterations`: Maximum loop iterations to prevent hangs (10-1000).
+- `request_timeout_ms`: Request timeout in milliseconds (60000-600000ms).
+- `token_expiry_buffer_ms`: Token refresh buffer time (30000-300000ms).
+- `usage_sync_max_retries`: Retry attempts for usage sync (0-5).
+- `auth_server_port_start`: Starting port for auth server (1024-65535).
+- `auth_server_port_range`: Number of ports to try (1-100).
+- `usage_tracking_enabled`: Enable usage tracking and toast notifications.
+- `enable_log_api_request`: Enable detailed API request logging.
 
 ## Storage
 
 **Linux/macOS:**
-- Credentials: `~/.config/opencode/kiro-accounts.json`
-- Usage Tracking: `~/.config/opencode/kiro-usage.json`
+- SQLite Database: `~/.config/opencode/kiro.db`
 - Plugin Config: `~/.config/opencode/kiro.json`
 
 **Windows:**
-- Credentials: `%APPDATA%\opencode\kiro-accounts.json`
-- Usage Tracking: `%APPDATA%\opencode\kiro-usage.json`
+- SQLite Database: `%APPDATA%\opencode\kiro.db`
 - Plugin Config: `%APPDATA%\opencode\kiro.json`
 
 ## Acknowledgements

package/dist/index.d.ts

@@ -1,3 +1,3 @@
 export { KiroOAuthPlugin } from './plugin.js';
 export type { KiroConfig } from './plugin/config/index.js';
-export type { KiroRegion, KiroAuthMethod, ManagedAccount } from './plugin/types.js';
+export type { KiroAuthMethod, KiroRegion, ManagedAccount } from './plugin/types.js';

package/dist/kiro/auth.js

@@ -1,12 +1,14 @@
 export function decodeRefreshToken(refresh) {
     const parts = refresh.split('|');
     if (parts.length < 2)
-        return { refreshToken: parts[0], authMethod: 'idc' };
+        return { refreshToken: parts[0], authMethod: 'desktop' };
     const refreshToken = parts[0];
     const authMethod = parts[parts.length - 1];
     if (authMethod === 'idc')
         return { refreshToken, clientId: parts[1], clientSecret: parts[2], authMethod: 'idc' };
-    return { refreshToken, authMethod: 'idc' };
+    if (authMethod === 'desktop')
+        return { refreshToken, authMethod: 'desktop' };
+    return { refreshToken, authMethod: 'desktop' };
 }
 export function accessTokenExpired(auth, bufferMs = 120000) {
     if (!auth.access || !auth.expires)
@@ -14,10 +16,17 @@ export function accessTokenExpired(auth, bufferMs = 120000) {
     return Date.now() >= auth.expires - bufferMs;
 }
 export function validateAuthDetails(auth) {
-    return !!auth.refresh && auth.authMethod === 'idc' && !!auth.clientId && !!auth.clientSecret;
+    if (!auth.refresh)
+        return false;
+    if (auth.authMethod === 'idc')
+        return !!auth.clientId && !!auth.clientSecret;
+    return true;
 }
 export function encodeRefreshToken(parts) {
-    if (!parts.clientId || !parts.clientSecret)
-        throw new Error('Missing credentials');
-    return `${parts.refreshToken}|${parts.clientId}|${parts.clientSecret}|idc`;
+    if (parts.authMethod === 'idc') {
+        if (!parts.clientId || !parts.clientSecret)
+            throw new Error('Missing credentials');
+        return `${parts.refreshToken}|${parts.clientId}|${parts.clientSecret}|idc`;
+    }
+    return `${parts.refreshToken}|desktop`;
 }

package/dist/plugin/accounts.d.ts

@@ -1,5 +1,6 @@
-import type { ManagedAccount, AccountSelectionStrategy, KiroAuthDetails, UsageMetadata } from './types';
+import type { AccountSelectionStrategy, KiroAuthDetails, ManagedAccount, UsageMetadata } from './types';
 export declare function generateAccountId(): string;
+export declare function createDeterministicAccountId(email: string, method: string, clientId?: string, profileArn?: string): string;
 export declare class AccountManager {
     private accounts;
     private usage;

package/dist/plugin/accounts.js

@@ -1,10 +1,15 @@
-import { randomBytes } from 'node:crypto';
-import { loadAccounts, saveAccounts, loadUsage, saveUsage } from './storage';
-import { KIRO_CONSTANTS } from '../constants';
-import { encodeRefreshToken, decodeRefreshToken } from '../kiro/auth';
+import { createHash, randomBytes } from 'node:crypto';
+import { decodeRefreshToken, encodeRefreshToken } from '../kiro/auth';
+import { kiroDb } from './storage/sqlite';
+import { writeToKiroCli } from './sync/kiro-cli';
 export function generateAccountId() {
     return randomBytes(16).toString('hex');
 }
+export function createDeterministicAccountId(email, method, clientId, profileArn) {
+    return createHash('sha256')
+        .update(`${email}:${method}:${clientId || ''}:${profileArn || ''}`)
+        .digest('hex');
+}
 export class AccountManager {
     accounts;
     usage;
@@ -27,13 +32,27 @@ export class AccountManager {
         }
     }
     static async loadFromDisk(strategy) {
-        const s = await loadAccounts();
-        const u = await loadUsage();
-        const accounts = s.accounts.map((m) => ({
-            ...m,
-            region: m.region || KIRO_CONSTANTS.DEFAULT_REGION
+        const rows = kiroDb.getAccounts();
+        const usage = kiroDb.getUsage();
+        const accounts = rows.map((r) => ({
+            id: r.id,
+            email: r.email,
+            realEmail: r.real_email,
+            authMethod: r.auth_method,
+            region: r.region,
+            clientId: r.client_id,
+            clientSecret: r.client_secret,
+            profileArn: r.profile_arn,
+            refreshToken: r.refresh_token,
+            accessToken: r.access_token,
+            expiresAt: r.expires_at,
+            rateLimitResetTime: r.rate_limit_reset,
+            isHealthy: r.is_healthy === 1,
+            unhealthyReason: r.unhealthy_reason,
+            recoveryTime: r.recovery_time,
+            lastUsed: r.last_used
         }));
-        return new AccountManager(accounts, u.usage, strategy || 'sticky');
+        return new AccountManager(accounts, usage, strategy || 'sticky');
     }
     getAccountCount() {
         return this.accounts.length;
@@ -102,6 +121,7 @@ export class AccountManager {
                 a.realEmail = meta.realEmail;
         }
         this.usage[id] = { ...meta, lastSync: Date.now() };
+        kiroDb.upsertUsage(id, this.usage[id]);
     }
     addAccount(a) {
         const i = this.accounts.findIndex((x) => x.id === a.id);
@@ -109,6 +129,7 @@ export class AccountManager {
             this.accounts.push(a);
         else
             this.accounts[i] = a;
+        kiroDb.upsertAccount(a);
     }
     removeAccount(a) {
         const removedIndex = this.accounts.findIndex((x) => x.id === a.id);
@@ -116,15 +137,13 @@ export class AccountManager {
             return;
         this.accounts = this.accounts.filter((x) => x.id !== a.id);
         delete this.usage[a.id];
-        if (this.accounts.length === 0) {
+        kiroDb.deleteAccount(a.id);
+        if (this.accounts.length === 0)
             this.cursor = 0;
-        }
-        else if (this.cursor >= this.accounts.length) {
+        else if (this.cursor >= this.accounts.length)
             this.cursor = this.accounts.length - 1;
-        }
-        else if (removedIndex <= this.cursor && this.cursor > 0) {
+        else if (removedIndex <= this.cursor && this.cursor > 0)
             this.cursor--;
-        }
     }
     updateFromAuth(a, auth) {
         const acc = this.accounts.find((x) => x.id === a.id);
@@ -140,12 +159,16 @@ export class AccountManager {
                 acc.profileArn = p.profileArn;
             if (p.clientId)
                 acc.clientId = p.clientId;
+            kiroDb.upsertAccount(acc);
+            writeToKiroCli(acc).catch(() => { });
         }
     }
     markRateLimited(a, ms) {
         const acc = this.accounts.find((x) => x.id === a.id);
-        if (acc)
+        if (acc) {
             acc.rateLimitResetTime = Date.now() + ms;
+            kiroDb.upsertAccount(acc);
+        }
     }
     markUnhealthy(a, reason, recovery) {
         const acc = this.accounts.find((x) => x.id === a.id);
@@ -153,12 +176,12 @@ export class AccountManager {
             acc.isHealthy = false;
             acc.unhealthyReason = reason;
             acc.recoveryTime = recovery;
+            kiroDb.upsertAccount(acc);
         }
     }
     async saveToDisk() {
-        const metadata = this.accounts.map(({ usedCount, limitCount, lastUsed, ...rest }) => rest);
-        await saveAccounts({ version: 1, accounts: metadata, activeIndex: this.cursor });
-        await saveUsage({ version: 1, usage: this.usage });
+        for (const a of this.accounts)
+            kiroDb.upsertAccount(a);
     }
     toAuthDetails(a) {
         const p = {

package/dist/plugin/cli.js

@@ -1,5 +1,5 @@
-import { createInterface } from 'node:readline/promises';
 import { stdin as input, stdout as output } from 'node:process';
+import { createInterface } from 'node:readline/promises';
 export async function promptAddAnotherAccount(currentCount) {
     const rl = createInterface({ input, output });
     try {

package/dist/plugin/config/index.d.ts

@@ -1,3 +1,3 @@
-export { KiroConfigSchema, DEFAULT_CONFIG } from './schema';
+export { configExists, getDefaultLogsDir, getProjectConfigPath, getUserConfigPath, loadConfig } from './loader';
+export { DEFAULT_CONFIG, KiroConfigSchema } from './schema';
 export type { KiroConfig } from './schema';
-export { loadConfig, getUserConfigPath, getProjectConfigPath, getDefaultLogsDir, configExists } from './loader';

package/dist/plugin/config/index.js

@@ -1,2 +1,2 @@
-export { KiroConfigSchema, DEFAULT_CONFIG } from './schema';
-export { loadConfig, getUserConfigPath, getProjectConfigPath, getDefaultLogsDir, configExists } from './loader';
+export { configExists, getDefaultLogsDir, getProjectConfigPath, getUserConfigPath, loadConfig } from './loader';
+export { DEFAULT_CONFIG, KiroConfigSchema } from './schema';

package/dist/plugin/config/loader.js

@@ -1,8 +1,8 @@
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
-import { join, dirname } from 'node:path';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
-import { AccountSelectionStrategySchema, KiroConfigSchema, RegionSchema, DEFAULT_CONFIG } from './schema';
+import { dirname, join } from 'node:path';
 import * as logger from '../logger';
+import { AccountSelectionStrategySchema, DEFAULT_CONFIG, KiroConfigSchema, RegionSchema } from './schema';
 function getConfigDir() {
     const platform = process.platform;
     if (platform === 'win32') {

package/dist/plugin/config/schema.d.ts

@@ -16,6 +16,7 @@ export declare const KiroConfigSchema: z.ZodObject<{
     auth_server_port_start: z.ZodDefault<z.ZodNumber>;
     auth_server_port_range: z.ZodDefault<z.ZodNumber>;
     usage_tracking_enabled: z.ZodDefault<z.ZodBoolean>;
+    auto_sync_kiro_cli: z.ZodDefault<z.ZodBoolean>;
     enable_log_api_request: z.ZodDefault<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
     account_selection_strategy: "sticky" | "round-robin" | "lowest-usage";
@@ -29,6 +30,7 @@ export declare const KiroConfigSchema: z.ZodObject<{
     auth_server_port_start: number;
     auth_server_port_range: number;
     usage_tracking_enabled: boolean;
+    auto_sync_kiro_cli: boolean;
     enable_log_api_request: boolean;
     $schema?: string | undefined;
 }, {
@@ -44,6 +46,7 @@ export declare const KiroConfigSchema: z.ZodObject<{
     auth_server_port_start?: number | undefined;
     auth_server_port_range?: number | undefined;
     usage_tracking_enabled?: boolean | undefined;
+    auto_sync_kiro_cli?: boolean | undefined;
     enable_log_api_request?: boolean | undefined;
 }>;
 export type KiroConfig = z.infer<typeof KiroConfigSchema>;

package/dist/plugin/config/schema.js

@@ -14,6 +14,7 @@ export const KiroConfigSchema = z.object({
     auth_server_port_start: z.number().min(1024).max(65535).default(19847),
     auth_server_port_range: z.number().min(1).max(100).default(10),
     usage_tracking_enabled: z.boolean().default(true),
+    auto_sync_kiro_cli: z.boolean().default(true),
     enable_log_api_request: z.boolean().default(false)
 });
 export const DEFAULT_CONFIG = {
@@ -28,5 +29,6 @@ export const DEFAULT_CONFIG = {
     auth_server_port_start: 19847,
     auth_server_port_range: 10,
     usage_tracking_enabled: true,
+    auto_sync_kiro_cli: true,
     enable_log_api_request: false
 };

package/dist/plugin/request.d.ts

@@ -1,4 +1,4 @@
 import type { KiroAuthDetails, PreparedRequest } from './types';
-export declare function transformToCodeWhisperer(url: string, body: any, model: string, auth: KiroAuthDetails, think?: boolean, budget?: number): PreparedRequest;
+export declare function transformToCodeWhisperer(url: string, body: any, model: string, auth: KiroAuthDetails, think?: boolean, budget?: number, reductionFactor?: number): PreparedRequest;
 export declare function mergeAdjacentMessages(msgs: any[]): any[];
 export declare function convertToolsToCodeWhisperer(tools: any[]): any[];

package/dist/plugin/request.js

@@ -46,7 +46,7 @@ function findOriginalToolCall(msgs, toolUseId) {
     }
     return null;
 }
-export function transformToCodeWhisperer(url, body, model, auth, think = false, budget = 20000) {
+export function transformToCodeWhisperer(url, body, model, auth, think = false, budget = 20000, reductionFactor = 1.0) {
     const req = typeof body === 'string' ? JSON.parse(body) : body;
     const { messages, tools, system } = req;
     const convId = crypto.randomUUID();
@@ -94,6 +94,7 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
             });
         }
     }
+    const toolResultLimit = Math.floor(250000 * reductionFactor);
     for (let i = 0; i < msgs.length - 1; i++) {
         const m = msgs[i];
         if (!m)
@@ -107,7 +108,7 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
                         uim.content += p.text || '';
                     else if (p.type === 'tool_result')
                         trs.push({
-                            content: [{ text: truncate(getContentText(p.content || p), 250000) }],
+                            content: [{ text: truncate(getContentText(p.content || p), toolResultLimit) }],
                             status: 'success',
                             toolUseId: p.tool_use_id
                         });
@@ -134,14 +135,14 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
             if (m.tool_results) {
                 for (const tr of m.tool_results)
                     trs.push({
-                        content: [{ text: truncate(getContentText(tr), 250000) }],
+                        content: [{ text: truncate(getContentText(tr), toolResultLimit) }],
                         status: 'success',
                         toolUseId: tr.tool_call_id
                     });
             }
             else {
                 trs.push({
-                    content: [{ text: truncate(getContentText(m), 250000) }],
+                    content: [{ text: truncate(getContentText(m), toolResultLimit) }],
                     status: 'success',
                     toolUseId: m.tool_call_id
                 });
@@ -196,7 +197,8 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
     }
     history = sanitizeHistory(history);
     let historySize = JSON.stringify(history).length;
-    while (historySize > 850000 && history.length > 2) {
+    const historyLimit = Math.floor(850000 * reductionFactor);
+    while (historySize > historyLimit && history.length > 2) {
         history.shift();
         while (history.length > 0) {
             const first = history[0];
@@ -258,14 +260,14 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
             if (curMsg.tool_results) {
                 for (const tr of curMsg.tool_results)
                     curTrs.push({
-                        content: [{ text: truncate(getContentText(tr), 250000) }],
+                        content: [{ text: truncate(getContentText(tr), toolResultLimit) }],
                         status: 'success',
                         toolUseId: tr.tool_call_id
                     });
             }
             else {
                 curTrs.push({
-                    content: [{ text: truncate(getContentText(curMsg), 250000) }],
+                    content: [{ text: truncate(getContentText(curMsg), toolResultLimit) }],
                     status: 'success',
                     toolUseId: curMsg.tool_call_id
                 });
@@ -277,7 +279,7 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
                     curContent += p.text || '';
                 else if (p.type === 'tool_result')
                     curTrs.push({
-                        content: [{ text: truncate(getContentText(p.content || p), 250000) }],
+                        content: [{ text: truncate(getContentText(p.content || p), toolResultLimit) }],
                         status: 'success',
                         toolUseId: p.tool_use_id
                     });

package/dist/plugin/response.d.ts

@@ -1,4 +1,4 @@
-import { ToolCall, ParsedResponse } from './types';
+import { ParsedResponse, ToolCall } from './types';
 export declare function parseEventStream(rawResponse: string): ParsedResponse;
 export declare function parseEventLine(line: string): any | null;
 export declare function parseBracketToolCalls(text: string): ToolCall[];

package/dist/plugin/server.js

@@ -1,5 +1,5 @@
 import { createServer } from 'node:http';
-import { getIDCAuthHtml, getSuccessHtml, getErrorHtml } from './auth-page';
+import { getErrorHtml, getIDCAuthHtml, getSuccessHtml } from './auth-page';
 import * as logger from './logger';
 async function tryPort(port) {
     return new Promise((resolve) => {

package/dist/plugin/storage/migration.d.ts

@@ -0,0 +1 @@
+export declare function migrateJsonToSqlite(): Promise<void>;

package/dist/plugin/storage/migration.js

@@ -0,0 +1,53 @@
+import { promises as fs } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import * as logger from '../logger';
+import { kiroDb } from './sqlite';
+function getBaseDir() {
+    const platform = process.platform;
+    if (platform === 'win32') {
+        return join(process.env.APPDATA || join(homedir(), 'AppData', 'Roaming'), 'opencode');
+    }
+    return join(process.env.XDG_CONFIG_HOME || join(homedir(), '.config'), 'opencode');
+}
+export async function migrateJsonToSqlite() {
+    const base = getBaseDir();
+    const accPath = join(base, 'kiro-accounts.json');
+    const usePath = join(base, 'kiro-usage.json');
+    try {
+        const accExists = await fs
+            .access(accPath)
+            .then(() => true)
+            .catch(() => false);
+        if (accExists) {
+            const data = JSON.parse(await fs.readFile(accPath, 'utf-8'));
+            if (data.accounts && Array.isArray(data.accounts)) {
+                for (const acc of data.accounts) {
+                    kiroDb.upsertAccount({
+                        ...acc,
+                        rateLimitResetTime: acc.rateLimitResetTime || 0,
+                        isHealthy: acc.isHealthy !== false,
+                        lastUsed: acc.lastUsed || 0
+                    });
+                }
+            }
+            await fs.rename(accPath, accPath + '.bak');
+        }
+        const useExists = await fs
+            .access(usePath)
+            .then(() => true)
+            .catch(() => false);
+        if (useExists) {
+            const data = JSON.parse(await fs.readFile(usePath, 'utf-8'));
+            if (data.usage && typeof data.usage === 'object') {
+                for (const [id, meta] of Object.entries(data.usage)) {
+                    kiroDb.upsertUsage(id, meta);
+                }
+            }
+            await fs.rename(usePath, usePath + '.bak');
+        }
+    }
+    catch (e) {
+        logger.error('Migration failed', e);
+    }
+}

package/dist/plugin/storage/sqlite.d.ts

@@ -0,0 +1,16 @@
+import type { UsageMetadata } from '../types';
+export declare const DB_PATH: string;
+export declare class KiroDatabase {
+    private db;
+    constructor(path?: string);
+    private init;
+    getAccounts(): any[];
+    upsertAccount(acc: any): void;
+    deleteAccount(id: string): void;
+    getUsage(): Record<string, UsageMetadata>;
+    upsertUsage(id: string, meta: UsageMetadata): void;
+    getSetting(key: string): string | null;
+    setSetting(key: string, value: string): void;
+    close(): void;
+}
+export declare const kiroDb: KiroDatabase;

package/dist/plugin/storage/sqlite.js

@@ -0,0 +1,104 @@
+import { Database } from 'bun:sqlite';
+import { existsSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+function getBaseDir() {
+    const p = process.platform;
+    if (p === 'win32')
+        return join(process.env.APPDATA || join(homedir(), 'AppData', 'Roaming'), 'opencode');
+    return join(process.env.XDG_CONFIG_HOME || join(homedir(), '.config'), 'opencode');
+}
+export const DB_PATH = join(getBaseDir(), 'kiro.db');
+export class KiroDatabase {
+    db;
+    constructor(path = DB_PATH) {
+        const dir = join(path, '..');
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        this.db = new Database(path);
+        this.db.run('PRAGMA busy_timeout = 5000');
+        this.init();
+    }
+    init() {
+        this.db.run('PRAGMA journal_mode = WAL');
+        this.db.run(`
+      CREATE TABLE IF NOT EXISTS accounts (
+        id TEXT PRIMARY KEY, email TEXT NOT NULL, real_email TEXT, auth_method TEXT NOT NULL,
+        region TEXT NOT NULL, client_id TEXT, client_secret TEXT, profile_arn TEXT,
+        refresh_token TEXT NOT NULL, access_token TEXT NOT NULL, expires_at INTEGER NOT NULL,
+        rate_limit_reset INTEGER DEFAULT 0, is_healthy INTEGER DEFAULT 1, unhealthy_reason TEXT,
+        recovery_time INTEGER, last_used INTEGER DEFAULT 0
+      )
+    `);
+        this.db.run(`
+      CREATE TABLE IF NOT EXISTS usage (
+        account_id TEXT PRIMARY KEY, used_count INTEGER DEFAULT 0, limit_count INTEGER DEFAULT 0,
+        real_email TEXT, last_sync INTEGER,
+        FOREIGN KEY(account_id) REFERENCES accounts(id) ON DELETE CASCADE
+      )
+    `);
+        this.db.run('CREATE TABLE IF NOT EXISTS settings (key TEXT PRIMARY KEY, value TEXT)');
+    }
+    getAccounts() {
+        return this.db.prepare('SELECT * FROM accounts').all();
+    }
+    upsertAccount(acc) {
+        this.db
+            .prepare(`
+      INSERT INTO accounts (
+        id, email, real_email, auth_method, region, client_id, client_secret,
+        profile_arn, refresh_token, access_token, expires_at, rate_limit_reset,
+        is_healthy, unhealthy_reason, recovery_time, last_used
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        email=excluded.email, real_email=excluded.real_email, auth_method=excluded.auth_method,
+        region=excluded.region, client_id=excluded.client_id, client_secret=excluded.client_secret,
+        profile_arn=excluded.profile_arn, refresh_token=excluded.refresh_token,
+        access_token=excluded.access_token, expires_at=excluded.expires_at,
+        rate_limit_reset=excluded.rate_limit_reset, is_healthy=excluded.is_healthy,
+        unhealthy_reason=excluded.unhealthy_reason, recovery_time=excluded.recovery_time,
+        last_used=excluded.last_used
+    `)
+            .run(acc.id, acc.email, acc.realEmail || null, acc.authMethod, acc.region, acc.clientId || null, acc.clientSecret || null, acc.profileArn || null, acc.refreshToken, acc.accessToken, acc.expiresAt, acc.rateLimitResetTime || 0, acc.isHealthy ? 1 : 0, acc.unhealthyReason || null, acc.recoveryTime || null, acc.lastUsed || 0);
+    }
+    deleteAccount(id) {
+        this.db.prepare('DELETE FROM accounts WHERE id = ?').run(id);
+    }
+    getUsage() {
+        const rows = this.db.prepare('SELECT * FROM usage').all();
+        const usage = {};
+        for (const r of rows) {
+            usage[r.account_id] = {
+                usedCount: r.used_count,
+                limitCount: r.limit_count,
+                realEmail: r.real_email,
+                lastSync: r.last_sync
+            };
+        }
+        return usage;
+    }
+    upsertUsage(id, meta) {
+        this.db
+            .prepare(`
+      INSERT INTO usage (account_id, used_count, limit_count, real_email, last_sync)
+      VALUES (?, ?, ?, ?, ?)
+      ON CONFLICT(account_id) DO UPDATE SET
+        used_count=excluded.used_count, limit_count=excluded.limit_count,
+        real_email=excluded.real_email, last_sync=excluded.last_sync
+    `)
+            .run(id, meta.usedCount, meta.limitCount, meta.realEmail || null, meta.lastSync);
+    }
+    getSetting(key) {
+        const row = this.db.prepare('SELECT value FROM settings WHERE key = ?').get(key);
+        return row ? row.value : null;
+    }
+    setSetting(key, value) {
+        this.db
+            .prepare('INSERT INTO settings (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value=excluded.value')
+            .run(key, value);
+    }
+    close() {
+        this.db.close();
+    }
+}
+export const kiroDb = new KiroDatabase();

package/dist/plugin/sync/kiro-cli.d.ts

@@ -0,0 +1,2 @@
+export declare function syncFromKiroCli(): Promise<void>;
+export declare function writeToKiroCli(acc: any): Promise<void>;