@zhafron/opencode-kiro-auth 1.6.6 → 1.7.0

package/dist/plugin/config/schema.js

@@ -39,6 +39,8 @@ export const RegionSchema = z.enum([
 export const KiroConfigSchema = z.object({
     $schema: z.string().optional(),
     idc_start_url: z.string().url().optional(),
+    idc_region: RegionSchema.optional(),
+    idc_profile_arn: z.string().optional(),
     account_selection_strategy: AccountSelectionStrategySchema.default('lowest-usage'),
     default_region: RegionSchema.default('us-east-1'),
     rate_limit_retry_delay_ms: z.number().min(1000).max(60000).default(5000),

package/dist/plugin/logger.js

@@ -14,7 +14,22 @@ const writeToFile = (level, message, ...args) => {
         mkdirSync(dir, { recursive: true });
         const path = join(dir, 'plugin.log');
         const timestamp = new Date().toISOString();
-        const content = `[${timestamp}] ${level}: ${message} ${args.map((a) => (typeof a === 'object' ? JSON.stringify(a) : String(a))).join(' ')}\n`;
+        const content = `[${timestamp}] ${level}: ${message} ${args
+            .map((a) => {
+            if (a instanceof Error) {
+                return `${a.name}: ${a.message}${a.stack ? `\n${a.stack}` : ''}`;
+            }
+            if (typeof a === 'object') {
+                try {
+                    return JSON.stringify(a);
+                }
+                catch {
+                    return '[Unserializable object]';
+                }
+            }
+            return String(a);
+        })
+            .join(' ')}\n`;
         appendFileSync(path, content);
     }
     catch (e) { }

package/dist/plugin/request.js

@@ -135,6 +135,8 @@ export function transformToCodeWhisperer(url, body, model, auth, think = false,
             }
         }
     };
+    if (auth.profileArn)
+        request.profileArn = auth.profileArn;
     const toolUsesInHistory = history.flatMap((h) => h.assistantResponseMessage?.toolUses || []);
     const allToolUseIdsInHistory = new Set(toolUsesInHistory.map((tu) => tu.toolUseId));
     const finalCurTrs = [];

package/dist/plugin/storage/migrations.js

@@ -3,6 +3,7 @@ export function runMigrations(db) {
     migrateRealEmailColumn(db);
     migrateUsageTable(db);
     migrateStartUrlColumn(db);
+    migrateOidcRegionColumn(db);
 }
 function migrateToUniqueRefreshToken(db) {
     const hasIndex = db
@@ -62,7 +63,8 @@ function migrateRealEmailColumn(db) {
             db.run(`
           CREATE TABLE accounts_new (
             id TEXT PRIMARY KEY, email TEXT NOT NULL, auth_method TEXT NOT NULL,
-            region TEXT NOT NULL, client_id TEXT, client_secret TEXT, profile_arn TEXT,
+            region TEXT NOT NULL, oidc_region TEXT, client_id TEXT, client_secret TEXT, profile_arn TEXT,
+            start_url TEXT,
             refresh_token TEXT NOT NULL, access_token TEXT NOT NULL, expires_at INTEGER NOT NULL,
             rate_limit_reset INTEGER DEFAULT 0, is_healthy INTEGER DEFAULT 1, unhealthy_reason TEXT,
             recovery_time INTEGER, fail_count INTEGER DEFAULT 0, last_used INTEGER DEFAULT 0,
@@ -70,8 +72,8 @@ function migrateRealEmailColumn(db) {
           )
         `);
             db.run(`
-          INSERT INTO accounts_new (id, email, auth_method, region, client_id, client_secret, profile_arn, refresh_token, access_token, expires_at, rate_limit_reset, is_healthy, unhealthy_reason, recovery_time, fail_count, last_used, used_count, limit_count, last_sync)
-          SELECT id, email, auth_method, region, client_id, client_secret, profile_arn, refresh_token, access_token, expires_at, COALESCE(rate_limit_reset, 0), COALESCE(is_healthy, 1), unhealthy_reason, recovery_time, COALESCE(fail_count, 0), COALESCE(last_used, 0), 0, 0, 0 FROM accounts
+          INSERT INTO accounts_new (id, email, auth_method, region, oidc_region, client_id, client_secret, profile_arn, start_url, refresh_token, access_token, expires_at, rate_limit_reset, is_healthy, unhealthy_reason, recovery_time, fail_count, last_used, used_count, limit_count, last_sync)
+          SELECT id, email, auth_method, region, NULL, client_id, client_secret, profile_arn, NULL, refresh_token, access_token, expires_at, COALESCE(rate_limit_reset, 0), COALESCE(is_healthy, 1), unhealthy_reason, recovery_time, COALESCE(fail_count, 0), COALESCE(last_used, 0), 0, 0, 0 FROM accounts
         `);
             db.run('DROP TABLE accounts');
             db.run('ALTER TABLE accounts_new RENAME TO accounts');
@@ -115,3 +117,12 @@ function migrateStartUrlColumn(db) {
         db.run('ALTER TABLE accounts ADD COLUMN start_url TEXT');
     }
 }
+function migrateOidcRegionColumn(db) {
+    const columns = db.prepare('PRAGMA table_info(accounts)').all();
+    const names = new Set(columns.map((c) => c.name));
+    if (!names.has('oidc_region')) {
+        db.run('ALTER TABLE accounts ADD COLUMN oidc_region TEXT');
+    }
+    // Backfill: historically `region` was used for both service + OIDC.
+    db.run('UPDATE accounts SET oidc_region = region WHERE oidc_region IS NULL OR oidc_region = \"\"');
+}

package/dist/plugin/storage/sqlite.js

@@ -28,7 +28,7 @@ export class KiroDatabase {
         this.db.run(`
       CREATE TABLE IF NOT EXISTS accounts (
         id TEXT PRIMARY KEY, email TEXT NOT NULL, auth_method TEXT NOT NULL,
-        region TEXT NOT NULL, client_id TEXT, client_secret TEXT, profile_arn TEXT,
+        region TEXT NOT NULL, oidc_region TEXT, client_id TEXT, client_secret TEXT, profile_arn TEXT,
         start_url TEXT,
         refresh_token TEXT NOT NULL, access_token TEXT NOT NULL, expires_at INTEGER NOT NULL,
         rate_limit_reset INTEGER DEFAULT 0, is_healthy INTEGER DEFAULT 1, unhealthy_reason TEXT,
@@ -45,14 +45,14 @@ export class KiroDatabase {
         this.db
             .prepare(`
       INSERT INTO accounts (
-        id, email, auth_method, region, client_id, client_secret,
+        id, email, auth_method, region, oidc_region, client_id, client_secret,
         profile_arn, start_url, refresh_token, access_token, expires_at, rate_limit_reset,
         is_healthy, unhealthy_reason, recovery_time, fail_count, last_used,
         used_count, limit_count, last_sync
-      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
       ON CONFLICT(refresh_token) DO UPDATE SET
         id=excluded.id, email=excluded.email, auth_method=excluded.auth_method,
-        region=excluded.region, client_id=excluded.client_id, client_secret=excluded.client_secret,
+        region=excluded.region, oidc_region=excluded.oidc_region, client_id=excluded.client_id, client_secret=excluded.client_secret,
         profile_arn=excluded.profile_arn, start_url=excluded.start_url,
         access_token=excluded.access_token, expires_at=excluded.expires_at,
         rate_limit_reset=excluded.rate_limit_reset, is_healthy=excluded.is_healthy,
@@ -60,7 +60,7 @@ export class KiroDatabase {
         fail_count=excluded.fail_count, last_used=excluded.last_used,
         used_count=excluded.used_count, limit_count=excluded.limit_count, last_sync=excluded.last_sync
     `)
-            .run(acc.id, acc.email, acc.authMethod, acc.region, acc.clientId || null, acc.clientSecret || null, acc.profileArn || null, acc.startUrl || null, acc.refreshToken, acc.accessToken, acc.expiresAt, acc.rateLimitResetTime || 0, acc.isHealthy ? 1 : 0, acc.unhealthyReason || null, acc.recoveryTime || null, acc.failCount || 0, acc.lastUsed || 0, acc.usedCount || 0, acc.limitCount || 0, acc.lastSync || 0);
+            .run(acc.id, acc.email, acc.authMethod, acc.region, acc.oidcRegion || null, acc.clientId || null, acc.clientSecret || null, acc.profileArn || null, acc.startUrl || null, acc.refreshToken, acc.accessToken, acc.expiresAt, acc.rateLimitResetTime || 0, acc.isHealthy ? 1 : 0, acc.unhealthyReason || null, acc.recoveryTime || null, acc.failCount || 0, acc.lastUsed || 0, acc.usedCount || 0, acc.limitCount || 0, acc.lastSync || 0);
     }
     async upsertAccount(acc) {
         await withDatabaseLock(this.path, async () => {
@@ -109,6 +109,7 @@ export class KiroDatabase {
             email: row.email,
             authMethod: row.auth_method,
             region: row.region,
+            oidcRegion: row.oidc_region || undefined,
             clientId: row.client_id,
             clientSecret: row.client_secret,
             profileArn: row.profile_arn,

package/dist/plugin/sync/kiro-cli-profile.d.ts

@@ -0,0 +1 @@
+export declare function readActiveProfileArnFromKiroCli(): string | undefined;

package/dist/plugin/sync/kiro-cli-profile.js

@@ -0,0 +1,30 @@
+import { Database } from 'bun:sqlite';
+import { existsSync } from 'node:fs';
+import { getCliDbPath, safeJsonParse } from './kiro-cli-parser';
+export function readActiveProfileArnFromKiroCli() {
+    const dbPath = getCliDbPath();
+    if (!existsSync(dbPath))
+        return undefined;
+    let cliDb;
+    try {
+        cliDb = new Database(dbPath, { readonly: true });
+        cliDb.run('PRAGMA busy_timeout = 5000');
+        const row = cliDb
+            .prepare('SELECT value FROM state WHERE key = ?')
+            .get('api.codewhisperer.profile');
+        const parsed = safeJsonParse(row?.value);
+        const arn = parsed?.arn || parsed?.profileArn || parsed?.profile_arn;
+        return typeof arn === 'string' && arn.trim() ? arn.trim() : undefined;
+    }
+    catch {
+        return undefined;
+    }
+    finally {
+        try {
+            cliDb?.close();
+        }
+        catch {
+            // ignore
+        }
+    }
+}

package/dist/plugin/sync/kiro-cli.js

@@ -1,10 +1,12 @@
 import { Database } from 'bun:sqlite';
 import { existsSync } from 'node:fs';
+import { extractRegionFromArn, normalizeRegion } from '../../constants';
 import { createDeterministicAccountId } from '../accounts';
 import * as logger from '../logger';
 import { kiroDb } from '../storage/sqlite';
 import { fetchUsageLimits } from '../usage';
 import { findClientCredsRecursive, getCliDbPath, makePlaceholderEmail, normalizeExpiresAt, safeJsonParse } from './kiro-cli-parser';
+import { readActiveProfileArnFromKiroCli } from './kiro-cli-profile';
 export async function syncFromKiroCli() {
     const dbPath = getCliDbPath();
     if (!existsSync(dbPath))
@@ -13,6 +15,19 @@ export async function syncFromKiroCli() {
         const cliDb = new Database(dbPath, { readonly: true });
         cliDb.run('PRAGMA busy_timeout = 5000');
         const rows = cliDb.prepare('SELECT key, value FROM auth_kv').all();
+        let activeProfileArn;
+        try {
+            const stateRow = cliDb
+                .prepare('SELECT value FROM state WHERE key = ?')
+                .get('api.codewhisperer.profile');
+            const parsed = safeJsonParse(stateRow?.value);
+            const arn = parsed?.arn || parsed?.profileArn || parsed?.profile_arn;
+            if (typeof arn === 'string' && arn.trim())
+                activeProfileArn = arn.trim();
+        }
+        catch {
+            // Ignore state read failures; token import can proceed.
+        }
         const deviceRegRow = rows.find((r) => typeof r?.key === 'string' && r.key.includes('device-registration'));
         const deviceReg = safeJsonParse(deviceRegRow?.value);
         const regCreds = deviceReg ? findClientCredsRecursive(deviceReg) : {};
@@ -23,8 +38,16 @@ export async function syncFromKiroCli() {
                     continue;
                 const isIdc = row.key.includes('odic');
                 const authMethod = isIdc ? 'idc' : 'desktop';
-                const region = data.region || 'us-east-1';
-                const profileArn = data.profile_arn || data.profileArn;
+                const oidcRegion = normalizeRegion(data.region);
+                let profileArn = data.profile_arn || data.profileArn;
+                if (!profileArn && isIdc)
+                    profileArn = activeProfileArn || readActiveProfileArnFromKiroCli();
+                const serviceRegion = extractRegionFromArn(profileArn) || oidcRegion;
+                const startUrl = typeof data.start_url === 'string'
+                    ? data.start_url
+                    : typeof data.startUrl === 'string'
+                        ? data.startUrl
+                        : undefined;
                 const accessToken = data.access_token || data.accessToken || '';
                 const refreshToken = data.refresh_token || data.refreshToken;
                 if (!refreshToken)
@@ -46,7 +69,7 @@ export async function syncFromKiroCli() {
                         access: accessToken,
                         expires: cliExpiresAt,
                         authMethod,
-                        region,
+                        region: serviceRegion,
                         profileArn,
                         clientId,
                         clientSecret,
@@ -63,7 +86,8 @@ export async function syncFromKiroCli() {
                 catch (e) {
                     logger.warn('Kiro CLI sync: failed to fetch usage/email; falling back', {
                         authMethod,
-                        region
+                        serviceRegion,
+                        oidcRegion
                     });
                     logger.debug('Kiro CLI sync: usage fetch error', e);
                 }
@@ -80,10 +104,10 @@ export async function syncFromKiroCli() {
                         email = existing.email;
                     }
                     else {
-                        email = makePlaceholderEmail(authMethod, region, clientId, profileArn);
+                        email = makePlaceholderEmail(authMethod, serviceRegion, clientId, profileArn);
                     }
                 }
-                const resolvedEmail = email || makePlaceholderEmail(authMethod, region, clientId, profileArn);
+                const resolvedEmail = email || makePlaceholderEmail(authMethod, serviceRegion, clientId, profileArn);
                 const id = createDeterministicAccountId(resolvedEmail, authMethod, clientId, profileArn);
                 const existingById = all.find((a) => a.id === id);
                 if (existingById &&
@@ -91,7 +115,7 @@ export async function syncFromKiroCli() {
                     existingById.expires_at >= cliExpiresAt)
                     continue;
                 if (usageOk) {
-                    const placeholderEmail = makePlaceholderEmail(authMethod, region, clientId, profileArn);
+                    const placeholderEmail = makePlaceholderEmail(authMethod, serviceRegion, clientId, profileArn);
                     const placeholderId = createDeterministicAccountId(placeholderEmail, authMethod, clientId, profileArn);
                     if (placeholderId !== id) {
                         const placeholderRow = all.find((a) => a.id === placeholderId);
@@ -100,7 +124,8 @@ export async function syncFromKiroCli() {
                                 id: placeholderId,
                                 email: placeholderRow.email,
                                 authMethod,
-                                region: placeholderRow.region || region,
+                                region: placeholderRow.region || serviceRegion,
+                                oidcRegion: placeholderRow.oidc_region || oidcRegion,
                                 clientId,
                                 clientSecret,
                                 profileArn,
@@ -123,10 +148,12 @@ export async function syncFromKiroCli() {
                     id,
                     email: resolvedEmail,
                     authMethod,
-                    region,
+                    region: serviceRegion,
+                    oidcRegion,
                     clientId,
                     clientSecret,
                     profileArn,
+                    startUrl,
                     refreshToken,
                     accessToken,
                     expiresAt: cliExpiresAt,

package/dist/plugin/token.js

@@ -3,8 +3,9 @@ import { KiroTokenRefreshError } from './errors';
 export async function refreshAccessToken(auth) {
     const p = decodeRefreshToken(auth.refresh);
     const isIdc = auth.authMethod === 'idc';
+    const oidcRegion = auth.oidcRegion || auth.region;
     const url = isIdc
-        ? `https://oidc.${auth.region}.amazonaws.com/token`
+        ? `https://oidc.${oidcRegion}.amazonaws.com/token`
         : `https://prod.${auth.region}.auth.desktop.kiro.dev/refreshToken`;
     if (isIdc && (!p.clientId || !p.clientSecret)) {
         throw new KiroTokenRefreshError('Missing creds', 'MISSING_CREDENTIALS');
@@ -62,6 +63,8 @@ export async function refreshAccessToken(auth) {
             expires: Date.now() + (d.expires_in || d.expiresIn || 3600) * 1000,
             authMethod: auth.authMethod,
             region: auth.region,
+            oidcRegion: auth.oidcRegion,
+            profileArn: auth.profileArn,
             clientId: auth.clientId,
             clientSecret: auth.clientSecret,
             email: auth.email || d.userInfo?.email

package/dist/plugin/types.d.ts

@@ -8,6 +8,7 @@ export interface KiroAuthDetails {
     expires: number;
     authMethod: KiroAuthMethod;
     region: KiroRegion;
+    oidcRegion?: KiroRegion;
     clientId?: string;
     clientSecret?: string;
     email?: string;
@@ -25,6 +26,7 @@ export interface ManagedAccount {
     email: string;
     authMethod: KiroAuthMethod;
     region: KiroRegion;
+    oidcRegion?: KiroRegion;
     clientId?: string;
     clientSecret?: string;
     profileArn?: string;

package/dist/plugin/usage.js

@@ -1,7 +1,12 @@
 export async function fetchUsageLimits(auth) {
-    const url = `https://q.${auth.region}.amazonaws.com/getUsageLimits?isEmailRequired=true&origin=AI_EDITOR&resourceType=AGENTIC_REQUEST`;
+    const url = new URL(`https://q.${auth.region}.amazonaws.com/getUsageLimits`);
+    url.searchParams.set('isEmailRequired', 'true');
+    url.searchParams.set('origin', 'AI_EDITOR');
+    url.searchParams.set('resourceType', 'AGENTIC_REQUEST');
+    if (auth.profileArn)
+        url.searchParams.set('profileArn', auth.profileArn);
     try {
-        const res = await fetch(url, {
+        const res = await fetch(url.toString(), {
             method: 'GET',
             headers: {
                 Authorization: `Bearer ${auth.access}`,
@@ -10,8 +15,18 @@ export async function fetchUsageLimits(auth) {
                 'amz-sdk-request': 'attempt=1; max=1'
             }
         });
-        if (!res.ok)
-            throw new Error(`Status: ${res.status}`);
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            const requestId = res.headers.get('x-amzn-requestid') ||
+                res.headers.get('x-amzn-request-id') ||
+                res.headers.get('x-amz-request-id') ||
+                '';
+            const errType = res.headers.get('x-amzn-errortype') || res.headers.get('x-amzn-error-type') || '';
+            const msg = body && body.length > 0
+                ? `${body.slice(0, 2000)}${body.length > 2000 ? '…' : ''}`
+                : `HTTP ${res.status}`;
+            throw new Error(`Status: ${res.status}${errType ? ` (${errType})` : ''}${requestId ? ` [${requestId}]` : ''}: ${msg}`);
+        }
         const data = await res.json();
         let usedCount = 0, limitCount = 0;
         if (Array.isArray(data.usageBreakdownList)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhafron/opencode-kiro-auth",
-  "version": "1.6.6",
+  "version": "1.7.0",
   "description": "OpenCode plugin for AWS Kiro (CodeWhisperer) providing access to Claude models",
   "type": "module",
   "main": "dist/index.js",

package/dist/plugin/cli.d.ts

@@ -1,8 +0,0 @@
-export declare function promptAddAnotherAccount(currentCount: number): Promise<boolean>;
-export declare function promptDeleteAccount(accounts: ExistingAccountInfo[]): Promise<number[] | null>;
-export type LoginMode = 'add' | 'fresh' | 'delete';
-export interface ExistingAccountInfo {
-    email?: string;
-    index: number;
-}
-export declare function promptLoginMode(existingAccounts: ExistingAccountInfo[]): Promise<LoginMode>;

package/dist/plugin/cli.js

@@ -1,103 +0,0 @@
-import { stdin as input, stdout as output } from 'node:process';
-import { createInterface } from 'node:readline/promises';
-export async function promptAddAnotherAccount(currentCount) {
-    const rl = createInterface({ input, output });
-    try {
-        const answer = await rl.question(`Add another account? (${currentCount} added) (y/n): `);
-        const normalized = answer.trim().toLowerCase();
-        return normalized === 'y' || normalized === 'yes';
-    }
-    finally {
-        rl.close();
-    }
-}
-export async function promptDeleteAccount(accounts) {
-    const rl = createInterface({ input, output });
-    try {
-        console.log(`\nSelect account(s) to delete:`);
-        for (const acc of accounts) {
-            const label = acc.email || `Account ${acc.index + 1}`;
-            console.log(`  ${acc.index + 1}. ${label}`);
-        }
-        console.log(`  0. Cancel`);
-        console.log('');
-        while (true) {
-            const answer = await rl.question('Enter account number(s) (e.g., 1,2,3 or 1): ');
-            const trimmed = answer.trim();
-            if (trimmed === '0') {
-                return null;
-            }
-            const parts = trimmed.split(',').map((s) => s.trim());
-            const numbers = [];
-            let invalid = false;
-            for (const part of parts) {
-                const num = parseInt(part, 10);
-                if (isNaN(num) || num < 1 || num > accounts.length) {
-                    invalid = true;
-                    break;
-                }
-                if (!numbers.includes(num)) {
-                    numbers.push(num);
-                }
-            }
-            if (invalid) {
-                console.log(`Please enter valid numbers between 1 and ${accounts.length}, separated by commas`);
-                continue;
-            }
-            if (numbers.length === 0) {
-                console.log(`Please enter at least one account number`);
-                continue;
-            }
-            const indices = numbers.map((n) => n - 1);
-            const selectedAccounts = indices
-                .map((i) => accounts[i])
-                .filter((acc) => acc !== undefined);
-            if (selectedAccounts.length === 0) {
-                console.log(`No valid accounts selected`);
-                continue;
-            }
-            console.log(`\nYou are about to delete ${selectedAccounts.length} account(s):`);
-            for (const acc of selectedAccounts) {
-                const label = acc.email || `Account ${acc.index + 1}`;
-                console.log(`  - ${label}`);
-            }
-            const confirm = await rl.question(`\nConfirm deletion? (y/n): `);
-            const normalized = confirm.trim().toLowerCase();
-            if (normalized === 'y' || normalized === 'yes') {
-                return selectedAccounts.map((acc) => acc.index);
-            }
-            return null;
-        }
-    }
-    finally {
-        rl.close();
-    }
-}
-export async function promptLoginMode(existingAccounts) {
-    const rl = createInterface({ input, output });
-    try {
-        console.log(`\n${existingAccounts.length} account(s) saved:`);
-        for (const acc of existingAccounts) {
-            const label = acc.email || `Account ${acc.index + 1}`;
-            console.log(`  ${acc.index + 1}. ${label}`);
-        }
-        console.log('');
-        while (true) {
-            const answer = await rl.question('(a)dd new account(s), (f)resh start, or (d)elete account? [a/f/d]: ');
-            const normalized = answer.trim().toLowerCase();
-            if (normalized === 'a' || normalized === 'add') {
-                return 'add';
-            }
-            if (normalized === 'f' || normalized === 'fresh') {
-                return 'fresh';
-            }
-            if (normalized === 'd' || normalized === 'delete') {
-                return 'delete';
-            }
-            console.log("Please enter 'a' to add accounts, 'f' to start fresh, or 'd' to delete account.");
-        }
-    }
-    finally {
-        rl.close();
-    }
-}

package/dist/plugin/server.d.ts

@@ -1,34 +0,0 @@
-import type { KiroRegion } from './types';
-export interface KiroIDCTokenResult {
-    email: string;
-    accessToken: string;
-    refreshToken: string;
-    expiresAt: number;
-    clientId: string;
-    clientSecret: string;
-}
-export interface IDCAuthData {
-    verificationUrl: string;
-    verificationUriComplete: string;
-    userCode: string;
-    deviceCode: string;
-    clientId: string;
-    clientSecret: string;
-    interval: number;
-    expiresIn: number;
-    region: KiroRegion;
-    startUrl: string;
-}
-export declare function startIDCAuthServer(authData: IDCAuthData, startPort?: number, portRange?: number): Promise<{
-    url: string;
-    waitForAuth: () => Promise<KiroIDCTokenResult>;
-}>;
-/**
- * Starts a local auth server that first shows a Start URL input page.
- * After the user submits, it calls authorizeKiroIDC internally and transitions
- * to the verification code page — no need to call authorizeKiroIDC beforehand.
- */
-export declare function startIDCAuthServerWithInput(region: KiroRegion, defaultStartUrl: string | undefined, startPort?: number, portRange?: number): Promise<{
-    url: string;
-    waitForAuth: () => Promise<KiroIDCTokenResult>;
-}>;