responses-proxy 0.1.0

package/dist/kiro-codewhisperer.test.js

@@ -0,0 +1,219 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { DEFAULT_KIRO_MODEL_ID, KiroResponseAccumulator, buildCodeWhispererRequest, buildCodeWhispererRequestFromTurns, buildResponsesJson, buildResponsesSseFrames, collectAssistantText, collectInputText, extractAssistantDelta, flattenResponsesConversation, mapModelToCodeWhisperer, } from "./kiro-codewhisperer.js";
+import { encodeEventStreamMessage, parseEventStream } from "./kiro-eventstream.js";
+function toolUseFrame(payload) {
+    return encodeEventStreamMessage({ ":event-type": "toolUseEvent", ":content-type": "application/json" }, Buffer.from(JSON.stringify(payload), "utf8"));
+}
+function assistantFrame(content) {
+    return encodeEventStreamMessage({ ":event-type": "assistantResponseEvent", ":content-type": "application/json" }, Buffer.from(JSON.stringify({ content }), "utf8"));
+}
+test("mapModelToCodeWhisperer resolves known aliases case-insensitively", () => {
+    assert.equal(mapModelToCodeWhisperer("kiro-claude-sonnet-4"), "claude-sonnet-4");
+    assert.equal(mapModelToCodeWhisperer("Claude-Sonnet-4-6"), "claude-sonnet-4-6");
+});
+test("mapModelToCodeWhisperer falls back to the default for unknown aliases", () => {
+    assert.equal(mapModelToCodeWhisperer("gpt-5.5"), DEFAULT_KIRO_MODEL_ID);
+    assert.equal(mapModelToCodeWhisperer(undefined), DEFAULT_KIRO_MODEL_ID);
+});
+test("mapModelToCodeWhisperer passes through recognized lowercase Kiro ids", () => {
+    assert.equal(mapModelToCodeWhisperer("auto"), "auto");
+    assert.equal(mapModelToCodeWhisperer("claude-sonnet-4.5"), "claude-sonnet-4.5");
+});
+test("mapModelToCodeWhisperer strips Anthropic date suffixes (Claude Code ids)", () => {
+    assert.equal(mapModelToCodeWhisperer("claude-sonnet-4-20250514"), "claude-sonnet-4");
+    assert.equal(mapModelToCodeWhisperer("claude-3-5-haiku-20241022"), "claude-3-5-haiku");
+});
+test("flattenResponsesConversation folds instructions into the first user turn", () => {
+    const turns = flattenResponsesConversation({
+        instructions: "You are helpful.",
+        input: [
+            { role: "user", content: "Hello" },
+            { role: "assistant", content: "Hi there" },
+            { role: "user", content: "How are you?" },
+        ],
+    });
+    assert.equal(turns.length, 3);
+    assert.equal(turns[0].role, "user");
+    assert.match(turns[0].content, /You are helpful\./);
+    assert.match(turns[0].content, /Hello/);
+    assert.equal(turns[2].content, "How are you?");
+});
+test("flattenResponsesConversation accepts a plain string input", () => {
+    const turns = flattenResponsesConversation({ input: "just a string" });
+    assert.deepEqual(turns, [{ role: "user", content: "just a string" }]);
+});
+test("flattenResponsesConversation extracts text from content-part arrays", () => {
+    const turns = flattenResponsesConversation({
+        input: [
+            {
+                role: "user",
+                content: [
+                    { type: "input_text", text: "part one " },
+                    { type: "input_text", text: "part two" },
+                ],
+            },
+        ],
+    });
+    assert.equal(turns[0].content, "part one part two");
+});
+test("buildCodeWhispererRequest puts the last user turn as the current message", () => {
+    const request = buildCodeWhispererRequest({
+        body: {
+            input: [
+                { role: "user", content: "first question" },
+                { role: "assistant", content: "first answer" },
+                { role: "user", content: "second question" },
+            ],
+        },
+        modelId: "claude-sonnet-4",
+        profileArn: "arn:aws:codewhisperer:profile/x",
+        conversationId: "conv-1",
+    });
+    assert.match(request.conversationState.currentMessage.userInputMessage.content, /second question$/);
+    assert.equal(request.conversationState.currentMessage.userInputMessage.modelId, "claude-sonnet-4");
+    assert.equal(request.conversationState.conversationId, "conv-1");
+    assert.equal(request.profileArn, "arn:aws:codewhisperer:profile/x");
+    assert.equal(request.inferenceConfig.maxTokens, 32000);
+    assert.equal(request.conversationState.history.length, 2);
+    assert.ok("userInputMessage" in request.conversationState.history[0]);
+    assert.ok("assistantResponseMessage" in request.conversationState.history[1]);
+});
+test("buildCodeWhispererRequest omits profileArn when absent", () => {
+    const request = buildCodeWhispererRequest({
+        body: { input: "hi" },
+        modelId: DEFAULT_KIRO_MODEL_ID,
+    });
+    assert.equal("profileArn" in request, false);
+    assert.match(request.conversationState.currentMessage.userInputMessage.content, /hi$/);
+});
+test("extractAssistantDelta reads content from a parsed frame", () => {
+    const [message] = parseEventStream(assistantFrame("chunk-text"));
+    assert.equal(extractAssistantDelta(message), "chunk-text");
+});
+test("collectAssistantText concatenates all assistant deltas", () => {
+    const buffer = Buffer.concat([
+        assistantFrame("Hello, "),
+        assistantFrame("world"),
+        assistantFrame("!"),
+    ]);
+    const { text, error } = collectAssistantText(buffer);
+    assert.equal(text, "Hello, world!");
+    assert.equal(error, undefined);
+});
+test("collectAssistantText surfaces error frames", () => {
+    const errorFrame = encodeEventStreamMessage({ ":event-type": "errorEvent", ":content-type": "application/json" }, Buffer.from(JSON.stringify({ message: "quota exceeded" }), "utf8"));
+    const buffer = Buffer.concat([assistantFrame("partial"), errorFrame]);
+    const { text, error } = collectAssistantText(buffer);
+    assert.equal(text, "partial");
+    assert.equal(error, "quota exceeded");
+});
+test("buildResponsesJson produces a completed response with usage", () => {
+    const json = buildResponsesJson({
+        text: "answer text",
+        model: "kiro-claude-sonnet-4",
+        inputText: "some input prompt",
+    });
+    assert.equal(json.status, "completed");
+    assert.equal(json.model, "kiro-claude-sonnet-4");
+    const output = json.output;
+    const content = output[0].content;
+    assert.equal(content[0].text, "answer text");
+    const usage = json.usage;
+    assert.ok(usage.total_tokens > 0);
+    assert.equal(usage.total_tokens, usage.input_tokens + usage.output_tokens);
+});
+test("buildResponsesSseFrames ends with a completed event and [DONE]", () => {
+    const frames = buildResponsesSseFrames({
+        text: "streamed answer",
+        model: "kiro-claude-sonnet-4",
+        inputText: "prompt",
+    });
+    const joined = frames.join("");
+    assert.match(joined, /event: response\.created/);
+    assert.match(joined, /event: response\.output_text\.delta/);
+    assert.match(joined, /"delta":"streamed answer"/);
+    assert.match(joined, /event: response\.completed/);
+    assert.ok(frames[frames.length - 1].includes("[DONE]"));
+});
+test("collectInputText joins all turns for token estimation", () => {
+    const text = collectInputText({
+        instructions: "sys",
+        input: [
+            { role: "user", content: "a" },
+            { role: "assistant", content: "b" },
+        ],
+    });
+    assert.match(text, /sys/);
+    assert.match(text, /a/);
+    assert.match(text, /b/);
+});
+test("buildCodeWhispererRequestFromTurns puts tool specs in current message context", () => {
+    const request = buildCodeWhispererRequestFromTurns({
+        turns: [{ role: "user", content: "weather?" }],
+        modelId: "claude-sonnet-4",
+        tools: [
+            { name: "get_weather", description: "Get it", inputSchema: { type: "object", properties: {} } },
+        ],
+    });
+    const context = request.conversationState.currentMessage.userInputMessage
+        .userInputMessageContext;
+    const tools = context.tools;
+    assert.equal(tools.length, 1);
+    const spec = tools[0].toolSpecification;
+    assert.equal(spec.name, "get_weather");
+    assert.deepEqual(spec.inputSchema, { json: { type: "object", properties: {}, required: [] } });
+});
+test("buildCodeWhispererRequestFromTurns maps tool results on the current user turn", () => {
+    const request = buildCodeWhispererRequestFromTurns({
+        turns: [
+            { role: "user", content: "weather?" },
+            { role: "assistant", content: "", toolUses: [{ toolUseId: "tu_1", name: "get_weather", input: { city: "NYC" } }] },
+            { role: "user", content: "", toolResults: [{ toolUseId: "tu_1", content: "Sunny" }] },
+        ],
+        modelId: "claude-sonnet-4",
+    });
+    const context = request.conversationState.currentMessage.userInputMessage
+        .userInputMessageContext;
+    const toolResults = context.toolResults;
+    assert.equal(toolResults.length, 1);
+    assert.equal(toolResults[0].toolUseId, "tu_1");
+    assert.equal(toolResults[0].status, "success");
+    assert.deepEqual(toolResults[0].content, [{ text: "Sunny" }]);
+    // The assistant tool call is preserved in history.
+    const history = request.conversationState.history;
+    const assistantEntry = history.find((h) => "assistantResponseMessage" in h);
+    assert.ok(assistantEntry);
+});
+test("KiroResponseAccumulator accumulates a tool call across frames", () => {
+    const accumulator = new KiroResponseAccumulator();
+    const frames = [
+        toolUseFrame({ toolUseId: "tu_1", name: "get_weather", input: '{"ci' }),
+        toolUseFrame({ toolUseId: "tu_1", input: 'ty":"NYC"}', stop: true }),
+    ];
+    for (const frame of frames) {
+        for (const message of parseEventStream(frame)) {
+            accumulator.push(message);
+        }
+    }
+    assert.ok(accumulator.hasToolUses());
+    const toolUses = accumulator.toolUses();
+    assert.equal(toolUses.length, 1);
+    assert.equal(toolUses[0].toolUseId, "tu_1");
+    assert.equal(toolUses[0].name, "get_weather");
+    assert.deepEqual(toolUses[0].input, { city: "NYC" });
+});
+test("KiroResponseAccumulator collects text and reports per-frame deltas", () => {
+    const accumulator = new KiroResponseAccumulator();
+    const frame = encodeEventStreamMessage({ ":event-type": "assistantResponseEvent", ":content-type": "application/json" }, Buffer.from(JSON.stringify({ content: "hello" }), "utf8"));
+    let textDelta = "";
+    for (const message of parseEventStream(frame)) {
+        const result = accumulator.push(message);
+        if (result.textDelta) {
+            textDelta += result.textDelta;
+        }
+    }
+    assert.equal(textDelta, "hello");
+    assert.equal(accumulator.text, "hello");
+    assert.equal(accumulator.hasToolUses(), false);
+});

package/dist/kiro-device-login.js

@@ -0,0 +1,338 @@
+import { randomUUID } from "node:crypto";
+import BetterSqlite3 from "better-sqlite3";
+import { PROVIDER_CONNECTIONS_DDL } from "./kiro-import.js";
+// ─── Error Class ───
+export class DeviceLoginError extends Error {
+    statusCode;
+    body;
+    constructor(statusCode, body) {
+        super(body.message);
+        this.statusCode = statusCode;
+        this.body = body;
+    }
+}
+// ─── Registration Cache DDL & Helpers (Task 2.2) ───
+export const REGISTRATION_CACHE_DDL = `
+CREATE TABLE IF NOT EXISTS kiro_registration_cache (
+  region TEXT NOT NULL,
+  startUrl TEXT NOT NULL,
+  clientId TEXT NOT NULL,
+  clientSecret TEXT NOT NULL,
+  clientSecretExpiresAt INTEGER NOT NULL,
+  createdAt TEXT NOT NULL DEFAULT (datetime('now')),
+  PRIMARY KEY (region, startUrl)
+);
+`;
+export function getRegistrationCache(db, region, startUrl) {
+    const nowUnixSeconds = Math.floor(Date.now() / 1000);
+    const row = db
+        .prepare(`SELECT region, startUrl, clientId, clientSecret, clientSecretExpiresAt
+       FROM kiro_registration_cache
+       WHERE region = ? AND startUrl = ? AND clientSecretExpiresAt > ?`)
+        .get(region, startUrl, nowUnixSeconds);
+    if (!row)
+        return undefined;
+    return {
+        region: row.region,
+        startUrl: row.startUrl,
+        clientId: row.clientId,
+        clientSecret: row.clientSecret,
+        clientSecretExpiresAt: row.clientSecretExpiresAt,
+    };
+}
+export function setRegistrationCache(db, entry) {
+    db.prepare(`INSERT INTO kiro_registration_cache (region, startUrl, clientId, clientSecret, clientSecretExpiresAt, createdAt)
+     VALUES (?, ?, ?, ?, ?, ?)
+     ON CONFLICT(region, startUrl) DO UPDATE SET
+       clientId = excluded.clientId,
+       clientSecret = excluded.clientSecret,
+       clientSecretExpiresAt = excluded.clientSecretExpiresAt,
+       createdAt = excluded.createdAt`).run(entry.region, entry.startUrl, entry.clientId, entry.clientSecret, entry.clientSecretExpiresAt, new Date().toISOString());
+}
+// ─── DeviceLoginService (Tasks 2.3–2.6) ───
+export class DeviceLoginService {
+    sessions = new Map();
+    config;
+    appDb;
+    kiroDbPath;
+    fetchImpl;
+    constructor(deps) {
+        this.config = deps.config;
+        this.appDb = deps.appDb;
+        this.kiroDbPath = deps.kiroDbPath;
+        this.fetchImpl = deps.fetchImpl ?? fetch;
+        // Ensure the registration cache table exists
+        this.appDb.exec(REGISTRATION_CACHE_DDL);
+    }
+    // ─── Session Management (Task 2.3) ───
+    pruneExpiredSessions() {
+        const now = Date.now();
+        for (const [id, session] of this.sessions) {
+            if (session.expiresAt < now) {
+                this.sessions.delete(id);
+            }
+        }
+    }
+    // ─── startDeviceLogin (Task 2.4) ───
+    async startDeviceLogin(input) {
+        // Validate IDC inputs
+        if (input.authMethod === "idc") {
+            if (!input.startUrl?.trim()) {
+                throw new DeviceLoginError(422, {
+                    type: "validation_error",
+                    code: "VALIDATION_MISSING_START_URL",
+                    message: "IDC login requires a non-empty startUrl.",
+                });
+            }
+            if (!input.region?.trim()) {
+                throw new DeviceLoginError(422, {
+                    type: "validation_error",
+                    code: "VALIDATION_MISSING_REGION",
+                    message: "IDC login requires a non-empty region.",
+                });
+            }
+        }
+        // Resolve region and startUrl based on authMethod
+        const region = input.authMethod === "builder_id"
+            ? this.config.KIRO_DEFAULT_REGION
+            : input.region.trim();
+        const startUrl = input.authMethod === "builder_id"
+            ? this.config.KIRO_BUILDER_ID_START_URL
+            : input.startUrl.trim();
+        // Check registration cache
+        let clientId;
+        let clientSecret;
+        const cached = getRegistrationCache(this.appDb, region, startUrl);
+        if (cached) {
+            clientId = cached.clientId;
+            clientSecret = cached.clientSecret;
+        }
+        else {
+            // Call RegisterClient
+            const registerResult = await this.registerClient(region, startUrl, input.authMethod);
+            clientId = registerResult.clientId;
+            clientSecret = registerResult.clientSecret;
+            // Store in cache
+            setRegistrationCache(this.appDb, {
+                region,
+                startUrl,
+                clientId,
+                clientSecret,
+                clientSecretExpiresAt: registerResult.clientSecretExpiresAt,
+            });
+        }
+        // Call StartDeviceAuthorization
+        const oidcBase = `https://oidc.${region}.amazonaws.com`;
+        let deviceAuthResponse;
+        try {
+            deviceAuthResponse = await this.fetchImpl(`${oidcBase}/device_authorization`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({ clientId, clientSecret, startUrl }),
+            });
+        }
+        catch {
+            throw new DeviceLoginError(502, {
+                type: "upstream_error",
+                code: "OIDC_NETWORK_ERROR",
+                message: "Cannot reach AWS SSO-OIDC endpoint.",
+            });
+        }
+        if (!deviceAuthResponse.ok) {
+            const status = deviceAuthResponse.status;
+            throw new DeviceLoginError(502, {
+                type: "upstream_error",
+                code: "OIDC_DEVICE_AUTH_FAILED",
+                message: `Device authorization failed: ${status}.`,
+            });
+        }
+        const deviceAuthData = (await deviceAuthResponse.json());
+        // Create DeviceSession
+        const sessionId = randomUUID();
+        const session = {
+            sessionId,
+            deviceCode: deviceAuthData.deviceCode,
+            clientId,
+            clientSecret,
+            interval: deviceAuthData.interval,
+            expiresAt: Date.now() + deviceAuthData.expiresIn * 1000,
+            region,
+            startUrl,
+            authMethod: input.authMethod,
+            status: "pending",
+            lastPollAt: 0,
+        };
+        this.sessions.set(sessionId, session);
+        return {
+            sessionId,
+            userCode: deviceAuthData.userCode,
+            verificationUri: deviceAuthData.verificationUri,
+            verificationUriComplete: deviceAuthData.verificationUriComplete,
+            expiresIn: deviceAuthData.expiresIn,
+            interval: deviceAuthData.interval,
+        };
+    }
+    // ─── pollDeviceLogin (Task 2.5) ───
+    async pollDeviceLogin(sessionId) {
+        const session = this.sessions.get(sessionId);
+        // Session not found or already completed/errored
+        if (!session || session.status === "completed" || session.status === "error") {
+            throw new DeviceLoginError(404, {
+                type: "internal_error",
+                code: "SESSION_NOT_FOUND",
+                message: "Device login session not found or already completed.",
+            });
+        }
+        // Check expiry
+        const now = Date.now();
+        if (now >= session.expiresAt) {
+            session.status = "expired";
+            return { status: "expired" };
+        }
+        // Rate limit: if interval hasn't elapsed since last poll, return current status
+        if (session.lastPollAt > 0 && now - session.lastPollAt < session.interval * 1000) {
+            return { status: "pending", interval: session.interval };
+        }
+        // Call CreateToken
+        session.lastPollAt = now;
+        const oidcBase = `https://oidc.${session.region}.amazonaws.com`;
+        let tokenResponse;
+        try {
+            tokenResponse = await this.fetchImpl(`${oidcBase}/token`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    clientId: session.clientId,
+                    clientSecret: session.clientSecret,
+                    deviceCode: session.deviceCode,
+                    grantType: "urn:ietf:params:oauth:grant-type:device_code",
+                }),
+            });
+        }
+        catch {
+            // Network error — don't mark session as errored, allow retry
+            throw new DeviceLoginError(502, {
+                type: "upstream_error",
+                code: "OIDC_NETWORK_ERROR",
+                message: "Cannot reach AWS SSO-OIDC endpoint.",
+            });
+        }
+        if (tokenResponse.ok) {
+            // Success — persist account and mark completed
+            const tokenData = (await tokenResponse.json());
+            const account = this.persistAccount(session, tokenData);
+            session.status = "completed";
+            session.completedAccount = account;
+            return {
+                status: "completed",
+                account,
+            };
+        }
+        // Error response from OIDC
+        const errorBody = (await tokenResponse.json().catch(() => ({})));
+        const errorCode = errorBody.error ?? "unknown_error";
+        if (errorCode === "authorization_pending") {
+            return { status: "pending", interval: session.interval };
+        }
+        if (errorCode === "slow_down") {
+            session.interval += 5;
+            return { status: "pending", interval: session.interval };
+        }
+        // Terminal error
+        const errorMessage = errorBody.error_description ?? `Authorization failed: ${errorCode}`;
+        session.status = "error";
+        session.error = { code: errorCode, message: errorMessage };
+        return {
+            status: "error",
+            error: { code: errorCode, message: errorMessage },
+        };
+    }
+    // ─── Account Persistence (Task 2.6) ───
+    persistAccount(session, tokenData) {
+        const accountId = randomUUID();
+        const now = new Date();
+        const expiresAt = new Date(now.getTime() + tokenData.expiresIn * 1000).toISOString();
+        const name = "Kiro Device Login";
+        const dataJson = JSON.stringify({
+            accessToken: tokenData.accessToken,
+            refreshToken: tokenData.refreshToken,
+            expiresAt,
+            expiresIn: tokenData.expiresIn,
+            providerSpecificData: {
+                clientId: session.clientId,
+                clientSecret: session.clientSecret,
+                region: session.region,
+                authMethod: session.authMethod,
+                startUrl: session.startUrl,
+                profileArn: null,
+            },
+        });
+        let db;
+        try {
+            db = new BetterSqlite3(this.kiroDbPath);
+            db.pragma("journal_mode = WAL");
+            db.exec(PROVIDER_CONNECTIONS_DDL);
+            db.prepare(`INSERT INTO providerConnections
+           (id, provider, authType, name, email, priority, isActive, data, createdAt, updatedAt)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(accountId, "kiro", "sso-oidc", name, null, 100, 1, dataJson, now.toISOString(), now.toISOString());
+        }
+        catch (err) {
+            throw new DeviceLoginError(500, {
+                type: "internal_error",
+                code: "ACCOUNT_PERSIST_FAILED",
+                message: "Failed to save account after successful login.",
+            });
+        }
+        finally {
+            db?.close();
+        }
+        return { id: accountId, name };
+    }
+    // ─── RegisterClient Helper ───
+    async registerClient(region, startUrl, authMethod) {
+        const oidcBase = `https://oidc.${region}.amazonaws.com`;
+        const body = {
+            clientName: this.config.KIRO_DEVICE_CLIENT_NAME,
+            clientType: "public",
+            scopes: this.config.KIRO_DEVICE_SCOPES,
+        };
+        if (authMethod === "idc") {
+            body.issuerUrl = startUrl;
+            body.grantTypes = [
+                "urn:ietf:params:oauth:grant-type:device_code",
+                "refresh_token",
+            ];
+        }
+        let response;
+        try {
+            response = await this.fetchImpl(`${oidcBase}/client/register`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify(body),
+            });
+        }
+        catch {
+            throw new DeviceLoginError(502, {
+                type: "upstream_error",
+                code: "OIDC_NETWORK_ERROR",
+                message: "Cannot reach AWS SSO-OIDC endpoint.",
+            });
+        }
+        if (!response.ok) {
+            const status = response.status;
+            const text = await response.text().catch(() => "");
+            const excerpt = text.slice(0, 200);
+            throw new DeviceLoginError(502, {
+                type: "upstream_error",
+                code: "OIDC_REGISTER_FAILED",
+                message: `Client registration failed: ${status} ${excerpt}.`,
+            });
+        }
+        const data = (await response.json());
+        return {
+            clientId: data.clientId,
+            clientSecret: data.clientSecret,
+            clientSecretExpiresAt: data.clientSecretExpiresAt,
+        };
+    }
+}