opencode
opencode copied to clipboard
Published
8 hours ago
•
anomalyco
anomalyco
feat: add Kiro provider
Closes #9165
Summary
Add a new provider for Kiro (AWS CodeWhisperer) that enables access to Claude models via AWS Bedrock using Kiro CLI authentication.
Features
- Full LanguageModelV2 SDK implementation - Complete AI SDK v2 compatibility
- Plugin-based authentication - Uses Kiro CLI's SQLite token storage
- Automatic token refresh - Refreshes expired tokens via AWS SSO OIDC endpoint automatically
-
Automatic login prompt - Prompts user to run
kiro-cli loginwhen token is missing or refresh fails - AWS Event Stream parsing - Proper handling of streaming responses
- Extended thinking support - Thinking mode variants (high, max) for supported models
Supported Models
| Model | Thinking Support | Context Limit |
|---|---|---|
claude-sonnet-4-5 |
✅ (high, max) | 200K |
claude-opus-4-5 |
✅ (high, max) | 200K |
claude-sonnet-4 |
✅ (high, max) | 200K |
claude-haiku-4-5 |
❌ | 200K |
claude-3-7-sonnet |
✅ (high, max) | 200K |
Architecture
graph TB
subgraph OpenCode
A[Session/LLM] --> B[KiroLanguageModel]
B --> C[Converters]
B --> D[Streaming Parser]
end
subgraph Authentication
E[KiroAuthPlugin] --> F[(Kiro CLI SQLite)]
E --> G[AWS SSO OIDC]
end
subgraph External
H[AWS Bedrock API]
end
B --> E
E -->|Bearer Token| H
H -->|Event Stream| D
C -->|Kiro Payload| H
Token Refresh Flow
sequenceDiagram
participant OC as OpenCode
participant Plugin as KiroAuthPlugin
participant DB as SQLite DB
participant OIDC as AWS SSO OIDC
participant API as AWS Bedrock
OC->>Plugin: Request with token
Plugin->>DB: Get token
DB-->>Plugin: Token (expires_at)
alt Token valid (> 5min remaining)
Plugin->>API: Request with Bearer token
API-->>OC: Response
else Token expired or expiring soon
Plugin->>OIDC: Refresh token request
OIDC-->>Plugin: New access_token (1hr)
Plugin->>DB: Save new token
Plugin->>API: Request with new Bearer token
API-->>OC: Response
end
Token Management
Automatic Refresh
- Access tokens expire in 1 hour
- Tokens are automatically refreshed via AWS SSO OIDC before expiry (5 min buffer)
- Refreshed tokens are saved back to Kiro CLI's SQLite database
- Tokens are shared with Kiro CLI (same database location)
Token Storage Location
| OS | Path |
|---|---|
| macOS | ~/Library/Application Support/kiro-cli/data.sqlite3 |
| Windows | %APPDATA%/kiro-cli/data.sqlite3 |
| Linux | ~/.local/share/kiro-cli/data.sqlite3 |
File Structure
packages/opencode/src/
├── plugin/kiro.ts # Authentication plugin with auto-refresh
├── provider/
│ ├── provider.ts # Model definitions
│ ├── transform.ts # Variant support
│ └── sdk/kiro/src/
│ ├── index.ts # SDK entry point
│ ├── kiro-provider.ts # Provider factory
│ ├── kiro-language-model.ts # LanguageModelV2 implementation
│ ├── converters.ts # Prompt conversion
│ ├── streaming.ts # AWS Event Stream parser
│ └── model-resolver.ts # Model name normalization
Testing
All 36 tests passing:
packages/opencode/test/
├── plugin/kiro.test.ts # 4 tests
├── provider/kiro.test.ts # 24 tests
└── provider/kiro-provider.test.ts # 8 tests
36 pass
0 fail
82 expect() calls
Verification
Tested and verified working:
- ✅ Basic chat conversations
- ✅ Tool calls (bash, read, write, etc.)
- ✅ Multi-turn conversations
- ✅ Extended thinking mode
- ✅ Streaming responses
- ✅ Automatic token refresh
Checklist
- [x] Code follows the project's style guidelines
- [x] Tests added and passing
- [x] TypeScript typecheck passes
