diff --git a/open-sse/config/providerModels.js b/open-sse/config/providerModels.js
index 1cc4ee5f..42b22f0e 100644
--- a/open-sse/config/providerModels.js
+++ b/open-sse/config/providerModels.js
@@ -104,11 +104,19 @@ export const PROVIDER_MODELS = {
     { id: "oswe-vscode-prime", name: "Raptor Mini" },
   ],
   kr: [  // Kiro AI
-    // { id: "claude-opus-4.5", name: "Claude Opus 4.5" },
+    // Claude 4.6 series
+    { id: "claude-opus-4.6", name: "Claude Opus 4.6" },
+    { id: "claude-sonnet-4.6", name: "Claude Sonnet 4.6" },
+    // Claude 4.5 series
+    { id: "claude-opus-4.5", name: "Claude Opus 4.5" },
     { id: "claude-sonnet-4.5", name: "Claude Sonnet 4.5" },
     { id: "claude-haiku-4.5", name: "Claude Haiku 4.5" },
-    { id: "deepseek-3.2", name: "DeepSeek 3.2" },
+    // Claude 4 series
+    { id: "claude-sonnet-4", name: "Claude Sonnet 4" },
+    // Other models
+    { id: "deepseek-3.2", name: "DeepSeek V3.2" },
     { id: "deepseek-3.1", name: "DeepSeek 3.1" },
+    { id: "minimax-m2.1", name: "MiniMax M2.1" },
     { id: "qwen3-coder-next", name: "Qwen3 Coder Next" },
   ],
   cu: [  // Cursor IDE
diff --git a/open-sse/executors/codex.js b/open-sse/executors/codex.js
index ca062ecb..0093193a 100644
--- a/open-sse/executors/codex.js
+++ b/open-sse/executors/codex.js
@@ -1,5 +1,6 @@
 import { BaseExecutor } from "./base.js";
 import { CODEX_DEFAULT_INSTRUCTIONS } from "../config/codexInstructions.js";
+import { OAUTH_ENDPOINTS } from "../config/constants.js";
 import { PROVIDERS } from "../config/providers.js";
 import { normalizeResponsesInput } from "../translator/helpers/responsesApiHelper.js";
 
@@ -12,6 +13,37 @@ export class CodexExecutor extends BaseExecutor {
     super("codex", PROVIDERS.codex);
   }
 
+  async refreshCredentials(credentials, log) {
+    if (!credentials.refreshToken) return null;
+
+    try {
+      const response = await fetch(OAUTH_ENDPOINTS.openai.token, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded", "Accept": "application/json" },
+        body: new URLSearchParams({
+          grant_type: "refresh_token",
+          refresh_token: credentials.refreshToken,
+          client_id: this.config.clientId,
+          scope: "openid profile email offline_access"
+        })
+      });
+
+      if (!response.ok) return null;
+
+      const tokens = await response.json();
+      log?.info?.("TOKEN", "Codex refreshed");
+
+      return {
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token || credentials.refreshToken,
+        expiresIn: tokens.expires_in
+      };
+    } catch (error) {
+      log?.error?.("TOKEN", `Codex refresh error: ${error.message}`);
+      return null;
+    }
+  }
+
   /**
    * Override headers to add session_id per request
    */
diff --git a/open-sse/services/usage.js b/open-sse/services/usage.js
index bf0c28ab..646f0a76 100644
--- a/open-sse/services/usage.js
+++ b/open-sse/services/usage.js
@@ -533,19 +533,26 @@ async function getCodexUsage(accessToken) {
  * Kiro (AWS CodeWhisperer) Usage
  */
 async function getKiroUsage(accessToken, providerSpecificData) {
-  // Default profileArn fallback
-  const DEFAULT_PROFILE_ARN = "arn:aws:codewhisperer:us-east-1:638616132270:profile/AAAACCCCXXXX";
-  const profileArn = providerSpecificData?.profileArn || DEFAULT_PROFILE_ARN;
+  // profileArn is optional and only needed for specific AWS account filtering
+  const profileArn = providerSpecificData?.profileArn;
+  const region = providerSpecificData?.region || "us-east-1";
 
   try {
     // Try old API first (POST method)
     const payload = {
       origin: "AI_EDITOR",
-      profileArn: profileArn,
       resourceType: "AGENTIC_REQUEST",
     };
 
-    const response = await fetch("https://codewhisperer.us-east-1.amazonaws.com", {
+    // Only add profileArn if available
+    if (profileArn) {
+      payload.profileArn = profileArn;
+    }
+
+    // Use region-specific endpoint
+    const endpoint = `https://codewhisperer.${region}.amazonaws.com`;
+
+    const response = await fetch(endpoint, {
       method: "POST",
       headers: {
         "Authorization": `Bearer ${accessToken}`,
@@ -559,8 +566,23 @@ async function getKiroUsage(accessToken, providerSpecificData) {
     if (!response.ok) {
       const errorText = await response.text();
 
-      // Handle authentication errors gracefully
-      if (response.status === 403 || response.status === 401) {
+      // Handle specific error cases with user-friendly messages
+      if (response.status === 403) {
+        try {
+          const errorData = JSON.parse(errorText);
+          if (errorData.reason === "FEATURE_NOT_SUPPORTED") {
+            return {
+              message: "Kiro connected. Usage tracking unavailable for this AWS organization."
+            };
+          }
+        } catch (e) {
+          // Continue with generic error
+        }
+        return {
+          message: "Kiro connected. Unable to fetch usage data."
+        };
+      }
+      if (response.status === 401) {
         return {
           message: "Kiro quota API authentication expired. Chat may still work.",
           quotas: {}
diff --git a/open-sse/utils/usageTracking.js b/open-sse/utils/usageTracking.js
index 810f6235..467c2fa7 100644
--- a/open-sse/utils/usageTracking.js
+++ b/open-sse/utils/usageTracking.js
@@ -310,6 +310,11 @@ export function logUsage(provider, usage, model = null, connectionId = null, api
   const reasoning = usage.reasoning_tokens;
   if (reasoning) msg += ` | reasoning=${reasoning}`;
 
+  // Note for Kiro: credit-based pricing
+  if (provider === "kiro") {
+    msg += ` ${COLORS.yellow}(credit-based - see dashboard for actual usage)${COLORS.reset}`;
+  }
+
   console.log(msg);
 
   // Save to usage DB
diff --git a/src/app/(dashboard)/dashboard/profile/page.js b/src/app/(dashboard)/dashboard/profile/page.js
index 63d985b2..38c1dec6 100644
--- a/src/app/(dashboard)/dashboard/profile/page.js
+++ b/src/app/(dashboard)/dashboard/profile/page.js
@@ -314,6 +314,21 @@ export default function ProfilePage() {
     }
   };
 
+  const updateKiroAuthUrl = async (url) => {
+    try {
+      const res = await fetch("/api/settings", {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ kiroAuthUrl: url.trim() || "https://view.awsapps.com/start" }),
+      });
+      if (res.ok) {
+        setSettings(prev => ({ ...prev, kiroAuthUrl: url.trim() || "https://view.awsapps.com/start" }));
+      }
+    } catch (err) {
+      console.error("Failed to update Kiro auth URL:", err);
+    }
+  };
+
   const observabilityEnabled = settings.observabilityEnabled === true;
 
   return (
@@ -597,6 +612,34 @@ export default function ProfilePage() {
           </div>
         </Card>
 
+        {/* Provider Configuration */}
+        <Card>
+          <div className="flex items-center gap-3 mb-4">
+            <div className="p-2 rounded-lg bg-purple-500/10 text-purple-500">
+              <span className="material-symbols-outlined text-[20px]">settings</span>
+            </div>
+            <h3 className="text-lg font-semibold">Provider Configuration</h3>
+          </div>
+          <div className="flex flex-col gap-4">
+            <div>
+              <label className="block text-sm font-medium mb-2">
+                Kiro AWS Builder ID Start URL <span className="text-xs text-text-muted">(Optional)</span>
+              </label>
+              <Input
+                type="text"
+                value={settings.kiroAuthUrl || ""}
+                onChange={(e) => updateKiroAuthUrl(e.target.value)}
+                placeholder="https://view.awsapps.com/start"
+                disabled={loading}
+                className="font-mono text-sm"
+              />
+              <p className="text-xs text-text-muted mt-2">
+                Custom AWS SSO start URL for Kiro authentication. Leave empty to use default.
+              </p>
+            </div>
+          </div>
+        </Card>
+
         {/* Observability Settings */}
         <Card>
           <div className="flex items-center gap-3 mb-4">
diff --git a/src/app/(dashboard)/dashboard/providers/[id]/page.js b/src/app/(dashboard)/dashboard/providers/[id]/page.js
index 11869b20..dcc6ff34 100644
--- a/src/app/(dashboard)/dashboard/providers/[id]/page.js
+++ b/src/app/(dashboard)/dashboard/providers/[id]/page.js
@@ -1438,6 +1438,9 @@ function ConnectionRow({ connection, proxyPools, isOAuth, isFirst, isLast, onMov
 
   // Use useState + useEffect for impure Date.now() to avoid calling during render
   const [isCooldown, setIsCooldown] = useState(false);
+  const [refreshing, setRefreshing] = useState(false);
+  const [refreshMessage, setRefreshMessage] = useState(null);
+  const [tokenExpiry, setTokenExpiry] = useState(null);
 
   // Get earliest model lock timestamp (useEffect handles the Date.now() comparison)
   const modelLockUntil = Object.entries(connection)
@@ -1463,6 +1466,48 @@ function ConnectionRow({ connection, proxyPools, isOAuth, isFirst, isLast, onMov
     };
   }, [modelLockUntil]);
 
+  // Calculate token expiry info
+  useEffect(() => {
+    if (!isOAuth || !connection.tokenExpiresAt) {
+      setTokenExpiry(null);
+      return;
+    }
+
+    const updateExpiry = () => {
+      const expiresAt = new Date(connection.tokenExpiresAt).getTime();
+      const now = Date.now();
+      const diff = expiresAt - now;
+
+      if (diff <= 0) {
+        setTokenExpiry({ expired: true, text: "Expired", warning: true });
+      } else {
+        const minutes = Math.floor(diff / 60000);
+        const hours = Math.floor(minutes / 60);
+        const days = Math.floor(hours / 24);
+
+        let text;
+        if (days > 0) {
+          text = `${days}d`;
+        } else if (hours > 0) {
+          text = `${hours}h`;
+        } else {
+          text = `${minutes}m`;
+        }
+
+        setTokenExpiry({
+          expired: false,
+          text: `Expires in ${text}`,
+          warning: minutes < 5,
+          minutes,
+        });
+      }
+    };
+
+    updateExpiry();
+    const interval = setInterval(updateExpiry, 60000); // Update every minute
+    return () => clearInterval(interval);
+  }, [connection.tokenExpiresAt, isOAuth]);
+
   // Determine effective status (override unavailable if cooldown expired)
   const effectiveStatus = (connection.testStatus === "unavailable" && !isCooldown)
     ? "active"  // Cooldown expired → treat as active
@@ -1475,6 +1520,41 @@ function ConnectionRow({ connection, proxyPools, isOAuth, isFirst, isLast, onMov
     return "default";
   };
 
+  const handleRefreshToken = async () => {
+    setRefreshing(true);
+    setRefreshMessage(null);
+
+    try {
+      const res = await fetch("/api/oauth/refresh", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ connectionId: connection.id }),
+      });
+
+      const data = await res.json();
+
+      if (res.ok) {
+        setRefreshMessage({ type: "success", text: "Token refreshed successfully" });
+        // Update local token expiry
+        if (data.expiresAt) {
+          connection.tokenExpiresAt = data.expiresAt;
+        }
+        // Auto-hide success message after 3 seconds
+        setTimeout(() => setRefreshMessage(null), 3000);
+      } else {
+        const errorMsg = data.error || "Failed to refresh token";
+        setRefreshMessage({ type: "error", text: errorMsg });
+        // Auto-hide error message after 5 seconds
+        setTimeout(() => setRefreshMessage(null), 5000);
+      }
+    } catch (error) {
+      setRefreshMessage({ type: "error", text: "Network error. Please try again." });
+      setTimeout(() => setRefreshMessage(null), 5000);
+    } finally {
+      setRefreshing(false);
+    }
+  };
+
   return (
     <div className={`group flex items-center justify-between p-3 rounded-lg hover:bg-black/[0.02] dark:hover:bg-white/[0.02] transition-colors ${connection.isActive === false ? "opacity-60" : ""}`}>
       <div className="flex items-center gap-3 flex-1 min-w-0">
@@ -1500,7 +1580,7 @@ function ConnectionRow({ connection, proxyPools, isOAuth, isFirst, isLast, onMov
         </span>
         <div className="flex-1 min-w-0">
           <p className="text-sm font-medium truncate">{displayName}</p>
-          <div className="flex items-center gap-2 mt-1">
+          <div className="flex items-center gap-2 mt-1 flex-wrap">
             <Badge variant={getStatusVariant()} size="sm" dot>
               {connection.isActive === false ? "disabled" : (effectiveStatus || "Unknown")}
             </Badge>
@@ -1510,11 +1590,21 @@ function ConnectionRow({ connection, proxyPools, isOAuth, isFirst, isLast, onMov
               </Badge>
             )}
             {isCooldown && connection.isActive !== false && <CooldownTimer until={modelLockUntil} />}
+            {tokenExpiry && (
+              <span className={`text-xs font-mono ${tokenExpiry.warning ? "text-orange-500" : "text-text-muted"}`} title={connection.tokenExpiresAt}>
+                {tokenExpiry.text}
+              </span>
+            )}
             {connection.lastError && connection.isActive !== false && (
               <span className="text-xs text-red-500 truncate max-w-[300px]" title={connection.lastError}>
                 {connection.lastError}
               </span>
             )}
+            {refreshMessage && (
+              <span className={`text-xs ${refreshMessage.type === "success" ? "text-green-500" : "text-red-500"}`}>
+                {refreshMessage.text}
+              </span>
+            )}
             <span className="text-xs text-text-muted">#{connection.priority}</span>
             {connection.globalPriority && (
               <span className="text-xs text-text-muted">Auto: {connection.globalPriority}</span>
@@ -1575,6 +1665,19 @@ function ConnectionRow({ connection, proxyPools, isOAuth, isFirst, isLast, onMov
               )}
             </div>
           )}
+          {isOAuth && (
+            <button
+              onClick={handleRefreshToken}
+              disabled={refreshing}
+              className="flex flex-col items-center px-2 py-1 rounded hover:bg-black/5 dark:hover:bg-white/5 text-text-muted hover:text-primary disabled:opacity-30 disabled:cursor-not-allowed"
+              title="Manually refresh OAuth token"
+            >
+              <span className={`material-symbols-outlined text-[18px] ${refreshing ? "animate-spin" : ""}`}>
+                {refreshing ? "progress_activity" : "refresh"}
+              </span>
+              <span className="text-[10px] leading-tight">Refresh</span>
+            </button>
+          )}
           <button onClick={onEdit} className="flex flex-col items-center px-2 py-1 rounded hover:bg-black/5 dark:hover:bg-white/5 text-text-muted hover:text-primary">
             <span className="material-symbols-outlined text-[18px]">edit</span>
             <span className="text-[10px] leading-tight">Edit</span>
@@ -1607,6 +1710,8 @@ ConnectionRow.propTypes = {
     lastError: PropTypes.string,
     priority: PropTypes.number,
     globalPriority: PropTypes.number,
+    tokenExpiresAt: PropTypes.string,
+    authType: PropTypes.string,
   }).isRequired,
   proxyPools: PropTypes.arrayOf(PropTypes.shape({
     id: PropTypes.string,
diff --git a/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/QuotaTable.js b/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/QuotaTable.js
index e15d5ddc..dc1d7ff8 100644
--- a/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/QuotaTable.js
+++ b/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/QuotaTable.js
@@ -79,9 +79,9 @@ export default function QuotaTable({ quotas = [] }) {
     <div className="overflow-x-auto">
       <table className="w-full table-fixed">
         <colgroup>
-          <col className="w-[30%]" /> {/* Model Name */}
-          <col className="w-[45%]" /> {/* Limit Progress */}
-          <col className="w-[25%]" /> {/* Reset Time */}
+          <col className="w-[30%]" />
+          <col className="w-[45%]" />
+          <col className="w-[25%]" />
         </colgroup>
         <tbody>
           {quotas.map((quota, index) => {
diff --git a/src/app/api/oauth/[provider]/[action]/route.js b/src/app/api/oauth/[provider]/[action]/route.js
index 4497684c..d5c60357 100644
--- a/src/app/api/oauth/[provider]/[action]/route.js
+++ b/src/app/api/oauth/[provider]/[action]/route.js
@@ -1,12 +1,12 @@
 import { NextResponse } from "next/server";
-import { 
-  getProvider, 
-  generateAuthData, 
-  exchangeTokens, 
-  requestDeviceCode, 
-  pollForToken 
+import {
+  getProvider,
+  generateAuthData,
+  exchangeTokens,
+  requestDeviceCode,
+  pollForToken
 } from "@/lib/oauth/providers";
-import { createProviderConnection } from "@/models";
+import { createProviderConnection, getSettings } from "@/models";
 
 /**
  * Dynamic OAuth API Route
@@ -33,11 +33,18 @@ export async function GET(request, { params }) {
       }
 
       const authData = generateAuthData(provider, null);
-      
-      // Providers that don't use PKCE for device code
-      const noPkceDeviceProviders = ["github", "kiro", "kimi-coding", "kilocode"];
+
+      // For Kiro, pass configured auth URL from settings or query params
       let deviceData;
-      if (noPkceDeviceProviders.includes(provider)) {
+      if (provider === "kiro") {
+        const settings = await getSettings();
+        // Priority: query param > settings > default
+        const queryStartUrl = searchParams.get("startUrl");
+        const kiroAuthUrl = queryStartUrl || settings.kiroAuthUrl || "https://view.awsapps.com/start";
+        const kiroRegion = searchParams.get("region") || "us-east-1";
+        deviceData = await requestDeviceCode(provider, null, kiroAuthUrl, kiroRegion);
+      } else if (provider === "github" || provider === "kimi-coding" || provider === "kilocode") {
+        // These providers don't use PKCE for device code
         deviceData = await requestDeviceCode(provider);
       } else {
         // Qwen and other PKCE providers
@@ -132,8 +139,8 @@ export async function POST(request, { params }) {
           provider,
           authType: "oauth",
           ...result.tokens,
-          expiresAt: result.tokens.expiresIn 
-            ? new Date(Date.now() + result.tokens.expiresIn * 1000).toISOString() 
+          tokenExpiresAt: result.tokens.expiresIn
+            ? new Date(Date.now() + result.tokens.expiresIn * 1000).toISOString()
             : null,
           testStatus: "active",
         });
diff --git a/src/app/api/oauth/kiro/auto-import/route.js b/src/app/api/oauth/kiro/auto-import/route.js
index e2a6182f..3313c4b2 100644
--- a/src/app/api/oauth/kiro/auto-import/route.js
+++ b/src/app/api/oauth/kiro/auto-import/route.js
@@ -2,10 +2,14 @@ import { NextResponse } from "next/server";
 import { readFile, readdir } from "fs/promises";
 import { homedir } from "os";
 import { join } from "path";
+import { KiroService } from "@/lib/oauth/services/kiro";
+import { createProviderConnection, isCloudEnabled } from "@/models";
+import { getConsistentMachineId } from "@/shared/utils/machineId";
 
 /**
  * GET /api/oauth/kiro/auto-import
  * Auto-detect and extract Kiro refresh token from AWS SSO cache
+ * Returns the refresh token for manual import
  */
 export async function GET() {
   try {
@@ -83,3 +87,78 @@ export async function GET() {
     );
   }
 }
+
+/**
+ * POST /api/oauth/kiro/auto-import
+ * Complete the auto-import by validating token and storing connection with profileArn
+ */
+export async function POST(request) {
+  try {
+    const { refreshToken } = await request.json();
+
+    if (!refreshToken || typeof refreshToken !== "string") {
+      return NextResponse.json(
+        { error: "Refresh token is required" },
+        { status: 400 }
+      );
+    }
+
+    const kiroService = new KiroService();
+
+    // Validate and refresh token to get profileArn
+    const tokenData = await kiroService.validateImportToken(refreshToken.trim());
+
+    // Extract email from JWT if available
+    const email = kiroService.extractEmailFromJWT(tokenData.accessToken);
+
+    // Save to database with profileArn
+    const connection = await createProviderConnection({
+      provider: "kiro",
+      authType: "oauth",
+      accessToken: tokenData.accessToken,
+      refreshToken: tokenData.refreshToken,
+      expiresAt: new Date(Date.now() + tokenData.expiresIn * 1000).toISOString(),
+      email: email || null,
+      providerSpecificData: {
+        profileArn: tokenData.profileArn,
+        authMethod: "auto-import",
+        provider: "AWS SSO",
+      },
+      testStatus: "active",
+    });
+
+    // Auto sync to Cloud if enabled
+    await syncToCloudIfEnabled();
+
+    return NextResponse.json({
+      success: true,
+      connection: {
+        id: connection.id,
+        provider: connection.provider,
+        email: connection.email,
+      },
+    });
+  } catch (error) {
+    console.log("Kiro auto-import complete error:", error);
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}
+
+/**
+ * Sync to Cloud if enabled
+ */
+async function syncToCloudIfEnabled() {
+  try {
+    const cloudEnabled = await isCloudEnabled();
+    if (!cloudEnabled) return;
+
+    const machineId = await getConsistentMachineId();
+    await fetch(`${process.env.INTERNAL_BASE_URL || "http://localhost:20130"}/api/sync/cloud`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ machineId, action: "sync" }),
+    });
+  } catch (error) {
+    console.log("Error syncing to cloud after Kiro auto-import:", error);
+  }
+}
diff --git a/src/app/api/oauth/refresh/route.js b/src/app/api/oauth/refresh/route.js
new file mode 100644
index 00000000..671ab40f
--- /dev/null
+++ b/src/app/api/oauth/refresh/route.js
@@ -0,0 +1,140 @@
+import { getProviderConnectionById, updateProviderConnection } from "@/lib/localDb";
+import { getExecutor } from "open-sse/executors/index.js";
+import { isCloudEnabled } from "@/models";
+import { getConsistentMachineId } from "@/shared/utils/machineId";
+
+async function syncToCloudIfEnabled() {
+  try {
+    const cloudEnabled = await isCloudEnabled();
+    if (!cloudEnabled) return;
+    const machineId = await getConsistentMachineId();
+    await fetch(`${process.env.INTERNAL_BASE_URL || "http://localhost:20130"}/api/sync/cloud`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ machineId, action: "sync" }),
+    });
+  } catch (error) {
+    console.error("[OAuth Refresh API] Error syncing to cloud:", error);
+  }
+}
+
+/**
+ * Refresh credentials using executor and update database
+ * @returns {{ connection, refreshed: boolean }}
+ */
+async function refreshAndUpdateCredentials(connection) {
+  const executor = getExecutor(connection.provider);
+
+  // Build credentials object from connection
+  const credentials = {
+    accessToken: connection.accessToken,
+    refreshToken: connection.refreshToken,
+    expiresAt: connection.tokenExpiresAt,
+    providerSpecificData: connection.providerSpecificData,
+    // For GitHub
+    copilotToken: connection.providerSpecificData?.copilotToken,
+    copilotTokenExpiresAt: connection.providerSpecificData?.copilotTokenExpiresAt,
+  };
+
+  // Use executor's refreshCredentials method (force refresh)
+  const refreshResult = await executor.refreshCredentials(credentials, console);
+
+  if (!refreshResult) {
+    throw new Error("Failed to refresh credentials. Please re-authorize the connection.");
+  }
+
+  // Build update object
+  const now = new Date().toISOString();
+  const updateData = {
+    updatedAt: now,
+  };
+
+  // Update accessToken if present
+  if (refreshResult.accessToken) {
+    updateData.accessToken = refreshResult.accessToken;
+  }
+
+  // Update refreshToken if present
+  if (refreshResult.refreshToken) {
+    updateData.refreshToken = refreshResult.refreshToken;
+  }
+
+  // Update token expiry
+  if (refreshResult.expiresIn) {
+    updateData.tokenExpiresAt = new Date(Date.now() + refreshResult.expiresIn * 1000).toISOString();
+  } else if (refreshResult.expiresAt) {
+    updateData.tokenExpiresAt = refreshResult.expiresAt;
+  }
+
+  // Handle provider-specific data
+  // Always preserve existing providerSpecificData and merge with new data
+  updateData.providerSpecificData = {
+    ...connection.providerSpecificData,
+    // GitHub: copilotToken
+    ...(refreshResult.copilotToken && { copilotToken: refreshResult.copilotToken }),
+    ...(refreshResult.copilotTokenExpiresAt && { copilotTokenExpiresAt: refreshResult.copilotTokenExpiresAt }),
+    // Kiro: profileArn (preserve existing if not in refresh result)
+    ...(refreshResult.profileArn && { profileArn: refreshResult.profileArn }),
+  };
+
+  // Update database
+  await updateProviderConnection(connection.id, updateData);
+
+  // Return updated connection
+  const updatedConnection = {
+    ...connection,
+    ...updateData,
+  };
+
+  return {
+    connection: updatedConnection,
+    refreshed: true,
+  };
+}
+
+/**
+ * POST /api/oauth/refresh - Manually refresh OAuth token for a connection
+ */
+export async function POST(request) {
+  try {
+    const body = await request.json();
+    const { connectionId } = body;
+
+    if (!connectionId) {
+      return Response.json({ error: "connectionId is required" }, { status: 400 });
+    }
+
+    // Get connection from database
+    const connection = await getProviderConnectionById(connectionId);
+    if (!connection) {
+      return Response.json({ error: "Connection not found" }, { status: 404 });
+    }
+
+    // Only OAuth connections can be refreshed
+    if (connection.authType !== "oauth") {
+      return Response.json({ error: "Only OAuth connections can be refreshed" }, { status: 400 });
+    }
+
+    // Refresh credentials
+    try {
+      const result = await refreshAndUpdateCredentials(connection);
+
+      // Sync to cloud if enabled
+      await syncToCloudIfEnabled();
+
+      return Response.json({
+        success: true,
+        message: "Token refreshed successfully",
+        expiresAt: result.connection.tokenExpiresAt,
+      });
+    } catch (refreshError) {
+      console.error("[OAuth Refresh API] Credential refresh failed:", refreshError);
+      return Response.json({
+        error: `Credential refresh failed: ${refreshError.message}`
+      }, { status: 401 });
+    }
+  } catch (error) {
+    console.error("[OAuth Refresh API] Error:", error);
+    return Response.json({ error: error.message }, { status: 500 });
+  }
+}
diff --git a/src/app/api/usage/[connectionId]/route.js b/src/app/api/usage/[connectionId]/route.js
index adf61388..c2059bc8 100644
--- a/src/app/api/usage/[connectionId]/route.js
+++ b/src/app/api/usage/[connectionId]/route.js
@@ -63,12 +63,16 @@ async function refreshAndUpdateCredentials(connection) {
     updateData.expiresAt = refreshResult.expiresAt;
   }
 
-  // Handle provider-specific data (copilotToken for GitHub, etc.)
-  if (refreshResult.copilotToken || refreshResult.copilotTokenExpiresAt) {
+  // Handle provider-specific data
+  // Always preserve existing providerSpecificData and merge with new data
+  if (refreshResult.copilotToken || refreshResult.copilotTokenExpiresAt || refreshResult.profileArn) {
     updateData.providerSpecificData = {
       ...connection.providerSpecificData,
-      copilotToken: refreshResult.copilotToken,
-      copilotTokenExpiresAt: refreshResult.copilotTokenExpiresAt,
+      // GitHub: copilotToken
+      ...(refreshResult.copilotToken && { copilotToken: refreshResult.copilotToken }),
+      ...(refreshResult.copilotTokenExpiresAt && { copilotTokenExpiresAt: refreshResult.copilotTokenExpiresAt }),
+      // Kiro: profileArn
+      ...(refreshResult.profileArn && { profileArn: refreshResult.profileArn }),
     };
   }
 
diff --git a/src/app/api/usage/clear/route.js b/src/app/api/usage/clear/route.js
new file mode 100644
index 00000000..7b6fbad8
--- /dev/null
+++ b/src/app/api/usage/clear/route.js
@@ -0,0 +1,24 @@
+import { NextResponse } from "next/server";
+import { getUsageDb } from "@/lib/usageDb";
+
+export async function POST() {
+  try {
+    const db = await getUsageDb();
+
+    // Clear all usage history
+    db.data.history = [];
+
+    await db.write();
+
+    return NextResponse.json({
+      success: true,
+      message: "All usage metrics cleared successfully"
+    });
+  } catch (error) {
+    console.error("Error clearing usage metrics:", error);
+    return NextResponse.json(
+      { error: "Failed to clear usage metrics" },
+      { status: 500 }
+    );
+  }
+}
diff --git a/src/app/api/usage/history/route.js b/src/app/api/usage/history/route.js
index 16a5d407..8b5d4831 100644
--- a/src/app/api/usage/history/route.js
+++ b/src/app/api/usage/history/route.js
@@ -1,9 +1,14 @@
 import { NextResponse } from "next/server";
 import { getUsageStats } from "@/lib/usageDb";
 
-export async function GET() {
+export async function GET(request) {
   try {
-    const stats = await getUsageStats();
+    const { searchParams } = new URL(request.url);
+    const range = searchParams.get("range");
+    const startDate = searchParams.get("startDate");
+    const endDate = searchParams.get("endDate");
+
+    const stats = await getUsageStats({ range, startDate, endDate });
     return NextResponse.json(stats);
   } catch (error) {
     console.error("Error fetching usage stats:", error);
diff --git a/src/app/api/usage/stats/route.js b/src/app/api/usage/stats/route.js
index 2e8c88ad..9d145bca 100644
--- a/src/app/api/usage/stats/route.js
+++ b/src/app/api/usage/stats/route.js
@@ -1,20 +1,28 @@
 import { NextResponse } from "next/server";
 import { getUsageStats } from "@/lib/usageDb";
 
-const VALID_PERIODS = new Set(["24h", "7d", "30d", "60d", "all"]);
+const VALID_PERIODS = new Set(["5m", "15m", "30m", "1h", "24h", "48h", "7d", "30d", "60d", "all"]);
 
 export const dynamic = "force-dynamic";
 
 export async function GET(request) {
   try {
     const { searchParams } = new URL(request.url);
-    const period = searchParams.get("period") || "7d";
+    const period = searchParams.get("period");
+    const startDate = searchParams.get("startDate");
+    const endDate = searchParams.get("endDate");
 
-    if (!VALID_PERIODS.has(period)) {
+    if (startDate || endDate) {
+      const stats = await getUsageStats({ startDate, endDate });
+      return NextResponse.json(stats);
+    }
+
+    const range = period || "7d";
+    if (!VALID_PERIODS.has(range)) {
       return NextResponse.json({ error: "Invalid period" }, { status: 400 });
     }
 
-    const stats = await getUsageStats(period);
+    const stats = await getUsageStats({ range });
     return NextResponse.json(stats);
   } catch (error) {
     console.error("[API] Failed to get usage stats:", error);
diff --git a/src/app/api/usage/stream/route.js b/src/app/api/usage/stream/route.js
index 8fa20acd..5d6d554a 100644
--- a/src/app/api/usage/stream/route.js
+++ b/src/app/api/usage/stream/route.js
@@ -1,27 +1,19 @@
-import { getUsageStats, statsEmitter, getActiveRequests } from "@/lib/usageDb";
+import { statsEmitter, getActiveRequests, getPendingRequests } from "@/lib/usageDb";
 
 export const dynamic = "force-dynamic";
 
 export async function GET() {
   const encoder = new TextEncoder();
-  const state = { closed: false, keepalive: null, send: null, sendPending: null, cachedStats: null };
+  const state = { closed: false, keepalive: null, send: null, sendPending: null };
 
   const stream = new ReadableStream({
     async start(controller) {
-      // Full stats refresh (heavy) + immediate lightweight push
-      state.send = async () => {
+      const push = async () => {
         if (state.closed) return;
         try {
-          // Push lightweight update immediately so UI reflects changes fast
-          if (state.cachedStats) {
-            const { activeRequests, recentRequests, errorProvider } = await getActiveRequests();
-            const quickStats = { ...state.cachedStats, activeRequests, recentRequests, errorProvider };
-            controller.enqueue(encoder.encode(`data: ${JSON.stringify(quickStats)}\n\n`));
-          }
-          // Then do full recalc and update cache
-          const stats = await getUsageStats();
-          state.cachedStats = stats;
-          controller.enqueue(encoder.encode(`data: ${JSON.stringify(stats)}\n\n`));
+          const { activeRequests, recentRequests, errorProvider } = await getActiveRequests();
+          const payload = { activeRequests, recentRequests, errorProvider, pending: getPendingRequests() };
+          controller.enqueue(encoder.encode(`data: ${JSON.stringify(payload)}\n\n`));
         } catch {
           state.closed = true;
           statsEmitter.off("update", state.send);
@@ -30,6 +22,7 @@ export async function GET() {
         }
       };
 
+      state.send = push;
       // Lightweight push: only refresh activeRequests + recentRequests on pending changes
       state.sendPending = async () => {
         if (state.closed || !state.cachedStats) return;
@@ -45,7 +38,7 @@ export async function GET() {
         }
       };
 
-      await state.send();
+      await push();
       console.log(`[SSE] Client connected | listeners=${statsEmitter.listenerCount("update") + 1}`);
 
       statsEmitter.on("update", state.send);
diff --git a/src/lib/localDb.js b/src/lib/localDb.js
index d7e9a1b6..1dcc0568 100644
--- a/src/lib/localDb.js
+++ b/src/lib/localDb.js
@@ -62,7 +62,8 @@ const defaultData = {
     observabilityMaxJsonSize: 1024,
     outboundProxyEnabled: false,
     outboundProxyUrl: "",
-    outboundNoProxy: ""
+    outboundNoProxy: "",
+    kiroAuthUrl: "https://view.awsapps.com/start"
   },
   pricing: {} // NEW: pricing configuration
 };
@@ -91,6 +92,7 @@ function cloneDefaultData() {
       outboundProxyEnabled: false,
       outboundProxyUrl: "",
       outboundNoProxy: "",
+      kiroAuthUrl: "https://view.awsapps.com/start"
     },
     pricing: {},
   };
@@ -452,6 +454,7 @@ export async function createProviderConnection(data) {
   
   // Check for existing connection with same provider and email (for OAuth)
   // or same provider and name (for API key)
+  // or same provider and clientId (for Kiro)
   let existingIndex = -1;
   if (data.authType === "oauth" && data.email) {
     existingIndex = db.data.providerConnections.findIndex(
@@ -461,6 +464,11 @@ export async function createProviderConnection(data) {
     existingIndex = db.data.providerConnections.findIndex(
       c => c.provider === data.provider && c.authType === "apikey" && c.name === data.name
     );
+  } else if (data.provider === "kiro" && data.providerSpecificData?.clientId) {
+    // For Kiro, use clientId as unique identifier (each AWS org registration has unique clientId)
+    existingIndex = db.data.providerConnections.findIndex(
+      c => c.provider === "kiro" && c.providerSpecificData?.clientId === data.providerSpecificData.clientId
+    );
   }
   
   // If exists, update instead of create
diff --git a/src/lib/oauth/providers.js b/src/lib/oauth/providers.js
index ebd579eb..1738a8e2 100644
--- a/src/lib/oauth/providers.js
+++ b/src/lib/oauth/providers.js
@@ -624,9 +624,10 @@ const PROVIDERS = {
         verification_uri_complete: deviceData.verificationUriComplete,
         expires_in: deviceData.expiresIn,
         interval: deviceData.interval || 5,
-        // Store client credentials for token exchange
+        // Store client credentials and config for token exchange
         _clientId: clientInfo.clientId,
         _clientSecret: clientInfo.clientSecret,
+        _startUrl: config.startUrl,
       };
     },
     pollToken: async (config, deviceCode, codeVerifier, extraData) => {
@@ -664,6 +665,8 @@ const PROVIDERS = {
             // Store client credentials for refresh
             _clientId: extraData?._clientId,
             _clientSecret: extraData?._clientSecret,
+            _region: extraData?._region,
+            _startUrl: extraData?._startUrl,
           },
         };
       }
@@ -677,17 +680,50 @@ const PROVIDERS = {
       };
     },
     mapTokens: (tokens) => {
-      const mapped = {
+      // AWS SSO OIDC returns profileArn directly in response
+      // If not in response, try to extract from idToken if available
+      let profileArn = tokens.profileArn || null;
+
+      if (!profileArn && tokens.id_token) {
+        try {
+          const parts = tokens.id_token.split(".");
+          if (parts.length === 3) {
+            let payload = parts[1];
+            while (payload.length % 4) {
+              payload += "=";
+            }
+            const decoded = JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
+            profileArn = decoded.arn || decoded.profileArn || null;
+          }
+        } catch (e) {
+          // Silently fail - profileArn extraction is optional
+        }
+      }
+
+      // Extract AWS org from startUrl (e.g., "view" from "https://view.awsapps.com/start")
+      let awsOrg = null;
+      if (tokens._startUrl) {
+        try {
+          const url = new URL(tokens._startUrl);
+          const subdomain = url.hostname.split('.')[0];
+          awsOrg = subdomain;
+        } catch (e) {
+          // Silently fail
+        }
+      }
+
+      return {
         accessToken: tokens.access_token,
         refreshToken: tokens.refresh_token,
         expiresIn: tokens.expires_in,
         providerSpecificData: {
-          profileArn: tokens?.profile_arn || null,
           clientId: tokens._clientId,
           clientSecret: tokens._clientSecret,
+          profileArn: profileArn,
+          region: tokens._region || "us-east-1",
+          awsOrg: awsOrg,
         },
       };
-      return mapped;
     },
   },
 
@@ -940,12 +976,32 @@ export async function exchangeTokens(providerName, code, redirectUri, codeVerifi
 
 /**
  * Request device code (for device_code flow)
+ * @param {string} providerName - Provider name
+ * @param {string} codeChallenge - PKCE code challenge (optional)
+ * @param {string} kiroAuthUrl - Custom Kiro auth URL (optional, only for Kiro provider)
+ * @param {string} kiroRegion - Custom Kiro AWS region (optional, only for Kiro provider)
  */
-export async function requestDeviceCode(providerName, codeChallenge) {
+export async function requestDeviceCode(providerName, codeChallenge, kiroAuthUrl, kiroRegion) {
   const provider = getProvider(providerName);
   if (provider.flowType !== "device_code") {
     throw new Error(`Provider ${providerName} does not support device code flow`);
   }
+
+  // For Kiro, pass the configured auth URL and region
+  if (providerName === "kiro" && (kiroAuthUrl || kiroRegion)) {
+    const configWithUrl = {
+      ...provider.config,
+      startUrl: kiroAuthUrl || provider.config.startUrl,
+      // Update region in URLs if provided
+      ...(kiroRegion && {
+        registerClientUrl: `https://oidc.${kiroRegion}.amazonaws.com/client/register`,
+        deviceAuthUrl: `https://oidc.${kiroRegion}.amazonaws.com/device_authorization`,
+        tokenUrl: `https://oidc.${kiroRegion}.amazonaws.com/token`,
+      })
+    };
+    return await provider.requestDeviceCode(configWithUrl, codeChallenge);
+  }
+
   return await provider.requestDeviceCode(provider.config, codeChallenge);
 }
 
diff --git a/src/lib/oauth/services/kiro.js b/src/lib/oauth/services/kiro.js
index 06231304..4fa82429 100644
--- a/src/lib/oauth/services/kiro.js
+++ b/src/lib/oauth/services/kiro.js
@@ -197,9 +197,31 @@ export class KiroService {
       }
 
       const data = await response.json();
+
+      // AWS SSO OIDC returns profileArn directly in response
+      // If not in response, try to extract from idToken if available
+      let profileArn = data.profileArn || null;
+
+      if (!profileArn && data.idToken) {
+        try {
+          const parts = data.idToken.split(".");
+          if (parts.length === 3) {
+            let payload = parts[1];
+            while (payload.length % 4) {
+              payload += "=";
+            }
+            const decoded = JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
+            profileArn = decoded.arn || decoded.profileArn || null;
+          }
+        } catch (e) {
+          // Silently fail - profileArn extraction is optional
+        }
+      }
+
       return {
         accessToken: data.accessToken,
         refreshToken: data.refreshToken || refreshToken,
+        profileArn: profileArn,
         expiresIn: data.expiresIn,
       };
     }
diff --git a/src/lib/usageDb.js b/src/lib/usageDb.js
index ded59b5e..f81a31ae 100644
--- a/src/lib/usageDb.js
+++ b/src/lib/usageDb.js
@@ -182,6 +182,10 @@ export async function getActiveRequests() {
   return { activeRequests, recentRequests, errorProvider };
 }
 
+export function getPendingRequests() {
+  return pendingRequests;
+}
+
 /**
  * Get usage database instance (singleton)
  */
@@ -434,18 +438,73 @@ async function calculateCost(provider, model, tokens) {
 
 const PERIOD_MS = { "24h": 86400000, "7d": 604800000, "30d": 2592000000, "60d": 5184000000 };
 
+/**
+ * Get time range filter date based on predefined range
+ * @param {string} range - Time range: "5m", "15m", "30m", "1h", "24h", "48h", "7d", "30d"
+ * @returns {Date|null} - Start date for the range, or null for "all"
+ */
+export function getTimeRangeFilter(range) {
+  if (!range || range === "all") return null;
+
+  const now = new Date();
+  const ms = {
+    "5m": 5 * 60 * 1000,
+    "15m": 15 * 60 * 1000,
+    "30m": 30 * 60 * 1000,
+    "1h": 60 * 60 * 1000,
+    "24h": 24 * 60 * 60 * 1000,
+    "48h": 48 * 60 * 60 * 1000,
+    "7d": 7 * 24 * 60 * 60 * 1000,
+    "30d": 30 * 24 * 60 * 60 * 1000,
+    "60d": 60 * 24 * 60 * 60 * 1000
+  };
+
+  const offset = ms[range];
+  if (!offset) return null;
+
+  return new Date(now.getTime() - offset);
+}
+
 /**
  * Get aggregated usage stats
- * @param {"24h"|"7d"|"30d"|"60d"|"all"} period - Time period to filter
+ * @param {object} options - Filter options
+ * @param {string} options.range - Predefined time range: "5m", "15m", "30m", "1h", "24h", "48h", "7d", "30d", "all"
+ * @param {string} options.startDate - Custom start date (ISO string)
+ * @param {string} options.endDate - Custom end date (ISO string)
  */
-export async function getUsageStats(period = "all") {
+export async function getUsageStats(options = {}) {
   const db = await getUsageDb();
   let history = db.data.history || [];
 
-  // Filter history by period
-  if (period && PERIOD_MS[period]) {
-    const cutoff = Date.now() - PERIOD_MS[period];
-    history = history.filter((e) => new Date(e.timestamp).getTime() >= cutoff);
+  // Apply time range filter
+  const { range, startDate, endDate } = options;
+
+  // OPTIMIZATION 1: Pre-parse all timestamps once
+  // Parse timestamps and add _parsedTime property to avoid repeated Date creation
+  for (const entry of history) {
+    if (!entry._parsedTime && entry.timestamp) {
+      entry._parsedTime = new Date(entry.timestamp).getTime();
+    }
+  }
+
+  // Use predefined range if provided
+  if (range && range !== "all") {
+    const rangeStartDate = getTimeRangeFilter(range);
+    if (rangeStartDate) {
+      const startTime = rangeStartDate.getTime();
+      history = history.filter(h => h._parsedTime >= startTime);
+    }
+  }
+  // Otherwise use custom date range
+  else if (startDate || endDate) {
+    if (startDate) {
+      const start = new Date(startDate).getTime();
+      history = history.filter(h => h._parsedTime >= start);
+    }
+    if (endDate) {
+      const end = new Date(endDate).getTime();
+      history = history.filter(h => h._parsedTime <= end);
+    }
   }
 
   // Import localDb to get provider connection names and API keys
@@ -521,6 +580,76 @@ export async function getUsageStats(period = "all") {
     })
     .slice(0, 20);
 
+  // OPTIMIZATION 2: Batch cost calculations
+  // Collect all unique provider+model combinations
+  const uniqueCombos = new Set();
+  for (const entry of history) {
+    if (entry.provider && entry.model) {
+      uniqueCombos.add(`${entry.provider}:${entry.model}`);
+    }
+  }
+
+  // OPTIMIZATION 2b: Better cost caching - cache actual pricing data
+  const pricingCache = {};
+  const { getPricingForModel } = await import("@/lib/localDb.js");
+
+  const pricingPromises = Array.from(uniqueCombos).map(async (combo) => {
+    const [provider, model] = combo.split(':');
+    try {
+      const pricing = await getPricingForModel(provider, model);
+      pricingCache[combo] = pricing;
+    } catch (error) {
+      pricingCache[combo] = null;
+    }
+  });
+
+  await Promise.all(pricingPromises);
+
+  // Fast cost calculation using cached pricing
+  const calculateCostFast = (provider, model, tokens) => {
+    if (!tokens || !provider || !model) return 0;
+
+    const combo = `${provider}:${model}`;
+    const pricing = pricingCache[combo];
+
+    if (!pricing) return 0;
+
+    let cost = 0;
+
+    // Input tokens (non-cached)
+    const inputTokens = tokens.prompt_tokens || tokens.input_tokens || 0;
+    const cachedTokens = tokens.cached_tokens || tokens.cache_read_input_tokens || 0;
+    const nonCachedInput = Math.max(0, inputTokens - cachedTokens);
+
+    cost += (nonCachedInput * (pricing.input / 1000000));
+
+    // Cached tokens
+    if (cachedTokens > 0) {
+      const cachedRate = pricing.cached || pricing.input;
+      cost += (cachedTokens * (cachedRate / 1000000));
+    }
+
+    // Output tokens
+    const outputTokens = tokens.completion_tokens || tokens.output_tokens || 0;
+    cost += (outputTokens * (pricing.output / 1000000));
+
+    // Reasoning tokens
+    const reasoningTokens = tokens.reasoning_tokens || 0;
+    if (reasoningTokens > 0) {
+      const reasoningRate = pricing.reasoning || pricing.output;
+      cost += (reasoningTokens * (reasoningRate / 1000000));
+    }
+
+    // Cache creation tokens
+    const cacheCreationTokens = tokens.cache_creation_input_tokens || 0;
+    if (cacheCreationTokens > 0) {
+      const cacheCreationRate = pricing.cache_creation || pricing.input;
+      cost += (cacheCreationTokens * (cacheCreationRate / 1000000));
+    }
+
+    return cost;
+  };
+
   const stats = {
     totalRequests: history.length,
     totalPromptTokens: 0,
@@ -559,16 +688,15 @@ export async function getUsageStats(period = "all") {
   }
 
   // Initialize 10-minute buckets using stable minute boundaries
-  const now = new Date();
+  const now = Date.now();
   // Floor to the start of the current minute
-  const currentMinuteStart = new Date(Math.floor(now.getTime() / 60000) * 60000);
-  const tenMinutesAgo = new Date(currentMinuteStart.getTime() - 9 * 60 * 1000);
+  const currentMinuteStart = Math.floor(now / 60000) * 60000;
+  const tenMinutesAgo = currentMinuteStart - 9 * 60 * 1000;
 
   // Create buckets keyed by minute timestamp for stable lookups
   const bucketMap = {};
   for (let i = 0; i < 10; i++) {
-    const bucketTime = new Date(currentMinuteStart.getTime() - (9 - i) * 60 * 1000);
-    const bucketKey = bucketTime.getTime();
+    const bucketKey = currentMinuteStart - (9 - i) * 60 * 1000;
     bucketMap[bucketKey] = {
       requests: 0,
       promptTokens: 0,
@@ -578,13 +706,14 @@ export async function getUsageStats(period = "all") {
     stats.last10Minutes.push(bucketMap[bucketKey]);
   }
 
+  // OPTIMIZATION 3: Single pass aggregation
   for (const entry of history) {
     const promptTokens = entry.tokens?.prompt_tokens || 0;
     const completionTokens = entry.tokens?.completion_tokens || 0;
-    const entryTime = new Date(entry.timestamp);
+    const entryTime = entry._parsedTime;
 
-    // Use pre-stored cost (saved at request time), avoid recalculating
-    const entryCost = entry.cost || 0;
+    // Calculate cost using cached pricing
+    const entryCost = calculateCostFast(entry.provider, entry.model, entry.tokens);
 
     stats.totalPromptTokens += promptTokens;
     stats.totalCompletionTokens += completionTokens;
@@ -592,7 +721,7 @@ export async function getUsageStats(period = "all") {
 
     // Last 10 minutes aggregation - floor entry time to its minute
     if (entryTime >= tenMinutesAgo && entryTime <= now) {
-      const entryMinuteStart = Math.floor(entryTime.getTime() / 60000) * 60000;
+      const entryMinuteStart = Math.floor(entryTime / 60000) * 60000;
       if (bucketMap[entryMinuteStart]) {
         bucketMap[entryMinuteStart].requests++;
         bucketMap[entryMinuteStart].promptTokens += promptTokens;
@@ -636,8 +765,10 @@ export async function getUsageStats(period = "all") {
     stats.byModel[modelKey].promptTokens += promptTokens;
     stats.byModel[modelKey].completionTokens += completionTokens;
     stats.byModel[modelKey].cost += entryCost;
-    if (new Date(entry.timestamp) > new Date(stats.byModel[modelKey].lastUsed)) {
+    // OPTIMIZATION 4: Direct timestamp comparison
+    if (entryTime > (stats.byModel[modelKey]._lastUsedTime || 0)) {
       stats.byModel[modelKey].lastUsed = entry.timestamp;
+      stats.byModel[modelKey]._lastUsedTime = entryTime;
     }
 
     // By Account (model + oauth account)
@@ -663,8 +794,9 @@ export async function getUsageStats(period = "all") {
       stats.byAccount[accountKey].promptTokens += promptTokens;
       stats.byAccount[accountKey].completionTokens += completionTokens;
       stats.byAccount[accountKey].cost += entryCost;
-      if (new Date(entry.timestamp) > new Date(stats.byAccount[accountKey].lastUsed)) {
+      if (entryTime > (stats.byAccount[accountKey]._lastUsedTime || 0)) {
         stats.byAccount[accountKey].lastUsed = entry.timestamp;
+        stats.byAccount[accountKey]._lastUsedTime = entryTime;
       }
     }
 
@@ -696,8 +828,9 @@ export async function getUsageStats(period = "all") {
       apiKeyEntry.promptTokens += promptTokens;
       apiKeyEntry.completionTokens += completionTokens;
       apiKeyEntry.cost += entryCost;
-      if (new Date(entry.timestamp) > new Date(apiKeyEntry.lastUsed)) {
+      if (entryTime > (apiKeyEntry._lastUsedTime || 0)) {
         apiKeyEntry.lastUsed = entry.timestamp;
+        apiKeyEntry._lastUsedTime = entryTime;
       }
     } else {
       const apiKeyKey = "local-no-key";
@@ -722,8 +855,9 @@ export async function getUsageStats(period = "all") {
       apiKeyEntry.promptTokens += promptTokens;
       apiKeyEntry.completionTokens += completionTokens;
       apiKeyEntry.cost += entryCost;
-      if (new Date(entry.timestamp) > new Date(apiKeyEntry.lastUsed)) {
+      if (entryTime > (apiKeyEntry._lastUsedTime || 0)) {
         apiKeyEntry.lastUsed = entry.timestamp;
+        apiKeyEntry._lastUsedTime = entryTime;
       }
     }
 
@@ -753,6 +887,17 @@ export async function getUsageStats(period = "all") {
     }
   }
 
+  // Clean up internal _lastUsedTime properties before returning
+  for (const modelKey in stats.byModel) {
+    delete stats.byModel[modelKey]._lastUsedTime;
+  }
+  for (const accountKey in stats.byAccount) {
+    delete stats.byAccount[accountKey]._lastUsedTime;
+  }
+  for (const apiKeyKey in stats.byApiKey) {
+    delete stats.byApiKey[apiKeyKey]._lastUsedTime;
+  }
+
   return stats;
 }
 
diff --git a/src/models/index.js b/src/models/index.js
index e61129fe..4c28e876 100644
--- a/src/models/index.js
+++ b/src/models/index.js
@@ -32,4 +32,6 @@ export {
   deleteApiKey,
   validateApiKey,
   isCloudEnabled,
+  getSettings,
+  updateSettings,
 } from "@/lib/localDb";
diff --git a/src/shared/components/KiroAuthModal.js b/src/shared/components/KiroAuthModal.js
index 0a9133df..e16367a6 100644
--- a/src/shared/components/KiroAuthModal.js
+++ b/src/shared/components/KiroAuthModal.js
@@ -10,6 +10,8 @@ import { Modal, Button, Input } from "@/shared/components";
  */
 export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
   const [selectedMethod, setSelectedMethod] = useState(null);
+  const [builderIdStartUrl, setBuilderIdStartUrl] = useState("");
+  const [builderIdRegion, setBuilderIdRegion] = useState("us-east-1");
   const [idcStartUrl, setIdcStartUrl] = useState("");
   const [idcRegion, setIdcRegion] = useState("us-east-1");
   const [refreshToken, setRefreshToken] = useState("");
@@ -17,6 +19,28 @@ export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
   const [importing, setImporting] = useState(false);
   const [autoDetecting, setAutoDetecting] = useState(false);
   const [autoDetected, setAutoDetected] = useState(false);
+  const [defaultAuthUrl, setDefaultAuthUrl] = useState("https://view.awsapps.com/start");
+
+  // Load configured Kiro auth URL on mount
+  useEffect(() => {
+    const loadSettings = async () => {
+      try {
+        const res = await fetch("/api/settings");
+        if (res.ok) {
+          const data = await res.json();
+          if (data.kiroAuthUrl) {
+            setDefaultAuthUrl(data.kiroAuthUrl);
+            // Pre-fill both Builder ID and IDC with configured default
+            setBuilderIdStartUrl(data.kiroAuthUrl);
+            setIdcStartUrl(data.kiroAuthUrl);
+          }
+        }
+      } catch (err) {
+        console.log("Failed to load settings:", err);
+      }
+    };
+    loadSettings();
+  }, []);
 
   // Auto-detect token when import method is selected
   useEffect(() => {
@@ -67,7 +91,10 @@ export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
     setError(null);
 
     try {
-      const res = await fetch("/api/oauth/kiro/import", {
+      // Use auto-import POST endpoint if token was auto-detected, otherwise use regular import
+      const endpoint = autoDetected ? "/api/oauth/kiro/auto-import" : "/api/oauth/kiro/import";
+
+      const res = await fetch(endpoint, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ refreshToken: refreshToken.trim() }),
@@ -96,6 +123,14 @@ export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
     onMethodSelect("idc", { startUrl: idcStartUrl.trim(), region: idcRegion });
   };
 
+  const handleBuilderIdContinue = () => {
+    if (!builderIdStartUrl.trim()) {
+      setError("Please enter your Builder ID start URL");
+      return;
+    }
+    onMethodSelect("builder-id", { startUrl: builderIdStartUrl.trim(), region: builderIdRegion });
+  };
+
   const handleSocialLogin = (provider) => {
     onMethodSelect("social", { provider });
   };
@@ -112,7 +147,7 @@ export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
 
             {/* AWS Builder ID */}
             <button
-              onClick={() => onMethodSelect("builder-id")}
+              onClick={() => handleMethodSelect("builder-id")}
               className="w-full p-4 text-left border border-border rounded-lg hover:bg-sidebar transition-colors"
             >
               <div className="flex items-start gap-3">
@@ -202,7 +237,7 @@ export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
               <Input
                 value={idcStartUrl}
                 onChange={(e) => setIdcStartUrl(e.target.value)}
-                placeholder="https://your-org.awsapps.com/start"
+                placeholder={defaultAuthUrl}
                 className="font-mono text-sm"
               />
               <p className="text-xs text-text-muted mt-1">
@@ -240,6 +275,54 @@ export default function KiroAuthModal({ isOpen, onMethodSelect, onClose }) {
           </div>
         )}
 
+        {/* Builder ID Configuration */}
+        {selectedMethod === "builder-id" && (
+          <div className="space-y-4">
+            <div>
+              <label className="block text-sm font-medium mb-2">
+                Start URL <span className="text-red-500">*</span>
+              </label>
+              <Input
+                value={builderIdStartUrl}
+                onChange={(e) => setBuilderIdStartUrl(e.target.value)}
+                placeholder={defaultAuthUrl}
+                className="font-mono text-sm"
+              />
+              <p className="text-xs text-text-muted mt-1">
+                AWS Builder ID start URL (leave blank to use default)
+              </p>
+            </div>
+
+            <div>
+              <label className="block text-sm font-medium mb-2">
+                AWS Region
+              </label>
+              <Input
+                value={builderIdRegion}
+                onChange={(e) => setBuilderIdRegion(e.target.value)}
+                placeholder="us-east-1"
+                className="font-mono text-sm"
+              />
+              <p className="text-xs text-text-muted mt-1">
+                AWS region for your Builder ID (default: us-east-1)
+              </p>
+            </div>
+
+            {error && (
+              <p className="text-sm text-red-600">{error}</p>
+            )}
+
+            <div className="flex gap-2">
+              <Button onClick={handleBuilderIdContinue} fullWidth>
+                Continue
+              </Button>
+              <Button onClick={handleBack} variant="ghost" fullWidth>
+                Back
+              </Button>
+            </div>
+          </div>
+        )}
+
         {/* Social Login Info (Google) */}
         {selectedMethod === "social-google" && (
           <div className="space-y-4">
diff --git a/src/shared/components/KiroOAuthWrapper.js b/src/shared/components/KiroOAuthWrapper.js
index 93e45e3d..248f0b9c 100644
--- a/src/shared/components/KiroOAuthWrapper.js
+++ b/src/shared/components/KiroOAuthWrapper.js
@@ -13,12 +13,14 @@ import KiroSocialOAuthModal from "./KiroSocialOAuthModal";
 export default function KiroOAuthWrapper({ isOpen, providerInfo, onSuccess, onClose }) {
   const [authMethod, setAuthMethod] = useState(null); // null | "builder-id" | "idc" | "social" | "import"
   const [socialProvider, setSocialProvider] = useState(null); // "google" | "github"
+  const [builderIdConfig, setBuilderIdConfig] = useState(null);
   const [idcConfig, setIdcConfig] = useState(null);
 
   const handleMethodSelect = useCallback((method, config) => {
     if (method === "builder-id") {
-      // Use device code flow (AWS Builder ID)
+      // Use device code flow (AWS Builder ID) with config
       setAuthMethod("builder-id");
+      setBuilderIdConfig(config);
     } else if (method === "idc") {
       // Use device code flow with IDC config
       setAuthMethod("idc");
@@ -36,6 +38,7 @@ export default function KiroOAuthWrapper({ isOpen, providerInfo, onSuccess, onCl
   const handleBack = () => {
     setAuthMethod(null);
     setSocialProvider(null);
+    setBuilderIdConfig(null);
     setIdcConfig(null);
   };
 
@@ -48,6 +51,7 @@ export default function KiroOAuthWrapper({ isOpen, providerInfo, onSuccess, onCl
 
   const handleDeviceSuccess = () => {
     setAuthMethod(null);
+    setBuilderIdConfig(null);
     setIdcConfig(null);
     onSuccess?.();
     onClose?.(); // Close modal after success
@@ -66,6 +70,7 @@ export default function KiroOAuthWrapper({ isOpen, providerInfo, onSuccess, onCl
 
   // Show device code flow (Builder ID or IDC)
   if (authMethod === "builder-id" || authMethod === "idc") {
+    const deviceConfig = authMethod === "builder-id" ? builderIdConfig : idcConfig;
     return (
       <OAuthModal
         isOpen={isOpen}
@@ -73,7 +78,7 @@ export default function KiroOAuthWrapper({ isOpen, providerInfo, onSuccess, onCl
         providerInfo={providerInfo}
         onSuccess={handleDeviceSuccess}
         onClose={handleBack}
-        idcConfig={idcConfig}
+        deviceConfig={deviceConfig}
       />
     );
   }
diff --git a/src/shared/components/OAuthModal.js b/src/shared/components/OAuthModal.js
index c25c501e..3c8a3d56 100644
--- a/src/shared/components/OAuthModal.js
+++ b/src/shared/components/OAuthModal.js
@@ -9,8 +9,9 @@ import { useCopyToClipboard } from "@/shared/hooks/useCopyToClipboard";
  * OAuth Modal Component
  * - Localhost: Auto callback via popup message
  * - Remote: Manual paste callback URL
+ * - deviceConfig: Optional config for device code flow (startUrl, region)
  */
-export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess, onClose }) {
+export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess, onClose, deviceConfig }) {
   const [step, setStep] = useState("waiting"); // waiting | input | success | error
   const [authData, setAuthData] = useState(null);
   const [callbackUrl, setCallbackUrl] = useState("");
@@ -21,6 +22,7 @@ export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess,
   const popupRef = useRef(null);
   const pollingAbortRef = useRef(false);
   const { copied, copy } = useCopyToClipboard();
+  const deviceCodeGeneratedRef = useRef(false);
 
   // State for client-only values to avoid hydration mismatch
   const [isLocalhost, setIsLocalhost] = useState(false);
@@ -128,27 +130,55 @@ export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess,
   // Start OAuth flow
   const startOAuthFlow = useCallback(async () => {
     if (!provider) return;
+
+    // For device code flow, don't regenerate if we already have valid device data
+    // BUT: For Kiro with deviceConfig, always regenerate to use the new config
+    const shouldReuseDeviceCode = (provider === "github" || provider === "qwen" || provider === "kiro") && deviceData && !polling && !(provider === "kiro" && deviceConfig);
+
+    if (shouldReuseDeviceCode) {
+      // Device code already exists and we're not polling, just reopen the verification URL
+      console.log("Using cached device code:", deviceData.user_code);
+      setIsDeviceCode(true);
+      setStep("waiting");
+      const verifyUrl = deviceData.verification_uri_complete || deviceData.verification_uri;
+      if (verifyUrl) window.open(verifyUrl, "_blank");
+      return;
+    }
+
     try {
       setError(null);
 
       // Device code flow providers
       const deviceCodeProviders = ["github", "qwen", "kiro", "kimi-coding", "kilocode"];
       if (deviceCodeProviders.includes(provider)) {
+        console.log("Generating new device code. deviceData:", deviceData, "polling:", polling);
         setIsDeviceCode(true);
         setStep("waiting");
 
-        const res = await fetch(`/api/oauth/${provider}/device-code`);
+        // For Kiro, pass device config (startUrl, region) if provided
+        let url = `/api/oauth/${provider}/device-code`;
+        if (provider === "kiro" && deviceConfig) {
+          const params = new URLSearchParams();
+          if (deviceConfig.startUrl) params.append("startUrl", deviceConfig.startUrl);
+          if (deviceConfig.region) params.append("region", deviceConfig.region);
+          if (params.toString()) url += `?${params.toString()}`;
+          console.log("Kiro device-code URL:", url);
+        }
+
+        const res = await fetch(url);
         const data = await res.json();
         if (!res.ok) throw new Error(data.error);
 
+        console.log("Device code response:", data.user_code, data.device_code);
+
         setDeviceData(data);
 
         // Open verification URL
         const verifyUrl = data.verification_uri_complete || data.verification_uri;
         if (verifyUrl) window.open(verifyUrl, "_blank");
 
-        // Pass extraData for Kiro (contains _clientId, _clientSecret)
-        const extraData = provider === "kiro" ? { _clientId: data._clientId, _clientSecret: data._clientSecret } : null;
+        // Start polling - pass extraData for Kiro (contains _clientId, _clientSecret, _region, _startUrl)
+        const extraData = provider === "kiro" ? { _clientId: data._clientId, _clientSecret: data._clientSecret, _region: data._region, _startUrl: data._startUrl } : null;
         startPolling(data.device_code, data.codeVerifier, data.interval || 5, extraData);
         return;
       }
@@ -188,24 +218,108 @@ export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess,
       setError(err.message);
       setStep("error");
     }
-  }, [provider, isLocalhost, startPolling]);
+  }, [provider, isLocalhost, startPolling, deviceConfig]);
 
   // Reset state and start OAuth when modal opens
   useEffect(() => {
-    if (isOpen && provider) {
-      setAuthData(null);
-      setCallbackUrl("");
-      setError(null);
-      setIsDeviceCode(false);
-      setDeviceData(null);
-      setPolling(false);
-      pollingAbortRef.current = false;
-      startOAuthFlow();
-    } else if (!isOpen) {
+    if (!isOpen || !provider) {
       // Abort polling when modal closes
       pollingAbortRef.current = true;
+      return;
+    }
+
+    // Prevent duplicate generation in React Strict Mode
+    if (deviceCodeGeneratedRef.current) {
+      console.log("Device code already generated in this cycle, skipping");
+      return;
     }
-  }, [isOpen, provider, startOAuthFlow]);
+    deviceCodeGeneratedRef.current = true;
+
+    setAuthData(null);
+    setCallbackUrl("");
+    setError(null);
+    setIsDeviceCode(false);
+    setPolling(false);
+
+    // Start OAuth flow inline to avoid circular dependency
+    (async () => {
+      // For device code flow, don't regenerate if we already have valid device data
+      // BUT: For Kiro with deviceConfig, always regenerate to use the new config
+      const shouldReuseDeviceCode = (provider === "github" || provider === "qwen" || provider === "kiro") && deviceData && !polling && !(provider === "kiro" && deviceConfig);
+
+      if (shouldReuseDeviceCode) {
+        setIsDeviceCode(true);
+        setStep("waiting");
+        const verifyUrl = deviceData.verification_uri_complete || deviceData.verification_uri;
+        if (verifyUrl) window.open(verifyUrl, "_blank");
+        return;
+      }
+
+      try {
+        setError(null);
+
+        // Device code flow (GitHub, Qwen, Kiro)
+        if (provider === "github" || provider === "qwen" || provider === "kiro") {
+          setIsDeviceCode(true);
+          setStep("waiting");
+
+          // For Kiro, pass device config (startUrl, region) if provided
+          let url = `/api/oauth/${provider}/device-code`;
+          if (provider === "kiro" && deviceConfig) {
+            const params = new URLSearchParams();
+            if (deviceConfig.startUrl) params.append("startUrl", deviceConfig.startUrl);
+            if (deviceConfig.region) params.append("region", deviceConfig.region);
+            if (params.toString()) url += `?${params.toString()}`;
+          }
+
+          const res = await fetch(url);
+          const data = await res.json();
+          if (!res.ok) throw new Error(data.error);
+
+          setDeviceData(data);
+
+          // Open verification URL
+          const verifyUrl = data.verification_uri_complete || data.verification_uri;
+          if (verifyUrl) window.open(verifyUrl, "_blank");
+
+          // Start polling - pass extraData for Kiro (contains _clientId, _clientSecret)
+          const extraData = provider === "kiro" ? { _clientId: data._clientId, _clientSecret: data._clientSecret } : null;
+          startPolling(data.device_code, data.codeVerifier, data.interval || 5, extraData);
+          return;
+        }
+
+        // Authorization code flow - always use localhost with current port (except Codex)
+        let redirectUri;
+        if (provider === "codex") {
+          redirectUri = "http://localhost:1455/auth/callback";
+        } else {
+          const port = window.location.port || (window.location.protocol === "https:" ? "443" : "80");
+          redirectUri = `http://localhost:${port}/callback`;
+        }
+
+        const res = await fetch(`/api/oauth/${provider}/authorize?redirect_uri=${encodeURIComponent(redirectUri)}`);
+        const data = await res.json();
+        if (!res.ok) throw new Error(data.error);
+
+        setAuthData({ ...data, redirectUri });
+
+        if (provider === "codex" || !isLocalhost) {
+          setStep("input");
+          window.open(data.authUrl, "_blank");
+        } else {
+          setStep("waiting");
+          popupRef.current = window.open(data.authUrl, "oauth_popup", "width=600,height=700");
+
+          if (!popupRef.current) {
+            setStep("input");
+          }
+        }
+      } catch (err) {
+        setError(err.message);
+        setStep("error");
+      }
+    })();
+  }, [isOpen, provider, deviceConfig]);
 
   // Listen for OAuth callback via multiple methods
   useEffect(() => {
@@ -350,12 +464,12 @@ export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess,
               <div className="bg-sidebar p-4 rounded-lg mb-4">
                 <p className="text-xs text-text-muted mb-1">Verification URL</p>
                 <div className="flex items-center gap-2">
-                  <code className="flex-1 text-sm break-all">{deviceData.verification_uri}</code>
+                  <code className="flex-1 text-sm break-all">{deviceData.verification_uri_complete || deviceData.verification_uri}</code>
                   <Button
                     size="sm"
                     variant="ghost"
                     icon={copied === "verify_url" ? "check" : "content_copy"}
-                    onClick={() => copy(deviceData.verification_uri, "verify_url")}
+                    onClick={() => copy(deviceData.verification_uri_complete || deviceData.verification_uri, "verify_url")}
                   />
                 </div>
               </div>
diff --git a/src/shared/components/TimeRangeModal.js b/src/shared/components/TimeRangeModal.js
new file mode 100644
index 00000000..e048f12c
--- /dev/null
+++ b/src/shared/components/TimeRangeModal.js
@@ -0,0 +1,190 @@
+"use client";
+
+import { useState, useEffect } from "react";
+import Modal from "./Modal";
+import { cn } from "@/shared/utils/cn";
+
+export default function TimeRangeModal({ isOpen, onClose, currentRange, onRangeChange }) {
+  const [customFrom, setCustomFrom] = useState("");
+  const [customTo, setCustomTo] = useState("");
+
+  // Reset custom dates when modal opens
+  useEffect(() => {
+    if (isOpen) {
+      if (typeof currentRange === "object" && currentRange.type === "custom") {
+        setCustomFrom(currentRange.startDate || "");
+        setCustomTo(currentRange.endDate || "");
+      } else {
+        setCustomFrom("");
+        setCustomTo("");
+      }
+    }
+  }, [isOpen, currentRange]);
+
+  const quickRanges = [
+    { value: "5m", label: "5m" },
+    { value: "15m", label: "15m" },
+    { value: "30m", label: "30m" },
+    { value: "1h", label: "1h" },
+  ];
+
+  const extendedRanges = [
+    { value: "24h", label: "24h" },
+    { value: "48h", label: "48h" },
+    { value: "7d", label: "7d" },
+    { value: "30d", label: "30d" },
+  ];
+
+  const isSelected = (value) => {
+    if (typeof currentRange === "object") {
+      return false;
+    }
+    return currentRange === value;
+  };
+
+  const handleRangeSelect = (value) => {
+    onRangeChange(value);
+    onClose();
+  };
+
+  const handleCustomApply = () => {
+    if (customFrom && customTo) {
+      onRangeChange({
+        type: "custom",
+        startDate: customFrom,
+        endDate: customTo,
+      });
+      onClose();
+    }
+  };
+
+  const formatDatetimeLocal = (date) => {
+    const d = new Date(date);
+    const year = d.getFullYear();
+    const month = String(d.getMonth() + 1).padStart(2, "0");
+    const day = String(d.getDate()).padStart(2, "0");
+    const hours = String(d.getHours()).padStart(2, "0");
+    const minutes = String(d.getMinutes()).padStart(2, "0");
+    return `${year}-${month}-${day}T${hours}:${minutes}`;
+  };
+
+  return (
+    <Modal
+      isOpen={isOpen}
+      onClose={onClose}
+      title="Select Time Range"
+      size="md"
+      closeOnOverlay={true}
+      showCloseButton={true}
+    >
+      <div className="flex flex-col gap-6">
+        {/* Quick Ranges */}
+        <div>
+          <h3 className="text-xs font-semibold text-text-muted uppercase tracking-wider mb-3">
+            Quick Ranges
+          </h3>
+          <div className="grid grid-cols-4 gap-2">
+            {quickRanges.map((range) => (
+              <button
+                key={range.value}
+                onClick={() => handleRangeSelect(range.value)}
+                className={cn(
+                  "px-4 py-2 rounded-lg text-sm font-medium transition-all border",
+                  isSelected(range.value)
+                    ? "bg-primary text-white border-primary shadow-sm"
+                    : "bg-bg-subtle text-text hover:bg-bg-hover border-border"
+                )}
+              >
+                {range.label}
+              </button>
+            ))}
+          </div>
+        </div>
+
+        {/* Extended Ranges */}
+        <div>
+          <h3 className="text-xs font-semibold text-text-muted uppercase tracking-wider mb-3">
+            Extended Ranges
+          </h3>
+          <div className="grid grid-cols-4 gap-2">
+            {extendedRanges.map((range) => (
+              <button
+                key={range.value}
+                onClick={() => handleRangeSelect(range.value)}
+                className={cn(
+                  "px-4 py-2 rounded-lg text-sm font-medium transition-all border",
+                  isSelected(range.value)
+                    ? "bg-primary text-white border-primary shadow-sm"
+                    : "bg-bg-subtle text-text hover:bg-bg-hover border-border"
+                )}
+              >
+                {range.label}
+              </button>
+            ))}
+          </div>
+        </div>
+
+        {/* All Time */}
+        <div>
+          <button
+            onClick={() => handleRangeSelect("all")}
+            className={cn(
+              "w-full px-4 py-2 rounded-lg text-sm font-medium transition-all border",
+              isSelected("all")
+                ? "bg-primary text-white border-primary shadow-sm"
+                : "bg-bg-subtle text-text hover:bg-bg-hover border-border"
+            )}
+          >
+            All Time
+          </button>
+        </div>
+
+        {/* Custom Range */}
+        <div>
+          <h3 className="text-xs font-semibold text-text-muted uppercase tracking-wider mb-3">
+            Custom Range
+          </h3>
+          <div className="flex flex-col gap-3">
+            <div>
+              <label className="block text-sm font-medium text-text-muted mb-1.5">
+                From
+              </label>
+              <input
+                type="datetime-local"
+                value={customFrom}
+                onChange={(e) => setCustomFrom(e.target.value)}
+                max={formatDatetimeLocal(new Date())}
+                className="w-full px-3 py-2 rounded-lg border border-border bg-bg text-text text-sm focus:outline-none focus:ring-2 focus:ring-primary/50"
+              />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-text-muted mb-1.5">
+                To
+              </label>
+              <input
+                type="datetime-local"
+                value={customTo}
+                onChange={(e) => setCustomTo(e.target.value)}
+                max={formatDatetimeLocal(new Date())}
+                min={customFrom}
+                className="w-full px-3 py-2 rounded-lg border border-border bg-bg text-text text-sm focus:outline-none focus:ring-2 focus:ring-primary/50"
+              />
+            </div>
+            <button
+              onClick={handleCustomApply}
+              disabled={!customFrom || !customTo}
+              className={cn(
+                "w-full px-4 py-2 rounded-lg text-sm font-medium transition-all",
+                customFrom && customTo
+                  ? "bg-primary text-white hover:bg-primary/90"
+                  : "bg-bg-subtle text-text-muted cursor-not-allowed opacity-50"
+              )}
+            >
+              Apply Custom Range
+            </button>
+          </div>
+        </div>
+      </div>
+    </Modal>
+  );
+}
diff --git a/src/shared/components/UsageStats.js b/src/shared/components/UsageStats.js
index ee92194b..4f7e1be6 100644
--- a/src/shared/components/UsageStats.js
+++ b/src/shared/components/UsageStats.js
@@ -4,6 +4,7 @@ import { useState, useEffect, useMemo, useCallback } from "react";
 import { useSearchParams, useRouter } from "next/navigation";
 import Badge from "./Badge";
 import Card from "./Card";
+import TimeRangeModal from "./TimeRangeModal";
 import OverviewCards from "@/app/(dashboard)/dashboard/usage/components/OverviewCards";
 import UsageTable, { fmt, fmtTime } from "@/app/(dashboard)/dashboard/usage/components/UsageTable";
 import ProviderTopology from "@/app/(dashboard)/dashboard/usage/components/ProviderTopology";
@@ -20,12 +21,12 @@ function timeAgo(timestamp) {
 // Auto-update time display every second without re-rendering parent
 function TimeAgo({ timestamp }) {
   const [, setTick] = useState(0);
-  
+
   useEffect(() => {
     const timer = setInterval(() => setTick(t => t + 1), 1000);
     return () => clearInterval(timer);
   }, []);
-  
+
   return <>{timeAgo(timestamp)}</>;
 }
 
@@ -194,6 +195,11 @@ export default function UsageStats() {
   const [providers, setProviders] = useState([]);
   const [period, setPeriod] = useState("7d");
 
+  // New state for our additions
+  const [showClearConfirm, setShowClearConfirm] = useState(false);
+  const [clearing, setClearing] = useState(false);
+  const [showTimeRangeModal, setShowTimeRangeModal] = useState(false);
+
   // Fetch connected providers once, deduplicate by provider type
   useEffect(() => {
     fetch("/api/providers")
@@ -266,6 +272,37 @@ export default function UsageStats() {
     router.replace(`?${params.toString()}`, { scroll: false });
   }, [searchParams, router]);
 
+  const handleClearMetrics = async () => {
+    setClearing(true);
+    try {
+      const res = await fetch("/api/usage/clear", { method: "POST" });
+      if (res.ok) {
+        setStats(null);
+        setLoading(true);
+        setShowClearConfirm(false);
+        // Re-fetch stats
+        fetch(`/api/usage/stats?period=${period}`)
+          .then((r) => r.ok ? r.json() : null)
+          .then((data) => { if (data) setStats(data); })
+          .catch(() => {})
+          .finally(() => setLoading(false));
+      }
+    } catch (error) {
+      console.error("Error clearing metrics:", error);
+    } finally {
+      setClearing(false);
+    }
+  };
+
+  const handleCustomRange = useCallback(({ startDate, endDate }) => {
+    setFetching(true);
+    fetch(`/api/usage/stats?startDate=${startDate}&endDate=${endDate}`)
+      .then((r) => r.ok ? r.json() : null)
+      .then((data) => { if (data) setStats((prev) => ({ ...prev, ...data })); })
+      .catch(() => {})
+      .finally(() => setFetching(false));
+  }, []);
+
   // Compute active table data
   const activeTableConfig = useMemo(() => {
     if (!stats) return null;
@@ -393,7 +430,57 @@ export default function UsageStats() {
 
   return (
     <div className="flex flex-col gap-6">
-      {/* Period selector */}
+      {/* Clear Confirmation Modal */}
+      {showClearConfirm && (
+        <div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50">
+          <div className="bg-bg border border-border rounded-lg p-6 max-w-md w-full mx-4 shadow-xl">
+            <h3 className="text-lg font-semibold mb-2">Clear All Usage Metrics?</h3>
+            <p className="text-text-muted mb-4">
+              This will permanently delete all usage history. This action cannot be undone.
+            </p>
+            <div className="flex gap-3 justify-end">
+              <button
+                onClick={() => setShowClearConfirm(false)}
+                disabled={clearing}
+                className="px-4 py-2 rounded-md text-sm font-medium transition-colors bg-bg-subtle hover:bg-bg-hover border border-border disabled:opacity-50"
+              >
+                Cancel
+              </button>
+              <button
+                onClick={handleClearMetrics}
+                disabled={clearing}
+                className="px-4 py-2 rounded-md text-sm font-medium transition-colors bg-red-600 text-white hover:bg-red-700 disabled:opacity-50 flex items-center gap-2"
+              >
+                {clearing ? (
+                  <>
+                    <span className="inline-block h-4 w-4 border-2 border-white/30 border-t-white rounded-full animate-spin" />
+                    Clearing...
+                  </>
+                ) : "Clear All Data"}
+              </button>
+            </div>
+          </div>
+        </div>
+      )}
+
+      {/* Time Range Modal */}
+      {showTimeRangeModal && (
+        <TimeRangeModal
+          isOpen={showTimeRangeModal}
+          onClose={() => setShowTimeRangeModal(false)}
+          currentRange={period}
+          onRangeChange={(range) => {
+            if (typeof range === "object" && range.type === "custom") {
+              handleCustomRange(range);
+            } else {
+              setPeriod(range);
+            }
+            setShowTimeRangeModal(false);
+          }}
+        />
+      )}
+
+      {/* Period selector + Clear button */}
       <div className="flex items-center gap-2 self-end">
         <div className="flex items-center gap-1 bg-bg-subtle rounded-lg p-1 border border-border">
           {PERIODS.map((p) => (
@@ -406,7 +493,22 @@ export default function UsageStats() {
               {p.label}
             </button>
           ))}
+          <button
+            onClick={() => setShowTimeRangeModal(true)}
+            disabled={fetching}
+            className="px-3 py-1 rounded-md text-sm font-medium transition-colors text-text-muted hover:text-text hover:bg-bg-hover"
+            title="Custom date range"
+          >
+            Custom
+          </button>
         </div>
+        <button
+          onClick={() => setShowClearConfirm(true)}
+          disabled={!stats || stats.totalRequests === 0}
+          className="px-3 py-1 rounded-md text-sm font-medium transition-colors bg-red-500/10 text-red-600 hover:bg-red-500/20 disabled:opacity-50 disabled:cursor-not-allowed border border-red-500/20"
+        >
+          Clear
+        </button>
         {fetching && (
           <span className="material-symbols-outlined text-[16px] text-text-muted animate-spin">progress_activity</span>
         )}
diff --git a/src/shared/constants/pricing.js b/src/shared/constants/pricing.js
index 3ca5b9c0..eb2fe16f 100644
--- a/src/shared/constants/pricing.js
+++ b/src/shared/constants/pricing.js
@@ -567,6 +567,27 @@ export const DEFAULT_PRICING = {
 
   // Kiro AI (kr) - AWS CodeWhisperer
   kr: {
+    "claude-opus-4.6": {
+      input: 5.00,
+      output: 25.00,
+      cached: 0.50,
+      reasoning: 37.50,
+      cache_creation: 5.00
+    },
+    "claude-sonnet-4.6": {
+      input: 3.00,
+      output: 15.00,
+      cached: 0.30,
+      reasoning: 22.50,
+      cache_creation: 3.00
+    },
+    "claude-opus-4.5": {
+      input: 5.00,
+      output: 25.00,
+      cached: 0.50,
+      reasoning: 37.50,
+      cache_creation: 5.00
+    },
     "claude-sonnet-4.5": {
       input: 3.00,
       output: 15.00,
@@ -580,6 +601,41 @@ export const DEFAULT_PRICING = {
       cached: 0.05,
       reasoning: 3.75,
       cache_creation: 0.50
+    },
+    "claude-sonnet-4": {
+      input: 3.00,
+      output: 15.00,
+      cached: 0.30,
+      reasoning: 22.50,
+      cache_creation: 3.00
+    },
+    "deepseek-3.2": {
+      input: 0.50,
+      output: 2.00,
+      cached: 0.25,
+      reasoning: 3.00,
+      cache_creation: 0.50
+    },
+    "deepseek-3.1": {
+      input: 0.50,
+      output: 2.00,
+      cached: 0.25,
+      reasoning: 3.00,
+      cache_creation: 0.50
+    },
+    "minimax-m2.1": {
+      input: 0.50,
+      output: 2.00,
+      cached: 0.25,
+      reasoning: 3.00,
+      cache_creation: 0.50
+    },
+    "qwen3-coder-next": {
+      input: 1.00,
+      output: 4.00,
+      cached: 0.50,
+      reasoning: 6.00,
+      cache_creation: 1.00
     }
   },