Feature/kiro integration

[luispater]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @luispater, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant new feature: full integration with Kiro (AWS CodeWhisperer) and Amazon Q. It provides multiple authentication methods, including AWS Builder ID and social logins, along with the ability to import existing Kiro IDE tokens. A custom protocol handler ensures a smooth OAuth experience, and an incognito browser mode supports multi-account usage. The changes also include robust token refresh, intelligent quota fallback, and comprehensive tool calling support, all while enhancing the overall stability and configurability of the system.

Highlights

• Kiro (AWS CodeWhisperer) Integration: Introduced comprehensive support for Kiro (AWS CodeWhisperer) as a new provider, enabling access to its AI models and features.
• Multiple Kiro Authentication Methods: Implemented various authentication flows for Kiro, including AWS Builder ID (device code flow), Google OAuth, GitHub OAuth, and the ability to import existing tokens from the Kiro IDE cache.
• Custom Protocol Handler for Social Logins: Developed a platform-specific custom protocol handler (kiro://) to facilitate seamless OAuth callbacks for Google and GitHub logins on Linux, Windows, and macOS.
• Incognito Browser Mode for OAuth: Added an incognito-browser configuration option and command-line flags (--incognito, --no-incognito) to control whether OAuth flows open in a private browsing window, enhancing multi-account support.
• Automatic Token Refresh and Quota Fallback: Integrated logic for automatic Kiro token refresh upon expiration or authentication errors (401/403), and implemented a fallback mechanism for Amazon Q (CLI) quota exhaustion (429) to Kiro IDE (AI_EDITOR) quota.
• Tool Calling Support for Kiro: Enabled full tool calling capabilities for Kiro, including parsing tool definitions, handling tool use events in streaming responses, and translating them to Claude/OpenAI compatible formats.
• Thread-Safety and Robustness Improvements: Enhanced thread-safety for shared resources like OAuth status maps, random number generators, and HTTP client caches using mutexes, improving stability under concurrent operations.
• Enhanced Logging and Configuration: Improved global logging to always include caller information and added a dedicated kiro section to config.example.yaml for detailed Kiro provider configuration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive integration with Kiro (AWS CodeWhisperer), including multiple authentication methods (Google OAuth, AWS Builder ID, and token import), API execution logic with token refresh and quota fallbacks, and a custom protocol handler for an improved user experience. The changes are extensive and well-implemented, also including important concurrency and security fixes. My review focuses on opportunities for code simplification, refactoring to reduce duplication, addressing a security concern with a hardcoded secret, and correcting a test case.

[gemini-code-assist]

The getIFlowClientSecret function falls back to a hardcoded default client secret. Hardcoding secrets is a security risk. It's recommended to remove the default value and require the IFLOW_CLIENT_SECRET environment variable to be set, or at least log a prominent warning when the default is used to discourage its use in production environments.

Suggested change

	func getIFlowClientSecret() string {
	if secret := os.Getenv("IFLOW_CLIENT_SECRET"); secret != "" {
	return secret
	}
	return defaultIFlowClientSecret
	}
	func getIFlowClientSecret() string {
	if secret := os.Getenv("IFLOW_CLIENT_SECRET"); secret != "" {
	return secret
	}
	log.Warn("IFLOW_CLIENT_SECRET environment variable is not set. Using the default client secret is insecure and should be avoided in production.")
	return defaultIFlowClientSecret
	}

[gemini-code-assist]

The if/else if chain for handling different Kiro login flags (kiroLogin, kiroGoogleLogin, kiroAWSLogin) contains duplicated code. The comments and the call to setKiroIncognitoMode are repeated in each block. This can be refactored to reduce redundancy and improve maintainability by grouping the common logic.

    } else if kiroLogin || kiroGoogleLogin || kiroAWSLogin {
		// For Kiro auth, default to incognito mode for multi-account support
		// Users can explicitly override with --no-incognito
		// Note: This config mutation is safe - auth commands exit after completion
		// and don't share config with StartService (which is in the else branch)
		setKiroIncognitoMode(cfg, useIncognito, noIncognito)

		if kiroLogin {
			cmd.DoKiroLogin(cfg, options)
		} else if kiroGoogleLogin {
			cmd.DoKiroGoogleLogin(cfg, options)
		} else if kiroAWSLogin {
			cmd.DoKiroAWSLogin(cfg, options)
		}
	} else if kiroImport {
		cmd.DoKiroImport(cfg, options)
	} else {
		// In cloud deploy mode without config file, just wait for shutdown signals
		if isCloudDeploy && !configFileExists {

[gemini-code-assist]

The expected value in this test case for path traversal seems incorrect. The SanitizeEmailForFilename function with the input "../../../etc/passwd" will produce "_.._.._.._etc_passwd", but the test expects "_.__.__._etc_passwd". This indicates a discrepancy between the test's expectation and the implementation's actual behavior. The test should be updated to reflect the correct output of the function to ensure its behavior is tested accurately.

Suggested change

	{
	name: "Path traversal attempt",
	email: "../../../etc/passwd",
	expected: "_.__.__._etc_passwd",
	},
	{
	name: "Path traversal attempt",
	email: "../../../etc/passwd",
	expected: "_.._.._.._etc_passwd",
	},