Improve Kiro provider catalog, credits, streaming, endpoints, and TUI integration

[garysassano]

Preview

Highlights

Fixed thinking stream ordering

This PR fixes the thinking stream transform so Kiro reasoning is emitted before the final answer text. The previous parser could leak pre-thinking fragments or emit content in the wrong order when <thinking> tags arrived split across streaming chunks.

The new shared parser handles:

• split <thinking> / </thinking> tags across chunks
• quoted or backticked literal thinking tags
• thinking models that never emit a thinking block
• normal non-thinking models without parsing their literal tag text

Updated Kiro model catalog

The default Kiro model catalog has been refreshed against the official Kiro CLI model list: https://kiro.dev/docs/cli/models/

This includes newer Claude and open-weight models such as Opus 4.7, Opus 4.6, Sonnet 4.6, DeepSeek 3.2, MiniMax M2.5, GLM-5, MiniMax M2.1, and Qwen3 Coder Next.

The provider injects the model catalog automatically, so users no longer need to copy model definitions into their OpenCode config. Legacy/dotted/hyphenated/*-thinking/older *-1m aliases are still converted where possible for compatibility with existing configs, but they are not advertised as default models.

Added an OpenCode TUI plugin sidebar panel

OpenCode documents plugins here: https://opencode.ai/docs/plugins/ and its terminal UI as the TUI here: https://opencode.ai/docs/tui/.

This package now exposes a separate TUI plugin entrypoint at ./tui. When installed/configured in tui.jsonc, it adds a compact Kiro section to the session sidebar showing only:

• Kiro
• Plan: <plan>
• Credits: <used> / <limit>

The panel mirrors the useful account/credits information from the official Kiro IDE/CLI flow while keeping the OpenCode UI quiet. It is hidden for non-Kiro sessions and reads kiro.db in readonly mode without loading access tokens, refresh tokens, client secrets, or OIDC credentials.

Matched Kiro CLI credit precision

Usage tracking now matches the official kiro-cli /usage behavior more closely:

• reads currentUsageWithPrecision / usageLimitWithPrecision
• stores quota columns as REAL so fractional credits are preserved
• displays used credits with two decimals
• preserves the fully qualified remote plan label, for example KIRO PRO+
• stops incrementing usage locally during account selection
• avoids stale integer snapshots overwriting newer precise remote quota values

Uses Kiro's new runtime and management endpoints

Kiro's firewall docs list the new service endpoints under runtime.<region>.kiro.dev and management.<region>.kiro.dev, while documenting q.<region>.amazonaws.com as legacy but still required until deprecation completes: https://kiro.dev/docs/cli/privacy-and-security/firewalls/

Other Changes

Auth and provider integration

• Uses kiro as the primary provider ID while retaining a bridge for older kiro-auth config.
• Adds OpenCode auth placeholder setup so synced Kiro CLI credentials can activate the provider flow correctly.
• Improves IAM Identity Center support with profile ARN handling and OIDC client credential caching.
• Carries subscription plan and precise usage through auth, Kiro CLI sync, storage, and the TUI read path.

Runtime and reasoning support

• Keeps explicit reasoning effort support using OpenCode’s low, medium, and high effort values without advertising fake model variants.
• Centralizes streaming thinking parsing for both SDK and legacy stream transforms.
• Adds request logging that reflects which endpoint mode was used.

Packaging and README

• Exposes separate package exports for the server plugin and the TUI plugin.
• Adds the OpenTUI/Solid build step needed for dist/tui.js.
• Updates the README to document install, auth, automatic model injection, compatibility aliases, and the TUI sidebar panel.

Verification

• bun run format --check
• bun run check
• git diff --check
• live authenticated smoke test: runtime.us-east-1.kiro.dev generation returned endpoint-ok
• live authenticated smoke test: management.us-east-1.kiro.dev/getUsageLimits returned quota/plan data
• live authenticated smoke test: legacy q.us-east-1.amazonaws.com generation and usage still work

Test coverage added/updated for:

• model catalog and alias resolution
• usage precision and plan normalization
• account quota merge behavior
• TUI usage snapshot/sidebar visibility logic
• thinking stream parsing and ordering
• Kiro runtime endpoint fallback behavior
• package exports for the TUI entrypoint

[tickernelz]

Looks like this PR is still actively changing — I noticed another commit landed after review started.

To avoid reviewing/merging a moving target, can you mark this PR as Draft while you’re still iterating? Once the implementation is stable, please switch it back to Ready for review or comment here, and I’ll do the final merge-readiness review then.

[tickernelz]

Code Review Summary

Verdict: Changes requested

PR scope is good, but I found one blocking streaming regression that can leak the closing </thinking> tag and answer text into reasoning output.

Critical

• src/plugin/streaming/stream-parser.ts / src/plugin/streaming/thinking-parser.ts — findRealThinkingEndTag() only accepts </thinking> when followed by a blank line or stream end. Valid streams like <thinking>reason</thinking>Answer are not closed, so </thinking>Answer is emitted as reasoning_content instead of normal answer content.

  I reproduced locally with:

  createContentDeltaEvents('<thinking>reason</thinking>Answer', createStreamState(true))

  Actual output includes:

  { "type": "thinking_delta", "thinking": "</thinking>Answer" }

  This is a response-shape correctness regression. The parser should close on a real, unquoted/non-code-fenced </thinking> regardless of whether the model inserts a double newline after it; then separately strip optional leading newlines from the answer, as the PR already tries to do.

Warnings / follow-ups

• src/plugin/sync/kiro-cli.ts — stale CLI sync can still overwrite a healthier/newer stored account when usage fetch succeeds. The skip guard no longer protects token fields in that case, while the later upsertAccount() writes accessToken, refreshToken, and expiresAt from the CLI snapshot. Consider preserving newer credentials and only merging quota fields when the CLI token snapshot is older.
• src/tui-usage.ts — TUI sidebar picks the first healthy account globally by last_used, not necessarily the active account for the current session. This can show the wrong quota in multi-account setups. If OpenCode exposes active provider auth/session account metadata, wire it through; otherwise document this limitation.

Verified locally

• bun install --frozen-lockfile
• bun run check
• git diff --check origin/master...HEAD
• npm pack --dry-run

All declared checks pass after dependencies are installed.

[garysassano]

• Fixed thinking parsing so a real unquoted/non-code-fenced </thinking> closes reasoning even when answer text follows immediately, e.g. <thinking>reason</thinking>Answer.
• Added regression coverage for immediate answer text, split end tags, CRLF stripping, and code-fenced literal tags.
• Hardened account merging so stale CLI credential snapshots do not overwrite newer healthy stored tokens while newer quota snapshots can still merge.
• Clarified the TUI quota limitation: it only applies when kiro.db contains multiple healthy credential rows; a single logged-in account matches the active account.

[garysassano]

The TUI right panel now supports optional display fields via tui.jsonc.

Defaults stay compact/private:

• show_account_email: false
• show_plan: true
• show_credits: true

Users who want to distinguish multiple stored Kiro credentials can opt in to showing the account email:

{
  "$schema": "https://opencode.ai/tui.json",
  "plugin": [
    [
      "@zhafron/opencode-kiro-auth",
      {
        "show_account_email": true,
        "show_plan": true,
        "show_credits": true
      }
    ]
  ]
}