npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

opencode-kiro-multi-auth

v1.1.1

Published

OpenCode multi-account authentication plugin for AWS Kiro — production-hardened with encrypted token storage, intelligent account rotation, and automatic failover

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ndycodendycode

Keywords

opencodepluginkirocodewhispererawsclaudeaiauth

Readme

OpenCode Kiro Multi-Auth

npm version license

Production-hardened multi-account authentication plugin for OpenCode — provides access to Claude models via AWS Kiro with intelligent account rotation, encrypted token storage, and automatic failover.

Architecture

src/
├── core/
│   ├── auth/           Token refresh (single-flight), OAuth device flow, CLI sync
│   ├── request/        Request handler, retry strategy, error classification
│   └── account/        Account selection (sticky/round-robin/lowest-usage), usage tracking
├── plugin/
│   ├── storage/        SQLite with AES-256-GCM encryption, WAL mode
│   ├── streaming/      AWS event stream → OpenAI SSE conversion
│   ├── config/         Zod-validated config with env overrides
│   ├── sync/           Kiro CLI database import/export
│   └── ...             Token refresh, HTTP utilities, redaction, logging
├── kiro/               OAuth IDC device code flow, token encoding
├── tui.ts              Interactive account manager (raw ANSI)
├── cli.ts              CLI entry point with guided-add flow
└── plugin.ts           OpenCode plugin registration

Features

  • Multi-Account Rotation — sticky, round-robin, or lowest-usage strategies with automatic failover
  • Encrypted Storage — AES-256-GCM encryption for all tokens at rest
  • Fast-Fail Recovery — detects when all accounts are broken and stops immediately instead of burning iterations
  • Single-Flight Refresh — prevents concurrent token refreshes from racing
  • Streaming — full AWS event stream → OpenAI SSE conversion with thinking mode support
  • TUI Account Manager — interactive terminal UI for managing accounts
  • Auto-Sync — imports sessions from Kiro CLI automatically
  • Production Hardened — body read timeouts, JSON depth limits, monotonic timing, log redaction

Installation

{
  "plugin": ["opencode-kiro-multi-auth"],
  "provider": {
    "kiro": {
      "models": {
        "claude-sonnet-4-6": {
          "name": "Claude Sonnet 4.6",
          "limit": { "context": 200000, "output": 64000 },
          "modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
        },
        "claude-sonnet-4-6-thinking": {
          "name": "Claude Sonnet 4.6 Thinking",
          "limit": { "context": 200000, "output": 64000 },
          "modalities": { "input": ["text", "image", "pdf"], "output": ["text"] },
          "variants": {
            "low": { "thinkingConfig": { "thinkingBudget": 8192 } },
            "medium": { "thinkingConfig": { "thinkingBudget": 16384 } },
            "max": { "thinkingConfig": { "thinkingBudget": 32768 } }
          }
        },
        "claude-opus-4-6": {
          "name": "Claude Opus 4.6",
          "limit": { "context": 200000, "output": 64000 },
          "modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
        },
        "claude-opus-4-6-thinking": {
          "name": "Claude Opus 4.6 Thinking",
          "limit": { "context": 200000, "output": 64000 },
          "modalities": { "input": ["text", "image", "pdf"], "output": ["text"] },
          "variants": {
            "low": { "thinkingConfig": { "thinkingBudget": 8192 } },
            "medium": { "thinkingConfig": { "thinkingBudget": 16384 } },
            "max": { "thinkingConfig": { "thinkingBudget": 32768 } }
          }
        }
      }
    }
  }
}

See the full model list in the Models section.

Setup

Option 1: Kiro CLI (Recommended)

kiro-cli login

The plugin auto-imports your session on startup via auto_sync_kiro_cli: true.

Option 2: Direct OAuth

opencode auth login
# Select "Other" → type "kiro" → follow prompts

For IAM Identity Center, you'll be prompted for Start URL and region.

Option 3: CLI Account Manager

kiro-multi-auth tui    # Interactive TUI
kiro-multi-auth add    # Guided add flow

Configuration

Edit ~/.config/opencode/kiro.json:

{
  "account_selection_strategy": "lowest-usage",
  "default_region": "us-east-1",
  "auto_sync_kiro_cli": true,
  "max_request_iterations": 50,
  "request_timeout_ms": 120000,
  "token_expiry_buffer_ms": 120000,
  "rate_limit_retry_delay_ms": 5000,
  "rate_limit_max_retries": 3,
  "usage_tracking_enabled": true,
  "reAuthCooldownMs": 60000
}

Key Options

| Option | Default | Description | |--------|---------|-------------| | account_selection_strategy | lowest-usage | sticky, round-robin, or lowest-usage | | auto_sync_kiro_cli | true | Import sessions from Kiro CLI on startup | | max_request_iterations | 50 | Max retry loop iterations before failing | | request_timeout_ms | 120000 | Total request timeout (ms) | | token_expiry_buffer_ms | 120000 | Refresh tokens this far before expiry | | reAuthCooldownMs | 60000 | Cooldown after failed re-auth attempt | | idc_start_url | — | IAM Identity Center Start URL | | idc_region | — | IAM Identity Center region (sso_region) | | idc_profile_arn | — | CodeWhisperer/Q Developer profile ARN |

Environment Overrides

All config options can be overridden via KIRO_* environment variables:

  • KIRO_LOG — log level (debug, info, warn, error)
  • KIRO_RATE_LIMIT_RETRY_DELAY_MS, KIRO_REQUEST_TIMEOUT_MS, etc.

Models

All Claude models available through Kiro:

| Model | Context | Thinking | |-------|---------|----------| | claude-sonnet-4-6 | 200K | — | | claude-sonnet-4-6-thinking | 200K | ✓ | | claude-sonnet-4-6-1m | 1M | — | | claude-sonnet-4-6-1m-thinking | 1M | ✓ | | claude-sonnet-4-5 | 200K | — | | claude-sonnet-4-5-thinking | 200K | ✓ | | claude-opus-4-6 | 200K | — | | claude-opus-4-6-thinking | 200K | ✓ | | claude-opus-4-6-1m | 1M | — | | claude-opus-4-6-1m-thinking | 1M | ✓ | | claude-opus-4-5 | 200K | — | | claude-opus-4-5-thinking | 200K | ✓ | | claude-haiku-4-5 | 200K | — | | claude-haiku-4-5-thinking | 200K | ✓ |

Security

  • Token Encryption — AES-256-GCM with per-machine key (~/.config/opencode/.kiro-key)
  • Log Redaction — JWTs, bearer tokens, and sensitive keys are scrubbed from all log output
  • File Ownership — Kiro CLI database ownership verified before import (Unix)
  • HTTPS Only — All OAuth URLs validated as HTTPS before use
  • Bounded Reads — Response bodies capped to prevent memory exhaustion
  • JSON Depth Limit — Parsed responses limited to 20 levels of nesting

Storage

| Platform | Database | Config | |----------|----------|--------| | Linux/macOS | ~/.config/opencode/kiro.db | ~/.config/opencode/kiro.json | | Windows | %APPDATA%\opencode\kiro.db | %APPDATA%\opencode\kiro.json |

Troubleshooting

"Exceeded max iterations"

All accounts failed authentication. Run kiro-multi-auth tui to check account health, or kiro-cli login to refresh credentials.

"All Kiro accounts are rate-limited"

Wait for the cooldown period shown in the error message, or add more accounts.

"403 / User is not authorized"

IAM Identity Center requires a profile ARN. Run kiro-cli profile to select one, or set idc_profile_arn in config.

"No accounts"

Ensure kiro-cli login succeeds and auto_sync_kiro_cli is true in config.

CLI Commands

kiro-multi-auth                    Interactive TUI
kiro-multi-auth accounts list      List all saved accounts
kiro-multi-auth accounts add       Guided add flow
kiro-multi-auth accounts sync      Import current Kiro CLI session
kiro-multi-auth accounts switch N  Set account N as active
kiro-multi-auth accounts enable N  Enable account N
kiro-multi-auth accounts disable N Disable account N
kiro-multi-auth accounts reset N   Reset health markers
kiro-multi-auth accounts remove N  Delete saved account

License

MIT