Skip to content

feat(skills): support GitHub Kiro relogin workflows#62

Merged
acking-you merged 1 commit into
masterfrom
feat/kiro-social-github-refresh
Jul 1, 2026
Merged

feat(skills): support GitHub Kiro relogin workflows#62
acking-you merged 1 commit into
masterfrom
feat/kiro-social-github-refresh

Conversation

@acking-you

Copy link
Copy Markdown
Owner

Summary

Add a generalized Kiro social onboarding skill that keeps the existing Google flow while adding a GitHub relogin path for expired or 401 Kiro accounts.

What changed

  • Rename the old Google-specific Kiro onboarding skill to kiro-social-onboarder and preserve the Google scripts under the new skill.
  • Add a GitHub Kiro onboarding script and browser helper that can prefill GitHub credentials, wait for manual 2FA, update existing 401 accounts by name or upstream user id, record the kiro-cli whoami email, preserve proxy/settings, and refresh Kiro balance.
  • Add tests for GitHub provider selection, account matching, pagination, email parsing/import, disabled-account handling, and password handling.
  • Add a GitHub account suspension appeal skill plus a local appeal tracker for the accounts discovered during relogin triage.

Verification

  • python3 -m unittest skills/kiro-social-onboarder/tests/test_onboard_kiro_social_github.py
  • python3 -m unittest skills/github-account-suspension-appeal/tests/test_skill_contract.py
  • python3 -m py_compile skills/kiro-social-onboarder/scripts/onboard_kiro_social_github.py skills/kiro-social-onboarder/scripts/onboard_kiro_social_google.py skills/kiro-social-onboarder/tests/test_onboard_kiro_social_github.py skills/github-account-suspension-appeal/tests/test_skill_contract.py
  • node --check skills/kiro-social-onboarder/scripts/drive_kiro_social_github.mjs && node --check skills/kiro-social-onboarder/scripts/drive_kiro_social_google.mjs
  • python3 /home/ts_user/.codex/skills/.system/skill-creator/scripts/quick_validate.py skills/kiro-social-onboarder && python3 /home/ts_user/.codex/skills/.system/skill-creator/scripts/quick_validate.py skills/github-account-suspension-appeal

No Rust crate files changed, so Cargo checks were not run.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a GitHub Account Suspension Appeal Tracker and a new skill for drafting suspension appeals. It also replaces the Google-only onboarder with a unified kiro-social-onboarder supporting both Google and GitHub, adding Node.js and Python scripts to automate the GitHub login and import flow. Review feedback highlighted two main improvements in the Python onboarding script: removing a redundant and expensive system-wide account fetch before deleting a temporary probe account, and improving the robustness of the device token polling loop by continuing to poll on transient errors instead of crashing.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +685 to +686
if find_account(fetch_kiro_accounts(args.admin_base_url, args.admin_token), probe_name):
delete_account(args.admin_base_url, probe_name, args.admin_token)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This check is redundant and potentially very expensive. fetch_kiro_accounts paginates through all accounts in the system, which can cause significant overhead and latency. Since delete_account already safely handles non-existent accounts inside a try-except block, you can call it directly without checking for existence beforehand.

    delete_account(args.admin_base_url, probe_name, args.admin_token)
References
  1. Avoid redundant database queries by ensuring that a subsequent function (such as a patch or update function) does not already perform the same existence check internally before calling it.

Comment on lines +418 to +422
except RuntimeError as exc:
if "AuthorizationPending" in str(exc) or "authorization" in str(exc).lower():
time.sleep(5)
continue
raise

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

During the manual 2FA and login flow, transient network issues, server-side rate limits (slow_down), or temporary gateway errors (e.g., 502/503/504) can raise a RuntimeError that does not contain the word 'authorization'. This would cause the script to crash immediately, disrupting the onboarding process. It is much more robust to continue polling on any non-fatal errors, and only propagate terminal OAuth2 errors like expired_token, access_denied, or invalid_grant.

Suggested change
except RuntimeError as exc:
if "AuthorizationPending" in str(exc) or "authorization" in str(exc).lower():
time.sleep(5)
continue
raise
except RuntimeError as exc:
exc_str = str(exc).lower()
if "expired_token" in exc_str or "access_denied" in exc_str or "invalid_grant" in exc_str:
raise
time.sleep(5)
continue

@acking-you acking-you merged commit afe0a64 into master Jul 1, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant