feat(skills): support GitHub Kiro relogin workflows#62
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces a GitHub Account Suspension Appeal Tracker and a new skill for drafting suspension appeals. It also replaces the Google-only onboarder with a unified kiro-social-onboarder supporting both Google and GitHub, adding Node.js and Python scripts to automate the GitHub login and import flow. Review feedback highlighted two main improvements in the Python onboarding script: removing a redundant and expensive system-wide account fetch before deleting a temporary probe account, and improving the robustness of the device token polling loop by continuing to poll on transient errors instead of crashing.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| if find_account(fetch_kiro_accounts(args.admin_base_url, args.admin_token), probe_name): | ||
| delete_account(args.admin_base_url, probe_name, args.admin_token) |
There was a problem hiding this comment.
This check is redundant and potentially very expensive. fetch_kiro_accounts paginates through all accounts in the system, which can cause significant overhead and latency. Since delete_account already safely handles non-existent accounts inside a try-except block, you can call it directly without checking for existence beforehand.
delete_account(args.admin_base_url, probe_name, args.admin_token)References
- Avoid redundant database queries by ensuring that a subsequent function (such as a patch or update function) does not already perform the same existence check internally before calling it.
| except RuntimeError as exc: | ||
| if "AuthorizationPending" in str(exc) or "authorization" in str(exc).lower(): | ||
| time.sleep(5) | ||
| continue | ||
| raise |
There was a problem hiding this comment.
During the manual 2FA and login flow, transient network issues, server-side rate limits (slow_down), or temporary gateway errors (e.g., 502/503/504) can raise a RuntimeError that does not contain the word 'authorization'. This would cause the script to crash immediately, disrupting the onboarding process. It is much more robust to continue polling on any non-fatal errors, and only propagate terminal OAuth2 errors like expired_token, access_denied, or invalid_grant.
| except RuntimeError as exc: | |
| if "AuthorizationPending" in str(exc) or "authorization" in str(exc).lower(): | |
| time.sleep(5) | |
| continue | |
| raise | |
| except RuntimeError as exc: | |
| exc_str = str(exc).lower() | |
| if "expired_token" in exc_str or "access_denied" in exc_str or "invalid_grant" in exc_str: | |
| raise | |
| time.sleep(5) | |
| continue |
Summary
Add a generalized Kiro social onboarding skill that keeps the existing Google flow while adding a GitHub relogin path for expired or 401 Kiro accounts.
What changed
kiro-social-onboarderand preserve the Google scripts under the new skill.kiro-cli whoamiemail, preserve proxy/settings, and refresh Kiro balance.Verification
python3 -m unittest skills/kiro-social-onboarder/tests/test_onboard_kiro_social_github.pypython3 -m unittest skills/github-account-suspension-appeal/tests/test_skill_contract.pypython3 -m py_compile skills/kiro-social-onboarder/scripts/onboard_kiro_social_github.py skills/kiro-social-onboarder/scripts/onboard_kiro_social_google.py skills/kiro-social-onboarder/tests/test_onboard_kiro_social_github.py skills/github-account-suspension-appeal/tests/test_skill_contract.pynode --check skills/kiro-social-onboarder/scripts/drive_kiro_social_github.mjs && node --check skills/kiro-social-onboarder/scripts/drive_kiro_social_google.mjspython3 /home/ts_user/.codex/skills/.system/skill-creator/scripts/quick_validate.py skills/kiro-social-onboarder && python3 /home/ts_user/.codex/skills/.system/skill-creator/scripts/quick_validate.py skills/github-account-suspension-appealNo Rust crate files changed, so Cargo checks were not run.