refactor(kilo): address code review suggestions for robustness

internal/auth/kilo/kilo_auth.go

@@ -114,7 +114,10 @@ func (k *KiloAuth) PollForToken(ctx context.Context, code string) (*DeviceStatus
 
 // GetProfile fetches the user's profile.
 func (k *KiloAuth) GetProfile(ctx context.Context, token string) (*Profile, error) {
-	req, _ := http.NewRequestWithContext(ctx, "GET", BaseURL+"/profile", nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", BaseURL+"/profile", nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create get profile request: %w", err)
+	}
 	req.Header.Set("Authorization", "Bearer "+token)
 
 	resp, err := k.client.Do(req)
@@ -141,7 +144,10 @@ func (k *KiloAuth) GetDefaults(ctx context.Context, token, orgID string) (*Defau
 		url = BaseURL + "/organizations/" + orgID + "/defaults"
 	}
 
-	req, _ := http.NewRequestWithContext(ctx, "GET", url, nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create get defaults request: %w", err)
+	}
 	req.Header.Set("Authorization", "Bearer "+token)
 
 	resp, err := k.client.Do(req)

internal/runtime/executor/kilo_executor.go

@@ -307,30 +307,39 @@ func kiloCredentials(auth *cliproxyauth.Auth) (accessToken, orgID string) {
 	if auth == nil {
 		return "", ""
 	}
+
+	// Prefer kilocode specific keys, then fall back to generic keys.
+	// Check metadata first, then attributes.
 	if auth.Metadata != nil {
-		if token, ok := auth.Metadata["access_token"].(string); ok {
+		if token, ok := auth.Metadata["kilocodeToken"].(string); ok && token != "" {
+			accessToken = token
+		} else if token, ok := auth.Metadata["access_token"].(string); ok && token != "" {
 			accessToken = token
 		}
-		if token, ok := auth.Metadata["kilocodeToken"].(string); ok {
-			accessToken = token
-		}
-		if org, ok := auth.Metadata["organization_id"].(string); ok {
+
+		if org, ok := auth.Metadata["kilocodeOrganizationId"].(string); ok && org != "" {
 			orgID = org
-		}
-		if org, ok := auth.Metadata["kilocodeOrganizationId"].(string); ok {
+		} else if org, ok := auth.Metadata["organization_id"].(string); ok && org != "" {
 			orgID = org
 		}
 	}
+
 	if accessToken == "" && auth.Attributes != nil {
-		accessToken = auth.Attributes["access_token"]
-		if accessToken == "" {
-			accessToken = auth.Attributes["kilocodeToken"]
-		}
-		orgID = auth.Attributes["organization_id"]
-		if orgID == "" {
-			orgID = auth.Attributes["kilocodeOrganizationId"]
+		if token := auth.Attributes["kilocodeToken"]; token != "" {
+			accessToken = token
+		} else if token := auth.Attributes["access_token"]; token != "" {
+			accessToken = token
 		}
 	}
+
+	if orgID == "" && auth.Attributes != nil {
+		if org := auth.Attributes["kilocodeOrganizationId"]; org != "" {
+			orgID = org
+		} else if org := auth.Attributes["organization_id"]; org != "" {
+			orgID = org
+		}
+	}
+
 	return accessToken, orgID
 }
 

sdk/auth/kilo.go

@@ -75,8 +75,8 @@ func (a *KiloAuthenticator) Login(ctx context.Context, cfg *config.Config, opts
 				return nil, err
 			}
 			var choice int
-			fmt.Sscanf(input, "%d", &choice)
-			if choice > 0 && choice <= len(profile.Orgs) {
+			_, err = fmt.Sscan(input, &choice)
+			if err == nil && choice > 0 && choice <= len(profile.Orgs) {
 				orgID = profile.Orgs[choice-1].ID
 			} else {
 				orgID = profile.Orgs[0].ID