From fafef32b9ebf74968a3a90eacf8fa46ce4e75b85 Mon Sep 17 00:00:00 2001 From: taetaetae Date: Sat, 31 Jan 2026 00:05:53 +0900 Subject: [PATCH] fix(kiro): Do not use OIDC region for API endpoint Kiro API endpoints only exist in us-east-1, but OIDC region can vary by Enterprise user location (e.g., ap-northeast-2 for Korean users). Previously, when ProfileARN was not available, the code fell back to using OIDC region for API calls, causing DNS resolution failures: lookup codewhisperer.ap-northeast-2.amazonaws.com: no such host This fix removes the OIDC region fallback for API endpoints. The region priority is now: 1. api_region (explicit override) 2. ProfileARN region 3. us-east-1 (default) Fixes: Issue #253 (200-400x slower response times due to DNS failures) --- internal/runtime/executor/kiro_executor.go | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/internal/runtime/executor/kiro_executor.go b/internal/runtime/executor/kiro_executor.go index 2c862807..a6449a88 100644 --- a/internal/runtime/executor/kiro_executor.go +++ b/internal/runtime/executor/kiro_executor.go @@ -398,8 +398,8 @@ var kiroEndpointConfigs = buildKiroEndpointConfigs(kiroDefaultRegion) // Region priority: // 1. auth.Metadata["api_region"] - explicit API region override // 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. auth.Metadata["region"] - OIDC/Identity region (may differ from API region) -// 4. kiroDefaultRegion (us-east-1) - fallback +// 3. kiroDefaultRegion (us-east-1) - fallback +// Note: OIDC "region" is NOT used - it's for token refresh, not API calls func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig { if auth == nil { return kiroEndpointConfigs @@ -422,13 +422,9 @@ func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig { regionSource = "profile_arn" } } - // Priority 3: OIDC region (only if not already set from profile_arn) - if regionSource == "default" { - if r, ok := auth.Metadata["region"].(string); ok && r != "" { - region = r - regionSource = "region" - } - } + // Note: OIDC "region" field is NOT used for API endpoint + // Kiro API only exists in us-east-1, while OIDC region can vary (e.g., ap-northeast-2) + // Using OIDC region for API calls causes DNS failures } }