Kiro Proxy

Local proxy that converts Kiro accounts into OpenAI / Anthropic compatible endpoints.

Overview • Preview • Features • Quick Start • Configuration • Usage • Thinking Mode • Outbound Proxy • Safety

English • 中文

---

🌟 Overview

Kiro Proxy is a small Go service that turns one or more authorized Kiro accounts into a local API endpoint that speaks the OpenAI and Anthropic wire formats:

1. Pools multiple Kiro accounts and load-balances requests with round-robin.
2. Translates Anthropic /v1/messages, OpenAI /v1/chat/completions, and OpenAI /v1/responses calls to and from Kiro upstream.
3. Refreshes access tokens automatically and streams Server-Sent Events end-to-end.
4. Ships with a polished web admin panel for account management, observability, and request audit.

Important

Single-binary local proxy. Not a hosted service, not affiliated with Amazon, AWS, or Kiro. You must own or be authorized to use every account you add to the pool.

If this project helps you, a Star would mean a lot.

---

🖼 Preview

Login — minimal, theme-aware sign-in	Live Monitor — RPM, error rate, traffic heatmap
Account Pool — multi-account, round-robin, auto-refresh	Request Log — paginated search, filters, full audit
API Playground — test endpoints inside the panel	Backups — snapshots, schedules, one-click restore
Outbound Proxy — SOCKS5 / HTTP, hot-swap without restart	Settings — thinking mode, theme, i18n, admin

---

✨ Features

🛰 API surface

• Anthropic /v1/messages with native tool use and streaming.
• OpenAI /v1/chat/completions with full tool-call shape parity.
• OpenAI /v1/responses with previous_response_id chaining and stored response retrieval.
• SSE streaming for every endpoint, with mid-stream account failover on transient upstream errors.
• Request body decompression (gzip/deflate) for clients that pre-compress payloads.

👥 Account pool

• Multiple Kiro accounts with round-robin selection per model.
• Automatic OAuth token refresh ahead of expiry.
• Auth methods: AWS Builder ID, IAM Identity Center (Enterprise SSO), SSO Token, local cache, credentials JSON.
• Per-account import / export and bulk operations.

🛡 Admin panel

• Live observability: RPM, error rate, model mix, traffic heatmap.
• Request log with paginated search, status/API-key filters, masked API-key column, sorting, and SQLite-backed history.
• Managed client API keys with optional custom key values, enable/disable, per-key token and credit limits, and usage reset.
• Dashboard cards split Kiro account quota usage from proxy/app request usage.
• In-panel API playground for testing endpoints without leaving the UI.
• Snapshots and scheduled backups with one-click restore.
• Theme-aware UI (light / dark / system) with cache-friendly headers.
• i18n: English and 简体中文 ship in-tree.

🌐 Networking

• Outbound proxy support — SOCKS5 or HTTP, switched live without restart.
• Configurable thinking-mode suffix and Anthropic thinking config passthrough.

🧩 Storage

• Single-file SQLite (modernc.org/sqlite) database at kiro.db, using DELETE journal mode.
• Final request rows are the source of truth for dashboard request, token, credit, success, and failed totals.
• 30-day retention on stored responses, asynchronous writes off the request hot path.

---

⚙️ Requirements

Component	Version
Go	1.25 +
OS	Linux / macOS
Container	Docker 24+ optional
Storage	Local volume on disk

---

🚀 Quick Start

🐳 Docker Compose (recommended)

git clone https://github.com/tanu360/kiro-reverse-api.git
cd kiro-reverse-api
docker-compose up -d

🐳 Docker Run

docker run -d \
  --name kiro-proxy \
  -p 8080:8080 \
  -e ADMIN_PASSWORD=your_secure_password \
  -v /path/to/kiro-proxy-state:/app/state \
  --restart unless-stopped \
  ghcr.io/tanu360/kiro-reverse-api:latest

🛠 Build from source

git clone https://github.com/tanu360/kiro-reverse-api.git
cd kiro-reverse-api
go build -o kiro-proxy .
./kiro-proxy

Tip

kiro.db is auto-created on first launch. Set DATA_DIR to store it somewhere else; Docker uses /app/state. The default admin password is changeme — override it via ADMIN_PASSWORD or change it from the admin panel before exposing the service.

---

🔧 Configuration

Variable	Purpose	Default
DATA_DIR	Directory for kiro.db	.
ADMIN_PASSWORD	Admin panel password (overrides config)	—

Warning

kiro.db holds OAuth tokens and admin credentials. Treat it as secret — keep it out of git, screenshots, and chat threads. Mount the database directory as a private volume.

---

🕹 Usage

Open http://localhost:8080/admin, log in, add accounts, then call the API:

# Anthropic — Claude
curl http://localhost:8080/v1/messages \
  -H "Content-Type: application/json" \
  -H "anthropic-version: 2023-06-01" \
  -d '{"model":"claude-sonnet-4.5","max_tokens":1024,"messages":[{"role":"user","content":"Hello!"}]}'

# OpenAI — Chat Completions
curl http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer any" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello!"}]}'

# OpenAI — Responses
curl http://localhost:8080/v1/responses \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer any" \
  -d '{"model":"gpt-4o","input":"Hello!"}'

📌 Endpoints at a glance

Method	Path	What it does
POST	/v1/messages	Anthropic-format Claude completions
POST	/v1/chat/completions	OpenAI-format chat completions
POST	/v1/responses	OpenAI Responses API (stored + chained)
GET	/v1/responses/{id}	Retrieve a previously stored response
DELETE	/v1/responses/{id}	Delete a stored response
GET	/v1/models	List available models
GET	/v1/stats	Aggregate proxy usage statistics
GET	/admin	Web admin panel

---

🔑 Managed API Keys

Enable API key verification from Settings → API Settings. You can create multiple client keys with independent limits:

• Leave Custom Key blank to auto-generate a secure sk-... key, or enter your own key value.
• Lists and request logs show masked keys such as sk-clb****e4yo; the full key remains stored for authentication and copying from key detail.
• Token and credit quota checks use exact raw values. Rounded or compact UI labels are display-only.
• A token or credit limit of 0 means unlimited for that dimension.

---

📊 Stats Semantics

Dashboard and account cards intentionally answer different questions:

• Accounts card: current configured Kiro accounts, using Kiro server quota fields (usage_current / usage_limit).
• Requests card: app/proxy history from SQLite requests rows: COUNT(*), SUM(total_tokens), and SUM(credits).
• Success / Failed cards: final proxy request outcomes from the same requests table.
• Account cards: current visible account counters saved on the account record (requestCount, totalTokens, totalCredits).

If an old/deleted account still has rows in requests, dashboard app credits can be higher than the visible account-card credit sum. Use Reset Statistics or a one-time DB cleanup if you want historical request rows cleared.

Token labels may display compactly (54.5M, 476.5K), but backend math and quota checks use raw numbers.

---

🧠 Thinking Mode

Append a suffix (default -thinking) to the model name to enable reasoning, e.g. claude-sonnet-4.5-thinking.

Claude-compatible requests that include a top-level thinking config also enable the mode automatically:

{ "type": "enabled", "budget_tokens": 2048 }
{ "type": "adaptive" }

Output format is configured in Settings → Thinking Mode in the admin panel.

---

🛰 Outbound Proxy

For users in restricted network regions, configure an outbound proxy in the admin panel under Settings → Outbound Proxy Settings.

Type	Example
SOCKS5	socks5://127.0.0.1:1080
HTTP	http://127.0.0.1:8888

Tip

The setting takes effect immediately, no restart required.

---

🔐 Environment Variables

Variable	Description	Default
DATA_DIR	Directory for kiro.db	.
ADMIN_PASSWORD	Admin panel password (overrides config)	—

+ kiro.db                # local state — config, credentials, SQLite history, backup blobs

Caution

Treat kiro.db as sensitive — it stores account tokens and admin credentials in plain text on disk.

---

🙏 Project Credits

This project is a continuation of Quorinex/Kiro-Go. Due credit for the original work belongs to the original author; I am continuing and maintaining it forward.

---

🛡 Safety

• ✅ Use only with accounts you are authorized to operate.
• ❌ Do not use for bulk account scraping or terms-of-service evasion.
• ❌ Do not add CAPTCHA bypass, identity spoofing, or rate-limit evasion.
• 🔐 Keep kiro.db out of git, public backups, and screenshots.
• 🧯 If upstream returns persistent auth errors, the proxy fails fast — investigate before retrying.

Important

For educational and research purposes only. Not affiliated with Amazon, AWS, or Kiro. Users are responsible for complying with applicable terms of service and laws. Use at your own risk.

---

📄 License

MIT

---

_{Built with ❤️ in Go · If this saved you time, drop a ⭐ on the repo.}