feat(llm-access-kiro): protect thinking signatures

[acking-you]

Summary

• Add per-key Kiro protected-content validation for returned thinking signatures and encrypted content.
• Bind generated thinking signatures to the StaticFlow key id with a server secret, while preserving the Claude-shaped signature envelope.
• Keep validation failures in the existing Anthropic error body shape, with Bedrock-style exception names included in error.message.

Root cause

Kiro thinking signatures were previously synthetic and not authenticated to a StaticFlow key, so a client could tamper with returned thinking content or replay opaque protected content without the gateway having a server-side way to reject it.

What changed

• Added key-bound protected thinking signature generation and verification.
• Added strict request preflight validation for assistant thinking history and encrypted_content when enabled on a Kiro key.
• Added the per-key admin/API/storage/migration path for kiro_protected_content_validation_enabled.
• Added Anthropic-shaped validation errors whose messages carry Bedrock exception names such as Bedrock ValidationException.

Test plan

• cargo test -p llm-access-kiro protected --jobs 4
• cargo test -p llm-access protected_content_validation --jobs 4 -- --test-threads=1
• cargo test -p llm-access kiro_dispatch_reports_missing_protected_secret_as_anthropic_error_with_bedrock_message --jobs 4 -- --test-threads=1
• cargo test -p llm-access-migrations --jobs 4
• cargo test -p llm-access normalize_key_patch_accepts_kiro_protected_content_validation_toggle --jobs 4
• cargo clippy -p llm-access-core -p llm-access-store -p llm-access-kiro -p llm-access-migrations -p llm-access --jobs 4 -- -D warnings
• cargo clippy -p static-flow-frontend --target wasm32-unknown-unknown --jobs 4 -- -D warnings
• git diff --check

[gemini-code-assist]

Code Review

This pull request introduces a protected content validation feature for the Kiro gateway, allowing the validation of client-supplied thinking signatures and encrypted content. It adds the kiro_protected_content_validation_enabled toggle across the API, database migrations, store, and frontend, and implements HMAC-SHA512-based signature verification. Feedback on these changes suggests optimizing the constant_time_eq helper by returning early when slice lengths differ to simplify the comparison. Additionally, the reviewer recommends loading the environment variable KIRO_THINKING_SIGNATURE_SECRET once at startup rather than on every request to avoid performance bottlenecks and lock contention on high-throughput paths.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e078e8af4d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a80d39c054

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".