fix(mcp): make native web_search work end-to-end via Kiro MCP#5
Merged
Conversation
Complete fix for Claude Code's native web_search server-side tool routed through the gateway to runtime.kiro.dev/mcp. Two server-side gates had to be cleared: 1. 400 "profileArn is required" - call_kiro_mcp_api omitted the profileArn that every other Kiro call includes. Add it to the MCP request body (auth_manager.profile_arn or PROFILE_ARN), mirroring the completion paths. (Same field contributed upstream in jwadow#180/jwadow#189/jwadow#175.) 2. 403 "User is not authorized to make this call" - the MCP request sent only Authorization/optout/Content-Type, omitting the Kiro client-identity headers (User-Agent w/ KiroIDE-<version>-<fingerprint>, x-amz-user-agent, x-amzn-kiro-agent-mode, amz-sdk-*) that the completion path sends via get_kiro_headers. The /mcp endpoint gates authorization on these signals. Build the MCP headers from the canonical get_kiro_headers and override the three fields that differ for /mcp: Content-Type application/json (JSON-RPC, not x-amz-json), drop x-amz-target, set optout false. Also include response.text in the non-200 error log - it was decisive in diagnosing the 403 and is low-noise (fires only on failure). Verified end-to-end: native web_search returns live results on an enterprise SSO OIDC (kiro-cli) account that previously 403'd. Add regression tests asserting the MCP request includes profileArn and the Kiro client-identity headers.
severity1
force-pushed
the
fix/mcp-websearch-complete
branch
from
9754172 to
33ae507
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Makes Claude Code's native
web_searchserver-side tool work end-to-end through the gateway toruntime.kiro.dev/mcp. This is the complete fix applied to the fork; the client-identity-headers half is upstreamed surgically in jwadow#213.Two server-side gates had to be cleared, in order:
400
profileArn is required—call_kiro_mcp_apiomitted theprofileArnthat every other Kiro call sends. Added to the MCP request body (auth_manager.profile_arn or PROFILE_ARN), mirroring the completion paths. (Same field is contributed upstream in fix(mcp): add profileArn to MCP web_search request body jwadow/kiro-gateway#180 / fix(mcp): include profileArn for Enterprise accounts in web_search jwadow/kiro-gateway#189 / fix: handle profileArn runtime endpoint regressions (#168, #173) jwadow/kiro-gateway#175.)403
User is not authorized to make this call— the MCP request sent onlyAuthorization/x-amzn-codewhisperer-optout/Content-Type, omitting the Kiro client-identity headers (User-Agentw/KiroIDE-<version>-<fingerprint>,x-amz-user-agent,x-amzn-kiro-agent-mode,amz-sdk-*) that the completion path sends viaget_kiro_headers. The/mcpendpoint gates authorization on these signals. Built the MCP headers from the canonicalget_kiro_headersand overrode the three fields that differ for/mcp:Content-Type: application/json(JSON-RPC, notx-amz-json), dropx-amz-target, set optoutfalse.Also includes
response.textin the non-200 error log — decisive in diagnosing the 403, low-noise (fires only on failure).Why both pieces are here
The fork needs web_search to actually work, which requires clearing both the 400 and the 403.
profileArnalone (the upstream PRs) gets past the 400 but still 403s on enterprise SSO; the headers alone never get past the 400. The novel contribution (headers) is upstreamed separately and surgically in jwadow#213; this PR keeps the fork whole.Testing
web_searchreturns live results through the gateway on an enterprise SSO OIDC (kiro-cli) account that previously 403'd.profileArnand the Kiro client-identity headers.tests/unit/test_mcp_tools.pypasses (23 tests).