feat(kiro): add IDC auth and endpoint improvements, redesign fingerprint system

- Add IAM Identity Center (IDC) authentication with CLI flags (--kiro-idc-login, --kiro-idc-start-url, --kiro-idc-region) and login flow
- Add ProfileArn auto-fetching in Execute/ExecuteStream for imported IDC accounts
- Simplify endpoint preference with map-based alias lookup and getAuthValue helper
- Redesign fingerprint as global singleton with external config and per-account deterministic generation
- Add StartURL and FingerprintConfig fields to Kiro config
- Add AgentContinuationID/AgentTaskType support in Kiro translators
- Add comprehensive tests for executor, fingerprint, SSO OIDC, and AWS helpers
- Add CLI login documentation to README

sdk/auth/kiro.go

@@ -166,9 +166,21 @@ func (a *KiroAuthenticator) Login(ctx context.Context, cfg *config.Config, opts
 		return nil, fmt.Errorf("kiro auth: configuration is required")
 	}
 
+	// Extract IDC options from metadata if present
+	var idcOpts *kiroauth.IDCLoginOptions
+	if opts != nil && opts.Metadata != nil {
+		if startURL := opts.Metadata["start-url"]; startURL != "" {
+			idcOpts = &kiroauth.IDCLoginOptions{
+				StartURL:      startURL,
+				Region:        opts.Metadata["region"],
+				UseDeviceCode: opts.Metadata["flow"] == "device",
+			}
+		}
+	}
+
 	// Use the unified method selection flow (Builder ID or IDC)
 	ssoClient := kiroauth.NewSSOOIDCClient(cfg)
-	tokenData, err := ssoClient.LoginWithMethodSelection(ctx)
+	tokenData, err := ssoClient.LoginWithMethodSelection(ctx, idcOpts)
 	if err != nil {
 		return nil, fmt.Errorf("login failed: %w", err)
 	}