Add OCA provider

[supreethjavalli]

Context

• Adds a new “Oracle Code Assist” provider so users can authenticate with Oracle SSO and use OCA-hosted models in chat.
• Aligns the user experience with other providers.

Implementation

• New OCA provider in settings with Sign In/Out and status
• OAuth handshake via webview ⇄ extension messages (login, logout, status, auth URL)
• Model discovery/selection integrated; selection persisted across sessions
• Optional acknowledgment banner for models that require disclosures

How to Test

• Auth flow

  • Open Kilo Code settings → Providers → Oracle Code Assist
  • Click “Login with Oracle SSO”
  • Extension responds with auth url; webview opens auth URL
  • Complete SSO, on success, models dropdown will be display.
  • Click “Sign Out” to end the session.

• Models

  • After Login, Models dropdown will be displayed automatically.

OCA provider Login IntelliJ Screenshot:

OCA provider Login VSCode Screenshot:

How we build intelliJ plugin for testing:

• pnpm run jetbrains:bundle

How we build VSCode plugin for testing:

• pnpm run install:vsix

[changeset-bot]

⚠️ No Changeset found

Latest commit: 90b7570

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[kiloconnect]

✅ No Issues Found

38 files reviewed | Confidence: 95% | Recommendation: Merge

Review Details

Files Reviewed:

• src/api/providers/oca/OcaTokenManager.ts - OAuth token management with PKCE
• src/api/providers/oca/utils/constants.ts - OAuth configuration constants
• src/api/providers/oca-handler.ts - API handler using OpenAI SDK
• src/api/providers/fetchers/oca.ts - Model fetching logic
• webview-ui/src/components/kilocode/common/OcaAcknowledgeModal.tsx - Modal with DOMPurify sanitization
• src/core/webview/webviewMessageHandler.ts - Message handlers for OCA login/logout/status
• CLI constants, types, and provider settings files

Security Analysis:

• ✅ PKCE OAuth flow - Uses randomPKCECodeVerifier and calculatePKCECodeChallenge from openid-client library
• ✅ Secure token storage - Tokens stored in VS Code SecretStorage (encrypted)
• ✅ XSS prevention - DOMPurify sanitizes HTML in acknowledgement modal before dangerouslySetInnerHTML
• ✅ Token refresh - 180-second buffer before expiry prevents expired token usage
• ✅ Network resilience - Exponential backoff with jitter for OIDC discovery
• ✅ Port fallback - Local callback server tries ports 8669, 8668, 8667 for OAuth redirect
• ✅ Error handling - opc-request-id header included in error messages for debugging

Pattern Consistency:

• OCA handler follows the same patterns as existing openai.ts handler
• Implements SingleCompletionHandler interface correctly
• Uses OpenAI SDK consistently with other providers
• Error handling follows established patterns with handleOpenAIError

Checked: Security vulnerabilities, authentication flow, token management, XSS prevention, error handling, API patterns