DEV Community: Akash Birajdar

Building an AI-Powered Unified Inbox with Kiro: A Deep Dive into Spec-Driven Development

Akash Birajdar — Fri, 05 Dec 2025 20:40:15 +0000

Building Champa: An AI-Powered Unified Inbox

Ever feel overwhelmed juggling Gmail, Slack, and Calendar? Context-switching between platforms wastes hours every week. That's why I built Champa—an intelligent unified inbox that consolidates all your communications into one AI-enhanced interface.

The interesting part? I built it using Kiro, an AI-powered IDE that goes beyond traditional coding assistants. This article shares what Champa does and how Kiro's advanced features made the development process remarkably efficient.

The Problem: Communication Chaos

Modern professionals deal with:

📧 Important emails buried in spam
💬 Urgent Slack messages lost in channels
📅 Calendar events scattered across platforms
⏰ Hours spent crafting professional responses

Champa solves this by:

Aggregating messages from Gmail, Slack, and Calendar
Using AI to summarize, prioritize, and extract action items
Generating smart replies that match your writing style
Requiring human approval before sending (you stay in control)

The Tech Stack

Backend: FastAPI, LangGraph, LangChain, PostgreSQL, Qdrant
Frontend: React 18, TypeScript, RetroUI
AI: OpenAI GPT-4, Sentence Transformers
Testing: pytest with Hypothesis (property-based testing)

But the real star of the show? Kiro.

What Makes Kiro Different?

Kiro isn't just an autocomplete tool. It's a full AI-powered development environment with:

Spec-Driven Development: Define requirements, design, and tasks—Kiro implements them
Steering Docs: Project-wide guidelines that ensure consistency
Agent Hooks: Automated workflows triggered by file changes
MCP Integration: Real-time access to up-to-date documentation
Vibe Coding: Natural language prompts for rapid prototyping

Let me show you how each feature accelerated Champa's development.

1. Spec-Driven Development: The Game Changer

I started by creating a comprehensive spec in .kiro/specs/champa-unified-inbox/:

requirements.md

## Requirement 7
**User Story:** As a user, I want the system to generate draft replies 
for my emails, so that I can respond quickly without starting from scratch.

#### Acceptance Criteria
1. WHEN a user requests a smart reply for an email 
   THEN the system SHALL fetch the complete thread context
2. WHEN generating a smart reply 
   THEN the Deep Agent SHALL retrieve relevant User Persona data
3. WHEN generating a smart reply 
   THEN the Deep Agent SHALL create a step-by-step plan using LangGraph
...

design.md

## Correctness Properties

### Property 27: Smart reply fetches thread context
*For any* smart reply request, the system should fetch the complete 
thread context including all related messages.
**Validates: Requirements 7.1**

### Property 28: Smart reply uses persona data
*For any* smart reply being generated, the Deep Agent should retrieve 
and use relevant User Persona data.
**Validates: Requirements 7.2**
...

tasks.md

- [ ] 8.3 Implement smart reply generation workflow
  - Create fetch_thread_context method
  - Create retrieve_persona method
  - Create reply planning agent
  - Create draft generation agent
  - Implement platform-specific formatting
  - _Requirements: 7.1, 7.2, 7.4_

The magic: When I asked Kiro to "implement task 8.3", it:

Read the requirements and understood the acceptance criteria
Checked the correctness properties it needed to satisfy
Generated complete code with LangGraph's interrupt mechanism for human approval
Created property-based tests to verify the implementation

No more "I hope the AI understood what I meant." The spec was the single source of truth.

2. Steering Docs: Consistency on Autopilot

I created three steering documents that Kiro automatically included in every interaction:

tech.md:

## Key Technical Constraints
- All UI components must use RetroUI library
- Platform integrations must go through abstract interfaces
- All AI-generated email replies require human approval before sending
- Property-based tests must run minimum 100 iterations

structure.md:

## File Naming Conventions
- **Python**: snake_case for files and functions
- **TypeScript/React**: PascalCase for components, camelCase for utilities
- **Tests**: `test_*.py` for Python, `*.test.tsx` for React

Result: Every component Kiro generated automatically:

Used RetroUI (no manual fixes needed)
Followed our naming conventions
Placed files in the correct directories
Implemented property-based tests with 100+ iterations

Without steering docs, I'd spend hours fixing consistency violations. With them, code was production-ready from the start.

3. Agent Hooks: Automated Quality Checks

I set up three hooks in .kiro/hooks/ that ran automatically on file changes:

security-review-hook.kiro.hook

{
  "enabled": true,
  "name": "Security Review on File Changes",
  "when": { "type": "fileEdited" },
  "then": {
    "type": "askAgent",
    "prompt": "Review the changed files for potential security issues..."
  }
}

This hook caught multiple instances where I almost committed:

API keys in environment files
Hardcoded OAuth credentials
Database connection strings

code-quality-analyzer.kiro.hook

Suggested refactoring our platform adapters to use the Strategy pattern, making it trivial to add new platforms (Discord, Teams, etc.).

docs-sync-on-change.kiro.hook

Automatically updated README and API docs when I modified endpoints.

Impact: Continuous feedback without interrupting flow. Issues caught immediately, not during code review.

4. MCP: Real-Time Documentation Access

I configured two MCP servers in my Kiro settings:

{
  "mcpServers": {
    "context7": {
      "command": "npx",
      "args": ["-y", "@upstash/context7-mcp"],
      "disabled": false
    },
    "docs-langchain": {
      "url": "https://docs.langchain.com/mcp",
      "disabled": false,
      "autoApprove": ["SearchDocsByLangChain"]
    }
  }
}

Why this matters: LangGraph and LangChain are rapidly evolving. Kiro's training data might not include the latest features.

With MCP, when I asked:

"How do I implement human-in-the-loop with LangGraph?"

Kiro queried the official docs and gave me the exact, current implementation pattern using LangGraph's interrupt mechanism.

Without MCP: Outdated patterns, manual doc searching, trial and error.
With MCP: Expert-level knowledge of the latest APIs, first-time-right implementations.

5. Vibe Coding: Rapid Prototyping

For exploratory work, I used natural language prompts:

"Build a LangGraph deep agent that generates smart replies using user persona memory"

Kiro generated the entire deep_agent.py module with:

Planning middleware for breaking down reply generation
LangGraph Store integration for persona memory
Interrupt mechanism for human approval
Proper error handling and fallback logic

Most impressive generation: The AI pipeline. I described:

"Analyze messages in parallel for summary, intent, priority, tasks, and spam detection"

Kiro created a complete LangChain-based pipeline with:

Async handling for parallel processing
Retry logic with exponential backoff
Qdrant vector storage integration
Fallback mechanisms for AI failures

All in one go. Production-ready.

The Kiro Workflow

My typical development cycle:

1. Define in Spec
   ↓
2. Ask Kiro: "Implement task X"
   ↓
3. Kiro Generates (references spec + steering + existing code)
   ↓
4. Hooks Validate (security, quality, docs)
   ↓
5. Property Tests Run (100+ iterations)
   ↓
6. Iterate based on feedback

This workflow let me build 10,000+ lines of production-ready code in a fraction of the time traditional development would take.

Property-Based Testing: The Secret Weapon

Kiro helped me implement property-based testing with Hypothesis—something I'd never used before.

Instead of writing:

def test_normalize_gmail_message():
    message = create_test_gmail_message()
    normalized = normalize_message(message)
    assert normalized.platform == "gmail"

I wrote:

# Feature: champa-unified-inbox, Property 12: All messages are normalized
@given(message=message_strategy())
def test_message_normalization(message):
    normalized = normalize_message(message)
    assert normalized.platform in ["gmail", "slack", "calendar"]
    assert normalized.sender is not None
    assert normalized.content is not None
    assert normalized.timestamp is not None

This runs 100+ iterations with randomly generated data, catching edge cases I never would have thought of:

Empty sender fields
Malformed timestamps
Missing metadata
Unicode edge cases

Kiro understood the property definitions in my spec and translated them into executable tests.

Key Features of Champa

1. Unified Message Feed

All your communications in one place with AI-generated summaries, priority scores, and platform indicators.

2. Smart Reply Generation

# The AI learns your writing style
persona = retrieve_user_persona(user_id)
thread = fetch_thread_context(message_id)
draft = generate_reply(thread, persona)
# Human approval required before sending
await interrupt_for_approval(draft)

3. Actionable Item Extraction

AI automatically identifies:

Tasks ("Can you review the PR?")
Deadlines ("Need this by Friday")
Meeting requests ("Let's sync tomorrow at 2pm")

4. Semantic Search

# Find similar messages
query_embedding = generate_embedding(query)
similar = qdrant.search(query_embedding, limit=10)

5. Chat Assistant

Natural language queries:

"Show me urgent emails from this week"
"What meetings do I have tomorrow?"
"Find messages about the project deadline"

Architecture Highlights

Dual Database Strategy

PostgreSQL: Structured data (messages, users, analysis)
Qdrant: Vector embeddings for semantic search

This combination enables both traditional queries and semantic search capabilities.

Interface-Based Platform Integration

class PlatformInterface(ABC):
    @abstractmethod
    def fetch_messages(user_id: str) -> List[Message]:
        pass

    @abstractmethod
    def send_message(user_id: str, message: Message) -> Result:
        pass

Adding a new platform? Just implement the interface. No changes to core logic.

LangGraph Deep Agents

The smart reply system uses LangGraph's deep agents with planning middleware to break down reply generation into steps, retrieve user persona data, and generate context-aware responses.

Results

10,000+ lines of code generated with Kiro
59 correctness properties verified through property-based testing
3 automated hooks providing continuous quality checks
Zero hardcoded credentials committed (thanks to security hook)
100% RetroUI compliance (thanks to steering docs)

What I Learned

Spec-driven development > vibe coding alone: Specs provide formal correctness guarantees. Vibe coding is great for prototyping, but specs ensure production quality.
Steering docs are essential: Without them, you'll spend hours fixing consistency violations. With them, code is right the first time.
Agent hooks catch issues early: Security vulnerabilities, code smells, and documentation drift—all caught automatically.
MCP is a game-changer: Real-time access to current documentation means no more outdated patterns or manual doc searching.
Property-based testing finds edge cases: Traditional unit tests would have missed dozens of bugs that Hypothesis caught.

What's Next for Champa

More platforms: Microsoft Teams, Discord, WhatsApp Business
Mobile apps: Native iOS and Android
Voice interface: "Hey Champa, summarize my unread emails"
Team features: Shared inboxes for customer support
Custom AI models: Fine-tuned for specific industries

Final Thoughts

Building Champa with Kiro was eye-opening. The combination of spec-driven development, steering docs, agent hooks, and MCP integration created a development workflow that felt less like coding and more like architecting.

It's not just about code generation—it's about maintaining architectural consistency, ensuring correctness through formal properties, and automating quality checks. Kiro helped me build a production-ready system with 10,000+ lines of code while maintaining quality and consistency throughout.

If you're building complex applications, especially with AI components, the spec-driven approach with Kiro is worth exploring.

Music Moodboard Assistant ( Auth0 AI + Spotify )

Akash Birajdar — Thu, 23 Oct 2025 18:58:46 +0000

This is a submission for the Auth0 for AI Agents Challenge

Music Moodboard Assistant 🎧

An Auth0-secured Agentic AI that turns your mood into music

What I Built

Music Moodboard Assistant is an agentic AI application that blends emotion recognition, music recommendation, and secure authentication to personalize Spotify experiences.

The idea came from a simple, everyday frustration — when you feel sleepy, energetic, or unfocused, Spotify doesn’t understand that feeling directly. You must search, scroll, and tweak to find what fits your mood.

Music Moodboard Assistant changes that.
You can simply say things like:

“I’m sleepy and need something relaxing.”
“Play me something upbeat to wake me up.”

Behind the scenes, the agent:

Authenticates you via Auth0, ensuring all actions happen under your Spotify account securely.
Analyzes your intent using an AI model hosted via OpenRouter.
Uses Spotify APIs through Auth0’s Token Vault, without ever exposing tokens to the AI agent itself.
Generates playlists or recommends songs that match your described mood, using audio features such as tempo, energy, and valence.
Fetches context from a secure RAG (Retrieval-Augmented Generation) system, with fine-grained Auth0-based authorization that ensures the agent only accesses allowed information.

In short, it’s a mood-to-music finder that demonstrates how Auth0 for AI Agents can secure autonomous systems interacting with third-party APIs.

Demo

Live demo: https://music-moodboard.vercel.app
Repository: https://github.com/Akashdb5/music-moodboard
Screenshots or video:

How I Used Auth0 for AI Agents

This project is built around Auth0 for AI Agents, implementing its three foundational pillars:

1. Authenticate the User

Every interaction starts with secure authentication via Auth0.
The API endpoint (app/api/chat/route.ts) requires a valid Auth0 session before the agent can act.

const session = await auth0.getSession();
if (!session) return new Response("Unauthorized", { status: 401 });

This ensures that every chat request, playlist creation, or Spotify query is tied to a verified user identity.
Each session is isolated using:

setAIContext({ threadID: session.user?.sub });

That way, the AI keeps conversation and personalization scoped to the right user.

2. Control the Tools (Token Vault Integration)

Once authenticated, the agent gains controlled access to the Spotify API using Auth0’s Token Vault.

The Token Vault ensures that:

The agent never handles sensitive credentials directly.
Tokens are issued per scope and per user, based on Auth0’s configured connection.
Tokens can be revoked or re-scoped at any time, enhancing control and compliance.

Example (from lib/auth0-ai.ts):

const spotifyAI = auth0AI.withTokenVault({
  connection: "spotify",
  scopes: spotifyScopes,
});

The Token Vault connection uses a least privilege approach — defined in lib/spotify-config.ts — allowing only the actions the app truly needs:

Playlist creation and modification
Track search and recommendation
Playback control
Top tracks, recently played, and library access

Before performing any action that changes user data (like creating a playlist or uploading an image), the AI must get explicit approval through Auth0 Interrupts:

const withSpotifyPlaylistConfirmation = auth0AI.withUserConfirmation({
  message: "Do you want the assistant to create this playlist in your Spotify account?"
});

This human-in-the-loop design ensures trust and transparency between the user and the AI agent.

3. Limit Knowledge (Authorized RAG)

In addition to Spotify actions, the project integrates a Retrieval-Augmented Generation (RAG) system that stores and retrieves documents (for example, internal configuration or mood-to-music mapping guides).

Auth0’s fine-grained authorization (FGA) ensures that even within the RAG system, users only access data they’re permitted to view.

The pipeline:

Documents are chunked and embedded with OpenAI’s embedding models (text-embedding-3-small).
When a query arrives, the vector store performs a similarity search.
Auth0’s FGAFilter filters out any restricted results before the AI can use them.
The final answer is generated only from allowed context snippets.

From lib/rag/authorized-rag.ts:

const filter = new FGAFilter(auth0, { modelId: "knowledge-docs" });
const { allowed, filtered } = await filter.filterResults(results, session);

This prevents unauthorized data leakage during generation — a critical feature when AI systems have dynamic access to stored knowledge.

Lessons Learned and Takeaways

Technical Insights

Auth0’s Token Vault is transformative for AI agents.
It eliminates the need to store or manage refresh tokens manually, letting you control API access through Auth0 configuration alone.
Fine-grained authorization for RAG pipelines is essential.
It ensures sensitive or internal knowledge bases can be shared securely between different users or organizations.
Tool schemas matter.
By defining strong Zod schemas for tool inputs/outputs (lib/tools/spotify.ts), the agent produces more reliable, interpretable calls.
Interrupts make agent actions safer.
The withSpotifyPlaylistConfirmation wrapper provides a natural way to ask for permission before performing actions that affect user data.
Thread isolation improves user experience.
Using threadID = session.user.sub ensures persistent, secure, user-scoped interactions.

Personal Reflections

The Music Moodboard Assistant was born from the idea that music should meet you where you are emotionally.
When I’m sleepy, I don’t want to hunt for “lofi sleep” playlists — I just want to say “I’m sleepy” and let the assistant take over.

When I first saw it create a custom playlist with low-energy, high-acousticness songs and ask,

“Would you like me to add vocals or keep it instrumental?”
I realized how natural the interaction felt — and how much more human music discovery could be.

This project showed me that secure autonomy isn’t just about tokens and permissions — it’s about building AI systems that users trust enough to act on their behalf.