Feature/mcp governance#2510
Open
ashishrp-aws wants to merge 303 commits into
Open
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## feature/mcp-governance-dev #2510 +/- ##
==============================================================
- Coverage 60.79% 59.81% -0.99%
==============================================================
Files 280 281 +1
Lines 65558 71134 +5576
Branches 4204 4513 +309
==============================================================
+ Hits 39858 42550 +2692
- Misses 25616 28496 +2880
- Partials 84 88 +4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
…ation (#2555) * feat: add alphabetical sorting for MCP registry servers and improve URL validation * fix: fix for failing unit test
* feat: update SMAI clients to use SM_AI_STUDIO_IDE origin * fix: apply prettier formatting to utils.ts * fix: formatting issues * test: add tests for full coverage * ci: trigger CI rerun
…2562) * fix: prevent MCP server process duplicates with lightweight tracking * fix: reduce excessive logging in MCP process deduplication * fix: separate connection try-catch from process tracking
…es (#2564) This reverts the web search functionality from commit 09c4769 while preserving the streaming client packages that contain updated Origin type definitions needed by existing code. Preserved files: - core/codewhisperer-streaming/amzn-codewhisperer-streaming-1.0.0.tgz - core/q-developer-streaming-client/amzn-amazon-q-developer-streaming-client-1.0.0.tgz - package-lock.json - server/aws-lsp-codewhisperer/package.json
* fix: remove s3 artifact upload and download timeout * fix: update unit tests for s3 timeout removal * fix: remove comment --------- Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
* chore(release): release packages from branch main * chore: update package-lock.json from npm install (#2565) --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
…nges on windows machine (#2568) * fix: network connection error caused by server runtime dependency changes for windows users * chore: update package-lock
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Shruti Sinha <44882001+shruti0085@users.noreply.github.com>
) * feat(integ): rewrite ATX integ tests for new chatty-agent handler Replaces the legacy DOTNET_IDE integ test flow with the new orchestrator agent (chatty-agent) flow, matching the VS Toolkit IDE behavior. Test changes: - Use TCP socket transport with Buffer-based JSON-RPC parsing to correctly handle Content-Length (bytes) vs string length (characters) for UTF-8 - Add sendMessage trigger after startTransform with 30s delay - Handle local-build-verification HITL with fake build result - Send "Mark this job as complete" chat message to reach COMPLETED - Poll without SolutionRootPath to avoid fetchWorklogs log flooding Handler improvements: - Add 30s request timeout to FES client via NodeHttpHandler - Add 30s timeout to all got.get() S3 download calls in handler and utils Tests validate: ListWorkspaces, CreateWorkspace, CreateJob, CreateArtifactUploadUrl, CompleteArtifactUpload, StartJob, SendMessage, GetJob, ListJobPlanSteps, ListHitlTasks, SubmitCriticalHitlTask, StopJob * style: format integ test files with prettier * fix: address PR review comments - Clean up orphan process/server on connection timeout (lspClient.ts) - Use import instead of require for NodeHttpHandler - Use consistent expect().to.be.oneOf() pattern --------- Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
* feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs --------- Co-authored-by: pranavfi <pranavfi@amazon.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: bump agentic version: 1.70.0 * feat: renaming toolkit title (#2762) Co-authored-by: pranavfi <pranavfi@amazon.com> --------- Co-authored-by: aws-toolkit-automation <> Co-authored-by: Pranav Firake <pranav.firake7@gmail.com> Co-authored-by: pranavfi <pranavfi@amazon.com>
* docs(chat-client): document per-host postMessage origin behavior Expand the handleInboundMessage JSDoc to describe how event.origin differs across IDE host environments -- notably Eclipse on Windows (Edge WebView2), which delivers an opaque empty/null origin for browser.setText()-injected HTML. Add a CONTRIBUTING section requiring chat-client message-handling and origin-validation changes to be reviewed against every supported host environment, not just same-origin hosts. * docs(chat-client): add host environment summary to README Add a concise table of how each IDE host embeds the chat webview (rendering engine, asset scheme, resulting origin, and message-delivery bridge) and note that inbound message-handling and origin-validation changes must be validated against every host environment.
…etTransform) (#2765) * fix(amazonq): preserve customer edits on checkpoint apply (DealerFx netTransform) applyChanges() in the netTransform language server laid every backend checkpoint diff onto the customer's solution with an unconditional fs.copyFileSync, with no check for files the customer had edited locally since the last apply. A later sync therefore silently overwrote manual fixes to an already-transformed project — the DealerFx data-loss report (8h of NuGet fixes clobbered by a retry). The watermark needed to detect this already existed (getModifiedFilesSince- Checkpoint, mtime > manifest.lastAppliedTimestamp) but was only consulted on the UPLINK (updateWorkspace); the DOWNLINK (applyChanges) never looked at it. Fix: - applyChanges takes the jobId (optional, defaults to '' for back-compat) and computes the customer-modified set once up front. A single guard (shouldPreserveUserFile) runs before each write in all three loops (filesAdded / filesUpdated / filesMoved): if the destination exists, was edited by the customer since the last apply, and differs from the incoming bytes, the customer's file is preserved (write — and, for a move, the unlink — is skipped), backed up under {jobId}/checkpoints/conflict-backups/, and recorded in the new conflictedFiles return field. The transform's version remains in the checkpoint after/ dir, so neither side is lost. - A byte-equal short-circuit (filesEqual) treats the agent's own identical re-emits as no-ops, so the per-job watermark never flags them as conflicts. - The interactive downlink (downloadCompletedStepArtifacts) now calls saveLastAppliedTimestamp like the diff-artifact path already did; without it the watermark was absent there and the guard would be a no-op on the exact path DealerFx lost edits on. Out of scope (deliberate): filesRemoved is left unguarded — deleting a customer-edited file the transform intends to remove is a product/semantic question, not a clobber. A true 3-way merge is infeasible client-side (no before/ baseline ships in the checkpoint); first-apply on a virgin manifest is unprotected by necessity. Tests: 6 new cases in the existing applyChanges suite. 22/22 applyChanges tests pass; compile clean. * fix(amazonq): prevent duplicate applyChanges bypassing user-edit protection downloadCompletedStepArtifacts loaded appliedSteps once before the loop. When the diff-artifact path (downloadDiffArtifact) already applied the same step earlier in the same getTransformInfo call, the stale snapshot missed it — causing a redundant second applyChanges that ran after the watermark was re-stamped, seeing 0 modified files and silently overwriting the customer's edits. Move loadAppliedCheckpoints inside the loop so each iteration reads fresh state from disk. * feat(amazonq): guard filesRemoved and filesMoved source against customer edits Extend the user-edit preservation to two previously unguarded paths: - filesRemoved: if the customer edited a file since the last apply and the transform wants to delete it, preserve the file on disk, back it up to conflict-backups/, and record the conflict. - filesMoved (source): if the customer edited the move source, skip the entire move (no copy to target, no unlink of source), back up the source to conflict-backups/, and record the conflict. The existing move-target guard remains unchanged. Tests: 3 new cases (move source preserved, remove preserved, remove proceeds when untouched). 38/38 applyChanges tests pass. * style: format atxTransformHandler.ts with prettier --------- Co-authored-by: Jiayu Wang <wwangjy@amazon.com>
* feat(amazonq): make updateWorkspace self-resolve the correct review HITL server-side When the client sends a stale or wrong stepId, the LSP now falls back to resolving the real pending review step from the plan tree, and if that misses (race where step already flipped to IN_PROGRESS), scans all active HITLs for one with a -review tag. This makes the client stepId advisory rather than load-bearing. * fix(amazonq): reset watermark after uplink so retry checkpoint applies cleanly After a successful updateWorkspace (customer edits uploaded to the agent), reset the lastAppliedTimestamp watermark. This ensures the incoming retry checkpoint isn't treated as a conflict — the customer explicitly asked to retry, so they expect the agent's output on disk. Also adds a second fallback to the C2-a step resolution: when the plan-based resolution misses (step already flipped to IN_PROGRESS on retry), scan all active HITLs for one with a -review tag. This covers the race where the review HITL is still alive but the step status has already transitioned. * fix(amazonq): detect edits in not-yet-transformed projects for uplink In a multi-project solution (A, B, C), if the customer edits Project B while Project A is transforming, those edits have mtime < lastApplied- Timestamp (set when A's checkpoint applied). The uplink missed them. Fix: updateWorkspace now uses the job-start time (createdAt) as the baseline for modified-file detection instead of lastAppliedTimestamp. This catches all edits made since the transform began, regardless of which project's checkpoint set the watermark. The conflict detection in applyChanges still uses lastAppliedTimestamp (correct for that purpose).
hasApproval() previously matched a stored approval when EITHER the config fingerprint OR the workspace hash matched (logical OR). This allowed an approval granted in one workspace to be silently reused in a different workspace that shipped an identical MCP server config, and allowed a previously-trusted workspace to mutate its config without re-prompting. Because MCP servers are spawned with cwd set to the requesting workspace, reusing consent across workspaces executes attacker-controlled files with the developer's privileges and no consent prompt (zero-prompt RCE). Require all three of (serverName, fingerprint, workspaceHash) to match so consent is bound to a specific workspace AND a specific config. The store already records workspaceHash per approval, so no data migration is needed: - cross-workspace reuse: blocked (workspaceHash differs) - config mutation in same workspace: blocked (fingerprint differs) Also scope removeApproval() to (serverName, workspaceHash) using its previously-unused configPath argument, so removing a server in one workspace no longer revokes consent for an identically-named server elsewhere. Rewrites the two unit tests that previously asserted the insecure reuse behavior and adds regression tests for per-workspace consent isolation and per-workspace revocation. Hardens against CVE-2026-12957.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
…isServer (#2772) The QCodeAnalysisServer creates its own CodeWhispererServiceToken for the code review tool, but it was passing `undefined` for userContext and omitting the customUserAgent parameter entirely. This meant the SDK client created for code review (CreateUploadUrl, StartCodeAnalysis, etc.) had no IDE identifier in its user-agent header. The server-side Kiro Enterprise subscription handler validates the user-agent against an allowlist of known IDE clients. Without the IDE identifier, the check fails with AccessDeniedException. Fix: Pass getUserAgent() and makeUserContextObject() to the CodeWhispererServiceToken constructor, matching the pattern used by AmazonQTokenServiceManager.serviceFactory(). This affects all IDE plugins (VSCode, JetBrains, Eclipse, Visual Studio) using the agentic code review tool with Kiro Enterprise subscriptions. Fixes: P436405137
Bumping up language server runtime package versions: - @aws/chat-client-ui-types: 0.1.68 → 0.1.71 - @aws/language-server-runtimes: 0.3.18 → 0.3.19 - @aws/language-server-runtimes-types: 0.1.64 → 0.1.65 Updated in chat-client and server/aws-lsp-codewhisperer. Regenerated the corresponding package-lock.json entries.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Solution
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.