Merge main into feature/upgrade-modified-files-ux#2514
Open
aws-toolkit-automation wants to merge 160 commits into
Open
Merge main into feature/upgrade-modified-files-ux#2514aws-toolkit-automation wants to merge 160 commits into
aws-toolkit-automation wants to merge 160 commits into
Conversation
* feat: add MCP registry service and validator for governance (#2433) * feat: add MCP registry service and validator for governance * fix: fix for unit tests * fix: fix for using httpUtils with proxy agent * feat: add MCP registry validation and server config conversion (#2440) * feat: add MCP registry validation and server config conversion * fix: fix for mcpManager failures * feat: implement MCP registry service with validation, error handling, and synchronization (#2443) * feat(amazonq): add MCP registry sync, enterprise validation. (#2450) * feat(amazonq): add MCP registry sync, enterprise validation, ACG support, version caching * fix: fix for test failures * fix: removed Agentcore check * feat: add OCI registry support, improve MCP initialization flow (#2465) * feat: add OCI registry support, improve MCP initialization flow, and enhance registry validation * fix: fix for failing tests * fix: fix to make registryActive non-optional * fix(amazonq): separate server discovery from init (#2480) * fix(amazonq): separate server discovery from init and improve error handling * fix: update package-lock.json * fix: fix for delete, save and cancel buttons for registry mcps * fix: fix to add addiotnal header and variables to registry mcps * fix: fix for failing registryUrl tests * fix: move OCI environment variables to config.env and correct mcpRegistryUrl property name (#2486) * fix: fix for arguments for local docker mcp servers (#2489) * fix: fix for env variables for local docker mcp servers * fix: imporve readability for oci check * feat: add Docker env var support and enable timeout config for MCP (#2494) * feat: add Docker env var support and enable timeout config for MCP registry servers * fix: fix for unit tests * fix: fix for compilation failure * fix(amazonq): fix for server refresh * fix: fix for server refresh * fix: fix for server init * fix: fix to add the mcp command in logs (#2499) * fix: fix to add the mcp command in logs * fix: fix to add stderr logs * fix: fix to provide error messages for removed errors from registry (#2511) * fix: fix upgarde the lsp version to 1.47.0 * fix: fix to provide server error messages for removed errors * revert: revert package-lock.json changes * Revert "fix: fix upgarde the lsp version to 1.47.0" This reverts commit 4086962. * revert: revert for check interval * fix: fix for failing unit tests --------- Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com> Co-authored-by: Richard Li <742829+rli@users.noreply.github.com>
* chore(release): release packages from branch main * fix: fix for dependency failures * fix: fix for install failures --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Ashish Reddy Podduturi <ashishrp@amazon.com>
Co-authored-by: aws-toolkit-automation <>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
* Atx riv final (#2520) * feat: add atx fes integration for transform profiles * feat: implement Transform profile discovery via ATX FES with cache clearing * fix: remove unsupported eu-central-1 region from ATX FES endpoints * feat: add separate flow for RTS and ATX listavailableprofile api * fix: remove profile handling from atxnettransformserver * feat: separating qdev and aws transform * fix: fixing unit tests * fix: adding tests * fix: updating as per langugae server runtime updates * feat: add starttranform and workspace * feat: added getTransformInfo and its support methods * fix: with new runtimes * feat: add stopjob support * merged stopjob and added upload plan * chore: force use of new runtimes * fix: completed getting plan, worklogs, and final artifact * chore: deleting unused RPC messages * feat: added list worklogs before planning * fix: remove unused methods --------- Co-authored-by: Pranav Firake <pranavfi@amazon.com> Co-authored-by: pranav firake <pranav.firake7@gmail.com> Co-authored-by: Jordan Miao <gzmiao@amazon.com> * fix: adding atxcredentials details * fix: updating plan for completed status * fix: separating aws atx and q credentials storage * fix: changed customer_output to customer_input * fix: added new atx-fes-client models to allow CUSTOMER_INPUT types * fix: multiple accounts token auth * fix: auto-sync transform profiles using TransformConfigurationServer and prevent us-east-1 defaults * fix: set default fallback transform request from net 8 to net 10 * fix: changed back q flow to net 8, added target framework to create job requests * fix: updates aws-server-runtimes to 0.3.8 and added Syd endpoint to constants * fix: maintaining backwards compatibility * fix: fixing failing test * fix: fixing tests * fix: get endpoints by stage * fix: regex for appUrl not handling gamma stage and return default region * fix: fix for initInstance and moved init of atx servers to be after base server is initialized * fix: fixing tests * fix: fixing tests * fix: fixing tests * chore: bumping lsp version to 0.3.8 * chore: revert naming from Q back to codewhisperer * chore: deleting stale function * chore: updating folder * fix: changed transformserver to log caught errors instead of throwing * chore: reverting changes and adding todo * fix: tests with changes * fix: tests with changes * chore: removing debug logs --------- Co-authored-by: Pranav Firake <pranavfi@amazon.com> Co-authored-by: pranav firake <pranav.firake7@gmail.com> Co-authored-by: Jordan Miao <gzmiao@amazon.com> Co-authored-by: Sherry Lu <75588211+XiaoxuanLu@users.noreply.github.com> Co-authored-by: Chris Long <longachr@amazon.com>
* chore(release): release packages from branch main * fix(release): update package-lock.json * fix(release): manually update versions in packages --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Manodnya Bhoite <manodnyb@amazon.com>
Co-authored-by: aws-toolkit-automation <>
Co-authored-by: Pranav Firake <pranavfi@amazon.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
* feat: use dynamic token limits from listAvailableModels API * fix: dependency issues * refactor: encapsulate model ID and token limits in session
* fix: corrected plan upload extension type * fix: updated plan path for failed validation and fixed profile update bugs
* refactor: removed unreferenced code and refactored log messages * refactor: removed test for unused methods * fix: reverted error string messaging
…tests (#2547) * refactor: moved common utility functions to a single file for transform handlers * refactor: addressed comments * fix: fixed uncaught error problem with worklogs * fix: format changes
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: chungjac <chungjac@amazon.com>
Co-authored-by: aws-toolkit-automation <>
## Problem transitive dependency `ansi-regex@2.1.1` was introduced with #654 associated CVE link https://nvd.nist.gov/vuln/detail/CVE-2021-3807 ``` (base) ➜ runtimes git:(main) npm ls registry-js @amzn/monorepo-language-server-runtimes@1.0.0 /Volumes/workplace/ide/language-server-runtimes └─┬ @aws/language-server-runtimes@0.3.9 -> ./runtimes └── registry-js@1.16.1 (base) ➜ runtimes git:(main) npm ls ansi-regex @amzn/monorepo-language-server-runtimes@1.0.0 /Volumes/workplace/ide/language-server-runtimes └─┬ @aws/language-server-runtimes@0.3.9 -> ./runtimes ├─┬ copyfiles@2.4.1 │ └─┬ yargs@16.2.0 │ └─┬ cliui@7.0.4 │ └─┬ strip-ansi@6.0.1 │ └── ansi-regex@5.0.1 └─┬ registry-js@1.16.1 └─┬ prebuild-install@5.3.6 └─┬ npmlog@4.1.2 └─┬ gauge@2.7.4 └─┬ strip-ansi@3.0.1 └── ansi-regex@2.1.1 ``` ## Solution use `winreg` Microsoft winreg example https://github.com/microsoft/azure-pipelines-tasks-common-packages/blob/680f186a1e10568b1493503c81d403220a2eeb22/common-npm-packages/webdeployment-common/msdeployutility.ts#L311-L320 ## npm ls ``` (base) ➜ runtimes git:(security-v2) npm ls registry-js @amzn/monorepo-language-server-runtimes@1.0.0 /Volumes/workplace/ide/language-server-runtimes └── (empty) ``` ``` (base) ➜ runtimes git:(security-v2) npm ls ansi-regex @amzn/monorepo-language-server-runtimes@1.0.0 /Volumes/workplace/ide/language-server-runtimes └─┬ @aws/language-server-runtimes@0.3.9 -> ./runtimes └─┬ copyfiles@2.4.1 └─┬ yargs@16.2.0 └─┬ cliui@7.0.4 └─┬ strip-ansi@6.0.1 └── ansi-regex@5.0.1 ```
* fix: fix for mcp servers refresh * fix: fix for failing unit tests
* feat: add websearch tool (#2540) * feat: add webfetch tool (#2542) * feat: add webfetch tool * fix: typo * fix: remove snippets from web search (#2543) * fix: filter out invalid urls (#2546) --------- Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com>
…ation (#2555) * feat: add alphabetical sorting for MCP registry servers and improve URL validation * fix: fix for failing unit test
* feat: update SMAI clients to use SM_AI_STUDIO_IDE origin * fix: apply prettier formatting to utils.ts * fix: formatting issues * test: add tests for full coverage * ci: trigger CI rerun
…wser (#2740) * fix: allow empty/null origin in postMessage check for Eclipse SWT Browser (#2736) * fix: allow empty/null origin in postMessage check for Eclipse SWT Browser Eclipse's SWT Browser widget loads the chat UI via file:// protocol, causing postMessage events to arrive with an empty string or "null" origin. The strict same-origin check added in 0dabdea rejected these messages, silently breaking chat in Eclipse — the backend returns a valid response but it never reaches the UI. Allow empty-string and "null" origins (which are what file:// and sandboxed opaque-origin contexts report) while still blocking real cross-origin attacks from HTTP(S) pages. Fixes aws/amazon-q-eclipse#555 Ref: P437110601 * fix: flip origin check to block-known-bad (only reject HTTP(S) cross-origin) Instead of allowlisting specific origins, only reject messages from real HTTP(S) cross-origin pages. This handles Eclipse (and any future non-HTTP host) without needing to know their exact origin value. The check now passes through messages with empty, "null", file://, or any non-HTTP origin — only blocking actual cross-origin HTTP(S) attacks. * test(chat-client): avoid leaking mynah-ui state from origin-check tests (#2741) The new origin-check tests dispatched real SEND_TO_PROMPT messages, which exercised mynah-ui DOM code (addToUserPrompt) on the shared global JSDOM. On slow CI runners this accumulated state pushed an unrelated mynah-ui test ('should create a new tab if current tab is loading') over its 10s timeout. Switch to an unknown command and assert via the rejection warn() spy so the origin-check logic still runs without touching mynah-ui. --------- Co-authored-by: Boyu <bywang@amazon.com>
…2746) The 'should create a new tab if current tab is loading' test in mynahUi.test.ts intermittently exceeds its 10s timeout on CI runners. The sibling test already takes ~8.5s, so 10s leaves no margin. Increase timeout to 30s to prevent flaky failures.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
…2742) Replace string-only path.resolve with fs.promises.realpath in requiresPathAcceptance, with an ENOENT fallback to realpath the parent directory plus basename for paths that don't exist yet (e.g., when the agent is creating a new file). This ensures workspace-boundary checks operate on the canonical resolved path rather than the literal input, so paths whose targets resolve outside the workspace are evaluated correctly. Adds a regression test exercising symlink resolution against the real filesystem.
Co-authored-by: aws-toolkit-automation <>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: XiaoChen-amz <xxchen@amazon.com>
* feat: adding worklogs and chat pagination support * feat: adding unit tests for worklogs dedup cache and loadOlderWorklogs * feat: add routing test for loadOlderWorklogs command * fix: adding pagination to worklogs and chat * fix: review findings --------- Co-authored-by: pranavfi <pranavfi@amazon.com>
Co-authored-by: aws-toolkit-automation <>
* fix: surface lbv and checkpoint hitls regardless of job status mirrors the executing-branch behavior in the non-executing branch so the ide picks up pending hitls when the job reports planning or other non-executing statuses. pre-job mode-selection checkpoint stays filtered. * test: add coverage for non-EXECUTING HITL surfacing branches * refactor: extract isPreLbvCheckpoint guard for catch-all surfacer
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
) * feat(integ): rewrite ATX integ tests for new chatty-agent handler Replaces the legacy DOTNET_IDE integ test flow with the new orchestrator agent (chatty-agent) flow, matching the VS Toolkit IDE behavior. Test changes: - Use TCP socket transport with Buffer-based JSON-RPC parsing to correctly handle Content-Length (bytes) vs string length (characters) for UTF-8 - Add sendMessage trigger after startTransform with 30s delay - Handle local-build-verification HITL with fake build result - Send "Mark this job as complete" chat message to reach COMPLETED - Poll without SolutionRootPath to avoid fetchWorklogs log flooding Handler improvements: - Add 30s request timeout to FES client via NodeHttpHandler - Add 30s timeout to all got.get() S3 download calls in handler and utils Tests validate: ListWorkspaces, CreateWorkspace, CreateJob, CreateArtifactUploadUrl, CompleteArtifactUpload, StartJob, SendMessage, GetJob, ListJobPlanSteps, ListHitlTasks, SubmitCriticalHitlTask, StopJob * style: format integ test files with prettier * fix: address PR review comments - Clean up orphan process/server on connection timeout (lspClient.ts) - Use import instead of require for NodeHttpHandler - Use consistent expect().to.be.oneOf() pattern --------- Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
* feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs * feat: rejecting v1 agent jobs --------- Co-authored-by: pranavfi <pranavfi@amazon.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: bump agentic version: 1.70.0 * feat: renaming toolkit title (#2762) Co-authored-by: pranavfi <pranavfi@amazon.com> --------- Co-authored-by: aws-toolkit-automation <> Co-authored-by: Pranav Firake <pranav.firake7@gmail.com> Co-authored-by: pranavfi <pranavfi@amazon.com>
* docs(chat-client): document per-host postMessage origin behavior Expand the handleInboundMessage JSDoc to describe how event.origin differs across IDE host environments -- notably Eclipse on Windows (Edge WebView2), which delivers an opaque empty/null origin for browser.setText()-injected HTML. Add a CONTRIBUTING section requiring chat-client message-handling and origin-validation changes to be reviewed against every supported host environment, not just same-origin hosts. * docs(chat-client): add host environment summary to README Add a concise table of how each IDE host embeds the chat webview (rendering engine, asset scheme, resulting origin, and message-delivery bridge) and note that inbound message-handling and origin-validation changes must be validated against every host environment.
…etTransform) (#2765) * fix(amazonq): preserve customer edits on checkpoint apply (DealerFx netTransform) applyChanges() in the netTransform language server laid every backend checkpoint diff onto the customer's solution with an unconditional fs.copyFileSync, with no check for files the customer had edited locally since the last apply. A later sync therefore silently overwrote manual fixes to an already-transformed project — the DealerFx data-loss report (8h of NuGet fixes clobbered by a retry). The watermark needed to detect this already existed (getModifiedFilesSince- Checkpoint, mtime > manifest.lastAppliedTimestamp) but was only consulted on the UPLINK (updateWorkspace); the DOWNLINK (applyChanges) never looked at it. Fix: - applyChanges takes the jobId (optional, defaults to '' for back-compat) and computes the customer-modified set once up front. A single guard (shouldPreserveUserFile) runs before each write in all three loops (filesAdded / filesUpdated / filesMoved): if the destination exists, was edited by the customer since the last apply, and differs from the incoming bytes, the customer's file is preserved (write — and, for a move, the unlink — is skipped), backed up under {jobId}/checkpoints/conflict-backups/, and recorded in the new conflictedFiles return field. The transform's version remains in the checkpoint after/ dir, so neither side is lost. - A byte-equal short-circuit (filesEqual) treats the agent's own identical re-emits as no-ops, so the per-job watermark never flags them as conflicts. - The interactive downlink (downloadCompletedStepArtifacts) now calls saveLastAppliedTimestamp like the diff-artifact path already did; without it the watermark was absent there and the guard would be a no-op on the exact path DealerFx lost edits on. Out of scope (deliberate): filesRemoved is left unguarded — deleting a customer-edited file the transform intends to remove is a product/semantic question, not a clobber. A true 3-way merge is infeasible client-side (no before/ baseline ships in the checkpoint); first-apply on a virgin manifest is unprotected by necessity. Tests: 6 new cases in the existing applyChanges suite. 22/22 applyChanges tests pass; compile clean. * fix(amazonq): prevent duplicate applyChanges bypassing user-edit protection downloadCompletedStepArtifacts loaded appliedSteps once before the loop. When the diff-artifact path (downloadDiffArtifact) already applied the same step earlier in the same getTransformInfo call, the stale snapshot missed it — causing a redundant second applyChanges that ran after the watermark was re-stamped, seeing 0 modified files and silently overwriting the customer's edits. Move loadAppliedCheckpoints inside the loop so each iteration reads fresh state from disk. * feat(amazonq): guard filesRemoved and filesMoved source against customer edits Extend the user-edit preservation to two previously unguarded paths: - filesRemoved: if the customer edited a file since the last apply and the transform wants to delete it, preserve the file on disk, back it up to conflict-backups/, and record the conflict. - filesMoved (source): if the customer edited the move source, skip the entire move (no copy to target, no unlink of source), back up the source to conflict-backups/, and record the conflict. The existing move-target guard remains unchanged. Tests: 3 new cases (move source preserved, remove preserved, remove proceeds when untouched). 38/38 applyChanges tests pass. * style: format atxTransformHandler.ts with prettier --------- Co-authored-by: Jiayu Wang <wwangjy@amazon.com>
* feat(amazonq): make updateWorkspace self-resolve the correct review HITL server-side When the client sends a stale or wrong stepId, the LSP now falls back to resolving the real pending review step from the plan tree, and if that misses (race where step already flipped to IN_PROGRESS), scans all active HITLs for one with a -review tag. This makes the client stepId advisory rather than load-bearing. * fix(amazonq): reset watermark after uplink so retry checkpoint applies cleanly After a successful updateWorkspace (customer edits uploaded to the agent), reset the lastAppliedTimestamp watermark. This ensures the incoming retry checkpoint isn't treated as a conflict — the customer explicitly asked to retry, so they expect the agent's output on disk. Also adds a second fallback to the C2-a step resolution: when the plan-based resolution misses (step already flipped to IN_PROGRESS on retry), scan all active HITLs for one with a -review tag. This covers the race where the review HITL is still alive but the step status has already transitioned. * fix(amazonq): detect edits in not-yet-transformed projects for uplink In a multi-project solution (A, B, C), if the customer edits Project B while Project A is transforming, those edits have mtime < lastApplied- Timestamp (set when A's checkpoint applied). The uplink missed them. Fix: updateWorkspace now uses the job-start time (createdAt) as the baseline for modified-file detection instead of lastAppliedTimestamp. This catches all edits made since the transform began, regardless of which project's checkpoint set the watermark. The conflict detection in applyChanges still uses lastAppliedTimestamp (correct for that purpose).
hasApproval() previously matched a stored approval when EITHER the config fingerprint OR the workspace hash matched (logical OR). This allowed an approval granted in one workspace to be silently reused in a different workspace that shipped an identical MCP server config, and allowed a previously-trusted workspace to mutate its config without re-prompting. Because MCP servers are spawned with cwd set to the requesting workspace, reusing consent across workspaces executes attacker-controlled files with the developer's privileges and no consent prompt (zero-prompt RCE). Require all three of (serverName, fingerprint, workspaceHash) to match so consent is bound to a specific workspace AND a specific config. The store already records workspaceHash per approval, so no data migration is needed: - cross-workspace reuse: blocked (workspaceHash differs) - config mutation in same workspace: blocked (fingerprint differs) Also scope removeApproval() to (serverName, workspaceHash) using its previously-unused configPath argument, so removing a server in one workspace no longer revokes consent for an identically-named server elsewhere. Rewrites the two unit tests that previously asserted the insecure reuse behavior and adds regression tests for per-workspace consent isolation and per-workspace revocation. Hardens against CVE-2026-12957.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
…isServer (#2772) The QCodeAnalysisServer creates its own CodeWhispererServiceToken for the code review tool, but it was passing `undefined` for userContext and omitting the customUserAgent parameter entirely. This meant the SDK client created for code review (CreateUploadUrl, StartCodeAnalysis, etc.) had no IDE identifier in its user-agent header. The server-side Kiro Enterprise subscription handler validates the user-agent against an allowlist of known IDE clients. Without the IDE identifier, the check fails with AccessDeniedException. Fix: Pass getUserAgent() and makeUserContextObject() to the CodeWhispererServiceToken constructor, matching the pattern used by AmazonQTokenServiceManager.serviceFactory(). This affects all IDE plugins (VSCode, JetBrains, Eclipse, Visual Studio) using the agentic code review tool with Kiro Enterprise subscriptions. Fixes: P436405137
Bumping up language server runtime package versions: - @aws/chat-client-ui-types: 0.1.68 → 0.1.71 - @aws/language-server-runtimes: 0.3.18 → 0.3.19 - @aws/language-server-runtimes-types: 0.1.64 → 0.1.65 Updated in chat-client and server/aws-lsp-codewhisperer. Regenerated the corresponding package-lock.json entries.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: aws-toolkit-automation <>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automatic merge failed
Command line hint
To perform the merge from the command line, you could do something like the following (where "origin" is the name of the remote in your local git repo):