feat(amazonq): Auth and inline suggestions through Flare LSP #7450
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
) ## Problem We want to enable inline suggestions from flare on this branch ## Solution - enable it - leave the toggle setting so its easy to turn off/on to compare behaviours --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…7233) ## Problem the isSuggestionsEnable setting isn't respected ## Solution if someone disabled suggestions via a setting or from the status bar then don't return anything for automatic triggers --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - we're moving to inline via flare ## Solution - deprecate amazon q inline ## Notes #### deprecation steps: 1. removed recommendation handler and recommendation service and all regular dependencies, since those are the bulk of inline suggestions 2. removed command registrations for onacceptance 3. removed tests that are no longer relevant to the vscode implementation since they are already in flare 4. modified the lineAnnotationController and activeStateControllers to comment out any missing imports, since those still need to be there in the new implementation 5. removed pagination calls, since those are now done through flare 6. remove keystroke handler, since that's now done by the vscode api 7. removed old cloud9 compatability code for inline #### Future PRs: - Refactor lineAnnoationController and activeStateControllers - re-implement the `aws.amazonq.refreshAnnotation` command - fix the inline e2e tests, since now they will fully go through flare instead of the recommendation handler - fix any unit tests that are now failing - updating the status bar when a request is in progress --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem deprecation for inline ## Solution deprecates: 1. supplemental context + its tests, since that was only passed into codewhisperer 2. codewhisperer coverage tracker, since thats [already in flare](https://github.com/aws/language-servers/blob/main/server/aws-lsp-codewhisperer/src/language-server/inline-completion/codePercentage.ts) 3. [classifier trigger](https://github.com/aws/language-servers/blob/main/server/aws-lsp-codewhisperer/src/language-server/inline-completion/auto-trigger/coefficients.json), since that's in flare 4. inlineCompletionProvider is no longer used and should have been in my other PR 5. editorContext utils, since that was used with supplemental context --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…gh Flare. (#7235) ## Problem This is the initial set of work required to get inline chat running through flare. ## Solution - **add a feature flag for inline chat**: this allows testing of the two implementations side-by-side by flipping the feature flag. - **move general utils out of chat**: stuff like encryption and editorState can all be reused. - **render full diff response from inline chat**: this does not include progress updates from the language server. ## Testing and Verification https://github.com/user-attachments/assets/0dff58b7-40f7-487d-9f9e-d58610201041 ## Future Work / Next Steps - ensure telemetry is still being emitted. - add tests for new flow. (there aren't any for the existing one) - handle partial events from the language server. ## Known Bugs - selecting part of a line will cause the text to insert mid-line - running inline-chat without a selection causes the entire file to be copied (This is in JB, Eclipse Prod, but IMO it makes the feature unusable). --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…gh Flare. (#7235) ## Problem This is the initial set of work required to get inline chat running through flare. ## Solution - **add a feature flag for inline chat**: this allows testing of the two implementations side-by-side by flipping the feature flag. - **move general utils out of chat**: stuff like encryption and editorState can all be reused. - **render full diff response from inline chat**: this does not include progress updates from the language server. ## Testing and Verification https://github.com/user-attachments/assets/0dff58b7-40f7-487d-9f9e-d58610201041 ## Future Work / Next Steps - ensure telemetry is still being emitted. - add tests for new flow. (there aren't any for the existing one) - handle partial events from the language server. ## Known Bugs - selecting part of a line will cause the text to insert mid-line - running inline-chat without a selection causes the entire file to be copied (This is in JB, Eclipse Prod, but IMO it makes the feature unusable). --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem Follow up to #7235 (comment). ## Solution - extract all decrypting and encrypting logic to a single location. - add a simple test for this logic (encrypt and decrypt are inverses). - refactor existing implementations. ## Verification Used agentic chat with some tools, as well as inline chat and didn't notice a difference. If encryption were broken, I would expect this to fail immediately. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…n metric (#7244) ## Problem vscode keeps track of `codewhispererImportRecommendationEnabled` inside of the `codewhisperer_serviceInvocation` event but flare doesn't ## Solution add it before emitting telemetry, since this is purely a client side feature --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - "Amazon Q is generating ..." does not show with the lsp mode ## Solution - re-add the line tracker with tests - re-implement the activeState tracker ## Notes In master the active state tracker decides whether or not to show "Amazon Q is generating ..." by the following: - When a change is made, the auto trigger decides whether or not to start a recommendation request. When a recommendation requests eventually starts, an event is sent to the active state tracker to tell it to start showing the "Amazon Q is generating ..." message. When the first recommendation starts loading and the results are shown to the user another event is sent telling it to hide the message. It de-bounces this message showing every 1000ms so that the message is not constantly toggling on/off In this implementation its slightly different: - VSCode decides when to trigger the inline completion through their inline completion provider. From here we show the "Amazon Q is generating ... " message until the first recommendation is received from the language server and shown to the user. It still de-bounces this message every 1000ms so that users aren't shown it too often --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This new name more accurately represents what this class is for. It is just a util to create the "Amazon Q generating" inline message. - Class is renamed - File is renamed and move out of the "stateTracker" folder --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Signed-off-by: nkomonen-amazon <[email protected]>
I saw while testing that the "Amazon Q is generating..." got stuck at some point. I think this fix should avoid that Signed-off-by: nkomonen-amazon <[email protected]>
This was a regression that appeared while doing the port to flare, now we will show the spinning symbol when generating a suggestion. Additionally the file was more appropriately named since it now only has the status bar related code. Signed-off-by: nkomonen-amazon <[email protected]>
## Problem the tutorial trackers aren't implemented when using the language server ## Solution - re-add the inlineLineAnnotationController (inlineChatTutorialAnnotation) for adding hints with inline chat - re-add the lineAnnotationController (inlineTutorialAnnotation) for adding the inline suggestions tutorial ## Notes in a future PR I'll fully deprecate the old trackers --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
There was a regression that appeared while doing the port to flare where the status bar would not show the spinning icon when generating a suggestion. Now we will show the spinning symbol when generating a suggestion. Additionally the file was more appropriately named since it now only has the status bar related code.
…7234) ## Problem the only metric it looks like we're missing for inline on the vscode side is `codewhisperer_clientComponentLatency` ## Solution codewhisperer_clientComponentLatency uses a very similar implementation as before the only differences are: 1. codewhispererCredentialFetchingLatency is no longer relevant because the token is always injected into the language server and it doesn't need to build the client on demand like before. - This causes the preprocessing latency to decrease, because that used to contain the time it takes to fetch the credentials 2. postProcessing latency is way lower because once we get the result vscode instantly displays it -- we no longer have control of that example metric now: ``` 2025-05-06 11:53:59.858 [debug] telemetry: codewhisperer_clientComponentLatency { Metadata: { codewhispererAllCompletionsLatency: '792.7122090000048', codewhispererCompletionType: 'Line', codewhispererCredentialFetchingLatency: '0', codewhispererCustomizationArn: 'arn:aws:codewhisperer:us-east-1:12345678910:customization/AAAAAAAAAA', codewhispererEndToEndLatency: '792.682249999998', codewhispererFirstCompletionLatency: '792.6440000000002', codewhispererLanguage: 'java', codewhispererPostprocessingLatency: '0.019500000002153683', codewhispererPreprocessingLatency: '0.007166999996115919', codewhispererRequestId: 'XXXXXXXXXXXXXXXXXXXXXXXXXXX', codewhispererTriggerType: 'AutoTrigger', credentialStartUrl: 'https://XXXXX.XXXXX.com/start', awsAccount: 'not-set', awsRegion: 'us-east-1' }, Value: 1, Unit: 'None', Passive: true } ``` --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem
The cached/persisted Q Developer Profile selection is stored as a map of
`{connectionID: RegionProfile}`, where `connectionID` is a `randomUUID`.
When migrating to Flare auth, we move away from the concept of a
connectionID, and we do not have access to the latest ID of a user. The
result is that we cannot restore the user's last selected region
profile, and always need users who update versions to make a profile
selection.
## Solution
To handle this more gracefully, we will:
* Use regionProfile if matching auth profile name (existing logic)
* If no match, check if there is only a single RegionProfile stored in
lastUsed. If so, use that one
* If no match, and multiple RegionProfiles are stored in lastUsed cache,
make user select
Unit tests added
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
…nections (#7363) ## Problem Auth migration to LSP is not handled gracefully when a user downgrades and upgrades to auth on LSP multiple times, causing users to be logged out if they upgrade a second time ## Solution In the auth migration script, call the LSP identity server to check if a token is available. If the token is available, don't migrate the auth connection. If no token is available, migrate. Added unit tests for the case. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem Users are seeing `telemetry: invalid Metric: "codewhisperer_clientComponentLatency" emitted without the `result` property, which is always required. Consider using `.run()` instead of `.emit()`, which will set these properties automatically. See https://github.com/aws/aws-toolkit-vscode/blob/master/docs/telemetry.md#guidelines` ## Solution Add result attribute when emitting the metric --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Automatic merge failed - Resolve conflicts and push to this PR branch. - **Do not squash-merge** this PR. Use the "Create a merge commit" option to do a regular merge. ## Command line hint To perform the merge from the command line, you could do something like the following (where "origin" is the name of the remote in your local git repo): ``` git stash git fetch --all git checkout origin/feature/flare-mega git merge origin/master git commit git push origin HEAD:refs/heads/autoMerge/feature/flare-mega ``` --------- Signed-off-by: nkomonen-amazon <[email protected]> Co-authored-by: Nikolas Komonen <[email protected]> Co-authored-by: aws-toolkit-automation <> Co-authored-by: opieter-aws <[email protected]>
Merge master into feature/flare-mega
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Justin M. Keyes <[email protected]> Co-authored-by: chungjac <[email protected]>
fix(amazonq): clean up git history to avoid conflicts
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
#7659) ## Problem The webview does not support IAM credentials input and endpoint to LSP does not support IAM credentials and IAM profiles. ## Solution This is part of #7507. - Add IAM credentials option and form to webview - Modify AuthUtils to switch between SsoLogin and IamLogin strategies - Add startIamCredentialSetup in backend_amazonq Meanwhile, we are making changes to language-servers and language-server-runtimes such that authentication for IAM credentials can happen on Flare side. working branches: https://github.com/liramon1/language-server-runtimes/tree/feature/flare-iam https://github.com/liramon1/language-servers/tree/liramon/flare-iam Current PR built upon flare-mega branch and is working to merge with flare-mega branch. This PR fails a web test that flare-mega branch is also failing, at the same place. --- - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
… autofill access key id (#7797) ## Problem UI and error message no longer compatible after adding IAM credentials authflow IAM Access Key needs manual input every time a client log in ## Solution This is part of #7507 and is built on top of #7659. --- - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Ramon Li <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| assert.ok(actual.includes('apache')) | ||
| assert.ok(actual.includes('TEST_REPO')) | ||
| assert.ok(actual.includes('test reference')) | ||
| assert.ok(actual.includes('flare.com')) |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 27 days ago
To fix the problem, the test should not check for the substring 'flare.com' anywhere in the output. Instead, it should extract the URL from the output, parse it using the standard URL class, and assert that the host is exactly 'flare.com' (or whatever is expected). This ensures that the test only passes if the correct host is present, and not if the string appears elsewhere in the output.
Specifically, in packages/amazonq/test/unit/codewhisperer/service/referenceLogViewProvider.test.ts, locate the assertion on line 100. Replace the substring check with logic that extracts the URL from the output, parses it, and checks the host. You may need to use a regular expression to extract the URL from the output string. Add an import for the Node.js url module or use the global URL class if available.
Suggested changeset
1
packages/amazonq/test/unit/codewhisperer/service/referenceLogViewProvider.test.ts
| @@ -5,2 +5,4 @@ | ||
| import assert from 'assert' | ||
| // For URL parsing | ||
| // No import needed for global URL class in Node.js >=10 | ||
| import { createMockTextEditor, resetCodeWhispererGlobalVariables } from 'aws-core-vscode/test' | ||
| @@ -99,3 +101,7 @@ | ||
| assert.ok(actual.includes('test reference')) | ||
| assert.ok(actual.includes('flare.com')) | ||
| // Extract the first URL from the output and check its host | ||
| const urlMatch = actual.match(/https?:\/\/[^\s'"]+/) | ||
| assert.ok(urlMatch, 'No URL found in output') | ||
| const parsedUrl = new URL(urlMatch[0]) | ||
| assert.strictEqual(parsedUrl.host, 'flare.com') | ||
| assert.ok(actual.includes('cw.com')) |
Copilot is powered by AI and may make mistakes. Always verify output.
| assert.ok(actual.includes('TEST_REPO')) | ||
| assert.ok(actual.includes('test reference')) | ||
| assert.ok(actual.includes('flare.com')) | ||
| assert.ok(actual.includes('cw.com')) |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High test
Copilot Autofix
AI 25 days ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
## Problem The webview does not support STS credentials input (sessionToken and roleArn) and endpoint to LSP does not support STS credentials and profiles. ## Solution This is part of #7507 and is built on top of #7797. - Add STS credentials input box webview, enabling mfa verification if credentials has assume role with mfa permission - Modify AuthUtils and auth2.ts to accommodate new IAM profile type - Add stsCache and other sts handlers to connect to LSP --- - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Ramon Li <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Notes
Release the changes that route auth and inline suggestions through Flare LSP
feature/xbranches will not be squash-merged at release time.