Adding support for custom VPC endpoints when using AWS Bedrock models (#3947)

* feat: Add custom VPC endpoint support for AWS Bedrock

* fix: Fix TypeScript error in Bedrock.tsx

* fix: Update VPC endpoint UI to match Cline's implementation

* Fix AWS Bedrock VPC endpoint UI implementation

- Changed checkbox label to 'Use custom VPC endpoint' to match Cline

- Fixed conditional rendering to show text field when checkbox is checked

- Ensured placeholder text appears correctly

- Maintained proper styling for consistency

* Fix AWS Bedrock VPC endpoint UI implementation to match Cline exactly

- Added state variable to track checkbox selection

- Fixed conditional rendering to show/hide text field based on checkbox state

- Maintained proper styling and placeholder text

* Fix AWS Bedrock VPC endpoint UI implementation with proper event handling

- Fixed checkbox onChange handler to accept boolean directly instead of event object

- Added unit tests to verify the behavior

- Maintained proper styling and placeholder text

* Update Bedrock VPC endpoint tests with proper test IDs

* Improve AWS Bedrock VPC endpoint text field alignment

- Removed left margin from text field to align with checkbox

- Maintained proper styling and placeholder text

* Preserve AWS Bedrock VPC endpoint URL when toggling checkbox

- Added awsBedrockEndpointEnabled field to schema

- Modified Bedrock provider to check both endpoint URL and enabled flag

- Updated UI to preserve endpoint URL when checkbox is toggled

- Maintained proper alignment with checkbox

* Implement AWS Bedrock Custom VPC Endpoint functionality

* fix: update ApiConfiguration to ProviderSettings in Bedrock tests and regenerate types

* fix: update all instances of ApiConfiguration to ProviderSettings in Bedrock tests

* Fixed broken unit test

* Add changeset for Bedrock VPC endpoint support

* informative placeholder

* Bug fixes

* Fixed failing tests

* Add example URLs to Bedrock VPC endpoint section and update tests

* Fix truncated test assertion in Bedrock.test.tsx that was breaking the UI

* Refactor mock components in Bedrock.test.tsx for improved data-testid handling

* feat(i18n): add VPC endpoint translations for AWS Bedrock settings

* test: update Bedrock component tests for internationalized strings

---------

Co-authored-by: Kevin White <[email protected]>
Co-authored-by: Daniel <[email protected]>
Co-authored-by: Daniel Riccio <[email protected]>

Author: 3 people

.changeset/bedrock-vpc-endpoint.md

@@ -0,0 +1,5 @@
+---
+"roo-cline": patch
+---
+
+Add AWS Bedrock VPC endpoint support, allowing users to connect to Bedrock through private VPC endpoints. This includes UI configuration options, updated types, and comprehensive test coverage.

packages/types/src/provider-settings.ts

@@ -100,6 +100,8 @@ const bedrockSchema = apiModelIdProviderModelSchema.extend({
 	awsProfile: z.string().optional(),
 	awsUseProfile: z.boolean().optional(),
 	awsCustomArn: z.string().optional(),
+	awsBedrockEndpointEnabled: z.boolean().optional(),
+	awsBedrockEndpoint: z.string().optional(),
 })
 
 const vertexSchema = apiModelIdProviderModelSchema.extend({
@@ -283,6 +285,8 @@ export const PROVIDER_SETTINGS_KEYS = keysOf<ProviderSettings>()([
 	"awsProfile",
 	"awsUseProfile",
 	"awsCustomArn",
+	"awsBedrockEndpointEnabled",
+	"awsBedrockEndpoint",
 	// Google Vertex
 	"vertexKeyFile",
 	"vertexJsonCredentials",

src/api/providers/__tests__/bedrock-vpc-endpoint.test.ts

@@ -0,0 +1,178 @@
+// Mock AWS SDK credential providers
+jest.mock("@aws-sdk/credential-providers", () => {
+	const mockFromIni = jest.fn().mockReturnValue({
+		accessKeyId: "profile-access-key",
+		secretAccessKey: "profile-secret-key",
+	})
+	return { fromIni: mockFromIni }
+})
+
+// Mock BedrockRuntimeClient and ConverseStreamCommand
+const mockBedrockRuntimeClient = jest.fn()
+const mockSend = jest.fn().mockResolvedValue({
+	stream: [],
+})
+
+jest.mock("@aws-sdk/client-bedrock-runtime", () => ({
+	BedrockRuntimeClient: mockBedrockRuntimeClient.mockImplementation(() => ({
+		send: mockSend,
+	})),
+	ConverseStreamCommand: jest.fn(),
+	ConverseCommand: jest.fn(),
+}))
+
+import { AwsBedrockHandler } from "../bedrock"
+
+describe("AWS Bedrock VPC Endpoint Functionality", () => {
+	beforeEach(() => {
+		// Clear all mocks before each test
+		jest.clearAllMocks()
+	})
+
+	// Test Scenario 1: Input Validation Test
+	describe("VPC Endpoint URL Validation", () => {
+		it("should configure client with endpoint URL when both URL and enabled flag are provided", () => {
+			// Create handler with endpoint URL and enabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "https://bedrock-vpc.example.com",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created with the correct endpoint
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+					endpoint: "https://bedrock-vpc.example.com",
+				}),
+			)
+		})
+
+		it("should not configure client with endpoint URL when URL is provided but enabled flag is false", () => {
+			// Create handler with endpoint URL but disabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "https://bedrock-vpc.example.com",
+				awsBedrockEndpointEnabled: false,
+			})
+
+			// Verify the client was created without the endpoint
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+				}),
+			)
+
+			// Verify the endpoint property is not present
+			const clientConfig = mockBedrockRuntimeClient.mock.calls[0][0]
+			expect(clientConfig).not.toHaveProperty("endpoint")
+		})
+	})
+
+	// Test Scenario 2: Edge Case Tests
+	describe("Edge Cases", () => {
+		it("should handle empty endpoint URL gracefully", () => {
+			// Create handler with empty endpoint URL but enabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created without the endpoint (since it's empty)
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+				}),
+			)
+
+			// Verify the endpoint property is not present
+			const clientConfig = mockBedrockRuntimeClient.mock.calls[0][0]
+			expect(clientConfig).not.toHaveProperty("endpoint")
+		})
+
+		it("should handle undefined endpoint URL gracefully", () => {
+			// Create handler with undefined endpoint URL but enabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: undefined,
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created without the endpoint
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+				}),
+			)
+
+			// Verify the endpoint property is not present
+			const clientConfig = mockBedrockRuntimeClient.mock.calls[0][0]
+			expect(clientConfig).not.toHaveProperty("endpoint")
+		})
+	})
+
+	// Test Scenario 4: Error Handling Tests
+	describe("Error Handling", () => {
+		it("should handle invalid endpoint URLs by passing them directly to AWS SDK", () => {
+			// Create handler with an invalid URL format
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "invalid-url-format",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created with the invalid endpoint
+			// (AWS SDK will handle the validation/errors)
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+					endpoint: "invalid-url-format",
+				}),
+			)
+		})
+	})
+
+	// Test Scenario 5: Persistence Tests
+	describe("Persistence", () => {
+		it("should maintain consistent behavior across multiple requests", async () => {
+			// Create handler with endpoint URL and enabled flag
+			const handler = new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "https://bedrock-vpc.example.com",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Reset mock to clear the constructor call
+			mockBedrockRuntimeClient.mockClear()
+
+			// Make a request
+			try {
+				await handler.completePrompt("Test prompt")
+			} catch (error) {
+				// Ignore errors, we're just testing the client configuration
+			}
+
+			// Verify the client was configured with the endpoint
+			expect(mockSend).toHaveBeenCalled()
+		})
+	})
+})

src/api/providers/bedrock.ts

@@ -169,6 +169,9 @@ export class AwsBedrockHandler extends BaseProvider implements SingleCompletionH
 
 		const clientConfig: BedrockRuntimeClientConfig = {
 			region: this.options.awsRegion,
+			// Add the endpoint configuration when specified and enabled
+			...(this.options.awsBedrockEndpoint &&
+				this.options.awsBedrockEndpointEnabled && { endpoint: this.options.awsBedrockEndpoint }),
 		}
 
 		if (this.options.awsUseProfile && this.options.awsProfile) {

src/core/config/__tests__/importExport.test.ts

@@ -231,10 +231,8 @@ describe("importExport", () => {
 				customModesManager: mockCustomModesManager,
 			})
 
-			expect(result).toEqual({
-				success: false,
-				error: "Expected property name or '}' in JSON at position 2",
-			})
+			expect(result.success).toBe(false)
+			expect(result.error).toMatch(/^Expected property name or '}' in JSON at position 2/)
 			expect(fs.readFile).toHaveBeenCalledWith("/mock/path/settings.json", "utf-8")
 			expect(mockProviderSettingsManager.import).not.toHaveBeenCalled()
 			expect(mockContextProxy.setValues).not.toHaveBeenCalled()

webview-ui/src/components/settings/providers/Bedrock.tsx

@@ -1,4 +1,4 @@
-import { useCallback } from "react"
+import { useCallback, useState, useEffect } from "react"
 import { Checkbox } from "vscrui"
 import { VSCodeTextField, VSCodeRadio, VSCodeRadioGroup } from "@vscode/webview-ui-toolkit/react"
 
@@ -17,6 +17,12 @@ type BedrockProps = {
 
 export const Bedrock = ({ apiConfiguration, setApiConfigurationField, selectedModelInfo }: BedrockProps) => {
 	const { t } = useAppTranslation()
+	const [awsEndpointSelected, setAwsEndpointSelected] = useState(!!apiConfiguration?.awsBedrockEndpointEnabled)
+
+	// Update the endpoint enabled state when the configuration changes
+	useEffect(() => {
+		setAwsEndpointSelected(!!apiConfiguration?.awsBedrockEndpointEnabled)
+	}, [apiConfiguration?.awsBedrockEndpointEnabled])
 
 	const handleInputChange = useCallback(
 		<K extends keyof ProviderSettings, E>(
@@ -120,6 +126,31 @@ export const Bedrock = ({ apiConfiguration, setApiConfigurationField, selectedMo
 					{t("settings:providers.cacheUsageNote")}
 				</div>
 			</div>
+			<Checkbox
+				checked={awsEndpointSelected}
+				onChange={(isChecked) => {
+					setAwsEndpointSelected(isChecked)
+					setApiConfigurationField("awsBedrockEndpointEnabled", isChecked)
+				}}>
+				{t("settings:providers.awsBedrockVpc.useCustomVpcEndpoint")}
+			</Checkbox>
+			{awsEndpointSelected && (
+				<>
+					<VSCodeTextField
+						value={apiConfiguration?.awsBedrockEndpoint || ""}
+						style={{ width: "100%", marginTop: 3, marginBottom: 5 }}
+						type="url"
+						onInput={handleInputChange("awsBedrockEndpoint")}
+						placeholder={t("settings:providers.awsBedrockVpc.vpcEndpointUrlPlaceholder")}
+						data-testid="vpc-endpoint-input"
+					/>
+					<div className="text-sm text-vscode-descriptionForeground ml-6 mt-1 mb-3">
+						{t("settings:providers.awsBedrockVpc.examples")}
+						<div className="ml-2">• https://vpce-xxx.bedrock.region.vpce.amazonaws.com/</div>
+						<div className="ml-2">• https://gateway.my-company.com/route/app/bedrock</div>
+					</div>
+				</>
+			)}
 		</>
 	)
 }