RooCodeInc · mrubens · May 31, 2025 · May 11, 2025 · May 11, 2025 · May 11, 2025
@@ -0,0 +1,5 @@
+---
+"roo-cline": patch
+---
+
+Add AWS Bedrock VPC endpoint support, allowing users to connect to Bedrock through private VPC endpoints. This includes UI configuration options, updated types, and comprehensive test coverage.
@@ -100,6 +100,8 @@ const bedrockSchema = apiModelIdProviderModelSchema.extend({
 	awsProfile: z.string().optional(),
 	awsUseProfile: z.boolean().optional(),
 	awsCustomArn: z.string().optional(),
+	awsBedrockEndpointEnabled: z.boolean().optional(),
+	awsBedrockEndpoint: z.string().optional(),
 })
 
 const vertexSchema = apiModelIdProviderModelSchema.extend({
@@ -283,6 +285,8 @@ export const PROVIDER_SETTINGS_KEYS = keysOf<ProviderSettings>()([
 	"awsProfile",
 	"awsUseProfile",
 	"awsCustomArn",
+	"awsBedrockEndpointEnabled",
+	"awsBedrockEndpoint",
 	// Google Vertex
 	"vertexKeyFile",
 	"vertexJsonCredentials",

@@ -0,0 +1,178 @@
+// Mock AWS SDK credential providers
+jest.mock("@aws-sdk/credential-providers", () => {
+	const mockFromIni = jest.fn().mockReturnValue({
+		accessKeyId: "profile-access-key",
+		secretAccessKey: "profile-secret-key",
+	})
+	return { fromIni: mockFromIni }
+})
+
+// Mock BedrockRuntimeClient and ConverseStreamCommand
+const mockBedrockRuntimeClient = jest.fn()
+const mockSend = jest.fn().mockResolvedValue({
+	stream: [],
+})
+
+jest.mock("@aws-sdk/client-bedrock-runtime", () => ({
+	BedrockRuntimeClient: mockBedrockRuntimeClient.mockImplementation(() => ({
+		send: mockSend,
+	})),
+	ConverseStreamCommand: jest.fn(),
+	ConverseCommand: jest.fn(),
+}))
+
+import { AwsBedrockHandler } from "../bedrock"
+
+describe("AWS Bedrock VPC Endpoint Functionality", () => {
+	beforeEach(() => {
+		// Clear all mocks before each test
+		jest.clearAllMocks()
+	})
+
+	// Test Scenario 1: Input Validation Test
+	describe("VPC Endpoint URL Validation", () => {
+		it("should configure client with endpoint URL when both URL and enabled flag are provided", () => {
+			// Create handler with endpoint URL and enabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "https://bedrock-vpc.example.com",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created with the correct endpoint
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+					endpoint: "https://bedrock-vpc.example.com",
+				}),
+			)
+		})
+
+		it("should not configure client with endpoint URL when URL is provided but enabled flag is false", () => {
+			// Create handler with endpoint URL but disabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "https://bedrock-vpc.example.com",
+				awsBedrockEndpointEnabled: false,
+			})
+
+			// Verify the client was created without the endpoint
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+				}),
+			)
+
+			// Verify the endpoint property is not present
+			const clientConfig = mockBedrockRuntimeClient.mock.calls[0][0]
+			expect(clientConfig).not.toHaveProperty("endpoint")
+		})
+	})
+
+	// Test Scenario 2: Edge Case Tests
+	describe("Edge Cases", () => {
+		it("should handle empty endpoint URL gracefully", () => {
+			// Create handler with empty endpoint URL but enabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created without the endpoint (since it's empty)
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+				}),
+			)
+
+			// Verify the endpoint property is not present
+			const clientConfig = mockBedrockRuntimeClient.mock.calls[0][0]
+			expect(clientConfig).not.toHaveProperty("endpoint")
+		})
+
+		it("should handle undefined endpoint URL gracefully", () => {
+			// Create handler with undefined endpoint URL but enabled flag
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: undefined,
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created without the endpoint
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+				}),
+			)
+
+			// Verify the endpoint property is not present
+			const clientConfig = mockBedrockRuntimeClient.mock.calls[0][0]
+			expect(clientConfig).not.toHaveProperty("endpoint")
+		})
+	})
+
+	// Test Scenario 4: Error Handling Tests
+	describe("Error Handling", () => {
+		it("should handle invalid endpoint URLs by passing them directly to AWS SDK", () => {
+			// Create handler with an invalid URL format
+			new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "invalid-url-format",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Verify the client was created with the invalid endpoint
+			// (AWS SDK will handle the validation/errors)
+			expect(mockBedrockRuntimeClient).toHaveBeenCalledWith(
+				expect.objectContaining({
+					region: "us-east-1",
+					endpoint: "invalid-url-format",
+				}),
+			)
+		})
+	})
+
+	// Test Scenario 5: Persistence Tests
+	describe("Persistence", () => {
+		it("should maintain consistent behavior across multiple requests", async () => {
+			// Create handler with endpoint URL and enabled flag
+			const handler = new AwsBedrockHandler({
+				apiModelId: "anthropic.claude-3-5-sonnet-20241022-v2:0",
+				awsAccessKey: "test-access-key",
+				awsSecretKey: "test-secret-key",
+				awsRegion: "us-east-1",
+				awsBedrockEndpoint: "https://bedrock-vpc.example.com",
+				awsBedrockEndpointEnabled: true,
+			})
+
+			// Reset mock to clear the constructor call
+			mockBedrockRuntimeClient.mockClear()
+
+			// Make a request
+			try {
+				await handler.completePrompt("Test prompt")
+			} catch (error) {
+				// Ignore errors, we're just testing the client configuration
+			}
+
+			// Verify the client was configured with the endpoint
+			expect(mockSend).toHaveBeenCalled()
+		})
+	})
+})
@@ -169,6 +169,9 @@ export class AwsBedrockHandler extends BaseProvider implements SingleCompletionH
 
 		const clientConfig: BedrockRuntimeClientConfig = {
 			region: this.options.awsRegion,
+			// Add the endpoint configuration when specified and enabled
+			...(this.options.awsBedrockEndpoint &&
+				this.options.awsBedrockEndpointEnabled && { endpoint: this.options.awsBedrockEndpoint }),
 		}
 
 		if (this.options.awsUseProfile && this.options.awsProfile) {

@@ -231,10 +231,8 @@ describe("importExport", () => {
 				customModesManager: mockCustomModesManager,
 			})
 
-			expect(result).toEqual({
-				success: false,
-				error: "Expected property name or '}' in JSON at position 2",
-			})
+			expect(result.success).toBe(false)
+			expect(result.error).toMatch(/^Expected property name or '}' in JSON at position 2/)
 			expect(fs.readFile).toHaveBeenCalledWith("/mock/path/settings.json", "utf-8")
 			expect(mockProviderSettingsManager.import).not.toHaveBeenCalled()
 			expect(mockContextProxy.setValues).not.toHaveBeenCalled()

@@ -1,4 +1,4 @@
-import { useCallback } from "react"
+import { useCallback, useState, useEffect } from "react"
 import { Checkbox } from "vscrui"
 import { VSCodeTextField, VSCodeRadio, VSCodeRadioGroup } from "@vscode/webview-ui-toolkit/react"
 
@@ -17,6 +17,12 @@ type BedrockProps = {
 
 export const Bedrock = ({ apiConfiguration, setApiConfigurationField, selectedModelInfo }: BedrockProps) => {
 	const { t } = useAppTranslation()
+	const [awsEndpointSelected, setAwsEndpointSelected] = useState(!!apiConfiguration?.awsBedrockEndpointEnabled)
+
+	// Update the endpoint enabled state when the configuration changes
+	useEffect(() => {
+		setAwsEndpointSelected(!!apiConfiguration?.awsBedrockEndpointEnabled)
+	}, [apiConfiguration?.awsBedrockEndpointEnabled])
 
 	const handleInputChange = useCallback(
 		<K extends keyof ProviderSettings, E>(
@@ -120,6 +126,31 @@ export const Bedrock = ({ apiConfiguration, setApiConfigurationField, selectedMo
 					{t("settings:providers.cacheUsageNote")}
 				</div>
 			</div>
+			<Checkbox
+				checked={awsEndpointSelected}
+				onChange={(isChecked) => {
+					setAwsEndpointSelected(isChecked)
+					setApiConfigurationField("awsBedrockEndpointEnabled", isChecked)
+				}}>
+				Use custom VPC endpoint
+			</Checkbox>
+			{awsEndpointSelected && (
+				<>
+					<VSCodeTextField
+						value={apiConfiguration?.awsBedrockEndpoint || ""}
+						style={{ width: "100%", marginTop: 3, marginBottom: 5 }}
+						type="url"
+						onInput={handleInputChange("awsBedrockEndpoint")}
+						placeholder="Enter VPC Endpoint URL (optional)"
+						data-testid="vpc-endpoint-input"
+					/>
+					<div className="text-sm text-vscode-descriptionForeground ml-6 mt-1 mb-3">
+						Examples:
+						<div className="ml-2">• https://vpce-xxx.bedrock.region.vpce.amazonaws.com/</div>
+						<div className="ml-2">• https://gateway.my-company.com/route/app/bedrock</div>
+					</div>
+				</>
+			)}
 		</>
 	)
 }