Merge remote-tracking branch 'origin/main' into rli/blocking-lsp-threads

Author: rli

.changes/3.76.json

@@ -0,0 +1,8 @@
+{
+  "date" : "2025-06-12",
+  "version" : "3.76",
+  "entries" : [ {
+    "type" : "feature",
+    "description" : "Add MCP support for Amazon Q chat"
+  } ]
+}

.changes/next-release/feature-91688ea0-032c-48db-a160-7dfbe71a736d.json

@@ -1,3 +1,6 @@
+# _3.76_ (2025-06-12)
+- **(Feature)** Add MCP support for Amazon Q chat
+
 # _3.75_ (2025-06-11)
 - **(Feature)** Support for Amazon Q Builder ID paid tier
 

CHANGELOG.md

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # Toolkit Version
-toolkitVersion=3.76-SNAPSHOT
+toolkitVersion=3.77-SNAPSHOT
 
 # Publish Settings
 publishToken=

gradle.properties

@@ -139,7 +139,6 @@ class Browser(parent: Disposable, private val webUri: URI, val project: Project)
                         },
                     
                      "${activeProfile?.profileName.orEmpty()}")
-                    const commands = [hybridChatConnector.initialQuickActions[0], hybridChatConnector.initialQuickActions[1]]
                     amazonQChat.createChat(
                         {
                             postMessage: message => {
@@ -148,7 +147,7 @@ class Browser(parent: Disposable, private val webUri: URI, val project: Project)
                         }, 
                         {
                         agenticMode: true,
-                        quickActionCommands: commands,
+                        quickActionCommands: [],
                         disclaimerAcknowledged: ${MeetQSettings.getInstance().disclaimerAcknowledged},
                         pairProgrammingAcknowledged: ${MeetQSettings.getInstance().pairProgrammingAcknowledged}
                         },

plugins/amazonq/chat/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/webview/Browser.kt

@@ -94,6 +94,11 @@ import software.aws.toolkits.jetbrains.services.amazonq.util.command
 import software.aws.toolkits.jetbrains.services.amazonq.util.tabType
 import software.aws.toolkits.jetbrains.services.amazonq.webview.theme.AmazonQTheme
 import software.aws.toolkits.jetbrains.services.amazonq.webview.theme.ThemeBrowserAdapter
+import software.aws.toolkits.jetbrains.services.amazonqCodeScan.auth.isCodeScanAvailable
+import software.aws.toolkits.jetbrains.services.amazonqCodeTest.auth.isCodeTestAvailable
+import software.aws.toolkits.jetbrains.services.amazonqDoc.auth.isDocAvailable
+import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.auth.isFeatureDevAvailable
+import software.aws.toolkits.jetbrains.services.codemodernizer.utils.isCodeTransformAvailable
 import software.aws.toolkits.jetbrains.services.codewhisperer.settings.CodeWhispererConfigurable
 import software.aws.toolkits.jetbrains.settings.MeetQSettings
 import software.aws.toolkits.telemetry.MetricResult
@@ -173,12 +178,7 @@ class BrowserConnector(
         uiReady.await()
 
         // Chat options including history and quick actions need to be sent in once UI is ready
-        val showChatOptions = """{
-            "command": "chatOptions",
-            "params": ${Gson().toJson(AwsServerCapabilitiesProvider.getInstance(project).getChatOptions())}
-            }
-        """.trimIndent()
-        browser.postChat(showChatOptions)
+        updateQuickActionsInBrowser(browser)
 
         // Send inbound messages to the browser
         val inboundMessages = connections.map { it.messagesFromAppToUi.flow }.merge()
@@ -535,6 +535,45 @@ class BrowserConnector(
         browser.postChat(cancelMessage)
     }
 
+    private fun updateQuickActionsInBrowser(browser: Browser) {
+        val isFeatureDevAvailable = isFeatureDevAvailable(project)
+        val isCodeTransformAvailable = isCodeTransformAvailable(project)
+        val isDocAvailable = isDocAvailable(project)
+        val isCodeScanAvailable = isCodeScanAvailable(project)
+        val isCodeTestAvailable = isCodeTestAvailable(project)
+
+        val script = """
+            try {
+                const tempConnector = connectorAdapter.initiateAdapter(
+                    false, 
+                    true, // the two values are not used here, needed for constructor
+                    $isFeatureDevAvailable,
+                    $isCodeTransformAvailable,
+                    $isDocAvailable,
+                    $isCodeScanAvailable,
+                    $isCodeTestAvailable,
+                    { postMessage: () => {} }
+                );
+                
+                const commands = tempConnector.initialQuickActions?.slice(0, 2) || [];
+                const options = ${Gson().toJson(AwsServerCapabilitiesProvider.getInstance(project).getChatOptions())};
+                options.quickActions.quickActionsCommandGroups = [
+                    ...commands,
+                    ...options.quickActions.quickActionsCommandGroups
+                ];
+                
+                window.postMessage({
+                    command: "chatOptions",
+                    params: options
+                });
+            } catch (e) {
+                console.error("Error updating quick actions:", e);
+            }
+        """.trimIndent()
+
+        browser.jcefBrowser.cefBrowser.executeJavaScript(script, browser.jcefBrowser.cefBrowser.url, 0)
+    }
+
     private fun cancelInflightRequests(tabId: String) {
         chatCommunicationManager.getInflightRequestForTab(tabId)?.let { request ->
             request.cancel(true)

plugins/amazonq/chat/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/webview/BrowserConnector.kt

@@ -490,7 +490,7 @@ class CodeModernizerPlanEditor(val project: Project, private val virtualFile: Vi
                 JPanel().apply {
                     layout = BoxLayout(this, BoxLayout.Y_AXIS)
                     jobStatistics.forEach { stat ->
-                        if (!stat.name.isNullOrEmpty() && !stat.value.isNullOrEmpty()) {
+                        if (!stat.name.isNullOrEmpty() && !stat.value.isNullOrEmpty() && stat.name == "linesOfCode") {
                             val formattedStatName = getFormattedString(stat.name)
                             add(
                                 JLabel(

plugins/amazonq/codetransform/jetbrains-community/src/software/aws/toolkits/jetbrains/services/codemodernizer/plan/CodeModernizerPlanEditor.kt

@@ -295,7 +295,7 @@ class AmazonQLanguageClientImpl(private val project: Project) : AmazonQLanguageC
                         AmazonQLspConstants.LSP_Q_CONFIGURATION_KEY -> {
                             add(
                                 AmazonQLspConfiguration(
-                                    optOutTelemetry = AwsSettings.getInstance().isTelemetryEnabled,
+                                    optOutTelemetry = !AwsSettings.getInstance().isTelemetryEnabled,
                                     customization = CodeWhispererModelConfigurator.getInstance().activeCustomization(project)?.arn,
                                     // local context
                                     projectContext = ProjectContextConfiguration(

plugins/amazonq/shared/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/lsp/AmazonQLanguageClientImpl.kt

@@ -22,9 +22,12 @@ import com.intellij.openapi.project.Project
 import com.intellij.openapi.util.Disposer
 import com.intellij.openapi.util.Key
 import com.intellij.openapi.util.SystemInfo
+import com.intellij.util.EnvironmentUtil
+import com.intellij.util.io.DigestUtil
 import com.intellij.util.io.await
 import com.intellij.util.net.HttpConfigurable
 import com.intellij.util.net.JdkProxyProvider
+import com.intellij.util.net.ssl.CertificateManager
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Deferred
 import kotlinx.coroutines.Job
@@ -77,6 +80,7 @@ import software.aws.toolkits.jetbrains.services.amazonq.lsp.textdocument.TextDoc
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.util.WorkspaceFolderUtil.createWorkspaceFolders
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.workspace.WorkspaceServiceHandler
 import software.aws.toolkits.jetbrains.services.amazonq.profile.QDefaultServiceConfig
+import software.aws.toolkits.jetbrains.services.amazonq.profile.QEndpoints
 import software.aws.toolkits.jetbrains.services.cwc.controller.chat.telemetry.getStartUrl
 import software.aws.toolkits.jetbrains.services.telemetry.ClientMetadata
 import software.aws.toolkits.jetbrains.settings.LspSettings
@@ -388,21 +392,60 @@ private class AmazonQServerInstance(private val project: Project, private val cs
         // will cause slow service init, but maybe fine for now. will not block UI since fetch/extract will be under background progress
         val artifact = runBlocking { service<ArtifactManager>().fetchArtifact(project) }.toAbsolutePath()
 
-        // more network calls
-        // make assumption that all requests will resolve to the same CA
-        // also terrible assumption that default endpoint is reachable
-        val qUri = URI(QDefaultServiceConfig.ENDPOINT)
-        val extraCaCerts = try {
-            val rtsTrustChain = TrustChainUtil.getTrustChain(qUri)
-
-            Files.createTempFile("q-extra-ca", ".pem").apply {
-                writeText(
-                    TrustChainUtil.certsToPem(rtsTrustChain)
-                )
+        // make some network calls for troubleshooting
+        listOf(*QEndpoints.listRegionEndpoints().map { it.endpoint }.toTypedArray(), QDefaultServiceConfig.ENDPOINT).forEach { endpoint ->
+            try {
+                val qUri = URI(endpoint)
+                val rtsTrustChain = TrustChainUtil.getTrustChain(qUri)
+                val trustRoot = rtsTrustChain.last()
+                // ATS is cross-signed against starfield certs: https://www.amazontrust.com/repository/
+                if (listOf("Amazon Root CA", "Starfield Technologies").any { trustRoot.subjectX500Principal.name.contains(it) }) {
+                    LOG.info { "Trust chain for $endpoint ends with public-like CA with sha256 fingerprint: ${DigestUtil.sha256Hex(trustRoot.encoded)}" }
+                } else {
+                    LOG.info {
+                        """
+                            |Trust chain for $endpoint transits private CA:
+                            |${buildString {
+                            rtsTrustChain.forEach { cert ->
+                                append("Issuer: ${cert.issuerX500Principal}, ")
+                                append("Subject: ${cert.subjectX500Principal}, ")
+                                append("Fingerprint: ${DigestUtil.sha256Hex(cert.encoded)}\n\t")
+                            }
+                        }}
+                        """.trimMargin("|")
+                    }
+                    LOG.debug { "Full trust chain info for $endpoint: $rtsTrustChain" }
+                }
+            } catch (e: Exception) {
+                LOG.info { "${e.message}: Could not resolve trust chain for $endpoint" }
             }
-        } catch (e: Exception) {
-            LOG.info(e) { "Could not resolve trust chain for $qUri, skipping NODE_EXTRA_CA_CERTS" }
+        }
+
+        val userEnvNodeCaCerts = EnvironmentUtil.getValue("NODE_EXTRA_CA_CERTS")
+        // if user has NODE_EXTRA_CA_CERTS in their environment, assume they know what they're doing
+        val extraCaCerts = if (!userEnvNodeCaCerts.isNullOrEmpty()) {
+            LOG.info { "Skipping injection of IDE trust store, user already defines NODE_EXTRA_CA_CERTS: $userEnvNodeCaCerts" }
+
             null
+        } else {
+            try {
+                // otherwise include everything the IDE knows about
+                val allAcceptedIssuers = CertificateManager.getInstance().trustManager.acceptedIssuers
+                val customIssuers = CertificateManager.getInstance().customTrustManager.acceptedIssuers
+                LOG.info {
+                    "Injecting ${allAcceptedIssuers.size} IDE trusted certificates (${customIssuers.size} from IDE custom manager) into NODE_EXTRA_CA_CERTS"
+                }
+
+                Files.createTempFile("q-extra-ca", ".pem").apply {
+                    writeText(
+                        TrustChainUtil.certsToPem(allAcceptedIssuers.toList())
+                    )
+                }.toAbsolutePath().toString()
+            } catch (e: Exception) {
+                LOG.warn(e) { "Could not inject IDE trust store into NODE_EXTRA_CA_CERTS" }
+
+                null
+            }
         }
 
         val node = if (SystemInfo.isWindows) "node.exe" else "node"
@@ -415,8 +458,13 @@ private class AmazonQServerInstance(private val project: Project, private val cs
                 "--set-credentials-encryption-key",
             ).withEnvironment(
                 buildMap {
-                    extraCaCerts?.let { put("NODE_EXTRA_CA_CERTS", it.toAbsolutePath().toString()) }
+                    extraCaCerts?.let {
+                        LOG.info { "Starting Flare with NODE_EXTRA_CA_CERTS: $it" }
+                        put("NODE_EXTRA_CA_CERTS", it)
+                    }
 
+                    // assume default endpoint will pick correct proxy if needed
+                    val qUri = URI(QDefaultServiceConfig.ENDPOINT)
                     val proxy = JdkProxyProvider.getInstance().proxySelector.select(qUri)
                         // log if only socks proxy available
                         .firstOrNull { it.type() == Proxy.Type.HTTP }

plugins/amazonq/shared/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/lsp/AmazonQLspService.kt

@@ -111,9 +111,14 @@ class DefaultAuthCredentialsService(
             return CompletableFuture.failedFuture(e)
         }
 
-        return AmazonQLspService.executeIfRunning(project) { server ->
+        val future = AmazonQLspService.executeIfRunning(project) { server ->
             server.updateTokenCredentials(payload)
-        } ?: (CompletableFuture.failedFuture(IllegalStateException("LSP Server not running")))
+        } ?: CompletableFuture.failedFuture(IllegalStateException("LSP Server not running"))
+
+        return future.thenApply { response ->
+            updateConfiguration()
+            response
+        }
     }
 
     override fun deleteTokenCredentials(): CompletableFuture<Unit> =