Merge remote-tracking branch 'origin/main' into rli/dead-code

Author: rli

.changes/3.90.json

@@ -0,0 +1,14 @@
+{
+  "date" : "2025-08-22",
+  "version" : "3.90",
+  "entries" : [ {
+    "type" : "feature",
+    "description" : "Amazon Q supports admin control for MCP servers to restrict MCP server usage"
+  }, {
+    "type" : "bugfix",
+    "description" : "Fix incompatible version warning for AWS Toolkit in 2025.2"
+  }, {
+    "type" : "bugfix",
+    "description" : "Fix UriError when project is on WSL or a UNC path"
+  } ]
+}

.changes/next-release/feature-fa373e43-dd37-4f6f-a226-7476f5866e9a.json

@@ -0,0 +1,4 @@
+{
+  "type" : "feature",
+  "description" : "Enable agentic code review"
+}

.github/workflows/prerelease.yml

@@ -18,7 +18,7 @@ jobs:
     strategy:
       matrix:
         build_target: [ ':plugin-core:buildPlugin', ':plugin-toolkit:intellij-standalone:buildPlugin', ':plugin-amazonq:buildPlugin' ]
-        version: [ '2024.2', '2024.3', '2025.1' ]
+        version: [ '2024.2', '2024.3', '2025.1', '2025.2' ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

.github/workflows/releaseNotification.yml

@@ -0,0 +1,32 @@
+permissions:
+  contents: read
+name: Release Notification
+
+on:
+  release:
+    types: [published] # Trigger on new releases being published
+
+jobs:
+  slack_notification:
+    runs-on: ubuntu-latest
+    if: ${{ !github.event.release.prerelease }}
+    steps:
+      - name: Print payload
+        run: |
+          echo '{
+            "version": "${{ github.event.release.tag_name }}",
+            "releaseLink": "${{ github.event.release.html_url }}",
+            "changelog": ${{ toJSON(github.event.release.body) }}
+          }'
+
+      - name: Send Release Details to Slack
+        uses: slackapi/[email protected]
+        with:
+          payload: |
+            {
+              "version": "${{ github.event.release.tag_name }}",
+              "releaseLink": "${{ github.event.release.html_url }}",
+              "changelog": ${{ toJSON(github.event.release.body) }}
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

CHANGELOG.md

@@ -1,3 +1,8 @@
+# _3.90_ (2025-08-22)
+- **(Feature)** Amazon Q supports admin control for MCP servers to restrict MCP server usage
+- **(Bug Fix)** Fix incompatible version warning for AWS Toolkit in 2025.2
+- **(Bug Fix)** Fix UriError when project is on WSL or a UNC path
+
 # _3.89_ (2025-08-07)
 - **(Bug Fix)** /transform: validate YAML dependency file for required fields
 

buildSrc/src/main/kotlin/temp-toolkit-intellij-root-conventions.gradle.kts

@@ -75,6 +75,7 @@ dependencies {
 //        create(type, version, useInstaller = false)
 //    }
 
+    implementation(project(":plugin-toolkit:jetbrains-core"))
     implementation(project(":plugin-toolkit:jetbrains-ultimate"))
     project.findProject(":plugin-toolkit:jetbrains-gateway")?.let {
         // does this need to be the instrumented variant?

gradle.properties

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 # Toolkit Version
-toolkitVersion=3.90-SNAPSHOT
+toolkitVersion=3.91-SNAPSHOT
 
 # Publish Settings
 publishToken=

gradle/libs.versions.toml

@@ -28,7 +28,7 @@ mockitoKotlin = "5.4.1-SNAPSHOT"
 mockk = "1.13.17"
 nimbus-jose-jwt = "9.40"
 node-gradle = "7.0.2"
-telemetryGenerator = "1.0.322"
+telemetryGenerator = "1.0.329"
 testLogger = "4.0.0"
 testRetry = "1.5.10"
 # test-only; platform provides slf4j transitively at runtime

plugins/amazonq/chat/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/webview/Browser.kt

@@ -11,7 +11,6 @@ import com.intellij.openapi.util.Disposer
 import com.intellij.ui.jcef.JBCefJSQuery
 import org.cef.CefApp
 import software.aws.toolkits.jetbrains.services.amazonq.CodeWhispererFeatureConfigService
-import software.aws.toolkits.jetbrains.services.amazonq.lsp.flareChat.AwsServerCapabilitiesProvider
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.flareChat.FlareUiMessage
 import software.aws.toolkits.jetbrains.services.amazonq.profile.QRegionProfile
 import software.aws.toolkits.jetbrains.services.amazonq.util.HighlightCommand
@@ -117,7 +116,7 @@ class Browser(parent: Disposable, private val webUri: URI, val project: Project)
     ): String {
         val postMessageToJavaJsCode = receiveMessageQuery.inject("JSON.stringify(message)")
         val connectorAdapterPath = "http://mynah/js/connectorAdapter.js"
-        generateQuickActionConfig()
+
         // https://github.com/highlightjs/highlight.js/issues/1387
         // language=HTML
         val jsScripts = """
@@ -309,10 +308,6 @@ class Browser(parent: Disposable, private val webUri: URI, val project: Project)
         activeProfile
     }
 
-    private fun generateQuickActionConfig() = AwsServerCapabilitiesProvider.getInstance(project).getChatOptions().quickActions.quickActionsCommandGroups
-        .let { OBJECT_MAPPER.writeValueAsString(it) }
-        ?: "[]"
-
     companion object {
         private const val MAX_ONBOARDING_PAGE_COUNT = 3
         private val OBJECT_MAPPER = jacksonObjectMapper()

plugins/amazonq/chat/jetbrains-community/src/software/aws/toolkits/jetbrains/services/amazonq/webview/BrowserConnector.kt

@@ -10,9 +10,13 @@ import com.google.gson.Gson
 import com.intellij.ide.BrowserUtil
 import com.intellij.ide.util.RunOnceUtil
 import com.intellij.openapi.application.runInEdt
+import com.intellij.openapi.application.runReadAction
+import com.intellij.openapi.fileEditor.FileDocumentManager
 import com.intellij.openapi.fileEditor.FileEditorManager
 import com.intellij.openapi.options.ShowSettingsUtil
 import com.intellij.openapi.project.Project
+import com.intellij.openapi.vfs.LocalFileSystem
+import com.intellij.openapi.vfs.VirtualFile
 import com.intellij.ui.jcef.JBCefJSQuery.Response
 import kotlinx.coroutines.CancellationException
 import kotlinx.coroutines.CompletableDeferred
@@ -21,6 +25,7 @@ import kotlinx.coroutines.coroutineScope
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.callbackFlow
 import kotlinx.coroutines.flow.distinctUntilChanged
+import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.merge
 import kotlinx.coroutines.flow.onEach
@@ -42,7 +47,6 @@ import software.aws.toolkits.jetbrains.services.amazonq.lsp.JsonRpcMethod
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.JsonRpcNotification
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.JsonRpcRequest
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.encryption.JwtEncryptionManager
-import software.aws.toolkits.jetbrains.services.amazonq.lsp.flareChat.AwsServerCapabilitiesProvider
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.flareChat.ChatCommunicationManager
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.flareChat.FlareUiMessage
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.AUTH_FOLLOW_UP_CLICKED
@@ -71,6 +75,8 @@ import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.CHAT_
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.CHAT_TAB_BAR_ACTIONS
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.CHAT_TAB_CHANGE
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.CHAT_TAB_REMOVE
+import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.CODE_REVIEW_FINDINGS_SUFFIX
+import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.DISPLAY_FINDINGS_SUFFIX
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.EncryptedChatParams
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.EncryptedQuickActionChatParams
 import software.aws.toolkits.jetbrains.services.amazonq.lsp.model.aws.chat.GET_SERIALIZED_CHAT_REQUEST_METHOD
@@ -107,10 +113,17 @@ import software.aws.toolkits.jetbrains.services.amazonqCodeTest.auth.isCodeTestA
 import software.aws.toolkits.jetbrains.services.amazonqDoc.auth.isDocAvailable
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.auth.isFeatureDevAvailable
 import software.aws.toolkits.jetbrains.services.codemodernizer.utils.isCodeTransformAvailable
+import software.aws.toolkits.jetbrains.services.codewhisperer.codescan.CodeWhispererCodeScanIssue
+import software.aws.toolkits.jetbrains.services.codewhisperer.codescan.CodeWhispererCodeScanManager
+import software.aws.toolkits.jetbrains.services.codewhisperer.codescan.Description
+import software.aws.toolkits.jetbrains.services.codewhisperer.codescan.Recommendation
+import software.aws.toolkits.jetbrains.services.codewhisperer.codescan.SuggestedFix
 import software.aws.toolkits.jetbrains.services.codewhisperer.settings.CodeWhispererConfigurable
+import software.aws.toolkits.jetbrains.services.codewhisperer.util.CodeWhispererConstants
 import software.aws.toolkits.jetbrains.settings.MeetQSettings
 import software.aws.toolkits.telemetry.MetricResult
 import software.aws.toolkits.telemetry.Telemetry
+import java.nio.file.Path
 import java.util.concurrent.CompletableFuture
 import java.util.concurrent.CompletionException
 import java.util.function.Function
@@ -568,6 +581,32 @@ class BrowserConnector(
         }
     }
 
+    data class FlareCodeScanIssue(
+        val startLine: Int,
+        val endLine: Int,
+        val comment: String?,
+        val title: String,
+        val description: Description,
+        val detectorId: String,
+        val detectorName: String,
+        val findingId: String,
+        val ruleId: String?,
+        val relatedVulnerabilities: List<String>,
+        val severity: String,
+        val recommendation: Recommendation,
+        val suggestedFixes: List<SuggestedFix>,
+        val scanJobId: String,
+        val language: String,
+        val autoDetected: Boolean,
+        val filePath: String,
+        val findingContext: String,
+    )
+
+    data class AggregatedCodeScanIssue(
+        val filePath: String,
+        val issues: List<FlareCodeScanIssue>,
+    )
+
     private fun showResult(
         result: CompletableFuture<String>,
         partialResultToken: String,
@@ -581,10 +620,14 @@ class BrowserConnector(
                     throw error
                 }
                 chatCommunicationManager.removePartialChatMessage(partialResultToken)
+                val decryptedMessage = Gson().fromJson(value?.let { encryptionManager?.decrypt(it) }.orEmpty(), Map::class.java)
+                    as Map<String, *>
+                parseFindingsMessages(decryptedMessage)
+
                 val messageToChat = ChatCommunicationManager.convertToJsonToSendToChat(
                     SEND_CHAT_COMMAND_PROMPT,
                     tabId,
-                    value?.let { encryptionManager?.decrypt(it) }.orEmpty(),
+                    Gson().toJson(decryptedMessage),
                     isPartialResult = false
                 )
                 browser.postChat(messageToChat)
@@ -598,15 +641,98 @@ class BrowserConnector(
         }
     }
 
-    private fun updateQuickActionsInBrowser(browser: Browser) {
+    fun parseFindingsMessages(messagesMap: Map<String, *>) {
+        try {
+            val additionalMessages = messagesMap["additionalMessages"] as? MutableList<Map<String, Any>>
+            val findingsMessages = additionalMessages?.filter { message ->
+                if (message.contains("messageId")) {
+                    (message["messageId"] as String).endsWith(CODE_REVIEW_FINDINGS_SUFFIX) ||
+                        (message["messageId"] as String).endsWith(DISPLAY_FINDINGS_SUFFIX)
+                } else {
+                    false
+                }
+            }
+            val scannedFiles = mutableListOf<VirtualFile>()
+            if (findingsMessages != null) {
+                for (findingsMessage in findingsMessages) {
+                    additionalMessages.remove(findingsMessage)
+                    val gson = Gson()
+                    val jsonFindings = gson.fromJson(findingsMessage["body"] as String, List::class.java)
+                    val mappedFindings = mutableListOf<CodeWhispererCodeScanIssue>()
+                    for (aggregatedIssueUnformatted in jsonFindings) {
+                        val aggregatedIssue = gson.fromJson(gson.toJson(aggregatedIssueUnformatted), AggregatedCodeScanIssue::class.java)
+                        val file = LocalFileSystem.getInstance().findFileByIoFile(
+                            Path.of(aggregatedIssue.filePath).toFile()
+                        )
+                        if (file?.isDirectory == false) {
+                            scannedFiles.add(file)
+                            runReadAction {
+                                FileDocumentManager.getInstance().getDocument(file)
+                            }?.let { document ->
+                                for (issue in aggregatedIssue.issues) {
+                                    val endLineInDocument = minOf(maxOf(0, issue.endLine - 1), document.lineCount - 1)
+                                    val endCol = document.getLineEndOffset(endLineInDocument) - document.getLineStartOffset(endLineInDocument) + 1
+                                    val isIssueIgnored = CodeWhispererCodeScanManager.getInstance(project)
+                                        .isIgnoredIssue(issue.title, document, file, issue.startLine - 1)
+                                    if (isIssueIgnored) {
+                                        continue
+                                    }
+                                    mappedFindings.add(
+                                        CodeWhispererCodeScanIssue(
+                                            startLine = issue.startLine,
+                                            startCol = 1,
+                                            endLine = issue.endLine,
+                                            endCol = endCol,
+                                            file = file,
+                                            project = project,
+                                            title = issue.title,
+                                            description = issue.description,
+                                            detectorId = issue.detectorId,
+                                            detectorName = issue.detectorName,
+                                            findingId = issue.findingId,
+                                            ruleId = issue.ruleId,
+                                            relatedVulnerabilities = issue.relatedVulnerabilities,
+                                            severity = issue.severity,
+                                            recommendation = issue.recommendation,
+                                            suggestedFixes = issue.suggestedFixes,
+                                            codeSnippet = emptyList(),
+                                            isVisible = true,
+                                            autoDetected = issue.autoDetected,
+                                            scanJobId = issue.scanJobId,
+                                        ),
+                                    )
+                                }
+                            }
+                        }
+                    }
+
+                    CodeWhispererCodeScanManager.getInstance(project)
+                        .addOnDemandIssues(
+                            mappedFindings,
+                            scannedFiles,
+                            CodeWhispererConstants.CodeAnalysisScope.AGENTIC
+                        )
+                    CodeWhispererCodeScanManager.getInstance(project).showCodeScanUI()
+                }
+            }
+        } catch (e: Exception) {
+            LOG.error { "Failed to parse findings message $e" }
+        }
+    }
+
+    private suspend fun updateQuickActionsInBrowser(browser: Browser) {
         val isFeatureDevAvailable = isFeatureDevAvailable(project)
         val isCodeTransformAvailable = isCodeTransformAvailable(project)
         val isDocAvailable = isDocAvailable(project)
         val isCodeScanAvailable = isCodeScanAvailable(project)
         val isCodeTestAvailable = isCodeTestAvailable(project)
 
+        val serverCapabilities = AmazonQLspService.getInstance(project).instanceFlow.first().initializeResult.await().awsServerCapabilities
+
+        // language=JavaScript
         val script = """
             try {
+                // hack to create the list of actions across all tab types
                 const tempConnector = connectorAdapter.initiateAdapter(
                     false, 
                     true, // the two values are not used here, needed for constructor
@@ -619,7 +745,7 @@ class BrowserConnector(
                 );
                 
                 const commands = tempConnector.initialQuickActions?.slice(0, 2) || [];
-                const options = ${Gson().toJson(AwsServerCapabilitiesProvider.getInstance(project).getChatOptions())};
+                const options = ${Gson().toJson(serverCapabilities.chatOptions)};
                 options.quickActions.quickActionsCommandGroups = [
                     ...commands,
                     ...options.quickActions.quickActionsCommandGroups