Skip to content

feat(amazonq): include recommendation text in the explain message #7973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 17, 2025
Merged

feat(amazonq): include recommendation text in the explain message #7973

merged 4 commits into from
Sep 17, 2025

Conversation

@BlakeLazarine
Copy link
Contributor

@BlakeLazarine BlakeLazarine commented Sep 2, 2025

Problem

Customers complained about missing the old deterministic message.

Solution

As the agent to include this message at the start of its explain response. It was stored in the recommendation.text field.

The agent does some paraphrasing, so the deterministic message

We detected that this code sets key specifications more than once, key size more than once, or sets both. To make your code more secure, we recommend that you set either KeySpec or NumberOfBytes once. Do not set both.

Gets turned into

The CWE-327,328,326,208,1240 - Insecure cryptography issue at line 63 in CsvIterator.java occurs because the code sets both KeySpec and NumberOfBytes parameters on the same GenerateDataKeyRequest object, which are mutually exclusive in AWS KMS.

There is more information in the explanation after this, but this is the part related to the deterministic recommendation.text

  • Treat all work as PUBLIC. Private feature/x branches will not be squash-merged at release time.
  • Your code changes must meet the guidelines in CONTRIBUTING.md.
  • License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@BlakeLazarine BlakeLazarine requested a review from a team as a code owner September 2, 2025 19:06
@amazon-inspector-ohio
Copy link

amazon-inspector-ohio bot commented Sep 2, 2025

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@github-actions
Copy link

github-actions bot commented Sep 2, 2025

  • This pull request modifies code in src/* but no tests were added/updated.
    • Confirm whether tests should be added or ensure the PR description explains why tests are not required.
  • This pull request implements a feat or fix, so it must include a changelog entry (unless the fix is for an unreleased feature). Review the changelog guidelines.
    • Note: beta or "experiment" features that have active users should announce fixes in the changelog.
    • If this is not a feature or fix, use an appropriate type from the title guidelines. For example, telemetry-only changes should use the telemetry type.

@amazon-inspector-ohio
Copy link

amazon-inspector-ohio bot commented Sep 2, 2025

✅ I finished the code review, and didn't find any security or code quality issues.

@laileni-aws laileni-aws enabled auto-merge (squash) September 17, 2025 16:53
@laileni-aws laileni-aws merged commit c368527 into aws:master Sep 17, 2025
30 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ctlai95 ctlai95 ctlai95 approved these changes

@laileni-aws laileni-aws laileni-aws approved these changes

+1 more reviewer

@singhAws singhAws singhAws approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@BlakeLazarine @ctlai95 @laileni-aws @singhAws @blakelaz-amazon