Merge

Author: laileni-aws

.changes/next-release/Feature-9c1f0662-e3b1-486d-a16d-db27923fe3ba.json

@@ -0,0 +1,4 @@
+{
+	"type": "Feature",
+	"description": "CodeWhisperer security scans now support Go files."
+}

package.json

@@ -754,7 +754,8 @@
                 },
                 {
                     "id": "aws.codecatalyst",
-                    "name": "%AWS.codecatalyst.explorerTitle%"
+                    "name": "%AWS.codecatalyst.explorerTitle%",
+                    "when": "!isCloud9 || isCloud9CodeCatalyst"
                 }
             ],
             "aws-codewhisperer-reference-log": [

src/amazonq/auth/controller.ts

@@ -30,6 +30,6 @@ export class AuthController {
     }
 
     private handleReAuth() {
-        reconnect.execute(placeholder, amazonQChatSource)
+        reconnect.execute(placeholder, amazonQChatSource, true)
     }
 }

src/amazonq/explorer/amazonQChildrenNodes.ts

@@ -50,7 +50,7 @@ export const switchToAmazonQNode = () =>
  */
 export const enableAmazonQNode = () =>
     // Simply trigger re-auth to obtain the proper scopes- same functionality as if requested in the chat window.
-    reconnect.build(placeholder, cwTreeNodeSource).asTreeNode({
+    reconnect.build(placeholder, cwTreeNodeSource, true).asTreeNode({
         label: localize('AWS.amazonq.enable', 'Enable'),
         iconPath: getIcon('vscode-debug-start'),
         contextValue: 'awsEnableAmazonQ',

src/amazonqFeatureDev/client/featureDev.ts

@@ -9,14 +9,14 @@ import { ConfiguredRetryStrategy } from '@aws-sdk/util-retry'
 import { omit } from 'lodash'
 import { AuthUtil } from '../../codewhisperer/util/authUtil'
 import { ServiceOptions } from '../../shared/awsClientBuilder'
-import { ToolkitError } from '../../shared/errors'
 import globals from '../../shared/extensionGlobals'
 import { getLogger } from '../../shared/logger'
 import * as FeatureDevProxyClient from './featuredevproxyclient'
 import apiConfig = require('./codewhispererruntime-2022-11-11.json')
 import { featureName } from '../constants'
-import { ContentLengthError } from '../errors'
+import { ApiError, ContentLengthError, UnknownApiError } from '../errors'
 import { endpoint, region } from '../../codewhisperer/models/constants'
+import { isAwsError, isCodeWhispererStreamingServiceException } from '../../shared/errors'
 
 // Create a client for featureDev proxy client based off of aws sdk v2
 export async function createFeatureDevProxyClient(): Promise<FeatureDevProxyClient> {
@@ -53,6 +53,15 @@ async function createFeatureDevStreamingClient(): Promise<CodeWhispererStreaming
     return streamingClient
 }
 
+const streamResponseErrors: Record<string, number> = {
+    ValidationException: 400,
+    AccessDeniedException: 403,
+    ResourceNotFoundException: 404,
+    ConflictException: 409,
+    ThrottlingException: 429,
+    InternalServerException: 500,
+}
+
 export class FeatureDevClient {
     private async getClient() {
         // Should not be stored for the whole session.
@@ -77,12 +86,14 @@ export class FeatureDevClient {
             })
             return conversationId
         } catch (e) {
-            getLogger().error(
-                `${featureName}: failed to start conversation: ${(e as Error).message} RequestId: ${
-                    (e as any).requestId
-                }`
-            )
-            throw new ToolkitError((e as Error).message, { code: 'CreateConversationFailed' })
+            if (isAwsError(e)) {
+                getLogger().error(
+                    `${featureName}: failed to start conversation: ${e.message} RequestId: ${e.requestId}`
+                )
+                throw new ApiError(e.message, 'CreateConversation', e.code, e.statusCode ?? 400)
+            }
+
+            throw new UnknownApiError(e instanceof Error ? e.message : 'Unknown error', 'CreateConversation')
         }
     }
 
@@ -108,16 +119,18 @@ export class FeatureDevClient {
                 requestId: response.$response.requestId,
             })
             return response
-        } catch (e: any) {
-            getLogger().error(
-                `${featureName}: failed to generate presigned url: ${(e as Error).message} RequestId: ${
-                    (e as any).requestId
-                }`
-            )
-            if (e.code === 'ValidationException' && e.message.includes('Invalid contentLength')) {
-                throw new ContentLengthError()
+        } catch (e) {
+            if (isAwsError(e)) {
+                getLogger().error(
+                    `${featureName}: failed to generate presigned url: ${e.message} RequestId: ${e.requestId}`
+                )
+                if (e.code === 'ValidationException' && e.message.includes('Invalid contentLength')) {
+                    throw new ContentLengthError()
+                }
+                throw new ApiError(e.message, 'CreateUploadUrl', e.code, e.statusCode ?? 400)
             }
-            throw new ToolkitError((e as Error).message, { code: 'CreateUploadUrlFailed' })
+
+            throw new UnknownApiError(e instanceof Error ? e.message : 'Unknown error', 'CreateUploadUrl')
         }
     }
 
@@ -153,10 +166,21 @@ export class FeatureDevClient {
             }
             return assistantResponse.join(' ')
         } catch (e) {
-            getLogger().error(
-                `${featureName}: failed to execute planning: ${(e as Error).message} RequestId: ${(e as any).requestId}`
-            )
-            throw new ToolkitError((e as Error).message, { code: 'GeneratePlanFailed' })
+            if (isCodeWhispererStreamingServiceException(e)) {
+                getLogger().error(
+                    `${featureName}: failed to execute planning: ${e.message} RequestId: ${
+                        e.$metadata.requestId ?? 'unknown'
+                    }`
+                )
+                throw new ApiError(
+                    e.message,
+                    'GeneratePlan',
+                    e.name,
+                    e.$metadata?.httpStatusCode ?? streamResponseErrors[e.name] ?? 500
+                )
+            }
+
+            throw new UnknownApiError(e instanceof Error ? e.message : 'Unknown error', 'GeneratePlan')
         }
     }
 }

src/amazonqFeatureDev/errors.ts

@@ -55,6 +55,12 @@ export class PrepareRepoFailedError extends ToolkitError {
     }
 }
 
+export class IllegalStateTransition extends ToolkitError {
+    constructor() {
+        super('Illegal transition between states, restart the conversation', { code: 'IllegalStateTransition' })
+    }
+}
+
 export class ContentLengthError extends ToolkitError {
     constructor() {
         super(
@@ -64,6 +70,18 @@ export class ContentLengthError extends ToolkitError {
     }
 }
 
+export class UnknownApiError extends ToolkitError {
+    constructor(message: string, api: string) {
+        super(message, { code: `${api}-Unknown` })
+    }
+}
+
+export class ApiError extends ToolkitError {
+    constructor(message: string, api: string, errorName: string, errorCode: number) {
+        super(message, { code: `${api}-${errorName}-${errorCode}` })
+    }
+}
+
 const denyListedErrors: string[] = ['Deserialization error', 'Inaccessible host']
 
 export function createUserFacingErrorMessage(message: string) {

src/amazonqFeatureDev/session/sessionState.ts

@@ -8,7 +8,7 @@ import * as vscode from 'vscode'
 import { ToolkitError } from '../../shared/errors'
 import { getLogger } from '../../shared/logger'
 import { telemetry } from '../../shared/telemetry/telemetry'
-import { UserMessageNotFoundError } from '../errors'
+import { IllegalStateTransition, UserMessageNotFoundError } from '../errors'
 import { SessionState, SessionStateAction, SessionStateConfig, SessionStateInteraction } from '../types'
 import { prepareRepoData } from '../util/files'
 import { uploadCode } from '../util/upload'
@@ -23,9 +23,7 @@ export class ConversationNotStartedState implements Omit<SessionState, 'uploadId
     }
 
     async interact(_action: SessionStateAction): Promise<SessionStateInteraction> {
-        throw new ToolkitError('Illegal transition between states, restart the conversation', {
-            code: 'IllegalStateTransition',
-        })
+        throw new IllegalStateTransition()
     }
 }
 

src/codewhisperer/commands/basicCommands.ts

@@ -151,9 +151,13 @@ export const selectCustomizationPrompt = Commands.declare(
 
 export const reconnect = Commands.declare(
     { id: 'aws.codewhisperer.reconnect', compositeKey: { 1: 'source' } },
-    () => async (_: VsCodeCommandArg, source: CodeWhispererSource) => {
-        await AuthUtil.instance.reauthenticate()
-    }
+    () =>
+        async (_: VsCodeCommandArg, source: CodeWhispererSource, addMissingScopes: boolean = false) => {
+            if (typeof addMissingScopes !== 'boolean') {
+                addMissingScopes = false
+            }
+            await AuthUtil.instance.reauthenticate(addMissingScopes)
+        }
 )
 
 /** Opens the Add Connections webview with CW highlighted */

src/codewhisperer/models/constants.ts

@@ -200,7 +200,9 @@ export const codeScanJavaPayloadSizeLimitBytes = Math.pow(2, 20) // 1 MB
 
 export const codeScanCsharpPayloadSizeLimitBytes = Math.pow(2, 20) // 1 MB
 
-export const codeScanRubyPayloadSizeLimitBytes = Math.pow(2, 20) // 1 MB
+export const codeScanRubyPayloadSizeLimitBytes = 200 * Math.pow(2, 10) // 200 KB
+
+export const codeScanGoPayloadSizeLimitBytes = 200 * Math.pow(2, 10) // 200 KB
 
 export const codeScanPythonPayloadSizeLimitBytes = 200 * Math.pow(2, 10) // 200 KB
 

src/codewhisperer/util/authUtil.ts

@@ -36,8 +36,6 @@ export const codeWhispererCoreScopes = [...scopesSsoAccountAccess, ...scopesCode
 export const codeWhispererChatScopes = [...codeWhispererCoreScopes, ...scopesCodeWhispererChat]
 export const amazonQScopes = [...codeWhispererChatScopes, ...scopesGumby, ...scopesFeatureDev]
 
-export const awsBuilderIdSsoProfile = createBuilderIdProfile(codeWhispererChatScopes)
-
 /**
  * "Core" are the CW scopes that existed before the addition of new scopes
  * for Amazon Q.
@@ -211,7 +209,7 @@ export class AuthUtil {
         let conn = (await this.auth.listConnections()).find(isBuilderIdConnection)
 
         if (!conn) {
-            conn = await this.auth.createConnection(awsBuilderIdSsoProfile)
+            conn = await this.auth.createConnection(createBuilderIdProfile(codeWhispererChatScopes))
         } else if (!isValidCodeWhispererChatConnection(conn)) {
             conn = await this.secondaryAuth.addScopes(conn, codeWhispererChatScopes)
         }
@@ -304,23 +302,27 @@ export class AuthUtil {
         return connectionExpired
     }
 
-    public async reauthenticate() {
+    public async reauthenticate(addMissingScopes: boolean = false) {
         try {
             if (this.conn?.type !== 'sso') {
                 return
             }
 
             // Edge Case: With the addition of Amazon Q/Chat scopes we may need to add
-            // the new scopes to existing connections.
-            if (isBuilderIdConnection(this.conn) && !isValidCodeWhispererChatConnection(this.conn)) {
-                const conn = await this.secondaryAuth.addScopes(this.conn, codeWhispererChatScopes)
-                this.secondaryAuth.useNewConnection(conn)
-            } else if (isIdcSsoConnection(this.conn) && !isValidAmazonQConnection(this.conn)) {
-                const conn = await this.secondaryAuth.addScopes(this.conn, amazonQScopes)
-                this.secondaryAuth.useNewConnection(conn)
-            } else {
-                await this.auth.reauthenticate(this.conn)
+            // the new scopes to existing pre-chat connections.
+            if (addMissingScopes) {
+                if (isBuilderIdConnection(this.conn) && !isValidCodeWhispererChatConnection(this.conn)) {
+                    const conn = await this.secondaryAuth.addScopes(this.conn, codeWhispererChatScopes)
+                    await this.secondaryAuth.useNewConnection(conn)
+                    return
+                } else if (isIdcSsoConnection(this.conn) && !isValidAmazonQConnection(this.conn)) {
+                    const conn = await this.secondaryAuth.addScopes(this.conn, amazonQScopes)
+                    await this.secondaryAuth.useNewConnection(conn)
+                    return
+                }
             }
+
+            await this.auth.reauthenticate(this.conn)
         } catch (err) {
             throw ToolkitError.chain(err, 'Unable to authenticate connection')
         } finally {