Merge branch 'aws:master' into master

parameja1 · web-flow · commit 3af49b52520a · 2025-08-04T12:21:44.000-07:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/amazonq/src/app/inline/recommendationService.ts b/packages/amazonq/src/app/inline/recommendationService.ts
@@ -21,6 +21,7 @@ import {
 import { TelemetryHelper } from './telemetryHelper'
 import { ICursorUpdateRecorder } from './cursorUpdateManager'
 import { getLogger } from 'aws-core-vscode/shared'
+import { getOpenFilesInWindow } from 'aws-core-vscode/utils'
 import { asyncCallWithTimeout } from '../../util/timeoutUtil'
 
 export interface GetAllRecommendationsOptions {
@@ -79,14 +80,15 @@ export class RecommendationService {
                   contentChanges: documentChangeEvent.contentChanges.map((x) => x as TextDocumentContentChangeEvent),
               }
             : undefined
-
+        const openTabs = await getOpenFilesInWindow()
         let request: InlineCompletionWithReferencesParams = {
             textDocument: {
                 uri: document.uri.toString(),
             },
             position,
             context,
             documentChangeParams: documentChangeParams,
+            openTabFilepaths: openTabs,
         }
         if (options.editsStreakToken) {
             request = { ...request, partialResultToken: options.editsStreakToken }
diff --git a/packages/amazonq/src/lsp/chat/messages.ts b/packages/amazonq/src/lsp/chat/messages.ts
@@ -732,7 +732,11 @@ async function handlePartialResult<T extends ChatResult>(
     // This is to filter out the message containing findings from CodeReview tool to update CodeIssues panel
     decryptedMessage.additionalMessages = decryptedMessage.additionalMessages?.filter(
         (message) =>
-            !(message.messageId !== undefined && message.messageId.endsWith(CodeWhispererConstants.findingsSuffix))
+            !(
+                message.messageId !== undefined &&
+                (message.messageId.endsWith(CodeWhispererConstants.codeReviewFindingsSuffix) ||
+                    message.messageId.endsWith(CodeWhispererConstants.displayFindingsSuffix))
+            )
     )
 
     if (decryptedMessage.body !== undefined) {
@@ -784,7 +788,11 @@ async function handleSecurityFindings(
     }
     for (let i = decryptedMessage.additionalMessages.length - 1; i >= 0; i--) {
         const message = decryptedMessage.additionalMessages[i]
-        if (message.messageId !== undefined && message.messageId.endsWith(CodeWhispererConstants.findingsSuffix)) {
+        if (
+            message.messageId !== undefined &&
+            (message.messageId.endsWith(CodeWhispererConstants.codeReviewFindingsSuffix) ||
+                message.messageId.endsWith(CodeWhispererConstants.displayFindingsSuffix))
+        ) {
             if (message.body !== undefined) {
                 try {
                     const aggregatedCodeScanIssues: AggregatedCodeScanIssue[] = JSON.parse(message.body)
@@ -803,7 +811,12 @@ async function handleSecurityFindings(
                             issue.visible = !isIssueTitleIgnored && !isSingleIssueIgnored
                         }
                     }
-                    initSecurityScanRender(aggregatedCodeScanIssues, undefined, CodeAnalysisScope.PROJECT)
+                    initSecurityScanRender(
+                        aggregatedCodeScanIssues,
+                        undefined,
+                        CodeAnalysisScope.AGENTIC,
+                        message.messageId.endsWith(CodeWhispererConstants.codeReviewFindingsSuffix)
+                    )
                     SecurityIssueTreeViewProvider.focus()
                 } catch (e) {
                     languageClient.info('Failed to parse findings')
diff --git a/packages/amazonq/src/lsp/client.ts b/packages/amazonq/src/lsp/client.ts
@@ -183,6 +183,8 @@ export async function startLanguageServer(
                         modelSelection: true,
                         workspaceFilePath: vscode.workspace.workspaceFile?.fsPath,
                         codeReviewInChat: codeReviewInChat,
+                        // feature flag for displaying findings found not through CodeReview in the Code Issues Panel
+                        displayFindings: true,
                     },
                     window: {
                         notifications: true,
diff --git a/packages/amazonq/test/unit/amazonq/apps/inline/recommendationService.test.ts b/packages/amazonq/test/unit/amazonq/apps/inline/recommendationService.test.ts
@@ -147,6 +147,7 @@ describe('RecommendationService', () => {
                 position: mockPosition,
                 context: mockContext,
                 documentChangeParams: undefined,
+                openTabFilepaths: [],
             })
 
             // Verify session management
@@ -189,6 +190,7 @@ describe('RecommendationService', () => {
                 position: mockPosition,
                 context: mockContext,
                 documentChangeParams: undefined,
+                openTabFilepaths: [],
             }
             const secondRequestArgs = sendRequestStub.secondCall.args[1]
             assert.deepStrictEqual(firstRequestArgs, expectedRequestArgs)
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -471,7 +471,7 @@
         "@aws-sdk/types": "^3.13.1",
         "@aws/chat-client": "^0.1.4",
         "@aws/chat-client-ui-types": "^0.1.47",
-        "@aws/language-server-runtimes": "^0.2.111",
+        "@aws/language-server-runtimes": "^0.2.119",
         "@aws/language-server-runtimes-types": "^0.1.47",
         "@cspotcode/source-map-support": "^0.8.1",
         "@sinonjs/fake-timers": "^10.0.2",
diff --git a/packages/core/src/codewhisperer/commands/startSecurityScan.ts b/packages/core/src/codewhisperer/commands/startSecurityScan.ts
@@ -108,6 +108,9 @@ export async function startSecurityScan(
     zipUtil: ZipUtil = new ZipUtil(),
     scanUuid?: string
 ) {
+    if (scope === CodeAnalysisScope.AGENTIC) {
+        throw new CreateCodeScanFailedError('Cannot use Agentic scope')
+    }
     const profile = AuthUtil.instance.regionProfileManager.activeRegionProfile
     const logger = getLoggerForScope(scope)
     /**
diff --git a/packages/core/src/codewhisperer/models/constants.ts b/packages/core/src/codewhisperer/models/constants.ts
@@ -841,6 +841,7 @@ export enum CodeAnalysisScope {
     FILE_AUTO = 'FILE_AUTO',
     FILE_ON_DEMAND = 'FILE_ON_DEMAND',
     PROJECT = 'PROJECT',
+    AGENTIC = 'AGENTIC',
 }
 
 export enum TestGenerationJobStatus {
@@ -907,4 +908,7 @@ export const predictionTrackerDefaultConfig = {
     maxSupplementalContext: 15,
 }
 
-export const findingsSuffix = '_codeReviewFindings'
+export const codeReviewFindingsSuffix = '_codeReviewFindings'
+export const displayFindingsSuffix = '_displayFindings'
+
+export const displayFindingsDetectorName = 'DisplayFindings'
diff --git a/packages/core/src/codewhisperer/service/diagnosticsProvider.ts b/packages/core/src/codewhisperer/service/diagnosticsProvider.ts
@@ -26,8 +26,13 @@ export const securityScanRender: SecurityScanRender = {
 export function initSecurityScanRender(
     securityRecommendationList: AggregatedCodeScanIssue[],
     editor: vscode.TextEditor | undefined,
-    scope: CodeAnalysisScope
+    scope: CodeAnalysisScope,
+    fromQCA: boolean = true
 ) {
+    // fromQCA parameter is used to determine if the findings are coming from QCA or from displayFindings tool.
+    // if the incoming findings are from QCA review, then keep only existing findings from displayFindings
+    // if the incoming findings are not from QCA review, then keep only the existing QCA findings
+    securityScanRender.securityDiagnosticCollection = createSecurityDiagnosticCollection()
     securityScanRender.initialized = false
     if (scope === CodeAnalysisScope.FILE_ON_DEMAND && editor) {
         securityScanRender.securityDiagnosticCollection?.delete(editor.document.uri)
@@ -36,22 +41,20 @@ export function initSecurityScanRender(
     }
     for (const securityRecommendation of securityRecommendationList) {
         updateSecurityDiagnosticCollection(securityRecommendation)
-        updateSecurityIssuesForProviders(securityRecommendation, scope === CodeAnalysisScope.FILE_AUTO)
+        updateSecurityIssuesForProviders(securityRecommendation, scope === CodeAnalysisScope.FILE_AUTO, fromQCA)
     }
     securityScanRender.initialized = true
 }
 
-function updateSecurityIssuesForProviders(securityRecommendation: AggregatedCodeScanIssue, isAutoScope?: boolean) {
+function updateSecurityIssuesForProviders(
+    securityRecommendation: AggregatedCodeScanIssue,
+    isAutoScope?: boolean,
+    fromQCA: boolean = true
+) {
     if (isAutoScope) {
         SecurityIssueProvider.instance.mergeIssues(securityRecommendation)
     } else {
-        const updatedSecurityRecommendationList = [
-            ...SecurityIssueProvider.instance.issues.filter(
-                (group) => group.filePath !== securityRecommendation.filePath
-            ),
-            securityRecommendation,
-        ]
-        SecurityIssueProvider.instance.issues = updatedSecurityRecommendationList
+        SecurityIssueProvider.instance.mergeIssuesDisplayFindings(securityRecommendation, fromQCA)
     }
     SecurityIssueTreeViewProvider.instance.refresh()
 }
diff --git a/packages/core/src/codewhisperer/service/securityIssueProvider.ts b/packages/core/src/codewhisperer/service/securityIssueProvider.ts
@@ -6,6 +6,7 @@
 import * as vscode from 'vscode'
 import { AggregatedCodeScanIssue, CodeScanIssue, SuggestedFix } from '../models/model'
 import { randomUUID } from '../../shared/crypto'
+import { displayFindingsDetectorName } from '../models/constants'
 
 export class SecurityIssueProvider {
     static #instance: SecurityIssueProvider
@@ -161,6 +162,30 @@ export class SecurityIssueProvider {
         )
     }
 
+    public mergeIssuesDisplayFindings(newIssues: AggregatedCodeScanIssue, fromQCA: boolean) {
+        const existingGroup = this._issues.find((group) => group.filePath === newIssues.filePath)
+        if (!existingGroup) {
+            this._issues.push(newIssues)
+            return
+        }
+
+        this._issues = this._issues.map((group) =>
+            group.filePath !== newIssues.filePath
+                ? group
+                : {
+                      ...group,
+                      issues: [
+                          ...group.issues.filter(
+                              // if the incoming findings are from QCA review, then keep only existing findings from displayFindings
+                              // if the incoming findings are not from QCA review, then keep only the existing QCA findings
+                              (issue) => fromQCA === (issue.detectorName === displayFindingsDetectorName)
+                          ),
+                          ...newIssues.issues,
+                      ],
+                  }
+        )
+    }
+
     private isExistingIssue(issue: CodeScanIssue, filePath: string) {
         return this._issues
             .find((group) => group.filePath === filePath)
diff --git a/packages/core/src/shared/lsp/utils/platform.ts b/packages/core/src/shared/lsp/utils/platform.ts
@@ -8,7 +8,7 @@ import { ToolkitError } from '../../errors'
 import { Logger } from '../../logger/logger'
 import { ChildProcess } from '../../utilities/processUtils'
 import { waitUntil } from '../../utilities/timeoutUtils'
-import { isDebugInstance } from '../../vscode/env'
+import { isDebugInstance, isRemoteWorkspace } from '../../vscode/env'
 import { isSageMaker } from '../../extensionUtilities'
 import { getLogger } from '../../logger/logger'
 
@@ -124,8 +124,16 @@ export function createServerOptions({
                     getLogger().info(`[SageMaker Debug] Using SSO auth mode, not setting USE_IAM_AUTH`)
                 }
             } catch (err) {
-                getLogger().warn(`[SageMaker Debug] Failed to parse SageMaker cookies, defaulting to IAM auth: ${err}`)
-                env.USE_IAM_AUTH = 'true'
+                if (isRemoteWorkspace() && env.SERVICE_NAME !== 'SageMakerUnifiedStudio') {
+                    getLogger().warn(
+                        `[SageMaker Debug] Failed to parse SageMaker cookies in remote space, not SMUS env, not defaulting to IAM auth: ${err}`
+                    )
+                } else {
+                    getLogger().warn(
+                        `[SageMaker Debug] Failed to parse SageMaker cookies, defaulting to IAM auth: ${err}`
+                    )
+                    env.USE_IAM_AUTH = 'true'
+                }
             }
 
             // Log important environment variables for debugging
diff --git a/packages/core/src/shared/utilities/index.ts b/packages/core/src/shared/utilities/index.ts
@@ -8,3 +8,4 @@ export { VSCODE_EXTENSION_ID } from '../extensions'
 export * from './functionUtils'
 export * as messageUtils from './messages'
 export * as CommentUtils from './commentUtils'
+export * from './editorUtilities'
diff --git a/packages/core/src/test/codewhisperer/mergeIssuesDisplayFindings.test.ts b/packages/core/src/test/codewhisperer/mergeIssuesDisplayFindings.test.ts
@@ -0,0 +1,88 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import assert from 'assert'
+import { SecurityIssueProvider } from '../../codewhisperer/service/securityIssueProvider'
+import { createCodeScanIssue } from './testUtil'
+import { displayFindingsDetectorName } from '../../codewhisperer/models/constants'
+import { AggregatedCodeScanIssue } from '../../codewhisperer/models/model'
+
+describe('mergeIssuesDisplayFindings', () => {
+    let provider: SecurityIssueProvider
+    const testFilePath = '/test/file.py'
+
+    beforeEach(() => {
+        provider = Object.create(SecurityIssueProvider.prototype)
+        provider.issues = []
+    })
+
+    it('should add new issues when no existing group', () => {
+        const newIssues: AggregatedCodeScanIssue = {
+            filePath: testFilePath,
+            issues: [createCodeScanIssue({ findingId: 'new-1' })],
+        }
+
+        provider.mergeIssuesDisplayFindings(newIssues, true)
+
+        assert.strictEqual(provider.issues.length, 1)
+        assert.strictEqual(provider.issues[0].filePath, testFilePath)
+        assert.strictEqual(provider.issues[0].issues.length, 1)
+        assert.strictEqual(provider.issues[0].issues[0].findingId, 'new-1')
+    })
+
+    it('should keep displayFindings when fromQCA is true', () => {
+        provider.issues = [
+            {
+                filePath: testFilePath,
+                issues: [
+                    createCodeScanIssue({ findingId: 'qca-1', detectorName: 'QCA-detector' }),
+                    createCodeScanIssue({ findingId: 'display-1', detectorName: displayFindingsDetectorName }),
+                ],
+            },
+        ]
+
+        const newIssues: AggregatedCodeScanIssue = {
+            filePath: testFilePath,
+            issues: [createCodeScanIssue({ findingId: 'new-qca-1', detectorName: 'QCA-detector' })],
+        }
+
+        provider.mergeIssuesDisplayFindings(newIssues, true)
+
+        assert.strictEqual(provider.issues.length, 1)
+        assert.strictEqual(provider.issues[0].issues.length, 2)
+
+        const findingIds = provider.issues[0].issues.map((issue) => issue.findingId)
+        assert.ok(findingIds.includes('display-1'))
+        assert.ok(findingIds.includes('new-qca-1'))
+        assert.ok(!findingIds.includes('qca-1'))
+    })
+
+    it('should keep QCA findings when fromQCA is false', () => {
+        provider.issues = [
+            {
+                filePath: testFilePath,
+                issues: [
+                    createCodeScanIssue({ findingId: 'qca-1', detectorName: 'QCA-detector' }),
+                    createCodeScanIssue({ findingId: 'display-1', detectorName: displayFindingsDetectorName }),
+                ],
+            },
+        ]
+
+        const newIssues: AggregatedCodeScanIssue = {
+            filePath: testFilePath,
+            issues: [createCodeScanIssue({ findingId: 'new-display-1', detectorName: displayFindingsDetectorName })],
+        }
+
+        provider.mergeIssuesDisplayFindings(newIssues, false)
+
+        assert.strictEqual(provider.issues.length, 1)
+        assert.strictEqual(provider.issues[0].issues.length, 2)
+
+        const findingIds = provider.issues[0].issues.map((issue) => issue.findingId)
+        assert.ok(findingIds.includes('qca-1'))
+        assert.ok(findingIds.includes('new-display-1'))
+        assert.ok(!findingIds.includes('display-1'))
+    })
+})
diff --git a/packages/core/src/test/shared/lsp/utils/platform.test.ts b/packages/core/src/test/shared/lsp/utils/platform.test.ts

Original file line number	Diff line number	Diff line change
`@@ -841,6 +841,7 @@ export enum CodeAnalysisScope {`
`841`	`841`	`FILE_AUTO = 'FILE_AUTO',`
`842`	`842`	`FILE_ON_DEMAND = 'FILE_ON_DEMAND',`
`843`	`843`	`PROJECT = 'PROJECT',`
	`844`	`+ AGENTIC = 'AGENTIC',`
`844`	`845`	`}`
`845`	`846`
`846`	`847`	`export enum TestGenerationJobStatus {`
`@@ -907,4 +908,7 @@ export const predictionTrackerDefaultConfig = {`
`907`	`908`	`maxSupplementalContext: 15,`
`908`	`909`	`}`
`909`	`910`
`910`		`-export const findingsSuffix = '_codeReviewFindings'`
	`911`	`+export const codeReviewFindingsSuffix = '_codeReviewFindings'`
	`912`	`+export const displayFindingsSuffix = '_displayFindings'`
	`913`	`+`
	`914`	`+export const displayFindingsDetectorName = 'DisplayFindings'`