Merge master into feature/agentic-chat-MCP#7080
Open
aws-toolkit-automation wants to merge 1136 commits intofeature/agentic-chat-MCPfrom
Open
Merge master into feature/agentic-chat-MCP#7080aws-toolkit-automation wants to merge 1136 commits intofeature/agentic-chat-MCPfrom
aws-toolkit-automation wants to merge 1136 commits intofeature/agentic-chat-MCPfrom
Conversation
## Problem Currently there is no telemetry support for auto debug feature. ## Solution Add telemetry support for auto debug feature. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com> Co-authored-by: Ashish Reddy Podduturi <ashishrp@amazon.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
…iew (#8019) ## Problem Currently users couldn't edit code files on the diff view provided by Amazon Q. Users have to open those files in the workspace to edit them. This is very inconvenient. ## Solution Copy of #7886 Enable users to edit code files directly on the diff view. https://github.com/user-attachments/assets/464d9757-cb6f-4f0f-aa6f-de4f3104cdb5 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Lei Gao <97199248+leigaol@users.noreply.github.com> Co-authored-by: Lei Gao <leigaol@amazon.com> Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com> Co-authored-by: andrewyuq <89420755+andrewyuq@users.noreply.github.com> Co-authored-by: Will Lo <96078566+Will-ShaoHua@users.noreply.github.com>
## Problem This merges the released changes for rc-20250911 into main. ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem - Added new UX to inform user about migration of /agents. ## Solution - Removing the migration of /agents ux but need some time to remove entire functionality due to backward compatability issues. - Removed unused and unnecessary code. - Related Flare PR: aws/language-servers#2248 ### Old VSC plugin behavior with new flare version https://github.com/user-attachments/assets/c6966bdb-7bdc-41ca-ae67-acadc4f69ef9 ### New VSC plugin behavior with new flare version https://github.com/user-attachments/assets/9e76779d-6284-4ba3-b206-ddbb862c3d76 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…#8047) ## Problem #8045 #8040 ## Solution fix for path parsing for windows for editable diff view --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem
- Require account id to create a more complete product metric on SMUS
feature usage
## Solution
- Add domain account id metadata to smus_login metric
## Test
- on core `npm run generateTelemetry`
- `npm test`
- manually test telemetry
```
2025-09-16 01:21:25.358 [debug] telemetry: smus_login {
Metadata: {
metricId: '43dfab8d-d5a6-4791-9afb-b0b3454efb23',
traceId: 'ba4dd30a-3ad6-4101-84a0-8ae558947fed',
parentId: '4e6f9558-995e-444e-8461-d718bd6434a5',
duration: '1763',
result: 'Cancelled',
reason: 'UserCancelled',
reasonDesc: 'Failed to initiate login. | UserCancelled: User cancelled domain URL input',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:22:39.406 [debug] telemetry: smus_login {
Metadata: {
metricId: '4840c7e2-7a68-49a8-8bb6-710d629856ab',
traceId: '65160024-7c03-47c8-80e3-9fdf8493047b',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
awsRegion: 'us-east-2',
smusDomainAccountId: '050752642559',
duration: '34889',
result: 'Succeeded',
awsAccount: 'not-set'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:22:48.391 [debug] telemetry: smus_accessProject {
Metadata: {
metricId: 'fad0c4d1-49bd-4a87-aed5-72a6e4d04c3a',
traceId: '65160024-7c03-47c8-80e3-9fdf8493047b',
parentId: 'cda698a1-1c85-477c-9722-ca5b81ae6f63',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
smusProjectId: 'c1wqm5rlzb150p',
smusDomainRegion: 'us-east-2',
smusDomainAccountId: '050752642559',
duration: '10451',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:22:51.374 [debug] telemetry: smus_renderProjectChildrenNode {
Metadata: {
metricId: '0bc6e3e4-a54b-44a2-84d6-b033e656d91e',
traceId: 'e280e0c3-54c5-4aae-8431-ef5724a20e42',
smusToolkitEnv: 'local',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
smusDomainAccountId: '050752642559',
smusProjectId: 'c1wqm5rlzb150p',
smusDomainRegion: 'us-east-2',
duration: '2979',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: true
}
2025-09-16 01:24:25.389 [debug] telemetry: smus_renderLakehouseNode {
Metadata: {
metricId: 'f50b2b04-ffe7-49f6-8d85-a1e5d59438cc',
traceId: '83155b49-3d84-4896-bb04-5ed5182006e6',
smusToolkitEnv: 'local',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
smusDomainAccountId: '050752642559',
smusProjectId: 'c1wqm5rlzb150p',
smusConnectionId: 'c1pnab9bdg3qjt',
smusConnectionType: 'LAKEHOUSE',
smusProjectRegion: 'us-east-2',
duration: '2321',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:24:54.443 [debug] telemetry: smus_renderS3Node {
Metadata: {
metricId: '74f286b6-1feb-43aa-b15e-4e0919ab272a',
traceId: '9db37019-272f-4963-9e9e-1da9d9f9a26e',
smusToolkitEnv: 'local',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
smusDomainAccountId: '050752642559',
smusProjectId: 'c1wqm5rlzb150p',
smusConnectionId: 'c13ow7arqtblih',
smusConnectionType: 'S3',
smusProjectRegion: 'us-east-2',
duration: '2',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:25:40.741 [debug] telemetry: smus_openRemoteConnection {
Metadata: {
metricId: '2f32a489-b013-4f47-951f-04d535bc2761',
traceId: '1b90a3dc-f01f-40cc-b0bf-5920b7c6e9cc',
smusSpaceKey: 'd-rxs4hhmzrnho__ce',
smusDomainRegion: 'us-east-2',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
smusDomainAccountId: '050752642559',
smusProjectId: 'c1wqm5rlzb150p',
duration: '18000',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:26:52.258 [debug] telemetry: smus_stopSpace {
Metadata: {
metricId: 'b0903fd5-ffb5-4a9a-b131-99baf11cb3a7',
traceId: 'c5ec5f41-ae58-46b3-af8e-47c1d8fb737d',
smusSpaceKey: 'd-rxs4hhmzrnho__ce',
smusDomainRegion: 'us-east-2',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
smusDomainAccountId: '050752642559',
smusProjectId: 'c1wqm5rlzb150p',
duration: '2308',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-16 01:27:22.027 [debug] telemetry: smus_signOut {
Metadata: {
metricId: 'e41138b8-9949-4088-b175-73c4d48110cc',
traceId: 'b6a34176-e2a2-47f1-b170-d092488c0d00',
parentId: '51f87fa9-fc1c-4351-914b-c0ce077b8f1b',
smusDomainId: 'dzd_bh80g0fbj1h7xl',
awsRegion: 'us-east-2',
smusDomainAccountId: '050752642559',
duration: '476',
result: 'Succeeded',
awsAccount: 'not-set'
},
Value: 1,
Unit: 'None',
Passive: false
}
```
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
) ## Problem Customers complained about missing the old deterministic message. ## Solution As the agent to include this message at the start of its explain response. It was stored in the recommendation.text field. The agent does some paraphrasing, so the deterministic message `We detected that this code sets key specifications more than once, key size more than once, or sets both. To make your code more secure, we recommend that you set either KeySpec or NumberOfBytes once. Do not set both.` Gets turned into `The CWE-327,328,326,208,1240 - Insecure cryptography issue at line 63 in CsvIterator.java occurs because the code sets both KeySpec and NumberOfBytes parameters on the same GenerateDataKeyRequest object, which are mutually exclusive in AWS KMS.` There is more information in the explanation after this, but this is the part related to the deterministic recommendation.text --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Blake Lazarine <blakelaz@amazon.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
…r and added buffer time in cred validation (#8070) ## Problem - IAM credentials is not updating in Sagemaker instances due to incorrect comparison logic which prevents credential refresh and hence users cant interact with Q chat after the initial expiration time - <img width="2513" height="1284" alt="image" src="https://github.com/user-attachments/assets/0dc8d158-00ef-4c86-aff8-7e147a101881" /> ## Solution - Add custom comparator logic and method to properly compare credentials by their actual values (accessKeyId, secretAccessKey, sessionToken) instead of string comparison - Added 60-second expiration buffer to credential validation. similar to SSO token logic [here](https://github.com/aws/aws-toolkit-vscode/blob/c3685274fc4e09e72c98db4c43b7959634bc63b0/packages/core/src/auth/sso/model.ts#L158) for grace-time - Tested by building a debug artefact on a SMUS CodeEditor instance and verified q chat is triggering refresh credentials - ```npm run package && npm run test``` succeeded - https://drive.corp.amazon.com/documents/parameja@/PR-8070/IAM-Credentials-Refresh-Q-Chat.mov --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…Event api (#8080) ## Problem - update aws sdk - sendTelemetryEvent API is missing pluginVersion - sendTelemetryEvent.userTriggerEvent is missing suggestionType ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…gger (#8085) … ## Problem previously UTD will be delayed until next service call, which means it doesn't gurantee service team will collect all the datapoints ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…or manual trigger 8085 (#8087) This reverts commit 00ffeb3. ## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem
The project account id and region was missing from data connection and
space action telemetry.
## Solution
The project account id and region are added to data connection and space
action telemetry.
Telemetry for a cross-account example:
```
2025-09-23 15:42:29.674 [debug] telemetry: smus_login {
Metadata: {
metricId: 'fdbf85ac-a093-4ab9-ac47-add57a5901cc',
traceId: '7ee3db34-3f9b-41b7-aa16-824290fa0719',
parentId: '5c66c1e2-09ba-4308-8e28-a47bfc4acdda',
smusDomainId: 'dzd_64o7tjjv1cm9gp',
awsRegion: 'us-east-2',
smusDomainAccountId: '730335272067',
duration: '24121',
result: 'Succeeded',
awsAccount: 'not-set'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-23 15:42:32.466 [debug] telemetry: smus_accessProject {
Metadata: {
metricId: 'cc75867d-cb7c-4392-b7d7-cda1f7ba627c',
traceId: '7ee3db34-3f9b-41b7-aa16-824290fa0719',
parentId: 'da7fad30-0aee-4f31-8962-00ef50b408b8',
smusDomainId: 'dzd_64o7tjjv1cm9gp',
smusProjectId: 'cxtwtxb6e3ly95',
smusDomainRegion: 'us-east-2',
smusDomainAccountId: '730335272067',
duration: '3994',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-23 15:42:43.475 [debug] telemetry: smus_renderLakehouseNode {
Metadata: {
metricId: 'dc09a62e-9f18-45c5-bd8b-c113c6a8c5c9',
traceId: '58ea5647-a29a-45dc-9e6c-fb4175a34a6d',
smusToolkitEnv: 'local',
smusDomainId: 'dzd_64o7tjjv1cm9gp',
smusDomainAccountId: '730335272067',
smusProjectId: 'cxtwtxb6e3ly95',
smusConnectionId: '4r6iscfi0rih0p',
smusConnectionType: 'LAKEHOUSE',
smusProjectRegion: 'us-east-1',
smusProjectAccountId: '976193268201',
duration: '965',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-23 15:42:46.623 [debug] telemetry: smus_renderS3Node {
Metadata: {
metricId: 'be029b31-6111-48f1-8e66-99121dd48484',
traceId: 'a3698692-e948-4ec4-881a-17a0443e109d',
smusToolkitEnv: 'local',
smusDomainId: 'dzd_64o7tjjv1cm9gp',
smusDomainAccountId: '730335272067',
smusProjectId: 'cxtwtxb6e3ly95',
smusConnectionId: '6gy7b7go2jd50p',
smusConnectionType: 'S3',
smusProjectRegion: 'us-east-1',
smusProjectAccountId: '976193268201',
duration: '1',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
2025-09-23 15:43:04.774 [debug] telemetry: smus_openRemoteConnection {
Metadata: {
metricId: '7f2c4573-b681-4e81-bc34-84509aac1f46',
traceId: 'fc5d6674-7042-4634-b7aa-1098aee2b540',
smusSpaceKey: 'd-uyehbqjlnjl0__ce',
smusDomainRegion: 'us-east-1',
smusDomainId: 'dzd_64o7tjjv1cm9gp',
smusDomainAccountId: '730335272067',
smusProjectId: 'cxtwtxb6e3ly95',
smusProjectAccountId: '976193268201',
smusProjectRegion: 'us-east-1',
duration: '6969',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-east-1'
},
Value: 1,
Unit: 'None',
Passive: false
}
```
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
…r Linux/Ubuntu in web/container env as AL2 (#8073) ## Problem PR: #7270 introduced a bug where the `isAmazonLinux2()` function incorrectly identifies regular Linux/Ubuntu systems in web/container environments as Amazon Linux 2. This happens because: 1. The function checks `os.release()` for `.amzn2.` or `.amzn2int.` patterns 2. In containerized environments (like VS Code web/remote), `os.release()` returns the __host's kernel version__, not the container's OS 3. If the host is Amazon Linux 2 but the container is Ubuntu/Linux, the function incorrectly returns `true` 4. This prevents Amazon Q LSP from starting because it thinks it's on AL2 without the required GLIBC patch ## Solution - __Skip AL2 detection for web environments__ - Returns `false` immediately since web mode runs in a browser - __Check `/etc/os-release` first__ - In containerized environments, this file contains the actual container OS, not the host OS - __Trust container OS over kernel version__ - If `/etc/os-release` shows it's not AL2 (e.g., Ubuntu), return `false` regardless of kernel version - __Fall back to kernel check only when necessary__ - Only use `os.release()` if we can't read `/etc/os-release` or if it confirms AL2 - Prioritized container OS detection over kernel version detection - Maintained backward compatibility for actual AL2 systems - Added comprehensive test coverage for the new scenarios --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…esh credentials in LSP server (#8089)
This merges the released changes for rc-20250925 into main. MCM-135176338 --------- Co-authored-by: aws-toolkit-automation <>
## Problem 1. timestamp used in LSP path is cross-process, which requires a common starting point, so should use epoch based time instead of `peformance.now()` which starts at process starting point. ## Solution 1. replace all `performance.now` with `Date.now()` --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…le (#8099) ## Problem We need to remove the notifcation pop-up for data sharing toggle in Amazon Q settings ## Solution - removed the toggle https://github.com/user-attachments/assets/6a56de02-26a0-4d28-8190-88d238740e22 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Tai Lai <ctlai95@gmail.com>
## Problem Typo in log statement for Sagemaker Update IAM Credential logic currently prints expiration time ## Solution - Fix typo to show availability of field in credentials - `npm run compile && npm run test` succeeded --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem We removed `/agents` in this PR but the security.scan command was not removed: - #8026 <img width="1206" height="56" alt="Screenshot 2025-09-29 at 10 45 22 AM" src="https://github.com/user-attachments/assets/70db455a-8efe-43f3-94a9-629d094c6d29" /> ## Solution Remove left over code ## Testing Tested and command was removed --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20250929 into main. MCM-135435238 --------- Co-authored-by: aws-toolkit-automation <>
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem The Toolkit login webview throws an error when calling `setUiReady()` because `loadMetadata` is undefined: ``` [error] webviewId="aws.toolkit.AmazonCommonAuth": Error: Webview error -> Error: Webview backend command failed: "setUiReady()" -> TypeError: Cannot read properties of undefined (reading 'start') ``` This occurs because `supportsLoadTelemetry` defaults to false in the base `VueWebview` class, preventing the initialization of `loadMetadata` during webview setup. Without `loadMetadata`, the webview cannot track load timing or emit load telemetry. ## Solution Added one line to enable load telemetry in `ToolkitLoginWebview`. This flag was originally introduced in [e7b7307](e7b7307) to track Amazon Q webview load times and failures. We're now extending this functionality to the Toolkit login webview for consistent telemetry across both implementations. ### Before fix: <img width="2108" height="1109" alt="before-toolkit-auth-webview-error" src="https://github.com/user-attachments/assets/e53fb12b-6966-45ca-bee5-645e48a09cd4" /> Toolkit login webview error showing loadMetadata undefined. This occurs because `supportsLoadTelemetry` defaults to false in the base `VueWebview` class, preventing the initialization of `loadMetadata` during webview setup. Without `loadMetadata`, the webview cannot track load timing or emit load telemetry. The error happens [here](https://github.com/aws/aws-toolkit-vscode/blob/da8fc990bc50689e043ff1d7cbde3615d2d7571e/packages/core/src/webviews/main.ts#L401) when trying to calculate duration: ```typescript const duration = globals.clock.Date.now() - this.loadMetadata!.start ``` ### After fix: Toolkit login webview successfully loading with duration metrics. <img width="2107" height="1115" alt="after-toolkit-auth-webview-with-load-duration" src="https://github.com/user-attachments/assets/0f9d5bf4-dc5b-49de-a76e-776670ef683d" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…nced payload management (#8068) ## Problem Few UI feedback: - Payload is not intuitive - Open Handler should be a button Inconsistent layer behavior ## UI before <img width="921" height="653" alt="image" src="https://github.com/user-attachments/assets/0d7c2f27-78f6-453d-91fb-02ac00f2b043" /> ## Solution This PR refactors the Lambda Remote Invoke UI to follow VSCode's native design patterns, optimizes the codebase by removing unused components, and enhances the payload management experience with integrated quickpick functionality for remote test events. <img width="857" height="899" alt="image" src="https://github.com/user-attachments/assets/1e446174-8cea-43a6-8ef1-44c1c8008c23" /> Update global layer version to 2 ### 🎨 UI/UX Improvements - __Redesigned Remote Debugging section__ to follow VSCode Settings UI pattern - Title with inline "Remove Debug Setup" button and timer info - Checkbox aligned with description on same line for better visual hierarchy - __Redesigned Local Root Path section__ with VSCode Settings style - Added "Open Handler" button with disabled state and helpful tooltips - Shortened button labels to "Browse" and "Download" for cleaner interface - Enhanced descriptions with bold text to guide user actions - __Completely redesigned Payload section__ - Removed radio buttons for cleaner, unified interface - Added button group: "Load sample event", "Load local file", "Load remote event", "Save as remote event" - Improved textarea with monospace font and better sizing ### 🚀 New Features - __VSCode quickpick integration for remote test events__ - `selectRemoteTestEvent()`: Shows native quickpick for loading saved events - `saveRemoteTestEvent()`: Quickpick with options to create new or overwrite existing events - Input validation for event names - Confirmation dialogs for overwriting existing events - __Enhanced error handling__ - Gracefully handles "lambda-testevent-schemas registry not found" error - Returns empty array instead of throwing when no test events exist - Helpful user messages when no events are found - __Force flag support__ for overwriting existing test events - Added `force` parameter to `SamCliRemoteTestEventsParameters` - Automatically uses `--force` when user confirms overwrite ### --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…#8514) ## Problem Console session credentials fail to work properly in two scenarios: 1. After token refresh or profile overwrite: Users encounter "Your session has expired" errors even after successfully running aws login, requiring manual VS Code restart without clear guidance (reported in #8488) 2. Immediate connection use after CLI login: When users try to use a connection immediately after aws login completes, the credential provider was created before the CLI wrote the new login session to disk, causing authentication failures ## Solution - Enhanced makeConsoleSessionCredentialsProvider() to detect stale credential scenarios and prompt for window reload <img width="1409" height="939" alt="final-2-after-succeeds" src="https://github.com/user-attachments/assets/2c0b77be-ea10-4a41-9642-29d637a03110" /> - Added user-friendly messages showing identity ARN after successful login <img width="1408" height="941" alt="final-1-before-retry" src="https://github.com/user-attachments/assets/841721be-525d-4853-8d7a-b49f7d97c272" /> - Improved inline documentation explaining AWS CLI vs SDK credential handling differences - Added handling for does not contain login_session error when provider is created too early - Removed try-catch wrapper when verifying that connection exists after CLI succeeds ## Tradeoffs Reloading the VS Code window is a heavier UX, but it is the only deterministic way to fully reinitialize credential providers and avoid using stale credentials. Reloading guarantees that all in0memory credential providers, Auth state, and AWS SDK clients are fully reinitialized. This avoids subtle, hard-to-debug states where credentials appear refreshed on disk but stale credentials are still used at runtime. The reload is user-initiated via confirmation, not automatic. For future direction, this needs a supported Auth/provider reset mechanism to refresh credentials without requiring a window reload. ## Testing 1. Run `npm run compile` to verify build. 2. Run `npm run package`. Manual verification of end-to-end flow - Verified token refresh flow prompts for reload and works after reload - Tested immediate connection use after aws login triggers appropriate reload prompt - Confirmed profile overwrite scenarios handle credential refresh correctly --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - This setting is no longer used. <img width="1276" height="242" alt="image" src="https://github.com/user-attachments/assets/71c2a761-e849-4058-ac99-41329cd32c28" /> ## Solution - Removing /dev amazonq settings --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20260122 into main. MCM-XXX --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem
After updating AWS CLI for console credentials, the success message
didn't show users which AWS CLI installation the Toolkit was actually
using. This made it unclear whether the update was successful or if
multiple CLI installations existed on the system.
This is particularly problematic for users who encountered repeated
update prompts during console credentials authentication, as they can't
verify if the correct CLI version is being used.
## Solution
- Added child process execution to run the OS-specific command (which on
Unix/macOS, where on Windows) after CLI update
- Retrieved the actual AWS CLI path that the Toolkit uses for console
credentials
- Updated the success message to display: 'AWS CLI updated successfully
to "{path}"'
This helps users immediately verify the CLI installation location and
confirms which CLI binary the Toolkit will use for console login.
### Notes
We make a display message clearer that this is about what the Toolkit
will be used going forward, not necessarily what the installer was just
installed. This helps distinguish between:
- What the installer just updated/installed
- What the Toolkit will actually use (which could be a different
installation if multiple exist)
<img width="1197" height="800" alt="cli-1-detect-need-to-update"
src="https://github.com/user-attachments/assets/f728cec2-7428-4b86-9b65-a06007a248da"
/>
<img width="1199" height="795" alt="cli-2-installer-proceeds"
src="https://github.com/user-attachments/assets/792438b6-9fae-49e7-bbd1-8c52d4a7f414"
/>
<img width="1197" height="799" alt="cli-3-show-path-in-message"
src="https://github.com/user-attachments/assets/3bf6957f-f13f-4c33-a5e3-c0515a0e173c"
/>
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
---------
Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
… adding region to profile (#8522) ## Problem - If a user picks a profile that does not have region entry from the config file, smus tries to update the profile with selected region. But smus is only looking for the profile in credentials file. ## Solution - Look for profile in both config and credentials files when adding region to profile - Use shared parsing method to handle profiles with `profile` prefix ## Test Updating profile with `profile` prefix in config file before ``` [profile configWithProfilePrefix] AWS_ACCESS_KEY_ID=xyz AWS_SECRET_ACCESS_KEY=xyz AWS_SESSION_TOKEN=xyz ``` after ``` [profile configWithProfilePrefix] AWS_ACCESS_KEY_ID=xyz AWS_SECRET_ACCESS_KEY=xyz AWS_SESSION_TOKEN=xyz region = ap-east-1 ``` --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: kzr-at-amazon <build@amazon.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
## Problem Toolkit is using an older Lambda SDK (3.731, latest 3.9xx) due to compatibility issues. This caused new fields introduced in LMI/DAR to be not available in local types and need to be manually bypassed. see: #8392, we need to update lambda SDK to latest version and resolve all the compatibility issues Below is the compatibility issue when trying to upgrade sdk lambda client ``` npm error src/shared/clients/lambdaClient.ts(327,9): error TS2741: Property 'config' is missing in type 'AwsClient' but required in type 'LambdaClient'. npm error src/shared/clients/lambdaClient.ts(328,13): error TS2419: Types of construct signatures are incompatible. npm error Type 'new (...[configuration]: [] | [LambdaClientConfig]) => LambdaClient' is not assignable to type 'new (o: AwsClientOptions) => AwsClient'. npm error Construct signature return types 'LambdaClient' and 'AwsClient' are incompatible. npm error The types of 'middlewareStack.add' are incompatible between these types. npm error Type '{ (middleware: InitializeMiddleware<ServiceInputTypes, ServiceOutputTypes>, options?: (InitializeHandlerOptions & AbsoluteLocation) | undefined): void; (middleware: SerializeMiddleware<...>, options: SerializeHandlerOptions & AbsoluteLocation): void; (middleware: BuildMiddleware<...>, options: BuildHandlerOptions & ...' is not assignable to type '{ (middleware: InitializeMiddleware<any, MetadataBearer>, options?: (InitializeHandlerOptions & AbsoluteLocation) | undefined): void; (middleware: SerializeMiddleware<...>, options: SerializeHandlerOptions & AbsoluteLocation): void; (middleware: BuildMiddleware<...>, options: BuildHandlerOptions & AbsoluteLocation):...'. npm error Types of parameters 'middleware' and 'middleware' are incompatible. npm error Types of parameters 'context' and 'context' are incompatible. npm error Type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/middleware").HandlerExecutionContext' is not assignable to type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/middleware").HandlerExecutionContext'. npm error Types of property '[SMITHY_CONTEXT_KEY]' are incompatible. npm error Type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?:...' is not assignable to type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?: import("/Users/ruojiazh/proj/aws-toolkit-vsc...'. npm error Type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?:...' is not assignable to type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?: import("/Users/ruojiazh/proj/aws-toolkit-vsc...'. npm error Types of property 'commandInstance' are incompatible. npm error Type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined' is not assignable to type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined'. npm error Type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any>' is not assignable to type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any>'. npm error The types of 'middlewareStack.add' are incompatible between these types. npm error Type '{ (middleware: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/middleware").InitializeMiddleware<any, any>, options?: (import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/t...' is not assignable to type '{ (middleware: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/middleware").InitializeMiddleware<any, any>, options?: (import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/middleware").InitializeHandlerOptions & import("/Users/ruojiazh/proj/aws-t...'. npm error Types of parameters 'options' and 'options' are incompatible. npm error Type 'SerializeHandlerOptions & AbsoluteLocation' is not assignable to type '(InitializeHandlerOptions & AbsoluteLocation) | undefined'. npm error Type 'SerializeHandlerOptions & AbsoluteLocation' is not assignable to type 'InitializeHandlerOptions & AbsoluteLocation'. npm error Type 'SerializeHandlerOptions & AbsoluteLocation' is not assignable to type 'InitializeHandlerOptions'. npm error Types of property 'step' are incompatible. npm error Type '"serialize"' is not assignable to type '"initialize"'. ``` ## Reason for Compatibility Error Upgrading @aws-sdk/client-lambda to version 3.953.0+ (which uses Smithy v4) causes TypeScript compilation errors due to module path conflicts. The toolkit's awsClientBuilderV3 uses Smithy v3 types, while the new Lambda client uses Smithy v4 types. Even though the types are structurally identical, TypeScript treats them as incompatible because they're imported from different module paths. ## Solution Added type assertions (as any and as LambdaSdkClient) in lambdaClient.ts to bypass TypeScript's type checking when creating the Lambda client. This allows the new SDK version to work while maintaining runtime compatibility. No new tests are required for the lambdaClient.ts changes because there is no behavior change - The type assertions don't change runtime behavior, only bypass compile-time type checking. The Lambda client functions identically before and after. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Chengjun Li <>
…8537) ## Problem - Users without pre-configured credentials encounter authentication errors when opening Lambda functions from console - Credential mismatches between console account and local profile cause errors even when function is accessible in console: - `ResourceNotFoundException` when function exists in console account but not in local profile account - `AccessDeniedException` when local credentials lack `lambda:GetFunction` permission but console credentials have access ## Solution - Add `setupConsoleConnection()` to encapsulate browser-based AWS CLI `aws login` authentication and use the new connection - Add `getFunctionWithFallback()` to retrieve Lambda configuration with automatic console login fallback - Integrate fallback into `openLambdaFolderForEdit()` to handle missing credentials and credential mismatches - Improve error handling to distinguish credential mismatches and resource access issues - Handle `ResourceNotFoundException` by showing account-specific error message before fallback - Handle `AccessDeniedException` by showing permission error message before fallback ### Screenshots #### Show warning message when Lambda GetFunction API returns ResourceNotFoundException, then automatically proceed with console login flow <img width="461" height="90" alt="Screenshot 2026-01-29 at 12 29 00 AM" src="https://github.com/user-attachments/assets/1c1c700f-5585-4684-bcae-9daa43add315" /> #### Show warning message when Lambda GetFunction API returns AccessDeniedException, then automatically proceed with console login flow <img width="463" height="91" alt="Screenshot 2026-01-29 at 12 28 07 AM" src="https://github.com/user-attachments/assets/dce48127-1cca-406e-b966-ebc615ef5fa6" /> ## Background The Lambda `load-function` URI handler enables a seamless workflow where users can click "Open in Visual Studio Code" from the AWS Lambda console to view, edit, and deploy their Lambda functions directly in their preferred IDE. This feature downloads the function code locally, opens it in VS Code, and allows users to make changes and deploy updates back to AWS—all without leaving their development environment. ## Testing - [X] Tested with no local credentials configured - [X] Tested credential mismatch scenarios: - ResourceNotFoundException (function in console account but not local profile account) - AccessDeniedException (local credentials lack permission, console credentials have access) - [X] Tested user cancellation flow - [X] Test with SSO connection active --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - `Amazon Q: Fix all Errors` feature does not work on warning issues. ## Solution - If user click on `Amazon Q: Fix all Issue` feature from warning issue, Q should fix both errors and warnings. - If user click on `Amazon Q: Fix all Issue` feature from error issue, Q should fix only errors. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20260129 into main. MCM-143408862 --------- Co-authored-by: aws-toolkit-automation <>
…8520) Add support for multi-tenant Lambda functions by introducing a Tenant ID input field in the Local Invoke configuration panel. The field appears conditionally when the SAM template contains TenancyConfig (either at function-level or in Globals section). The tenant ID value is saved in launch.json and passed to SAM CLI when invoking Lambda functions locally. <img width="619" height="862" alt="Screenshot 2026-01-29 at 10 16 29 AM" src="https://github.com/user-attachments/assets/985e01ce-cbcd-4204-a1ce-37ea9c1fca70" /> --------- Co-authored-by: Chengjun Li <>
## Problem Need to add support for AWS SigV4 for the WebSocket URL used to open a remote connection. These parameters, including the cell-number, can contain special characters and must be properly handled. ## Solution Encode all URI query parameters and extract and append AWS signature parameters to the WebSocket URL. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem This is to support the Lambda multi-tenancy feature in toolkit. ## Solution Add conditional Tenant ID field to Remote Invoke panel for multi-tenant Lambda functions. The field appears when function has TenancyConfig and passes the value to AWS Lambda Invoke API. <img width="333" height="381" alt="Screenshot 2026-01-29 at 10 08 54 AM" src="https://github.com/user-attachments/assets/b7048c07-2919-48e9-9bd0-ddfa89660f79" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Chengjun Li <>
## Notes: - Adding change log for aws/language-servers#2610 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
**Description** Added a local cache that will list the last 10 recently used domains during login. The data is stored in the memento storage, which is VSCode's SQLite DB abstraction for storing metadata for extensions. **Motivation** Better UX for login for customers who use multiple domains **Testing Done** Tested locally and also added unit tests ## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Bhargava Varadharajan <vabharga@amazon.com>
This merges the released changes for rc-20260212 into main. MCM-144328882 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
…8586) ## Problem ## Solution `includePlatform` will append a platform surfix `Visual-Studil-Code` --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Description This PR adds support for Cursor IDE by dynamically detecting the editor and using the appropriate Remote SSH extension. ## Changes - Detect Cursor IDE and use appropriate Remote SSH extension (`anysphere.remote-ssh` for Cursor vs `ms-vscode-remote.remote-ssh` for VS Code) - Refactor `VSCODE_EXTENSION_ID.remotessh` to include both `id` and `minVersion` properties - Update all references to use `remotessh.id` instead of direct string access - Remove deprecated `vscodeExtensionMinVersion` object ## Testing - Tested with Cursor IDE - Existing VS Code functionality remains unchanged --------- Co-authored-by: Arkaprava De <arkaprav@amazon.com> Co-authored-by: Newton Der <dernewtz@amazon.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com> Co-authored-by: msgupta <mgupta@onemedical.com> Co-authored-by: Newton Der <newton.der@gmail.com>
…r fails (#8580) ## Problem - #8537 introduced setupConsoleConnection() and getFunctionWithFallback() to handle authentication fallback for Lambda console-to-IDE transitions. - When developers click "Open in VSCode" and their local AWS profile is invalid, toolkit automatically triggers browser-based console login as a fallback. However, console login requires prerequisites that not all developers can complete. When developers cancel console login, the CLI never writes the connection profile to disk. The Toolkit then attempts to use this non-existent connection, resulting in "Connection does not exist" errors. <img width="471" height="265" alt="problem-before-the-fix-connection-does-not-exist" src="https://github.com/user-attachments/assets/fd973ce1-7b28-4474-8b55-b0408c67e0ce" /> ## Solution - Verify connection exists in `setupConsoleConnection()` after "aws.toolkit.auth.consoleLogin" completes - Show warning message with link to [prerequisites documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sign-in.html#cli-configure-sign-in-prerequisites) when connection verification fails - Throw ToolkitError to halt execution and prevent downstream connection usage <img width="1293" height="302" alt="update-message-with-learnmore" src="https://github.com/user-attachments/assets/a1d35f14-4c42-43c1-8417-b6532ed00e9a" /> <img width="1042" height="625" alt="click-learnmore-show-dialog" src="https://github.com/user-attachments/assets/aace3330-4ea8-4bd8-ad24-e8e956f09c45" /> ### Background The Lambda load-function URI handler enables a seamless workflow where users can click "Open in Visual Studio Code" from the AWS Lambda console to view, edit, and deploy their Lambda functions directly in their preferred IDE. This feature downloads the function code locally, opens it in VS Code, and allows users to make changes and deploy updates back to AWS—all without leaving their development environment. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
##Problem Right now, we don't support reconnection from toolkit for hyperpod spaces. ##Solution This PR will add the reconnection functionality which leads to seamless user experience. The duplicate check is failing but we need that code at 2 places, one for initial connection and in detached-server so that when the user closes the main window, detached server is able to provide the seamless user experience. ##Notes Tested the unit test cases and reconnection use cases end to end locally. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: msgupta <mgupta@onemedical.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
## Problem SageMaker Studio currently supports the ability for customers to connect their local VS Code IDE to SageMaker Spaces from the AWS Toolkit extension, but this is not supported for the Kiro IDE due to the Remote SSH extension for VS Code not being supported. ## Solution Merge staged feature enhancement which allows SageMaker Studio customers to connect to Spaces from the Kiro IDE. This includes the sagemaker-ssh-kiro sidecar extension as a scoped-down replacement for the Remote SSH for specifically SageMaker use cases, which will be installed on-demand with user consent when needed during the remote access ingress. This PR includes a changelog entry. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-ides-bot <github-aws-toolkit-automation@amazon.com> Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com> Co-authored-by: Bhargav <bhargavavaradh@gmail.com> Co-authored-by: Bhargava Varadharajan <vabharga@amazon.com> Co-authored-by: kzr <kzr@amazon.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com> Co-authored-by: Sherry Lu <xiaoluk@amazon.com> Co-authored-by: Sherry Lu <75588211+XiaoxuanLu@users.noreply.github.com> Co-authored-by: Dylan Ross <90357952+dylanraws@users.noreply.github.com> Co-authored-by: zulil <31738836+liuzulin@users.noreply.github.com> Co-authored-by: Zulin Liu <zulil@amazon.com> Co-authored-by: Bhavya Sharma <bhavya2109sharma@gmail.com> Co-authored-by: David <60020664+dhasani23@users.noreply.github.com> Co-authored-by: David Hasani <davhasan@amazon.com> Co-authored-by: Arkaprava De <arkaprava08@gmail.com> Co-authored-by: Arkaprava De <arkaprav@amazon.com> Co-authored-by: Keyu Wu <Keyu.Wu.Wky@gmail.com> Co-authored-by: chungjac <chungjac@amazon.com> Co-authored-by: aws-asolidu <asolidu@amazon.com> Co-authored-by: Newton Der <dernewtz@amazon.com> Co-authored-by: Newton Der <newton.der@gmail.com> Co-authored-by: Will Lo <96078566+Will-ShaoHua@users.noreply.github.com> Co-authored-by: Boyu <wangby56@gmail.com> Co-authored-by: atontb <104926752+atonaamz@users.noreply.github.com> Co-authored-by: Richard Li <742829+rli@users.noreply.github.com> Co-authored-by: Shruti Sinha <44882001+shruti0085@users.noreply.github.com> Co-authored-by: Roger Zhang <ruojiazh@amazon.com> Co-authored-by: Tai Lai <ctlai95@gmail.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com> Co-authored-by: BlakeLazarine <blake.l.lazarine@gmail.com> Co-authored-by: Blake Lazarine <blakelaz@amazon.com> Co-authored-by: tobixlea <tobixlea@amazon.com> Co-authored-by: seshubaws <116689586+seshubaws@users.noreply.github.com> Co-authored-by: Keen Wilson <40321520+keenwilson@users.noreply.github.com> Co-authored-by: Bhavya Sharma <bhavyssh@amazon.com> Co-authored-by: satyaki <208557303+satyakigh@users.noreply.github.com> Co-authored-by: Chris Mendoza <chrisqm@amazon.com> Co-authored-by: Kevin DeJong <kddejong@amazon.com> Co-authored-by: Akila Tennakoon <akila.n.tennakoon@gmail.com> Co-authored-by: Akila Tennakoon <tennakoo@amazon.com> Co-authored-by: Deep Furiya <79759607+deepfuriya@users.noreply.github.com> Co-authored-by: Deep Furiya <dfuriya@amazon.com> Co-authored-by: vicheey <181402101+vicheey@users.noreply.github.com> Co-authored-by: Renato Valenzuela <37676028+valerena@users.noreply.github.com> Co-authored-by: Aseem sharma <198968351+aseemxs@users.noreply.github.com> Co-authored-by: Reed Hamilton <reedham@amazon.com> Co-authored-by: Zeeshan Ahmed <37942674+Zee2413@users.noreply.github.com> Co-authored-by: kzr-at-amazon <build@amazon.com> Co-authored-by: Ziwei Ba <ziwikiwi@amazon.com>
…8598) ## Problem When users click “Open in VS Code” from the Lambda console and the request reaches Toolkit without an active connection or with mismatched credentials, Toolkit currently falls back to console credential login (`aws login`) immediately. This triggers a browser-based authentication flow without prior notice. ## Solution This change adds a modal confirmation dialog before invoking `aws login` in these cases. The dialog explains that Toolkit will sign in using browser-based authentication and states the required prerequisites. Users must explicitly choose to continue before the console login flow starts. The prompt: - Explains that signing in is required to open the Lambda function locally - Informs users that browser-based authentication will occur - States the AWS CLI and permission prerequisites - Allows users to explicitly choose whether to proceed This makes the flow intentional, reduces surprise browser redirects, and helps distinguish between informed cancellation and setup issues. ## Screenshots <img width="1197" height="800" alt="Screenshot 2026-02-23 at 3 53 57 PM" src="https://github.com/user-attachments/assets/8e7d0c64-7506-4e13-8ec5-322ca720003f" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: David Hasani <davhasan@amazon.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
… prompt a warning (#8610) ## Problem The SMUS agent context prompt was displayed as an information notification that users were easily overlooking or ignoring. Additionally, there was no telemetry to track how users responded to the prompt (accepted, declined, or dismissed), making it impossible to measure engagement. ## Solution Changed the prompt from showInformationMessage to showWarningMessage for higher visibility. Added telemetry using smus_acceptAgentsNotification to track whether users accept, decline, or dismiss the prompt. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Ziwei Ba <ziwikiwi@amazon.com>
… for MCP servers (#8608) ## Problem Kiro struggles to troubleshoot credential issues when MCP server doesn't have the proper credentials environment variable, even though it's mentioned in the smus-context file. ## Solution Add a prompt to smus-context.md to include credentials provider uri in MCP server env block. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: kzr-at-amazon <build@amazon.com>
… user choice (#8611) ## Problem Previously, we emitted a metric when a user chooses Yes, No, or closes out of the prompt. However, sometimes the notification is buried or goes to the little notification bell. We also want to see if users will actually see the prompt. ## Solution - Changed existing agent context metric to two metrics: - smus_agentContextShowPrompt — emitted when the prompt is displayed - smus_agentContextUserChoice — emitted when the user accepts, declines, or dismisses the prompt - Both metrics include rich context: domain ID, account ID, region, project ID, project account ID, project region, space key, and auth mode. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Ziwei Ba <ziwikiwi@amazon.com>
…#8620) ## Problem The `sagemaker-ssh-kiro` extension VSIX is showing up in the release artifacts for prerelease, but we don't want it to show there. It's intended only to be embedded inside of the toolkit VSIX. ## Solution Remove the `sagemaker-ssh-kiro` extension VSIX from the top level file system during the GitHub Action workflow step which packages the VSIX files. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem Did not include "Result: Success" in the emitted metric for showing the AGENTS.md prompt, which resulted in a warning when logging the metric. ## Solution Added this missing field. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Ziwei Ba <ziwikiwi@amazon.com> Co-authored-by: Will Lo <96078566+Will-ShaoHua@users.noreply.github.com>
…state (#8599) ## Problem ## Solution simply revert to whatever document initial content is --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
) ## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automatic merge failed
Command line hint
To perform the merge from the command line, you could do something like the following (where "origin" is the name of the remote in your local git repo):