Merge main into feature/mono-repo

Author: aws-toolkit-automation

chat-client/package.json

@@ -25,7 +25,7 @@
     },
     "dependencies": {
         "@aws/chat-client-ui-types": "0.1.68",
-        "@aws/language-server-runtimes": "^0.3.16",
+        "@aws/language-server-runtimes": "^0.3.17",
         "@aws/language-server-runtimes-types": "^0.1.64",
         "@aws/mynah-ui": "^4.40.1"
     },

package-lock.json

@@ -38,7 +38,7 @@
         "@aws-sdk/util-arn-parser": "^3.723.0",
         "@aws-sdk/util-retry": "^3.374.0",
         "@aws/chat-client-ui-types": "0.1.68",
-        "@aws/language-server-runtimes": "^0.3.16",
+        "@aws/language-server-runtimes": "^0.3.17",
         "@aws/lsp-core": "^0.0.21",
         "@modelcontextprotocol/sdk": "^1.23.0",
         "@mozilla/readability": "^0.6.0",

server/aws-lsp-codewhisperer/package.json

@@ -0,0 +1,153 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates.
+ * All Rights Reserved. SPDX-License-Identifier: Apache-2.0
+ */
+
+import { expect } from 'chai'
+import * as fs from 'fs'
+import * as os from 'os'
+import * as path from 'path'
+import { fingerprintServerConfig, fingerprintWorkspace, hasApproval, recordApproval } from './mcpConsentStore'
+import type { MCPServerConfig } from './mcpTypes'
+
+describe('mcpConsentStore', () => {
+    let tmpHome: string
+    let workspace: any
+    let logger: any
+
+    beforeEach(() => {
+        tmpHome = fs.mkdtempSync(path.join(os.tmpdir(), 'mcpConsentTest-'))
+        workspace = {
+            fs: {
+                exists: (p: string) => Promise.resolve(fs.existsSync(p)),
+                readFile: (p: string) => Promise.resolve(Buffer.from(fs.readFileSync(p))),
+                writeFile: (p: string, d: string) => Promise.resolve(fs.writeFileSync(p, d)),
+                mkdir: (p: string, _opts: any) => Promise.resolve(fs.mkdirSync(p, { recursive: true })),
+                getUserHomeDir: () => tmpHome,
+            },
+        }
+        logger = { warn: () => {}, info: () => {}, error: () => {} }
+    })
+
+    afterEach(() => {
+        fs.rmSync(tmpHome, { recursive: true, force: true })
+    })
+
+    describe('fingerprintServerConfig', () => {
+        it('is deterministic for identical config', () => {
+            const cfg: MCPServerConfig = { command: 'sh', args: ['-c', 'echo hi'] }
+            expect(fingerprintServerConfig(cfg)).to.equal(fingerprintServerConfig({ ...cfg }))
+        })
+
+        it('differs when command changes', () => {
+            const a: MCPServerConfig = { command: 'sh', args: ['-c', 'echo hi'] }
+            const b: MCPServerConfig = { command: 'bash', args: ['-c', 'echo hi'] }
+            expect(fingerprintServerConfig(a)).to.not.equal(fingerprintServerConfig(b))
+        })
+
+        it('differs when args change', () => {
+            const a: MCPServerConfig = { command: 'sh', args: ['-c', 'echo hi'] }
+            const b: MCPServerConfig = { command: 'sh', args: ['-c', 'echo bye'] }
+            expect(fingerprintServerConfig(a)).to.not.equal(fingerprintServerConfig(b))
+        })
+
+        it('differs when env changes', () => {
+            const a: MCPServerConfig = { command: 'sh', args: [], env: { FOO: '1' } }
+            const b: MCPServerConfig = { command: 'sh', args: [], env: { FOO: '2' } }
+            expect(fingerprintServerConfig(a)).to.not.equal(fingerprintServerConfig(b))
+        })
+
+        it('is stable regardless of env key order', () => {
+            const a: MCPServerConfig = { command: 'sh', args: [], env: { A: '1', B: '2' } }
+            const b: MCPServerConfig = { command: 'sh', args: [], env: { B: '2', A: '1' } }
+            expect(fingerprintServerConfig(a)).to.equal(fingerprintServerConfig(b))
+        })
+
+        it('differs when url changes', () => {
+            const a: MCPServerConfig = { url: 'https://a.example' }
+            const b: MCPServerConfig = { url: 'https://b.example' }
+            expect(fingerprintServerConfig(a)).to.not.equal(fingerprintServerConfig(b))
+        })
+    })
+
+    describe('fingerprintWorkspace', () => {
+        it('is keyed on the directory of the config, not the filename', () => {
+            const a = fingerprintWorkspace('/foo/bar/.amazonq/mcp.json')
+            const b = fingerprintWorkspace('/foo/bar/.amazonq/agents/default.json')
+            // both live under /foo/bar/.amazonq's parent-dir once; path.dirname differs though
+            expect(a).to.not.equal(b)
+        })
+
+        it('is deterministic for the same path', () => {
+            const p = '/foo/bar/.amazonq/mcp.json'
+            expect(fingerprintWorkspace(p)).to.equal(fingerprintWorkspace(p))
+        })
+    })
+
+    describe('hasApproval / recordApproval', () => {
+        const cfg: MCPServerConfig = { command: 'sh', args: ['-c', 'echo ok'] }
+        const configPath = '/tmp/ws-a/.amazonq/mcp.json'
+
+        it('returns false when store is empty', async () => {
+            expect(await hasApproval(workspace, logger, 'poc', cfg, configPath)).to.be.false
+        })
+
+        it('records and finds an approval for same (name, config, workspace)', async () => {
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            expect(await hasApproval(workspace, logger, 'poc', cfg, configPath)).to.be.true
+        })
+
+        it('does not match when workspace path differs', async () => {
+            await recordApproval(workspace, logger, 'poc', cfg, '/tmp/ws-a/.amazonq/mcp.json')
+            expect(await hasApproval(workspace, logger, 'poc', cfg, '/tmp/ws-b/.amazonq/mcp.json')).to.be.false
+        })
+
+        it('does not match when command changes (fingerprint invalidates)', async () => {
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            const mutated: MCPServerConfig = { command: 'sh', args: ['-c', 'curl evil'] }
+            expect(await hasApproval(workspace, logger, 'poc', mutated, configPath)).to.be.false
+        })
+
+        it('does not match when server name differs', async () => {
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            expect(await hasApproval(workspace, logger, 'other', cfg, configPath)).to.be.false
+        })
+
+        it('dedupes repeated approvals for the same key', async () => {
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            const stored = JSON.parse(
+                fs.readFileSync(path.join(tmpHome, '.aws', 'amazonq', 'mcp-approvals.json')).toString()
+            )
+            expect(stored.approvals).to.have.lengthOf(1)
+        })
+
+        it('evicts stale entry when config changes for same server and workspace', async () => {
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            const mutated: MCPServerConfig = { command: 'sh', args: ['-c', 'echo changed'] }
+            await recordApproval(workspace, logger, 'poc', mutated, configPath)
+            const stored = JSON.parse(
+                fs.readFileSync(path.join(tmpHome, '.aws', 'amazonq', 'mcp-approvals.json')).toString()
+            )
+            // Should have exactly 1 entry — the old fingerprint was evicted
+            expect(stored.approvals).to.have.lengthOf(1)
+            expect(stored.approvals[0].fingerprint).to.equal(fingerprintServerConfig(mutated))
+        })
+
+        it('ignores a store with unrecognized version', async () => {
+            const storeDir = path.join(tmpHome, '.aws', 'amazonq')
+            fs.mkdirSync(storeDir, { recursive: true })
+            fs.writeFileSync(path.join(storeDir, 'mcp-approvals.json'), JSON.stringify({ version: 999, approvals: [] }))
+            // record should still work (overwrites with v1)
+            await recordApproval(workspace, logger, 'poc', cfg, configPath)
+            expect(await hasApproval(workspace, logger, 'poc', cfg, configPath)).to.be.true
+        })
+
+        it('treats a malformed store as empty', async () => {
+            const storeDir = path.join(tmpHome, '.aws', 'amazonq')
+            fs.mkdirSync(storeDir, { recursive: true })
+            fs.writeFileSync(path.join(storeDir, 'mcp-approvals.json'), 'not json')
+            expect(await hasApproval(workspace, logger, 'poc', cfg, configPath)).to.be.false
+        })
+    })
+})

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpConsentStore.test.ts

@@ -0,0 +1,114 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates.
+ * All Rights Reserved. SPDX-License-Identifier: Apache-2.0
+ */
+
+import { createHash } from 'crypto'
+import * as path from 'path'
+import type { Workspace, Logging } from '@aws/language-server-runtimes/server-interface'
+import type { MCPServerConfig } from './mcpTypes'
+
+const APPROVALS_FILE = 'mcp-approvals.json'
+const STORE_VERSION = 1
+
+interface Approval {
+    serverName: string
+    fingerprint: string
+    workspaceHash: string
+    approvedAt: string
+}
+
+interface ApprovalStore {
+    version: number
+    approvals: Approval[]
+}
+
+/**
+ * SHA-256 of a canonical JSON form of the server's execution-relevant fields.
+ * Any change to command/args/env/url yields a new fingerprint, invalidating
+ * prior approvals — so mutation of the config re-prompts.
+ */
+export function fingerprintServerConfig(cfg: MCPServerConfig): string {
+    const canonical = {
+        command: cfg.command ?? null,
+        args: cfg.args ?? [],
+        env: cfg.env ? Object.fromEntries(Object.entries(cfg.env).sort(([a], [b]) => a.localeCompare(b))) : {},
+        url: cfg.url ?? null,
+    }
+    return 'sha256:' + createHash('sha256').update(JSON.stringify(canonical)).digest('hex')
+}
+
+/** Hash of the workspace path so approval is scoped to (workspace, config).
+ *  Normalizes the path to forward slashes for cross-platform consistency. */
+export function fingerprintWorkspace(configPath: string): string {
+    const normalized = path.resolve(path.dirname(configPath)).replace(/\\/g, '/')
+    return 'sha256:' + createHash('sha256').update(normalized).digest('hex')
+}
+
+function getStorePath(workspace: Workspace): string {
+    return path.join(workspace.fs.getUserHomeDir(), '.aws', 'amazonq', APPROVALS_FILE)
+}
+
+async function readStore(workspace: Workspace, logging: Logging): Promise<ApprovalStore> {
+    const file = getStorePath(workspace)
+    try {
+        if (!(await workspace.fs.exists(file))) {
+            return { version: STORE_VERSION, approvals: [] }
+        }
+        const raw = (await workspace.fs.readFile(file)).toString()
+        const parsed = JSON.parse(raw) as ApprovalStore
+        if (parsed?.version !== STORE_VERSION || !Array.isArray(parsed.approvals)) {
+            logging.warn(`MCP consent store: unrecognized format at ${file}, treating as empty`)
+            return { version: STORE_VERSION, approvals: [] }
+        }
+        return parsed
+    } catch (e: any) {
+        logging.warn(`MCP consent store: failed to read ${file}: ${e?.message}`)
+        return { version: STORE_VERSION, approvals: [] }
+    }
+}
+
+async function writeStore(workspace: Workspace, logging: Logging, store: ApprovalStore): Promise<void> {
+    const file = getStorePath(workspace)
+    try {
+        await workspace.fs.mkdir(path.dirname(file), { recursive: true })
+        await workspace.fs.writeFile(file, JSON.stringify(store, null, 2))
+    } catch (e: any) {
+        logging.warn(`MCP consent store: failed to write ${file}: ${e?.message}`)
+    }
+}
+
+export async function hasApproval(
+    workspace: Workspace,
+    logging: Logging,
+    serverName: string,
+    cfg: MCPServerConfig,
+    configPath: string
+): Promise<boolean> {
+    const store = await readStore(workspace, logging)
+    const fp = fingerprintServerConfig(cfg)
+    const wh = fingerprintWorkspace(configPath)
+    return store.approvals.some(a => a.serverName === serverName && a.fingerprint === fp && a.workspaceHash === wh)
+}
+
+export async function recordApproval(
+    workspace: Workspace,
+    logging: Logging,
+    serverName: string,
+    cfg: MCPServerConfig,
+    configPath: string
+): Promise<void> {
+    const store = await readStore(workspace, logging)
+    const fp = fingerprintServerConfig(cfg)
+    const wh = fingerprintWorkspace(configPath)
+    // Replace any prior approval for the same (server, workspace) — this evicts
+    // stale entries when the config changes (fingerprint differs).
+    store.approvals = store.approvals.filter(a => !(a.serverName === serverName && a.workspaceHash === wh))
+    store.approvals.push({
+        serverName,
+        fingerprint: fp,
+        workspaceHash: wh,
+        approvedAt: new Date().toISOString(),
+    })
+    await writeStore(workspace, logging, store)
+}