Adds Amazon Bedrock as an LLM provider with AWS credential management and UI integration. #768
Conversation
dosubot
bot
added
size:L
Agastya18
force-pushed
the
feat/bedrock-provider
branch
from
82a108c to
01c793d
Compare
WalkthroughThis pull request introduces Amazon Bedrock as a new AI model provider. Changes include a new BedrockConfigDialog component for configuring AWS credentials, updates to the provider keys hook to manage Bedrock region and secret key, integration with model availability logic, backend support for creating Bedrock LLM instances, two new Bedrock models (DeepSeek v3 and Qwen 3 Coder 480B), and the addition of the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (5)
shared/chat-v2.ts (1)
13-14: Consider adding region validation.While the optional fields are appropriately typed, consider validating
bedrockRegionagainst a known set of AWS regions (either via TypeScript union type or runtime validation) to catch configuration errors early.Example with TypeScript union:
+type AWSRegion = + | "us-east-1" + | "us-west-2" + | "eu-west-1" + // ... add all 16 supported regions + | string; // Allow custom regions for flexibility export interface ChatV2Request { messages: UIMessage[]; model?: ModelDefinition; modelId?: string; systemPrompt?: string; temperature?: number; apiKey?: string; ollamaBaseUrl?: string; litellmBaseUrl?: string; - bedrockRegion?: string; + bedrockRegion?: AWSRegion; bedrockSecretKey?: string; }client/src/components/chat/chat-helpers.ts (1)
17-17: LGTM!Bedrock provider correctly integrated with logo and color theming, following the established pattern for other providers.
Note: This file and
client/src/components/chat-v2/chat-helpers.tscontain identical logic for provider mappings. Consider consolidating if these helpers will continue to diverge or duplicate.Also applies to: 72-73, 110-111
client/src/components/SettingsTab.tsx (1)
106-114: Consider more generic model description.The hardcoded model list "Claude 3.5, Llama 3, Mistral models" may become outdated as Bedrock adds support for new models. Consider a more general description like "AWS Bedrock models" or "Models available via AWS Bedrock."
server/utils/chat-helpers.ts (1)
65-70: Consider sanitizing validation error messages.The error message reveals the exact format validation rules ("should start with AKIA or ASIA"). While helpful for debugging, exposing validation logic in production could aid attackers. Consider:
- Using generic error messages in production: "Invalid AWS credentials format."
- Logging detailed errors server-side while returning generic messages to clients.
- Including detailed errors only in development mode.
Based on coding guidelines (server/**/*.ts requires safe error messages).
client/src/components/setting/BedrockConfigDialog.tsx (1)
33-54: All listed regions support Bedrock, but the list is incomplete.As of October 30, 2025, Amazon Bedrock is supported in 30 AWS regions, but your list includes only 16. Missing regions include South America (São Paulo), Europe (Milan, Spain, Zurich), Israel (Tel Aviv), Middle East (UAE), and several Asia Pacific regions (Hyderabad, Jakarta, Taipei, Malaysia, Thailand, Melbourne).
Consider expanding the region list to include all supported regions so users aren't artificially limited.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
client/public/bedrock_logo.pngis excluded by!**/*.pngserver/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (15)
client/src/components/ChatTab.tsx(1 hunks)client/src/components/ChatTabV2.tsx(2 hunks)client/src/components/SettingsTab.tsx(7 hunks)client/src/components/chat-v2/chat-helpers.ts(3 hunks)client/src/components/chat-v2/model-helpers.ts(1 hunks)client/src/components/chat/chat-helpers.ts(3 hunks)client/src/components/setting/BedrockConfigDialog.tsx(1 hunks)client/src/hooks/use-ai-provider-keys.ts(6 hunks)client/src/hooks/use-chat.ts(4 hunks)server/package.json(1 hunks)server/routes/mcp/chat-v2.ts(1 hunks)server/routes/mcp/chat.ts(2 hunks)server/utils/chat-helpers.ts(3 hunks)shared/chat-v2.ts(1 hunks)shared/types.ts(3 hunks)
🧰 Additional context used
📓 Path-based instructions (13)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Prefer interfaces for defining object shapes
Constrain generics with appropriate type bounds
Use type guards to narrow unknown or union types before usage
Enforce import ordering consistently
**/*.{ts,tsx}: Prefer named exports in TypeScript modules
Use 2-space indentation
Declare types and interfaces using PascalCase
Files:
client/src/components/ChatTab.tsxclient/src/components/chat-v2/model-helpers.tsserver/utils/chat-helpers.tsshared/chat-v2.tsclient/src/components/chat-v2/chat-helpers.tsclient/src/components/chat/chat-helpers.tsclient/src/hooks/use-chat.tsserver/routes/mcp/chat-v2.tsclient/src/components/setting/BedrockConfigDialog.tsxclient/src/hooks/use-ai-provider-keys.tsclient/src/components/SettingsTab.tsxshared/types.tsserver/routes/mcp/chat.tsclient/src/components/ChatTabV2.tsx
client/src/**/*.tsx
📄 CodeRabbit inference engine (CLAUDE.md)
Follow consistent React component structure in the frontend
Files:
client/src/components/ChatTab.tsxclient/src/components/setting/BedrockConfigDialog.tsxclient/src/components/SettingsTab.tsxclient/src/components/ChatTabV2.tsx
client/src/{app,components}/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
client/src/{app,components}/**/*.tsx: Use React functional components with React.FC typing for all UI components and pages
Define explicit Props interfaces for components, including proper children prop handling
Type event handlers with React-provided types (e.g., React.MouseEvent, FormEvent)
Follow React 19 patterns: hooks-centric components, Suspense and Error Boundaries where appropriate, and concurrent features
Maintain component isolation: avoid excessive prop drilling, use Context wisely, favor composition, and optimize renders
Build responsive layouts using the established Tailwind breakpoint system, grids, flex, and container queries
Ensure accessibility: proper ARIA attributes, keyboard navigation, focus management, and screen reader support
Files:
client/src/components/ChatTab.tsxclient/src/components/setting/BedrockConfigDialog.tsxclient/src/components/SettingsTab.tsxclient/src/components/ChatTabV2.tsx
client/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Implement strict TypeScript types: strict prop types, event types, state interfaces, and utility types
In client code, use the @/ alias for imports
Files:
client/src/components/ChatTab.tsxclient/src/components/chat-v2/model-helpers.tsclient/src/components/chat-v2/chat-helpers.tsclient/src/components/chat/chat-helpers.tsclient/src/hooks/use-chat.tsclient/src/components/setting/BedrockConfigDialog.tsxclient/src/hooks/use-ai-provider-keys.tsclient/src/components/SettingsTab.tsxclient/src/components/ChatTabV2.tsx
client/src/{app,components,hooks}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use React hooks for local state: apply useState/useReducer patterns, create custom hooks, and always clean up effects
Files:
client/src/components/ChatTab.tsxclient/src/components/chat-v2/model-helpers.tsclient/src/components/chat-v2/chat-helpers.tsclient/src/components/chat/chat-helpers.tsclient/src/hooks/use-chat.tsclient/src/components/setting/BedrockConfigDialog.tsxclient/src/hooks/use-ai-provider-keys.tsclient/src/components/SettingsTab.tsxclient/src/components/ChatTabV2.tsx
client/src/components/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use Radix UI primitives for dialogs, dropdowns, form controls, and tooltips
React components in client/src/components should be functional and saved as PascalCase.tsx files
Files:
client/src/components/ChatTab.tsxclient/src/components/setting/BedrockConfigDialog.tsxclient/src/components/SettingsTab.tsxclient/src/components/ChatTabV2.tsx
server/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/**/*.ts: Implement robust error handling with safe error messages and log sanitization
Set appropriate security headers for backend responses
Apply rate limiting and backoff strategies to protect APIsUse TypeScript for all backend source files
Files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
shared/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Place shared types and utilities in the shared/ directory for reuse by client and server
Files:
shared/chat-v2.tsshared/types.ts
client/src/{hooks/llm,components/chat}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Handle response streaming: token processing, UI updates, cancellation, and error states
Files:
client/src/components/chat/chat-helpers.ts
server/routes/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/routes/**/*.ts: Validate server responses (schema, content, status codes, headers) in route handlers
Perform input validation on incoming requests (types, sanitization, size, format)
Files:
server/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
server/{app.ts,routes/**/*.ts}
📄 CodeRabbit inference engine (server/CLAUDE.md)
Use Hono.js for API routing and middleware in the app setup and all route handlers
Files:
server/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts}
📄 CodeRabbit inference engine (server/CLAUDE.md)
Implement MCP protocol using Mastra (@mastra/core, @mastra/mcp) for MCP handling, helpers, and types
Files:
server/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
server/routes/mcp/**/*.ts
📄 CodeRabbit inference engine (server/CLAUDE.md)
Place all MCP protocol handlers under server/routes/mcp
Files:
server/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
🧠 Learnings (12)
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{app/chat,components/chat}/**/*.tsx : Implement real-time chat: message components, input handling, stream rendering, and history management
Applied to files:
client/src/components/ChatTab.tsxserver/routes/mcp/chat.tsclient/src/components/ChatTabV2.tsx
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage AI model state: model selection, generation parameters, stream management, and history persistence
Applied to files:
client/src/components/ChatTab.tsxclient/src/components/chat-v2/model-helpers.tsserver/utils/chat-helpers.tsclient/src/hooks/use-chat.tsserver/routes/mcp/chat-v2.tsserver/routes/mcp/chat.tsclient/src/components/ChatTabV2.tsx
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement OpenAI integration with a dedicated API client, model configuration, robust response handling, and error recovery
Applied to files:
server/utils/chat-helpers.tsclient/src/hooks/use-chat.tsserver/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
PR: MCPJam/inspector#0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/openai/**/*.ts : Keep OpenAI integration (client setup, model management, streaming, errors) under server/routes/llm/openai
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Support Ollama local models: local setup, model management, inference options, and resource control
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.tsserver/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
PR: MCPJam/inspector#0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/types/llm.ts : Define LLM types in server/types/llm.ts
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage chat context: track window size/tokens, prune context, and persist state
Applied to files:
client/src/hooks/use-chat.tsserver/routes/mcp/chat.tsclient/src/components/ChatTabV2.tsx
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,components/chat}/**/*.{ts,tsx} : Handle response streaming: token processing, UI updates, cancellation, and error states
Applied to files:
client/src/hooks/use-chat.tsserver/routes/mcp/chat.tsclient/src/components/ChatTabV2.tsx
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/mcp,stores/{chat,servers}}/**/*.{ts,tsx} : Synchronize MCP state: track connections, requests, responses, and errors consistently
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement Anthropic Claude integration: authentication flow, request formatting, stream processing, and rate limiting
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
PR: MCPJam/inspector#0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/**/*.ts : Implement LLM response handling (stream processing, token counting, format validation, safety checks) within LLM route files
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{components/servers,hooks/{mcp,transport}}/**/*.{ts,tsx} : Provide transport selection UIs and logic: protocol options, configuration forms, validation rules, and presets
Applied to files:
client/src/components/ChatTabV2.tsx
🧬 Code graph analysis (2)
server/utils/chat-helpers.ts (1)
evals-cli/dist/index.js (1)
apiKey(8020-8020)
client/src/components/SettingsTab.tsx (1)
client/src/components/setting/BedrockConfigDialog.tsx (1)
BedrockConfigDialog(56-173)
🔇 Additional comments (28)
client/src/components/chat-v2/model-helpers.ts (1)
49-49: LGTM!Bedrock provider correctly integrated into the providerHasKey mapping, following the established pattern for cloud providers.
client/src/components/ChatTabV2.tsx (1)
46-47: LGTM!Bedrock credentials correctly integrated into transport flow, following the established pattern for provider-specific configuration (e.g.,
ollamaBaseUrl). Dependency array properly updated to rebuild transport on credential changes.Also applies to: 101-102, 106-114
client/src/components/chat-v2/chat-helpers.ts (1)
17-17: LGTM!Bedrock provider logo and color mappings correctly implemented, consistent with other providers.
Also applies to: 72-73, 110-111
client/src/components/ChatTab.tsx (1)
349-356: Asset verified.The logo file exists at
client/public/bedrock_logo.pngand the path reference in the code is correct.server/routes/mcp/chat-v2.ts (1)
197-204: Credential validation is properly implemented with secure logging.The
createLlmModelfunction validates AWS credentials comprehensively before Bedrock client initialization: it confirms presence of both accessKeyId and secretAccessKey, validates accessKeyId format (AKIA/ASIA prefix), and verifies secretAccessKey length (40 characters). Error messages expose no credential values. Logging safely masks the access key (first 8 chars only) and never logs the secret key.server/package.json (1)
12-12: Version v3.0.49 confirmed—no vulnerabilities detected.The package exists and is current as of today, with no known security advisories in the npm registry.
server/routes/mcp/chat.ts (2)
50-51: LGTM: Clean interface extension for Bedrock credentials.The optional fields follow the established pattern for provider-specific configuration.
842-843: Verify credential handling—sanitize bedrockSecretKey in error messages and logs.Avoid logging sensitive information like passwords or credentials. The
bedrockSecretKeypassed tocreateLlmModel(lines 842–843) must be sanitized before any logging occurs. Verify that:
- Error handlers don't inadvertently expose this credential in stack traces or error objects
- The
createLlmModelfunction inserver/utils/chat-helpers.tssanitizes credentials before throwing errors or loggingclient/src/hooks/use-chat.ts (4)
49-50: LGTM: Clean integration with provider keys.
182-182: LGTM: Bedrock availability check properly integrated.The
hasToken("bedrock")check correctly validates both access key and secret key presence (verified in use-ai-provider-keys.ts lines 127-133).
247-248: LGTM: Proper dependency tracking for Bedrock tokens.
471-472: Confirm HTTPS enforcement for credential transmission.The
bedrockSecretKeyis transmitted in the request body to/api/mcp/chat. Ensure that:
- The application enforces HTTPS in production to protect credentials in transit.
- Consider whether these credentials should be stored server-side (environment variables or secure credential store) rather than transmitted with each request.
Based on coding guidelines (server/**/*.ts security requirements).
client/src/components/SettingsTab.tsx (4)
8-8: LGTM: Clean imports and provider key integration.Also applies to: 35-38
118-121: LGTM: Proper routing for multi-field Bedrock configuration.
225-247: LGTM: Complete Bedrock configuration workflow.The edit/save/cancel handlers and dialog integration follow established patterns and properly manage state lifecycle.
Also applies to: 324-336
156-159: No issues found with credential cleanup.The deletion handler properly clears all three Bedrock credentials:
clearToken("bedrock")clears the access key viatokens.bedrock, andsetBedrockSecretKey("")andsetBedrockRegion("")clear the remaining credentials. TheclearTokenimplementation inuse-ai-provider-keys.tssetstokens[provider] = "", confirming the access key is properly removed.Likely an incorrect or invalid review comment.
server/utils/chat-helpers.ts (1)
2-2: LGTM: Clean signature extension for Bedrock support.Also applies to: 16-17
shared/types.ts (3)
112-113: LGTM: Bedrock provider added to type system.
191-193: LGTM: Bedrock model definitions with clear naming.
365-376: LGTM: Bedrock models properly registered with distinguishing suffix.The "(Bedrock)" suffix in model names clearly indicates AWS-hosted variants.
client/src/hooks/use-ai-provider-keys.ts (5)
16-18: LGTM: Clean interface extensions for Bedrock credentials.Also applies to: 36-39
57-59: LGTM: Sensible defaults for Bedrock credentials.
us-east-1is an appropriate default region.
127-133: LGTM: Proper compound validation for AWS credentials.Correctly validates both access key and secret key presence.
199-219: LGTM: Consistent getter/setter implementations.
236-239: LGTM: Complete public API for Bedrock credentials.client/src/components/setting/BedrockConfigDialog.tsx (3)
1-31: LGTM: Clean component interface and imports.
157-169: LGTM: Proper form validation and user experience.The disabled state on the Save button prevents invalid submissions.
74-78: Asset verified—no action required.The Bedrock logo exists at
./client/public/bedrock_logo.png, so the path/bedrock_logo.pngin the component correctly resolves at runtime.
| onClick={() => | ||
| window.open( | ||
| "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html", | ||
| "_blank", | ||
| ) |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Consider security implications of window.open.
Using window.open without rel="noopener noreferrer" can expose the opening page to the opened window via window.opener. For external links, this creates security risks.
Apply this diff:
<button
onClick={() =>
- window.open(
+ window.open(
"https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html",
"_blank",
+ "noopener,noreferrer"
)
}
className="underline hover:no-underline"
>Alternatively, use an <a> tag with target="_blank" rel="noopener noreferrer" for better accessibility.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| onClick={() => | |
| window.open( | |
| "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html", | |
| "_blank", | |
| ) | |
| <button | |
| onClick={() => | |
| window.open( | |
| "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html", | |
| "_blank", | |
| "noopener,noreferrer" | |
| ) | |
| } | |
| className="underline hover:no-underline" | |
| > |
🤖 Prompt for AI Agents
In client/src/components/setting/BedrockConfigDialog.tsx around lines 143 to
147, the onClick handler uses window.open to open an external URL without
setting rel="noopener noreferrer", which exposes window.opener to the opened
page; replace the window.open call with a safe approach: either create an anchor
element and call anchor.click() with target="_blank" and rel="noopener
noreferrer", or use window.open and immediately set the opened window's opener
to null (e.g., const w = window.open(url, "_blank"); if (w) w.opener = null), or
preferably render an <a> with target="_blank" rel="noopener noreferrer" for
accessibility and security.
01c793d to
bc00b45
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
server/utils/chat-helpers.ts (1)
72-77: Strict secret key length validation still rejects valid AWS STS credentials.AWS does not guarantee a fixed 40-character length for SecretAccessKey from STS. This validation blocks legitimate temporary credentials.
Apply this diff to accept a reasonable range:
- // Validate Secret Access Key length (should be 40 characters) - if (secretAccessKey.length !== 40) { + // Validate Secret Access Key length (AWS keys typically 20-50 characters) + if (secretAccessKey.length < 20 || secretAccessKey.length > 50) { throw new Error( - `Invalid AWS Secret Access Key length. Expected 40 characters, got ${secretAccessKey.length}`, + `Invalid AWS Secret Access Key length. Expected 20-50 characters, got ${secretAccessKey.length}`, ); }
🧹 Nitpick comments (4)
server/routes/mcp/chat-v2.ts (1)
202-203: Consider destructuring Bedrock parameters for consistency.While functionally correct,
body.bedrockRegionandbody.bedrockSecretKeyare accessed directly rather than destructured at line 26 alongsideapiKey,model, etc.Apply this diff for consistency:
- const { messages, apiKey, model, systemPrompt, temperature } = body; + const { messages, apiKey, model, systemPrompt, temperature, bedrockRegion, bedrockSecretKey } = body;Then update lines 202-203:
body.ollamaBaseUrl, body.litellmBaseUrl, - body.bedrockRegion, - body.bedrockSecretKey, + bedrockRegion, + bedrockSecretKey,client/src/components/chat-v2/chat-helpers.ts (1)
110-111: Consider a distinct color for Bedrock.The orange-500 shade matches Mistral's provider color (line 97), which may hinder visual distinction in multi-provider contexts.
Apply this diff to use a unique amber tone:
case "bedrock": - return "text-orange-500 dark:text-orange-400"; + return "text-amber-600 dark:text-amber-400";client/src/components/SettingsTab.tsx (1)
106-114: Update provider description to reflect supported models.The description mentions "Claude 3.5, Llama 3, Mistral models" but the PR adds DeepSeek v3 and Qwen 3 Coder 480B (per shared/types.ts lines 368-375). Consider updating the description to match the actual model offerings or use a more generic description.
Apply this diff:
{ id: "bedrock", name: "Amazon Bedrock", logo: "/bedrock_logo.png", logoAlt: "Amazon Bedrock", - description: "Claude 3.5, Llama 3, Mistral models on AWS Bedrock", + description: "DeepSeek, Qwen, and other models on AWS Bedrock", placeholder: "AWS Access Key ID", getApiKeyUrl: "https://console.aws.amazon.com/iam/", },client/src/components/setting/BedrockConfigDialog.tsx (1)
96-103: Consider client-side validation for AWS Access Key ID format.While server-side validation exists, adding client-side format validation would improve user experience by providing immediate feedback. AWS Access Key IDs follow a specific pattern: they start with "AKIA" or "ASIA" and are 20 characters long.
Add validation helper and update the input:
+const isValidAccessKeyId = (key: string): boolean => { + return /^(AKIA|ASIA)[A-Z0-9]{16}$/.test(key); +};Then update the Save button's disabled condition at line 163:
<Button onClick={onSave} disabled={ - !accessKeyId.trim() || !secretKey.trim() || !region.trim() + !accessKeyId.trim() || + !secretKey.trim() || + !region.trim() || + (accessKeyId.trim() && !isValidAccessKeyId(accessKeyId.trim())) } >
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
client/public/bedrock_logo.pngis excluded by!**/*.pngserver/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (15)
client/src/components/ChatTab.tsx(1 hunks)client/src/components/ChatTabV2.tsx(2 hunks)client/src/components/SettingsTab.tsx(7 hunks)client/src/components/chat-v2/chat-helpers.ts(3 hunks)client/src/components/chat-v2/model-helpers.ts(1 hunks)client/src/components/chat/chat-helpers.ts(3 hunks)client/src/components/setting/BedrockConfigDialog.tsx(1 hunks)client/src/hooks/use-ai-provider-keys.ts(6 hunks)client/src/hooks/use-chat.ts(4 hunks)server/package.json(1 hunks)server/routes/mcp/chat-v2.ts(1 hunks)server/routes/mcp/chat.ts(2 hunks)server/utils/chat-helpers.ts(3 hunks)shared/chat-v2.ts(1 hunks)shared/types.ts(3 hunks)
🚧 Files skipped from review as they are similar to previous changes (9)
- server/package.json
- server/routes/mcp/chat.ts
- client/src/components/chat/chat-helpers.ts
- client/src/components/chat-v2/model-helpers.ts
- shared/chat-v2.ts
- client/src/hooks/use-chat.ts
- client/src/hooks/use-ai-provider-keys.ts
- client/src/components/ChatTab.tsx
- client/src/components/ChatTabV2.tsx
🧰 Additional context used
📓 Path-based instructions (12)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Prefer interfaces for defining object shapes
Constrain generics with appropriate type bounds
Use type guards to narrow unknown or union types before usage
Enforce import ordering consistently
**/*.{ts,tsx}: Prefer named exports in TypeScript modules
Use 2-space indentation
Declare types and interfaces using PascalCase
Files:
server/utils/chat-helpers.tsclient/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsxclient/src/components/chat-v2/chat-helpers.tsserver/routes/mcp/chat-v2.tsshared/types.ts
server/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/**/*.ts: Implement robust error handling with safe error messages and log sanitization
Set appropriate security headers for backend responses
Apply rate limiting and backoff strategies to protect APIsUse TypeScript for all backend source files
Files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.ts
client/src/**/*.tsx
📄 CodeRabbit inference engine (CLAUDE.md)
Follow consistent React component structure in the frontend
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
client/src/{app,components}/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
client/src/{app,components}/**/*.tsx: Use React functional components with React.FC typing for all UI components and pages
Define explicit Props interfaces for components, including proper children prop handling
Type event handlers with React-provided types (e.g., React.MouseEvent, FormEvent)
Follow React 19 patterns: hooks-centric components, Suspense and Error Boundaries where appropriate, and concurrent features
Maintain component isolation: avoid excessive prop drilling, use Context wisely, favor composition, and optimize renders
Build responsive layouts using the established Tailwind breakpoint system, grids, flex, and container queries
Ensure accessibility: proper ARIA attributes, keyboard navigation, focus management, and screen reader support
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
client/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Implement strict TypeScript types: strict prop types, event types, state interfaces, and utility types
In client code, use the @/ alias for imports
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsxclient/src/components/chat-v2/chat-helpers.ts
client/src/{app,components,hooks}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use React hooks for local state: apply useState/useReducer patterns, create custom hooks, and always clean up effects
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsxclient/src/components/chat-v2/chat-helpers.ts
client/src/components/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use Radix UI primitives for dialogs, dropdowns, form controls, and tooltips
React components in client/src/components should be functional and saved as PascalCase.tsx files
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
server/routes/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/routes/**/*.ts: Validate server responses (schema, content, status codes, headers) in route handlers
Perform input validation on incoming requests (types, sanitization, size, format)
Files:
server/routes/mcp/chat-v2.ts
server/{app.ts,routes/**/*.ts}
📄 CodeRabbit inference engine (server/CLAUDE.md)
Use Hono.js for API routing and middleware in the app setup and all route handlers
Files:
server/routes/mcp/chat-v2.ts
server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts}
📄 CodeRabbit inference engine (server/CLAUDE.md)
Implement MCP protocol using Mastra (@mastra/core, @mastra/mcp) for MCP handling, helpers, and types
Files:
server/routes/mcp/chat-v2.ts
server/routes/mcp/**/*.ts
📄 CodeRabbit inference engine (server/CLAUDE.md)
Place all MCP protocol handlers under server/routes/mcp
Files:
server/routes/mcp/chat-v2.ts
shared/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Place shared types and utilities in the shared/ directory for reuse by client and server
Files:
shared/types.ts
🧠 Learnings (9)
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage AI model state: model selection, generation parameters, stream management, and history persistence
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement OpenAI integration with a dedicated API client, model configuration, robust response handling, and error recovery
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
PR: MCPJam/inspector#0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/openai/**/*.ts : Keep OpenAI integration (client setup, model management, streaming, errors) under server/routes/llm/openai
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Support Ollama local models: local setup, model management, inference options, and resource control
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat-v2.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement Anthropic Claude integration: authentication flow, request formatting, stream processing, and rate limiting
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:05:54.474Z
Learnt from: CR
PR: MCPJam/inspector#0
File: CLAUDE.md:0-0
Timestamp: 2025-10-19T23:05:54.474Z
Learning: Applies to server/**/*.ts : Implement robust error handling with safe error messages and log sanitization
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage chat context: track window size/tokens, prune context, and persist state
Applied to files:
client/src/components/chat-v2/chat-helpers.tsserver/routes/mcp/chat-v2.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/mcp,stores/{chat,servers}}/**/*.{ts,tsx} : Synchronize MCP state: track connections, requests, responses, and errors consistently
Applied to files:
server/routes/mcp/chat-v2.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
PR: MCPJam/inspector#0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts} : Implement MCP protocol using Mastra (mastra/core, mastra/mcp) for MCP handling, helpers, and types
Applied to files:
server/routes/mcp/chat-v2.ts
🧬 Code graph analysis (3)
server/utils/chat-helpers.ts (1)
evals-cli/dist/index.js (1)
apiKey(8020-8020)
client/src/components/SettingsTab.tsx (1)
client/src/components/setting/BedrockConfigDialog.tsx (1)
BedrockConfigDialog(56-173)
client/src/components/setting/BedrockConfigDialog.tsx (4)
client/src/components/ui/dialog.tsx (6)
Dialog(131-131)DialogContent(133-133)DialogHeader(136-136)DialogTitle(139-139)DialogDescription(134-134)DialogFooter(135-135)client/src/components/ui/input.tsx (1)
Input(21-21)client/src/components/ui/select.tsx (5)
Select(173-173)SelectTrigger(181-181)SelectValue(182-182)SelectContent(174-174)SelectItem(176-176)client/src/components/ui/button.tsx (1)
Button(59-59)
🔍 Remote MCP
Now let me search for the Vercel AI SDK documentation specifically for Amazon Bedrock integration:Now let me search for information about the specific models being added to verify they're valid Bedrock models:Perfect! I've gathered sufficient context. Let me compile the findings.
Summary of Additional Context for PR Review
[::web_search::] [::web_search::]
Key Findings:
1. @ai-sdk/amazon-bedrock Package Status
The Vercel AI SDK now supports Bedrock through a new official provider. The PR uses version 3.0.49, which is current. The latest version available is 3.0.48, so the PR is using a very recent/current version.
2. AWS Credentials Handling
The implementation's credential validation approach aligns with standard practices. The Bedrock provider accepts accessKeyId and secretAccessKey, with accessKeyId defaulting to AWS_ACCESS_KEY_ID environment variable and secretAccessKey defaulting to AWS_SECRET_ACCESS_KEY. The PR correctly validates these credentials with prefix checks (AKIA/ASIA) and length requirements.
3. Bedrock Model Availability
Both models being added are verified as currently available in Amazon Bedrock:
-
DeepSeek v3: DeepSeek-V3.1 is now available as a fully managed foundation model in Amazon Bedrock.
-
Qwen 3 Coder 480B: Qwen3-Coder-480B-A35B-Instruct is available in Amazon Bedrock. This is a mixture-of-experts (MoE) model with 480B total parameters and 35B active parameters, optimized for coding and agentic tasks.
4. Vercel AI SDK Integration Pattern
The implementation follows the standard pattern. The createAmazonBedrock function can be imported from @ai-sdk/amazon-bedrock to create a provider instance with custom settings.
5. Region Support
The PR includes 16 AWS regions in the BedrockConfigDialog selector, which aligns with standard AWS region support for Bedrock models.
6. Important Considerations
Access to Amazon Bedrock foundation models isn't granted by default; an IAM user with sufficient permissions needs to request access through the console. This is a critical point for users to understand during testing.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: prettier-and-build
🔇 Additional comments (7)
server/utils/chat-helpers.ts (6)
2-2: LGTM!Import is correct. The package version (3.0.49) aligns with the latest available version of the Bedrock AI SDK.
16-17: LGTM!Optional parameters correctly positioned at the end of the signature, maintaining backward compatibility.
45-55: LGTM!Credential extraction with environment variable fallbacks follows AWS SDK conventions. Default region and trimming are appropriate.
57-63: LGTM!Presence validation with clear error messages that don't expose sensitive data.
65-70: LGTM!Access key format validation correctly accepts both AKIA (long-term) and ASIA (temporary STS) prefixes.
79-83: LGTM!Bedrock client creation follows the standard provider pattern. No credential logging present (previous concern resolved).
client/src/components/setting/BedrockConfigDialog.tsx (1)
33-54: Verify region support against AWS Bedrock documentation.The 16 regions are hardcoded without validation that they support the newly added Bedrock models (DeepSeek v3 and Qwen 3 Coder 480B). AWS publishes a per-model-by-region availability matrix; you should cross-reference the listed regions against the current table to ensure users won't encounter regional incompatibility errors.
Agastya18
force-pushed
the
feat/bedrock-provider
branch
from
bc00b45 to
f0f8c94
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
client/src/components/setting/BedrockConfigDialog.tsx (1)
142-152: Security: window.open lacks noopener/noreferrer protection.The button uses window.open without rel="noopener noreferrer", exposing the page via window.opener to the external site. This was flagged in a previous review but remains unaddressed.
Replace the button with a proper anchor element:
- <span className="text-sm text-blue-600"> - Need help?{" "} - <button - onClick={() => - window.open( - "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html", - "_blank", - ) - } - className="underline hover:no-underline" - > - AWS Bedrock Docs - </button> - </span> + <span className="text-sm text-blue-600"> + Need help?{" "} + <a + href="https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html" + target="_blank" + rel="noopener noreferrer" + className="underline hover:no-underline" + > + AWS Bedrock Docs + </a> + </span>
🧹 Nitpick comments (1)
client/src/components/setting/BedrockConfigDialog.tsx (1)
92-118: Consider adding autocomplete attributes for enhanced security.The input fields correctly use type="text" for access key and type="password" for secret key, but lack autocomplete attributes. Consider adding
autocomplete="off"to both fields to prevent browsers from caching sensitive AWS credentials.Apply this diff to enhance security:
<Input id="bedrock-access-key" type="text" value={accessKeyId} onChange={(e) => onAccessKeyIdChange(e.target.value)} placeholder="AKIA..." + autoComplete="off" className="mt-1" /> </div> <div> <label htmlFor="bedrock-secret-key" className="text-sm font-medium"> AWS Secret Access Key </label> <Input id="bedrock-secret-key" type="password" value={secretKey} onChange={(e) => onSecretKeyChange(e.target.value)} placeholder="Enter secret key" + autoComplete="new-password" className="mt-1" />
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
client/public/bedrock_logo.pngis excluded by!**/*.pngserver/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (15)
client/src/components/ChatTab.tsx(1 hunks)client/src/components/ChatTabV2.tsx(2 hunks)client/src/components/SettingsTab.tsx(7 hunks)client/src/components/chat-v2/chat-helpers.ts(3 hunks)client/src/components/chat-v2/model-helpers.ts(1 hunks)client/src/components/chat/chat-helpers.ts(3 hunks)client/src/components/setting/BedrockConfigDialog.tsx(1 hunks)client/src/hooks/use-ai-provider-keys.ts(6 hunks)client/src/hooks/use-chat.ts(4 hunks)server/package.json(1 hunks)server/routes/mcp/chat-v2.ts(1 hunks)server/routes/mcp/chat.ts(2 hunks)server/utils/chat-helpers.ts(3 hunks)shared/chat-v2.ts(1 hunks)shared/types.ts(3 hunks)
🚧 Files skipped from review as they are similar to previous changes (11)
- server/package.json
- client/src/components/chat/chat-helpers.ts
- client/src/hooks/use-chat.ts
- client/src/components/ChatTabV2.tsx
- client/src/components/chat-v2/chat-helpers.ts
- server/routes/mcp/chat.ts
- client/src/components/chat-v2/model-helpers.ts
- client/src/hooks/use-ai-provider-keys.ts
- server/routes/mcp/chat-v2.ts
- client/src/components/ChatTab.tsx
- shared/types.ts
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Prefer interfaces for defining object shapes
Constrain generics with appropriate type bounds
Use type guards to narrow unknown or union types before usage
Enforce import ordering consistently
**/*.{ts,tsx}: Prefer named exports in TypeScript modules
Use 2-space indentation
Declare types and interfaces using PascalCase
Files:
shared/chat-v2.tsclient/src/components/SettingsTab.tsxserver/utils/chat-helpers.tsclient/src/components/setting/BedrockConfigDialog.tsx
shared/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Place shared types and utilities in the shared/ directory for reuse by client and server
Files:
shared/chat-v2.ts
client/src/**/*.tsx
📄 CodeRabbit inference engine (CLAUDE.md)
Follow consistent React component structure in the frontend
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
client/src/{app,components}/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
client/src/{app,components}/**/*.tsx: Use React functional components with React.FC typing for all UI components and pages
Define explicit Props interfaces for components, including proper children prop handling
Type event handlers with React-provided types (e.g., React.MouseEvent, FormEvent)
Follow React 19 patterns: hooks-centric components, Suspense and Error Boundaries where appropriate, and concurrent features
Maintain component isolation: avoid excessive prop drilling, use Context wisely, favor composition, and optimize renders
Build responsive layouts using the established Tailwind breakpoint system, grids, flex, and container queries
Ensure accessibility: proper ARIA attributes, keyboard navigation, focus management, and screen reader support
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
client/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Implement strict TypeScript types: strict prop types, event types, state interfaces, and utility types
In client code, use the @/ alias for imports
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
client/src/{app,components,hooks}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use React hooks for local state: apply useState/useReducer patterns, create custom hooks, and always clean up effects
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
client/src/components/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use Radix UI primitives for dialogs, dropdowns, form controls, and tooltips
React components in client/src/components should be functional and saved as PascalCase.tsx files
Files:
client/src/components/SettingsTab.tsxclient/src/components/setting/BedrockConfigDialog.tsx
server/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/**/*.ts: Implement robust error handling with safe error messages and log sanitization
Set appropriate security headers for backend responses
Apply rate limiting and backoff strategies to protect APIsUse TypeScript for all backend source files
Files:
server/utils/chat-helpers.ts
🧠 Learnings (5)
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage AI model state: model selection, generation parameters, stream management, and history persistence
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement OpenAI integration with a dedicated API client, model configuration, robust response handling, and error recovery
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
PR: MCPJam/inspector#0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/openai/**/*.ts : Keep OpenAI integration (client setup, model management, streaming, errors) under server/routes/llm/openai
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
PR: MCPJam/inspector#0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Support Ollama local models: local setup, model management, inference options, and resource control
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:05:54.474Z
Learnt from: CR
PR: MCPJam/inspector#0
File: CLAUDE.md:0-0
Timestamp: 2025-10-19T23:05:54.474Z
Learning: Applies to server/**/*.ts : Implement robust error handling with safe error messages and log sanitization
Applied to files:
server/utils/chat-helpers.ts
🧬 Code graph analysis (2)
client/src/components/SettingsTab.tsx (1)
client/src/components/setting/BedrockConfigDialog.tsx (1)
BedrockConfigDialog(56-173)
client/src/components/setting/BedrockConfigDialog.tsx (4)
client/src/components/ui/dialog.tsx (6)
Dialog(131-131)DialogContent(133-133)DialogHeader(136-136)DialogTitle(139-139)DialogDescription(134-134)DialogFooter(135-135)client/src/components/ui/input.tsx (1)
Input(21-21)client/src/components/ui/select.tsx (5)
Select(173-173)SelectTrigger(181-181)SelectValue(182-182)SelectContent(174-174)SelectItem(176-176)client/src/components/ui/button.tsx (1)
Button(59-59)
🔍 Remote MCP Context7
Additional factual context relevant to PR #768
-
Supported AWS Regions — Amazon Bedrock supports many AWS regions (list includes us-east-1, us-west-2, ap-northeast-1, ap-south-1, eu-central-1, eu-west-1, sa-east-1, etc.). Ensure the PR's 16-region selector maps to actual Bedrock-supported regions for targeted customers/QA.
-
Region must be specified — Bedrock will deny inference requests with an "unspecified" region (IAM policy examples show denying bedrock:InvokeModel* when aws:RequestedRegion == "unspecified"). The server-side logic must ensure a valid region is supplied to avoid IAM denials.
-
API tokens / credentials lifecycle — Bedrock API tokens are short-lived (example generator shows default ~12 hours, configurable up to credential expiry) and tooling exists (e.g., @aws/bedrock-token-generator) to produce tokens. The PR’s handling of long-lived secrets vs. short-lived tokens and testing workflows should be reviewed (e.g., whether storing secret keys locally is acceptable for target workflows).
-
Inference profiles / region routing — Bedrock supports inference profiles and cross-region guardrails; some models may be available only in specific destination regions. Tests should confirm model availability in the selected region when exercising the new Bedrock models in the UI/backend.
Tools/sources used
- Resolved provider docs and region/credential details: Context7 resolve + Amazon Bedrock user guide/docs retrieval.,
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: prettier-and-build
🔇 Additional comments (13)
shared/chat-v2.ts (1)
13-14: LGTM! Field additions align with provider-specific configuration pattern.The optional bedrockRegion and bedrockSecretKey fields follow the established convention for provider-specific parameters in ChatV2Request.
client/src/components/SettingsTab.tsx (7)
35-38: LGTM! Hook destructuring follows established provider pattern.The bedrock accessors align with the existing pattern for provider-specific configuration (Ollama, LiteLLM, OpenRouter).
55-58: LGTM! Local state follows established dialog pattern.The bedrock state variables mirror the pattern used for other provider configuration dialogs.
106-114: LGTM! Bedrock provider configuration is well-structured.The entry provides clear metadata and appropriate IAM console link. The description mentions example models that should align with the models added to the shared types.
118-121: LGTM! Routing logic correctly handles bedrock's custom dialog.The early return for bedrock is appropriate given its multi-field configuration requirements, similar to how Ollama, LiteLLM, and OpenRouter bypass the generic dialog.
155-159: LGTM! Bedrock cleanup thoroughly clears all credential fields.The deletion handler appropriately clears both the secret key and region alongside the access key (cleared by clearToken), ensuring no credential remnants persist.
225-247: LGTM! Bedrock handlers follow established dialog lifecycle pattern.The edit/save/cancel flow correctly manages all three credential fields (access key, secret key, region) with appropriate state loading, persistence, and cleanup.
324-336: LGTM! BedrockConfigDialog integration is complete and correct.All props are properly wired to component state and handlers, following the established pattern for provider configuration dialogs.
server/utils/chat-helpers.ts (2)
16-17: LGTM! Function signature extension is minimal and appropriate.The optional bedrockRegion and bedrockSecretKey parameters are consistent with the provider-specific parameter pattern established for ollamaBaseUrl and litellmBaseUrl.
42-77: Region handling is correctly implemented with appropriate user control and sensible defaults.Verification confirms that defaulting to "us-east-1" is sound: the region is explicitly specified (not "unspecified" as the original IAM policy concern suggested), users have full UI control to select from 17 supported Bedrock regions, and the fallback chain respects client selection → environment variable → documented default. The curated region list aligns with current Bedrock availability.
client/src/components/setting/BedrockConfigDialog.tsx (3)
20-31: LGTM! Props interface is complete and well-typed.The BedrockConfigDialogProps interface provides all necessary handlers and state for the three-field configuration (access key, secret key, region).
161-168: LGTM! Save button validation appropriately prevents empty submissions.The disabled state correctly validates presence of all three required fields with trim(), providing immediate UX feedback while delegating format validation to the server.
33-54: The region list overstates Bedrock model support; constrain to supported regions or add runtime validation.DeepSeek-V3.1 and Qwen3 Coder-480B are available only in US East (Ohio) and Asia Pacific (Jakarta). The 16-region list permits selection of 14 unsupported regions that will fail at runtime. Either:
- Restrict
AWS_REGIONStous-east-2andap-southeast-1, or- Add server-side validation to reject unsupported region/model combinations, or
- Display a warning that region availability depends on the selected Bedrock model.
Note: São Paulo (sa-east-1) is not supported for these specific models, so expanding the list to include it would not resolve the issue.
Likely an incorrect or invalid review comment.
Agastya18
force-pushed
the
feat/bedrock-provider
branch
from
f0f8c94 to
3b110da
Compare
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
server/routes/mcp/chat.ts (1)
837-844: Pass the session token intocreateLlmModel. Once the helper accepts it, forwardrequestData.bedrockSessionTokenhere so temporary credentials authenticate successfully instead of failing bedrock-runtime calls.
♻️ Duplicate comments (1)
client/src/components/setting/BedrockConfigDialog.tsx (1)
143-147: Harden the external docs link. Open the AWS docs withrel="noopener noreferrer"(or equivalent) to prevent exposingwindow.opener.Apply this diff:
- <button - onClick={() => - window.open( - "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html", - "_blank", - ) - } - className="underline hover:no-underline" - > - AWS Bedrock Docs - </button> + <a + href="https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html" + target="_blank" + rel="noopener noreferrer" + className="underline hover:no-underline" + > + AWS Bedrock Docs + </a>
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
client/public/bedrock_logo.pngis excluded by!**/*.pngpackage-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (15)
client/src/components/ChatTab.tsx(1 hunks)client/src/components/ChatTabV2.tsx(3 hunks)client/src/components/SettingsTab.tsx(7 hunks)client/src/components/chat-v2/chat-helpers.ts(3 hunks)client/src/components/chat-v2/model-helpers.ts(1 hunks)client/src/components/chat/chat-helpers.ts(3 hunks)client/src/components/setting/BedrockConfigDialog.tsx(1 hunks)client/src/hooks/use-ai-provider-keys.ts(6 hunks)client/src/hooks/use-chat.ts(4 hunks)package.json(1 hunks)server/routes/mcp/chat-v2.ts(1 hunks)server/routes/mcp/chat.ts(2 hunks)server/utils/chat-helpers.ts(3 hunks)shared/chat-v2.ts(1 hunks)shared/types.ts(3 hunks)
🚧 Files skipped from review as they are similar to previous changes (8)
- client/src/components/chat-v2/model-helpers.ts
- server/routes/mcp/chat-v2.ts
- client/src/components/chat-v2/chat-helpers.ts
- client/src/components/ChatTabV2.tsx
- client/src/components/SettingsTab.tsx
- client/src/components/chat/chat-helpers.ts
- client/src/components/ChatTab.tsx
- client/src/hooks/use-chat.ts
🧰 Additional context used
📓 Path-based instructions (12)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Prefer interfaces for defining object shapes
Constrain generics with appropriate type bounds
Use type guards to narrow unknown or union types before usage
Enforce import ordering consistently
**/*.{ts,tsx}: Prefer named exports in TypeScript modules
Use 2-space indentation
Declare types and interfaces using PascalCase
Files:
server/utils/chat-helpers.tsshared/chat-v2.tsclient/src/hooks/use-ai-provider-keys.tsserver/routes/mcp/chat.tsclient/src/components/setting/BedrockConfigDialog.tsxshared/types.ts
server/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/**/*.ts: Implement robust error handling with safe error messages and log sanitization
Set appropriate security headers for backend responses
Apply rate limiting and backoff strategies to protect APIsUse TypeScript for all backend source files
Files:
server/utils/chat-helpers.tsserver/routes/mcp/chat.ts
shared/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Place shared types and utilities in the shared/ directory for reuse by client and server
Files:
shared/chat-v2.tsshared/types.ts
client/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Implement strict TypeScript types: strict prop types, event types, state interfaces, and utility types
In client code, use the @/ alias for imports
Files:
client/src/hooks/use-ai-provider-keys.tsclient/src/components/setting/BedrockConfigDialog.tsx
client/src/{app,components,hooks}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use React hooks for local state: apply useState/useReducer patterns, create custom hooks, and always clean up effects
Files:
client/src/hooks/use-ai-provider-keys.tsclient/src/components/setting/BedrockConfigDialog.tsx
server/routes/**/*.ts
📄 CodeRabbit inference engine (CLAUDE.md)
server/routes/**/*.ts: Validate server responses (schema, content, status codes, headers) in route handlers
Perform input validation on incoming requests (types, sanitization, size, format)
Files:
server/routes/mcp/chat.ts
server/{app.ts,routes/**/*.ts}
📄 CodeRabbit inference engine (server/CLAUDE.md)
Use Hono.js for API routing and middleware in the app setup and all route handlers
Files:
server/routes/mcp/chat.ts
server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts}
📄 CodeRabbit inference engine (server/CLAUDE.md)
Implement MCP protocol using Mastra (@mastra/core, @mastra/mcp) for MCP handling, helpers, and types
Files:
server/routes/mcp/chat.ts
server/routes/mcp/**/*.ts
📄 CodeRabbit inference engine (server/CLAUDE.md)
Place all MCP protocol handlers under server/routes/mcp
Files:
server/routes/mcp/chat.ts
client/src/**/*.tsx
📄 CodeRabbit inference engine (CLAUDE.md)
Follow consistent React component structure in the frontend
Files:
client/src/components/setting/BedrockConfigDialog.tsx
client/src/{app,components}/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
client/src/{app,components}/**/*.tsx: Use React functional components with React.FC typing for all UI components and pages
Define explicit Props interfaces for components, including proper children prop handling
Type event handlers with React-provided types (e.g., React.MouseEvent, FormEvent)
Follow React 19 patterns: hooks-centric components, Suspense and Error Boundaries where appropriate, and concurrent features
Maintain component isolation: avoid excessive prop drilling, use Context wisely, favor composition, and optimize renders
Build responsive layouts using the established Tailwind breakpoint system, grids, flex, and container queries
Ensure accessibility: proper ARIA attributes, keyboard navigation, focus management, and screen reader support
Files:
client/src/components/setting/BedrockConfigDialog.tsx
client/src/components/**/*.tsx
📄 CodeRabbit inference engine (client/CLAUDE.md)
Use Radix UI primitives for dialogs, dropdowns, form controls, and tooltips
React components in client/src/components should be functional and saved as PascalCase.tsx files
Files:
client/src/components/setting/BedrockConfigDialog.tsx
🧠 Learnings (12)
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage AI model state: model selection, generation parameters, stream management, and history persistence
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement OpenAI integration with a dedicated API client, model configuration, robust response handling, and error recovery
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/openai/**/*.ts : Keep OpenAI integration (client setup, model management, streaming, errors) under server/routes/llm/openai
Applied to files:
server/utils/chat-helpers.tsserver/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Support Ollama local models: local setup, model management, inference options, and resource control
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:05:54.474Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-10-19T23:05:54.474Z
Learning: Applies to server/**/*.ts : Implement robust error handling with safe error messages and log sanitization
Applied to files:
server/utils/chat-helpers.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage chat context: track window size/tokens, prune context, and persist state
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/mcp,stores/{chat,servers}}/**/*.{ts,tsx} : Synchronize MCP state: track connections, requests, responses, and errors consistently
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,components/chat}/**/*.{ts,tsx} : Handle response streaming: token processing, UI updates, cancellation, and error states
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement Anthropic Claude integration: authentication flow, request formatting, stream processing, and rate limiting
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:06:33.450Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{app/chat,components/chat}/**/*.tsx : Implement real-time chat: message components, input handling, stream rendering, and history management
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts} : Implement MCP protocol using Mastra (mastra/core, mastra/mcp) for MCP handling, helpers, and types
Applied to files:
server/routes/mcp/chat.ts
📚 Learning: 2025-10-19T23:07:08.982Z
Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/**/*.ts : Implement LLM response handling (stream processing, token counting, format validation, safety checks) within LLM route files
Applied to files:
server/routes/mcp/chat.ts
🧬 Code graph analysis (2)
server/utils/chat-helpers.ts (1)
evals-cli/dist/index.js (1)
apiKey(8020-8020)
client/src/components/setting/BedrockConfigDialog.tsx (4)
client/src/components/ui/dialog.tsx (6)
Dialog(131-131)DialogContent(133-133)DialogHeader(136-136)DialogTitle(139-139)DialogDescription(134-134)DialogFooter(135-135)client/src/components/ui/input.tsx (1)
Input(21-21)client/src/components/ui/select.tsx (5)
Select(173-173)SelectTrigger(181-181)SelectValue(182-182)SelectContent(174-174)SelectItem(176-176)client/src/components/ui/button.tsx (1)
Button(59-59)
🔍 Remote MCP Context7
Additional factual context found (concise)
-
Bedrock supported regions — Bedrock is available in many AWS Regions (includes us-east-1, us-west-2, ap-northeast-1, ap-south-1, eu-central-1, sa-east-1, etc.). Confirm the PR's 16-region selector covers actual Bedrock-supported regions used by customers/QA.
-
Region must be specified — IAM policies can deny bedrock:InvokeModel* if aws:RequestedRegion == "unspecified". Server must ensure a non-"unspecified" region is sent to avoid IAM denials.
-
Model availability is region-dependent — Supported models vary by region; callers may need to query region-specific supported-model lists or handle region-specific availability errors.
-
Short-lived tokens / token generator — Amazon Bedrock supports short-term API tokens (default ~12 hours) produced via @aws/bedrock-token-generator; consider lifecycle/refresh implications if storing long-lived secrets client-side.
-
Cross-region guardrails / inference routing — Bedrock guardrail profiles can route inference across source/destination regions; some inference profiles restrict destination regions. Tests should confirm model+region combinations used by PR are valid.
Sources:
- Context7 library resolution for "Amazon Bedrock" and docs (selected library ID: /websites/aws_amazon_bedrock_userguide)
- Amazon Bedrock user guide: regions, IAM policy note, supported-models/regions, token generation, and guardrails
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: prettier-and-build
🔇 Additional comments (3)
client/src/hooks/use-ai-provider-keys.ts (3)
16-18: Clean integration of Bedrock credential fields.The interface extensions properly accommodate AWS's three-part credential structure (Access Key ID, Secret Access Key, and region), and the method signatures follow the established pattern for provider-specific configuration.
Also applies to: 36-39
57-59: Validation correctly enforces both AWS credentials with sensible region default.The dual-credential check in
hasToken(lines 129-131) is correct for AWS authentication, and the default region"us-east-1"with fallback logic ingetBedrockRegionensures the IAM requirement for a specified region is always satisfied.Based on learnings.
Also applies to: 127-133
199-219: Implementation follows established patterns with proper memoization.The getter/setter implementations correctly use
useCallbackwith appropriate dependencies and maintain consistency with the existing provider-specific methods. The region fallback ensures a valid default is always available.Also applies to: 236-239
| interface BedrockConfigDialogProps { | ||
| open: boolean; | ||
| onOpenChange: (open: boolean) => void; | ||
| accessKeyId: string; | ||
| secretKey: string; | ||
| region: string; | ||
| onAccessKeyIdChange: (value: string) => void; | ||
| onSecretKeyChange: (value: string) => void; | ||
| onRegionChange: (value: string) => void; | ||
| onSave: () => void; | ||
| onCancel: () => void; | ||
| } |
There was a problem hiding this comment.
Expose the Bedrock session token in the dialog props. Without a sessionToken value and corresponding setter, users have no way to supply STS credentials from the UI. Add the prop so the dialog can collect it.
🤖 Prompt for AI Agents
In client/src/components/setting/BedrockConfigDialog.tsx around lines 20 to 31,
the BedrockConfigDialogProps interface is missing a sessionToken and setter so
the UI cannot accept STS session tokens; add two props: sessionToken: string and
onSessionTokenChange: (value: string) => void, then update all call sites to
pass the current session token and handler, and wire these props into the dialog
form (add the session token input bound to sessionToken and calling
onSessionTokenChange on change) so the dialog can collect STS credentials.
| const AWS_REGIONS = [ | ||
| // United States | ||
| { value: "us-east-1", label: "US East (N. Virginia)" }, | ||
| { value: "us-east-2", label: "US East (Ohio)" }, | ||
| { value: "us-west-1", label: "US West (N. California)" }, | ||
| { value: "us-west-2", label: "US West (Oregon)" }, | ||
| // Asia Pacific | ||
| { value: "ap-south-1", label: "Asia Pacific (Mumbai)" }, | ||
| { value: "ap-northeast-1", label: "Asia Pacific (Tokyo)" }, | ||
| { value: "ap-northeast-2", label: "Asia Pacific (Seoul)" }, | ||
| { value: "ap-northeast-3", label: "Asia Pacific (Osaka)" }, | ||
| { value: "ap-southeast-1", label: "Asia Pacific (Singapore)" }, | ||
| { value: "ap-southeast-2", label: "Asia Pacific (Sydney)" }, | ||
| // Canada | ||
| { value: "ca-central-1", label: "Canada (Central)" }, | ||
| // Europe | ||
| { value: "eu-central-1", label: "Europe (Frankfurt)" }, | ||
| { value: "eu-west-1", label: "Europe (Ireland)" }, | ||
| { value: "eu-west-2", label: "Europe (London)" }, | ||
| { value: "eu-west-3", label: "Europe (Paris)" }, | ||
| { value: "eu-north-1", label: "Europe (Stockholm)" }, | ||
| ]; |
There was a problem hiding this comment.
Update the region list to cover current Bedrock runtimes. Amazon Bedrock is now live in additional regions (Hyderabad ap-south-2, Jakarta ap-southeast-3, Melbourne ap-southeast-4, Malaysia ap-southeast-5, Thailand ap-southeast-7, Taipei ap-east-2, Zurich eu-central-2, Milan eu-south-1, Spain eu-south-2, Tel Aviv il-central-1, UAE me-central-1, São Paulo sa-east-1, etc.). The fixed 16-entry list leaves these customers without a selectable option. Please sync this array with the latest endpoint table.
🤖 Prompt for AI Agents
In client/src/components/setting/BedrockConfigDialog.tsx around lines 33 to 54,
the AWS_REGIONS array is a static 16-entry list and is missing newly supported
Bedrock regions; update this array to include the current Bedrock runtime
regions (ap-south-2, ap-southeast-3, ap-southeast-4, ap-southeast-5,
ap-southeast-7, ap-east-2, eu-central-2, eu-south-1, eu-south-2, il-central-1,
me-central-1, sa-east-1, etc.) by syncing the entries (value and human-readable
label) with the latest AWS/Bedrock endpoints table, or replace the hardcoded
list with a maintained source (config file or API) that contains the official
region list so future additions won’t be missed.
| <div> | ||
| <label htmlFor="bedrock-secret-key" className="text-sm font-medium"> | ||
| AWS Secret Access Key | ||
| </label> | ||
| <Input | ||
| id="bedrock-secret-key" | ||
| type="password" | ||
| value={secretKey} | ||
| onChange={(e) => onSecretKeyChange(e.target.value)} | ||
| placeholder="Enter secret key" | ||
| className="mt-1" | ||
| /> | ||
| </div> |
There was a problem hiding this comment.
Capture the session token in the UI. Please add an input field (and wiring) for the AWS session token alongside the secret key so temporary credentials work end to end.
🤖 Prompt for AI Agents
In client/src/components/setting/BedrockConfigDialog.tsx around lines 106 to
118, the UI only captures AWS secret key and lacks an input for AWS session
token needed for temporary credentials; add a new password-type Input field
labeled "AWS Session Token" with a unique id (e.g., "bedrock-session-token"),
bind it to a sessionToken state/prop value, wire onChange to call a new or
existing onSessionTokenChange handler (pass the token string), set a placeholder
like "Enter session token" and reuse className="mt-1" for spacing; also ensure
the sessionToken value is included in the component's save/submit payload or
passed up to the parent so the backend/store receives the temporary credential
along with accessKey and secretKey.
| bedrockRegion?: string; | ||
| bedrockSecretKey?: string; |
There was a problem hiding this comment.
Thread AWS session token through ChatRequest. The Bedrock flow needs to carry an AWS session token for STS-issued credentials; without it, SignatureDoesNotMatch errors are guaranteed. Please add an optional bedrockSessionToken alongside the other Bedrock fields and propagate it downstream.
🤖 Prompt for AI Agents
In server/routes/mcp/chat.ts around lines 50-51, the ChatRequest type only has
bedrockRegion and bedrockSecretKey; add an optional bedrockSessionToken?: string
to the interface and propagate it wherever the other Bedrock fields are used.
Update any construction/validation of ChatRequest to accept the new field, pass
bedrockSessionToken into downstream calls that create/sign Bedrock requests
(credential objects, signer, or SDK client initialization), and include it in
any payloads or headers sent to Bedrock so STS-issued temporary credentials are
used for signing.
| case "bedrock": { | ||
| // Amazon Bedrock requires region and AWS credentials | ||
| // apiKey is used as accessKeyId | ||
| const region = bedrockRegion || process.env.AWS_REGION || "us-east-1"; | ||
| const accessKeyId = ( | ||
| apiKey || | ||
| process.env.AWS_ACCESS_KEY_ID || | ||
| "" | ||
| ).trim(); | ||
| const secretAccessKey = ( | ||
| bedrockSecretKey || | ||
| process.env.AWS_SECRET_ACCESS_KEY || | ||
| "" | ||
| ).trim(); | ||
|
|
||
| if (!accessKeyId) { | ||
| throw new Error("AWS Access Key ID is required for Bedrock"); | ||
| } | ||
|
|
||
| if (!secretAccessKey) { | ||
| throw new Error("AWS Secret Access Key is required for Bedrock"); | ||
| } | ||
|
|
||
| // Validate AWS Access Key format | ||
| if (!accessKeyId.startsWith("AKIA") && !accessKeyId.startsWith("ASIA")) { | ||
| throw new Error( | ||
| "Invalid AWS Access Key ID format. It should start with AKIA or ASIA", | ||
| ); | ||
| } | ||
|
|
||
| return createAmazonBedrock({ | ||
| region: region.trim(), | ||
| accessKeyId, | ||
| secretAccessKey, | ||
| })(modelDefinition.id); | ||
| } |
There was a problem hiding this comment.
Support session tokens for Bedrock auth. Only threading access key ID and secret key blocks every temporary credential issued by STS; we need to accept and forward the session token to createAmazonBedrock. Propagate the extra argument and plumb it through to callers.
Apply this diff:
export const createLlmModel = (
modelDefinition: ModelDefinition,
apiKey: string,
ollamaBaseUrl?: string,
litellmBaseUrl?: string,
- bedrockRegion?: string,
- bedrockSecretKey?: string,
+ bedrockRegion?: string,
+ bedrockSecretKey?: string,
+ bedrockSessionToken?: string,
) => {
@@
const secretAccessKey = (
bedrockSecretKey ||
process.env.AWS_SECRET_ACCESS_KEY ||
""
).trim();
+ const sessionToken = (
+ bedrockSessionToken ||
+ process.env.AWS_SESSION_TOKEN ||
+ ""
+ ).trim();
@@
return createAmazonBedrock({
region: region.trim(),
accessKeyId,
secretAccessKey,
+ sessionToken: sessionToken || undefined,
})(modelDefinition.id);Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In server/utils/chat-helpers.ts around lines 42 to 77, the Bedrock case only
reads accessKeyId and secretAccessKey and ignores AWS session tokens, which
breaks STS temporary credentials; read a session token (e.g. bedrockSessionToken
|| process.env.AWS_SESSION_TOKEN || "" and trim it), include it in the object
passed to createAmazonBedrock (e.g. add sessionToken: <value>), and update any
callers of createAmazonBedrock (and related call sites) to accept/forward the
session token so temporary credentials work end-to-end.
| bedrockRegion?: string; | ||
| bedrockSecretKey?: string; |
There was a problem hiding this comment.
Add bedrockSessionToken to ChatV2Request. The V2 transport must stay in sync with the MCP route so that STS credentials (access key, secret, session token) can actually reach the server.
🤖 Prompt for AI Agents
In shared/chat-v2.ts around lines 14-15, the ChatV2Request type is missing the
STS session token field; add an optional property bedrockSessionToken?: string
to the interface so the V2 transport can carry access key, secret and session
token to the server, and then update any callers/serializers/tests that
construct or validate ChatV2Request to include/pass through this new optional
field.
1 participant
Key Changes
Backend: Bedrock integration in chat-helpers with AWS credential validation
Frontend: New BedrockConfigDialog with 16 AWS regions selector
Models: DeepSeek v3 (deepseek.v3-v1:0) and Qwen 3 Coder (qwen.qwen3-coder-480b-a35b-v1:0)
UI: Bedrock logo and model selection in both Playgrounds (V1 & V2)
Dependencies
Added @ai-sdk/amazon-bedrock v3.0.49
Fix: #705
Screenshot:
Demo:
Screen.Recording.2025-10-30.at.8.14.21.PM.mp4