…ooner, fix minor styling issues (#4928)

* fix(amazonq): add jobId to history tab and ensure summary/icons get saved

* update changelog

* fix failing test

* fix lint issue

* fix circular dep

* address comments

* remove unneeded await

* small fix to error notifications

---------

Co-authored-by: David Hasani <[email protected]>

…4944)

…4942)

Problem:
Node v20.12.2 has introduced an issue with spawnSync (execFileSync) on Windows:
nodejs/node#52554

```
> ts-node ./scripts/build/handlePackageJson

<ref *1> Error: spawnSync vsce ENOENT
    at Object.spawnSync (node:internal/child_process:1124:20)
    at spawnSync (node:child_process:876:24)
    at Object.execFileSync (node:child_process:919:15)
    at main (C:\Users\rbbarad\Desktop\vscode-toolkit\aws-toolkit-vscode-staging\scripts\package.ts:156:23)
    at Object.<anonymous> (C:\Users\rbbarad\Desktop\vscode-toolkit\aws-toolkit-vscode-staging\scripts\package.ts:181:1)
    at Module._compile (node:internal/modules/cjs/loader:1369:14)
    at Module.m._compile (C:\Users\rbbarad\Desktop\vscode-toolkit\aws-toolkit-vscode-staging\node_modules\ts-node\src\index.ts:1618:23)
    at Module._extensions..js (node:internal/modules/cjs/loader:1427:10)
    at Object.require.extensions.<computed> [as .ts] (C:\Users\rbbarad\Desktop\vscode-toolkit\aws-toolkit-vscode-staging\node_modules\ts-node\src\index.ts:1621:12)
    at Module.load (node:internal/modules/cjs/loader:1206:32) {
  errno: -4058,
  code: 'ENOENT',
  syscall: 'spawnSync vsce',
  path: 'vsce',
  spawnargs: [ 'package', '--ignoreFile', '../.vscodeignore.packages' ],
  error: [Circular *1],
  status: null,
  signal: null,
  output: null,
  pid: 0,
  stdout: null,
  stderr: null
}
```

Solution:
Set the "shell" flag when on Windows OS. This is because `vsce` is a `.cmd` file
which needs a shell to run.

Testing:
- Ran `npm install`, `npm run compile`, `npm run package` locally. confirmed packaging was successful

Related:
- aws/aws-toolkit-azure-devops#552
- nodejs/node#52554

Problem
Security scans don't work for multi-root workspaces.

Solution
- Gather all open workspace folders for security scan payload instead of from the active file
- Since we no longer require the active file, remove the requirement of having a file open to run scans

Problem
Add Help link in Login Page.

Solution
- Introducing BEM naming convention for classes/CSS - https://getbem.com/.
- Use ? for icon.
- Record Telemetry data when a user clicks the help link.

Problem
`collectFiles` method uses a different max payload size value than security scans.

Solution
- Pass the desired max value to `collectFiles`
- Use 500MB as the max size

Problem
Q chat may hang when processing fragments of ts/js code. The
Tsx.findNames and Tsx.findNamesWithInExtent functions hang (Promise does
not resolve). These functions invoke WASM/rust code.

- #4935
- #4810

Solution
Remove uses of Tsx.findNames and Tsx.findNamesWithInExtent.

The fully qualified names (FQN) library is used to help service build
prompts with variable names in user's IDE to reduce hallucinations, but
they are not required for normal functionality.

Fixes: #4658

Signed-off-by: Nikolas Komonen <[email protected]>

* feate(amazonq): only display open chat codelens if authenticated

* fix tests

* use sync method to fix tests

* Update packages/core/src/test/codewhispererChat/editor/codelens.test.ts

Co-authored-by: Nikolas Komonen <[email protected]>

---------

Co-authored-by: Nikolas Komonen <[email protected]>

* Revert "fix(amazonq): update cross file context config #4922"

This reverts commit e6d9b50.

* revert cross file config change

Problem:

With the recent addition for the null extension fix in debug mode,
we ran the hack during actual packaging of the AWS Toolkit extension.
This hack caused the vsix to not work

Solution:

Only run the hack during development. We did this by
adding a flag to the handlePackageJson script to do
the hack if the '--development' flag is given.

Signed-off-by: Nikolas Komonen <[email protected]>

Amazon Q is not fully working in web, but this gets
the Debug setup working so we can start developing

Signed-off-by: Nikolas Komonen <[email protected]>

Problem:
Icons are not displayed on for existing connections.

Solution:
Use type to render icons

* feat(auth): navigate login page with keyboard

- Use tab/shift+tab to navigate the login.
- Press enter on start url field to shortcut continue (if the form is valid).
- Press enter on any of the IAM credential fields to continue (if the form is valid).
- Autofocus the start url field.
- Autofocus IAM profile name field.

* add support for focus/enter on IAM creds

* changelog items

Problem:
Messages get lost in the code path where customers do not need to provide a JAVA_HOME.
This leads to missing chat bubbles for:
1. "Building your project"
2. "I was able to build your project"
3. "I am starting to transform your code"

Solution:
Issue was due to typo when translating  `tabId` to `tabID`.
Search in the code shows that `tabID` is 10x more common than `tabId` so aligning Q Code Transform to this format.
After aligning the usages the missing messages are shown again and are animated where required.

* fix(feedback): rename last CodeWhisperer strings to Amazon Q

* Update packages/core/src/feedback/vue/submitFeedback.vue

Co-authored-by: Justin M. Keyes <[email protected]>

---------

Co-authored-by: Justin M. Keyes <[email protected]>

* feat(auth): request AWS account scopes only when necessary

Applies to both IdC and BuilderID
- Don't request if we are signing into Amazon Q
- Request if we are in toolkit re-using a connection from Amazon Q
  - via login page
  - via quick pick menu
- Don't invalidate the connection in Amazon Q if we cancel adding scopes in toolkit.

TODO:
- Cancelling adding scopes in Q still invalidates the connection in toolkit.

* remove invalidate option from addScopes, fix telemetry

* restore original scopes if re-using a connection in Q fails

* allow reauth without invalidation

* fix tests

* re-add and update test

* docstrings

…e1` (#4971)

To keep things unified, the entrypoint files for
the extension should use the 'extension' terminology
instead of 'main'.

Signed-off-by: Nikolas Komonen <[email protected]>

For some reason this separate fix caused debugging breakpoints
to no be able to be registered.

Reverting this separate fix for now until we can determine
why.

Signed-off-by: Nikolas Komonen <[email protected]>

Allow users to interactively update dependencies while transformation is paused waiting for user input.

Problem:
Projects with terraform files fail with `Improperly formed request` error. This
is happening due to `tf` incorrectly mapped to `hcl`.

Solution:
The reverse map lookup function `getLanguageFromFileExtension` is unreliable
because there could be duplicate values. Use `getLanguageContext` instead.

* remove PKCE feature flag

- Now we run Device Code if we are in an ssh workspace
- Otherwise we run the Authorization code flow

Signed-off-by: Nikolas Komonen <[email protected]>

* use new oidc client, remove our temp one

Since the new OIDC client with Authorization Code flow was
not released we had to use a pre-build version.

Now that the new client is released we can actually use it.

Solution:

This commit removes the old temp OIDC client and simply uses
our existing one with minor modifications to get things working.

Also we were required to update some transitive dependencies which
is why there are 'smithy' related dependency changes

Signed-off-by: Nikolas Komonen <[email protected]>

* get tests working + changelog items

Signed-off-by: Nikolas Komonen <[email protected]>

---------

Signed-off-by: Nikolas Komonen <[email protected]>

* fix(auth): re-use existing connections if provided manually

- If the user enters start url and region of an already existing connection that was displayed, we will just proceed with re-using that connection.
- If the user enters start url but region differs from what exists, we will display the error.

* fix(toolkit): return to explorer if login page is exited

* fix(codecatalyst): use default scopes (includes aws account scopes) for sign in

Problem
- Inconsistent customer facing messages and telemetry events in codescan.

Solution
- Added customer facing error messages by removing existing to keep consistent.
- Added telemetry to understand the customer facing errors at different stages.

… S3Client #4964

Refactor code by moving static strings to a constants file, creating help functions, and updating error messages.

Moving from DevSettings to Experiments to allow access.

S3Client changed to use `DefaultS3Client` and adapted URI parser [dependency](https://www.npmjs.com/package/amazon-s3-uri) to a helper function.

- Also adds startUrl to the registration file.

Problem: We only index client registrations files on region, scopes. IdC and builder ID are not distinguishable at the region + scopes level. This means that we can cache to the same registration file if the user tries IdC or builder Id. Now that we have moved to a new auth flow we no longer control opening the start URL, it is provided by the registration. If the registration is shared between IdC and builder ID, whatever one is accessed first will have its start URL saved to the cache.

Solution: Add start url to the hash key. This will prevent IdC and buidler ID logins matching to the same registration and routing to the same start url.

Steps to reproduce without this:
1. Try to log into builder ID or IdC
2. Don't fully sign in, cancel and return.
3. Try to sign in with the other.
4. The start URL will be for sign in method in step 1, not the one from step 3.

Problem:

When users finish accepting scopes in the browser,
they are brought to a custom "success" page. Additionally
we use the URI Handler to then redirect them back to the IDE.

The issue is that the user is being redirected from the local server
address which includes a port number. Since this port number is
dynamic there will always be an "allow" prompt in the browser, instead
of seamlessly taking them back to the IDE.

Solution:

For now we will disable the URI Handler redirect and add it back in
if the vscode:// uri becomes allowed to use as a redirect URI instead

Signed-off-by: Nikolas Komonen <[email protected]>

Problem:
Security scans fail if project contains binary files like .pdf or .ttf

    File seems to be binary and cannot be opened as text

Solution:
- Update ignore patterns to exclude more file types
- Wrap `openTextDocument` in a try-catch block to skip a file if it can't be opened

* Aliging Customer facing messages and telemetry events in both IDE's

* Changes to error messages

* Adding logs in catch blocks

* Addressing comments

* Addressing comments

* Minor edits

* Minor edits

* Added Change log and modifed error.ts in codescan

* Added change log

* Updated Change log

* Try running the build again

* Addressing comments

* Adding custom command to run project scan

* Add change log

- Should fix nls warnings.
- Amazon Q is not supported in cloud9 at this time.
- No need for cn translations, there is nothing to change about it for Amazon Q.

…nection (#4988)

This function does not accept a 4th arg, but somehow the previous
PR did not fail CI.

Signed-off-by: Nikolas Komonen <[email protected]>

Problem:

It is common for want to view/modify the Auth Profile store.
The Profile Store is our source of truth for auth connections that
the extension is aware of and using.
We sometimes want to read and modify this source of truth for debugging
purposes.

The issue is that this option is hard to find since you need to dig through
multiple menus. Also once you get to it, the content you see will become stale
if it every changes.

Solution:

- Add a new item to our Developer Menu to open the auth profile store editor.
- Fix issue where the text document editor was not refreshing with the latest changes.

Signed-off-by: Nikolas Komonen <[email protected]>

* fix(amazonq): move view details and explain to quickfix

* add changelog

Problem:

When a Dev Env is spun up, the AWS Toolkit extension automatically creates
an SSO profile in the Dev Env using the the sso session metadata in the ~/.aws/config file.

In the scenario the ~/.aws/config file contained the session for a non-builder id session
the SSO profile created would be incorrect due to the startUrl and Region being reversed
with eachother when the SSO profile was created.

This led to an invalid SSO profile, so any attempts to reauthenticate would fail.

Solution:

correctly create the SSO profile.

Signed-off-by: Nikolas Komonen <[email protected]>

Amazon Q Transform Bugfixes
- Chore - fix spelling error
- Bugfix - uploadId overwriting jobId causing issues calling getTransformation
- Bugfix - fix Human in the loop chat messages

* fix: add more logs to Dev Env heartbeat

We want more logs to help determine if the dev env
heartbeat is working as expected

Signed-off-by: Nikolas Komonen <[email protected]>

* refactor: fix circular dependency

The command that shows the login vue was having circular
dependency issues.

This moves that logic in to its own file to fix this.

Signed-off-by: Nikolas Komonen <[email protected]>

* devEnv: try start activity heartbeat on connection change

Problem:

We only tried to start the activity heartbeat on extension startup. So if
that failed due to something like an invalid connection, the heartbeat mechanism
would not start

Solution:

Try and start the heartbeat mechanism when the CC connection changes as well.
But if it is already running then we just skip it.

Signed-off-by: Nikolas Komonen <[email protected]>

---------

Signed-off-by: Nikolas Komonen <[email protected]>

* fix(amazonq): avoid apply fix if already applied

* fix tests

Amazon Q Code Transform: Improve UploadZip logging

…eafult source folderwhile using /dev (#4986)

* Updated Q feature dev name

* added changelog

* Revert "added changelog"

This reverts commit 9439145.

* fix(auth): enforce 5 scopes when reauthing amazon q

Problem: Users can keep an old 3 scope connection if they continue to reauth with the notification once auth expires.

Solution: Any call to the amazon q's reauth function enforces 5 scopes, which will fix the reauth notification.

- Does NOT update the case where user reauths an amazon q connection via toolkit quickpick. That is more difficult.

* update tests

Problem: Clicking anything other than 'open' in the VSC redirect url modal for the auth page would result in cancelling the auth attempt.

Solution: Do not expect a specific response from the url modal. Allow the auth flow to continue even if the user hits 'Cancel' or 'Copy'. To cancel the auth flow, the user should click 'Cancel' in the login ui OR leave the login ui.

…ting connection (#4988)" (#5022)

This reverts commit 974b188.

Telemetry implementation, updating response colors to be shown in the Webview, and return intended line numbers in problems panel.

Corresponding PR for new metrics in aws-toolkit-common: aws/aws-toolkit-common#735

### Problem(s)
- When Q panel opens, it doesn't autofocus to prompt input field
- Inside chat body, if there is a code block inside a list item it shows <br/> tags
- Prompt input field in Q Chat tabs doesn't stop after it reaches to the given maxLength
- Links are not behaving as expected for middle mouse clicks inside a chat item.

### Solution(s)
- Added autofocus to prompt field when the panel opens or there is a new tab.
- Removed break generation for list items (which is the supposed way from markedjs and github's own markdown styling)
- Prompt input maxLength value was used incorrectly, it was using the function declaration instead of the return value of the function. It is corrected.
- As we do for the clicks, we also mapped the middle clicks (auxclick) to the same handler functions.


* fixed autofocus to prompt field when Q panel is open
fixed unexpected <br> tags inside code blocks in Q Chat
fixed links are opening in Q panel with middle mouse clicks

* Update packages/amazonq/.changes/next-release/Bug Fix-b8c7f55f-2986-48a9-91e7-cf143faf51fc.json

Co-authored-by: Maxim Hayes <[email protected]>

* Update packages/amazonq/.changes/next-release/Bug Fix-86b9e6a2-2d86-4be5-b362-93eb5f96568f.json

Co-authored-by: Maxim Hayes <[email protected]>

---------

Co-authored-by: Maxim Hayes <[email protected]>

* fix(amazonq): duplicate findings for multi-folder workspaces

* fix tests

* add comment

Problem:

In AWS Toolkit 2.19 we only added the 3 CW scopes for BiD, but now with Amazon Q there
are an additional 2 scopes (gumby/weaverbird).

The issue is that connections made with 2.19 did not seamlessly transition in to the new
standalone Q extension. Instead users needed to know to go to the Q login webview and select
their existing BiD connection and have it reauthed to work with Q.

Instead of the above behavior, if the user has the 3 scope connection, we want to auto connect
to this connection but then mark it as expired so that the status bar icon for Q tells the
user they need to reauth (yellow background and reauth icon).

Repro Steps of current state (before this change):
- Delete all connection cache from AWS + Amazon Q extensions first
- Download AWS Toolkit 2.19 (this only adds the 3 scopes)
- Connect to CW with BiD
- Install the latest Amazon Q

Note how the old connection is not automatically transitioned over, the status bar shows the 'X' as there is
no connection. But if you open the Q login webview it will show BiD, then you can select that and things will
work again.

Solution:

This commit changes the code to detect a 3 scope CW connection, then use it for Q but mark
it as expired.

So what will happen is that if you follow the repro steps above, but instead launch Amazon Q
with this change, once you open the Q webview it will auto connect to the old connection but
show it as expired in the status bar.

Things that still need to be addressed:

- The logic to check + use the 3 scope connection only triggers when the Amazon Q panel/webview
  is opened. Until it is opened nothing happens, and the user is not made aware to reauth in the
  status bar icon. A better solution is to move this logic to the backend code so we can trigger it
  without the need to open the webview. Or does it make sense to auto open the Q webview if we detect
  they only have the 3 scopes instead of 5

- If the status bar is shown as expired, then none of Q chat will work BUT the user will still be
  able to type messages in that (please verify this). Though it will say they need to reauth once they send the message.
  Do we want this behavior or to show the reauth page?

Signed-off-by: Nikolas Komonen <[email protected]>
Co-authored-by: Maxim Hayes <[email protected]>

Instead, just go to the amazon q panel reauth page and display a reauth toast.
It is up to the user to initiate the auth flow.

Amazon Q 3 scopes to 5 scopes migration

#5025)

Problem: Some telemetry (auth_addConnection) is using a 'region' field instead of the built in 'awsRegion' field. This provides misleading results in telemetry, since 'awsRegion' is guessed based on toolkit usage.

Solution: Remove 'region' field and just use 'awsRegion'. Also, updating the 'awsRegion' guess function to account for amazon Q.

- Remove checking tree nodes from the region guess function, since it was unused functionality.
- If a region can't be determined, return undefined. It is up to the caller to define the default instead now.

* Chore - refactor Amazon Q Transform service utils

* Chore - rename files
- add file handler
- rename root service folder

* Chore - resolve refactor import issues

* Chore - fix upstream merge conflicts

* Chore - add updated import path

* Chore - move remaining API steps to apiHandler file

* Chore - revert startTransformByQ refactor

* chore - revert stopTransformByQ fnc location

* chore - Add direct import for model.TransformationCandidateProject statements

* Chore - push test to see CI results

* Chore - make lowercase"

* Chore - use fsPath instead

* Chore - us fsPath instead of path for humanInTheLoopManager class

* Chore - remove file from downstream fork

---------

Co-authored-by: Nick Ardecky <[email protected]>