Merge pull request #27 from inoue22/main

STSセッショントークンのサポート（型定義の強化）

Author: daisuke-awaji

package-lock.json

@@ -67,6 +67,7 @@
     "@electron-toolkit/eslint-config-prettier": "2.0.0",
     "@electron-toolkit/eslint-config-ts": "2.0.0",
     "@electron-toolkit/tsconfig": "1.0.1",
+    "@smithy/types": "4.1.0",
     "@types/diff": "5.2.3",
     "@types/express": "4.17.21",
     "@types/jest": "29.5.12",

package.json

@@ -3,35 +3,14 @@ import { BedrockClient } from '@aws-sdk/client-bedrock'
 import { BedrockAgentRuntimeClient } from '@aws-sdk/client-bedrock-agent-runtime'
 import type { AWSCredentials } from './types'
 
-export function createRuntimeClient(credentials: AWSCredentials) {
-  const { region, accessKeyId, secretAccessKey } = credentials
-  return new BedrockRuntimeClient({
-    credentials: {
-      accessKeyId,
-      secretAccessKey
-    },
-    region
-  })
+export function createRuntimeClient(awsCredentials: AWSCredentials) {
+  return new BedrockRuntimeClient(awsCredentials)
 }
 
-export function createBedrockClient(credentials: AWSCredentials) {
-  const { region, accessKeyId, secretAccessKey } = credentials
-  return new BedrockClient({
-    credentials: {
-      accessKeyId,
-      secretAccessKey
-    },
-    region
-  })
+export function createBedrockClient(awsCredentials: AWSCredentials) {
+  return new BedrockClient(awsCredentials)
 }
 
-export function createAgentRuntimeClient(credentials: AWSCredentials) {
-  const { region, accessKeyId, secretAccessKey } = credentials
-  return new BedrockAgentRuntimeClient({
-    credentials: {
-      accessKeyId,
-      secretAccessKey
-    },
-    region
-  })
+export function createAgentRuntimeClient(awsCredentials: AWSCredentials) {
+  return new BedrockAgentRuntimeClient(awsCredentials)
 }

src/main/api/bedrock/client.ts

@@ -1,5 +1,5 @@
 import { BedrockRuntimeClient, InvokeModelCommand } from '@aws-sdk/client-bedrock-runtime'
-import type { ServiceContext } from '../types'
+import type { AWSCredentials, ServiceContext } from '../types'
 import type {
   AspectRatio,
   GenerateImageRequest,
@@ -111,18 +111,14 @@ export class ImageService {
   ]
 
   constructor(private context: ServiceContext) {
-    const { region, accessKeyId, secretAccessKey } = this.context.store.get('aws')
-    if (!accessKeyId || !secretAccessKey) {
+    const awsCredentials: AWSCredentials = this.context.store.get('aws')
+    const { credentials, region } = awsCredentials
+
+    if (!credentials || !credentials.accessKeyId || !credentials.secretAccessKey || !region) {
       console.warn('AWS credentials not configured')
     }
 
-    this.runtimeClient = new BedrockRuntimeClient({
-      credentials: {
-        accessKeyId,
-        secretAccessKey
-      },
-      region
-    })
+    this.runtimeClient = new BedrockRuntimeClient(awsCredentials)
   }
 
   private getModelType(modelId: ImageGeneratorModel): ModelType {

src/main/api/bedrock/services/imageService.ts

@@ -1,6 +1,6 @@
 import { getDefaultPromptRouter, getModelsForRegion } from '../models'
 import { getAccountId } from '../utils/awsUtils'
-import type { ServiceContext } from '../types'
+import type { AWSCredentials, ServiceContext } from '../types'
 import { BedrockSupportRegion } from '../../../../types/llm'
 
 export class ModelService {
@@ -10,14 +10,14 @@ export class ModelService {
   constructor(private context: ServiceContext) {}
 
   async listModels() {
-    const credentials = this.context.store.get('aws')
-    const { region, accessKeyId, secretAccessKey } = credentials
-    if (!region || !accessKeyId || !secretAccessKey) {
+    const awsCredentials: AWSCredentials = this.context.store.get('aws')
+    const { credentials, region } = awsCredentials
+    if (!credentials || !credentials.accessKeyId || !credentials.secretAccessKey || !region) {
       console.warn('AWS credentials not configured')
       return []
     }
 
-    const cacheKey = `${region}-${accessKeyId}`
+    const cacheKey = `${region}-${credentials.accessKeyId}`
     const cachedData = this.modelCache[cacheKey]
 
     if (
@@ -31,7 +31,7 @@ export class ModelService {
     try {
       const models = getModelsForRegion(region as BedrockSupportRegion)
 
-      const accountId = await getAccountId(credentials)
+      const accountId = await getAccountId(awsCredentials)
       const promptRouterModels = accountId ? getDefaultPromptRouter(accountId, region) : []
       const result = [...models, ...promptRouterModels]
       this.modelCache[cacheKey] = [...result, { _timestamp: Date.now() } as any]

src/main/api/bedrock/services/modelService.ts

@@ -1,4 +1,5 @@
 import { Message } from '@aws-sdk/client-bedrock-runtime'
+import type { AwsCredentialIdentity } from "@smithy/types";
 
 export type CallConverseAPIProps = {
   modelId: string
@@ -8,9 +9,8 @@ export type CallConverseAPIProps = {
 }
 
 export type AWSCredentials = {
-  region: string
-  accessKeyId: string
-  secretAccessKey: string
+  credentials: AwsCredentialIdentity;
+  region: string;
 }
 
 export type InferenceParams = {

src/main/api/bedrock/types.ts

@@ -50,16 +50,9 @@ export function getAlternateRegionOnThrottling(
   return availableRegions[randomIndex]
 }
 
-export async function getAccountId(credentials: AWSCredentials) {
+export async function getAccountId(awsCredentials: AWSCredentials) {
   try {
-    const { region, accessKeyId, secretAccessKey } = credentials
-    const sts = new STSClient({
-      credentials: {
-        accessKeyId,
-        secretAccessKey
-      },
-      region
-    })
+    const sts = new STSClient(awsCredentials)
     const command = new GetCallerIdentityCommand({})
     const res = await sts.send(command)
     return res.Account

src/main/api/bedrock/utils/awsUtils.ts

@@ -12,6 +12,7 @@ import {
   PRODUCT_DESIGNER_SYSTEM_PROMPT
 } from '@renderer/pages/ChatPage/constants/DEFAULT_AGENTS'
 import { InferenceParameters, LLM, BEDROCK_SUPPORTED_REGIONS } from '@/types/llm'
+import type { AwsCredentialIdentity } from "@smithy/types";
 
 const DEFAULT_INFERENCE_PARAMS: InferenceParameters = {
   maxTokens: 4096,
@@ -141,6 +142,8 @@ export interface SettingsContextType {
   setAwsAccessKeyId: (accessKeyId: string) => void
   awsSecretAccessKey: string
   setAwsSecretAccessKey: (secretAccessKey: string) => void
+  awsSessionToken: string
+  setAwsSessionToken: (sessionToken: string) => void
 
   // Custom Agents Settings
   customAgents: CustomAgent[]
@@ -215,6 +218,7 @@ export const SettingsProvider: React.FC<{ children: React.ReactNode }> = ({ chil
   const [awsRegion, setStateAwsRegion] = useState<string>('')
   const [awsAccessKeyId, setStateAwsAccessKeyId] = useState<string>('')
   const [awsSecretAccessKey, setStateAwsSecretAccessKey] = useState<string>('')
+  const [awsSessionToken, setStateAwsSessionToken] = useState<string>('')
 
   // Custom Agents Settings
   const [customAgents, setCustomAgents] = useState<CustomAgent[]>([])
@@ -290,6 +294,7 @@ export const SettingsProvider: React.FC<{ children: React.ReactNode }> = ({ chil
       setStateAwsRegion(awsConfig.region || '')
       setStateAwsAccessKeyId(awsConfig.accessKeyId || '')
       setStateAwsSecretAccessKey(awsConfig.secretAccessKey || '')
+      setStateAwsSessionToken(awsConfig.sessionToken || '')
     }
 
     // Load Custom Agents
@@ -442,7 +447,12 @@ export const SettingsProvider: React.FC<{ children: React.ReactNode }> = ({ chil
 
   const setAwsRegion = (region: string) => {
     setStateAwsRegion(region)
-    saveAwsConfig(region, awsAccessKeyId, awsSecretAccessKey)
+    const credentials: AwsCredentialIdentity = {
+      accessKeyId: awsAccessKeyId,
+      secretAccessKey: awsSecretAccessKey,
+      sessionToken: !awsSessionToken ? undefined : awsSessionToken
+    }
+    saveAwsConfig(credentials, region)
 
     // availableFailoverRegions をリセット
     setBedrockSettings({
@@ -457,20 +467,36 @@ export const SettingsProvider: React.FC<{ children: React.ReactNode }> = ({ chil
 
   const setAwsAccessKeyId = (accessKeyId: string) => {
     setStateAwsAccessKeyId(accessKeyId)
-    saveAwsConfig(awsRegion, accessKeyId, awsSecretAccessKey)
+    const credentials: AwsCredentialIdentity = {
+      accessKeyId,
+      secretAccessKey: awsSecretAccessKey,
+      sessionToken: !awsSessionToken ? undefined : awsSessionToken
+    }
+    saveAwsConfig(credentials, awsRegion)
   }
 
   const setAwsSecretAccessKey = (secretAccessKey: string) => {
     setStateAwsSecretAccessKey(secretAccessKey)
-    saveAwsConfig(awsRegion, awsAccessKeyId, secretAccessKey)
+    const credentials: AwsCredentialIdentity = {
+      accessKeyId: awsAccessKeyId,
+      secretAccessKey,
+      sessionToken: !awsSessionToken ? undefined : awsSessionToken
+    }
+    saveAwsConfig(credentials, awsRegion)
   }
 
-  const saveAwsConfig = (region: string, accessKeyId: string, secretAccessKey: string) => {
-    window.store.set('aws', {
-      region,
-      accessKeyId,
-      secretAccessKey
-    })
+  const setAwsSessionToken = (sessionToken: string) => {
+    setStateAwsSessionToken(sessionToken)
+    const credentials: AwsCredentialIdentity = {
+      accessKeyId: awsAccessKeyId,
+      secretAccessKey: awsSecretAccessKey,
+      sessionToken: !sessionToken ? undefined : sessionToken
+    }
+    saveAwsConfig(credentials, awsRegion)
+  }
+
+  const saveAwsConfig = (credentials: AwsCredentialIdentity, region: string) => {
+    window.store.set('aws', { credentials, region })
   }
 
   const saveCustomAgents = (agents: CustomAgent[]) => {
@@ -581,11 +607,11 @@ export const SettingsProvider: React.FC<{ children: React.ReactNode }> = ({ chil
   const currentAgent = allAgents.find((a) => a.id === selectedAgentId)
   const systemPrompt = currentAgent?.system
     ? replacePlaceholders(currentAgent?.system, {
-        projectPath,
-        allowedCommands: allowedCommands,
-        knowledgeBases: knowledgeBases,
-        bedrockAgents: bedrockAgents
-      })
+      projectPath,
+      allowedCommands: allowedCommands,
+      knowledgeBases: knowledgeBases,
+      bedrockAgents: bedrockAgents
+    })
     : ''
 
   const setTools = (newTools: ToolState[]) => {
@@ -678,6 +704,8 @@ export const SettingsProvider: React.FC<{ children: React.ReactNode }> = ({ chil
     setAwsAccessKeyId,
     awsSecretAccessKey,
     setAwsSecretAccessKey,
+    awsSessionToken,
+    setAwsSessionToken,
 
     // Custom Agents Settings
     customAgents,

src/renderer/src/contexts/SettingsContext.tsx

@@ -30,6 +30,8 @@ export const SettingPage: React.FC = () => {
     setAwsAccessKeyId,
     awsSecretAccessKey,
     setAwsSecretAccessKey,
+    awsSessionToken,
+    setAwsSessionToken,
     inferenceParams,
     updateInferenceParams,
     bedrockSettings,
@@ -72,9 +74,11 @@ export const SettingPage: React.FC = () => {
         awsRegion={awsRegion}
         awsAccessKeyId={awsAccessKeyId}
         awsSecretAccessKey={awsSecretAccessKey}
+        awsSessionToken={awsSessionToken}
         onUpdateRegion={setAwsRegion}
         onUpdateAccessKeyId={setAwsAccessKeyId}
         onUpdateSecretAccessKey={setAwsSecretAccessKey}
+        onUpdateSessionToken={setAwsSessionToken}
         currentLLM={currentLLM}
         availableModels={availableModels}
         inferenceParams={inferenceParams}

src/renderer/src/pages/SettingPage/SettingPage.tsx

@@ -14,9 +14,11 @@ interface AWSSectionProps {
   awsRegion: string
   awsAccessKeyId: string
   awsSecretAccessKey: string
+  awsSessionToken: string
   onUpdateRegion: (region: string) => void
   onUpdateAccessKeyId: (id: string) => void
   onUpdateSecretAccessKey: (key: string) => void
+  onUpdateSessionToken: (token: string) => void
 
   // Bedrock Settings
   currentLLM: LLM
@@ -40,9 +42,11 @@ export const AWSSection: React.FC<AWSSectionProps> = ({
   awsRegion,
   awsAccessKeyId,
   awsSecretAccessKey,
+  awsSessionToken,
   onUpdateRegion,
   onUpdateAccessKeyId,
   onUpdateSecretAccessKey,
+  onUpdateSessionToken,
 
   // Bedrock Settings
   currentLLM,
@@ -142,6 +146,14 @@ export const AWSSection: React.FC<AWSSectionProps> = ({
             onChange={(e) => onUpdateSecretAccessKey(e.target.value)}
           />
 
+          <SettingInput
+            label={t('AWS Session Token (optional)')}
+            type="password"
+            placeholder="****************************************"
+            value={awsSessionToken}
+            onChange={(e) => onUpdateSessionToken(e.target.value)}
+          />
+
           <SettingSelect
             label={t('AWS Region')}
             value={awsRegion}