feat(amazonq): add in-context permission update for built-in tools (#2062)

* fix(amazonq): add warning to executeBash regardless perm;fix optionValue in perm fill
  with all tools

* fix: retain built-in tool permissions; bump up mynah-ui version

* fix(chat-client): add warning to shell chat card even auto-accept

* feat(amazonq): add permission for built-in tools metric to AgenticChatWithToolUse

* feat(amazonq): add telemtry when built-in tool permission update

* feat: add tool permission update in chat item card

* feat: add hyperlink in description of in-context permission card

* feat(chat-client): fix in-context dropdown

* fix(chat-client): add missing type to render the dropdown

* fix(amazonq): rename dropdown to quickSettings to be more semantic

* feat(chat-client): add quickSettings to mcp approval chat card; clean up

* feat(amazonq): re-name auto-run-command to trust-command for pairty with Kiro

* chore: refactor logic

* fix(chat-client): fix description hyperlink in permission quickSettings; clean up

* refactor: clean up code

* fix(chat-client): update text to align with mock

* feat(chat-client): add in-context permission update to Mcp tools

* feat(amazonq): add auto-approve back

* fix: agentPath in processPermissionUpdates is undefined for builtInTools

* fix(amazonq): remove in-context for mcp

Author: dungdong-aws

server/aws-lsp-codewhisperer/src/language-server/agenticChat/agenticChatController.ts

@@ -166,7 +166,7 @@ import { CancellationError, workspaceUtils } from '@aws/lsp-core'
 import { FsRead, FsReadParams } from './tools/fsRead'
 import { ListDirectory, ListDirectoryParams } from './tools/listDirectory'
 import { FsWrite, FsWriteParams } from './tools/fsWrite'
-import { ExecuteBash, ExecuteBashParams } from './tools/executeBash'
+import { commandCategories, ExecuteBash, ExecuteBashParams } from './tools/executeBash'
 import { ExplanatoryParams, InvokeOutput, ToolApprovalException } from './tools/toolShared'
 import { validatePathBasic, validatePathExists, validatePaths as validatePathsSync } from './utils/pathValidation'
 import { GrepSearch, SanitizedRipgrepOutput } from './tools/grepSearch'
@@ -233,7 +233,7 @@ import { getLatestAvailableModel } from './utils/agenticChatControllerHelper'
 import { ActiveUserTracker } from '../../shared/activeUserTracker'
 import { UserContext } from '../../client/token/codewhispererbearertokenclient'
 import { CodeWhispererServiceToken } from '../../shared/codeWhispererService'
-import { McpPermissionType } from './tools/mcp/mcpTypes'
+import { McpPermissionType, MCPServerPermission } from './tools/mcp/mcpTypes'
 import { DisplayFindings } from './tools/qCodeAnalysis/displayFindings'
 import { IdleWorkspaceManager } from '../workspaceContext/IdleWorkspaceManager'
 
@@ -407,24 +407,23 @@ export class AgenticChatController implements ChatHandlers {
             if (params.buttonId === BUTTON_TRUST_COMMAND) {
                 // get result from metadata
                 const toolName = params.metadata!['toolName']
-                const newPermission = params.metadata!['permission']
+                const new_permission = params.metadata!['permission']
                 const serverName = params.metadata!['serverName']
 
-                const currentPermission = McpManager.instance.getToolPerm(serverName, toolName)
+                const current_permission = McpManager.instance.getToolPerm(serverName, toolName)
                 // only trigger update if curren != previous
-                if (currentPermission !== newPermission) {
+                if (current_permission !== new_permission) {
                     // generate perm object
                     const perm = await this.#mcpEventHandler.generateEmptyBuiltInToolPermission()
 
                     // load updated permission
-                    perm.toolPerms[toolName] = newPermission as McpPermissionType
+                    perm.toolPerms[toolName] = new_permission as McpPermissionType
 
                     // update permission
                     try {
                         await McpManager.instance.updateServerPermission(serverName, perm)
                         // if the new permission is asks --> only update permission, dont continue
-                        // this only happen on a completed card
-                        if (newPermission === 'ask') {
+                        if (new_permission === 'ask') {
                             return {
                                 success: true,
                             }
@@ -449,7 +448,6 @@ export class AgenticChatController implements ChatHandlers {
                 params.messageId.endsWith(SUFFIX_PERMISSION)
                     ? params.messageId.replace(SUFFIX_PERMISSION, '')
                     : params.messageId
-
             const handler = session.data.getDeferredToolExecution(messageId)
             if (!handler?.reject || !handler.resolve) {
                 if (params.buttonId === BUTTON_TRUST_COMMAND) {
@@ -1460,6 +1458,18 @@ export class AgenticChatController implements ChatHandlers {
                 metric.setDimension('requestIds', metric.metric.requestIds)
                 const toolNames = this.#toolUseLatencies.map(item => item.toolName)
                 const toolUseIds = this.#toolUseLatencies.map(item => item.toolUseId)
+
+                const builtInToolNames = new Set(this.#features.agent.getBuiltInToolNames())
+                const permission: string[] = []
+
+                for (const toolName of toolNames) {
+                    if (builtInToolNames.has(toolName)) {
+                        permission.push(McpManager.instance.getToolPerm('Built-in', toolName))
+                    } else {
+                        // TODO: determine mcp-server of the current tool to get permission
+                    }
+                }
+
                 this.#telemetryController.emitAgencticLoop_InvokeLLM(
                     response.$metadata.requestId!,
                     conversationId,
@@ -1475,7 +1485,8 @@ export class AgenticChatController implements ChatHandlers {
                     this.#timeBetweenChunks,
                     session.pairProgrammingMode,
                     this.#abTestingAllocation?.experimentName,
-                    this.#abTestingAllocation?.userVariation
+                    this.#abTestingAllocation?.userVariation,
+                    permission
                 )
             } else {
                 // Send an error card to UI?
@@ -1708,6 +1719,7 @@ export class AgenticChatController implements ChatHandlers {
         promptBlockId: number,
         session: ChatSessionService,
         toolName: string,
+        commandCategory?: CommandCategory,
         tabId?: string
     ) {
         const deferred = this.#createDeferred()
@@ -1716,7 +1728,7 @@ export class AgenticChatController implements ChatHandlers {
         await deferred.promise
         // Note: we want to overwrite the button block because it already exists in the stream.
         await resultStream.overwriteResultBlock(
-            this.#getUpdateToolConfirmResult(toolUse, true, toolName, tabId),
+            this.#getUpdateToolConfirmResult(toolUse, true, toolName, undefined, commandCategory, tabId),
             promptBlockId
         )
     }
@@ -1772,6 +1784,10 @@ export class AgenticChatController implements ChatHandlers {
                         })
                     }
                 }
+
+                // for later use
+                let finalCommandCategory: CommandCategory | undefined
+
                 switch (toolUse.name) {
                     case FS_READ:
                     case LIST_DIRECTORY:
@@ -1807,6 +1823,8 @@ export class AgenticChatController implements ChatHandlers {
                             approvedPaths
                         )
 
+                        finalCommandCategory = commandCategory
+
                         const isExecuteBash = toolUse.name === EXECUTE_BASH
 
                         // check if tool execution's path is out of workspace
@@ -1837,7 +1855,7 @@ export class AgenticChatController implements ChatHandlers {
                                 warning,
                                 commandCategory,
                                 toolUse.name,
-                                undefined,
+                                builtInPermission,
                                 tabId
                             )
                             cachedButtonBlockId = await chatResultStream.writeResultBlock(confirmationResult)
@@ -1859,6 +1877,7 @@ export class AgenticChatController implements ChatHandlers {
                                     cachedButtonBlockId,
                                     session,
                                     toolUse.name,
+                                    commandCategory,
                                     tabId
                                 )
                             }
@@ -1913,7 +1932,7 @@ export class AgenticChatController implements ChatHandlers {
                                         requiresAcceptance,
                                         warning,
                                         undefined,
-                                        toolName, // Pass the original tool name here
+                                        toolName, // Pass the original tool name here,
                                         undefined,
                                         tabId
                                     )
@@ -1924,6 +1943,7 @@ export class AgenticChatController implements ChatHandlers {
                                         cachedButtonBlockId,
                                         session,
                                         toolName,
+                                        undefined,
                                         tabId
                                     )
                                 }
@@ -1976,7 +1996,7 @@ export class AgenticChatController implements ChatHandlers {
                     session.addApprovedPath(inputPath)
                 }
 
-                const ws = this.#getWritableStream(chatResultStream, toolUse)
+                const ws = this.#getWritableStream(chatResultStream, toolUse, finalCommandCategory)
                 const result = await this.#features.agent.runTool(toolUse.name, toolUse.input, token, ws)
 
                 let toolResultContent: ToolResultContentBlock
@@ -2394,7 +2414,11 @@ export class AgenticChatController implements ChatHandlers {
         })
     }
 
-    #getWritableStream(chatResultStream: AgenticChatResultStream, toolUse: ToolUse): WritableStream | undefined {
+    #getWritableStream(
+        chatResultStream: AgenticChatResultStream,
+        toolUse: ToolUse,
+        commandCategory?: CommandCategory
+    ): WritableStream | undefined {
         if (toolUse.name === CodeReview.toolName) {
             return this.#getToolOverWritableStream(chatResultStream, toolUse)
         }
@@ -2413,7 +2437,14 @@ export class AgenticChatController implements ChatHandlers {
 
         const completedHeader: ChatMessage['header'] = {
             body: 'shell',
-            status: { status: 'success', icon: 'ok', text: 'Completed' },
+            status: {
+                status: 'success',
+                icon: 'ok',
+                text: 'Completed',
+                ...(toolUse.name === EXECUTE_BASH
+                    ? { description: this.#getCommandCategoryDescription(commandCategory ?? CommandCategory.ReadOnly) }
+                    : {}),
+            },
             buttons: [],
         }
 
@@ -2465,10 +2496,11 @@ export class AgenticChatController implements ChatHandlers {
         isAccept: boolean,
         originalToolName: string,
         toolType?: string,
+        commandCategory?: CommandCategory,
         tabId?: string
     ): ChatResult {
         const toolName = originalToolName ?? (toolType || toolUse.name)
-
+        const quickSettings = this.#buildQuickSettings(toolUse, toolName!, toolType, tabId)
         // Handle bash commands with special formatting
         if (toolName === EXECUTE_BASH) {
             return {
@@ -2488,6 +2520,7 @@ export class AgenticChatController implements ChatHandlers {
                           }),
                     buttons: isAccept ? [this.#renderStopShellCommandButton()] : [],
                 },
+                quickSettings,
             }
         }
 
@@ -2775,13 +2808,8 @@ export class AgenticChatController implements ChatHandlers {
         const quickSettings = this.#buildQuickSettings(toolUse, toolName!, toolType, tabId)
         // Configure tool-specific UI elements
         switch (toolName) {
-            case EXECUTE_BASH: {
+            case 'executeBash': {
                 const commandString = (toolUse.input as unknown as ExecuteBashParams).command
-                // get feature flag
-                const shortcut =
-                    this.#features.lsp.getClientInitializeParams()?.initializationOptions?.aws?.awsClientCapabilities?.q
-                        ?.shortcut
-
                 const runKey = this.#getKeyBinding('aws.amazonq.runCmdExecution')
                 const rejectKey = this.#getKeyBinding('aws.amazonq.rejectCmdExecution')
 
@@ -2817,16 +2845,12 @@ export class AgenticChatController implements ChatHandlers {
                           : undefined
 
                 header = {
-                    status: requiresAcceptance
-                        ? {
-                              icon: statusIcon,
-                              status: statusType,
-                              position: 'left',
-                              description: this.#getCommandCategoryDescription(
-                                  commandCategory ?? CommandCategory.ReadOnly
-                              ),
-                          }
-                        : {},
+                    status: {
+                        icon: statusIcon,
+                        status: statusType,
+                        position: 'left',
+                        description: this.#getCommandCategoryDescription(commandCategory ?? CommandCategory.ReadOnly),
+                    },
                     body: 'shell',
                     buttons,
                 }
@@ -2944,6 +2968,7 @@ export class AgenticChatController implements ChatHandlers {
                 messageId: this.#getMessageIdForToolUse(toolType, toolUse),
                 header,
                 body: warning ? (toolName === EXECUTE_BASH ? '' : '\n\n') + body : body,
+                quickSettings,
             }
         } else {
             return {

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpEventHandler.ts

@@ -34,7 +34,7 @@ import { URI } from 'vscode-uri'
 interface PermissionOption {
     label: string
     value: string
-    description?: string
+    description: string
 }
 
 export class McpEventHandler {
@@ -1165,7 +1165,7 @@ export class McpEventHandler {
             case 'fsWrite':
             case 'fsReplace':
                 return 'Create or edit files.'
-            case 'qCodeReview':
+            case 'codeReview':
                 return 'Review tool analyzes code for security vulnerabilities, quality issues, and best practices across multiple programming languages.'
             default:
                 return ''
@@ -1178,12 +1178,6 @@ export class McpEventHandler {
     async #handleMcpPermissionChange(params: McpServerClickParams) {
         const serverName = params.title
 
-        // combine fsWrite and fsReplace into fsWrite
-        if (serverName === 'Built-in' && params.optionsValues?.fsWrite) {
-            // add fsReplace along
-            params.optionsValues.fsReplace = params.optionsValues.fsWrite
-        }
-
         const updatedPermissionConfig = params.optionsValues
         if (!serverName || !updatedPermissionConfig) {
             return { id: params.id }
@@ -1258,6 +1252,33 @@ export class McpEventHandler {
                     transportType: transportType,
                     languageServerVersion: this.#features.runtime.serverInfo.version,
                 })
+            } else {
+                // it's mean built-in tool, but do another extra check to confirm
+                if (serverName === 'Built-in') {
+                    let toolName: string[] = []
+                    let perm: string[] = []
+
+                    for (const [key, val] of Object.entries(permission.toolPerms)) {
+                        toolName.push(key)
+                        perm.push(val)
+                    }
+
+                    this.#telemetryController?.emitMCPServerInitializeEvent({
+                        source: 'updatePermission',
+                        command: 'Built-in',
+                        enabled: true,
+                        numTools: McpManager.instance.getAllToolsWithPermissions(serverName).length,
+                        scope:
+                            permission.__configPath__ ===
+                            getGlobalAgentConfigPath(this.#features.workspace.fs.getUserHomeDir())
+                                ? 'global'
+                                : 'workspace',
+                        transportType: '',
+                        languageServerVersion: this.#features.runtime.serverInfo.version,
+                        toolName: toolName,
+                        permission: perm,
+                    })
+                }
             }
 
             // Clear the pending permission config after applying
@@ -1398,10 +1419,11 @@ export class McpEventHandler {
      * Processes permission updates from the UI
      */
     async #processPermissionUpdates(serverName: string, updatedPermissionConfig: any, agentPath: string | undefined) {
+        const builtInToolAgentPath = await this.#getAgentPath()
         const perm: MCPServerPermission = {
             enabled: true,
             toolPerms: {},
-            __configPath__: agentPath,
+            __configPath__: serverName === 'Built-in' ? builtInToolAgentPath : agentPath,
         }
 
         // Process each tool permission setting

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpManager.ts

@@ -456,7 +456,7 @@ export class McpManager {
      */
     public isToolDisabled(server: string, tool: string): boolean {
         // built-in tools cannot be disabled
-        if (server === 'builtIn') {
+        if (server === 'Built-in') {
             return false
         }
 

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpUtils.ts

@@ -628,7 +628,8 @@ export function enabledMCP(params: InitializeParams | undefined): boolean {
 export function convertPersonaToAgent(
     persona: PersonaConfig,
     mcpServers: Record<string, MCPServerConfig>,
-    featureAgent: Agent
+    featureAgent: Agent,
+    existingAgentConfig: AgentConfig | undefined
 ): AgentConfig {
     const agent: AgentConfig = {
         name: 'default-agent',
@@ -695,12 +696,22 @@ export function convertPersonaToAgent(
         }
     }
 
-    // Add default allowed tools
-    const writeToolNames = new Set(featureAgent.getBuiltInWriteToolNames())
+    // handle permission of built-in tools
+    // check if agent config exists
     const defaultAllowedTools = featureAgent.getBuiltInToolNames().filter(toolName => toolName !== EXECUTE_BASH)
-    for (const toolName of defaultAllowedTools) {
-        if (!agent.allowedTools.includes(toolName)) {
-            agent.allowedTools.push(toolName)
+    if (!existingAgentConfig) {
+        // not yet created --> add all defaults tools
+        for (const toolName of defaultAllowedTools) {
+            if (!agent.allowedTools.includes(toolName)) {
+                agent.allowedTools.push(toolName)
+            }
+        }
+    } else {
+        // only consider tools that are not in existingAgentConfig
+        for (const toolName of defaultAllowedTools) {
+            if (!agent.allowedTools.includes(toolName) && !existingAgentConfig.tools.includes(toolName)) {
+                agent.allowedTools.push(toolName)
+            }
         }
     }
 
@@ -909,7 +920,8 @@ async function migrateConfigToAgent(
     }
 
     // Convert to agent config
-    const newAgentConfig = convertPersonaToAgent(personaConfig, serverConfigs, agent)
+    logging.info('Migrating started')
+    const newAgentConfig = convertPersonaToAgent(personaConfig, serverConfigs, agent, existingAgentConfig)
     newAgentConfig.includedFiles = ['AmazonQ.md', 'README.md', '.amazonq/rules/**/*.md']
     newAgentConfig.resources = [] // Initialize with empty array