1use std::pin::Pin;
2use std::str::FromStr;
3use std::sync::Arc;
4
5use anyhow::{Context as _, Result, anyhow};
6use aws_config::stalled_stream_protection::StalledStreamProtectionConfig;
7use aws_config::{BehaviorVersion, Region};
8use aws_credential_types::{Credentials, Token};
9use aws_http_client::AwsHttpClient;
10use bedrock::bedrock_client::Client as BedrockClient;
11use bedrock::bedrock_client::config::timeout::TimeoutConfig;
12use bedrock::bedrock_client::types::{
13 CachePointBlock, CachePointType, ContentBlockDelta, ContentBlockStart, ConverseStreamOutput,
14 ReasoningContentBlockDelta, StopReason,
15};
16use bedrock::{
17 BedrockAnyToolChoice, BedrockAutoToolChoice, BedrockBlob, BedrockError, BedrockInnerContent,
18 BedrockMessage, BedrockModelMode, BedrockStreamingResponse, BedrockThinkingBlock,
19 BedrockThinkingTextBlock, BedrockTool, BedrockToolChoice, BedrockToolConfig,
20 BedrockToolInputSchema, BedrockToolResultBlock, BedrockToolResultContentBlock,
21 BedrockToolResultStatus, BedrockToolSpec, BedrockToolUseBlock, Model, value_to_aws_document,
22};
23use collections::{BTreeMap, HashMap};
24use credentials_provider::CredentialsProvider;
25use futures::{FutureExt, Stream, StreamExt, future::BoxFuture, stream::BoxStream};
26use gpui::{
27 AnyView, App, AsyncApp, Context, Entity, FocusHandle, Subscription, Task, Window, actions,
28};
29use gpui_tokio::Tokio;
30use http_client::HttpClient;
31use language_model::{
32 AuthenticateError, EnvVar, IconOrSvg, LanguageModel, LanguageModelCacheConfiguration,
33 LanguageModelCompletionError, LanguageModelCompletionEvent, LanguageModelId, LanguageModelName,
34 LanguageModelProvider, LanguageModelProviderId, LanguageModelProviderName,
35 LanguageModelProviderState, LanguageModelRequest, LanguageModelToolChoice,
36 LanguageModelToolResultContent, LanguageModelToolUse, MessageContent, RateLimiter, Role,
37 TokenUsage, env_var,
38};
39use schemars::JsonSchema;
40use serde::{Deserialize, Serialize};
41use serde_json::Value;
42use settings::{BedrockAvailableModel as AvailableModel, Settings, SettingsStore};
43use smol::lock::OnceCell;
44use std::sync::LazyLock;
45use strum::{EnumIter, IntoEnumIterator, IntoStaticStr};
46use ui::{ButtonLink, ConfiguredApiCard, Divider, List, ListBulletItem, prelude::*};
47use ui_input::InputField;
48use util::ResultExt;
49
50use crate::AllLanguageModelSettings;
51
52actions!(bedrock, [Tab, TabPrev]);
53
54const PROVIDER_ID: LanguageModelProviderId = LanguageModelProviderId::new("amazon-bedrock");
55const PROVIDER_NAME: LanguageModelProviderName = LanguageModelProviderName::new("Amazon Bedrock");
56
57/// Credentials stored in the keychain for static authentication.
58/// Region is handled separately since it's orthogonal to auth method.
59#[derive(Default, Clone, Deserialize, Serialize, PartialEq, Debug)]
60pub struct BedrockCredentials {
61 pub access_key_id: String,
62 pub secret_access_key: String,
63 pub session_token: Option<String>,
64 pub bearer_token: Option<String>,
65}
66
67/// Resolved authentication configuration for Bedrock.
68/// Settings take priority over UX-provided credentials.
69#[derive(Clone, Debug, PartialEq)]
70pub enum BedrockAuth {
71 /// Use default AWS credential provider chain (IMDSv2, PodIdentity, env vars, etc.)
72 Automatic,
73 /// Use AWS named profile from ~/.aws/credentials or ~/.aws/config
74 NamedProfile { profile_name: String },
75 /// Use AWS SSO profile
76 SingleSignOn { profile_name: String },
77 /// Use IAM credentials (access key + secret + optional session token)
78 IamCredentials {
79 access_key_id: String,
80 secret_access_key: String,
81 session_token: Option<String>,
82 },
83 /// Use Bedrock API Key (bearer token authentication)
84 ApiKey { api_key: String },
85}
86
87impl BedrockCredentials {
88 /// Convert stored credentials to the appropriate auth variant.
89 /// Prefers API key if present, otherwise uses IAM credentials.
90 fn into_auth(self) -> Option<BedrockAuth> {
91 if let Some(api_key) = self.bearer_token.filter(|t| !t.is_empty()) {
92 Some(BedrockAuth::ApiKey { api_key })
93 } else if !self.access_key_id.is_empty() && !self.secret_access_key.is_empty() {
94 Some(BedrockAuth::IamCredentials {
95 access_key_id: self.access_key_id,
96 secret_access_key: self.secret_access_key,
97 session_token: self.session_token.filter(|t| !t.is_empty()),
98 })
99 } else {
100 None
101 }
102 }
103}
104
105#[derive(Default, Clone, Debug, PartialEq)]
106pub struct AmazonBedrockSettings {
107 pub available_models: Vec<AvailableModel>,
108 pub region: Option<String>,
109 pub endpoint: Option<String>,
110 pub profile_name: Option<String>,
111 pub role_arn: Option<String>,
112 pub authentication_method: Option<BedrockAuthMethod>,
113 pub allow_global: Option<bool>,
114}
115
116#[derive(Clone, Debug, PartialEq, Serialize, Deserialize, EnumIter, IntoStaticStr, JsonSchema)]
117pub enum BedrockAuthMethod {
118 #[serde(rename = "named_profile")]
119 NamedProfile,
120 #[serde(rename = "sso")]
121 SingleSignOn,
122 #[serde(rename = "api_key")]
123 ApiKey,
124 /// IMDSv2, PodIdentity, env vars, etc.
125 #[serde(rename = "default")]
126 Automatic,
127}
128
129impl From<settings::BedrockAuthMethodContent> for BedrockAuthMethod {
130 fn from(value: settings::BedrockAuthMethodContent) -> Self {
131 match value {
132 settings::BedrockAuthMethodContent::SingleSignOn => BedrockAuthMethod::SingleSignOn,
133 settings::BedrockAuthMethodContent::Automatic => BedrockAuthMethod::Automatic,
134 settings::BedrockAuthMethodContent::NamedProfile => BedrockAuthMethod::NamedProfile,
135 settings::BedrockAuthMethodContent::ApiKey => BedrockAuthMethod::ApiKey,
136 }
137 }
138}
139
140#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize, JsonSchema)]
141#[serde(tag = "type", rename_all = "lowercase")]
142pub enum ModelMode {
143 #[default]
144 Default,
145 Thinking {
146 /// The maximum number of tokens to use for reasoning. Must be lower than the model's `max_output_tokens`.
147 budget_tokens: Option<u64>,
148 },
149}
150
151impl From<ModelMode> for BedrockModelMode {
152 fn from(value: ModelMode) -> Self {
153 match value {
154 ModelMode::Default => BedrockModelMode::Default,
155 ModelMode::Thinking { budget_tokens } => BedrockModelMode::Thinking { budget_tokens },
156 }
157 }
158}
159
160impl From<BedrockModelMode> for ModelMode {
161 fn from(value: BedrockModelMode) -> Self {
162 match value {
163 BedrockModelMode::Default => ModelMode::Default,
164 BedrockModelMode::Thinking { budget_tokens } => ModelMode::Thinking { budget_tokens },
165 }
166 }
167}
168
169/// The URL of the base AWS service.
170///
171/// Right now we're just using this as the key to store the AWS credentials
172/// under in the keychain.
173const AMAZON_AWS_URL: &str = "https://amazonaws.com";
174
175// These environment variables all use a `ZED_` prefix because we don't want to overwrite the user's AWS credentials.
176static ZED_BEDROCK_ACCESS_KEY_ID_VAR: LazyLock<EnvVar> = env_var!("ZED_ACCESS_KEY_ID");
177static ZED_BEDROCK_SECRET_ACCESS_KEY_VAR: LazyLock<EnvVar> = env_var!("ZED_SECRET_ACCESS_KEY");
178static ZED_BEDROCK_SESSION_TOKEN_VAR: LazyLock<EnvVar> = env_var!("ZED_SESSION_TOKEN");
179static ZED_AWS_PROFILE_VAR: LazyLock<EnvVar> = env_var!("ZED_AWS_PROFILE");
180static ZED_BEDROCK_REGION_VAR: LazyLock<EnvVar> = env_var!("ZED_AWS_REGION");
181static ZED_AWS_ENDPOINT_VAR: LazyLock<EnvVar> = env_var!("ZED_AWS_ENDPOINT");
182static ZED_BEDROCK_BEARER_TOKEN_VAR: LazyLock<EnvVar> = env_var!("ZED_BEDROCK_BEARER_TOKEN");
183
184pub struct State {
185 /// The resolved authentication method. Settings take priority over UX credentials.
186 auth: Option<BedrockAuth>,
187 /// Raw settings from settings.json
188 settings: Option<AmazonBedrockSettings>,
189 /// Whether credentials came from environment variables (only relevant for static credentials)
190 credentials_from_env: bool,
191 _subscription: Subscription,
192}
193
194impl State {
195 fn reset_auth(&self, cx: &mut Context<Self>) -> Task<Result<()>> {
196 let credentials_provider = <dyn CredentialsProvider>::global(cx);
197 cx.spawn(async move |this, cx| {
198 credentials_provider
199 .delete_credentials(AMAZON_AWS_URL, cx)
200 .await
201 .log_err();
202 this.update(cx, |this, cx| {
203 this.auth = None;
204 this.credentials_from_env = false;
205 cx.notify();
206 })
207 })
208 }
209
210 fn set_static_credentials(
211 &mut self,
212 credentials: BedrockCredentials,
213 cx: &mut Context<Self>,
214 ) -> Task<Result<()>> {
215 let auth = credentials.clone().into_auth();
216 let credentials_provider = <dyn CredentialsProvider>::global(cx);
217 cx.spawn(async move |this, cx| {
218 credentials_provider
219 .write_credentials(
220 AMAZON_AWS_URL,
221 "Bearer",
222 &serde_json::to_vec(&credentials)?,
223 cx,
224 )
225 .await?;
226 this.update(cx, |this, cx| {
227 this.auth = auth;
228 this.credentials_from_env = false;
229 cx.notify();
230 })
231 })
232 }
233
234 fn is_authenticated(&self) -> bool {
235 self.auth.is_some()
236 }
237
238 /// Resolve authentication. Settings take priority over UX-provided credentials.
239 fn authenticate(&self, cx: &mut Context<Self>) -> Task<Result<(), AuthenticateError>> {
240 if self.is_authenticated() {
241 return Task::ready(Ok(()));
242 }
243
244 // Step 1: Check if settings specify an auth method (enterprise control)
245 if let Some(settings) = &self.settings {
246 if let Some(method) = &settings.authentication_method {
247 let profile_name = settings
248 .profile_name
249 .clone()
250 .unwrap_or_else(|| "default".to_string());
251
252 let auth = match method {
253 BedrockAuthMethod::Automatic => BedrockAuth::Automatic,
254 BedrockAuthMethod::NamedProfile => BedrockAuth::NamedProfile { profile_name },
255 BedrockAuthMethod::SingleSignOn => BedrockAuth::SingleSignOn { profile_name },
256 BedrockAuthMethod::ApiKey => {
257 // ApiKey method means "use static credentials from keychain/env"
258 // Fall through to load them below
259 return self.load_static_credentials(cx);
260 }
261 };
262
263 return cx.spawn(async move |this, cx| {
264 this.update(cx, |this, cx| {
265 this.auth = Some(auth);
266 this.credentials_from_env = false;
267 cx.notify();
268 })?;
269 Ok(())
270 });
271 }
272 }
273
274 // Step 2: No settings auth method - try to load static credentials
275 self.load_static_credentials(cx)
276 }
277
278 /// Load static credentials from environment variables or keychain.
279 fn load_static_credentials(
280 &self,
281 cx: &mut Context<Self>,
282 ) -> Task<Result<(), AuthenticateError>> {
283 let credentials_provider = <dyn CredentialsProvider>::global(cx);
284 cx.spawn(async move |this, cx| {
285 // Try environment variables first
286 let (auth, from_env) = if let Some(bearer_token) = &ZED_BEDROCK_BEARER_TOKEN_VAR.value {
287 if !bearer_token.is_empty() {
288 (
289 Some(BedrockAuth::ApiKey {
290 api_key: bearer_token.to_string(),
291 }),
292 true,
293 )
294 } else {
295 (None, false)
296 }
297 } else if let Some(access_key_id) = &ZED_BEDROCK_ACCESS_KEY_ID_VAR.value {
298 if let Some(secret_access_key) = &ZED_BEDROCK_SECRET_ACCESS_KEY_VAR.value {
299 if !access_key_id.is_empty() && !secret_access_key.is_empty() {
300 let session_token = ZED_BEDROCK_SESSION_TOKEN_VAR
301 .value
302 .as_deref()
303 .filter(|s| !s.is_empty())
304 .map(|s| s.to_string());
305 (
306 Some(BedrockAuth::IamCredentials {
307 access_key_id: access_key_id.to_string(),
308 secret_access_key: secret_access_key.to_string(),
309 session_token,
310 }),
311 true,
312 )
313 } else {
314 (None, false)
315 }
316 } else {
317 (None, false)
318 }
319 } else {
320 (None, false)
321 };
322
323 // If we got auth from env vars, use it
324 if let Some(auth) = auth {
325 this.update(cx, |this, cx| {
326 this.auth = Some(auth);
327 this.credentials_from_env = from_env;
328 cx.notify();
329 })?;
330 return Ok(());
331 }
332
333 // Try keychain
334 let (_, credentials_bytes) = credentials_provider
335 .read_credentials(AMAZON_AWS_URL, cx)
336 .await?
337 .ok_or(AuthenticateError::CredentialsNotFound)?;
338
339 let credentials_str = String::from_utf8(credentials_bytes)
340 .context("invalid {PROVIDER_NAME} credentials")?;
341
342 let credentials: BedrockCredentials =
343 serde_json::from_str(&credentials_str).context("failed to parse credentials")?;
344
345 let auth = credentials
346 .into_auth()
347 .ok_or(AuthenticateError::CredentialsNotFound)?;
348
349 this.update(cx, |this, cx| {
350 this.auth = Some(auth);
351 this.credentials_from_env = false;
352 cx.notify();
353 })?;
354
355 Ok(())
356 })
357 }
358
359 /// Get the resolved region. Checks env var, then settings, then defaults to us-east-1.
360 fn get_region(&self) -> String {
361 // Priority: env var > settings > default
362 if let Some(region) = ZED_BEDROCK_REGION_VAR.value.as_deref() {
363 if !region.is_empty() {
364 return region.to_string();
365 }
366 }
367
368 self.settings
369 .as_ref()
370 .and_then(|s| s.region.clone())
371 .unwrap_or_else(|| "us-east-1".to_string())
372 }
373
374 fn get_allow_global(&self) -> bool {
375 self.settings
376 .as_ref()
377 .and_then(|s| s.allow_global)
378 .unwrap_or(false)
379 }
380}
381
382pub struct BedrockLanguageModelProvider {
383 http_client: AwsHttpClient,
384 handle: tokio::runtime::Handle,
385 state: Entity<State>,
386}
387
388impl BedrockLanguageModelProvider {
389 pub fn new(http_client: Arc<dyn HttpClient>, cx: &mut App) -> Self {
390 let state = cx.new(|cx| State {
391 auth: None,
392 settings: Some(AllLanguageModelSettings::get_global(cx).bedrock.clone()),
393 credentials_from_env: false,
394 _subscription: cx.observe_global::<SettingsStore>(|_, cx| {
395 cx.notify();
396 }),
397 });
398
399 Self {
400 http_client: AwsHttpClient::new(http_client),
401 handle: Tokio::handle(cx),
402 state,
403 }
404 }
405
406 fn create_language_model(&self, model: bedrock::Model) -> Arc<dyn LanguageModel> {
407 Arc::new(BedrockModel {
408 id: LanguageModelId::from(model.id().to_string()),
409 model,
410 http_client: self.http_client.clone(),
411 handle: self.handle.clone(),
412 state: self.state.clone(),
413 client: OnceCell::new(),
414 request_limiter: RateLimiter::new(4),
415 })
416 }
417}
418
419impl LanguageModelProvider for BedrockLanguageModelProvider {
420 fn id(&self) -> LanguageModelProviderId {
421 PROVIDER_ID
422 }
423
424 fn name(&self) -> LanguageModelProviderName {
425 PROVIDER_NAME
426 }
427
428 fn icon(&self) -> IconOrSvg {
429 IconOrSvg::Icon(IconName::AiBedrock)
430 }
431
432 fn default_model(&self, _cx: &App) -> Option<Arc<dyn LanguageModel>> {
433 Some(self.create_language_model(bedrock::Model::default()))
434 }
435
436 fn default_fast_model(&self, cx: &App) -> Option<Arc<dyn LanguageModel>> {
437 let region = self.state.read(cx).get_region();
438 Some(self.create_language_model(bedrock::Model::default_fast(region.as_str())))
439 }
440
441 fn provided_models(&self, cx: &App) -> Vec<Arc<dyn LanguageModel>> {
442 let mut models = BTreeMap::default();
443
444 for model in bedrock::Model::iter() {
445 if !matches!(model, bedrock::Model::Custom { .. }) {
446 models.insert(model.id().to_string(), model);
447 }
448 }
449
450 // Override with available models from settings
451 for model in AllLanguageModelSettings::get_global(cx)
452 .bedrock
453 .available_models
454 .iter()
455 {
456 models.insert(
457 model.name.clone(),
458 bedrock::Model::Custom {
459 name: model.name.clone(),
460 display_name: model.display_name.clone(),
461 max_tokens: model.max_tokens,
462 max_output_tokens: model.max_output_tokens,
463 default_temperature: model.default_temperature,
464 cache_configuration: model.cache_configuration.as_ref().map(|config| {
465 bedrock::BedrockModelCacheConfiguration {
466 max_cache_anchors: config.max_cache_anchors,
467 min_total_token: config.min_total_token,
468 }
469 }),
470 },
471 );
472 }
473
474 models
475 .into_values()
476 .map(|model| self.create_language_model(model))
477 .collect()
478 }
479
480 fn is_authenticated(&self, cx: &App) -> bool {
481 self.state.read(cx).is_authenticated()
482 }
483
484 fn authenticate(&self, cx: &mut App) -> Task<Result<(), AuthenticateError>> {
485 self.state.update(cx, |state, cx| state.authenticate(cx))
486 }
487
488 fn configuration_view(
489 &self,
490 _target_agent: language_model::ConfigurationViewTargetAgent,
491 window: &mut Window,
492 cx: &mut App,
493 ) -> AnyView {
494 cx.new(|cx| ConfigurationView::new(self.state.clone(), window, cx))
495 .into()
496 }
497
498 fn reset_credentials(&self, cx: &mut App) -> Task<Result<()>> {
499 self.state.update(cx, |state, cx| state.reset_auth(cx))
500 }
501}
502
503impl LanguageModelProviderState for BedrockLanguageModelProvider {
504 type ObservableEntity = State;
505
506 fn observable_entity(&self) -> Option<Entity<Self::ObservableEntity>> {
507 Some(self.state.clone())
508 }
509}
510
511struct BedrockModel {
512 id: LanguageModelId,
513 model: Model,
514 http_client: AwsHttpClient,
515 handle: tokio::runtime::Handle,
516 client: OnceCell<BedrockClient>,
517 state: Entity<State>,
518 request_limiter: RateLimiter,
519}
520
521impl BedrockModel {
522 fn get_or_init_client(&self, cx: &AsyncApp) -> anyhow::Result<&BedrockClient> {
523 self.client
524 .get_or_try_init_blocking(|| {
525 let (auth, endpoint, region) = cx.read_entity(&self.state, |state, _cx| {
526 let endpoint = state.settings.as_ref().and_then(|s| s.endpoint.clone());
527 let region = state.get_region();
528 (state.auth.clone(), endpoint, region)
529 });
530
531 let mut config_builder = aws_config::defaults(BehaviorVersion::latest())
532 .stalled_stream_protection(StalledStreamProtectionConfig::disabled())
533 .http_client(self.http_client.clone())
534 .region(Region::new(region))
535 .timeout_config(TimeoutConfig::disabled());
536
537 if let Some(endpoint_url) = endpoint
538 && !endpoint_url.is_empty()
539 {
540 config_builder = config_builder.endpoint_url(endpoint_url);
541 }
542
543 match auth {
544 Some(BedrockAuth::Automatic) | None => {
545 // Use default AWS credential provider chain
546 }
547 Some(BedrockAuth::NamedProfile { profile_name })
548 | Some(BedrockAuth::SingleSignOn { profile_name }) => {
549 if !profile_name.is_empty() {
550 config_builder = config_builder.profile_name(profile_name);
551 }
552 }
553 Some(BedrockAuth::IamCredentials {
554 access_key_id,
555 secret_access_key,
556 session_token,
557 }) => {
558 let aws_creds = Credentials::new(
559 access_key_id,
560 secret_access_key,
561 session_token,
562 None,
563 "zed-bedrock-provider",
564 );
565 config_builder = config_builder.credentials_provider(aws_creds);
566 }
567 Some(BedrockAuth::ApiKey { api_key }) => {
568 config_builder = config_builder
569 .auth_scheme_preference(["httpBearerAuth".into()]) // https://github.com/smithy-lang/smithy-rs/pull/4241
570 .token_provider(Token::new(api_key, None));
571 }
572 }
573
574 let config = self.handle.block_on(config_builder.load());
575
576 anyhow::Ok(BedrockClient::new(&config))
577 })
578 .context("initializing Bedrock client")?;
579
580 self.client.get().context("Bedrock client not initialized")
581 }
582
583 fn stream_completion(
584 &self,
585 request: bedrock::Request,
586 cx: &AsyncApp,
587 ) -> BoxFuture<
588 'static,
589 Result<BoxStream<'static, Result<BedrockStreamingResponse, BedrockError>>>,
590 > {
591 let Ok(runtime_client) = self
592 .get_or_init_client(cx)
593 .cloned()
594 .context("Bedrock client not initialized")
595 else {
596 return futures::future::ready(Err(anyhow!("App state dropped"))).boxed();
597 };
598
599 let task = Tokio::spawn(cx, bedrock::stream_completion(runtime_client, request));
600 async move { task.await.map_err(|err| anyhow!(err))? }.boxed()
601 }
602}
603
604impl LanguageModel for BedrockModel {
605 fn id(&self) -> LanguageModelId {
606 self.id.clone()
607 }
608
609 fn name(&self) -> LanguageModelName {
610 LanguageModelName::from(self.model.display_name().to_string())
611 }
612
613 fn provider_id(&self) -> LanguageModelProviderId {
614 PROVIDER_ID
615 }
616
617 fn provider_name(&self) -> LanguageModelProviderName {
618 PROVIDER_NAME
619 }
620
621 fn supports_tools(&self) -> bool {
622 self.model.supports_tool_use()
623 }
624
625 fn supports_images(&self) -> bool {
626 false
627 }
628
629 fn supports_tool_choice(&self, choice: LanguageModelToolChoice) -> bool {
630 match choice {
631 LanguageModelToolChoice::Auto | LanguageModelToolChoice::Any => {
632 self.model.supports_tool_use()
633 }
634 // Add support for None - we'll filter tool calls at response
635 LanguageModelToolChoice::None => self.model.supports_tool_use(),
636 }
637 }
638
639 fn telemetry_id(&self) -> String {
640 format!("bedrock/{}", self.model.id())
641 }
642
643 fn max_token_count(&self) -> u64 {
644 self.model.max_token_count()
645 }
646
647 fn max_output_tokens(&self) -> Option<u64> {
648 Some(self.model.max_output_tokens())
649 }
650
651 fn count_tokens(
652 &self,
653 request: LanguageModelRequest,
654 cx: &App,
655 ) -> BoxFuture<'static, Result<u64>> {
656 get_bedrock_tokens(request, cx)
657 }
658
659 fn stream_completion(
660 &self,
661 request: LanguageModelRequest,
662 cx: &AsyncApp,
663 ) -> BoxFuture<
664 'static,
665 Result<
666 BoxStream<'static, Result<LanguageModelCompletionEvent, LanguageModelCompletionError>>,
667 LanguageModelCompletionError,
668 >,
669 > {
670 let (region, allow_global) = cx.read_entity(&self.state, |state, _cx| {
671 (state.get_region(), state.get_allow_global())
672 });
673
674 let model_id = match self.model.cross_region_inference_id(®ion, allow_global) {
675 Ok(s) => s,
676 Err(e) => {
677 return async move { Err(e.into()) }.boxed();
678 }
679 };
680
681 let deny_tool_calls = request.tool_choice == Some(LanguageModelToolChoice::None);
682 let bypass_rate_limit = request.bypass_rate_limit;
683
684 let request = match into_bedrock(
685 request,
686 model_id,
687 self.model.default_temperature(),
688 self.model.max_output_tokens(),
689 self.model.mode(),
690 self.model.supports_caching(),
691 ) {
692 Ok(request) => request,
693 Err(err) => return futures::future::ready(Err(err.into())).boxed(),
694 };
695
696 let request = self.stream_completion(request, cx);
697 let future = self.request_limiter.stream_with_bypass(
698 async move {
699 let response = request.await.map_err(|err| anyhow!(err))?;
700 let events = map_to_language_model_completion_events(response);
701
702 if deny_tool_calls {
703 Ok(deny_tool_use_events(events).boxed())
704 } else {
705 Ok(events.boxed())
706 }
707 },
708 bypass_rate_limit,
709 );
710
711 async move { Ok(future.await?.boxed()) }.boxed()
712 }
713
714 fn cache_configuration(&self) -> Option<LanguageModelCacheConfiguration> {
715 self.model
716 .cache_configuration()
717 .map(|config| LanguageModelCacheConfiguration {
718 max_cache_anchors: config.max_cache_anchors,
719 should_speculate: false,
720 min_total_token: config.min_total_token,
721 })
722 }
723}
724
725fn deny_tool_use_events(
726 events: impl Stream<Item = Result<LanguageModelCompletionEvent, LanguageModelCompletionError>>,
727) -> impl Stream<Item = Result<LanguageModelCompletionEvent, LanguageModelCompletionError>> {
728 events.map(|event| {
729 match event {
730 Ok(LanguageModelCompletionEvent::ToolUse(tool_use)) => {
731 // Convert tool use to an error message if model decided to call it
732 Ok(LanguageModelCompletionEvent::Text(format!(
733 "\n\n[Error: Tool calls are disabled in this context. Attempted to call '{}']",
734 tool_use.name
735 )))
736 }
737 other => other,
738 }
739 })
740}
741
742pub fn into_bedrock(
743 request: LanguageModelRequest,
744 model: String,
745 default_temperature: f32,
746 max_output_tokens: u64,
747 mode: BedrockModelMode,
748 supports_caching: bool,
749) -> Result<bedrock::Request> {
750 let mut new_messages: Vec<BedrockMessage> = Vec::new();
751 let mut system_message = String::new();
752
753 for message in request.messages {
754 if message.contents_empty() {
755 continue;
756 }
757
758 match message.role {
759 Role::User | Role::Assistant => {
760 let mut bedrock_message_content: Vec<BedrockInnerContent> = message
761 .content
762 .into_iter()
763 .filter_map(|content| match content {
764 MessageContent::Text(text) => {
765 if !text.is_empty() {
766 Some(BedrockInnerContent::Text(text))
767 } else {
768 None
769 }
770 }
771 MessageContent::Thinking { text, signature } => {
772 if model.contains(Model::DeepSeekR1.request_id()) {
773 // DeepSeekR1 doesn't support thinking blocks
774 // And the AWS API demands that you strip them
775 return None;
776 }
777 let thinking = BedrockThinkingTextBlock::builder()
778 .text(text)
779 .set_signature(signature)
780 .build()
781 .context("failed to build reasoning block")
782 .log_err()?;
783
784 Some(BedrockInnerContent::ReasoningContent(
785 BedrockThinkingBlock::ReasoningText(thinking),
786 ))
787 }
788 MessageContent::RedactedThinking(blob) => {
789 if model.contains(Model::DeepSeekR1.request_id()) {
790 // DeepSeekR1 doesn't support thinking blocks
791 // And the AWS API demands that you strip them
792 return None;
793 }
794 let redacted =
795 BedrockThinkingBlock::RedactedContent(BedrockBlob::new(blob));
796
797 Some(BedrockInnerContent::ReasoningContent(redacted))
798 }
799 MessageContent::ToolUse(tool_use) => {
800 let input = if tool_use.input.is_null() {
801 // Bedrock API requires valid JsonValue, not null, for tool use input
802 value_to_aws_document(&serde_json::json!({}))
803 } else {
804 value_to_aws_document(&tool_use.input)
805 };
806 BedrockToolUseBlock::builder()
807 .name(tool_use.name.to_string())
808 .tool_use_id(tool_use.id.to_string())
809 .input(input)
810 .build()
811 .context("failed to build Bedrock tool use block")
812 .log_err()
813 .map(BedrockInnerContent::ToolUse)
814 },
815 MessageContent::ToolResult(tool_result) => {
816 BedrockToolResultBlock::builder()
817 .tool_use_id(tool_result.tool_use_id.to_string())
818 .content(match tool_result.content {
819 LanguageModelToolResultContent::Text(text) => {
820 BedrockToolResultContentBlock::Text(text.to_string())
821 }
822 LanguageModelToolResultContent::Image(_) => {
823 BedrockToolResultContentBlock::Text(
824 // TODO: Bedrock image support
825 "[Tool responded with an image, but Zed doesn't support these in Bedrock models yet]".to_string()
826 )
827 }
828 })
829 .status({
830 if tool_result.is_error {
831 BedrockToolResultStatus::Error
832 } else {
833 BedrockToolResultStatus::Success
834 }
835 })
836 .build()
837 .context("failed to build Bedrock tool result block")
838 .log_err()
839 .map(BedrockInnerContent::ToolResult)
840 }
841 _ => None,
842 })
843 .collect();
844 if message.cache && supports_caching {
845 bedrock_message_content.push(BedrockInnerContent::CachePoint(
846 CachePointBlock::builder()
847 .r#type(CachePointType::Default)
848 .build()
849 .context("failed to build cache point block")?,
850 ));
851 }
852 let bedrock_role = match message.role {
853 Role::User => bedrock::BedrockRole::User,
854 Role::Assistant => bedrock::BedrockRole::Assistant,
855 Role::System => unreachable!("System role should never occur here"),
856 };
857 if let Some(last_message) = new_messages.last_mut()
858 && last_message.role == bedrock_role
859 {
860 last_message.content.extend(bedrock_message_content);
861 continue;
862 }
863 new_messages.push(
864 BedrockMessage::builder()
865 .role(bedrock_role)
866 .set_content(Some(bedrock_message_content))
867 .build()
868 .context("failed to build Bedrock message")?,
869 );
870 }
871 Role::System => {
872 if !system_message.is_empty() {
873 system_message.push_str("\n\n");
874 }
875 system_message.push_str(&message.string_contents());
876 }
877 }
878 }
879
880 let mut tool_spec: Vec<BedrockTool> = request
881 .tools
882 .iter()
883 .filter_map(|tool| {
884 Some(BedrockTool::ToolSpec(
885 BedrockToolSpec::builder()
886 .name(tool.name.clone())
887 .description(tool.description.clone())
888 .input_schema(BedrockToolInputSchema::Json(value_to_aws_document(
889 &tool.input_schema,
890 )))
891 .build()
892 .log_err()?,
893 ))
894 })
895 .collect();
896
897 if !tool_spec.is_empty() && supports_caching {
898 tool_spec.push(BedrockTool::CachePoint(
899 CachePointBlock::builder()
900 .r#type(CachePointType::Default)
901 .build()
902 .context("failed to build cache point block")?,
903 ));
904 }
905
906 let tool_choice = match request.tool_choice {
907 Some(LanguageModelToolChoice::Auto) | None => {
908 BedrockToolChoice::Auto(BedrockAutoToolChoice::builder().build())
909 }
910 Some(LanguageModelToolChoice::Any) => {
911 BedrockToolChoice::Any(BedrockAnyToolChoice::builder().build())
912 }
913 Some(LanguageModelToolChoice::None) => {
914 // For None, we still use Auto but will filter out tool calls in the response
915 BedrockToolChoice::Auto(BedrockAutoToolChoice::builder().build())
916 }
917 };
918 let tool_config: BedrockToolConfig = BedrockToolConfig::builder()
919 .set_tools(Some(tool_spec))
920 .tool_choice(tool_choice)
921 .build()?;
922
923 Ok(bedrock::Request {
924 model,
925 messages: new_messages,
926 max_tokens: max_output_tokens,
927 system: Some(system_message),
928 tools: Some(tool_config),
929 thinking: if request.thinking_allowed
930 && let BedrockModelMode::Thinking { budget_tokens } = mode
931 {
932 Some(bedrock::Thinking::Enabled { budget_tokens })
933 } else {
934 None
935 },
936 metadata: None,
937 stop_sequences: Vec::new(),
938 temperature: request.temperature.or(Some(default_temperature)),
939 top_k: None,
940 top_p: None,
941 })
942}
943
944// TODO: just call the ConverseOutput.usage() method:
945// https://docs.rs/aws-sdk-bedrockruntime/latest/aws_sdk_bedrockruntime/operation/converse/struct.ConverseOutput.html#method.output
946pub fn get_bedrock_tokens(
947 request: LanguageModelRequest,
948 cx: &App,
949) -> BoxFuture<'static, Result<u64>> {
950 cx.background_executor()
951 .spawn(async move {
952 let messages = request.messages;
953 let mut tokens_from_images = 0;
954 let mut string_messages = Vec::with_capacity(messages.len());
955
956 for message in messages {
957 use language_model::MessageContent;
958
959 let mut string_contents = String::new();
960
961 for content in message.content {
962 match content {
963 MessageContent::Text(text) | MessageContent::Thinking { text, .. } => {
964 string_contents.push_str(&text);
965 }
966 MessageContent::RedactedThinking(_) => {}
967 MessageContent::Image(image) => {
968 tokens_from_images += image.estimate_tokens();
969 }
970 MessageContent::ToolUse(_tool_use) => {
971 // TODO: Estimate token usage from tool uses.
972 }
973 MessageContent::ToolResult(tool_result) => match tool_result.content {
974 LanguageModelToolResultContent::Text(text) => {
975 string_contents.push_str(&text);
976 }
977 LanguageModelToolResultContent::Image(image) => {
978 tokens_from_images += image.estimate_tokens();
979 }
980 },
981 }
982 }
983
984 if !string_contents.is_empty() {
985 string_messages.push(tiktoken_rs::ChatCompletionRequestMessage {
986 role: match message.role {
987 Role::User => "user".into(),
988 Role::Assistant => "assistant".into(),
989 Role::System => "system".into(),
990 },
991 content: Some(string_contents),
992 name: None,
993 function_call: None,
994 });
995 }
996 }
997
998 // Tiktoken doesn't yet support these models, so we manually use the
999 // same tokenizer as GPT-4.
1000 tiktoken_rs::num_tokens_from_messages("gpt-4", &string_messages)
1001 .map(|tokens| (tokens + tokens_from_images) as u64)
1002 })
1003 .boxed()
1004}
1005
1006pub fn map_to_language_model_completion_events(
1007 events: Pin<Box<dyn Send + Stream<Item = Result<BedrockStreamingResponse, BedrockError>>>>,
1008) -> impl Stream<Item = Result<LanguageModelCompletionEvent, LanguageModelCompletionError>> {
1009 struct RawToolUse {
1010 id: String,
1011 name: String,
1012 input_json: String,
1013 }
1014
1015 struct State {
1016 events: Pin<Box<dyn Send + Stream<Item = Result<BedrockStreamingResponse, BedrockError>>>>,
1017 tool_uses_by_index: HashMap<i32, RawToolUse>,
1018 }
1019
1020 let initial_state = State {
1021 events,
1022 tool_uses_by_index: HashMap::default(),
1023 };
1024
1025 futures::stream::unfold(initial_state, |mut state| async move {
1026 match state.events.next().await {
1027 Some(event_result) => match event_result {
1028 Ok(event) => {
1029 let result = match event {
1030 ConverseStreamOutput::ContentBlockDelta(cb_delta) => match cb_delta.delta {
1031 Some(ContentBlockDelta::Text(text)) => {
1032 Some(Ok(LanguageModelCompletionEvent::Text(text)))
1033 }
1034 Some(ContentBlockDelta::ToolUse(tool_output)) => {
1035 if let Some(tool_use) = state
1036 .tool_uses_by_index
1037 .get_mut(&cb_delta.content_block_index)
1038 {
1039 tool_use.input_json.push_str(tool_output.input());
1040 }
1041 None
1042 }
1043 Some(ContentBlockDelta::ReasoningContent(thinking)) => match thinking {
1044 ReasoningContentBlockDelta::Text(thoughts) => {
1045 Some(Ok(LanguageModelCompletionEvent::Thinking {
1046 text: thoughts,
1047 signature: None,
1048 }))
1049 }
1050 ReasoningContentBlockDelta::Signature(sig) => {
1051 Some(Ok(LanguageModelCompletionEvent::Thinking {
1052 text: "".into(),
1053 signature: Some(sig),
1054 }))
1055 }
1056 ReasoningContentBlockDelta::RedactedContent(redacted) => {
1057 let content = String::from_utf8(redacted.into_inner())
1058 .unwrap_or("REDACTED".to_string());
1059 Some(Ok(LanguageModelCompletionEvent::Thinking {
1060 text: content,
1061 signature: None,
1062 }))
1063 }
1064 _ => None,
1065 },
1066 _ => None,
1067 },
1068 ConverseStreamOutput::ContentBlockStart(cb_start) => {
1069 if let Some(ContentBlockStart::ToolUse(tool_start)) = cb_start.start {
1070 state.tool_uses_by_index.insert(
1071 cb_start.content_block_index,
1072 RawToolUse {
1073 id: tool_start.tool_use_id,
1074 name: tool_start.name,
1075 input_json: String::new(),
1076 },
1077 );
1078 }
1079 None
1080 }
1081 ConverseStreamOutput::ContentBlockStop(cb_stop) => state
1082 .tool_uses_by_index
1083 .remove(&cb_stop.content_block_index)
1084 .map(|tool_use| {
1085 let input = if tool_use.input_json.is_empty() {
1086 Value::Null
1087 } else {
1088 serde_json::Value::from_str(&tool_use.input_json)
1089 .unwrap_or(Value::Null)
1090 };
1091
1092 Ok(LanguageModelCompletionEvent::ToolUse(
1093 LanguageModelToolUse {
1094 id: tool_use.id.into(),
1095 name: tool_use.name.into(),
1096 is_input_complete: true,
1097 raw_input: tool_use.input_json,
1098 input,
1099 thought_signature: None,
1100 },
1101 ))
1102 }),
1103 ConverseStreamOutput::Metadata(cb_meta) => cb_meta.usage.map(|metadata| {
1104 Ok(LanguageModelCompletionEvent::UsageUpdate(TokenUsage {
1105 input_tokens: metadata.input_tokens as u64,
1106 output_tokens: metadata.output_tokens as u64,
1107 cache_creation_input_tokens: metadata
1108 .cache_write_input_tokens
1109 .unwrap_or_default()
1110 as u64,
1111 cache_read_input_tokens: metadata
1112 .cache_read_input_tokens
1113 .unwrap_or_default()
1114 as u64,
1115 }))
1116 }),
1117 ConverseStreamOutput::MessageStop(message_stop) => {
1118 let stop_reason = match message_stop.stop_reason {
1119 StopReason::ToolUse => language_model::StopReason::ToolUse,
1120 _ => language_model::StopReason::EndTurn,
1121 };
1122 Some(Ok(LanguageModelCompletionEvent::Stop(stop_reason)))
1123 }
1124 _ => None,
1125 };
1126
1127 Some((result, state))
1128 }
1129 Err(err) => Some((
1130 Some(Err(LanguageModelCompletionError::Other(anyhow!(err)))),
1131 state,
1132 )),
1133 },
1134 None => None,
1135 }
1136 })
1137 .filter_map(|result| async move { result })
1138}
1139
1140struct ConfigurationView {
1141 access_key_id_editor: Entity<InputField>,
1142 secret_access_key_editor: Entity<InputField>,
1143 session_token_editor: Entity<InputField>,
1144 bearer_token_editor: Entity<InputField>,
1145 state: Entity<State>,
1146 load_credentials_task: Option<Task<()>>,
1147 focus_handle: FocusHandle,
1148}
1149
1150impl ConfigurationView {
1151 const PLACEHOLDER_ACCESS_KEY_ID_TEXT: &'static str = "XXXXXXXXXXXXXXXX";
1152 const PLACEHOLDER_SECRET_ACCESS_KEY_TEXT: &'static str =
1153 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
1154 const PLACEHOLDER_SESSION_TOKEN_TEXT: &'static str = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
1155 const PLACEHOLDER_BEARER_TOKEN_TEXT: &'static str = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
1156
1157 fn new(state: Entity<State>, window: &mut Window, cx: &mut Context<Self>) -> Self {
1158 let focus_handle = cx.focus_handle();
1159
1160 cx.observe(&state, |_, _, cx| {
1161 cx.notify();
1162 })
1163 .detach();
1164
1165 let access_key_id_editor = cx.new(|cx| {
1166 InputField::new(window, cx, Self::PLACEHOLDER_ACCESS_KEY_ID_TEXT)
1167 .label("Access Key ID")
1168 .tab_index(0)
1169 .tab_stop(true)
1170 });
1171
1172 let secret_access_key_editor = cx.new(|cx| {
1173 InputField::new(window, cx, Self::PLACEHOLDER_SECRET_ACCESS_KEY_TEXT)
1174 .label("Secret Access Key")
1175 .tab_index(1)
1176 .tab_stop(true)
1177 });
1178
1179 let session_token_editor = cx.new(|cx| {
1180 InputField::new(window, cx, Self::PLACEHOLDER_SESSION_TOKEN_TEXT)
1181 .label("Session Token (Optional)")
1182 .tab_index(2)
1183 .tab_stop(true)
1184 });
1185
1186 let bearer_token_editor = cx.new(|cx| {
1187 InputField::new(window, cx, Self::PLACEHOLDER_BEARER_TOKEN_TEXT)
1188 .label("Bedrock API Key")
1189 .tab_index(3)
1190 .tab_stop(true)
1191 });
1192
1193 let load_credentials_task = Some(cx.spawn({
1194 let state = state.clone();
1195 async move |this, cx| {
1196 if let Some(task) = Some(state.update(cx, |state, cx| state.authenticate(cx))) {
1197 // We don't log an error, because "not signed in" is also an error.
1198 let _ = task.await;
1199 }
1200 this.update(cx, |this, cx| {
1201 this.load_credentials_task = None;
1202 cx.notify();
1203 })
1204 .log_err();
1205 }
1206 }));
1207
1208 Self {
1209 access_key_id_editor,
1210 secret_access_key_editor,
1211 session_token_editor,
1212 bearer_token_editor,
1213 state,
1214 load_credentials_task,
1215 focus_handle,
1216 }
1217 }
1218
1219 fn save_credentials(
1220 &mut self,
1221 _: &menu::Confirm,
1222 _window: &mut Window,
1223 cx: &mut Context<Self>,
1224 ) {
1225 let access_key_id = self
1226 .access_key_id_editor
1227 .read(cx)
1228 .text(cx)
1229 .trim()
1230 .to_string();
1231 let secret_access_key = self
1232 .secret_access_key_editor
1233 .read(cx)
1234 .text(cx)
1235 .trim()
1236 .to_string();
1237 let session_token = self
1238 .session_token_editor
1239 .read(cx)
1240 .text(cx)
1241 .trim()
1242 .to_string();
1243 let session_token = if session_token.is_empty() {
1244 None
1245 } else {
1246 Some(session_token)
1247 };
1248 let bearer_token = self
1249 .bearer_token_editor
1250 .read(cx)
1251 .text(cx)
1252 .trim()
1253 .to_string();
1254 let bearer_token = if bearer_token.is_empty() {
1255 None
1256 } else {
1257 Some(bearer_token)
1258 };
1259
1260 let state = self.state.clone();
1261 cx.spawn(async move |_, cx| {
1262 state
1263 .update(cx, |state, cx| {
1264 let credentials = BedrockCredentials {
1265 access_key_id,
1266 secret_access_key,
1267 session_token,
1268 bearer_token,
1269 };
1270
1271 state.set_static_credentials(credentials, cx)
1272 })
1273 .await
1274 })
1275 .detach_and_log_err(cx);
1276 }
1277
1278 fn reset_credentials(&mut self, window: &mut Window, cx: &mut Context<Self>) {
1279 self.access_key_id_editor
1280 .update(cx, |editor, cx| editor.set_text("", window, cx));
1281 self.secret_access_key_editor
1282 .update(cx, |editor, cx| editor.set_text("", window, cx));
1283 self.session_token_editor
1284 .update(cx, |editor, cx| editor.set_text("", window, cx));
1285 self.bearer_token_editor
1286 .update(cx, |editor, cx| editor.set_text("", window, cx));
1287
1288 let state = self.state.clone();
1289 cx.spawn(async move |_, cx| state.update(cx, |state, cx| state.reset_auth(cx)).await)
1290 .detach_and_log_err(cx);
1291 }
1292
1293 fn should_render_editor(&self, cx: &Context<Self>) -> bool {
1294 self.state.read(cx).is_authenticated()
1295 }
1296
1297 fn on_tab(&mut self, _: &menu::SelectNext, window: &mut Window, cx: &mut Context<Self>) {
1298 window.focus_next(cx);
1299 }
1300
1301 fn on_tab_prev(
1302 &mut self,
1303 _: &menu::SelectPrevious,
1304 window: &mut Window,
1305 cx: &mut Context<Self>,
1306 ) {
1307 window.focus_prev(cx);
1308 }
1309}
1310
1311impl Render for ConfigurationView {
1312 fn render(&mut self, _window: &mut Window, cx: &mut Context<Self>) -> impl IntoElement {
1313 let state = self.state.read(cx);
1314 let env_var_set = state.credentials_from_env;
1315 let auth = state.auth.clone();
1316 let settings_auth_method = state
1317 .settings
1318 .as_ref()
1319 .and_then(|s| s.authentication_method.clone());
1320
1321 if self.load_credentials_task.is_some() {
1322 return div().child(Label::new("Loading credentials...")).into_any();
1323 }
1324
1325 let configured_label = match &auth {
1326 Some(BedrockAuth::Automatic) => {
1327 "Using automatic credentials (AWS default chain)".into()
1328 }
1329 Some(BedrockAuth::NamedProfile { profile_name }) => {
1330 format!("Using AWS profile: {profile_name}")
1331 }
1332 Some(BedrockAuth::SingleSignOn { profile_name }) => {
1333 format!("Using AWS SSO profile: {profile_name}")
1334 }
1335 Some(BedrockAuth::IamCredentials { .. }) if env_var_set => {
1336 format!(
1337 "Using IAM credentials from {} and {} environment variables",
1338 ZED_BEDROCK_ACCESS_KEY_ID_VAR.name, ZED_BEDROCK_SECRET_ACCESS_KEY_VAR.name
1339 )
1340 }
1341 Some(BedrockAuth::IamCredentials { .. }) => "Using IAM credentials".into(),
1342 Some(BedrockAuth::ApiKey { .. }) if env_var_set => {
1343 format!(
1344 "Using Bedrock API Key from {} environment variable",
1345 ZED_BEDROCK_BEARER_TOKEN_VAR.name
1346 )
1347 }
1348 Some(BedrockAuth::ApiKey { .. }) => "Using Bedrock API Key".into(),
1349 None => "Not authenticated".into(),
1350 };
1351
1352 // Determine if credentials can be reset
1353 // Settings-derived auth (non-ApiKey) cannot be reset from UI
1354 let is_settings_derived = matches!(
1355 settings_auth_method,
1356 Some(BedrockAuthMethod::Automatic)
1357 | Some(BedrockAuthMethod::NamedProfile)
1358 | Some(BedrockAuthMethod::SingleSignOn)
1359 );
1360
1361 let tooltip_label = if env_var_set {
1362 Some(format!(
1363 "To reset your credentials, unset the {}, {}, and {} or {} environment variables.",
1364 ZED_BEDROCK_ACCESS_KEY_ID_VAR.name,
1365 ZED_BEDROCK_SECRET_ACCESS_KEY_VAR.name,
1366 ZED_BEDROCK_SESSION_TOKEN_VAR.name,
1367 ZED_BEDROCK_BEARER_TOKEN_VAR.name
1368 ))
1369 } else if is_settings_derived {
1370 Some(
1371 "Authentication method is configured in settings. Edit settings.json to change."
1372 .to_string(),
1373 )
1374 } else {
1375 None
1376 };
1377
1378 if self.should_render_editor(cx) {
1379 return ConfiguredApiCard::new(configured_label)
1380 .disabled(env_var_set || is_settings_derived)
1381 .on_click(cx.listener(|this, _, window, cx| this.reset_credentials(window, cx)))
1382 .when_some(tooltip_label, |this, label| this.tooltip_label(label))
1383 .into_any_element();
1384 }
1385
1386 v_flex()
1387 .size_full()
1388 .track_focus(&self.focus_handle)
1389 .on_action(cx.listener(Self::on_tab))
1390 .on_action(cx.listener(Self::on_tab_prev))
1391 .on_action(cx.listener(ConfigurationView::save_credentials))
1392 .child(Label::new("To use Zed's agent with Bedrock, you can set a custom authentication strategy through your settings file or use static credentials."))
1393 .child(Label::new("But first, to access models on AWS, you need to:").mt_1())
1394 .child(
1395 List::new()
1396 .child(
1397 ListBulletItem::new("")
1398 .child(Label::new(
1399 "Grant permissions to the strategy you'll use according to the:",
1400 ))
1401 .child(ButtonLink::new(
1402 "Prerequisites",
1403 "https://docs.aws.amazon.com/bedrock/latest/userguide/inference-prereq.html",
1404 )),
1405 )
1406 .child(
1407 ListBulletItem::new("")
1408 .child(Label::new("Select the models you would like access to:"))
1409 .child(ButtonLink::new(
1410 "Bedrock Model Catalog",
1411 "https://us-east-1.console.aws.amazon.com/bedrock/home?region=us-east-1#/modelaccess",
1412 )),
1413 ),
1414 )
1415 .child(self.render_static_credentials_ui())
1416 .into_any()
1417 }
1418}
1419
1420impl ConfigurationView {
1421 fn render_static_credentials_ui(&self) -> impl IntoElement {
1422 let section_header = |title: SharedString| {
1423 h_flex()
1424 .gap_2()
1425 .child(Label::new(title).size(LabelSize::Default))
1426 .child(Divider::horizontal())
1427 };
1428
1429 let list_item = List::new()
1430 .child(
1431 ListBulletItem::new("")
1432 .child(Label::new(
1433 "For access keys: Create an IAM user in the AWS console with programmatic access",
1434 ))
1435 .child(ButtonLink::new(
1436 "IAM Console",
1437 "https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/users",
1438 )),
1439 )
1440 .child(
1441 ListBulletItem::new("")
1442 .child(Label::new("For Bedrock API Keys: Generate an API key from the"))
1443 .child(ButtonLink::new(
1444 "Bedrock Console",
1445 "https://docs.aws.amazon.com/bedrock/latest/userguide/api-keys-use.html",
1446 )),
1447 )
1448 .child(
1449 ListBulletItem::new("")
1450 .child(Label::new("Attach the necessary Bedrock permissions to"))
1451 .child(ButtonLink::new(
1452 "this user",
1453 "https://docs.aws.amazon.com/bedrock/latest/userguide/inference-prereq.html",
1454 )),
1455 )
1456 .child(ListBulletItem::new(
1457 "Enter either access keys OR a Bedrock API Key below (not both)",
1458 ));
1459
1460 v_flex()
1461 .my_2()
1462 .tab_group()
1463 .gap_1p5()
1464 .child(section_header("Static Credentials".into()))
1465 .child(Label::new(
1466 "This method uses your AWS access key ID and secret access key, or a Bedrock API Key.",
1467 ))
1468 .child(list_item)
1469 .child(self.access_key_id_editor.clone())
1470 .child(self.secret_access_key_editor.clone())
1471 .child(self.session_token_editor.clone())
1472 .child(
1473 Label::new(format!(
1474 "You can also set the {}, {} and {} environment variables (or {} for Bedrock API Key authentication) and restart Zed.",
1475 ZED_BEDROCK_ACCESS_KEY_ID_VAR.name,
1476 ZED_BEDROCK_SECRET_ACCESS_KEY_VAR.name,
1477 ZED_BEDROCK_REGION_VAR.name,
1478 ZED_BEDROCK_BEARER_TOKEN_VAR.name
1479 ))
1480 .size(LabelSize::Small)
1481 .color(Color::Muted),
1482 )
1483 .child(
1484 Label::new(format!(
1485 "Optionally, if your environment uses AWS CLI profiles, you can set {}; if it requires a custom endpoint, you can set {}; and if it requires a Session Token, you can set {}.",
1486 ZED_AWS_PROFILE_VAR.name,
1487 ZED_AWS_ENDPOINT_VAR.name,
1488 ZED_BEDROCK_SESSION_TOKEN_VAR.name
1489 ))
1490 .size(LabelSize::Small)
1491 .color(Color::Muted)
1492 .mt_1()
1493 .mb_2p5(),
1494 )
1495 .child(section_header("Using the an API key".into()))
1496 .child(self.bearer_token_editor.clone())
1497 .child(
1498 Label::new(format!(
1499 "Region is configured via {} environment variable or settings.json (defaults to us-east-1).",
1500 ZED_BEDROCK_REGION_VAR.name
1501 ))
1502 .size(LabelSize::Small)
1503 .color(Color::Muted)
1504 )
1505 }
1506}