Adds Amazon Bedrock as an LLM provider with AWS credential management and UI integration.

[Agastya18]

Key Changes
Backend: Bedrock integration in chat-helpers with AWS credential validation
Frontend: New BedrockConfigDialog with 16 AWS regions selector
Models: DeepSeek v3 (deepseek.v3-v1:0) and Qwen 3 Coder (qwen.qwen3-coder-480b-a35b-v1:0)
UI: Bedrock logo and model selection in both Playgrounds (V1 & V2)

Dependencies
Added @ai-sdk/amazon-bedrock v3.0.49

Fix: #705

Screenshot:

Demo:

Screen.Recording.2025-10-30.at.8.14.21.PM.mp4

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

server/routes/mcp/chat.ts (1)

837-844: Pass the session token into createLlmModel. Once the helper accepts it, forward requestData.bedrockSessionToken here so temporary credentials authenticate successfully instead of failing bedrock-runtime calls.

♻️ Duplicate comments (1)

client/src/components/setting/BedrockConfigDialog.tsx (1)

143-147: Harden the external docs link. Open the AWS docs with rel="noopener noreferrer" (or equivalent) to prevent exposing window.opener.

Apply this diff:

-              <button
-                onClick={() =>
-                  window.open(
-                    "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html",
-                    "_blank",
-                  )
-                }
-                className="underline hover:no-underline"
-              >
-                AWS Bedrock Docs
-              </button>
+              <a
+                href="https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html"
+                target="_blank"
+                rel="noopener noreferrer"
+                className="underline hover:no-underline"
+              >
+                AWS Bedrock Docs
+              </a>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f0f8c94 and 3b110da.

⛔ Files ignored due to path filters (2)

• client/public/bedrock_logo.png is excluded by !**/*.png
• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (15)

• client/src/components/ChatTab.tsx (1 hunks)
• client/src/components/ChatTabV2.tsx (3 hunks)
• client/src/components/SettingsTab.tsx (7 hunks)
• client/src/components/chat-v2/chat-helpers.ts (3 hunks)
• client/src/components/chat-v2/model-helpers.ts (1 hunks)
• client/src/components/chat/chat-helpers.ts (3 hunks)
• client/src/components/setting/BedrockConfigDialog.tsx (1 hunks)
• client/src/hooks/use-ai-provider-keys.ts (6 hunks)
• client/src/hooks/use-chat.ts (4 hunks)
• package.json (1 hunks)
• server/routes/mcp/chat-v2.ts (1 hunks)
• server/routes/mcp/chat.ts (2 hunks)
• server/utils/chat-helpers.ts (3 hunks)
• shared/chat-v2.ts (1 hunks)
• shared/types.ts (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (8)

• client/src/components/chat-v2/model-helpers.ts
• server/routes/mcp/chat-v2.ts
• client/src/components/chat-v2/chat-helpers.ts
• client/src/components/ChatTabV2.tsx
• client/src/components/SettingsTab.tsx
• client/src/components/chat/chat-helpers.ts
• client/src/components/ChatTab.tsx
• client/src/hooks/use-chat.ts

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Prefer interfaces for defining object shapes
Constrain generics with appropriate type bounds
Use type guards to narrow unknown or union types before usage
Enforce import ordering consistently

**/*.{ts,tsx}: Prefer named exports in TypeScript modules
Use 2-space indentation
Declare types and interfaces using PascalCase

Files:

• server/utils/chat-helpers.ts
• shared/chat-v2.ts
• client/src/hooks/use-ai-provider-keys.ts
• server/routes/mcp/chat.ts
• client/src/components/setting/BedrockConfigDialog.tsx
• shared/types.ts

server/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

server/**/*.ts: Implement robust error handling with safe error messages and log sanitization
Set appropriate security headers for backend responses
Apply rate limiting and backoff strategies to protect APIs

Use TypeScript for all backend source files

Files:

• server/utils/chat-helpers.ts
• server/routes/mcp/chat.ts

shared/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Place shared types and utilities in the shared/ directory for reuse by client and server

Files:

• shared/chat-v2.ts
• shared/types.ts

client/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (client/CLAUDE.md)

Implement strict TypeScript types: strict prop types, event types, state interfaces, and utility types

In client code, use the @/ alias for imports

Files:

• client/src/hooks/use-ai-provider-keys.ts
• client/src/components/setting/BedrockConfigDialog.tsx

client/src/{app,components,hooks}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (client/CLAUDE.md)

Use React hooks for local state: apply useState/useReducer patterns, create custom hooks, and always clean up effects

Files:

• client/src/hooks/use-ai-provider-keys.ts
• client/src/components/setting/BedrockConfigDialog.tsx

server/routes/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

server/routes/**/*.ts: Validate server responses (schema, content, status codes, headers) in route handlers
Perform input validation on incoming requests (types, sanitization, size, format)

Files:

• server/routes/mcp/chat.ts

server/{app.ts,routes/**/*.ts}

📄 CodeRabbit inference engine (server/CLAUDE.md)

Use Hono.js for API routing and middleware in the app setup and all route handlers

Files:

• server/routes/mcp/chat.ts

server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts}

📄 CodeRabbit inference engine (server/CLAUDE.md)

Implement MCP protocol using Mastra (@mastra/core, @mastra/mcp) for MCP handling, helpers, and types

Files:

• server/routes/mcp/chat.ts

server/routes/mcp/**/*.ts

📄 CodeRabbit inference engine (server/CLAUDE.md)

Place all MCP protocol handlers under server/routes/mcp

Files:

• server/routes/mcp/chat.ts

client/src/**/*.tsx

📄 CodeRabbit inference engine (CLAUDE.md)

Follow consistent React component structure in the frontend

Files:

• client/src/components/setting/BedrockConfigDialog.tsx

client/src/{app,components}/**/*.tsx

📄 CodeRabbit inference engine (client/CLAUDE.md)

client/src/{app,components}/**/*.tsx: Use React functional components with React.FC typing for all UI components and pages
Define explicit Props interfaces for components, including proper children prop handling
Type event handlers with React-provided types (e.g., React.MouseEvent, FormEvent)
Follow React 19 patterns: hooks-centric components, Suspense and Error Boundaries where appropriate, and concurrent features
Maintain component isolation: avoid excessive prop drilling, use Context wisely, favor composition, and optimize renders
Build responsive layouts using the established Tailwind breakpoint system, grids, flex, and container queries
Ensure accessibility: proper ARIA attributes, keyboard navigation, focus management, and screen reader support

Files:

• client/src/components/setting/BedrockConfigDialog.tsx

client/src/components/**/*.tsx

📄 CodeRabbit inference engine (client/CLAUDE.md)

Use Radix UI primitives for dialogs, dropdowns, form controls, and tooltips

React components in client/src/components should be functional and saved as PascalCase.tsx files

Files:

• client/src/components/setting/BedrockConfigDialog.tsx

🧠 Learnings (12)

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage AI model state: model selection, generation parameters, stream management, and history persistence

Applied to files:

• server/utils/chat-helpers.ts
• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement OpenAI integration with a dedicated API client, model configuration, robust response handling, and error recovery

Applied to files:

• server/utils/chat-helpers.ts
• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:07:08.982Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/openai/**/*.ts : Keep OpenAI integration (client setup, model management, streaming, errors) under server/routes/llm/openai

Applied to files:

• server/utils/chat-helpers.ts
• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Support Ollama local models: local setup, model management, inference options, and resource control

Applied to files:

• server/utils/chat-helpers.ts

📚 Learning: 2025-10-19T23:05:54.474Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-10-19T23:05:54.474Z
Learning: Applies to server/**/*.ts : Implement robust error handling with safe error messages and log sanitization

Applied to files:

• server/utils/chat-helpers.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,stores/chat}/**/*.{ts,tsx} : Manage chat context: track window size/tokens, prune context, and persist state

Applied to files:

• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/mcp,stores/{chat,servers}}/**/*.{ts,tsx} : Synchronize MCP state: track connections, requests, responses, and errors consistently

Applied to files:

• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{hooks/llm,components/chat}/**/*.{ts,tsx} : Handle response streaming: token processing, UI updates, cancellation, and error states

Applied to files:

• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{lib/api,hooks/llm}/**/*.{ts,tsx} : Implement Anthropic Claude integration: authentication flow, request formatting, stream processing, and rate limiting

Applied to files:

• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:06:33.450Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: client/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:06:33.450Z
Learning: Applies to client/src/{app/chat,components/chat}/**/*.tsx : Implement real-time chat: message components, input handling, stream rendering, and history management

Applied to files:

• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:07:08.982Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/{routes/mcp/**,utils/mcp-utils.ts,types/mcp.ts} : Implement MCP protocol using Mastra (mastra/core, mastra/mcp) for MCP handling, helpers, and types

Applied to files:

• server/routes/mcp/chat.ts

📚 Learning: 2025-10-19T23:07:08.982Z

Learnt from: CR
Repo: MCPJam/inspector PR: 0
File: server/CLAUDE.md:0-0
Timestamp: 2025-10-19T23:07:08.982Z
Learning: Applies to server/routes/llm/**/*.ts : Implement LLM response handling (stream processing, token counting, format validation, safety checks) within LLM route files

Applied to files:

• server/routes/mcp/chat.ts

🧬 Code graph analysis (2)

server/utils/chat-helpers.ts (1)

evals-cli/dist/index.js (1)

• apiKey (8020-8020)

client/src/components/setting/BedrockConfigDialog.tsx (4)

client/src/components/ui/dialog.tsx (6)

• Dialog (131-131)
• DialogContent (133-133)
• DialogHeader (136-136)
• DialogTitle (139-139)
• DialogDescription (134-134)
• DialogFooter (135-135)

client/src/components/ui/input.tsx (1)

• Input (21-21)

client/src/components/ui/select.tsx (5)

• Select (173-173)
• SelectTrigger (181-181)
• SelectValue (182-182)
• SelectContent (174-174)
• SelectItem (176-176)

client/src/components/ui/button.tsx (1)

• Button (59-59)

🔍 Remote MCP Context7

Additional factual context found (concise)

• Bedrock supported regions — Bedrock is available in many AWS Regions (includes us-east-1, us-west-2, ap-northeast-1, ap-south-1, eu-central-1, sa-east-1, etc.). Confirm the PR's 16-region selector covers actual Bedrock-supported regions used by customers/QA.

• Region must be specified — IAM policies can deny bedrock:InvokeModel* if aws:RequestedRegion == "unspecified". Server must ensure a non-"unspecified" region is sent to avoid IAM denials.

• Model availability is region-dependent — Supported models vary by region; callers may need to query region-specific supported-model lists or handle region-specific availability errors.

• Short-lived tokens / token generator — Amazon Bedrock supports short-term API tokens (default ~12 hours) produced via @aws/bedrock-token-generator; consider lifecycle/refresh implications if storing long-lived secrets client-side.

• Cross-region guardrails / inference routing — Bedrock guardrail profiles can route inference across source/destination regions; some inference profiles restrict destination regions. Tests should confirm model+region combinations used by PR are valid.

Sources:

• Context7 library resolution for "Amazon Bedrock" and docs (selected library ID: /websites/aws_amazon_bedrock_userguide)
• Amazon Bedrock user guide: regions, IAM policy note, supported-models/regions, token generation, and guardrails

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: prettier-and-build

🔇 Additional comments (3)

client/src/hooks/use-ai-provider-keys.ts (3)

16-18: Clean integration of Bedrock credential fields.

The interface extensions properly accommodate AWS's three-part credential structure (Access Key ID, Secret Access Key, and region), and the method signatures follow the established pattern for provider-specific configuration.

Also applies to: 36-39

---

57-59: Validation correctly enforces both AWS credentials with sensible region default.

The dual-credential check in hasToken (lines 129-131) is correct for AWS authentication, and the default region "us-east-1" with fallback logic in getBedrockRegion ensures the IAM requirement for a specified region is always satisfied.

Based on learnings.

Also applies to: 127-133

---

199-219: Implementation follows established patterns with proper memoization.

The getter/setter implementations correctly use useCallback with appropriate dependencies and maintain consistency with the existing provider-specific methods. The region fallback ensures a valid default is always available.

Also applies to: 236-239

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Expose the Bedrock session token in the dialog props. Without a sessionToken value and corresponding setter, users have no way to supply STS credentials from the UI. Add the prop so the dialog can collect it.

🤖 Prompt for AI Agents

In client/src/components/setting/BedrockConfigDialog.tsx around lines 20 to 31,
the BedrockConfigDialogProps interface is missing a sessionToken and setter so
the UI cannot accept STS session tokens; add two props: sessionToken: string and
onSessionTokenChange: (value: string) => void, then update all call sites to
pass the current session token and handler, and wire these props into the dialog
form (add the session token input bound to sessionToken and calling
onSessionTokenChange on change) so the dialog can collect STS credentials.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Update the region list to cover current Bedrock runtimes. Amazon Bedrock is now live in additional regions (Hyderabad ap-south-2, Jakarta ap-southeast-3, Melbourne ap-southeast-4, Malaysia ap-southeast-5, Thailand ap-southeast-7, Taipei ap-east-2, Zurich eu-central-2, Milan eu-south-1, Spain eu-south-2, Tel Aviv il-central-1, UAE me-central-1, São Paulo sa-east-1, etc.). The fixed 16-entry list leaves these customers without a selectable option. Please sync this array with the latest endpoint table.

🤖 Prompt for AI Agents

In client/src/components/setting/BedrockConfigDialog.tsx around lines 33 to 54,
the AWS_REGIONS array is a static 16-entry list and is missing newly supported
Bedrock regions; update this array to include the current Bedrock runtime
regions (ap-south-2, ap-southeast-3, ap-southeast-4, ap-southeast-5,
ap-southeast-7, ap-east-2, eu-central-2, eu-south-1, eu-south-2, il-central-1,
me-central-1, sa-east-1, etc.) by syncing the entries (value and human-readable
label) with the latest AWS/Bedrock endpoints table, or replace the hardcoded
list with a maintained source (config file or API) that contains the official
region list so future additions won’t be missed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Capture the session token in the UI. Please add an input field (and wiring) for the AWS session token alongside the secret key so temporary credentials work end to end.

🤖 Prompt for AI Agents

In client/src/components/setting/BedrockConfigDialog.tsx around lines 106 to
118, the UI only captures AWS secret key and lacks an input for AWS session
token needed for temporary credentials; add a new password-type Input field
labeled "AWS Session Token" with a unique id (e.g., "bedrock-session-token"),
bind it to a sessionToken state/prop value, wire onChange to call a new or
existing onSessionTokenChange handler (pass the token string), set a placeholder
like "Enter session token" and reuse className="mt-1" for spacing; also ensure
the sessionToken value is included in the component's save/submit payload or
passed up to the parent so the backend/store receives the temporary credential
along with accessKey and secretKey.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Thread AWS session token through ChatRequest. The Bedrock flow needs to carry an AWS session token for STS-issued credentials; without it, SignatureDoesNotMatch errors are guaranteed. Please add an optional bedrockSessionToken alongside the other Bedrock fields and propagate it downstream.

🤖 Prompt for AI Agents

In server/routes/mcp/chat.ts around lines 50-51, the ChatRequest type only has
bedrockRegion and bedrockSecretKey; add an optional bedrockSessionToken?: string
to the interface and propagate it wherever the other Bedrock fields are used.
Update any construction/validation of ChatRequest to accept the new field, pass
bedrockSessionToken into downstream calls that create/sign Bedrock requests
(credential objects, signer, or SDK client initialization), and include it in
any payloads or headers sent to Bedrock so STS-issued temporary credentials are
used for signing.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Support session tokens for Bedrock auth. Only threading access key ID and secret key blocks every temporary credential issued by STS; we need to accept and forward the session token to createAmazonBedrock. Propagate the extra argument and plumb it through to callers.

Apply this diff:

 export const createLlmModel = (
   modelDefinition: ModelDefinition,
   apiKey: string,
   ollamaBaseUrl?: string,
   litellmBaseUrl?: string,
-  bedrockRegion?: string,
-  bedrockSecretKey?: string,
+  bedrockRegion?: string,
+  bedrockSecretKey?: string,
+  bedrockSessionToken?: string,
 ) => {
@@
       const secretAccessKey = (
         bedrockSecretKey ||
         process.env.AWS_SECRET_ACCESS_KEY ||
         ""
       ).trim();
+      const sessionToken = (
+        bedrockSessionToken ||
+        process.env.AWS_SESSION_TOKEN ||
+        ""
+      ).trim();
@@
       return createAmazonBedrock({
         region: region.trim(),
         accessKeyId,
         secretAccessKey,
+        sessionToken: sessionToken || undefined,
       })(modelDefinition.id);

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In server/utils/chat-helpers.ts around lines 42 to 77, the Bedrock case only
reads accessKeyId and secretAccessKey and ignores AWS session tokens, which
breaks STS temporary credentials; read a session token (e.g. bedrockSessionToken
|| process.env.AWS_SESSION_TOKEN || "" and trim it), include it in the object
passed to createAmazonBedrock (e.g. add sessionToken: <value>), and update any
callers of createAmazonBedrock (and related call sites) to accept/forward the
session token so temporary credentials work end-to-end.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add bedrockSessionToken to ChatV2Request. The V2 transport must stay in sync with the MCP route so that STS credentials (access key, secret, session token) can actually reach the server.

🤖 Prompt for AI Agents

In shared/chat-v2.ts around lines 14-15, the ChatV2Request type is missing the
STS session token field; add an optional property bedrockSessionToken?: string
to the interface so the V2 transport can carry access key, secret and session
token to the server, and then update any callers/serializers/tests that
construct or validate ChatV2Request to include/pass through this new optional
field.