Skip to content

fix(deps): add boto3 dependency for AWS Bedrock support#713

Open
TrishamBP wants to merge 1 commit into
usestrix:mainfrom
TrishamBP:fix/bedrock-boto3-dependency
Open

fix(deps): add boto3 dependency for AWS Bedrock support#713
TrishamBP wants to merge 1 commit into
usestrix:mainfrom
TrishamBP:fix/bedrock-boto3-dependency

Conversation

@TrishamBP

Copy link
Copy Markdown

Summary

Adds boto3 as an explicit dependency to fix AWS Bedrock provider initialization errors.

Problem

The AWS Bedrock provider imports boto3 but the package doesn't declare it as a dependency, causing ModuleNotFoundError when Bedrock is used.

Solution

  • Added boto3>=1.28.0 to pyproject.toml dependencies
  • Version constraint aligns with AWS SDK compatibility requirements

Test Plan

  • Verified Bedrock provider imports successfully
  • Tested with AWS credentials configured
  • No breaking changes to other providers

Add boto3 as a core dependency to fix ModuleNotFoundError when using
AWS Bedrock LLM provider. Update Bedrock documentation with:
- AWS SSO authentication (recommended for developers)
- Complete working examples for web and local repo scans
- Troubleshooting section for common Bedrock issues
- Clarification on AWS_REGION_NAME vs AWS_REGION

Fixes issue where users encounter "No module named 'boto3'" error
when attempting to use bedrock/ model prefixed LLMs.

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
@greptile-apps

greptile-apps Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds boto3 as an explicit dependency to fix ModuleNotFoundError when using the AWS Bedrock provider, and expands the Bedrock documentation with SSO setup, troubleshooting, and updated model IDs.

  • boto3>=1.28.0 is declared in both [project.dependencies] (core) and [project.optional-dependencies].aws, making the optional extra redundant and forcing boto3 (~15 MB botocore) onto all strix users regardless of whether they use Bedrock.
  • The Bedrock docs reference "Strix 1.0.5+" for the boto3 inclusion, but pyproject.toml still carries version 1.0.4.
  • The uv.lock update is clean and also tightens pyinstaller/macholib Python version markers.

Confidence Score: 3/5

The boto3 double-declaration makes the optional extra a no-op and silently adds a large transitive dependency for all users; resolve before merging.

The core change installs boto3 for all users via the mandatory dependencies list while simultaneously creating a redundant [aws] optional extra — the optional group is dead weight and the install footprint unexpectedly grows for non-Bedrock users.

pyproject.toml — the duplicate boto3 entry needs to be reconciled between core and optional dependencies.

Important Files Changed

Filename Overview
pyproject.toml Adds boto3>=1.28.0 as both a core dependency and an optional [aws] extra — the duplication makes the optional group a no-op and forces boto3 on all users regardless of whether they use Bedrock.
uv.lock Lock file updated with boto3 1.43.41, botocore, jmespath, s3transfer, python-dateutil, and six; also tightens pyinstaller/macholib markers to python_full_version < '3.15'.
docs/llm-providers/bedrock.mdx Expands Bedrock docs with SSO setup, troubleshooting, and model ID updates; version reference (1.0.5+) is inconsistent with the actual pyproject.toml version (1.0.4).
docs/advanced/configuration.mdx Adds AWS Bedrock env var docs (AWS_PROFILE, AWS_REGION_NAME, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) and restructures setup examples by provider — looks correct.

Comments Outside Diff (1)

  1. pyproject.toml, line 35-54 (link)

    P1 Duplicate boto3 declaration makes optional extra redundant

    boto3>=1.28.0 appears in both the core dependencies list (line 45) and in [project.optional-dependencies].aws (line 52–54). Since it is already a mandatory core dependency, every strix user gets boto3 installed regardless of whether they use Bedrock — making pip install strix[aws] a no-op that adds nothing. The aws extra was presumably added so Bedrock users could opt in without forcing a ~15 MB botocore download on all users, but that intent is defeated by also listing it in core deps. The two entries should be reconciled: either remove boto3 from dependencies and keep it only under the aws optional group, or drop the optional group entirely if the decision is to make Bedrock support mandatory.

    Prompt To Fix With AI
    This is a comment left during a code review.
    Path: pyproject.toml
    Line: 35-54
    
    Comment:
    **Duplicate `boto3` declaration makes optional extra redundant**
    
    `boto3>=1.28.0` appears in both the core `dependencies` list (line 45) and in `[project.optional-dependencies].aws` (line 52–54). Since it is already a mandatory core dependency, every strix user gets boto3 installed regardless of whether they use Bedrock — making `pip install strix[aws]` a no-op that adds nothing. The `aws` extra was presumably added so Bedrock users could opt in without forcing a ~15 MB `botocore` download on all users, but that intent is defeated by also listing it in core deps. The two entries should be reconciled: either remove boto3 from `dependencies` and keep it only under the `aws` optional group, or drop the optional group entirely if the decision is to make Bedrock support mandatory.
    
    How can I resolve this? If you propose a fix, please make it concise.

    Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
pyproject.toml:35-54
**Duplicate `boto3` declaration makes optional extra redundant**

`boto3>=1.28.0` appears in both the core `dependencies` list (line 45) and in `[project.optional-dependencies].aws` (line 52–54). Since it is already a mandatory core dependency, every strix user gets boto3 installed regardless of whether they use Bedrock — making `pip install strix[aws]` a no-op that adds nothing. The `aws` extra was presumably added so Bedrock users could opt in without forcing a ~15 MB `botocore` download on all users, but that intent is defeated by also listing it in core deps. The two entries should be reconciled: either remove boto3 from `dependencies` and keep it only under the `aws` optional group, or drop the optional group entirely if the decision is to make Bedrock support mandatory.

### Issue 2 of 2
docs/llm-providers/bedrock.mdx:70
The version number in this note doesn't match the current `pyproject.toml` version, which is still `1.0.4`. This will mislead users checking whether their installed version includes boto3.

```suggestion
3. `boto3` package (included as dependency in Strix 1.0.4+)
```

Reviews (1): Last reviewed commit: "fix(deps): add boto3 dependency for AWS ..." | Re-trigger Greptile


1. Enable model access in the AWS Bedrock console
2. Ensure your IAM role/user has `bedrock:InvokeModel` permission
3. `boto3` package (included as dependency in Strix 1.0.5+)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The version number in this note doesn't match the current pyproject.toml version, which is still 1.0.4. This will mislead users checking whether their installed version includes boto3.

Suggested change
3. `boto3` package (included as dependency in Strix 1.0.5+)
3. `boto3` package (included as dependency in Strix 1.0.4+)
Prompt To Fix With AI
This is a comment left during a code review.
Path: docs/llm-providers/bedrock.mdx
Line: 70

Comment:
The version number in this note doesn't match the current `pyproject.toml` version, which is still `1.0.4`. This will mislead users checking whether their installed version includes boto3.

```suggestion
3. `boto3` package (included as dependency in Strix 1.0.4+)
```

How can I resolve this? If you propose a fix, please make it concise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant