dannykopping
diff --git a/‎aibridged/aibridged.go
Lines changed: 10 additions & 0 deletions b/‎aibridged/aibridged.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎aibridged/bridge.go
Lines changed: 44 additions & 2 deletions b/‎aibridged/bridge.go
Lines changed: 44 additions & 2 deletions
diff --git a/‎aibridged/bridge_integration_test.go
Lines changed: 35 additions & 4 deletions b/‎aibridged/bridge_integration_test.go
Lines changed: 35 additions & 4 deletions
diff --git a/‎aibridged/middleware.go
Lines changed: 7 additions & 2 deletions b/‎aibridged/middleware.go
Lines changed: 7 additions & 2 deletions
@@ -149,6 +149,16 @@ func (s *Server) Client() (proto.DRPCAIBridgeDaemonClient, error) {
 	}
 }
 
+func (s *Server) StartSession(ctx context.Context, in *proto.StartSessionRequest) (*proto.StartSessionResponse, error) {
+	out, err := clientDoWithRetries(ctx, s.Client, func(ctx context.Context, client proto.DRPCAIBridgeDaemonClient) (*proto.StartSessionResponse, error) {
+		return client.StartSession(ctx, in)
+	})
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 func (s *Server) TrackTokenUsage(ctx context.Context, in *proto.TrackTokenUsageRequest) (*proto.TrackTokenUsageResponse, error) {
 	out, err := clientDoWithRetries(ctx, s.Client, func(ctx context.Context, client proto.DRPCAIBridgeDaemonClient) (*proto.TrackTokenUsageResponse, error) {
 		return client.TrackTokenUsage(ctx, in)
 
@@ -11,6 +11,8 @@ import (
 
 	"cdr.dev/slog"
 
+	"github.com/google/uuid"
+
 	"github.com/coder/coder/v2/aibridged/proto"
 	"github.com/coder/coder/v2/codersdk"
 )
@@ -109,7 +111,27 @@ func handleOpenAIChat(provider *OpenAIChatProvider, drpcClient proto.DRPCAIBridg
 			sess = provider.NewBlockingSession(req)
 		}
 
-		sessID := sess.Init(logger, provider.baseURL, provider.key, NewDRPCTracker(drpcClient), NewInjectedToolManager(tools))
+		userID, ok := r.Context().Value(ContextKeyBridgeUserID{}).(uuid.UUID)
+		if !ok {
+			logger.Error(r.Context(), "missing initiator ID in context")
+			http.Error(w, "unable to retrieve initiator", http.StatusInternalServerError)
+			return
+		}
+
+		resp, err := drpcClient.StartSession(r.Context(), &proto.StartSessionRequest{
+			InitiatorId: userID.String(),
+			Provider:    "openai",
+			Model:       req.Model,
+		})
+		if err != nil {
+			logger.Error(r.Context(), "failed to start session", slog.Error(err))
+			http.Error(w, "failed to start session", http.StatusInternalServerError)
+			return
+		}
+
+		sessID := resp.GetSessionId()
+
+		sess.Init(sessID, logger, provider.baseURL, provider.key, NewDRPCTracker(drpcClient), NewInjectedToolManager(tools))
 		logger.Debug(context.Background(), "starting openai session", slog.F("session_id", sessID))
 
 		defer func() {
@@ -153,7 +175,27 @@ func handleAnthropicMessages(provider *AnthropicMessagesProvider, drpcClient pro
 			sess = provider.NewBlockingSession(req)
 		}
 
-		sessID := sess.Init(logger, provider.baseURL, provider.key, NewDRPCTracker(drpcClient), NewInjectedToolManager(tools))
+		userID, ok := r.Context().Value(ContextKeyBridgeUserID{}).(uuid.UUID)
+		if !ok {
+			logger.Error(r.Context(), "missing initiator ID in context")
+			http.Error(w, "unable to retrieve initiator", http.StatusInternalServerError)
+			return
+		}
+
+		resp, err := drpcClient.StartSession(r.Context(), &proto.StartSessionRequest{
+			InitiatorId: userID.String(),
+			Provider:    "anthropic",
+			Model:       string(req.Model),
+		})
+		if err != nil {
+			logger.Error(r.Context(), "failed to start session", slog.Error(err))
+			http.Error(w, "failed to start session", http.StatusInternalServerError)
+			return
+		}
+
+		sessID := resp.GetSessionId()
+
+		sess.Init(sessID, logger, provider.baseURL, provider.key, NewDRPCTracker(drpcClient), NewInjectedToolManager(tools))
 		logger.Debug(context.Background(), "starting anthropic messages session", slog.F("session_id", sessID))
 
 		defer func() {
 
@@ -130,7 +130,7 @@ func TestAnthropicMessages(t *testing.T) {
 				}, nil)
 				require.NoError(t, err)
 
-				mockSrv := httptest.NewServer(b.Handler())
+				mockSrv := httptest.NewServer(withInitiator(getCurrentUserID(t, client), b.Handler()))
 				// Make API call to aibridge for Anthropic /v1/messages
 				req := createAnthropicMessagesReq(t, mockSrv.URL, reqBody)
 				client := &http.Client{}
@@ -234,7 +234,7 @@ func TestOpenAIChatCompletions(t *testing.T) {
 				}, nil)
 				require.NoError(t, err)
 
-				mockSrv := httptest.NewServer(b.Handler())
+				mockSrv := httptest.NewServer(withInitiator(getCurrentUserID(t, client), b.Handler()))
 				// Make API call to aibridge for OpenAI /v1/chat/completions
 				req := createOpenAIChatCompletionsReq(t, mockSrv.URL, reqBody)
 
@@ -426,7 +426,7 @@ func TestSimple(t *testing.T) {
 					b, err := tc.configureFunc(srv.URL, coderdClient)
 					require.NoError(t, err)
 
-					mockSrv := httptest.NewServer(b.Handler())
+					mockSrv := httptest.NewServer(withInitiator(getCurrentUserID(t, client), b.Handler()))
 					// When: calling the "API server" with the fixture's request body.
 					req := tc.createRequest(t, mockSrv.URL, reqBody)
 					client := &http.Client{}
@@ -681,7 +681,7 @@ func TestInjectedTool(t *testing.T) {
 					require.NoError(t, err)
 
 					// Invoke request to mocked API via aibridge.
-					bridgeSrv := httptest.NewServer(b.Handler())
+					bridgeSrv := httptest.NewServer(withInitiator(getCurrentUserID(t, client), b.Handler()))
 					t.Cleanup(bridgeSrv.Close)
 
 					req := tc.createRequest(t, bridgeSrv.URL, reqBody)
@@ -846,9 +846,12 @@ func newMockServer(ctx context.Context, t *testing.T, files archiveFileMap, resp
 	return ms
 }
 
+var _ proto.DRPCAIBridgeDaemonClient = &fakeBridgeDaemonClient{}
+
 type fakeBridgeDaemonClient struct {
 	mu sync.Mutex
 
+	sessions    []*proto.StartSessionRequest
 	tokenUsages []*proto.TrackTokenUsageRequest
 	userPrompts []*proto.TrackUserPromptRequest
 	toolUsages  []*proto.TrackToolUsageRequest
@@ -859,6 +862,17 @@ func (*fakeBridgeDaemonClient) DRPCConn() drpc.Conn {
 	return conn
 }
 
+// StartSession implements proto.DRPCAIBridgeDaemonClient.
+func (f *fakeBridgeDaemonClient) StartSession(ctx context.Context, in *proto.StartSessionRequest) (*proto.StartSessionResponse, error) {
+	f.mu.Lock()
+	defer f.mu.Unlock()
+	f.sessions = append(f.sessions, in)
+
+	return &proto.StartSessionResponse{
+		SessionId: uuid.NewString(),
+	}, nil
+}
+
 func (f *fakeBridgeDaemonClient) TrackTokenUsage(ctx context.Context, in *proto.TrackTokenUsageRequest) (*proto.TrackTokenUsageResponse, error) {
 	f.mu.Lock()
 	defer f.mu.Unlock()
@@ -903,3 +917,20 @@ func createMockMCPSrv(t *testing.T) http.Handler {
 
 	return server.NewStreamableHTTPServer(s)
 }
+
+// withInitiator wraps a handler injecting the Bridge user ID into context.
+// TODO: this is only necessary because we're not exercising the real API's middleware, which may hide some problems.
+func withInitiator(userID uuid.UUID, next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := context.WithValue(r.Context(), aibridged.ContextKeyBridgeUserID{}, userID)
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+func getCurrentUserID(t *testing.T, client *codersdk.Client) uuid.UUID {
+	t.Helper()
+
+	me, err := client.User(t.Context(), "me")
+	require.NoError(t, err)
+	return me.ID
+}
@@ -11,6 +11,7 @@ import (
 )
 
 type ContextKeyBridgeAPIKey struct{}
+type ContextKeyBridgeUserID struct{}
 
 // AuthMiddleware extracts and validates authorization tokens for AI bridge endpoints.
 // It supports both Bearer tokens in Authorization headers and Coder session tokens
@@ -28,7 +29,7 @@ func AuthMiddleware(db database.Store) func(http.Handler) http.Handler {
 			}
 
 			// Validate token using httpmw.APIKeyFromRequest
-			_, _, ok := httpmw.APIKeyFromRequest(ctx, db, func(r *http.Request) string {
+			key, _, ok := httpmw.APIKeyFromRequest(ctx, db, func(r *http.Request) string {
 				return token
 			}, &http.Request{})
 
@@ -37,8 +38,12 @@ func AuthMiddleware(db database.Store) func(http.Handler) http.Handler {
 				return
 			}
 
+			ctx = context.WithValue(
+				context.WithValue(ctx, ContextKeyBridgeUserID{}, key.UserID),
+				ContextKeyBridgeAPIKey{}, token)
+
 			// Pass request with modify context including the request token.
-			next.ServeHTTP(rw, r.WithContext(context.WithValue(ctx, ContextKeyBridgeAPIKey{}, token)))
+			next.ServeHTTP(rw, r.WithContext(ctx))
 		})
 	}
 }
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ import (`
`11`	`11`	`)`
`12`	`12`
`13`	`13`	`type ContextKeyBridgeAPIKey struct{}`
	`14`	`+type ContextKeyBridgeUserID struct{}`
`14`	`15`
`15`	`16`	`// AuthMiddleware extracts and validates authorization tokens for AI bridge endpoints.`
`16`	`17`	`// It supports both Bearer tokens in Authorization headers and Coder session tokens`
`@@ -28,7 +29,7 @@ func AuthMiddleware(db database.Store) func(http.Handler) http.Handler {`
`28`	`29`	`}`
`29`	`30`
`30`	`31`	`// Validate token using httpmw.APIKeyFromRequest`
`31`		`- _, _, ok := httpmw.APIKeyFromRequest(ctx, db, func(r *http.Request) string {`
	`32`	`+ key, _, ok := httpmw.APIKeyFromRequest(ctx, db, func(r *http.Request) string {`
`32`	`33`	`return token`
`33`	`34`	`}, &http.Request{})`
`34`	`35`
`@@ -37,8 +38,12 @@ func AuthMiddleware(db database.Store) func(http.Handler) http.Handler {`
`37`	`38`	`return`
`38`	`39`	`}`
`39`	`40`
	`41`	`+ ctx = context.WithValue(`
	`42`	`+ context.WithValue(ctx, ContextKeyBridgeUserID{}, key.UserID),`
	`43`	`+ ContextKeyBridgeAPIKey{}, token)`
	`44`	`+`
`40`	`45`	`// Pass request with modify context including the request token.`
`41`		`- next.ServeHTTP(rw, r.WithContext(context.WithValue(ctx, ContextKeyBridgeAPIKey{}, token)))`
	`46`	`+ next.ServeHTTP(rw, r.WithContext(ctx))`
`42`	`47`	`})`
`43`	`48`	`}`
`44`	`49`	`}`