Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025 · Dec 12, 2025 · Dec 13, 2025
diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
 return q.db.ListAIBridgeInterceptionsTelemetrySummaries(ctx, arg)
 }

 func (q *querier) ListAIBridgeModels(ctx context.Context, arg database.ListAIBridgeModelsParams) ([]string, error) {
 prep, err := prepareSQLFilter(ctx, q.auth, policy.ActionRead, rbac.ResourceAibridgeInterception.Type)
 if err != nil {
 return nil, xerrors.Errorf("(dev error) prepare sql filter: %w", err)
 }
 return q.db.ListAuthorizedAIBridgeModels(ctx, arg, prep)
 }

 func (q *querier) ListAIBridgeTokenUsagesByInterceptionIDs(ctx context.Context, interceptionIDs []uuid.UUID) ([]database.AIBridgeTokenUsage, error) {
 // This function is a system function until we implement a join for aibridge interceptions.
 // Matches the behavior of the workspaces listing endpoint.
 // database.Store interface, so dbauthz needs to implement it.
 return q.CountAIBridgeInterceptions(ctx, arg)
 }

 func (q *querier) ListAuthorizedAIBridgeModels(ctx context.Context, arg database.ListAIBridgeModelsParams, _ rbac.PreparedAuthorized) ([]string, error) {
 // TODO: Delete this function, all ListAIBridgeModels should be authorized. For now just call ListAIBridgeModels on the authz querier.
 // This cannot be deleted for now because it's included in the
 // database.Store interface, so dbauthz needs to implement it.
 return q.ListAIBridgeModels(ctx, arg)
 }
diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go
 check.Args(params, emptyPreparedAuthorized{}).Asserts()
 }))

 s.Run("ListAIBridgeModels", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
 params := database.ListAIBridgeModelsParams{}
 db.EXPECT().ListAuthorizedAIBridgeModels(gomock.Any(), params, gomock.Any()).Return([]string{}, nil).AnyTimes()
 // No asserts here because SQLFilter.
 check.Args(params).Asserts()
 }))

 s.Run("ListAuthorizedAIBridgeModels", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
 params := database.ListAIBridgeModelsParams{}
 db.EXPECT().ListAuthorizedAIBridgeModels(gomock.Any(), params, gomock.Any()).Return([]string{}, nil).AnyTimes()
 // No asserts here because SQLFilter.
 check.Args(params, emptyPreparedAuthorized{}).Asserts()
 }))

 s.Run("CountAIBridgeInterceptions", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
 params := database.CountAIBridgeInterceptionsParams{}
 db.EXPECT().CountAuthorizedAIBridgeInterceptions(gomock.Any(), params, gomock.Any()).Return(int64(0), nil).AnyTimes()
diff --git a/coderd/database/dbmetrics/querymetrics.go b/coderd/database/dbmetrics/querymetrics.go
diff --git a/coderd/database/dbmock/dbmock.go b/coderd/database/dbmock/dbmock.go
diff --git a/coderd/database/modelqueries.go b/coderd/database/modelqueries.go
 type aibridgeQuerier interface {
 ListAuthorizedAIBridgeInterceptions(ctx context.Context, arg ListAIBridgeInterceptionsParams, prepared rbac.PreparedAuthorized) ([]ListAIBridgeInterceptionsRow, error)
 CountAuthorizedAIBridgeInterceptions(ctx context.Context, arg CountAIBridgeInterceptionsParams, prepared rbac.PreparedAuthorized) (int64, error)
 ListAuthorizedAIBridgeModels(ctx context.Context, arg ListAIBridgeModelsParams, prepared rbac.PreparedAuthorized) ([]string, error)
 }

 func (q *sqlQuerier) ListAuthorizedAIBridgeInterceptions(ctx context.Context, arg ListAIBridgeInterceptionsParams, prepared rbac.PreparedAuthorized) ([]ListAIBridgeInterceptionsRow, error) {
 return count, nil
 }

 func (q *sqlQuerier) ListAuthorizedAIBridgeModels(ctx context.Context, arg ListAIBridgeModelsParams, prepared rbac.PreparedAuthorized) ([]string, error) {
 authorizedFilter, err := prepared.CompileToSQL(ctx, regosql.ConvertConfig{
 VariableConverter: regosql.AIBridgeInterceptionConverter(),
 })
 if err != nil {
 return nil, xerrors.Errorf("compile authorized filter: %w", err)
 }
 filtered, err := insertAuthorizedFilter(listAIBridgeModels, fmt.Sprintf(" AND %s", authorizedFilter))
 if err != nil {
 return nil, xerrors.Errorf("insert authorized filter: %w", err)
 }

 query := fmt.Sprintf("-- name: ListAIBridgeModels :many\n%s", filtered)
 rows, err := q.db.QueryContext(ctx, query, arg.Model, arg.Offset, arg.Limit)
 if err != nil {
 return nil, err
 }
 defer rows.Close()
 var items []string
 for rows.Next() {
 var model string
 if err := rows.Scan(&model); err != nil {
 return nil, err
 }
 items = append(items, model)
 }
 return items, nil
 }

 func insertAuthorizedFilter(query string, replaceWith string) (string, error) {
 if !strings.Contains(query, authorizedQueryPlaceholder) {
 return "", xerrors.Errorf("query does not contain authorized replace string, this is not an authorized query")
diff --git a/coderd/database/querier.go b/coderd/database/querier.go
diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go
diff --git a/coderd/database/queries/aibridge.sql b/coderd/database/queries/aibridge.sql
  (SELECT COUNT(*) FROM user_prompts) +
  (SELECT COUNT(*) FROM interceptions)
 )::bigint as total_deleted;

 -- name: ListAIBridgeModels :many
 SELECT
 model
 FROM
 aibridge_interceptions
 WHERE
 ended_at IS NOT NULL
 -- Filter model
 AND CASE
 WHEN @model::text != '' THEN aibridge_interceptions.model ILIKE '%' || @model::text || '%'
 ELSE true
 END
 -- We use an `@authorize_filter` as we are attempting to list models that are relevant
 -- to the user and what they are allowed to see.
 -- Authorize Filter clause will be injected below in ListAIBridgeModelsAuthorized
 -- @authorize_filter
 GROUP BY
 model
 LIMIT COALESCE(NULLIF(@limit_::integer, 0), 100)
 OFFSET @offset_
 ;
diff --git a/coderd/searchquery/search.go b/coderd/searchquery/search.go
 return filter, parser.Errors
 }

 func AIBridgeModels(query string, page codersdk.Pagination) (database.ListAIBridgeModelsParams, []codersdk.ValidationError) {
 // nolint:exhaustruct // Empty values just means "don't filter by that field".
 filter := database.ListAIBridgeModelsParams{
 // #nosec G115 - Safe conversion for pagination offset which is expected to be within int32 range
 Offset: int32(page.Offset),
 // #nosec G115 - Safe conversion for pagination limit which is expected to be within int32 range
 Limit: int32(page.Limit),
 }

 if query == "" {
 return filter, nil
 }

 values, errors := searchTerms(query, func(term string, values url.Values) error {
 // Defaults to the `model` if no `key:value` pair is provided.
 values.Add("model", term)
 return nil
 })
 if len(errors) > 0 {
 return filter, errors
 }

 parser := httpapi.NewQueryParamParser()
 filter.Model = parser.String(values, "", "model")

 parser.ErrorExcessParams(values)
 return filter, parser.Errors
 }

 // Tasks parses a search query for tasks.
 //
 // Supported query parameters:
diff --git a/docs/reference/api/aibridge.md b/docs/reference/api/aibridge.md
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4674,6 +4674,14 @@ func (q *querier) ListAIBridgeInterceptionsTelemetrySummaries(ctx context.Contex
		return q.db.ListAIBridgeInterceptionsTelemetrySummaries(ctx, arg)
		}

		func (q *querier) ListAIBridgeModels(ctx context.Context, arg database.ListAIBridgeModelsParams) ([]string, error) {
		prep, err := prepareSQLFilter(ctx, q.auth, policy.ActionRead, rbac.ResourceAibridgeInterception.Type)
		if err != nil {
		return nil, xerrors.Errorf("(dev error) prepare sql filter: %w", err)
		}
		return q.db.ListAuthorizedAIBridgeModels(ctx, arg, prep)
		}

		func (q *querier) ListAIBridgeTokenUsagesByInterceptionIDs(ctx context.Context, interceptionIDs []uuid.UUID) ([]database.AIBridgeTokenUsage, error) {
		// This function is a system function until we implement a join for aibridge interceptions.
		// Matches the behavior of the workspaces listing endpoint.
Expand DownExpand Up		@@ -6183,3 +6191,10 @@ func (q *querier) CountAuthorizedAIBridgeInterceptions(ctx context.Context, arg
		// database.Store interface, so dbauthz needs to implement it.
		return q.CountAIBridgeInterceptions(ctx, arg)
		}

		func (q *querier) ListAuthorizedAIBridgeModels(ctx context.Context, arg database.ListAIBridgeModelsParams, _ rbac.PreparedAuthorized) ([]string, error) {
		// TODO: Delete this function, all ListAIBridgeModels should be authorized. For now just call ListAIBridgeModels on the authz querier.
		// This cannot be deleted for now because it's included in the
		// database.Store interface, so dbauthz needs to implement it.
		return q.ListAIBridgeModels(ctx, arg)
		}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4662,6 +4662,20 @@ func (s *MethodTestSuite) TestAIBridge() {
		check.Args(params, emptyPreparedAuthorized{}).Asserts()
		}))

		s.Run("ListAIBridgeModels", s.Mocked(func(db dbmock.MockStore, faker gofakeit.Faker, check *expects) {
		params := database.ListAIBridgeModelsParams{}
		db.EXPECT().ListAuthorizedAIBridgeModels(gomock.Any(), params, gomock.Any()).Return([]string{}, nil).AnyTimes()
		// No asserts here because SQLFilter.
		check.Args(params).Asserts()
		}))

		s.Run("ListAuthorizedAIBridgeModels", s.Mocked(func(db dbmock.MockStore, faker gofakeit.Faker, check *expects) {
		params := database.ListAIBridgeModelsParams{}
		db.EXPECT().ListAuthorizedAIBridgeModels(gomock.Any(), params, gomock.Any()).Return([]string{}, nil).AnyTimes()
		// No asserts here because SQLFilter.
		check.Args(params, emptyPreparedAuthorized{}).Asserts()
		}))

		s.Run("CountAIBridgeInterceptions", s.Mocked(func(db dbmock.MockStore, faker gofakeit.Faker, check *expects) {
		params := database.CountAIBridgeInterceptionsParams{}
		db.EXPECT().CountAuthorizedAIBridgeInterceptions(gomock.Any(), params, gomock.Any()).Return(int64(0), nil).AnyTimes()
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -768,6 +768,7 @@ func (q *sqlQuerier) CountAuthorizedConnectionLogs(ctx context.Context, arg Coun
		type aibridgeQuerier interface {
		ListAuthorizedAIBridgeInterceptions(ctx context.Context, arg ListAIBridgeInterceptionsParams, prepared rbac.PreparedAuthorized) ([]ListAIBridgeInterceptionsRow, error)
		CountAuthorizedAIBridgeInterceptions(ctx context.Context, arg CountAIBridgeInterceptionsParams, prepared rbac.PreparedAuthorized) (int64, error)
		ListAuthorizedAIBridgeModels(ctx context.Context, arg ListAIBridgeModelsParams, prepared rbac.PreparedAuthorized) ([]string, error)
		}

		func (q *sqlQuerier) ListAuthorizedAIBridgeInterceptions(ctx context.Context, arg ListAIBridgeInterceptionsParams, prepared rbac.PreparedAuthorized) ([]ListAIBridgeInterceptionsRow, error) {
Expand DownExpand Up		@@ -866,6 +867,35 @@ func (q *sqlQuerier) CountAuthorizedAIBridgeInterceptions(ctx context.Context, a
		return count, nil
		}

		func (q *sqlQuerier) ListAuthorizedAIBridgeModels(ctx context.Context, arg ListAIBridgeModelsParams, prepared rbac.PreparedAuthorized) ([]string, error) {
		authorizedFilter, err := prepared.CompileToSQL(ctx, regosql.ConvertConfig{
		VariableConverter: regosql.AIBridgeInterceptionConverter(),
		})
		if err != nil {
		return nil, xerrors.Errorf("compile authorized filter: %w", err)
		}
		filtered, err := insertAuthorizedFilter(listAIBridgeModels, fmt.Sprintf(" AND %s", authorizedFilter))
		if err != nil {
		return nil, xerrors.Errorf("insert authorized filter: %w", err)
		}

		query := fmt.Sprintf("-- name: ListAIBridgeModels :many\n%s", filtered)
Copy link Contributor pawbanaDec 19, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. nit:`-- name: ListAuthorizedAIBridgeModels`
		rows, err := q.db.QueryContext(ctx, query, arg.Model, arg.Offset, arg.Limit)
		if err != nil {
		return nil, err
		}
		defer rows.Close()
		var items []string
		for rows.Next() {
		var model string
		if err := rows.Scan(&model); err != nil {
		return nil, err
		}
		items = append(items, model)
		}
		return items, nil
		}

		func insertAuthorizedFilter(query string, replaceWith string) (string, error) {
		if !strings.Contains(query, authorizedQueryPlaceholder) {
		return "", xerrors.Errorf("query does not contain authorized replace string, this is not an authorized query")
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -366,3 +366,25 @@ SELECT (
		(SELECT COUNT(*) FROM user_prompts) +
		(SELECT COUNT(*) FROM interceptions)
		)::bigint as total_deleted;

		-- name: ListAIBridgeModels :many
		SELECT
		model
		FROM
		aibridge_interceptions
		WHERE
		ended_at IS NOT NULL
		-- Filter model
		AND CASE
		WHEN @model::text != '' THEN aibridge_interceptions.model ILIKE '%' \|\| @model::text \|\| '%'
Copy link Contributor pawbanaDec 19, 2025• edited Loading Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I'm a bit confused why we would want to filter model by model name? There shouldn't be that many unique models? Could we return all models and filter in the frontend (in doogfood there are distinct 28 models now)? Problem with filtering by text in backend is efficiency,`aibridge_interceptions` table can be quite large. If I understand correctly, current code will do full table scan. To use existing B-tree index on`model` column filtering should be case sensitive prefix matching:`aibridge_interceptions.model LIKE @model::text \|\| '%'` or different index needs to be created:https://www.postgresql.org/docs/current/pgtrgm.html#PGTRGM-INDEX Also if I understand correctly authorization will add some WHERE initiator_id = "..." clause. There is no composite index but I don't think it matters that much in this case as there are single column indexes on both initiator_id and model columns.
		ELSE true
		END
		-- We use an `@authorize_filter` as we are attempting to list models that are relevant
		-- to the user and what they are allowed to see.
		-- Authorize Filter clause will be injected below in ListAIBridgeModelsAuthorized
		-- @authorize_filter
		GROUP BY
		model
Copy link Contributor pawbanaDec 19, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. nit: SELECT DISTINCT model could be used instead of GROUP BY model for me it is a bit easier to read.
		LIMIT COALESCE(NULLIF(@limit_::integer, 0), 100)
		OFFSET @offset_
		;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -391,6 +391,35 @@ func AIBridgeInterceptions(ctx context.Context, db database.Store, query string,
		return filter, parser.Errors
		}

		func AIBridgeModels(query string, page codersdk.Pagination) (database.ListAIBridgeModelsParams, []codersdk.ValidationError) {
		// nolint:exhaustruct // Empty values just means "don't filter by that field".
		filter := database.ListAIBridgeModelsParams{
		// #nosec G115 - Safe conversion for pagination offset which is expected to be within int32 range
		Offset: int32(page.Offset),
		// #nosec G115 - Safe conversion for pagination limit which is expected to be within int32 range
		Limit: int32(page.Limit),
		}

		if query == "" {
		return filter, nil
		}

		values, errors := searchTerms(query, func(term string, values url.Values) error {
		// Defaults to the `model` if no `key:value` pair is provided.
		values.Add("model", term)
		return nil
		})
		if len(errors) > 0 {
		return filter, errors
		}

		parser := httpapi.NewQueryParamParser()
		filter.Model = parser.String(values, "", "model")

		parser.ErrorExcessParams(values)
		return filter, parser.Errors
		}

		// Tasks parses a search query for tasks.
		//
		// Supported query parameters:
Expand Down