coder
diff --git a/‎coderd/ai_providers.go‎
Lines changed: 4 additions & 0 deletions b/‎coderd/ai_providers.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/ai_providers_pubsub.go‎
Lines changed: 33 additions & 0 deletions b/‎coderd/ai_providers_pubsub.go‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎coderd/ai_providers_pubsub_test.go‎
Lines changed: 76 additions & 0 deletions b/‎coderd/ai_providers_pubsub_test.go‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎enterprise/aibridged/aibridged.go‎
Lines changed: 17 additions & 0 deletions b/‎enterprise/aibridged/aibridged.go‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎enterprise/aibridged/aibridgedmock/poolmock.go‎
Lines changed: 13 additions & 0 deletions b/‎enterprise/aibridged/aibridgedmock/poolmock.go‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎enterprise/aibridged/pool.go‎
Lines changed: 55 additions & 11 deletions b/‎enterprise/aibridged/pool.go‎
Lines changed: 55 additions & 11 deletions
@@ -235,6 +235,7 @@ func (api *API) aiProvidersCreate(rw http.ResponseWriter, r *http.Request) {
 	aReq.New = row
 
 	auditAIProviderKeyChanges(ctx, r, *auditor, api.Logger, aiProviderKeyChanges{Added: keys})
+	publishAIProvidersChanged(ctx, api.Pubsub, api.Logger)
 
 	sdk, err := db2sdk.AIProvider(row, keys)
 	if err != nil {
@@ -400,6 +401,7 @@ func (api *API) aiProvidersUpdate(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	auditAIProviderKeyChanges(ctx, r, *auditor, api.Logger, keyChanges)
+	publishAIProvidersChanged(ctx, api.Pubsub, api.Logger)
 
 	sdk, err := db2sdk.AIProvider(updated, keys)
 	if err != nil {
@@ -453,6 +455,8 @@ func (api *API) aiProvidersDelete(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	publishAIProvidersChanged(ctx, api.Pubsub, api.Logger)
+
 	rw.WriteHeader(http.StatusNoContent)
 }
 
 
@@ -0,0 +1,33 @@
+package coderd
+
+import (
+	"context"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/coderd/database/pubsub"
+)
+
+// AIProvidersChangedChannel is the pubsub channel published whenever an
+// ai_providers or ai_provider_keys row is inserted, updated, or
+// soft-deleted via the API. Subscribers (currently aibridged in every
+// replica, but the channel is provider-generic) refresh their cached
+// state by re-querying the database.
+//
+// Messages have no payload; receivers re-read the rows themselves.
+// This keeps the channel agnostic to dbcrypt-key changes and avoids
+// bus traffic carrying secrets.
+const AIProvidersChangedChannel = "ai_providers_changed"
+
+// publishAIProvidersChanged publishes a notification on the providers-
+// changed channel. Errors are logged but never returned to callers; a
+// missed notification only delays consumers catching up to the new
+// state, and the next mutation will retry.
+func publishAIProvidersChanged(ctx context.Context, ps pubsub.Pubsub, logger slog.Logger) {
+	if ps == nil {
+		return
+	}
+	if err := ps.Publish(AIProvidersChangedChannel, nil); err != nil {
+		logger.Warn(ctx, "failed to publish ai_providers_changed",
+			slog.Error(err))
+	}
+}
@@ -0,0 +1,76 @@
+package coderd_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/coderd"
+	"github.com/coder/coder/v2/coderd/coderdtest"
+	"github.com/coder/coder/v2/coderd/database/dbtestutil"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/testutil"
+)
+
+// TestAIProvidersPubsubPublish verifies that mutating an AI provider
+// publishes on the AIProvidersChangedChannel so each replica's
+// RequestBridge pool can invalidate.
+func TestAIProvidersPubsubPublish(t *testing.T) {
+	t.Parallel()
+
+	db, ps := dbtestutil.NewDB(t)
+	client := coderdtest.New(t, &coderdtest.Options{
+		Database: db,
+		Pubsub:   ps,
+	})
+	_ = coderdtest.CreateFirstUser(t, client)
+	ctx := testutil.Context(t, testutil.WaitLong)
+
+	notified := make(chan struct{}, 4)
+	cancel, err := ps.Subscribe(coderd.AIProvidersChangedChannel, func(_ context.Context, _ []byte) {
+		select {
+		case notified <- struct{}{}:
+		default:
+		}
+	})
+	require.NoError(t, err)
+	t.Cleanup(cancel)
+
+	// Create publishes.
+	//nolint:gocritic // Owner role is the audience for this endpoint.
+	created, err := client.CreateAIProvider(ctx, codersdk.CreateAIProviderRequest{
+		Type:    codersdk.AIProviderTypeOpenAI,
+		Name:    "pubsub-test",
+		Enabled: true,
+		BaseURL: "https://api.openai.com/v1",
+	})
+	require.NoError(t, err)
+	select {
+	case <-notified:
+	case <-ctx.Done():
+		t.Fatalf("timed out waiting for pubsub notify after create")
+	}
+
+	// Update publishes.
+	display := "Renamed"
+	//nolint:gocritic // Owner role is the audience for this endpoint.
+	_, err = client.UpdateAIProvider(ctx, created.Name, codersdk.UpdateAIProviderRequest{
+		DisplayName: &display,
+	})
+	require.NoError(t, err)
+	select {
+	case <-notified:
+	case <-ctx.Done():
+		t.Fatalf("timed out waiting for pubsub notify after update")
+	}
+
+	// Delete publishes.
+	//nolint:gocritic // Owner role is the audience for this endpoint.
+	require.NoError(t, client.DeleteAIProvider(ctx, created.Name))
+	select {
+	case <-notified:
+	case <-ctx.Done():
+		t.Fatalf("timed out waiting for pubsub notify after delete")
+	}
+}
@@ -12,6 +12,7 @@ import (
 	"golang.org/x/xerrors"
 
 	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/aibridge"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/retry"
 )
@@ -154,6 +155,22 @@ func (s *Server) GetRequestHandler(ctx context.Context, req Request) (http.Handl
 	return reqBridge, nil
 }
 
+// Reload swaps the providers used to construct future RequestBridge
+// instances and invalidates the existing cache. It is the entry
+// point that the CLI subscribes to ai_providers_changed pubsub
+// events on.
+//
+// Reload is safe to call concurrently with serving requests; existing
+// in-flight requests continue against their previously-cached
+// bridge until completion, while subsequent requests get a freshly-
+// built bridge using the new provider set.
+func (s *Server) Reload(providers []aibridge.Provider) {
+	if s.requestBridgePool == nil {
+		return
+	}
+	s.requestBridgePool.Reload(providers)
+}
+
 // isShutdown returns whether the Server is shutdown or not.
 func (s *Server) isShutdown() bool {
 	select {
 
@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/dgraph-io/ristretto/v2"
@@ -26,6 +27,7 @@ const (
 // One [*aibridge.RequestBridge] instance is created per given key.
 type Pooler interface {
 	Acquire(ctx context.Context, req Request, clientFn ClientFunc, mcpBootstrapper MCPProxyBuilder) (http.Handler, error)
+	Reload(providers []aibridge.Provider)
 	Shutdown(ctx context.Context) error
 }
 
@@ -46,8 +48,12 @@ var DefaultPoolOptions = PoolOptions{MaxItems: 5000, TTL: time.Minute * 15}
 var _ Pooler = &CachedBridgePool{}
 
 type CachedBridgePool struct {
-	cache     *ristretto.Cache[string, *aibridge.RequestBridge]
-	providers []aibridge.Provider
+	cache *ristretto.Cache[string, *aibridge.RequestBridge]
+	// providers holds an atomic slice of aibridge.Provider. Use
+	// loadProviders() to read and Reload() to swap. The atomic
+	// indirection lets us hot-swap the live provider set in
+	// response to configuration changes without locking the cache.
+	providers atomic.Pointer[[]aibridge.Provider]
 	logger    slog.Logger
 	options   PoolOptions
 
@@ -85,18 +91,20 @@ func NewCachedBridgePool(options PoolOptions, providers []aibridge.Provider, log
 		return nil, xerrors.Errorf("create cache: %w", err)
 	}
 
-	return &CachedBridgePool{
-		cache:     cache,
-		providers: providers,
-		options:   options,
-		metrics:   metrics,
-		tracer:    tracer,
-		logger:    logger,
+	pool := &CachedBridgePool{
+		cache:   cache,
+		options: options,
+		metrics: metrics,
+		tracer:  tracer,
+		logger:  logger,
 
 		singleflight: &singleflight.Group[string, *aibridge.RequestBridge]{},
 
 		shuttingDownCh: make(chan struct{}),
-	}, nil
+	}
+	copied := append([]aibridge.Provider(nil), providers...)
+	pool.providers.Store(&copied)
+	return pool, nil
 }
 
 // Acquire retrieves or creates a [*aibridge.RequestBridge] instance per given key.
@@ -171,7 +179,7 @@ func (p *CachedBridgePool) Acquire(ctx context.Context, req Request, clientFn Cl
 			}
 		}
 
-		bridge, err := aibridge.NewRequestBridge(ctx, p.providers, recorder, mcpServers, p.logger, p.metrics, p.tracer)
+		bridge, err := aibridge.NewRequestBridge(ctx, p.loadProviders(), recorder, mcpServers, p.logger, p.metrics, p.tracer)
 		if err != nil {
 			return nil, xerrors.Errorf("create new request bridge: %w", err)
 		}
@@ -184,6 +192,42 @@ func (p *CachedBridgePool) Acquire(ctx context.Context, req Request, clientFn Cl
 	return instance, err
 }
 
+// Reload swaps the providers used to construct future RequestBridge
+// instances and clears the cache. Existing in-flight requests
+// continue against their previously-cached bridge until completion;
+// the next Acquire returns a freshly-built bridge using the new
+// providers slice.
+//
+// Reload is safe to call concurrently with Acquire.
+func (p *CachedBridgePool) Reload(providers []aibridge.Provider) {
+	select {
+	case <-p.shuttingDownCh:
+		return
+	default:
+	}
+	copied := append([]aibridge.Provider(nil), providers...)
+	p.providers.Store(&copied)
+	// Clear evicts every cached bridge; OnEvict will gracefully
+	// shut each one down in the background. Wait for buffered
+	// writes to drain so a Reload immediately followed by an
+	// Acquire always sees the cleared cache.
+	p.cache.Clear()
+	p.cache.Wait()
+	p.logger.Info(context.Background(), "request bridge pool reloaded",
+		slog.F("provider_count", len(copied)),
+	)
+}
+
+// loadProviders returns the current providers slice. The returned
+// slice must not be mutated.
+func (p *CachedBridgePool) loadProviders() []aibridge.Provider {
+	ptr := p.providers.Load()
+	if ptr == nil {
+		return nil
+	}
+	return *ptr
+}
+
 func (p *CachedBridgePool) CacheMetrics() PoolMetrics {
 	if p.cache == nil {
 		return nil
Original file line number	Diff line number	Diff line change
`@@ -235,6 +235,7 @@ func (api API) aiProvidersCreate(rw http.ResponseWriter, r http.Request) {`
`235`	`235`	`aReq.New = row`
`236`	`236`
`237`	`237`	`auditAIProviderKeyChanges(ctx, r, *auditor, api.Logger, aiProviderKeyChanges{Added: keys})`
	`238`	`+ publishAIProvidersChanged(ctx, api.Pubsub, api.Logger)`
`238`	`239`
`239`	`240`	`sdk, err := db2sdk.AIProvider(row, keys)`
`240`	`241`	`if err != nil {`
`@@ -400,6 +401,7 @@ func (api API) aiProvidersUpdate(rw http.ResponseWriter, r http.Request) {`
`400`	`401`	`}`
`401`	`402`
`402`	`403`	`auditAIProviderKeyChanges(ctx, r, *auditor, api.Logger, keyChanges)`
	`404`	`+ publishAIProvidersChanged(ctx, api.Pubsub, api.Logger)`
`403`	`405`
`404`	`406`	`sdk, err := db2sdk.AIProvider(updated, keys)`
`405`	`407`	`if err != nil {`
`@@ -453,6 +455,8 @@ func (api API) aiProvidersDelete(rw http.ResponseWriter, r http.Request) {`
`453`	`455`	`return`
`454`	`456`	`}`
`455`	`457`
	`458`	`+ publishAIProvidersChanged(ctx, api.Pubsub, api.Logger)`
	`459`	`+`
`456`	`460`	`rw.WriteHeader(http.StatusNoContent)`
`457`	`461`	`}`
`458`	`462`