First-pass review (Netero). This is a mechanical first pass only; the full review panel has not yet reviewed this PR.

One P1: computer use model resolution fails when AI Gateway routing is enabled (the default).

This is a substantial routing refactor that introduces a clean aibridge transport layer, delegated API key propagation, and a well-tested migration. The error handling patterns and test coverage for the new routing code are solid. Addressing the computer use regression below will unblock the full panel review.

🤖 This review was automatically generated with Coder Agents.

Full panel review (19 reviewers). CRF-1 (R1 P1, computer use empty route) was addressed cleanly in 62c8785. Two new P1s, two P2s, eight P3s, two nits.

The centralized model construction through newModelFromConfig is a strong structural win: all model paths now route through a single choke point, making the aibridge routing decision explicit at every call site. The modelRoute value type, the migration, the API key context propagation chain, and the debug-aware model wrapping are well-designed. The test coverage for the new routing code (fail-closed subcases, context propagation, provider mapping) is thorough.

Two blockers: (1) the synthetic AIProvider at line 255 drops BaseUrl, breaking every custom-endpoint provider when the fallback flag CODER_CHAT_AI_GATEWAY_ROUTING_ENABLED=false is used, and silently confirmed by 5+ test failures; (2) EditMessage is the only user-message creation site that was not updated with .withAPIKeyID(), breaking AI Gateway routing for edited messages under default config.

"The old pattern's safety argument died when the preconditions changed." (Hisoka, on the BaseUrl loss)

coderd/x/chatd/chatd.go:2173

P1 [CRF-3] EditMessage creates a replacement user message with .withCreatedBy(opts.CreatedBy) but omits .withAPIKeyID(). Every other user-message creation site was updated: CreateChat (line 1732), insertUserMessageAndSetPending (line 4098), tryAutoPromoteQueuedMessage (line 5923), createChildSubagentChatWithOptions (subagent.go:1092). EditMessage is the only sibling missed.

With AI Gateway routing enabled (default), newModelFromConfig falls back to activeTurnAPIKeyID(ctx, chat.ID), which queries the latest user message's api_key_id. The edited message is the latest user message and its api_key_id is NULL, so the query returns empty, and newModelFromConfig returns "AI Gateway routing requires the active turn API key ID." The chat turn fails.

Also, EditMessageOptions (line 1559) lacks an APIKeyID field, and the API handler at coderd/exp_chats.go does not pass apiKey.ID.

(Pariston)

🤖

🤖 This review was automatically generated with Coder Agents.

Round 3 panel review (7 reviewers). All 16 open findings from R2 are addressed. Two new P3s.

The fixes are thorough. CRF-2 (BaseUrl drop) is resolved by adding baseURL to modelRoute via modelRouteFromAIProvider, with a test confirming the round-trip. CRF-3 (EditMessage missing API key) is wired end-to-end from the HTTP handler through to the DB. CRF-5 (strict wrapper naming) and CRF-9 (naming conventions) were consolidated into a clean rename swap. CRF-10 (key overwrite) now clones before mutation and conditionally copies. CRF-15 (test coverage) replaced activeTurnAPIKeyIDFromMessages with activeTurnAPIKeyIDFromStore and added five integration tests covering the subagent propagation paths.

Two minor items below. Neither blocks merge.

PS. This PR depends on #25625 for the aibridged handler-side delegated auth. Without it, the default-enabled aibridge routing sends the placeholder key to a handler that doesn't understand it. The deployment toggle mitigates, but verifying the merge ordering matters.

"Good stones." (Bisky, on the new test suite)

🤖 This review was automatically generated with Coder Agents.

Round 4 panel review (4 reviewers). CRF-18 and CRF-19 addressed. Two new P3s below, neither blocking.

All 19 findings from the first three rounds have been addressed. The R2 blockers (BaseUrl loss, EditMessage missing API key) are properly fixed and tested. The routing centralization through newModelFromConfig, the API key propagation chain, the fail-closed error handling, and the test coverage are all solid. The migration, config plumbing, and naming are clean.

Two minor items: the OrFallback test helpers live in production code instead of a test file, and one error message could include the model config ID to speed up operator troubleshooting. Neither affects correctness.

PS. Merge ordering with #25625 remains important; without the handler-side delegated auth, the default-enabled routing sends a placeholder key that no handler validates.

"Genuine." (Bisky, on the aibridge test suite)

🤖 This review was automatically generated with Coder Agents.

Round 5 panel review (3 reviewers). CRF-20 and CRF-21 addressed. One new P3 below, not blocking.

All 21 prior findings resolved. The test helper relocation (CRF-20) and error message improvement (CRF-21) are clean. One minor test coverage observation: the SQL integration test for GetLatestChatUserMessageAPIKeyID only exercises the compressed-summary-present branch. The no-summary branch is straightforward but untested.

The R4 APPROVE stands. 22 findings across 5 rounds, 21 resolved, 1 open P3.

🤖 This review was automatically generated with Coder Agents.

Round 6 confirmation (3 reviewers). CRF-22 addressed (no-summary SQL test branch added). Netero and all three panel reviewers report no new findings.

All 22 findings across 6 rounds are resolved. Zero open items. Clean bill.

🤖 This review was automatically generated with Coder Agents.

Round 7 confirmation (3 reviewers). Zero open findings coming in, zero new findings from Netero or the panel. All 22 findings across 7 rounds remain resolved.

Clean bill. The prior APPROVEs (R4, R5, R6) stand.

🤖 This review was automatically generated with Coder Agents.

Round 8 confirmation (3 reviewers). Third consecutive clean round. Zero open findings, zero new findings from Netero or the panel. All 22 findings across 8 rounds remain resolved.

🤖 This review was automatically generated with Coder Agents.