coder
diff --git a/‎cli/server.go‎
Lines changed: 1 addition & 1 deletion b/‎cli/server.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/testdata/coder_server_--help.golden‎
Lines changed: 9 additions & 5 deletions b/‎cli/testdata/coder_server_--help.golden‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎cli/testdata/server-config.yaml.golden‎
Lines changed: 6 additions & 2 deletions b/‎cli/testdata/server-config.yaml.golden‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎coderd/apidoc/docs.go‎
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/docs.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json‎
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/swagger.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go‎
Lines changed: 8 additions & 1 deletion b/‎coderd/database/dbauthz/dbauthz.go‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go‎
Lines changed: 6 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz_test.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/database/dbmetrics/querymetrics.go‎
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbmetrics/querymetrics.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dbmock/dbmock.go‎
Lines changed: 15 additions & 0 deletions b/‎coderd/database/dbmock/dbmock.go‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎coderd/database/dbpurge/dbpurge.go‎
Lines changed: 10 additions & 1 deletion b/‎coderd/database/dbpurge/dbpurge.go‎
Lines changed: 10 additions & 1 deletion
@@ -1029,7 +1029,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 			defer shutdownConns()
 
 			// Ensures that old database entries are cleaned up over time!
-			purger := dbpurge.New(ctx, logger.Named("dbpurge"), options.Database, quartz.NewReal())
+			purger := dbpurge.New(ctx, logger.Named("dbpurge"), options.Database, options.DeploymentValues, quartz.NewReal())
 			defer purger.Close()
 
 			// Updates workspace usage
 
@@ -81,11 +81,6 @@ OPTIONS:
           check is performed once per day.
 
 AIBRIDGE OPTIONS: 
-      --aibridge-inject-coder-mcp-tools bool, $CODER_AIBRIDGE_INJECT_CODER_MCP_TOOLS (default: false)
-          Whether to inject Coder's MCP tools into intercepted AI Bridge
-          requests (requires the "oauth2" and "mcp-server-http" experiments to
-          be enabled).
-
       --aibridge-anthropic-base-url string, $CODER_AIBRIDGE_ANTHROPIC_BASE_URL (default: https://api.anthropic.com/)
           The base URL of the Anthropic API.
 
@@ -111,9 +106,18 @@ AIBRIDGE OPTIONS:
           See
           https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
 
+      --aibridge-retention duration, $CODER_AIBRIDGE_RETENTION (default: 1440h)
+          Length of time to retain data such as interceptions and all related
+          records (token, prompt, tool use).
+
       --aibridge-enabled bool, $CODER_AIBRIDGE_ENABLED (default: false)
           Whether to start an in-memory aibridged instance.
 
+      --aibridge-inject-coder-mcp-tools bool, $CODER_AIBRIDGE_INJECT_CODER_MCP_TOOLS (default: false)
+          Whether to inject Coder's MCP tools into intercepted AIBridge requests
+          (requires the "oauth2" and "mcp-server-http" experiments to be
+          enabled).
+
       --aibridge-openai-base-url string, $CODER_AIBRIDGE_OPENAI_BASE_URL (default: https://api.openai.com/v1/)
           The base URL of the OpenAI API.
 
 
@@ -747,7 +747,11 @@ aibridge:
   # https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
   # (default: global.anthropic.claude-haiku-4-5-20251001-v1:0, type: string)
   bedrock_small_fast_model: global.anthropic.claude-haiku-4-5-20251001-v1:0
-  # Whether to inject Coder's MCP tools into intercepted AI Bridge requests
-  # (requires the "oauth2" and "mcp-server-http" experiments to be enabled).
+  # Whether to inject Coder's MCP tools into intercepted AIBridge requests (requires
+  # the "oauth2" and "mcp-server-http" experiments to be enabled).
   # (default: false, type: bool)
   inject_coder_mcp_tools: false
+  # Length of time to retain data such as interceptions and all related records
+  # (token, prompt, tool use).
+  # (default: 1440h, type: duration)
+  retention: 1440h0m0s
@@ -608,7 +608,7 @@ var (
 						policy.ActionReadPersonal, // Required to read users' external auth links. // TODO: this is too broad; reduce scope to just external_auth_links by creating separate resource.
 					},
 					rbac.ResourceApiKey.Type:               {policy.ActionRead}, // Validate API keys.
-					rbac.ResourceAibridgeInterception.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate},
+					rbac.ResourceAibridgeInterception.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
 				}),
 				User:    []rbac.Permission{},
 				ByOrgID: map[string]rbac.OrgPermissions{},
@@ -1723,6 +1723,13 @@ func (q *querier) DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx context.Contex
 	return q.db.DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx, arg)
 }
 
+func (q *querier) DeleteOldAIBridgeRecords(ctx context.Context, beforeTime time.Time) (int32, error) {
+	if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceAibridgeInterception); err != nil {
+		return -1, err
+	}
+	return q.db.DeleteOldAIBridgeRecords(ctx, beforeTime)
+}
+
 func (q *querier) DeleteOldAuditLogConnectionEvents(ctx context.Context, threshold database.DeleteOldAuditLogConnectionEventsParams) error {
 	// `ResourceSystem` is deprecated, but it doesn't make sense to add
 	// `policy.ActionDelete` to `ResourceAuditLog`, since this is the one and
 
@@ -4654,6 +4654,12 @@ func (s *MethodTestSuite) TestAIBridge() {
 		db.EXPECT().UpdateAIBridgeInterceptionEnded(gomock.Any(), params).Return(intc, nil).AnyTimes()
 		check.Args(params).Asserts(intc, policy.ActionUpdate).Returns(intc)
 	}))
+
+	s.Run("DeleteOldAIBridgeRecords", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
+		t := dbtime.Now()
+		db.EXPECT().DeleteOldAIBridgeRecords(gomock.Any(), t).Return(int32(0), nil).AnyTimes()
+		check.Args(t).Asserts(rbac.ResourceAibridgeInterception, policy.ActionDelete)
+	}))
 }
 
 func (s *MethodTestSuite) TestTelemetry() {
 
@@ -13,6 +13,7 @@ import (
 	"github.com/coder/coder/v2/coderd/database/dbauthz"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
 	"github.com/coder/coder/v2/coderd/pproflabel"
+	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/quartz"
 )
 
@@ -36,7 +37,7 @@ const (
 // It is the caller's responsibility to call Close on the returned instance.
 //
 // This is for cleaning up old, unused resources from the database that take up space.
-func New(ctx context.Context, logger slog.Logger, db database.Store, clk quartz.Clock) io.Closer {
+func New(ctx context.Context, logger slog.Logger, db database.Store, vals *codersdk.DeploymentValues, clk quartz.Clock) io.Closer {
 	closed := make(chan struct{})
 
 	ctx, cancelFunc := context.WithCancel(ctx)
@@ -90,6 +91,14 @@ func New(ctx context.Context, logger slog.Logger, db database.Store, clk quartz.
 				return xerrors.Errorf("failed to delete old audit log connection events: %w", err)
 			}
 
+			deleteAIBridgeRecordsBefore := start.Add(-vals.AI.BridgeConfig.Retention.Value())
+			// nolint:gocritic // Needs to run as aibridge context.
+			count, err := tx.DeleteOldAIBridgeRecords(dbauthz.AsAIBridged(ctx), deleteAIBridgeRecordsBefore)
+			if err != nil {
+				return xerrors.Errorf("failed to delete old aibridge records: %w", err)
+			}
+			logger.Debug(ctx, "purged aibridge entries", slog.F("count", count), slog.F("since", deleteAIBridgeRecordsBefore.Format(time.RFC3339)))
+
 			logger.Debug(ctx, "purged old database entries", slog.F("duration", clk.Since(start)))
 
 			return nil