From 5b16f317028ea3f7efb5fec1d254efb907b5a1f1 Mon Sep 17 00:00:00 2001
From: Moris Chao <hata1234@gmail.com>
Date: Fri, 10 Apr 2026 11:02:23 +0800
Subject: [PATCH] feat(plugins): pass sender_id to pre_llm_call hook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The pre_llm_call plugin hook receives session_id, user_message,
conversation_history, is_first_turn, model, and platform — but not
the sender's user_id. This means plugins cannot perform per-user
access control (e.g. restricting knowledge base recall to authorized
users).

The gateway already passes source.user_id as user_id to AIAgent,
which stores it in self._user_id. This change forwards it as
sender_id in the pre_llm_call kwargs so plugins can use it for
ACL decisions.

For CLI sessions where no user_id exists, sender_id defaults to
empty string. Plugins can treat empty sender_id as a trusted local
call (the owner is at the terminal) or deny it depending on their
ACL policy.
---
 run_agent.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/run_agent.py b/run_agent.py
index 3d0c0d338..428154197 100644
--- a/run_agent.py
+++ b/run_agent.py
@@ -7629,6 +7629,7 @@ class AIAgent:
                 is_first_turn=(not bool(conversation_history)),
                 model=self.model,
                 platform=getattr(self, "platform", None) or "",
+                sender_id=getattr(self, "_user_id", None) or "",
             )
             _ctx_parts: list[str] = []
             for r in _pre_results: