Problem
The CLI populates CreateSessionRequest.user_id with the user's email/name, but the API completely ignores it — user identity is always derived from the OIDC bearer token.
This field is dead bytes on the wire and misleading in the proto definition (it implies the CLI controls user attribution, but it doesn't).
Options
- Remove from proto — delete the field, CLI stops sending it. Clean break.
- Keep as advisory — document that it's informational only, API may ignore it. Useful for logging/debugging but not authoritative.
Recommend option 1 — the bearer token is the source of truth and having a dead field invites confusion.
Problem
The CLI populates
CreateSessionRequest.user_idwith the user's email/name, but the API completely ignores it — user identity is always derived from the OIDC bearer token.This field is dead bytes on the wire and misleading in the proto definition (it implies the CLI controls user attribution, but it doesn't).
Options
Recommend option 1 — the bearer token is the source of truth and having a dead field invites confusion.