From 2bce2a2f55403f6fce88c110213230bf4a55757d Mon Sep 17 00:00:00 2001 From: CREDO23 Date: Sat, 2 May 2026 00:43:42 +0200 Subject: [PATCH] Remove obsolete main-agent connector permission helpers. --- .../main_agent/permissions/__init__.py | 13 ------ .../permissions/connector_deny_rules.py | 21 ---------- .../permissions/connector_gated_tool_names.py | 42 ------------------- .../main_agent/permissions/rule.py | 15 ------- 4 files changed, 91 deletions(-) delete mode 100644 surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/__init__.py delete mode 100644 surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_deny_rules.py delete mode 100644 surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_gated_tool_names.py delete mode 100644 surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/rule.py diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/__init__.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/__init__.py deleted file mode 100644 index bff255bb4..000000000 --- a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -"""Connector-gated tool deny rules and small permission helpers for the main-agent graph.""" - -from __future__ import annotations - -from .connector_deny_rules import synthesize_connector_deny_rules -from .connector_gated_tool_names import iter_connector_gated_tools -from .rule import Rule - -__all__ = [ - "Rule", - "iter_connector_gated_tools", - "synthesize_connector_deny_rules", -] diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_deny_rules.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_deny_rules.py deleted file mode 100644 index 2144fc7de..000000000 --- a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_deny_rules.py +++ /dev/null @@ -1,21 +0,0 @@ -"""Synthesized PermissionMiddleware deny rules for tools gated by connector.""" - -from __future__ import annotations - -from .connector_gated_tool_names import iter_connector_gated_tools -from .rule import Rule - - -def synthesize_connector_deny_rules( - *, - available_connectors: list[str] | None, - enabled_tool_names: set[str], -) -> list[Rule]: - available = set(available_connectors or []) - deny: list[Rule] = [] - for name, required in iter_connector_gated_tools(): - if name not in enabled_tool_names: - continue - if required not in available: - deny.append(Rule(permission=name, pattern="*", action="deny")) - return deny diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_gated_tool_names.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_gated_tool_names.py deleted file mode 100644 index 0b5b2bcd7..000000000 --- a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/connector_gated_tool_names.py +++ /dev/null @@ -1,42 +0,0 @@ -"""Tool name → required searchable connector type (keep in sync with new_chat ``BUILTIN_TOOLS``).""" - -from __future__ import annotations - -# Synced from ``app.agents.new_chat.tools.registry`` ToolDefinition.required_connector entries. -_CONNECTOR_GATED: tuple[tuple[str, str], ...] = ( - ("create_notion_page", "NOTION_CONNECTOR"), - ("update_notion_page", "NOTION_CONNECTOR"), - ("delete_notion_page", "NOTION_CONNECTOR"), - ("create_google_drive_file", "GOOGLE_DRIVE_FILE"), - ("delete_google_drive_file", "GOOGLE_DRIVE_FILE"), - ("create_dropbox_file", "DROPBOX_FILE"), - ("delete_dropbox_file", "DROPBOX_FILE"), - ("create_onedrive_file", "ONEDRIVE_FILE"), - ("delete_onedrive_file", "ONEDRIVE_FILE"), - ("search_calendar_events", "GOOGLE_CALENDAR_CONNECTOR"), - ("create_calendar_event", "GOOGLE_CALENDAR_CONNECTOR"), - ("update_calendar_event", "GOOGLE_CALENDAR_CONNECTOR"), - ("delete_calendar_event", "GOOGLE_CALENDAR_CONNECTOR"), - ("search_gmail", "GOOGLE_GMAIL_CONNECTOR"), - ("read_gmail_email", "GOOGLE_GMAIL_CONNECTOR"), - ("create_gmail_draft", "GOOGLE_GMAIL_CONNECTOR"), - ("send_gmail_email", "GOOGLE_GMAIL_CONNECTOR"), - ("trash_gmail_email", "GOOGLE_GMAIL_CONNECTOR"), - ("update_gmail_draft", "GOOGLE_GMAIL_CONNECTOR"), - ("create_confluence_page", "CONFLUENCE_CONNECTOR"), - ("update_confluence_page", "CONFLUENCE_CONNECTOR"), - ("delete_confluence_page", "CONFLUENCE_CONNECTOR"), - ("list_discord_channels", "DISCORD_CONNECTOR"), - ("read_discord_messages", "DISCORD_CONNECTOR"), - ("send_discord_message", "DISCORD_CONNECTOR"), - ("list_teams_channels", "TEAMS_CONNECTOR"), - ("read_teams_messages", "TEAMS_CONNECTOR"), - ("send_teams_message", "TEAMS_CONNECTOR"), - ("list_luma_events", "LUMA_CONNECTOR"), - ("read_luma_event", "LUMA_CONNECTOR"), - ("create_luma_event", "LUMA_CONNECTOR"), -) - - -def iter_connector_gated_tools() -> tuple[tuple[str, str], ...]: - return _CONNECTOR_GATED diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/rule.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/rule.py deleted file mode 100644 index b59e76083..000000000 --- a/surfsense_backend/app/agents/multi_agent_with_deepagents/main_agent/permissions/rule.py +++ /dev/null @@ -1,15 +0,0 @@ -"""Minimal permission rule type (mirrors OpenCode semantics used by PermissionMiddleware).""" - -from __future__ import annotations - -from dataclasses import dataclass -from typing import Literal - -RuleAction = Literal["allow", "deny", "ask"] - - -@dataclass(frozen=True) -class Rule: - permission: str - pattern: str - action: RuleAction