multi_agent_chat/permissions: persist 'always' decisions to trusted-tools list

Until now an "Always Allow" reply only updated the in-memory runtime ruleset, evaporating after the session ended. Persist it to the existing connector.config['trusted_tools'] list so the next session's fetch_user_allowlist_rulesets picks it up and the user is never asked again for the same (connector, tool) pair. - TrustedToolSaver + make_trusted_tool_saver(user_id) in user_tool_allowlist: opens its own session via async_session_maker per call, logs and swallows failures (in-memory promotion is the canonical "always" path, durable persistence is opportunistic). - PermissionMiddleware._process is now pure: returns (state_update, list[_AlwaysPromotion]). aafter_model awaits the saver for each promotion; after_model discards them. Promotions are only emitted for tools whose metadata exposes mcp_connector_id, so native tools and KB FS ops are correctly skipped. - main_agent factory builds the saver once per turn and stashes it in dependencies["trusted_tool_saver"]; pack_subagent and the KB middleware stack forward it through build_permission_mw. - Renamed pm._process(state, None) call sites in two existing tests to pm.after_model(state, None) so they exercise the public hook contract instead of the now-tuple-returning private method.
2026-05-19 18:45:15 +02:00 · 2026-05-15 14:07:08 +02:00 · 2026-05-15 14:07:08 +02:00 · 6671c91841
commit 6671c91841
parent a97d1548a6
9 changed files with 323 additions and 103 deletions
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/knowledge_base/middleware_stack.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/knowledge_base/middleware_stack.py
@ -93,7 +93,11 @@ def build_kb_middleware(
        user_allowlist = _kb_user_allowlist(dependencies, subagent_name)
        if user_allowlist is not None:
            rulesets.append(user_allowlist)
-        permission_mw = build_permission_mw(flags=flags, subagent_rulesets=rulesets)
+        permission_mw = build_permission_mw(
+            flags=flags,
+            subagent_rulesets=rulesets,
+            trusted_tool_saver=dependencies.get("trusted_tool_saver"),
+        )
    return [
        mws["todos"],
        build_kb_context_projection_mw(),
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/shared/subagent_builder.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/shared/subagent_builder.py
@ -74,7 +74,10 @@ def pack_subagent(
    if user_allowlist is not None:
        subagent_rulesets.append(user_allowlist)
    per_subagent_perm = build_permission_mw(
-        flags=flags, subagent_rulesets=subagent_rulesets, tools=tools
+        flags=flags,
+        subagent_rulesets=subagent_rulesets,
+        tools=tools,
+        trusted_tool_saver=dependencies.get("trusted_tool_saver"),
    )

    prepended: list[Any] = []