diff --git a/surfsense_backend/app/agents/new_chat/subagents/constants.py b/surfsense_backend/app/agents/new_chat/subagents/constants.py
new file mode 100644
index 000000000..ef5a33e22
--- /dev/null
+++ b/surfsense_backend/app/agents/new_chat/subagents/constants.py
@@ -0,0 +1,40 @@
+"""Shared constants for provider subagent safety policies."""
+
+from __future__ import annotations
+
+# Generic mutation-deny patterns for read-only specialist roles.
+WRITE_TOOL_DENY_PATTERNS: tuple[str, ...] = (
+    "*create*",
+    "*update*",
+    "*delete*",
+    "*send*",
+    "*write*",
+    "*edit*",
+    "*move*",
+    "*mkdir*",
+    "*upload*",
+    "edit_file",
+    "write_file",
+    "move_file",
+    "mkdir",
+    "update_memory",
+    "update_memory_team",
+    "update_memory_private",
+)
+
+# Tools that mutate virtual KB filesystem or parent/global chat state.
+# Provider specialists should not mutate these surfaces directly.
+NON_PROVIDER_STATE_MUTATION_DENY: frozenset[str] = frozenset(
+    {
+        # Exact tool names from shared deny patterns.
+        *{
+            name
+            for name in WRITE_TOOL_DENY_PATTERNS
+            if "*" not in name
+        },
+        # Additional non-provider state mutation controls.
+        "write_todos",
+        "task",
+    }
+)
+