refactor(agents): move permissions to app/agents/shared (slice 4a)

Relocate the permission evaluator (wildcard matcher + rule evaluation) to the shared kernel and flip 43 non-frozen importers. A re-export shim remains at new_chat/permissions.py for the frozen single-agent stack (chat_deepagent and subagents/{config,providers/linear,providers/slack}); it will be removed when that stack is retired.
2026-06-06 20:15:17 +02:00 · 2026-06-04 12:38:30 +02:00 · 2026-06-04 12:38:30 +02:00 · 8fca2753aa
commit 8fca2753aa
parent 3efe51e6ec
45 changed files with 260 additions and 231 deletions
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/ask/payload.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/ask/payload.py
@ -13,7 +13,7 @@ from app.agents.multi_agent_chat.subagents.shared.hitl.wire import (
    SURFSENSE_DECISION_APPROVE_ALWAYS,
    build_lc_hitl_payload,
 )
-from app.agents.new_chat.permissions import Rule
+from app.agents.shared.permissions import Rule

 PERMISSION_ASK_INTERRUPT_TYPE = "permission_ask"

--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/ask/request.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/ask/request.py
@ -16,7 +16,7 @@ from typing import Any
 from langchain_core.tools import BaseTool
 from langgraph.types import interrupt

-from app.agents.new_chat.permissions import Rule
+from app.agents.shared.permissions import Rule
 from app.observability import metrics as ot_metrics, otel as ot

 from .decision import normalize_permission_decision
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/deny.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/deny.py
@ -12,7 +12,7 @@ from typing import Any
 from langchain_core.messages import ToolMessage

 from app.agents.shared.errors import StreamingError
-from app.agents.new_chat.permissions import Rule
+from app.agents.shared.permissions import Rule


 def build_deny_message(tool_call: dict[str, Any], rule: Rule) -> ToolMessage:
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/core.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/core.py
@ -27,7 +27,7 @@ from langchain_core.tools import BaseTool
 from langgraph.runtime import Runtime

 from app.agents.shared.errors import CorrectedError, RejectedError
-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset
 from app.services.user_tool_allowlist import TrustedToolSaver

 from ..ask.edit import merge_edited_args
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/evaluation.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/evaluation.py
@ -16,7 +16,7 @@ from __future__ import annotations
 import logging
 from typing import Any

-from app.agents.new_chat.permissions import (
+from app.agents.shared.permissions import (
    Rule,
    RuleAction,
    Ruleset,
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/factory.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/factory.py
@ -28,7 +28,7 @@ from collections.abc import Sequence
 from langchain_core.tools import BaseTool

 from app.agents.shared.feature_flags import AgentFeatureFlags
-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset
 from app.services.user_tool_allowlist import TrustedToolSaver

 from .core import PermissionMiddleware
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/ruleset_view.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/ruleset_view.py
@ -9,7 +9,7 @@ newly-promoted rules apply to subsequent calls.

 from __future__ import annotations

-from app.agents.new_chat.permissions import Ruleset, aggregate_action, evaluate_many
+from app.agents.shared.permissions import Ruleset, aggregate_action, evaluate_many


 def all_rulesets(
--- a/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/runtime_promote.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/middleware/shared/permissions/middleware/runtime_promote.py
@ -7,7 +7,7 @@ is the streaming layer's job — this module keeps the in-memory copy only.

 from __future__ import annotations

-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset


 def persist_always(