refactor(agents): move permissions to app/agents/shared (slice 4a)

Relocate the permission evaluator (wildcard matcher + rule evaluation) to the shared kernel and flip 43 non-frozen importers. A re-export shim remains at new_chat/permissions.py for the frozen single-agent stack (chat_deepagent and subagents/{config,providers/linear,providers/slack}); it will be removed when that stack is retired.
2026-06-08 20:25:19 +02:00 · 2026-06-04 12:38:30 +02:00 · 2026-06-04 12:38:30 +02:00 · 8fca2753aa
commit 8fca2753aa
parent 3efe51e6ec
45 changed files with 260 additions and 231 deletions
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/deliverables/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/deliverables/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .generate_image import create_generate_image_tool
 from .podcast import create_generate_podcast_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/knowledge_base/agent.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/knowledge_base/agent.py
@ -15,7 +15,7 @@ from langchain_core.tools import BaseTool

 from app.agents.multi_agent_chat.subagents.shared.spec import SurfSenseSubagentSpec
 from app.agents.shared.filesystem_selection import FilesystemMode
-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset

 from .middleware_stack import build_kb_middleware
 from .prompts import load_description, load_readonly_system_prompt, load_system_prompt
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/knowledge_base/middleware_stack.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/knowledge_base/middleware_stack.py
@ -30,7 +30,7 @@ from app.agents.multi_agent_chat.middleware.shared.permissions import (
 )
 from app.agents.shared.feature_flags import AgentFeatureFlags
 from app.agents.shared.filesystem_selection import FilesystemMode
-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset


 def _kb_user_allowlist(
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/memory/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/memory/tools/index.py
@ -6,7 +6,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset
 from app.db import ChatVisibility

 from .update_memory import create_update_memory_tool, create_update_team_memory_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/research/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/builtins/research/tools/index.py
@ -6,7 +6,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .scrape_webpage import create_scrape_webpage_tool
 from .web_search import create_web_search_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/airtable/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/airtable/tools/index.py
@ -2,7 +2,7 @@

 from __future__ import annotations

-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset

 NAME = "airtable"

--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/calendar/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/calendar/tools/index.py
@ -10,7 +10,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_event import create_create_calendar_event_tool
 from .delete_event import create_delete_calendar_event_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/clickup/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/clickup/tools/index.py
@ -2,7 +2,7 @@

 from __future__ import annotations

-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset

 NAME = "clickup"

--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/confluence/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/confluence/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_page import create_create_confluence_page_tool
 from .delete_page import create_delete_confluence_page_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/discord/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/discord/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .list_channels import create_list_discord_channels_tool
 from .read_messages import create_read_discord_messages_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/dropbox/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/dropbox/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_file import create_create_dropbox_file_tool
 from .trash_file import create_delete_dropbox_file_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/gmail/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/gmail/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_draft import create_create_gmail_draft_tool
 from .read_email import create_read_gmail_email_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/google_drive/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/google_drive/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_file import create_create_google_drive_file_tool
 from .trash_file import create_delete_google_drive_file_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/jira/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/jira/tools/index.py
@ -2,7 +2,7 @@

 from __future__ import annotations

-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset

 NAME = "jira"

--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/linear/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/linear/tools/index.py
@ -2,7 +2,7 @@

 from __future__ import annotations

-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset

 NAME = "linear"

--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/luma/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/luma/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_event import create_create_luma_event_tool
 from .list_events import create_list_luma_events_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/notion/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/notion/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_page import create_create_notion_page_tool
 from .delete_page import create_delete_notion_page_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/onedrive/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/onedrive/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .create_file import create_create_onedrive_file_tool
 from .trash_file import create_delete_onedrive_file_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/slack/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/slack/tools/index.py
@ -2,7 +2,7 @@

 from __future__ import annotations

-from app.agents.new_chat.permissions import Rule, Ruleset
+from app.agents.shared.permissions import Rule, Ruleset

 NAME = "slack"

--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/teams/tools/index.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/connectors/teams/tools/index.py
@ -9,7 +9,7 @@ from typing import Any

 from langchain_core.tools import BaseTool

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 from .list_channels import create_list_teams_channels_tool
 from .read_messages import create_read_teams_messages_tool
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/shared/spec.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/shared/spec.py
@ -8,7 +8,7 @@ from typing import Any

 from deepagents import SubAgent

-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 # A context-hint provider receives the parent-agent ``runtime.state`` mapping
 # and the ``description`` the orchestrator wrote, and returns a short string
--- a/surfsense_backend/app/agents/multi_agent_chat/subagents/shared/subagent_builder.py
+++ b/surfsense_backend/app/agents/multi_agent_chat/subagents/shared/subagent_builder.py
@ -22,7 +22,7 @@ from app.agents.multi_agent_chat.subagents.shared.spec import (
    ContextHintProvider,
    SurfSenseSubagentSpec,
 )
-from app.agents.new_chat.permissions import Ruleset
+from app.agents.shared.permissions import Ruleset

 logger = logging.getLogger(__name__)