diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/__init__.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/__init__.py new file mode 100644 index 000000000..2d0341fb7 --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/__init__.py @@ -0,0 +1,23 @@ +"""Bundled MCP allow/ask name rows per connector agent (MCP-backed routes only).""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolsPermissions, +) + +from .airtable import TOOLS_PERMISSIONS as _AIRTABLE +from .clickup import TOOLS_PERMISSIONS as _CLICKUP +from .jira import TOOLS_PERMISSIONS as _JIRA +from .linear import TOOLS_PERMISSIONS as _LINEAR +from .slack import TOOLS_PERMISSIONS as _SLACK + +TOOLS_PERMISSIONS_BY_AGENT: dict[str, ToolsPermissions] = { + "airtable": _AIRTABLE, + "clickup": _CLICKUP, + "jira": _JIRA, + "linear": _LINEAR, + "slack": _SLACK, +} + +__all__ = ["TOOLS_PERMISSIONS_BY_AGENT"] diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/airtable.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/airtable.py new file mode 100644 index 000000000..ec252a6ae --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/airtable.py @@ -0,0 +1,16 @@ +"""Airtable MCP: which server tool names are allow vs ask.""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolsPermissions, +) + +TOOLS_PERMISSIONS: ToolsPermissions = { + "allow": [ + {"name": "list_bases"}, + {"name": "list_tables_for_base"}, + {"name": "list_records_for_table"}, + ], + "ask": [], +} diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/clickup.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/clickup.py new file mode 100644 index 000000000..2eb00eec9 --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/clickup.py @@ -0,0 +1,15 @@ +"""ClickUp MCP: which server tool names are allow vs ask.""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolsPermissions, +) + +TOOLS_PERMISSIONS: ToolsPermissions = { + "allow": [ + {"name": "clickup_search"}, + {"name": "clickup_get_task"}, + ], + "ask": [], +} diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/index.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/index.py new file mode 100644 index 000000000..e8340abe5 --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/index.py @@ -0,0 +1,10 @@ +"""Re-exports permission row types for MCP policy modules.""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolPermissionItem, + ToolsPermissions, +) + +__all__ = ["ToolPermissionItem", "ToolsPermissions"] diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/jira.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/jira.py new file mode 100644 index 000000000..93b57823e --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/jira.py @@ -0,0 +1,20 @@ +"""Jira MCP: which server tool names are allow vs ask.""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolsPermissions, +) + +TOOLS_PERMISSIONS: ToolsPermissions = { + "allow": [ + {"name": "getAccessibleAtlassianResources"}, + {"name": "searchJiraIssuesUsingJql"}, + {"name": "getVisibleJiraProjects"}, + {"name": "getJiraProjectIssueTypesMetadata"}, + ], + "ask": [ + {"name": "createJiraIssue"}, + {"name": "editJiraIssue"}, + ], +} diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/linear.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/linear.py new file mode 100644 index 000000000..25c37494a --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/linear.py @@ -0,0 +1,32 @@ +"""Linear MCP: which server tool names are allow vs ask.""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolsPermissions, +) + +_TOOLS_ALLOW = ( + "list_issues", + "get_issue", + "list_my_issues", + "list_issue_statuses", + "list_issue_labels", + "list_comments", + "list_users", + "get_user", + "list_teams", + "get_team", + "list_projects", + "get_project", + "list_project_labels", + "list_cycles", + "list_documents", + "get_document", + "search_documentation", +) + +TOOLS_PERMISSIONS: ToolsPermissions = { + "allow": [{"name": n} for n in _TOOLS_ALLOW], + "ask": [{"name": "save_issue"}], +} diff --git a/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/slack.py b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/slack.py new file mode 100644 index 000000000..bd5454523 --- /dev/null +++ b/surfsense_backend/app/agents/multi_agent_with_deepagents/subagents/mcp_tools/permissions/slack.py @@ -0,0 +1,16 @@ +"""Slack MCP: which server tool names are allow vs ask.""" + +from __future__ import annotations + +from app.agents.multi_agent_with_deepagents.subagents.shared.permissions import ( + ToolsPermissions, +) + +TOOLS_PERMISSIONS: ToolsPermissions = { + "allow": [ + {"name": "slack_search_channels"}, + {"name": "slack_read_channel"}, + {"name": "slack_read_thread"}, + ], + "ask": [], +}