[PR #449] [CLOSED] feat: add permissions system for filesystem access control #471

Closed
opened 2026-06-05 17:23:18 -04:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/langchain-ai/deepagentsjs/pull/449
Author: @open-swe[bot]
Created: 4/10/2026
Status: Closed

Base: mainHead: open-swe/8d89ab28-9b47-3a19-427b-aacfa4c5d099


📝 Commits (1)

  • 00d1f7b feat: add permissions system for filesystem access control

📊 Changes

7 files changed (+1240 additions, -12 deletions)

View changed files

📝 libs/deepagents/src/agent.ts (+16 -12)
📝 libs/deepagents/src/backends/composite.ts (+8 -0)
📝 libs/deepagents/src/index.ts (+5 -0)
📝 libs/deepagents/src/middleware/index.ts (+8 -0)
libs/deepagents/src/middleware/permissions.test.ts (+837 -0)
libs/deepagents/src/middleware/permissions.ts (+353 -0)
📝 libs/deepagents/src/types.ts (+13 -0)

📄 Description

Description

Ports three Python PRs (#2633, #2659, #2665) to JS: adds a FilesystemPermission system with createPermissionMiddleware that enforces path-level read/write rules via wrapToolCall. Includes pre-check (blocks denied tool calls) and post-filter (strips denied paths from ls/glob/grep results). Supports CompositeBackend route-scoped permissions with sandbox defaults, and validates permission paths at construction time (rejects relative paths, .. traversal, ~).

Test Plan

  • Verify 50 new permission tests pass (permissions.test.ts)
  • Verify existing agent, fs, composite, and middleware tests still pass

Opened collaboratively by Nick Hollon and open-swe.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/langchain-ai/deepagentsjs/pull/449 **Author:** [@open-swe[bot]](https://github.com/apps/open-swe) **Created:** 4/10/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `open-swe/8d89ab28-9b47-3a19-427b-aacfa4c5d099` --- ### 📝 Commits (1) - [`00d1f7b`](https://github.com/langchain-ai/deepagentsjs/commit/00d1f7b0db46c9e27b02c2c11215753307dc5769) feat: add permissions system for filesystem access control ### 📊 Changes **7 files changed** (+1240 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `libs/deepagents/src/agent.ts` (+16 -12) 📝 `libs/deepagents/src/backends/composite.ts` (+8 -0) 📝 `libs/deepagents/src/index.ts` (+5 -0) 📝 `libs/deepagents/src/middleware/index.ts` (+8 -0) ➕ `libs/deepagents/src/middleware/permissions.test.ts` (+837 -0) ➕ `libs/deepagents/src/middleware/permissions.ts` (+353 -0) 📝 `libs/deepagents/src/types.ts` (+13 -0) </details> ### 📄 Description ## Description Ports three Python PRs (#2633, #2659, #2665) to JS: adds a `FilesystemPermission` system with `createPermissionMiddleware` that enforces path-level read/write rules via `wrapToolCall`. Includes pre-check (blocks denied tool calls) and post-filter (strips denied paths from ls/glob/grep results). Supports CompositeBackend route-scoped permissions with sandbox defaults, and validates permission paths at construction time (rejects relative paths, `..` traversal, `~`). ## Test Plan - [ ] Verify 50 new permission tests pass (`permissions.test.ts`) - [ ] Verify existing agent, fs, composite, and middleware tests still pass _Opened collaboratively by Nick Hollon and open-swe._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-06-05 17:23:18 -04:00
yindo closed this issue 2026-06-05 17:23:18 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: langchain-ai/deepagentsjs#471