feat(sdk): scope permissions to routes for composite backends with sandbox default#2659
Merged
Nick Hollon (nick-hollon-lc) merged 1 commit intomainfrom Apr 10, 2026
Conversation
Nick Hollon (nick-hollon-lc)
requested a review
from Sydney Runkle (sydney-runkle)
github-actions
bot
added
deepagents
| assert len(tool_messages) == 1 | ||
| assert "permission denied" not in tool_messages[0].content | ||
|
|
||
| def test_permissions_outside_routes_still_raises_with_sandbox_default(self) -> None: |
Collaborator
There was a problem hiding this comment.
NICE
Sydney Runkle (sydney-runkle)
approved these changes
Apr 10, 2026
Collaborator
Sydney Runkle (sydney-runkle)
left a comment
Sydney Runkle (sydney-runkle)
left a comment
There was a problem hiding this comment.
BOOM
Eugene Yurtsev (eyurtsev)
approved these changes
Apr 10, 2026
Nick Hollon (nick-hollon-lc)
deleted the
nh/scope-permissions-to-route-for-composite
branch
Mason Daugherty (mdrxy)
added a commit
that referenced
this pull request
Apr 10, 2026
> [!CAUTION] > Merging this PR will automatically publish to **PyPI** and create a **GitHub release**. For the full release process, see [`.github/RELEASING.md`](https://github.com/langchain-ai/deepagents/blob/main/.github/RELEASING.md). --- _Everything below this line will be the GitHub release body._ --- ## [0.5.2](deepagents==0.5.1...deepagents==0.5.2) (2026-04-10) ### Features * Permissions system for filesystem access control ([#2633](#2633)) ([41dc759](41dc759)) * Scope permissions to routes for composite backends with sandbox default ([#2659](#2659)) ([6dd6122](6dd6122)) * Raise `ValueError` for permission paths without leading slash and path traversal ([#2665](#2665)) ([723d27d](723d27d)) * Implement `upload_files` for `StateBackend` ([#2661](#2661)) ([5798345](5798345)) ### Bug Fixes * Catch `PermissionError` in `FilesystemBackend` ripgrep ([#2571](#2571)) ([3d5d673](3d5d673)) --- _Everything above this line will be the GitHub release body._ --- > [!NOTE] > A **New Contributors** section is appended to the GitHub release notes automatically at publish time (see [Release Pipeline](https://github.com/langchain-ai/deepagents/blob/main/.github/RELEASING.md#release-pipeline), step 2). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mason Daugherty <github@mdrxy.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Previously,
_PermissionMiddlewareunconditionally rejected any backend that supported execution (SandboxBackendProtocol), even when permissions only targeted paths under composite backend routes that don't involve execution at all.This PR adds a check (
_all_paths_scoped_to_routes) so that when aCompositeBackendhas a sandbox default, permissions are allowed as long as every permission path is scoped under a known route prefix. Permissions that cover paths outside routes (hitting the sandbox default) still raiseNotImplementedError.Examples
Changes
permissions.py: Added_all_paths_scoped_to_routeshelper and refined the__init__guard to allow route-scoped permissions with sandbox defaultstest_end_to_end.py: AddedTestCompositeBackendPermissionsEndToEndwith 6 tests covering route-scoped allow/deny, wildcard rejection, mixed-path rejection, and multi-route scenarios