Add permissions for agents

Author: tomusher

README.md

@@ -10,7 +10,6 @@ Django AI Core provides core functionality for interacting with LLMs in your Dja
     -   Logging for LLM requests
     -   Async/streaming support
 -   Agents:
-    -   Auth wrappers
     -   Rate limiting
     -   Streaming responses
 -   Index:

docs/modules/agents/permissions.md

@@ -0,0 +1,150 @@
+# Agent Permissions
+
+The Agent Permissions system allows you to control who can execute specific agents in your application. You can use the built-in permissions or create your own custom permission logic.
+
+## Overview
+
+By default, agents are accessible to all users. To restrict access, you can add a `permission` to your agent class.
+
+This permission will be checked before the agent can be accessed through the automatically generated view. The permission is not checked when executing `execute` on the agent manually in code.
+
+## Built-in Permissions
+
+### AllowAny
+
+Allows all requests (this is the default behavior if no permission is specified).
+
+```python
+from django_ai_core.contrib.agents import Agent
+from django_ai_core.contrib.agents.permissions import AllowAny
+
+class MyAgent(Agent):
+    slug = "my-agent"
+    permission = AllowAny()
+
+    def execute(self):
+        return "Hello!"
+```
+
+### IsAuthenticated
+
+Requires the user to be authenticated.
+
+```python
+from django_ai_core.contrib.agents import Agent
+from django_ai_core.contrib.agents.permissions import IsAuthenticated
+
+class SecureAgent(Agent):
+    slug = "secure-agent"
+    description = "Agent that requires authentication"
+    permission = IsAuthenticated()
+    parameters = []
+
+    def execute(self):
+        return "You are authenticated!"
+```
+
+### DjangoPermission
+
+Uses Django's built-in permission system to check for a specific permission. The permission should be in the format `'app_label.permission_codename'`.
+
+```python
+from django_ai_core.contrib.agents import Agent
+from django_ai_core.contrib.agents.permissions import DjangoPermission
+
+class AdminAgent(Agent):
+    slug = "admin-agent"
+    description = "Agent requiring admin permission"
+    permission = DjangoPermission("myapp.can_use_admin_agent")
+    parameters = []
+
+    def execute(self):
+        return "Admin access granted!"
+```
+
+### CompositePermission
+
+Combines multiple permissions with AND or OR logic.
+
+```python
+from django_ai_core.contrib.agents import Agent
+from django_ai_core.contrib.agents.permissions import (
+    CompositePermission,
+    IsAuthenticated,
+    DjangoPermission,
+)
+
+class SuperSecureAgent(Agent):
+    slug = "super-secure-agent"
+    description = "Agent with multiple permission requirements"
+    permission = CompositePermission(
+        [
+            IsAuthenticated(),
+            DjangoPermission("myapp.can_use_secure_features")
+        ],
+        require_all=True  # All permissions must pass (logical AND)
+    )
+    parameters = []
+
+    def execute(self):
+        return "Super secure data!"
+
+class FlexibleAgent(Agent):
+    slug = "flexible-agent"
+    description = "Agent with flexible permission requirements"
+    permission = CompositePermission(
+        [
+            DjangoPermission("myapp.admin_access"),
+            DjangoPermission("myapp.power_user")
+        ],
+        require_all=False  # Any permission can pass (logical OR)
+    )
+    parameters = []
+
+    def execute(self):
+        return "Flexible access!"
+```
+
+## Creating Custom Permissions
+
+You can create your own permissions by subclassing `BasePermission`:
+
+```python
+from django_ai_core.contrib.agents import Agent
+from django_ai_core.contrib.agents.permissions import BasePermission
+
+class IPAllowlist(BasePermission):
+    """Only allow requests from specific IP addresses."""
+
+    def __init__(self, allowed_ips):
+        self.allowed_ips = allowed_ips
+
+    def has_permission(self, request, agent_slug, **kwargs):
+        client_ip = request.META.get('REMOTE_ADDR')
+        return client_ip in self.allowed_ips
+
+    def get_permission_denied_message(self, request, agent_slug):
+        return f"Your IP address is not authorized to execute '{agent_slug}'"
+
+class RestrictedAgent(Agent):
+    slug = "restricted-agent"
+    description = "Agent only accessible from specific IPs"
+    permission = IPAllowlist(['192.168.1.100', '10.0.0.5'])
+    parameters = []
+
+    def execute(self):
+        return "Access granted from allowlisted IP!"
+```
+
+## Permission Denied Responses
+
+When a permission check fails, the agent execution view returns a 403 Forbidden response:
+
+```json
+{
+    "error": "You do not have permission to execute agent 'my-agent'",
+    "code": "permission_denied"
+}
+```
+
+You can customize this message by overriding the `get_permission_denied_message()` method in your permission class.

src/django_ai_core/contrib/agents/base.py

@@ -6,12 +6,15 @@
 from django.core.validators import validate_slug
 from django.core.exceptions import ValidationError
 
+from .permissions import BasePermission
+
 
 @dataclass
 class AgentParameter:
     name: str
     type: type
     description: str
+    permission = BasePermission | None
 
     def as_dict(self):
         return {

src/django_ai_core/contrib/agents/permissions.py

@@ -0,0 +1,136 @@
+from abc import ABC, abstractmethod
+
+from django.contrib.auth.models import AnonymousUser
+from django.http import HttpRequest
+
+
+class BasePermission(ABC):
+    """
+    Base class for implementing custom permission checks on agents.
+
+    Subclass this to create your own permission logic for controlling
+    who can execute agents in your application.
+    """
+
+    @abstractmethod
+    def has_permission(self, request: HttpRequest, agent_slug: str, **kwargs) -> bool:
+        """
+        Check if the request has permission to execute the agent.
+
+        Args:
+            request: The Django HTTP request object
+            agent_slug: The slug of the agent being executed
+            **kwargs: Additional context that may be useful for permission checks
+
+        Returns:
+            bool: True if permission is granted, False otherwise
+        """
+        pass
+
+    def get_permission_denied_message(
+        self, request: HttpRequest, agent_slug: str
+    ) -> str:
+        """
+        Return a custom message when permission is denied.
+
+        Override this method to provide specific error messages.
+
+        Args:
+            request: The Django HTTP request object
+            agent_slug: The slug of the agent being executed
+
+        Returns:
+            str: The permission denied message
+        """
+        return f"You do not have permission to execute agent '{agent_slug}'"
+
+
+class AllowAny(BasePermission):
+    """
+    Permission that allows all requests.
+
+    This is the default behavior if no permission is specified.
+    """
+
+    def has_permission(self, request: HttpRequest, agent_slug: str, **kwargs) -> bool:
+        return True
+
+
+class IsAuthenticated(BasePermission):
+    """
+    Permission that requires the user to be authenticated.
+    """
+
+    def has_permission(self, request: HttpRequest, agent_slug: str, **kwargs) -> bool:
+        return bool(request.user and request.user.is_authenticated)
+
+    def get_permission_denied_message(
+        self, request: HttpRequest, agent_slug: str
+    ) -> str:
+        return "Authentication required to execute this agent"
+
+
+class DjangoPermission(BasePermission):
+    """
+    Permission that uses Django's built-in permission system.
+
+    This checks for a specific Django permission before allowing agent execution.
+    The permission should be in the format 'app_label.permission_codename'.
+
+    Args:
+        permission: The Django permission string (e.g., 'myapp.can_use_agent')
+    """
+
+    def __init__(self, permission: str):
+        if "." not in permission:
+            raise ValueError(
+                "Permission must be in format 'app_label.permission_codename', "
+                f"got '{permission}'"
+            )
+        self.permission = permission
+
+    def has_permission(self, request: HttpRequest, agent_slug: str, **kwargs) -> bool:
+        if not request.user or isinstance(request.user, AnonymousUser):
+            return False
+        return request.user.has_perm(self.permission)
+
+    def get_permission_denied_message(
+        self, request: HttpRequest, agent_slug: str
+    ) -> str:
+        return f"You do not have the required permission '{self.permission}' to execute agent '{agent_slug}'"
+
+
+class CompositePermission(BasePermission):
+    """
+    Permission that combines multiple permissions
+
+    Args:
+        permissions: List of permissions
+        require_all: If True, all permissions must pass. If False, any permission can pass.
+    """
+
+    def __init__(self, permissions: list[BasePermission], require_all: bool = True):
+        if not permissions:
+            raise ValueError("At least one permission must be provided")
+        self.permissions = permissions
+        self.require_all = require_all
+
+    def has_permission(self, request: HttpRequest, agent_slug: str, **kwargs) -> bool:
+        if self.require_all:
+            return all(
+                permission.has_permission(request, agent_slug, **kwargs)
+                for permission in self.permissions
+            )
+        else:
+            return any(
+                permission.has_permission(request, agent_slug, **kwargs)
+                for permission in self.permissions
+            )
+
+    def get_permission_denied_message(
+        self, request: HttpRequest, agent_slug: str
+    ) -> str:
+        for permission in self.permissions:
+            if not permission.has_permission(request, agent_slug):
+                return permission.get_permission_denied_message(request, agent_slug)
+        return f"You do not have permission to execute agent '{agent_slug}'"

src/django_ai_core/contrib/agents/views.py

@@ -7,6 +7,7 @@
 from django.utils.decorators import method_decorator
 
 from . import registry, Agent
+from .permissions import AllowAny
 
 
 class AgentExecutionException(Exception):
@@ -73,6 +74,18 @@ def post(self, request):
                 status=404,
             )
 
+        permission = getattr(agent, "permission", None) or AllowAny()
+        if not permission.has_permission(request, self.agent_slug):
+            return JsonResponse(
+                {
+                    "error": permission.get_permission_denied_message(
+                        request, self.agent_slug
+                    ),
+                    "code": "permission_denied",
+                },
+                status=403,
+            )
+
         result = self._execute_agent(agent, data["arguments"])
 
         return JsonResponse({"status": "completed", "data": result})