feat: workflow agent node permissions tab#16092
Merged
abdulrahmancodes merged 56 commits intomainfrom Nov 27, 2025
Merged
Conversation
- Introduced `WorkflowAiAgentPermissionsTab` and `WorkflowAiAgentPromptTab` components for managing AI agent settings. - Updated `WorkflowEditActionAiAgent` to include tab navigation between prompt and permissions. - Added constants for tab identifiers in `WorkflowAiAgentTabs` and component ID in `WorkflowAiAgentTabListComponentId`. - Enhanced UI with styled tab list for better user experience.
- Introduced a new component `WorkflowAiAgentPermissionsTab1` for managing AI agent permissions. - Implemented a user interface with styled components for displaying and selecting object permissions. - Integrated search functionality and CRUD permission options for enhanced user experience.
- Added an optional `className` prop to the `WorkflowStepBody` component for improved styling flexibility. - Updated the component to apply the `className` to the styled container, allowing for better customization in various contexts.
- Introduced several new components for managing AI agent permissions, including `WorkflowAiAgentPermissionsTab`, `WorkflowAiAgentPermissionsCrudList`, `WorkflowAiAgentPermissionsObjectsList`, `WorkflowAiAgentPermissionsObjectRow`, and `WorkflowAiAgentPermissionsPermissionRow`. - Implemented styled components for improved UI consistency and user experience. - Added functionality for displaying, adding, and deleting permissions, along with a search feature for object metadata. - Enhanced the overall structure and organization of the permissions management interface.
- Refactored the `WorkflowEditActionAiAgent` component to integrate role-based permissions management. - Added state management for permissions tab view modes and implemented role detail navigation. - Enhanced footer actions based on the current tab and permissions state, improving user interaction. - Updated styling for the permissions step body for better UI consistency.
- Replaced local state management with Recoil for view mode in `WorkflowAiAgentPermissionsTab`. - Removed unnecessary props and functions related to view mode change. - Introduced a new state file for managing permissions view modes, enhancing code organization and maintainability. - Updated related components to utilize the new state management approach, improving overall functionality.
…ment - Integrated snackbar notifications for user feedback on permission updates. - Simplified permission handling logic by consolidating permission updates into a single object. - Improved state management for view modes and object permissions, enhancing code clarity and maintainability. - Updated UI interactions for better user experience when managing permissions.
- Deleted the `workflowAiAgentPermissionsViewModeComponentState.ts` file as part of the ongoing refactor for permission management. - This change simplifies the state management by removing unused state definitions, contributing to improved code clarity and maintainability.
- Added `showDeleteButton` and `alwaysShowGranted` props to `WorkflowAiAgentPermissionsPermissionRow` for improved permission display logic. - Updated `WorkflowAiAgentPermissionsCrudList` to utilize the new props, enhancing user interaction by controlling the visibility of delete actions and permission states. - Improved code clarity and maintainability by refining component interfaces.
- Replaced the view mode state management in `WorkflowAiAgentPermissionsTab` with new Recoil states for selected object ID and adding permissions, enhancing clarity and maintainability. - Introduced a new hook, `useResetWorkflowAiAgentPermissionsStateOnCommandMenuClose`, to reset permissions state when the command menu closes, improving user experience. - Updated `WorkflowEditActionAiAgent` to utilize the new permissions state management, streamlining the component's logic and interactions. - Removed the obsolete `workflowAiAgentPermissionsViewModeFamilyState` to simplify state management.
…onsTab - Introduced a new constant, `CRUD_PERMISSION_ORDER`, to define the order of CRUD permissions for better organization. - Updated the existing permissions handling to sort permissions based on the defined order and object label, enhancing clarity in the permissions display. - Removed redundant comments and improved code readability by streamlining the permissions mapping logic.
- Introduced a new Recoil state, `workflowAiAgentActionAgentState`, to manage agent data more effectively within the `WorkflowAiAgentPermissionsTab` and `WorkflowEditActionAiAgent` components. - Updated the `useResetWorkflowAiAgentPermissionsStateOnCommandMenuClose` hook to reset the agent state upon closing the command menu, improving state management consistency. - Replaced direct queries for agent data with Recoil state management, streamlining data handling and enhancing performance. - Adjusted the loading state handling in `WorkflowAiAgentPermissionsTab` to utilize the new agent loading state, improving user experience during data fetching.
- Removed the redundant `hasAnyPermission` check, streamlining the logic for adding object permissions. - Directly pushed updated permissions to `allObjectPermissions`, enhancing code clarity and maintainability. - Improved overall readability by reducing unnecessary conditional statements in the permissions management logic.
…ion and Code Clarity - Replaced hardcoded "CRUD" label with localized string using Lingui for better internationalization support. - Removed the unused `onDeletePermission` prop from `WorkflowAiAgentPermissionsCrudList` to simplify the component interface. - Streamlined the `onAdd` function for adding permissions, enhancing code readability.
…Handling - Introduced the new `WorkflowAiAgentPermissionList` component to encapsulate the logic for displaying and managing permissions. - Refactored `WorkflowAiAgentPermissionsTab` to utilize the new component, simplifying the permissions display and enhancing code clarity. - Removed redundant permission handling logic from `WorkflowAiAgentPermissionsTab`, improving maintainability and readability. - Added a new constants file for CRUD permissions to streamline permission management across components.
… code clarity and maintainability.
…ntPermissionActions Hook - Refactored `WorkflowAiAgentPermissionsTab` to utilize the new `useWorkflowAiAgentPermissionActions` hook, streamlining permission management logic. - Removed redundant permission handling code from `WorkflowAiAgentPermissionsTab`, enhancing clarity and maintainability. - Consolidated permission addition and deletion logic within the new hook, improving code organization and readability. - Updated imports and cleaned up unused variables to further enhance code quality.
- Introduced `useActionRolePermissionFlagConfig` and `useSettingsRolePermissionFlagConfig` hooks to manage role-based permissions for actions and settings. - Each hook returns a filtered list of permissions based on feature flags, enhancing modularity and reusability. - Integrated icons and localized descriptions for improved user experience and clarity in permission management.
… Management - Added functionality to handle permission flags within the `useWorkflowAiAgentPermissionActions` hook, including methods for adding and deleting permission flags. - Integrated new hooks for role permission flag configuration to streamline permission management. - Improved code organization by utilizing `useMemo` for permission flag label mapping, enhancing performance and readability. - Updated the hook's parameters to include permission flag keys, allowing for more flexible permission handling.
…FlagRow Components - Introduced `WorkflowAiAgentPermissionsFlagList` and `WorkflowAiAgentPermissionsFlagRow` components to manage and display permission flags within the AI agent workflow. - Enhanced `StyledRow` in `WorkflowAiAgentPermissions.styles.ts` to support disabled states, improving user experience by visually indicating interactivity. - Updated `WorkflowAiAgentPermissionsTab` to integrate the new flag list components, allowing for better organization and management of settings and action permissions. - Refactored permission handling logic to utilize the new components, enhancing code clarity and maintainability.
- Replaced direct permission handling logic in `SettingsRolePermissionsSettingsSection` and `SettingsRolePermissionsToolSection` with the new `useSettingsRolePermissionFlagConfig` and `useActionRolePermissionFlagConfig` hooks for improved modularity and reusability. - Removed unused imports and redundant code, enhancing clarity and maintainability. - Streamlined the configuration of settings and action permissions, improving overall code organization.
…for Improved Logic and Readability - Simplified permission handling logic in `WorkflowAiAgentPermissionsTab` by introducing new boolean flags for better readability and maintainability. - Enhanced conditional rendering for displaying permission lists and CRUD operations based on the agent's state. - Removed unnecessary console log from `WorkflowEditActionAiAgent`, cleaning up the code. - Improved overall code organization and clarity by consolidating related logic into descriptive variables.
…issionFlagConfig Hook - Cleaned up imports in `SettingsRolePermissionsSettingsSection` by removing unnecessary lines for improved clarity. - Removed an empty line in `useActionRolePermissionFlagConfig` to enhance code cleanliness. - These changes contribute to better organization and maintainability of the codebase.
…Tab for Improved Logic and Clarity - Simplified the rendering logic in `WorkflowAiAgentPermissionList` by consolidating the display of permissions into a single list, enhancing readability. - Introduced a new utility function `filterBySearchQuery` in `WorkflowAiAgentPermissionsTab` to streamline the filtering of permissions and object metadata based on search queries. - Improved overall code organization and maintainability by removing redundant filtering logic and utilizing the new utility function for better clarity.
- Replaced the Button component with CmdEnterActionButton for improved user interaction in the footer actions. - Simplified the logic for rendering footer actions based on the current tab and permission state, enhancing clarity and maintainability. - Removed unnecessary code and imports to streamline the component structure.
- Deleted the `WorkflowAiAgentPermissionsTab1` component to improve code organization and reduce complexity. - This removal contributes to a cleaner structure by eliminating unused files and enhancing maintainability.
Contributor
|
🚀 Preview Environment Ready! Your preview environment is available at: http://bore.pub:33548 This environment will automatically shut down when the PR is closed or after 5 hours. |
- Introduced a new method in `AgentRoleService` to delete agent-only roles if they are not assigned elsewhere, enhancing role management. - Integrated this logic into `WorkflowVersionStepOperationsWorkspaceService` to ensure roles are cleaned up when agents are deleted. - Updated module imports to include necessary entities for role management, improving overall functionality and maintainability. - Added tests to verify the new role deletion logic, ensuring robustness and correctness in workflow operations.
…issionsTab - Introduced a new utility function `getFilteredPermissions` to streamline the filtering of permissions based on search queries and enabled status. - Updated `WorkflowAiAgentPermissionsTab` to utilize this new function, reducing redundancy and improving code clarity. - Enhanced overall maintainability by consolidating permission filtering logic into a dedicated utility.
- Adjusted the formatting of import statements in `agent-role.service.ts` for better readability. - This change enhances the overall organization of the code, contributing to improved maintainability.
- Simplified the logic for displaying the CRUD list by removing the dependency on the `workflowAiAgentPermissionsIsAddingPermission` state. - Updated the conditions for rendering the CRUD list to enhance clarity and maintainability. - These changes improve the overall functionality of the permissions tab by ensuring a more straightforward representation of the selected object state.
- Added logic to identify if a step is of type 'AI_AGENT' within the useDeleteStep hook. - Integrated a reset of the AI agent permissions state when an AI agent step is deleted, improving state management. - Updated imports to include necessary hooks and utilities for enhanced functionality and maintainability.
- Added a styled delete button to the permissions rows, improving user interaction for deleting permissions. - Implemented hover effects to reveal the delete button, enhancing the UI experience. - Updated related components to utilize the new delete button styling and functionality, ensuring consistency across the permissions tab. - Refactored the permission handling logic to accommodate the new delete button integration, improving overall maintainability.
… Safety - Updated the `refetchAgent` function to return a more specific type, improving type safety in the `WorkflowAiAgentPermissionsTab` component. - Adjusted the `refetchAgentAndRoles` function to return the refetched agent, ensuring better state management and clarity in the permissions handling logic. - Refactored the `useWorkflowAiAgentPermissionActions` hook to utilize the updated type definitions, enhancing maintainability and readability of the code. - These changes contribute to a more robust and type-safe implementation of the AI agent permissions functionality.
- Simplified the assignment of `currentTabId` by removing unnecessary type casting, enhancing code clarity. - This change contributes to a more streamlined implementation of the Workflow AI Agent action component.
- Updated imports in multiple components to utilize the new `WorkflowAiAgentPermissionsStyles` file, ensuring consistent styling across the permissions UI. - Refactored the delete button implementation for improved readability and maintainability. - These changes enhance the overall user experience and maintainability of the AI agent permissions components.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
+307
to
+315
|
|
||
| const { refetchedAgent } = await refetchAgentAndRoles(); | ||
| if ( | ||
| !hadRoleBefore && | ||
| isDefined(refetchedAgent) && | ||
| isDefined(setWorkflowAiAgentActionAgent) | ||
| ) { | ||
| setWorkflowAiAgentActionAgent(refetchedAgent); | ||
| } |
There was a problem hiding this comment.
Bug: UI state for AI agent permissions is not consistently updated after permission operations.
Severity: HIGH | Confidence: High
🔍 Detailed Analysis
After permission operations such as adding/deleting permissions or permission flags, the refetchedAgent data returned by refetchAgentAndRoles() is frequently discarded or only conditionally applied. This prevents the workflowAiAgentActionAgentState from being consistently updated with the latest server data, causing the UI to display stale agent roles and permissions to the user.
💡 Suggested Fix
Ensure the refetchedAgent returned from refetchAgentAndRoles() is consistently used to update workflowAiAgentActionAgentState in handleAddPermission, handleDeletePermission, handleAddPermissionFlag, and handleDeletePermissionFlag.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location:
packages/twenty-front/src/modules/workflow/workflow-steps/workflow-actions/ai-agent-action/hooks/useWorkflowAiAgentPermissionActions.ts#L307-L315
Potential issue: After permission operations such as adding/deleting permissions or
permission flags, the `refetchedAgent` data returned by `refetchAgentAndRoles()` is
frequently discarded or only conditionally applied. This prevents the
`workflowAiAgentActionAgentState` from being consistently updated with the latest server
data, causing the UI to display stale agent roles and permissions to the user.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 3887265
…s Components - Standardized the formatting of the delete button implementation in both `WorkflowAiAgentPermissionsFlagRow` and `WorkflowAiAgentPermissionsPermissionRow` components for improved readability. - These changes enhance code consistency and maintainability across the permissions UI.
Contributor
Greptile OverviewGreptile SummaryAdds a Permissions tab to the AI Agent workflow node, enabling granular control over agent permissions including CRUD operations on objects and action/settings flags. The implementation refactors existing role permission configuration hooks for reuse and adds comprehensive backend cleanup logic to delete agents and their associated roles when workflow steps are removed. Key Changes
Issues Found
Confidence Score: 3/5
Important Files ChangedFile Analysis
Sequence DiagramsequenceDiagram
participant User
participant WorkflowEditActionAiAgent
participant WorkflowAiAgentPermissionsTab
participant useWorkflowAiAgentPermissionActions
participant Backend
participant AiAgentRoleService
User->>WorkflowEditActionAiAgent: Open AI Agent Step
WorkflowEditActionAiAgent->>Backend: useFindOneAgentQuery(agentId)
Backend-->>WorkflowEditActionAiAgent: Agent data with roleId
User->>WorkflowEditActionAiAgent: Click Permissions Tab
WorkflowEditActionAiAgent->>WorkflowAiAgentPermissionsTab: Render tab
WorkflowAiAgentPermissionsTab->>Backend: useGetRolesQuery()
Backend-->>WorkflowAiAgentPermissionsTab: Role with permissions
User->>WorkflowAiAgentPermissionsTab: Click Add Permission
WorkflowAiAgentPermissionsTab->>WorkflowAiAgentPermissionsTab: Show object/permission selector
User->>WorkflowAiAgentPermissionsTab: Select object and permission
WorkflowAiAgentPermissionsTab->>useWorkflowAiAgentPermissionActions: handleAddPermission()
alt No roleId exists
useWorkflowAiAgentPermissionActions->>Backend: createRole()
Backend-->>useWorkflowAiAgentPermissionActions: New role created
useWorkflowAiAgentPermissionActions->>Backend: assignRoleToAgent()
Backend-->>useWorkflowAiAgentPermissionActions: Role assigned
end
useWorkflowAiAgentPermissionActions->>Backend: upsertObjectPermissions()
Backend-->>useWorkflowAiAgentPermissionActions: Permissions updated
useWorkflowAiAgentPermissionActions->>Backend: refetchAgentAndRoles()
Backend-->>useWorkflowAiAgentPermissionActions: Updated data
WorkflowAiAgentPermissionsTab->>WorkflowAiAgentPermissionsTab: Show updated permissions
User->>WorkflowAiAgentPermissionsTab: Delete permission
WorkflowAiAgentPermissionsTab->>useWorkflowAiAgentPermissionActions: handleDeletePermission()
useWorkflowAiAgentPermissionActions->>Backend: upsertObjectPermissions()
Backend-->>useWorkflowAiAgentPermissionActions: Permissions updated
User->>WorkflowEditActionAiAgent: Delete AI Agent Step
WorkflowEditActionAiAgent->>Backend: deleteWorkflowVersionStep()
Backend->>Backend: runWorkflowVersionStepDeletionSideEffects()
Backend->>Backend: Delete agent from agentRepository
Backend->>AiAgentRoleService: deleteAgentOnlyRoleIfUnused()
alt Role is agent-only and unused
AiAgentRoleService->>Backend: Delete role
end
Backend-->>WorkflowEditActionAiAgent: Step and agent deleted
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+136
to
+143
| permissionKey === 'canReadObjectRecords' | ||
| ? true | ||
| : (objectPermission?.canReadObjectRecords ?? | ||
| (permissionKey === 'canUpdateObjectRecords' || | ||
| permissionKey === 'canSoftDeleteObjectRecords' || | ||
| permissionKey === 'canDestroyObjectRecords' | ||
| ? true | ||
| : false)), |
Contributor
There was a problem hiding this comment.
logic: Logic automatically enables read when adding update/delete, but doesn't preserve existing read permission when adding read-only access.
When adding canReadObjectRecords, if other permissions (update/delete) already exist, they'll be lost because the logic defaults them to false. The auto-read logic should apply bidirectionally:
- Adding update/delete should auto-enable read (current behavior)
- Adding read should preserve existing update/delete permissions
Suggested change
| permissionKey === 'canReadObjectRecords' | |
| ? true | |
| : (objectPermission?.canReadObjectRecords ?? | |
| (permissionKey === 'canUpdateObjectRecords' || | |
| permissionKey === 'canSoftDeleteObjectRecords' || | |
| permissionKey === 'canDestroyObjectRecords' | |
| ? true | |
| : false)), | |
| canReadObjectRecords: | |
| permissionKey === 'canReadObjectRecords' | |
| ? true | |
| : (objectPermission?.canReadObjectRecords ?? | |
| (permissionKey === 'canUpdateObjectRecords' || | |
| permissionKey === 'canSoftDeleteObjectRecords' || | |
| permissionKey === 'canDestroyObjectRecords' | |
| ? true | |
| : false)), |
Prompt To Fix With AI
This is a comment left during a code review.
Path: packages/twenty-front/src/modules/workflow/workflow-steps/workflow-actions/ai-agent-action/hooks/useWorkflowAiAgentPermissionActions.ts
Line: 136:143
Comment:
**logic:** Logic automatically enables read when adding update/delete, but doesn't preserve existing read permission when adding read-only access.
When adding `canReadObjectRecords`, if other permissions (update/delete) already exist, they'll be lost because the logic defaults them to `false`. The auto-read logic should apply bidirectionally:
- Adding update/delete should auto-enable read (current behavior)
- Adding read should preserve existing update/delete permissions
```suggestion
canReadObjectRecords:
permissionKey === 'canReadObjectRecords'
? true
: (objectPermission?.canReadObjectRecords ??
(permissionKey === 'canUpdateObjectRecords' ||
permissionKey === 'canSoftDeleteObjectRecords' ||
permissionKey === 'canDestroyObjectRecords'
? true
: false)),
```
How can I resolve this? If you propose a fix, please make it concise.- Introduced a new test file for the useDeleteStep hook, ensuring proper functionality for deleting steps and cleaning up dependencies. - Implemented mock functions to simulate workflow version retrieval and step deletion, enhancing test coverage and reliability. - These tests contribute to improved maintainability and confidence in the useDeleteStep hook's behavior within the workflow management system.
…epFooter components for cleaner code.
…oved assignment capability handling - Replaced inline permission configuration logic with `useSettingsRolePermissionFlagConfig` hook in `SettingsRolePermissionsSettingsSection` and `WorkflowAiAgentPermissionsTab`. - Enhanced the hook to accept assignment capabilities, allowing for more granular permission filtering based on user roles. - Removed unused imports and streamlined the code for better readability and maintainability.
…ment capabilities - Updated `useActionRolePermissionFlagConfig` to accept assignment capabilities, enhancing permission filtering based on user roles. - Streamlined permission configuration in `SettingsRolePermissionsToolSection` and `useWorkflowAiAgentPermissionActions` to leverage the new hook. - Removed redundant code and imports for improved readability and maintainability.
…sTab to include assignment capabilities - Updated `useActionRolePermissionFlagConfig` in `WorkflowAiAgentPermissionsTab` to accept assignment capabilities, improving permission handling for agent assignments. - This change aligns with recent refactors to streamline role permissions management across the application.
…iently - Updated the `WorkflowEditActionAiAgent` component to store the response from `updateAgent` calls, improving state management. - Removed redundant `refetchQueries` parameter, streamlining the update process. - Enhanced type safety for `currentTabId` by explicitly casting `activeTabId` to `WorkflowAiAgentTabId`.
…ntPermissionsTab` for cleaner code structure and improved readability.
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
...workflow-steps/workflow-actions/ai-agent-action/components/WorkflowAiAgentPermissionsTab.tsx
Fixed
Show fixed
Hide fixed
...workflow-steps/workflow-actions/ai-agent-action/components/WorkflowAiAgentPermissionsTab.tsx
Fixed
Show fixed
Hide fixed
FelixMalfait
approved these changes
Nov 27, 2025
Member
FelixMalfait
left a comment
FelixMalfait
left a comment
There was a problem hiding this comment.
Discussed in Discord. Great work!
- Added functionality to view agent and role details in the WorkflowStepFooter component. - Introduced new menu items for "View Agent" and "View Role" based on the presence of agent and role IDs. - Improved code structure by incorporating additional imports and hooks for better state management.
…ltering logic for improved code clarity
...workflow-steps/workflow-actions/ai-agent-action/components/WorkflowAiAgentPermissionsTab.tsx
Fixed
Show fixed
Hide fixed
…lowAiAgentPermissionsTab to enhance code clarity and maintainability.
abdulrahmancodes
deleted the
feat/workflow-agent-node-permissions-tab
branch
Contributor
|
Thanks @abdulrahmancodes for your contribution! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.