feat: removed feature flag for ai and pam

2026-01-09 15:38:03 -05:00 · 2026-01-07 01:15:13 +05:30
parent 00bef0f2ff
commit 51907e2c65
17 changed files with 186 additions and 396 deletions
--- a/backend/src/ee/services/ai-mcp-endpoint/ai-mcp-endpoint-service.ts
+++ b/backend/src/ee/services/ai-mcp-endpoint/ai-mcp-endpoint-service.ts
@@ -27,7 +27,6 @@ import { AiMcpServerCredentialMode } from "../ai-mcp-server/ai-mcp-server-enum";
 import { TAiMcpServerServiceFactory } from "../ai-mcp-server/ai-mcp-server-service";
 import { TAiMcpServerToolDALFactory } from "../ai-mcp-server/ai-mcp-server-tool-dal";
 import { TAiMcpServerUserCredentialDALFactory } from "../ai-mcp-server/ai-mcp-server-user-credential-dal";
-import { TLicenseServiceFactory } from "../license/license-service";
 import { TPermissionServiceFactory } from "../permission/permission-service-types";
 import { ProjectPermissionMcpEndpointActions, ProjectPermissionSub } from "../permission/project-permission";
 import { TAiMcpEndpointDALFactory } from "./ai-mcp-endpoint-dal";
@@ -73,7 +72,6 @@ type TAiMcpEndpointServiceFactoryDep = {
  authTokenService: Pick<TAuthTokenServiceFactory, "getUserTokenSessionById">;
  userDAL: TUserDALFactory;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
 };

 // OAuth schemas for parsing cached data
@@ -130,8 +128,7 @@ export const aiMcpEndpointServiceFactory = ({
  keyStore,
  authTokenService,
  userDAL,
-  permissionService,
-  licenseService
+  permissionService
 }: TAiMcpEndpointServiceFactoryDep) => {
  const interactWithMcp = async ({
    endpointId,
@@ -375,13 +372,6 @@ export const aiMcpEndpointServiceFactory = ({
    actorAuthMethod,
    actorOrgId
  }: TCreateAiMcpEndpointDTO) => {
-    const orgLicensePlan = await licenseService.getPlan(actorOrgId);
-    if (!orgLicensePlan.ai) {
-      throw new BadRequestError({
-        message: "AI operation failed due to organization plan restrictions."
-      });
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor,
      actorId,
--- a/backend/src/ee/services/ai-mcp-server/ai-mcp-server-service.ts
+++ b/backend/src/ee/services/ai-mcp-server/ai-mcp-server-service.ts
@@ -20,7 +20,6 @@ import { ActorType, AuthMethod } from "@app/services/auth/auth-type";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { KmsDataKey } from "@app/services/kms/kms-types";

-import { TLicenseServiceFactory } from "../license/license-service";
 import { TPermissionServiceFactory } from "../permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "../permission/project-permission";
 import { TAiMcpServerDALFactory } from "./ai-mcp-server-dal";
@@ -53,7 +52,6 @@ type TAiMcpServerServiceFactoryDep = {
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
  keyStore: Pick<TKeyStoreFactory, "getItem" | "setItemWithExpiry" | "deleteItem">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
 };

 export type TAiMcpServerServiceFactory = ReturnType<typeof aiMcpServerServiceFactory>;
@@ -152,8 +150,7 @@ export const aiMcpServerServiceFactory = ({
  aiMcpServerUserCredentialDAL,
  kmsService,
  keyStore,
-  permissionService,
-  licenseService
+  permissionService
 }: TAiMcpServerServiceFactoryDep) => {
  /* eslint-disable @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-return, @typescript-eslint/no-redundant-type-constituents */
  const fetchMcpTools = async (serverUrl: string, accessToken: string): Promise<TMcpTool[]> => {
@@ -549,13 +546,6 @@ export const aiMcpServerServiceFactory = ({
    actorAuthMethod,
    actorOrgId
  }: TCreateAiMcpServerDTO) => {
-    const orgLicensePlan = await licenseService.getPlan(actorOrgId);
-    if (!orgLicensePlan.ai) {
-      throw new BadRequestError({
-        message: "AI operation failed due to organization plan restrictions."
-      });
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor,
      actorId,
--- a/backend/src/ee/services/license/license-fns.ts
+++ b/backend/src/ee/services/license/license-fns.ts
@@ -112,9 +112,7 @@ export const getDefaultOnPremFeatures = (): TFeatureSet => ({
  fips: false,
  eventSubscriptions: false,
  machineIdentityAuthTemplates: false,
-  pkiLegacyTemplates: false,
-  pam: false,
-  ai: false
+  pkiLegacyTemplates: false
 });

 export const setupLicenseRequestWithStore = (
--- a/backend/src/ee/services/license/license-types.ts
+++ b/backend/src/ee/services/license/license-types.ts
@@ -92,8 +92,6 @@ export type TFeatureSet = {
  pkiLegacyTemplates: false;
  fips: false;
  eventSubscriptions: false;
-  pam: false;
-  ai: false;
 };

 export type TOrgPlansTableDTO = {
--- a/backend/src/ee/services/pam-account/pam-account-service.ts
+++ b/backend/src/ee/services/pam-account/pam-account-service.ts
@@ -52,7 +52,6 @@ import { TUserDALFactory } from "@app/services/user/user-dal";

 import { EventType, TAuditLogServiceFactory } from "../audit-log/audit-log-types";
 import { TGatewayV2ServiceFactory } from "../gateway-v2/gateway-v2-service";
-import { TLicenseServiceFactory } from "../license/license-service";
 import { TPamFolderDALFactory } from "../pam-folder/pam-folder-dal";
 import { getFullPamFolderPath } from "../pam-folder/pam-folder-fns";
 import { TPamResourceDALFactory } from "../pam-resource/pam-resource-dal";
@@ -77,7 +76,6 @@ type TPamAccountServiceFactoryDep = {
  projectDAL: TProjectDALFactory;
  orgDAL: TOrgDALFactory;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission" | "getOrgPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
  gatewayV2Service: Pick<
    TGatewayV2ServiceFactory,
@@ -106,7 +104,6 @@ export const pamAccountServiceFactory = ({
  orgDAL,
  userDAL,
  permissionService,
-  licenseService,
  kmsService,
  gatewayV2Service,
  auditLogService,
@@ -127,13 +124,6 @@ export const pamAccountServiceFactory = ({
    }: TCreateAccountDTO,
    actor: OrgServiceActor
  ) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    if (rotationEnabled && (rotationIntervalSeconds === undefined || rotationIntervalSeconds === null)) {
      throw new BadRequestError({
        message: "Rotation interval must be defined when rotation is enabled."
@@ -247,13 +237,6 @@ export const pamAccountServiceFactory = ({
    }: TUpdateAccountDTO,
    actor: OrgServiceActor
  ) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    const account = await pamAccountDAL.findById(accountId);
    if (!account) throw new NotFoundError({ message: `Account with ID '${accountId}' not found` });

@@ -590,13 +573,6 @@ export const pamAccountServiceFactory = ({
    }: TAccessAccountDTO,
    actor: OrgServiceActor
  ) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    const pathSegments: string[] = accountPath.split("/").filter(Boolean);
    if (pathSegments.length === 0) {
      throw new BadRequestError({ message: "Invalid accountPath. Path must contain at least the account name." });
@@ -924,13 +900,6 @@ export const pamAccountServiceFactory = ({
  };

  const getSessionCredentials = async (sessionId: string, actor: OrgServiceActor) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    // To be hit by gateways only
    if (actor.type !== ActorType.IDENTITY) {
      throw new ForbiddenRequestError({ message: "Only gateways can perform this action" });
--- a/backend/src/ee/services/pam-folder/pam-folder-service.ts
+++ b/backend/src/ee/services/pam-folder/pam-folder-service.ts
@@ -7,31 +7,18 @@ import { DatabaseErrorCode } from "@app/lib/error-codes";
 import { BadRequestError, DatabaseError, NotFoundError } from "@app/lib/errors";
 import { OrgServiceActor } from "@app/lib/types";

-import { TLicenseServiceFactory } from "../license/license-service";
 import { TPamFolderDALFactory } from "./pam-folder-dal";
 import { TCreateFolderDTO, TUpdateFolderDTO } from "./pam-folder-types";

 type TPamFolderServiceFactoryDep = {
  pamFolderDAL: TPamFolderDALFactory;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
 };

 export type TPamFolderServiceFactory = ReturnType<typeof pamFolderServiceFactory>;

-export const pamFolderServiceFactory = ({
-  pamFolderDAL,
-  permissionService,
-  licenseService
-}: TPamFolderServiceFactoryDep) => {
+export const pamFolderServiceFactory = ({ pamFolderDAL, permissionService }: TPamFolderServiceFactoryDep) => {
  const createFolder = async ({ name, description, parentId, projectId }: TCreateFolderDTO, actor: OrgServiceActor) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor: actor.type,
      actorAuthMethod: actor.authMethod,
@@ -72,13 +59,6 @@ export const pamFolderServiceFactory = ({
  };

  const updateFolder = async ({ id, name, description }: TUpdateFolderDTO, actor: OrgServiceActor) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    const folder = await pamFolderDAL.findById(id);
    if (!folder) throw new NotFoundError({ message: `Folder with ID '${id}' not found` });

--- a/backend/src/ee/services/pam-resource/pam-resource-service.ts
+++ b/backend/src/ee/services/pam-resource/pam-resource-service.ts
@@ -12,7 +12,6 @@ import { OrgServiceActor } from "@app/lib/types";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";

 import { TGatewayV2ServiceFactory } from "../gateway-v2/gateway-v2-service";
-import { TLicenseServiceFactory } from "../license/license-service";
 import { decryptAccountCredentials, encryptAccountCredentials } from "../pam-account/pam-account-fns";
 import { TPamResourceDALFactory } from "./pam-resource-dal";
 import { PamResource } from "./pam-resource-enums";
@@ -31,7 +30,6 @@ import { TSSHResourceMetadata } from "./ssh/ssh-resource-types";
 type TPamResourceServiceFactoryDep = {
  pamResourceDAL: TPamResourceDALFactory;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission" | "getOrgPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
  gatewayV2Service: Pick<
    TGatewayV2ServiceFactory,
@@ -44,7 +42,6 @@ export type TPamResourceServiceFactory = ReturnType<typeof pamResourceServiceFac
 export const pamResourceServiceFactory = ({
  pamResourceDAL,
  permissionService,
-  licenseService,
  kmsService,
  gatewayV2Service
 }: TPamResourceServiceFactoryDep) => {
@@ -76,13 +73,6 @@ export const pamResourceServiceFactory = ({
    { resourceType, connectionDetails, gatewayId, name, projectId, rotationAccountCredentials }: TCreateResourceDTO,
    actor: OrgServiceActor
  ) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor: actor.type,
      actorAuthMethod: actor.authMethod,
@@ -137,13 +127,6 @@ export const pamResourceServiceFactory = ({
    { connectionDetails, resourceId, name, rotationAccountCredentials }: TUpdateResourceDTO,
    actor: OrgServiceActor
  ) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    const resource = await pamResourceDAL.findById(resourceId);
    if (!resource) throw new NotFoundError({ message: `Resource with ID '${resourceId}' not found` });

--- a/backend/src/ee/services/pam-session/pam-session-service.ts
+++ b/backend/src/ee/services/pam-session/pam-session-service.ts
@@ -9,7 +9,6 @@ import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { KmsDataKey } from "@app/services/kms/kms-types";
 import { TProjectDALFactory } from "@app/services/project/project-dal";

-import { TLicenseServiceFactory } from "../license/license-service";
 import { OrgPermissionGatewayActions, OrgPermissionSubjects } from "../permission/org-permission";
 import { ProjectPermissionPamSessionActions, ProjectPermissionSub } from "../permission/project-permission";
 import { TPamSessionDALFactory } from "./pam-session-dal";
@@ -21,7 +20,6 @@ type TPamSessionServiceFactoryDep = {
  pamSessionDAL: TPamSessionDALFactory;
  projectDAL: TProjectDALFactory;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission" | "getOrgPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
 };

@@ -31,7 +29,6 @@ export const pamSessionServiceFactory = ({
  pamSessionDAL,
  projectDAL,
  permissionService,
-  licenseService,
  kmsService
 }: TPamSessionServiceFactoryDep) => {
  // Helper to check and update expired sessions when viewing session details (redundancy for scheduled job)
@@ -111,13 +108,6 @@ export const pamSessionServiceFactory = ({
  };

  const updateLogsById = async ({ sessionId, logs }: TUpdateSessionLogsDTO, actor: OrgServiceActor) => {
-    const orgLicensePlan = await licenseService.getPlan(actor.orgId);
-    if (!orgLicensePlan.pam) {
-      throw new BadRequestError({
-        message: "PAM operation failed due to organization plan restrictions."
-      });
-    }
-
    // To be hit by gateways only
    if (actor.type !== ActorType.IDENTITY) {
      throw new ForbiddenRequestError({ message: "Only gateways can perform this action" });
--- a/backend/src/ee/services/permission/default-roles.ts
+++ b/backend/src/ee/services/permission/default-roles.ts
@@ -15,6 +15,7 @@ import {
  ProjectPermissionGroupActions,
  ProjectPermissionIdentityActions,
  ProjectPermissionKmipActions,
+  ProjectPermissionMcpEndpointActions,
  ProjectPermissionMemberActions,
  ProjectPermissionPamAccountActions,
  ProjectPermissionPamSessionActions,
@@ -28,7 +29,6 @@ import {
  ProjectPermissionSecretScanningDataSourceActions,
  ProjectPermissionSecretScanningFindingActions,
  ProjectPermissionSecretSyncActions,
-  ProjectPermissionMcpEndpointActions,
  ProjectPermissionSet,
  ProjectPermissionSshHostActions,
  ProjectPermissionSub
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -2450,14 +2450,12 @@ export const registerRoutes = async (

  const pamFolderService = pamFolderServiceFactory({
    pamFolderDAL,
-    permissionService,
-    licenseService
+    permissionService
  });

  const pamResourceService = pamResourceServiceFactory({
    pamResourceDAL,
    permissionService,
-    licenseService,
    kmsService,
    gatewayV2Service
  });
@@ -2479,7 +2477,6 @@ export const registerRoutes = async (
    pamAccountDAL,
    gatewayV2Service,
    kmsService,
-    licenseService,
    pamFolderDAL,
    pamResourceDAL,
    pamSessionDAL,
@@ -2505,7 +2502,6 @@ export const registerRoutes = async (
    pamSessionDAL,
    projectDAL,
    permissionService,
-    licenseService,
    kmsService
  });

@@ -2515,8 +2511,7 @@ export const registerRoutes = async (
    aiMcpServerUserCredentialDAL,
    kmsService,
    keyStore,
-    permissionService,
-    licenseService
+    permissionService
  });

  const aiMcpActivityLogService = aiMcpActivityLogServiceFactory({
@@ -2537,8 +2532,7 @@ export const registerRoutes = async (
    authTokenService: tokenService,
    aiMcpActivityLogService,
    userDAL,
-    permissionService,
-    licenseService
+    permissionService
  });

  const migrationService = externalMigrationServiceFactory({