update

Author: phrocker

ai-agent/pom.xml

@@ -37,6 +37,11 @@
       <artifactId>sentrius-core</artifactId>
       <version>1.0.0-SNAPSHOT</version>
     </dependency>
+    <dependency>
+      <groupId>io.sentrius</groupId>
+      <artifactId>provenance-core</artifactId>
+      <version>1.0.0-SNAPSHOT</version>
+    </dependency>
     <dependency>
       <groupId>io.sentrius</groupId>
       <artifactId>sentrius-llm-core</artifactId>

ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java

@@ -15,12 +15,15 @@
 import io.sentrius.agent.analysis.agents.verbs.TerminalVerbs;
 import io.sentrius.agent.analysis.api.UserCommunicationService;
 import io.sentrius.sso.core.exceptions.ZtatException;
+import io.sentrius.sso.core.services.agents.AgentClientService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.genai.Message;
 import io.sentrius.sso.protobuf.Session;
+import io.sentrius.sso.provenance.ProvenanceEvent;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 import org.springframework.web.socket.CloseStatus;
 import org.springframework.web.socket.TextMessage;
@@ -29,6 +32,7 @@
 
 @Slf4j
 @Component
+@ConditionalOnProperty(name = "agents.ai.chat.agent.enabled", havingValue = "true", matchIfMissing = false)
 public class ChatWSHandler extends TextWebSocketHandler {
 
     final UserCommunicationService userCommunicationService;
@@ -39,15 +43,19 @@ public class ChatWSHandler extends TextWebSocketHandler {
 
 
     private final ChatAgent chatAgent;
+    private final AgentClientService agentClientService;
 
     @Autowired
     public ChatWSHandler(UserCommunicationService userCommunicationService, ZeroTrustClientService zeroTrustClientService,
-                         TerminalVerbs terminalVerbs, AgentVerbs agentVerbs, ChatAgent chatAgent) {
+                         TerminalVerbs terminalVerbs, AgentVerbs agentVerbs, ChatAgent chatAgent,
+                         AgentClientService agentClientService
+    ) {
         this.userCommunicationService = userCommunicationService;
         this.zeroTrustClientService = zeroTrustClientService;
         this.terminalVerbs = terminalVerbs;
         this.agentVerbs = agentVerbs;
         this.chatAgent = chatAgent;
+        this.agentClientService = agentClientService;
     }
 
     @Override
@@ -96,6 +104,17 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
         ));
 
         userCommunicationService.createSession(queryParams.get("sessionId"), session);
+
+
+        ProvenanceEvent provenanceEvent = ProvenanceEvent.builder()
+            .eventType(ProvenanceEvent.EventType.USER_CHAT_AGENT)
+            .actor(session.getPrincipal().getName())
+            .triggeringUser(chatAgent.getAgentExecution().getUser().getName())
+            .outputSummary("New chat session established")
+            .sessionId(session.getId())
+            .build();
+
+        agentClientService.submitProvenance(chatAgent.getAgentExecution(), provenanceEvent);
     }
 
 

ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/JwtHandshakeInterceptor.java

@@ -3,6 +3,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
@@ -19,6 +20,7 @@
 
 @Slf4j
 @Component
+@ConditionalOnProperty(name = "agents.ai.chat.agent.enabled", havingValue = "true", matchIfMissing = false)
 public class JwtHandshakeInterceptor implements HandshakeInterceptor {
 
     private final JwtDecoder jwtDecoder;

ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/WebSocketConfig.java

@@ -3,6 +3,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.socket.config.annotation.EnableWebSocket;
 import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
@@ -13,6 +14,7 @@
 @EnableWebSocket
 @RequiredArgsConstructor
 @Slf4j
+@ConditionalOnProperty(name = "agents.ai.chat.agent.enabled", havingValue = "true", matchIfMissing = false)
 public class WebSocketConfig implements WebSocketConfigurer {
 
     @Value("${agent.listen.websocket:false}") // Default is false

api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java

@@ -5,7 +5,6 @@
 import java.security.GeneralSecurityException;
 import java.sql.SQLException;
 import java.time.LocalDateTime;
-import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -37,7 +36,6 @@
 import io.sentrius.sso.core.services.security.ZeroTrustAccessTokenService;
 import io.sentrius.sso.core.services.security.ZeroTrustRequestService;
 import io.sentrius.sso.core.services.terminal.SessionTrackingService;
-import io.sentrius.sso.protobuf.Session;
 import io.sentrius.sso.provenance.ProvenanceEvent;
 import io.sentrius.sso.provenance.kafka.ProvenanceKafkaProducer;
 import jakarta.servlet.http.HttpServletRequest;
@@ -134,16 +132,6 @@ public ResponseEntity<?> heartbeat(
         }
         agentService.recordHeartbeat(operatingUser.getUserId(),status.getName(), status);
         log.info("Heartbeat status recorded for agent: {} {}", agentId, status);
-        ProvenanceEvent event = ProvenanceEvent.builder()
-            .eventId(UUID.randomUUID().toString())
-            .sessionId(status.getAgentId())
-            .actor(operatingUser.getUsername())
-            .triggeringUser(operatingUser.getUsername())
-            .eventType(ProvenanceEvent.EventType.AGENT_RESPONSE)
-            .outputSummary("Heartbeat received from agent: " + status.getName() + " with status: " + status.getStatus())
-            .timestamp(LocalDateTime.now().toInstant(java.time.ZoneOffset.UTC))
-            .build();
-        provenanceKafkaProducer.send(event);
         return ResponseEntity.ok(Map.of("status", "success"));
     }
 
@@ -198,6 +186,43 @@ public ResponseEntity<?> requestRegistration(
 
 
 
+    }
+
+    @PostMapping("/provenance/submit")
+    // no LimitAccess
+    public ResponseEntity<?> submitProvenance(
+        @RequestHeader("Authorization") String token,
+        HttpServletRequest request, HttpServletResponse response, @RequestBody ProvenanceEvent event) throws SQLException,
+        GeneralSecurityException {
+
+        String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;
+
+
+        if (!keycloakService.validateJwt(compactJwt)) {
+            log.warn("Invalid Keycloak token");
+            return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
+        }
+
+        var operatingUser = getOperatingUser(request, response );
+
+        // Extract agent identity from the JWT
+        String agentId = keycloakService.extractAgentId(compactJwt);
+
+        if (null == operatingUser) {
+            log.warn("No operating user found for agent: {}", agentId);
+            var username = keycloakService.extractUsername(compactJwt);
+            operatingUser = userService.getUserByUsername(username);
+
+        }
+
+        provenanceKafkaProducer.send(event);
+
+        return ResponseEntity.ok(Map.of("status", "success", "message", "Provenance event submitted successfully"));
+
+
+
+
+
     }
 
 
@@ -549,6 +574,21 @@ public ResponseEntity<?> getNextMessage(
                 .build())
             .toList();
 
+        for (var comm : comms) {
+            log.info("Found communication: {} {} {} {}", comm.getId(), comm.getSourceAgent(), comm.getTargetAgent(), comm.getPayload());
+            ProvenanceEvent event = ProvenanceEvent.builder()
+                .eventId(communicationId)
+                .sessionId(communicationId)
+                .actor(operatingUser.getUsername())
+                .triggeringUser(comm.getTargetAgent())
+                .eventType(ProvenanceEvent.EventType.KNOWLEDGE_GENERATED)
+                .outputSummary("Ask agent " + comm.getPayload())
+                .timestamp(LocalDateTime.now().toInstant(java.time.ZoneOffset.UTC))
+                .build();
+            provenanceKafkaProducer.send(event);
+        }
+
+
         return ResponseEntity.ok(commsDto);
 
     }

core/pom.xml

@@ -20,6 +20,11 @@
 
 
     <dependencies>
+        <dependency>
+            <groupId>io.sentrius</groupId>
+            <artifactId>provenance-core</artifactId>
+            <version>1.0.0-SNAPSHOT</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>

core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java

@@ -18,6 +18,7 @@
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.services.security.KeycloakService;
 import io.sentrius.sso.core.utils.JsonUtil;
+import io.sentrius.sso.provenance.ProvenanceEvent;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -86,6 +87,16 @@ public Set<String> getCommunicationIds(AgentExecution execution, ZtatRequestDTO
         return Set.of();
     }
 
+    public void submitProvenance(AgentExecution execution, ProvenanceEvent event){
+        String url = "/agent/provenance/submit";
+
+        try {
+            zeroTrustClientService.callPostOnApi(execution, url, event);
+        } catch (ZtatException e) {
+            log.error("Failed to submit provenance event: {}", e.getMessage());
+        }
+    }
+
     public List<AgentCommunicationDTO> getResponse(AgentExecution execution, AtatRequest atatRequest,
                                                   AgentCommunicationDTO lastCommunication,
                                                   long timeToWait, TimeUnit timeUnit)

dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentService.java

@@ -166,8 +166,8 @@ public CompletableFuture<AgentCommunication> saveCommunication(String communicat
         try {
             var eventType = switch(messageType){
                 case "intercept" -> ProvenanceEvent.EventType.ENDPOINT_ACCESS;
-                case "chat_request" -> ProvenanceEvent.EventType.AGENT_RESPONSE;
-                case "interpretation_response" -> ProvenanceEvent.EventType.AGENT_RESPONSE;
+                case "chat_request" -> ProvenanceEvent.EventType.AGENT_RESPOND;
+                case "interpretation_response" -> ProvenanceEvent.EventType.AGENT_RESPOND;
                 default -> ProvenanceEvent.EventType.UNKNOWN;
             };
             ProvenanceEvent event = ProvenanceEvent.builder()
@@ -203,8 +203,8 @@ public CompletableFuture<AgentCommunication> saveCommunication(AgentCommunicatio
         try {
             var eventType = switch(communication.getMessageType()){
                 case "intercept" -> ProvenanceEvent.EventType.ENDPOINT_ACCESS;
-                case "chat_request" -> ProvenanceEvent.EventType.AGENT_RESPONSE;
-                case "interpretation_response" -> ProvenanceEvent.EventType.AGENT_RESPONSE;
+                case "chat_request" -> ProvenanceEvent.EventType.AGENT_RESPOND;
+                case "interpretation_response" -> ProvenanceEvent.EventType.INTERPRET_MESSAGE;
                 default -> ProvenanceEvent.EventType.UNKNOWN;
             };
             ProvenanceEvent event = ProvenanceEvent.builder()

llm-proxy/src/main/java/io/sentrius/sso/controllers/api/OpenAIProxyController.java

@@ -1,5 +1,6 @@
 package io.sentrius.sso.controllers.api;
 
+import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.UUID;
 import java.util.concurrent.ExecutionException;
@@ -153,6 +154,27 @@ public ResponseEntity<?> chat(@RequestHeader("Authorization") String token,
         );
 
 
+        ProvenanceEvent event = ProvenanceEvent.builder()
+            .eventId(communicationId)
+            .sessionId(communicationId)
+            .actor(operatingUser.getUsername())
+            .triggeringUser("LLM")
+            .eventType(ProvenanceEvent.EventType.KNOWLEDGE_REQUESTED)
+            .outputSummary("prompt LLM" + chatRequest.getMessages().get(0).getContent())
+            .timestamp(LocalDateTime.now().toInstant(java.time.ZoneOffset.UTC))
+            .build();
+        provenanceKafkaProducer.send(event);
+
+        event = ProvenanceEvent.builder()
+            .eventId(communicationId)
+            .sessionId(communicationId)
+            .actor("LLM")
+            .triggeringUser(operatingUser.getUsername())
+            .eventType(ProvenanceEvent.EventType.KNOWLEDGE_GENERATED)
+            .outputSummary("prompt LLM")
+            .timestamp(LocalDateTime.now().toInstant(java.time.ZoneOffset.UTC))
+            .build();
+        provenanceKafkaProducer.send(event);
 
 
 
@@ -248,7 +270,7 @@ public ResponseEntity<?> justify(@RequestHeader("Authorization") String token,
             "chat_request",
             rawBody
         );
-        
+
         Span span = tracer.spanBuilder("AgentToAgentCommunication").startSpan();
         try (Scope scope = span.makeCurrent()) {
             var resp = endpoint.sample(RawConversationRequest.builder().request(chatRequest).build());

pom.xml

@@ -7,8 +7,8 @@
   <name>sentrius</name>
   <description>Multi-module project for sentrius</description>
   <modules>
-    <module>core</module>
     <module>provenance-core</module>
+    <module>core</module>
     <module>dataplane</module>
     <module>sentrius-llm-core</module>
     <module>sentrius-llm-dataplane</module>