fix deployment and enable pluggable rule feature

Author: phrocker

.azure.env

@@ -1,11 +1,11 @@
-SENTRIUS_VERSION=1.1.54
+SENTRIUS_VERSION=1.1.55
 SENTRIUS_SSH_VERSION=1.1.11
 SENTRIUS_KEYCLOAK_VERSION=1.1.14
 SENTRIUS_AGENT_VERSION=1.1.23
 SENTRIUS_AI_AGENT_VERSION=1.1.4
 LLMPROXY_VERSION=1.1.4
 LAUNCHER_VERSION=1.1.4
-AGENTPROXY_VERSION=1.1.5
+AGENTPROXY_VERSION=1.1.4
 SSHPROXY_VERSION=1.1.4
 RDPPROXY_VERSION=1.1.4
 GITHUB_MCP_VERSION=1.1.4

agent-proxy/dynamic.properties

@@ -8,6 +8,7 @@ systemLogoName=Sentrius
 AccessTokenAuditor.rule.4=io.sentrius.sso.automation.auditing.rules.OpenAISessionRule;Malicious AI Monitoring
 AccessTokenAuditor.rule.5=io.sentrius.sso.automation.auditing.rules.TwoPartyAIMonitor;AI Second Party Monitor
 AccessTokenAuditor.rule.6=io.sentrius.sso.automation.auditing.rules.SudoApproval;Sudo Approval
+AccessTokenAuditor.rule.7=io.sentrius.sso.automation.auditing.rules.PluggableRuleEvaluator;Custom Pluggable Rule
 allowProxies=true
 AccessTokenAuditor.rule.2=io.sentrius.sso.automation.auditing.rules.DeletePrevention;Delete Prevention
 AccessTokenAuditor.rule.3=io.sentrius.sso.automation.auditing.rules.TwoPartySessionRule;Require Second Party Monitoring

api/dynamic.properties

@@ -8,6 +8,7 @@ systemLogoName=Sentrius
 AccessTokenAuditor.rule.4=io.sentrius.sso.automation.auditing.rules.OpenAISessionRule;Malicious AI Monitoring
 AccessTokenAuditor.rule.5=io.sentrius.sso.automation.auditing.rules.TwoPartyAIMonitor;AI Second Party Monitor
 AccessTokenAuditor.rule.6=io.sentrius.sso.automation.auditing.rules.SudoApproval;Sudo Approval
+AccessTokenAuditor.rule.7=io.sentrius.sso.automation.auditing.rules.PluggableRuleEvaluator;Custom Pluggable Rule
 allowProxies=true
 AccessTokenAuditor.rule.2=io.sentrius.sso.automation.auditing.rules.DeletePrevention;Delete Prevention
 AccessTokenAuditor.rule.3=io.sentrius.sso.automation.auditing.rules.TwoPartySessionRule;Require Second Party Monitoring

api/src/main/java/io/sentrius/sso/controllers/api/RuleApiController.java

@@ -23,6 +23,7 @@
 import io.sentrius.sso.core.services.RuleService;
 import io.sentrius.sso.core.services.UserService;
 import io.sentrius.sso.core.services.agents.LLMService;
+import io.sentrius.sso.core.services.security.IntegrationSecurityTokenService;
 import io.sentrius.sso.core.utils.AccessUtil;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -48,17 +49,19 @@ public class RuleApiController extends BaseController {
     final HostGroupService hostGroupService;
     final RuleService ruleService;
     final LLMService llmService;
+    private final IntegrationSecurityTokenService integrationSecurityTokenService;
     final ObjectMapper objectMapper;
 
     protected RuleApiController(
         UserService userService, SystemOptions systemOptions,
         ErrorOutputService errorOutputService,
-        HostGroupService hostGroupService, RuleService ruleService, 
-        LLMService llmService, ObjectMapper objectMapper) {
+        HostGroupService hostGroupService, RuleService ruleService,
+        LLMService llmService, IntegrationSecurityTokenService integrationSecurityTokenService, ObjectMapper objectMapper) {
         super(userService, systemOptions, errorOutputService);
         this.hostGroupService = hostGroupService;
         this.ruleService = ruleService;
         this.llmService = llmService;
+        this.integrationSecurityTokenService = integrationSecurityTokenService;
         this.objectMapper = objectMapper;
     }
 
@@ -294,9 +297,16 @@ public ResponseEntity<Map<String, Object>> generateRule(
                 // Note: Using empty builder as LLM service will use system authentication
                 // If LLM requires user-specific tokens, this would need to be enhanced
                 TokenDTO token = TokenDTO.builder().build();
-                
+
+                var authToken = integrationSecurityTokenService
+                    .selectToken(systemOptions.getDefaultLlmProvider())
+                    .orElse(null);
+
+                if (authToken == null) throw new RuntimeException("Authentication required");
+
                 try {
-                    String llmResponse = llmService.askQuestion(token, llmRequest);
+                    String llmResponse = llmService.askQuestion(token, systemOptions.getIntegrationProxyUrl(),
+                        llmRequest);
                     log.info("LLM response: {}", llmResponse);
 
                     // Parse the response

api/src/main/java/io/sentrius/sso/controllers/view/ZeroTrustRuleController.java

@@ -3,6 +3,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import io.sentrius.sso.automation.auditing.rules.CommandEvaluator;
+import io.sentrius.sso.automation.auditing.rules.PluggableRuleEvaluator;
 import io.sentrius.sso.automation.auditing.rules.RuleConfiguration;
 import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.controllers.BaseController;
@@ -99,5 +100,12 @@ public String customRuleChat() {
         return "sso/rules/custom_rule_chat";
     }
 
+    @GetMapping("/config/pluggable_rule")
+    public String configurePluggableRule(@RequestParam("ruleName") String ruleName, Model model) {
+        model.addAttribute("ruleName", ruleName);
+        model.addAttribute("ruleClass", PluggableRuleEvaluator.class.getCanonicalName());
+        return "sso/rules/pluggable_rule";
+    }
+
 
 }

api/src/main/resources/static/js/rules.js

@@ -192,8 +192,8 @@ $(document).ready(function () {
         } else if (ruleClass.includes("AllowedCommandsRule")) {
             url = "/sso/v1/zerotrust/rules/config/allowed_commands_rule?ruleName=" + encodeURIComponent(ruleName);
         } else if (ruleClass.includes("PluggableRuleEvaluator")) {
-            // Redirect to custom rule chat interface for PluggableRuleEvaluator
-            url = "/sso/v1/zerotrust/rules/custom-chat";
+            // Redirect to pluggable rule configuration form
+            url = "/sso/v1/zerotrust/rules/config/pluggable_rule?ruleName=" + encodeURIComponent(ruleName);
             window.location.href = url;
             return;
         } else if (ruleClass.includes("DeletePrevention")) {