fixup initial functionality

Author: phrocker

.local.env

@@ -6,4 +6,4 @@ SENTRIUS_AI_AGENT_VERSION=1.1.263
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
 AGENTPROXY_VERSION=1.0.85
-SSHPROXY_VERSION=1.0.31
+SSHPROXY_VERSION=1.0.40

.local.env.bak

@@ -6,4 +6,4 @@ SENTRIUS_AI_AGENT_VERSION=1.1.263
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
 AGENTPROXY_VERSION=1.0.85
-SSHPROXY_VERSION=1.0.31
+SSHPROXY_VERSION=1.0.40

dataplane/src/main/java/io/sentrius/sso/automation/auditing/BaseAccessTokenAuditor.java

@@ -7,11 +7,7 @@
 import io.sentrius.sso.core.model.users.User;
 
 public abstract class BaseAccessTokenAuditor {
-/*
-  protected final Long userId;
-  protected final Long sessionId;
 
-  protected final Long systemId;*/
   protected final HostSystem system;
   protected final SessionLog session;
   protected final User user;

dataplane/src/main/java/io/sentrius/sso/core/model/sessions/SessionOutput.java

@@ -146,7 +146,7 @@ public Trigger getNextDenial() {
         return deny.isEmpty() ? null : deny.pop();
     }
 */
-    public void addJIT(Trigger trg) {
+    public void addZtat(Trigger trg) {
         String message =
             "This command will require approval. Your command will not execute until approval is"
                 + " garnered.If approval is not already submitted you will be notified when it is"

dataplane/src/main/java/io/sentrius/sso/core/services/SshListenerService.java

@@ -255,7 +255,7 @@ public void stopListeningToSshServer(ConnectedSystem connectedSystem) {
         sessionTrackingService.closeSession(connectedSystem);
     }
 
-    /** Maps key press events to the ascii values */
+    /** Maps key press events to the ascii values
     static Map<Integer, byte[]> keyMap = new HashMap<>();
 
     static {
@@ -273,6 +273,7 @@ public void stopListeningToSshServer(ConnectedSystem connectedSystem) {
         keyMap.put(40, new byte[] {(byte) 0x1b, (byte) 0x4f, (byte) 0x42});
         // BS
         keyMap.put(8, new byte[] {(byte) 0x7f});
+        keyMap.put(127, new byte[] {(byte) 0x7f}); // DEL
         // TAB
         keyMap.put(9, new byte[] {(byte) 0x09});
         // CTR
@@ -285,6 +286,7 @@ public void stopListeningToSshServer(ConnectedSystem connectedSystem) {
         keyMap.put(66, new byte[] {(byte) 0x02});
         // CTR-C
         keyMap.put(67, new byte[] {(byte) 0x03});
+        keyMap.put(3, new byte[] {(byte) 0x03});
         // CTR-D
         keyMap.put(68, new byte[] {(byte) 0x04});
         // CTR-E
@@ -345,8 +347,45 @@ public void stopListeningToSshServer(ConnectedSystem connectedSystem) {
         keyMap.put(35, "\033[4~".getBytes());
         // HOME
         keyMap.put(36, "\033[1~".getBytes());
+    }*/
+    public static Map<Integer, byte[]> keyMap = new HashMap<>();
+    static {
+        // --- Control characters ---
+        keyMap.put(8,  new byte[] {0x08});   // Backspace (^H)
+        keyMap.put(127,new byte[] {0x7f});   // DEL
+        keyMap.put(9,  new byte[] {0x09});   // Tab
+        keyMap.put(13, new byte[] {0x0d});   // Enter
+
+        // --- Arrow keys (CSI sequences) ---
+        keyMap.put(37, "\033[D".getBytes()); // Left
+        keyMap.put(38, "\033[A".getBytes()); // Up
+        keyMap.put(39, "\033[C".getBytes()); // Right
+        keyMap.put(40, "\033[B".getBytes()); // Down
+
+        // --- Home / End / Insert / Delete / PgUp / PgDn ---
+        keyMap.put(36, "\033[H".getBytes());   // Home
+        keyMap.put(35, "\033[F".getBytes());   // End
+        keyMap.put(45, "\033[2~".getBytes());  // Insert
+        keyMap.put(46, "\033[3~".getBytes());  // Delete
+        keyMap.put(33, "\033[5~".getBytes());  // Page Up
+        keyMap.put(34, "\033[6~".getBytes());  // Page Down
+
+        // --- Ctrl + Letter (ASCII 1–26) ---
+        for (int i = 'A'; i <= 'Z'; i++) {
+            keyMap.put(i, new byte[] { (byte) (i - 'A' + 1) });
+        }
+        // Also allow numeric keyCodes for Ctrl+C from browsers
+        keyMap.put(3, new byte[] {0x03}); // Ctrl-C
+
+        // --- Ctrl-[ and Ctrl-] ---
+        keyMap.put(219, new byte[] {0x1B}); // Ctrl-[ (Escape)
+        keyMap.put(221, new byte[] {0x1D}); // Ctrl-]
+
+        // --- ESC key ---
+        keyMap.put(27, new byte[] {0x1B});
     }
 
+
     public void removeSession(String sessionId) {
         log.trace("Removing session: {}", sessionId);
         activeSessions.remove(sessionId);

dataplane/src/main/java/io/sentrius/sso/core/services/terminal/SessionTrackingService.java

@@ -242,7 +242,7 @@ public void addTrigger(ConnectedSystem connectedSystem, Trigger trigger) {
         case NO_ACTION, WARN_ACTION -> userSessionsOutput.getSessionOutputMap().get(connectedSystem.getSession().getId()).addWarning(trigger);
         case PERSISTENT_MESSAGE -> userSessionsOutput.getSessionOutputMap().get(connectedSystem.getSession().getId()).addPersistentMessage(trigger);
         case PROMPT_ACTION -> userSessionsOutput.getSessionOutputMap().get(connectedSystem.getSession().getId()).addPrompt(trigger);
-        case JIT_ACTION -> userSessionsOutput.getSessionOutputMap().get(connectedSystem.getSession().getId()).addJIT(trigger);
+        case JIT_ACTION -> userSessionsOutput.getSessionOutputMap().get(connectedSystem.getSession().getId()).addZtat(trigger);
         case DENY_ACTION -> userSessionsOutput.getSessionOutputMap().get(connectedSystem.getSession().getId()).addDenial(trigger);
       }
     }

ssh-proxy/src/main/java/io/sentrius/sso/sshproxy/handler/ResponseServiceSession.java

@@ -3,9 +3,13 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.Base64;
+import io.sentrius.sso.automation.auditing.BaseAccessTokenAuditor;
+import io.sentrius.sso.automation.auditing.Trigger;
 import io.sentrius.sso.core.integrations.ssh.DataSession;
 import io.sentrius.sso.core.model.ConnectedSystem;
+import io.sentrius.sso.core.services.SshListenerService;
 import io.sentrius.sso.protobuf.Session;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.socket.TextMessage;
@@ -17,13 +21,24 @@ public class ResponseServiceSession implements DataSession {
     private final String sessionId;
     private final InputStream in;
     private final OutputStream out;
+    private final BaseAccessTokenAuditor auditor;
     private ConnectedSystem connectedSystem;
 
-    public ResponseServiceSession(ConnectedSystem connectedSystem, InputStream in, OutputStream out) {
+
+    private static final String ANSI_RED = "\u001B[31m";
+    private static final String ANSI_YELLOW = "\u001B[33m";
+    private static final String ANSI_GREEN = "\u001B[32m";
+    private static final String ANSI_BLUE = "\u001B[34m";
+    private static final String ANSI_RESET = "\u001B[0m";
+    private static final String ANSI_BOLD = "\u001B[1m";
+
+    public ResponseServiceSession(ConnectedSystem connectedSystem, InputStream in,
+                                  OutputStream out) {
         this.sessionId = connectedSystem.getWebsocketSessionId();
         this.connectedSystem = connectedSystem;
         this.in = in;
         this.out = out;
+        this.auditor = connectedSystem.getTerminalAuditor();
     }
     @Override
     public String getId() {
@@ -45,11 +60,142 @@ public void sendMessage(WebSocketMessage<?> message) throws IOException {
             Session.TerminalMessage auditLog =
                 Session.TerminalMessage.parseFrom(messageBytes);
 
-            log.info("Sending terminal message to session {}: {} {}", sessionId, terminalMessage,
-                auditLog.getCommand());
-            out.write(auditLog.getCommandBytes().toByteArray());
+            var trigger = auditLog.getTrigger();
+            String msg = "";
+            switch (trigger.getAction()) {
+                case DENY_ACTION:
+                    msg = formatDenyMessage(trigger, auditLog);
+                    connectedSystem.getCommander().write(SshListenerService.keyMap.get(3));
+                    connectedSystem.getTerminalAuditor().clear(0); // clear in case
+                    break;
+                case WARN_ACTION:
+                    msg = formatWarnMessage(trigger, auditLog);
+
+                    break;
+                case PROMPT_ACTION:
+                    msg = formatPromptMessage(trigger, auditLog);
+                    break;
+                case JIT_ACTION:
+                    msg = formatJitMessage(trigger, auditLog);
+                    break;
+                case RECORD_ACTION:
+                    msg = formatRecordMessage(trigger, auditLog);
+                    break;
+
+                case PERSISTENT_MESSAGE:
+                    msg = formatPersistentMessage(trigger, auditLog);
+                    break;
+                case APPROVE_ACTION:
+                    msg = formatApproveMessage(trigger, auditLog);
+                    break;
+                case LOG_ACTION:
+                    return ; // Log actions don't show user messages
+                case ALERT_ACTION:
+                    msg = formatAlertMessage(trigger, auditLog);
+                    break;
+                default: {
+                    msg = auditLog.getCommand();
+                    break;
+                }
+            };
+
+            log.info("Sending terminal message to session {}: ",
+                msg);
+            out.write(msg.getBytes(StandardCharsets.UTF_8));
             out.flush();
 
+
+
         }
     }
+
+
+    private String formatDenyMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_RED).append(ANSI_BOLD).append("⚠ COMMAND BLOCKED ⚠").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_RED).append("Reason: ").append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_RED).append("This command has been blocked by security policy.").append(ANSI_RESET).append("\r\n");
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        private String formatWarnMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_YELLOW).append(ANSI_BOLD).append("⚠ WARNING ⚠").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_YELLOW).append("Warning: ").append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        private String formatPromptMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_BLUE).append(ANSI_BOLD).append("📝 PROMPT").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_BLUE).append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            if (!auditLog.getCommand().isEmpty()) {
+                sb.append(ANSI_BLUE).append(auditLog.getCommand()).append(" (y/n): ").append(ANSI_RESET);
+            }
+            return sb.toString();
+        }
+
+        private String formatJitMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_YELLOW).append(ANSI_BOLD).append("🔐 JUST-IN-TIME ACCESS").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_YELLOW).append("Reason: ").append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_YELLOW).append("Requesting access...").append(ANSI_RESET).append("\r\n");
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        private String formatRecordMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_GREEN).append(ANSI_BOLD).append("📹 RECORDING").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_GREEN).append("This session is being recorded for audit purposes.").append(ANSI_RESET).append("\r\n");
+            if (!trigger.getDescription().isEmpty()) {
+                sb.append(ANSI_GREEN).append("Reason: ").append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            }
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        private String formatPersistentMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_BLUE).append(ANSI_BOLD).append("💬 MESSAGE").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_BLUE).append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        private String formatApproveMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_GREEN).append(ANSI_BOLD).append("✅ APPROVED").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_GREEN).append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        private String formatAlertMessage(Session.Trigger trigger, Session.TerminalMessage auditLog) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("\r\n");
+            sb.append(ANSI_RED).append(ANSI_BOLD).append("🚨 ALERT").append(ANSI_RESET).append("\r\n");
+            sb.append(ANSI_RED).append(trigger.getDescription()).append(ANSI_RESET).append("\r\n");
+            sb.append("\r\n");
+            return sb.toString();
+        }
+
+        /**
+         * Sends a plain message to the terminal
+         */
+        public void sendMessage(String message, OutputStream out) throws IOException {
+            if (message != null && !message.isEmpty()) {
+                out.write(message.getBytes());
+                out.flush();
+            }
+        }
 }