SentriusLLC
diff --git a/‎.env‎
Lines changed: 2 additions & 2 deletions b/‎.env‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java‎
Lines changed: 2 additions & 4 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/services/ZeroTrustClientService.java‎
Lines changed: 22 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/services/ZeroTrustClientService.java‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎ai-agent/src/main/resources/application.properties‎
Lines changed: 1 addition & 1 deletion b/‎ai-agent/src/main/resources/application.properties‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/dynamic.properties‎
Lines changed: 3 additions & 1 deletion b/‎api/dynamic.properties‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎api/src/main/java/io/sentrius/sso/config/ApiPaths.java‎
Lines changed: 5 additions & 0 deletions b/‎api/src/main/java/io/sentrius/sso/config/ApiPaths.java‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎api/src/main/java/io/sentrius/sso/controllers/api/ATPLPolicyController.java‎
Lines changed: 62 additions & 0 deletions b/‎api/src/main/java/io/sentrius/sso/controllers/api/ATPLPolicyController.java‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java‎
Lines changed: 13 additions & 3 deletions b/‎api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎api/src/main/resources/application.properties‎
Lines changed: 0 additions & 1 deletion b/‎api/src/main/resources/application.properties‎
Lines changed: 0 additions & 1 deletion
@@ -1,5 +1,5 @@
-SENTRIUS_VERSION=1.1.27
+SENTRIUS_VERSION=1.1.35
 SENTRIUS_SSH_VERSION=1.1.1
 SENTRIUS_KEYCLOAK_VERSION=1.1.3
 SENTRIUS_AGENT_VERSION=1.1.1
-SENTRIUS_AI_AGENT_VERSION=1.1.7
+SENTRIUS_AI_AGENT_VERSION=1.1.11
@@ -42,6 +42,8 @@ analytics/target/**
 analytics/target/
 dataplane/target/**
 dataplane/target/
+openai-proxy/target/**
+openai-proxy/target/
 node/*
 node_modules/*
 api/node_modules/*
 
@@ -22,8 +22,6 @@ public class RegisteredAgent implements ApplicationListener<ApplicationReadyEven
     @Override
     public void onApplicationEvent(final ApplicationReadyEvent event) {
 
-
-
         // get username from token
         UserDTO user = UserDTO.builder()
             .username(zeroTrustClientService.getUsername())
@@ -35,8 +33,8 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
         log.info("Registering v1.0.2 agent...");
 
         // register
-        zeroTrustClientService.requestZtatToken(user, command);
-        log.info("Registered agent is running");
+        var register = zeroTrustClientService.registerAgent(user);
+        log.info("Registered agent is running {} ", register);
         return;
     }
 
 
@@ -33,6 +33,28 @@ public String getUsername() {
     }
 
 
+    /**
+     * Request a Zero Trust Access Token (ZTAT) using Keycloak JWT and `ZtatRequestDTO`
+     */
+    public String registerAgent(UserDTO user) {
+        String keycloakJwt = getKeycloakToken();
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_JSON);
+        headers.setBearerAuth(keycloakJwt);
+
+        HttpEntity<ZtatRequestDTO> requestEntity = new HttpEntity<>(headers);
+
+        String url = agentApiUrl + "/api/v1/agent/register";
+        ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, requestEntity, String.class);
+
+        if (response.getStatusCode() == HttpStatus.OK) {
+            return response.getBody(); // This is the ZTAT (JWT or opaque token)
+        } else {
+            throw new RuntimeException("Failed to obtain ZTAT: " + response.getStatusCode());
+        }
+    }
+
     /**
      * Request a Zero Trust Access Token (ZTAT) using Keycloak JWT and `ZtatRequestDTO`
      */
 
@@ -47,7 +47,7 @@ spring.servlet.multipart.max-request-size=10MB
 server.error.whitelabel.enabled=false
 
 
-
+server.port=8083
 keycloak.realm=sentrius
 keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
 spring.security.oauth2.client.registration.keycloak.client-id=java-agents
 
@@ -23,4 +23,6 @@ enableInternalAudit=true
 twopartyapproval.require.explanation.LOCKING_SYSTEMS=false
 canApproveOwnJITs=false
 allowUploadSystemConfiguration = true
-yamlConfigurationPath=/mnt/ExtraDrive/repos/Sentrius/docker/sentrius/demoInstaller.yml
+yamlConfigurationPath=/mnt/ExtraDrive/repos/Sentrius/docker/sentrius/demoInstaller.yml
+# defines the policy mapping for the java agents
+agents.trust.policy.mapping.1=java-agents:/mnt/ExtraDrive/repos/Sentrius/docker/sentrius/java-agents.yaml
@@ -0,0 +1,5 @@
+package io.sentrius.sso.config;
+
+public class ApiPaths {
+    public static final String API_V1 = "/api/v1";
+}
@@ -0,0 +1,62 @@
+package io.sentrius.sso.controllers.api;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import io.sentrius.sso.core.annotations.LimitAccess;
+import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
+import io.sentrius.sso.core.services.ATPLPolicyService;
+import io.sentrius.sso.core.model.ATPLPolicyEntity;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/v1/policies")
+@RequiredArgsConstructor
+@Slf4j
+public class ATPLPolicyController {
+
+    private final ATPLPolicyService policyService;
+    private final ObjectMapper yamlMapper = new ObjectMapper(new YAMLFactory());
+
+    @PostMapping(consumes = {"application/x-yaml", "application/yaml", "text/yaml", "application/json"})
+    public ResponseEntity<?> uploadPolicy(@RequestBody String rawPolicy) {
+        try {
+            ATPLPolicy policy = yamlMapper.readValue(rawPolicy, ATPLPolicy.class);
+
+            // Optional: Do deeper schema validation or approval here
+            if (policy.getPolicyId() == null || policy.getVersion() == null) {
+                return ResponseEntity.badRequest().body("Missing required fields: policy_id and version.");
+            }
+
+            policyService.savePolicy(policy);
+            return ResponseEntity.status(HttpStatus.CREATED).body("Policy uploaded successfully.");
+
+        } catch (Exception e) {
+            log.error("Invalid policy submission", e);
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+                .body("Invalid policy format: " + e.getMessage());
+        }
+    }
+
+    @GetMapping
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<List<ATPLPolicyEntity>> listPolicies() {
+        return ResponseEntity.ok(policyService.findAll());
+    }
+
+    @GetMapping("/{policyId}")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<?> getPolicy(@PathVariable String policyId) {
+        ATPLPolicy policy = policyService.getPolicy(policyId);
+        if (policy == null) {
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).body("Policy not found.");
+        }
+        return ResponseEntity.ok(policy);
+    }
+}
@@ -4,7 +4,9 @@
 import java.sql.SQLException;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 import java.util.stream.Collectors;
+import io.sentrius.sso.config.ApiPaths;
 import io.sentrius.sso.core.annotations.LimitAccess;
 import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.controllers.BaseController;
@@ -42,7 +44,7 @@
 
 @Slf4j
 @RestController
-@RequestMapping("/api/v1/agent")
+@RequestMapping(ApiPaths.API_V1 + "/agent")
 public class AgentApiController extends BaseController {
     private final AuditService auditService;
     final CryptoService cryptoService;
@@ -93,10 +95,18 @@ public ResponseEntity<?> requestRegistration(
         // Extract agent identity from the JWT
         String agentId = keycloakService.extractAgentId(compactJwt);
 
-        log.info("Received registration request from agent: {}", agentId);
+        if (null == operatingUser) {
+            log.warn("No operating user found for agent: {}", agentId);
+            var username = keycloakService.extractUsername(compactJwt);
+            operatingUser = userService.getUserWithDetails(username);
+
+        }
+
+        log.info("Received registration request from agent: {} {}", agentId, operatingUser);
         // Store the request in the database
         var ztatRequest = ztatService.createAgentRequest(agentId, "registration", "register",
-            ZeroTrustAccessTokenReason.builder().build(),   operatingUser);
+            ZeroTrustAccessTokenReason.builder().commandNeed("registration call").reasonIdentifier(UUID.randomUUID().toString()).build(),
+            operatingUser);
         ztatRequest = ztrService.addJITRequest(ztatRequest);
 
         // Approve the request if the agent has an active policy ( and it is known and allowed ).
 
@@ -76,6 +76,5 @@ spring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_BASE_URL:h
 
 management.endpoints.web.exposure.include=health
 management.endpoint.health.show-details=always
-
 ### change for production environments
 https.required=${HTTP_REQUIRED:true}