Merge pull request #63 from SentriusLLC/copilot/fix-62

Add JIRA proxy for agent integration and compliance automation

Author: phrocker

README.md

@@ -9,7 +9,7 @@ sub-projects:
     core – Handles the core functionalities (e.g., SSH session management, zero trust policy enforcement).
     api – Provides a RESTful API layer to interface with the core module.
     dataplane – Offers dataplane functionality for secure data transfer and processing.
-    llm-proxy – A proxy service that integrates with large language models (LLMs) to enhance security and compliance in SSH sessions.
+    integration-proxy – A proxy service that integrates with large language models (LLMs) to enhance security and compliance in SSH sessions.
     llm-dataplane – A data processing layer that leverages LLMs for advanced analysis and decision-making in SSH sessions.
     ops-scripts – Contains operational scripts for deployment and management tasks.
     ai-agent – Java-based intelligent agent framework for monitoring and controlling SSH sessions.

build-images.sh

@@ -74,7 +74,7 @@ update_sentrius_ssh=false
 update_sentrius_keycloak=false
 update_sentrius_agent=false
 update_sentrius_ai_agent=false
-update_llmproxy=false
+update_integrationproxy=false
 update_launcher=false
 
 while [[ "$#" -gt 0 ]]; do
@@ -85,8 +85,8 @@ while [[ "$#" -gt 0 ]]; do
         --sentrius-agent) update_sentrius_agent=true ;;
         --sentrius-ai-agent) update_sentrius_ai_agent=true ;;
         --sentrius-launcher-service) update_launcher=true ;;
-        --sentrius-llmproxy) update_llmproxy=true ;;
-        --all) update_sentrius=true; update_sentrius_ssh=true; update_sentrius_keycloak=true; update_sentrius_agent=true; update_sentrius_ai_agent=true; update_llmproxy=true; update_launcher=true ;;
+        --sentrius-integration-proxy) update_integrationproxy=true ;;
+        --all) update_sentrius=true; update_sentrius_ssh=true; update_sentrius_keycloak=true; update_sentrius_agent=true; update_sentrius_ai_agent=true; update_integrationproxy=true; update_launcher=true ;;
         --no-cache) NO_CACHE=true ;;
         *) echo "Unknown flag: $1"; exit 1 ;;
     esac
@@ -138,11 +138,11 @@ if $update_sentrius_ai_agent; then
     rm docker/sentrius-launchable-agent/agent.jar
 fi
 
-if $update_llmproxy; then
-    cp llm-proxy/target/sentrius-llm-proxy-*.jar docker/llmproxy/llmproxy.jar
+if $update_integrationproxy; then
+    cp integration-proxy/target/sentrius-integration-proxy-*.jar docker/integrationproxy/llmproxy.jar
     LLMPROXY_VERSION=$(increment_patch_version $LLMPROXY_VERSION)
-    build_image "sentrius-llmproxy" "$LLMPROXY_VERSION" "./docker/llmproxy"
-    rm docker/llmproxy/llmproxy.jar
+    build_image "sentrius-integration-proxy" "$LLMPROXY_VERSION" "./docker/integrationproxy"
+    rm docker/integrationproxy/llmproxy.jar
     update_env_var "LLMPROXY_VERSION" "$LLMPROXY_VERSION"
 fi
 

deprecated-build-images-local.sh

@@ -59,7 +59,7 @@ update_sentrius_ssh=false
 update_sentrius_keycloak=false
 update_sentrius_agent=false
 update_sentrius_ai_agent=false
-update_llmproxy=false
+update_integrationproxy=false
 no_cache=false  # Default: use cache
 
 
@@ -70,8 +70,8 @@ while [[ "$#" -gt 0 ]]; do
         --sentrius-keycloak) update_sentrius_keycloak=true ;;
         --sentrius-agent) update_sentrius_agent=true ;;
         --sentrius-ai-agent) update_sentrius_ai_agent=true ;;
-        --sentrius-llmproxy) update_llmproxy=true ;;
-        --all) update_sentrius=true; update_sentrius_ssh=true; update_sentrius_keycloak=true; update_sentrius_agent=true; update_sentrius_ai_agent=true; update_llmproxy=true ;;
+        --sentrius-integration-proxy) update_integrationproxy=true ;;
+        --all) update_sentrius=true; update_sentrius_ssh=true; update_sentrius_keycloak=true; update_sentrius_agent=true; update_sentrius_ai_agent=true; update_integrationproxy=true ;;
         --no-cache) no_cache=true ;;  # Set no_cache to true if the flag is passed
         *) echo "Unknown flag: $1"; exit 1 ;;
     esac
@@ -140,14 +140,14 @@ if $update_sentrius_ai_agent; then
     #minikube image load sentrius-ai-agent:latest
 fi
 
-if $update_llmproxy; then
-    cp llm-proxy/target/sentrius-llm-proxy-*.jar docker/llmproxy/llmproxy.jar
+if $update_integrationproxy; then
+    cp integration-proxy/target/sentrius-integration-proxy-*.jar docker/integrationproxy/llmproxy.jar
     LLMPROXY_VERSION=$(increment_patch_version $LLMPROXY_VERSION)
-    build_image "sentrius-llmproxy" "$LLMPROXY_VERSION" "./docker/llmproxy"
-    rm docker/llmproxy/llmproxy.jar
+    build_image "sentrius-integration-proxy" "$LLMPROXY_VERSION" "./docker/integrationproxy"
+    rm docker/integrationproxy/llmproxy.jar
     update_env_var "LLMPROXY_VERSION" "$LLMPROXY_VERSION"
     ## for local, replace minikube with docker
-    docker tag sentrius-llmproxy:$LLMPROXY_VERSION sentrius-llmproxy:latest
+    docker tag sentrius-integration-proxy:$LLMPROXY_VERSION sentrius-integration-proxy:latest
     echo "Loading image into minikube"
     #minikube image load sentrius-ai-agent:LLMPROXY_VERSION
     #minikube image load sentrius-ai-agent:latest

docker/llmproxy/Dockerfile docker/integrationproxy/Dockerfiledocker/llmproxy/Dockerfile renamed to docker/integrationproxy/Dockerfile

@@ -0,0 +1,163 @@
+# JIRA Proxy API Documentation
+
+The JIRA Proxy Controller provides a secure interface to interact with JIRA instances through the Sentrius platform. It mirrors key JIRA REST API endpoints while maintaining the platform's authentication and authorization mechanisms.
+
+## Overview
+
+The JIRA proxy is implemented in the `integration-proxy` module and provides authenticated access to JIRA functionality for agents and compliance tools. It follows the same security patterns as the existing OpenAI proxy.
+
+## Authentication
+
+All endpoints require:
+- Valid JWT token in the `Authorization` header (format: `Bearer <token>`)
+- User must have `CAN_LOG_IN` application access
+- At least one JIRA integration must be configured in the system
+
+## Endpoints
+
+### 1. Search Issues
+
+**GET** `/api/v1/jira/rest/api/3/search`
+
+Search for JIRA issues using JQL or simple text queries.
+
+**Parameters:**
+- `jql` (optional): JIRA Query Language string
+- `query` (optional): Simple text search query
+
+**Example:**
+```bash
+curl -X GET \
+  "https://your-instance/api/v1/jira/rest/api/3/search?query=bug" \
+  -H "Authorization: Bearer <jwt-token>"
+```
+
+**Response:** Array of TicketDTO objects containing issue information.
+
+### 2. Get Issue
+
+**GET** `/api/v1/jira/rest/api/3/issue/{issueKey}`
+
+Retrieve information about a specific JIRA issue.
+
+**Parameters:**
+- `issueKey` (path): JIRA issue key (e.g., "PROJECT-123")
+
+**Example:**
+```bash
+curl -X GET \
+  "https://your-instance/api/v1/jira/rest/api/3/issue/PROJECT-123" \
+  -H "Authorization: Bearer <jwt-token>"
+```
+
+**Response:** Issue status information.
+
+### 3. Add Comment
+
+**POST** `/api/v1/jira/rest/api/3/issue/{issueKey}/comment`
+
+Add a comment to a JIRA issue.
+
+**Parameters:**
+- `issueKey` (path): JIRA issue key
+- Request body: Comment object with `text` or `body` field
+
+**Example:**
+```bash
+curl -X POST \
+  "https://your-instance/api/v1/jira/rest/api/3/issue/PROJECT-123/comment" \
+  -H "Authorization: Bearer <jwt-token>" \
+  -H "Content-Type: application/json" \
+  -d '{"text": "This is a comment from the compliance agent"}'
+```
+
+**Response:** Success/failure message.
+
+### 4. Assign Issue
+
+**PUT** `/api/v1/jira/rest/api/3/issue/{issueKey}/assignee`
+
+Assign a JIRA issue to a user.
+
+**Parameters:**
+- `issueKey` (path): JIRA issue key
+- Request body: Assignee object with `accountId` field
+
+**Example:**
+```bash
+curl -X PUT \
+  "https://your-instance/api/v1/jira/rest/api/3/issue/PROJECT-123/assignee" \
+  -H "Authorization: Bearer <jwt-token>" \
+  -H "Content-Type: application/json" \
+  -d '{"accountId": "user-account-id"}'
+```
+
+**Response:** HTTP 204 (No Content) on success.
+
+## Configuration
+
+### JIRA Integration Setup
+
+Before using the proxy, ensure a JIRA integration is configured:
+
+1. Use the existing `/api/v1/integrations/jira/add` endpoint to add JIRA integration
+2. Provide required fields: `baseUrl`, `username`, `apiToken`
+
+### Security Model
+
+The proxy uses the existing security infrastructure:
+- JWT validation through Keycloak
+- User authentication via `BaseController.getOperatingUser()`
+- Access control through `@LimitAccess` annotations
+- OpenTelemetry tracing for monitoring
+
+## Implementation Details
+
+### Error Handling
+
+- **401 Unauthorized**: Invalid or missing JWT token
+- **404 Not Found**: No JIRA integration configured
+- **400 Bad Request**: Missing required parameters
+- **500 Internal Server Error**: JIRA operation failed
+
+### Integration Token Selection
+
+Currently, the proxy uses the first available JIRA integration found for the connection type "jira". In production environments, you may want to extend this to allow users to specify which integration to use.
+
+### Tracing
+
+All operations are traced using OpenTelemetry with the tracer name `io.sentrius.sso`. Trace spans include:
+- Operation type (search, get-issue, add-comment, assign-issue)
+- Query parameters
+- Result counts
+- Success/failure status
+
+## Future Enhancements
+
+1. **Multi-integration Support**: Allow specifying which JIRA instance to use
+2. **Enhanced JQL Support**: Full JQL query validation and optimization
+3. **Bulk Operations**: Support for bulk issue updates and assignments
+4. **Webhook Support**: Real-time notifications from JIRA
+5. **Custom Field Support**: Access to JIRA custom fields
+6. **Project-specific Operations**: Project creation, configuration management
+
+## Usage with Compliance Agents
+
+This proxy is designed to support compliance agents that need to:
+- Search for compliance-related issues
+- Create comments with compliance findings
+- Assign issues to appropriate team members
+- Track compliance status across JIRA projects
+
+Example agent workflow:
+1. Search for open compliance issues: `GET /api/v1/jira/rest/api/3/search?jql=project = COMPLIANCE AND status = Open`
+2. Add compliance assessment: `POST /api/v1/jira/rest/api/3/issue/COMPLIANCE-123/comment`
+3. Assign for remediation: `PUT /api/v1/jira/rest/api/3/issue/COMPLIANCE-123/assignee`
+
+## Testing
+
+Comprehensive test coverage is provided in `JiraProxyControllerTest.java`, including:
+- Authentication validation
+- Authorization checks
+- Error handling scenarios
+- Request/response validation

llm-proxy/Gruntfile.js integration-proxy/Gruntfile.jsllm-proxy/Gruntfile.js renamed to integration-proxy/Gruntfile.js

@@ -8,7 +8,7 @@
         <version>1.0.0-SNAPSHOT</version>
     </parent>
 
-    <artifactId>sentrius-llm-proxy</artifactId>
+    <artifactId>sentrius-integration-proxy</artifactId>
 
 
     <properties>