Fix issues with killing agents

Author: phrocker

agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java

@@ -4,7 +4,6 @@
 import io.sentrius.agent.launcher.service.PodLauncherService;
 import io.sentrius.sso.config.ApiPaths;
 import io.sentrius.sso.core.annotations.LimitAccess;
-import io.sentrius.sso.core.dto.AgentDTO;
 import io.sentrius.sso.core.dto.AgentRegistrationDTO;
 import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
 import io.sentrius.sso.core.services.security.KeycloakService;
@@ -13,10 +12,13 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @Slf4j
@@ -54,4 +56,15 @@ public ResponseEntity<?> createPod(
         return ResponseEntity.ok(Map.of("status", "success"));
     }
 
+    @GetMapping("/kill")
+    public ResponseEntity<String> deleteAgent(@RequestParam(name="agentId") String agentId) {
+        try {
+            podLauncherService.deleteAgentById(agentId);
+            return ResponseEntity.ok("Shutdown triggered");
+        } catch (Exception e) {
+            e.printStackTrace();
+            return ResponseEntity.status(500).body("Shutdown failed: " + e.getMessage());
+        }
+    }
+
 }

agent-launcher/src/main/java/io/sentrius/agent/launcher/service/LauncherSecurityConfig.java

@@ -1,28 +1,56 @@
 package io.sentrius.agent.launcher.service;
 
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource; // ← correct package
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource; // ← correct package
 
 @Configuration
 @EnableWebSecurity
+@Slf4j
 public class LauncherSecurityConfig {
 
+    @Value("${agent.api.url:http://localhost:8080}")
+    private String agentApiUrl;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+            .cors(Customizer.withDefaults()) // ✅ make sure this is here
             .authorizeHttpRequests(auth -> auth
                 .requestMatchers("/actuator/**").permitAll()
+                .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
                 .jwt(Customizer.withDefaults())
             )
-            .csrf(csrf -> csrf.disable()); // Compliant disable for CSRF
+            .csrf(csrf -> csrf.disable());
 
         return http.build();
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+
+        log.info("Configuring CORS for agent API URL: {}", agentApiUrl);
+        config.setAllowedOrigins(List.of(agentApiUrl)); // e.g., https://frontend.local
+        config.setAllowedMethods(List.of("GET", "POST", "OPTIONS", "DELETE", "PUT"));
+        config.setAllowedHeaders(List.of("*"));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
+    }
 }

agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java

@@ -13,6 +13,8 @@
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 @Slf4j
 @Service
@@ -32,6 +34,10 @@ public class PodLauncherService {
     @Value("${sentrius.agent.callback.format.url:http://sentrius-agent-%s.%s.svc.cluster.local:8090}")
     private String callbackFormatUrl;
 
+
+    Pattern pattern = Pattern.compile("^service-account-(.*?)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$");
+
+
     public PodLauncherService() throws IOException {
         ApiClient client = Config.defaultClient(); // in-cluster or kubeconfig
         this.coreV1Api = new CoreV1Api(client);
@@ -41,6 +47,74 @@ private String buildAgentCallbackUrl(String agentId) {
         return String.format(callbackFormatUrl, agentId, agentNamespace);
     }
 
+    public List<V1Pod> listAgentPods() throws Exception {
+        var response = coreV1Api.listNamespacedPod(
+            agentNamespace
+        );
+        return response.execute().getItems();
+    }
+
+    public void deleteAllAgentPods() throws Exception {
+        var pods = listAgentPods();
+        for (V1Pod pod : pods) {
+            String podName = pod.getMetadata().getName();
+            String agentId = pod.getMetadata().getLabels().get("agentId");
+
+            log.info("Deleting agent pod: {}", podName);
+            coreV1Api.deleteNamespacedPod(podName, agentNamespace).execute();
+
+            String serviceName = "sentrius-agent-" + agentId;
+            log.info("Deleting agent service: {}", serviceName);
+            try {
+                coreV1Api.deleteNamespacedService(serviceName, agentNamespace).execute();
+            } catch (Exception ex) {
+                log.warn("Could not delete service {}: {}", serviceName, ex.getMessage());
+            }
+        }
+    }
+
+    public void deleteAgentById(String agentId) throws Exception {
+        // Delete all pods with this agentId label
+        var pods = coreV1Api.listNamespacedPod(
+            agentNamespace
+        ).execute().getItems();
+
+        for (V1Pod pod : pods) {
+
+            var labels = pod.getMetadata().getLabels();
+            var podName = pod.getMetadata().getName();
+
+            Matcher matcher = pattern.matcher(agentId);
+
+            if (matcher.matches() && labels != null && labels.containsKey("agentId")) {
+                String name = matcher.group(1);
+
+                var value = labels.get("agentId");
+                if (value.equals(name)) {
+                    log.info("Deleting pod: {}", podName);
+                    coreV1Api.deleteNamespacedPod(podName, agentNamespace).execute();
+                    String serviceName = "sentrius-agent-" + agentId;
+                    log.info("Deleting service: {}", serviceName);
+                    try {
+                        coreV1Api.deleteNamespacedService(serviceName, agentNamespace).execute();
+                    } catch (Exception ex) {
+                        log.warn("Service not found or already deleted: {}", ex.getMessage());
+                    }
+                }else {
+                    log.info("Not Deleting pod: {}", podName);
+                }
+
+
+            } else {
+                log.info("Pod {} does not match agentId pattern or has no agentId label, skipping deletion", podName);
+            }
+
+
+        }
+
+
+    }
+
 
     public V1Pod launchAgentPod(String agentId, String callbackUrl) throws Exception {
         var myAgentRegistry = "";

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java

@@ -112,6 +112,27 @@ public TerminalResponse interpretUserData(
         } else {
             InputStream terminalHelperStream = getClass().getClassLoader().getResourceAsStream("terminal-helper.json");
             if (terminalHelperStream == null) {
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                 throw new RuntimeException("assessor-config.yaml not found on classpath");
 
             }

api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java

@@ -3,10 +3,12 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import com.google.common.collect.Maps;
 import io.sentrius.sso.config.ApiPaths;
 import io.sentrius.sso.config.AppConfig;
 import io.sentrius.sso.core.annotations.LimitAccess;
@@ -37,10 +39,12 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @Slf4j
@@ -172,6 +176,21 @@ public ResponseEntity<String> launchPod(
         return ResponseEntity.ok("{\"status\": \"success\"}");
     }
 
+    @PostMapping("/launcher/kill")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<String> deletePod(
+        @RequestParam(name="agentId") String agentName, HttpServletRequest request, HttpServletResponse response
+    ) throws GeneralSecurityException, IOException, ZtatException {
+
+
+        var operatingUser = getOperatingUser(request, response );
+
+        zeroTrustClientService.callAuthenticatedGetOnApi(appConfig.getSentriusLauncherService(),  "agent/launcher" +
+                "/kill", Maps.immutableEntry("agentId", List.of(agentName)) );
+        // bootstrap with a default policy
+        return ResponseEntity.ok("{\"status\": \"success\"}");
+    }
+
 
 
 

api/src/main/java/io/sentrius/sso/controllers/api/ChatApiController.java

@@ -88,6 +88,7 @@ public Map<String, String> getChatConfig() {
                 config.put("agentProxyWsUrl", wssUrl);
             }
         }
+        config.put("sentriusLauncherService", appConfig.getSentriusLauncherService());
         return config;
     }
 

api/src/main/resources/templates/sso/enclaves/list_servers.html

@@ -74,13 +74,12 @@
         <div id="chat-messages"></div>
         <input type="text" id="chat-input" placeholder="Type a message..." onkeydown="sendMessage(event)">
     </div>
+
     <div class="navbar navbar-dark fixed-top navbar-expand-md" role="navigation" xmlns:th="http://www.thymeleaf.org">
         <div class="container bg-dark px-3 py-2" >
             <!-- Brand Logo -->
-            <a class="navbar-brand" href="#" style="padding-left: 45px;">
-                <a href="/sso/v1/dashboard" class="nav-link">
-                    <img th:src="${systemOptions.systemLogoPathSmall}" alt="Logo" class="nav-img">
-                </a>
+            <a class="navbar-brand nav-link" href="/sso/v1/dashboard" style="padding-left: 45px;">
+                <img th:src="${systemOptions.systemLogoPathSmall}" alt="Logo" class="nav-img">
             </a>
 
             <!-- Toggler for Mobile -->
@@ -159,12 +158,20 @@ <h3>Available Agents</h3>
 </div>
 <script type="module" th:src="@{/js/add_system.js}" defer></script>
 <script type="module" th:src="@{/js/functions.js}"></script>
-<script>
+<script th:inline="javascript">
+
+    let config;
+    fetch("/api/v1/chat/config")
+        .then(r => r.json())
+        .then(data => {
+            config = data;
+            // proceed with code using config here
+        });
 
     function deleteServer(groupId,data) {
         // The API URL you want to call
-        var csrf = "[[${_csrf.token}]]"
-        let terminalsInNewTab = [[${systemOptions.terminalsInNewTab != null ? systemOptions.terminalsInNewTab : false}]];
+        var csrf = /*[[${_csrf.token}]]*/ "";
+        let terminalsInNewTab = /*[[${systemOptions.terminalsInNewTab != null ? systemOptions.terminalsInNewTab : false}]]*/ false;
         console.log("Data: ", data);
         const apiUrl = `/api/v1/enclaves/hosts/delete/${groupId}/${data}`;
 
@@ -197,9 +204,45 @@ <h3>Available Agents</h3>
             });
     }
 
-    function connectToServer(groupId,data) {
+    function deleteAgent(data) {
         // The API URL you want to call
-        let terminalsInNewTab = [[${systemOptions.terminalsInNewTab != null ? systemOptions.terminalsInNewTab : false}]];
+        var csrf = /*[[${_csrf.token}]]*/ "";
+        console.log("Data: ", data);
+        const apiUrl = `/api/v1/agent/bootstrap/launcher/kill?agentId=${data}`;
+
+        // Perform the API call
+        fetch(apiUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-CSRF-TOKEN': csrf // Include the CSRF token in the headers
+            }
+        })
+            .then(response => {
+                if (response.ok) {
+                    // Assuming the API returns a URL to redirect to
+                    return response.json();
+                } else {
+                    throw new Error('Failed to connect to server');
+                }
+            })
+            .then(data => {
+
+                $("#alertTopError").hide();
+                $("#alertTop").text("Agent Deleted").show().delay(3000).fadeOut();
+                $('#agent-table').DataTable().ajax.reload();
+            })
+            .catch(error => {
+                console.log(error);
+                $("#alertTop").hide();
+                $("#alertTopError").text("An unknown error occurred").show().delay(3000).fadeOut();
+            });
+    }
+
+    function connectToServer(groupId,data) {
+        // The API URL yo
+        // u want to call
+        let terminalsInNewTab = /*[[${systemOptions.terminalsInNewTab != null ? systemOptions.terminalsInNewTab : false}]]*/ false;
         console.log("Data: ", data);
         const apiUrl = `/api/v1/enclaves/hosts/connect/${groupId}/${data}`;
 
@@ -326,15 +369,13 @@ <h3>Available Agents</h3>
                 {
                     data: null,
                     render: function(data, type, row) {
-                        /*
-                        const groupId = row.group ? row.group.groupId : -1; // Access group.id
-                        const id = row.id;
-                        let
-                            ret=`<button class="btn btn-primary" onclick="connectToServer(${groupId}, ${id})">Disconnect</button> `;
+
+                        const id = row.agentName;
+                        let ret=``;
                         if (canDelete) {
-                            ret += `<button class="btn btn-primary" onclick="deleteServer(${groupId}, ${id})">Delete</button>`;
-                        }*/
-                        return "";
+                            ret += `<button class="btn btn-danger" onclick="deleteAgent('${id}')">Kill Agent</button>`;
+                        }
+                        return ret;
                     }
                 }