update

Author: phrocker

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/AsessmentListInterpreter.java

@@ -7,6 +7,7 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.agent.analysis.model.AssessedTerminal;
 import io.sentrius.agent.analysis.model.Assessment;
 import io.sentrius.sso.core.dto.HostSystemDTO;
 import io.sentrius.sso.core.model.verbs.ListInterpreter;
@@ -16,7 +17,7 @@
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
-public class AsessmentListInterpreter extends ListInterpreter<Assessment> implements OutputInterpreterIfc {
+public class AsessmentListInterpreter extends ListInterpreter<AssessedTerminal> implements OutputInterpreterIfc {
 
     @Override
     public Map<String, Object> interpret(VerbResponse input) throws Exception {
@@ -25,38 +26,18 @@ public Map<String, Object> interpret(VerbResponse input) throws Exception {
         Map<String,Object> responseMap = new HashMap<>();
         responseMap.put("verb.response.type", "list");
         responseMap.put("verb.response.map.key", "assessments");
-        responseMap.put("verb.response.map.type", Assessment.class.getCanonicalName());
+        responseMap.put("verb.response.map.type", AssessedTerminal.class.getCanonicalName());
 
         if (input.getResponse() instanceof List<?> list) {
             log.info("AssessmentListInterpreter: interpret() called with input list");
-            if (list.isEmpty() || list.get(0) instanceof Assessment) {
+            if (list.isEmpty() || list.get(0) instanceof AssessedTerminal) {
 
                 responseMap.put("assessments", list);
             } else {
                 throw new IllegalArgumentException("Input response is not a List of Assessment objects");
             }
         } else {
-
-            var str = input.getResponse().toString();
-            log.info("AssessmentListInterpreter: interpret() called with input string {} " ,str);
-            ArrayNode node = (ArrayNode) JsonUtil.MAPPER.readTree(str);
-            if (node == null) {
-                throw new IllegalArgumentException("Input response is not a valid JSON array");
-            }
-            List<Assessment> list = new ArrayList<>();
-            for (int i = 0; i < node.size(); i++) {
-                var item = node.get(i);
-                if (item.has("sessionId") && item.has("risk") && item.has("description")) {
-                    Assessment hostSystemDTO = new Assessment();
-                    hostSystemDTO.setSessionId(item.get("sessionId").asText());
-                    hostSystemDTO.setDescription(item.get("description").asText());
-                    hostSystemDTO.setRisk(item.get("risk").asText());
-                    list.add(hostSystemDTO);
-                } else {
-                    throw new IllegalArgumentException("Input response does not contain required fields");
-                }
-            }
-            responseMap.put("assessments",list);
+                throw new IllegalArgumentException("Input response does not contain required fields");
         }
 
         return responseMap;

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java

@@ -13,6 +13,7 @@
 import io.sentrius.agent.analysis.agents.interpreters.ObjectListInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.TerminalListInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.TerminalOutputInterpreter;
+import io.sentrius.agent.analysis.model.AssessedTerminal;
 import io.sentrius.agent.analysis.model.Assessment;
 import io.sentrius.sso.core.dto.HostSystemDTO;
 import io.sentrius.sso.core.dto.ztat.AgentExecution;
@@ -110,12 +111,12 @@ public List<ObjectNode> fetchTerminalOutput(TokenDTO token, List<HostSystemDTO>
         " Requires sessionId, risk, and description in a json object.",
         requiresTokenManagement = true,
         outputInterpreter = TerminalOutputInterpreter.class, inputInterpreter = AsessmentListInterpreter.class)
-    public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution execution, List<Assessment> dtos)
+    public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution execution, List<AssessedTerminal> dtos)
         throws ZtatException, IOException {
         try {
             List<ObjectNode> responses = new ArrayList<>();
             log.info("Terminal list response: {}", dtos);
-            for (Assessment dto : dtos) {
+            for (AssessedTerminal dto : dtos) {
 
                 // submit the kill
                 if (dto != null){
@@ -126,8 +127,8 @@ public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution
                 }
 
 
-                    var risk =dto.getRisk();
-                    var description = dto.getDescription();
+                    var risk =dto.getAssessment().getRisk();
+                    var description = dto.getAssessment().getDescription();
                     if (null != risk && null != description) {
                         switch(risk) {
                             case "low":
@@ -136,13 +137,13 @@ public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution
                             case "medium":
                             case "high":
                                 // kill the session
-                                log.info("Killing terminal session: {}", dto.getSessionId());
+                                log.info("Killing terminal session: {}", dto.getAssessment().getSessionId());
                                 break;
                             default:
                                 throw new RuntimeException("Unknown risk level: " + risk);
                         }
                         try {
-                            var sessionId = URLEncoder.encode(dto.getSessionId(), StandardCharsets.UTF_8);
+                            var sessionId = URLEncoder.encode(dto.getAssessment().getSessionId(), StandardCharsets.UTF_8);
                             var response = zeroTrustClientService.callPutOnApi(
                                 execution, "/ssh/terminal/kill",
                                 Maps.immutableEntry("sessionId", List.of(sessionId))
@@ -151,7 +152,7 @@ public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution
                                 // Successfully retrieved logs
                                 log.info("Terminal output response: {}", response);
                                 var obj = JsonUtil.MAPPER.createObjectNode();
-                                obj.put("id", dto.getSessionId());
+                                obj.put("id", dto.getAssessment().getSessionId());
                                 obj.put("terminalOutput", response);
                                 responses.add(obj);
                             }
@@ -166,13 +167,19 @@ public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution
                                 .justification(description)
                                 .summary("Kill a Terminal session because it is high risk")
                                 .build();
-                            log.info("Obtaining approval. Justification: {}", description);
+                            log.info("Obtaining approval. Justification: {} {}", description, ztatRequestDTO);
                             var request = zeroTrustClientService.requestZtatToken(execution, execution.getUser()
                                 ,ztatRequestDTO);
 
                             ztatRequestDTO.setRequestId(request);
 
-                            agentVerbs.justifyAgent(execution, ztatRequestDTO, dto.getDescription());
+                            var token = agentVerbs.justifyAgent(execution, ztatRequestDTO, dto);
+                            execution.setZtatToken(token);
+                            var sessionId = URLEncoder.encode(dto.getAssessment().getSessionId(), StandardCharsets.UTF_8);
+                            var response = zeroTrustClientService.callPutOnApi(
+                                execution, "/ssh/terminal/kill",
+                                Maps.immutableEntry("sessionId", List.of(sessionId))
+                            );
                         }
                     }
 

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/TerminalVerbs.java

@@ -0,0 +1,20 @@
+package io.sentrius.agent.analysis.model;
+
+import java.util.List;
+import io.sentrius.sso.genai.Message;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+public class AssessedTerminal {
+    Assessment assessment;
+    List<Message> messages;
+
+}

ai-agent/src/main/java/io/sentrius/agent/analysis/model/AssessedTerminal.java

@@ -14,6 +14,6 @@
 public class ZtatAsessment {
     String requestId;
     boolean approved;
-    String questionToUser;
+    String questionToAgent;
 
 }

ai-agent/src/main/java/io/sentrius/agent/analysis/model/ZtatAsessment.java

@@ -0,0 +1,18 @@
+package io.sentrius.agent.analysis.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+public class ZtatResponse {
+    String requestId;
+    String justificationToAgent;
+
+}

ai-agent/src/main/java/io/sentrius/agent/analysis/model/ZtatResponse.java

@@ -1,7 +1,5 @@
-[
-  {
-    "requestId": "<id>",
-    "approved": "<true|false>",
-    "questionToUser": "<question to the agent>"
-  }
-]
+{
+  "requestId": "<id>",
+  "approved": "<true|false>",
+  "questionToAgent": "<question to the agent>"
+}

ai-agent/src/main/resources/assess-ztat.json

@@ -1,7 +1,8 @@
 description: "Agent that challenges other agents on Access token requests."
 context: |
-  Access tokens are used to authenticate and authorize users to access resources and perform operations. Your job
-  is to challenge other agents on their access token requests. You should ask them to provide a justification for the
-  task they are doing and apply pushback if it doesn't make sense through the function calls that interact with
-  the agents. Get the ztat requests from the api server and then create questions for the agents, if any.
-
+  Access tokens are used to authenticate and authorize users to access resources and perform operations. 
+  List the ztat requests from the api server and then create questions for the agents, if any. Another agent
+  is responsible for listing open terminal sessions, you only get the ztat requests and assess their justification.
+  You will be provided the messages from the agent that lists terminal output in the role of "user". You cannot 
+  communicate with the user, you can only ask questions of the agent requesting the action. Do not request to access 
+  terminal data directly as you don't have access.

ai-agent/src/main/resources/challenger-config.yaml

@@ -0,0 +1,6 @@
+[
+  {
+    "requestId": "<id>",
+    "justificationToAgent": "<Justification for why your operation should be approved, responding to the question asked by the agent>",
+  }
+]

ai-agent/src/main/resources/respond-ztat.json

@@ -50,7 +50,9 @@ public ResponseEntity<String> handleAllExceptions(Throwable ex, RedirectAttribut
                 return ResponseEntity.status(428).body(responseStatusException.getReason());
             }
         }
-
+        ex.printStackTrace();
+        log.info("ahhasldigjudaslkgj {}", ex.getMessage());
+        log.error("asldkjgadlskgj " + ex.getCause(), ex);
         String message = "Received Error Message: " + ex.getCause();
         ErrorOutput errorOutput = ErrorOutput.builder()
                 .errorType(ex.getClass().getName())
@@ -64,8 +66,7 @@ public ResponseEntity<String> handleAllExceptions(Throwable ex, RedirectAttribut
         // Add messageId as a redirect attribute
         redirectAttributes.addAttribute("errorId", MessagingUtil.getMessageId(MessagingUtil.UNEXPECTED_ERROR));
 
-        ex.printStackTrace();
-        log.info("ahhasldigjudaslkgj {}", ex.getMessage());
+
         // Redirect to "/mydashboard" with the messageId parameter
         URI redirectUri = URI.create("/sso/v1/dashboard?errorId=" + MessagingUtil.getMessageId(MessagingUtil.UNEXPECTED_ERROR));
         return ResponseEntity.status(HttpStatus.FOUND).location(redirectUri).build();