SentriusLLC
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java‎
Lines changed: 1 addition & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/TerminalVerbs.java‎
Lines changed: 62 additions & 2 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/TerminalVerbs.java‎
Lines changed: 62 additions & 2 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/AgentController.java‎
Lines changed: 2 additions & 1 deletion b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/AgentController.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/UserCommunicator.java‎
Lines changed: 50 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/UserCommunicator.java‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/model/UserCommunication.java‎
Lines changed: 23 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/model/UserCommunication.java‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/config/AgentKeycloakUserSyncFilter.java‎
Lines changed: 42 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/config/AgentKeycloakUserSyncFilter.java‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/config/GlobalExceptionHandler.java‎
Lines changed: 58 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/config/GlobalExceptionHandler.java‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/config/SecurityConfig.java‎
Lines changed: 93 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/config/SecurityConfig.java‎
Lines changed: 93 additions & 0 deletions
@@ -44,6 +44,8 @@ dataplane/target/**
 dataplane/target/
 llm-proxy/target/**
 llm-proxy/target/
+llm-dataplane/target/**
+llm-dataplane/target/
 node/*
 node_modules/*
 api/node_modules/*
 
@@ -48,6 +48,7 @@ public class AgentVerbs {
     final VerbRegistry verbRegistry;
     final AgentClientService agentClientService;
 
+
     @Value("${agent.ai.config}")
     private String agentConfigFile;
 
 
@@ -99,9 +99,10 @@ public List<ObjectNode> fetchTerminalOutput(TokenDTO token, List<HostSystemDTO>
         }
     }
 
-    @Verb(name = "kill_session", description = "Kills a terminal session.", requiresTokenManagement = true,
+    @Verb(name = "kill_session_with_assessment", description = "Kills a terminal session using a terminal assessment.",
+        requiresTokenManagement = true,
         outputInterpreter = TerminalOutputInterpreter.class, inputInterpreter = ObjectListInterpreter.class)
-    public List<ObjectNode> killTerminalSession(AgentExecution execution, List<Object> dtos) {
+    public List<ObjectNode> killTerminalSessionWithTerminalAssessment(AgentExecution execution, List<Object> dtos) {
         try {
             List<ObjectNode> responses = new ArrayList<>();
             log.info("Terminal list response: {}", dtos);
@@ -154,4 +155,63 @@ public List<ObjectNode> killTerminalSession(AgentExecution execution, List<Objec
             throw new RuntimeException("Failed to retrieve terminal list", e);
         }
     }
+
+    @Verb(name = "kill_session_id" , description = "Kills a terminal session by session id.",
+        requiresTokenManagement = true,
+        outputInterpreter = TerminalOutputInterpreter.class, inputInterpreter = ObjectListInterpreter.class)
+    public List<ObjectNode> killTerminalBySessionId(AgentExecution execution, List<Object> dtos) {
+        try {
+            List<ObjectNode> responses = new ArrayList<>();
+            log.info("Terminal list response: {}", dtos);
+            for (Object dto : dtos) {
+                // submit the kill
+                ObjectNode node = JsonUtil.MAPPER.readValue(dto.toString(), ObjectNode.class);
+                ArrayNode assessments = node.get("assessments").deepCopy();
+                for(int i = 0; i < assessments.size(); i++) {
+                    var assessment = assessments.get(i);
+                    var risk = assessment.get("risk");
+                    var description = assessment.get("description");
+                    if (null != risk && null != description) {
+                        switch(risk.asText()) {
+                            case "low":
+                                // skip and do nothing
+                                continue;
+                            case "medium":
+                            case "high":
+                                // kill the session
+                                log.info("Killing terminal session: {}", assessment.get("sessionId").asText());
+                                break;
+                            default:
+                                throw new RuntimeException("Unknown risk level: " + risk.asText());
+                        }
+                        try {
+                            var response = zeroTrustClientService.callGetOnApi(
+                                execution, "/ssh/terminal/kill",
+                                Maps.immutableEntry("sessionId", List.of(assessment.get("sessionId").asText()))
+                            );
+                            if (response != null) {
+                                // Successfully retrieved logs
+                                log.info("Terminal output response: {}", response);
+                                var obj = JsonUtil.MAPPER.createObjectNode();
+                                obj.put("id", assessment.get("hostConnection").asText());
+                                obj.put("terminalOutput", response);
+                                responses.add(obj);
+                            }
+                        }catch (ZtatException e) {
+                            var ztatRequest = e.getZtatRequestId();
+                            agentVerbs.justifyAgent(execution, ztatRequest, description.asText());
+                        }
+                    }
+                }
+
+                log.info("Terminal output response: {}", dto);
+
+            }
+            return responses;
+        } catch (Exception | ZtatException e) {
+            throw new RuntimeException("Failed to retrieve terminal list", e);
+        }
+    }
+
+
 }
@@ -18,7 +18,7 @@ public class AgentController {
 
     KeycloakService keycloakService;
 
-    @GetMapping("/status")
+    @GetMapping("/ping")
     public ResponseEntity<AgentStatus> getStatus() {
         String hostName = "unknown";
         try {
@@ -43,6 +43,7 @@ public ResponseEntity<AgentStatus> getStatus() {
             .freeMemory(runtime.freeMemory())
             .build();
 
+        log.info("Ping status: {}", status);
         return ResponseEntity.ok(status);
     }
 
 
@@ -0,0 +1,50 @@
+package io.sentrius.agent.analysis.api;
+
+import java.lang.management.ManagementFactory;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import io.sentrius.sso.core.model.AgentStatus;
+import io.sentrius.sso.core.services.security.KeycloakService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/agent/communicator")
+public class UserCommunicator {
+
+    KeycloakService keycloakService;
+
+    @GetMapping("/ping")
+    public ResponseEntity<AgentStatus> getStatus() {
+        String hostName = "unknown";
+        try {
+            hostName = InetAddress.getLocalHost().getHostName();
+        } catch (UnknownHostException e) {
+            log.warn("Unable to resolve hostname", e);
+        }
+
+        long uptimeMillis = ManagementFactory.getRuntimeMXBean().getUptime();
+        Runtime runtime = Runtime.getRuntime();
+
+        AgentStatus status = AgentStatus.builder()
+            .status("UP")
+            .version("1.0.0")
+            .health("OK")
+            .osName(System.getProperty("os.name"))
+            .osArch(System.getProperty("os.arch"))
+            .osVersion(System.getProperty("os.version"))
+            .hostName(hostName)
+            .uptimeMillis(uptimeMillis)
+            .totalMemory(runtime.totalMemory())
+            .freeMemory(runtime.freeMemory())
+            .build();
+
+        log.info("Ping status: {}", status);
+        return ResponseEntity.ok(status);
+    }
+
+}
@@ -0,0 +1,23 @@
+package io.sentrius.agent.analysis.model;
+
+import java.util.ArrayList;
+import java.util.List;
+import io.sentrius.sso.genai.Message;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserCommunication {
+    @Builder.Default
+    List<Message> conversations = new ArrayList<>();
+
+    String currentMessage;
+
+}
@@ -0,0 +1,42 @@
+package io.sentrius.agent.config;
+
+import java.io.IOException;
+import io.sentrius.sso.core.services.security.KeycloakService;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+public class AgentKeycloakUserSyncFilter implements Filter {
+
+    private final KeycloakService keycloakService;
+
+    public AgentKeycloakUserSyncFilter(KeycloakService keycloakService) {
+        this.keycloakService = keycloakService;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication instanceof KeycloakAuthenticationToken) {
+            KeycloakAuthenticationToken keycloakAuth = (KeycloakAuthenticationToken) authentication;
+            String userId = keycloakAuth.getAccount().getKeycloakSecurityContext().getToken().getSubject();
+            log.info("Syncing user attributes for user: {}", userId);
+
+
+        }
+
+        chain.doFilter(request, response);
+    }
+}
@@ -0,0 +1,58 @@
+package io.sentrius.agent.config;
+
+import java.util.HashMap;
+import java.util.Map;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.sso.core.utils.JsonUtil;
+import io.sentrius.sso.core.utils.ZTATUtils;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.server.ResponseStatusException;
+
+@ControllerAdvice
+@RequiredArgsConstructor
+public class GlobalExceptionHandler {
+
+
+    public static String createErrorHash(StackTraceElement[] trace, String t) {
+        StringBuilder sb = new StringBuilder();
+        for (StackTraceElement element : trace) {
+            sb.append(element.toString());
+        }
+        sb.append(t);
+        return ZTATUtils.getCommandHash(sb.toString());
+    }
+
+    @ExceptionHandler(Throwable.class)
+    public ResponseEntity<Object> handleAllExceptions(Throwable ex) {
+        ex.printStackTrace();
+
+        if (ex instanceof ResponseStatusException rse) {
+            HttpStatus status = (HttpStatus) rse.getStatusCode();
+            Map<String, Object> error = new HashMap<>();
+            error.put("status", status.value());
+            error.put("error", status.getReasonPhrase());
+            try{
+
+                ObjectNode node = (ObjectNode) JsonUtil.MAPPER.readTree(rse.getReason());
+                error.put("message", node);
+            }catch(Exception e){
+                error.put("message", rse.getReason());
+            }
+
+            return new ResponseEntity<>(error, status);
+        }
+
+        // Default fallback
+        Map<String, Object> fallback = new HashMap<>();
+        fallback.put("status", 500);
+        fallback.put("error", "Internal Server Error");
+        fallback.put("message", ex.getMessage());
+        return new ResponseEntity<>(fallback, HttpStatus.INTERNAL_SERVER_ERROR);
+    }
+
+
+}
@@ -0,0 +1,93 @@
+package io.sentrius.agent.config;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+
+@Slf4j
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+
+    @Value("${https.required:false}") // Default is false
+    private boolean httpsRequired;
+
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        http
+            .authorizeHttpRequests(auth -> auth.
+                requestMatchers("/actuator/**").permitAll() // Public endpoints
+                .requestMatchers("/**").fullyAuthenticated())
+            .oauth2ResourceServer(oauth2 -> oauth2
+                .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverterForKeycloak()))
+            )
+            .oauth2Login(oauth2 -> oauth2
+                .loginPage("/oauth2/authorization/keycloak")
+                .successHandler(new SimpleUrlAuthenticationSuccessHandler())
+            )
+            .cors(Customizer.withDefaults());
+
+        if (httpsRequired) {
+            http.requiresChannel(channel -> channel
+                .requestMatchers("/actuator/**").requiresInsecure() // Allow HTTP for Actuator
+                .anyRequest().requiresSecure() // Force HTTPS for all other requests
+            );
+        }
+
+
+        return http.build();
+    }
+
+    @Bean
+    public JwtAuthenticationConverter jwtAuthenticationConverterForKeycloak() {
+        JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
+        log.info("**** Initializing JwtAuthenticationConverter");
+
+        converter.setJwtGrantedAuthoritiesConverter(jwt -> {
+            log.info("**** Jwt Authentication Converter invoked");
+            Collection<GrantedAuthority> authorities = new JwtGrantedAuthoritiesConverter().convert(jwt);
+            log.info("JWT Claims: {}", jwt.getClaims());
+
+            String userId = jwt.getClaimAsString("sub");
+            String username = jwt.getClaimAsString("preferred_username");
+            String email = jwt.getClaimAsString("email");
+
+            log.info("Extracted User Info: userId={}, username={}, email={}", userId, username, email);
+
+
+            return authorities;
+        });
+
+        return converter;
+    }
+
+
+    private List<String> getRoles(Jwt jwt) {
+        return Optional.ofNullable(jwt.getClaimAsMap("resource_access"))
+            .map(resourceAccess -> (Map<String, Object>) resourceAccess.get("sentrius-api"))
+            .map(client -> (List<String>) ((Map<String, Object>) client).get("roles"))
+            .orElse(Collections.emptyList());
+    }
+
+}