commit

Author: phrocker

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java

@@ -1,14 +1,13 @@
 package io.sentrius.agent.analysis.agents.agents;
 
 import java.io.IOException;
-import java.util.List;
-import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import com.fasterxml.jackson.core.JsonProcessingException;
-import io.jsonwebtoken.lang.Maps;
+import com.fasterxml.jackson.databind.node.ArrayNode;
 import io.sentrius.agent.analysis.agents.verbs.AgentVerbs;
+import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.model.security.Ztat;
-import io.sentrius.sso.core.services.agents.LLMService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.core.dto.UserDTO;
 import io.sentrius.sso.core.utils.JsonUtil;
@@ -18,6 +17,7 @@
 import org.springframework.boot.context.event.ApplicationReadyEvent;
 import org.springframework.context.ApplicationListener;
 import org.springframework.stereotype.Component;
+import org.springframework.web.client.HttpClientErrorException;
 
 @Slf4j
 @Component
@@ -33,6 +33,33 @@ public class RegisteredAgent implements ApplicationListener<ApplicationReadyEven
 
 
 
+    public ArrayNode promptAgent(UserDTO user) {
+        ArrayNode response = null;
+        while(null== response || response.isEmpty()){
+            try {
+                log.info("Prompting agent...");
+                response = agentVerbs.promptAgent(null);
+                return response;
+            } catch (ZtatException e) {
+                log.info("Mechanisms {}" , e.getMechanisms());
+                var endpoint = zeroTrustClientService.createEndPoingRequest("prompt_agent", e.getEndpoint());
+                ZtatRequestDTO ztatRequestDTO = ZtatRequestDTO.builder()
+                    .user(user)
+                    .command(endpoint.toString())
+                    .justification("Registered Agent requires ability to prompt LLM endpoints to begin operations")
+                    .summary("Registered Agent requires ability to prompt LLM endpoints to begin operations")
+                    .build();
+                var request = zeroTrustClientService.requestZtatToken(user,ztatRequestDTO);
+
+                var token = zeroTrustClientService.awaitZtatToken(user, request, 60, TimeUnit.MINUTES);
+                zeroTrustClientService.setZtat(token);
+            } catch (Exception e) {
+                e.printStackTrace();
+                throw new RuntimeException(e);
+            }
+        }
+        return response;
+    }
 
 
     @Override
@@ -58,28 +85,35 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
             log.info("Registering v1.0.2 agent...");
 
             // register
+
             var register = zeroTrustClientService.registerAgent(user);
             log.info("Registered agent is running {} ", register);
 
             var ztat = JsonUtil.MAPPER.readValue(register, Ztat.class);
 
-            zeroTrustClientService.setZtat(ztat.getZtatToken());
             //while(true){
-
+            // get ztat token
                 try {
 
+
+
+                    zeroTrustClientService.setZtat(ztat.getZtatToken());
+
                     // this phase is called "prompting"
-                    var response = agentVerbs.promptAgent(null);
+                    var response = promptAgent(user);
+                    for(var node : response){
+                        if (node.get("verb") != null){
+                            var verb =  node.get("verb").asText();
+                            log.info("executing verb is {}", verb);
+                            verbRegistry.execute(verb, null);
+                        }
+                        log.info("node {}", node);
+                    }
                     log.info("got " + response);
-                } catch (ZtatException e) {
-                    e.printStackTrace();
-                    //zeroTrustClientService.requestZtatToken()
-                    // we have been requested to get a ztat
-                } catch (JsonProcessingException e) {
-                    throw new RuntimeException(e);
-                } catch (IOException e) {
-                    throw new RuntimeException(e);
+                } catch (HttpClientErrorException e){
+                    log.info("oh boy");
                 }
+
             // execute command
 //                var result = verbRegistry.execute(command, null);
                 //log.info("Command executed: {}", result);
@@ -92,6 +126,8 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
 
         } catch (InterruptedException | JsonProcessingException e) {
             throw new RuntimeException(e);
+        } catch (ZtatException e) {
+            throw new RuntimeException(e);
         }
     }
 

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java

@@ -6,7 +6,9 @@
 import java.util.List;
 import java.util.Map;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import io.sentrius.agent.analysis.agents.agents.AgentConfig;
 import io.sentrius.agent.analysis.agents.agents.PromptBuilder;
@@ -15,7 +17,9 @@
 import io.sentrius.sso.core.model.verbs.Verb;
 import io.sentrius.sso.core.services.agents.LLMService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
+import io.sentrius.sso.core.utils.JsonUtil;
 import io.sentrius.sso.genai.Message;
+import io.sentrius.sso.genai.Response;
 import io.sentrius.sso.genai.model.ChatRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
@@ -47,7 +51,7 @@ public AgentVerbs(ZeroTrustClientService zeroTrustClientService, LLMService llmS
 
 
     @Verb(name = "prompt_agent", description = "Prompts for agent workload.", isAiCallable = false)
-    public String promptAgent(Map<String, Object> args) throws ZtatException, IOException {
+    public ArrayNode promptAgent(Map<String, Object> args) throws ZtatException, IOException {
         InputStream is = getClass().getClassLoader().getResourceAsStream("agent-config.yaml");
         if (is == null) {
             throw new RuntimeException("agent-config.yaml not found on classpath");
@@ -62,8 +66,24 @@ public String promptAgent(Map<String, Object> args) throws ZtatException, IOExce
             messages.add(Message.builder().role("system").content(prompt).build());
 
             ChatRequest chatRequest = ChatRequest.builder().model("gpt-3.5-turbo").messages(messages).build();
-
-            return llmService.askQuestion(chatRequest);
+            var resp = llmService.askQuestion(chatRequest);
+            Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
+            log.info("Response is {}", resp);
+            for (Response.Choice choice : response.getChoices()) {
+                var content = choice.getMessage().getContent();
+                log.info("content is {}", content);
+                if (null != content && !content.isEmpty()){
+                    JsonNode node = JsonUtil.MAPPER.readTree(content);
+                    log.info("Node is {}", node);
+                    if (node.get("plan") != null){
+                        ArrayNode plan = (ArrayNode) node.get("plan");
+                        log.info("Plan is {}", plan);
+                        return plan;
+                    }
+                }
+            }
+            log.info("ahhh");
+            return JsonUtil.MAPPER.createArrayNode();
     }
 
     @Verb(name = "justify_operations", description = "Chats with an agent to justify operations.", isAiCallable = false)

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/TerminalVerbs.java

@@ -4,8 +4,10 @@
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.core.model.verbs.Verb;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
+@Slf4j
 @Service
 public class TerminalVerbs {
 
@@ -34,6 +36,7 @@ public String listTerminals(Map<String, Object> args) {
         try {
 
             var response = zeroTrustClientService.callGetOnApi("/ssh/terminal/list");
+            log.info("Terminal list response: {}", response);
 /*
             URL url = new URL(apiUrl);
             HttpURLConnection conn = (HttpURLConnection) url.openConnection();

ai-agent/src/main/resources/application.properties

@@ -66,3 +66,11 @@ server.port=8083
 agent.api.url=http://localhost:8080/
 agent.open.ai.endpoint=http://localhost:8084/
 agent.ai.config=agent-config.yaml
+otel.exporter.otlp.endpoint=${OTEL_EXPORTER_OTLP_ENDPOINT:http://home.guard.local:4317}
+otel.traces.exporter=otlp
+otel.exporter.otlp.protocol=grpc
+otel.metrics.exporter=none
+otel.logs.exporter=none
+otel.resource.attributes="service.name=ai-agent"
+otel.traces.sampler=always_on
+otel.exporter.otlp.timeout=10s

api/src/main/java/io/sentrius/sso/config/GlobalExceptionHandler.java

@@ -5,10 +5,12 @@
 import io.sentrius.sso.core.utils.MessagingUtil;
 import io.sentrius.sso.core.utils.ZTATUtils;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
+@Slf4j
 @ControllerAdvice
 @RequiredArgsConstructor
 public class GlobalExceptionHandler {
@@ -42,6 +44,8 @@ public String handleAllExceptions(Throwable ex, RedirectAttributes redirectAttri
         // Add messageId as a redirect attribute
         redirectAttributes.addAttribute("errorId", MessagingUtil.getMessageId(MessagingUtil.UNEXPECTED_ERROR));
 
+        ex.printStackTrace();
+        log.info("ahhasldigjudaslkgj");
         // Redirect to "/mydashboard" with the messageId parameter
         return "redirect:/sso/v1/dashboard";
     }

api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java

@@ -155,11 +155,9 @@ public ResponseEntity<ObjectNode> deleteServer(HttpServletRequest request, HttpS
         // operating user
         var user = getOperatingUser(request, response);
 
-        var hostSystem = hostGroupService.getHostSystem(hostId);
-
-        hostGroupService.deleteHostSystem(user, hostSystem.get());
+        hostGroupService.deleteHostSystem(user, hostId);
 
-        node.put("deletedSystemId", hostSystem.get().getId());
+        node.put("deletedSystemId", hostId);
 
         return ResponseEntity.ok(node);
     }

api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java

@@ -4,11 +4,14 @@
 import java.sql.SQLException;
 import java.util.List;
 import java.util.Map;
+import io.sentrius.sso.core.annotations.LimitAccess;
 import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.controllers.BaseController;
 import io.sentrius.sso.core.dto.JITTrackerDTO;
 import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
+import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
 import io.sentrius.sso.core.model.users.User;
+import io.sentrius.sso.core.model.zt.ZeroTrustAccessTokenReason;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.NotificationService;
 import io.sentrius.sso.core.services.UserService;
@@ -110,7 +113,7 @@ private void manageTerminalZtAt(User operatingUser, Long ztatId, String status)
     @PostMapping("/request")
     public ResponseEntity<?> requestZtat(
         @RequestHeader("Authorization") String token,
-        @RequestBody ZtatRequestDTO request) {
+        @RequestBody ZtatRequestDTO ztatRequest, HttpServletRequest request, HttpServletResponse response) {
 
         String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;
 
@@ -120,17 +123,91 @@ public ResponseEntity<?> requestZtat(
             return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
         }
 
+        // Extract agent identity from the JWT
+        var operatingUser = getOperatingUser(request, response );
+
         // Extract agent identity from the JWT
         String agentId = keycloakService.extractAgentId(compactJwt);
 
+        if (null == operatingUser) {
+            log.warn("No operating user found for agent: {}", agentId);
+            var username = keycloakService.extractUsername(compactJwt);
+            operatingUser = userService.getUserWithDetails(username);
+
+        }
+
         log.info("Received ZTAT request from agent: {}", agentId);
         // Store the request in the database
-        //var ztatRequest = ztatService.createRequest(agentId, request.getCommand(), request.getCommandHash());
+        ZeroTrustAccessTokenReason reason = ztatService.createReason(ztatRequest.getJustification(), "", ztatRequest.getCommand());
+        var submittedZtatRequest = ztatService.createOpsRequest(ztatRequest.getCommand(), ztatRequest.getCommand(),
+            reason, operatingUser);
+        submittedZtatRequest = ztatService.addJITRequest(submittedZtatRequest);
+
+        return ResponseEntity.ok(Map.of("ztat_request", submittedZtatRequest.getId()));
+    }
+
+    @GetMapping("/status/{type}")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_LOG_IN})
+    public ResponseEntity<?> getRequest(HttpServletRequest request, HttpServletResponse response,
+                                             @RequestHeader("Authorization") String token,
+                                             @PathVariable("type") String type,
+                                             @RequestParam("ztatId") Long ztatId) throws SQLException, GeneralSecurityException {
+        String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;
+
+
+        log.info("Received ZTAT request from agent: {}", compactJwt);
+        if (!keycloakService.validateJwt(compactJwt)) {
+            log.warn("Invalid Keycloak token");
+            return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
+        }
+
+        // Extract agent identity from the JWT
+        var operatingUser = getOperatingUser(request, response );
+
+        // Extract agent identity from the JWT
+        String agentId = keycloakService.extractAgentId(compactJwt);
+
+        if (null == operatingUser) {
+            log.warn("No operating user found for agent: {}", agentId);
+            var username = keycloakService.extractUsername(compactJwt);
+            operatingUser = userService.getUserWithDetails(username);
+
+        }
+
+        if (null != type ){
+            switch(type){
+                case "terminal":
+                    var terminalJIT = ztatService.getZtatRequest(ztatId);
+                    if (terminalJIT.getUser().getId() == operatingUser.getId()){
+                        if ( terminalJIT.getApprovals().size() > 0 && terminalJIT.getApprovals().get(0).isApproved() ) {
+                            return ResponseEntity.ok(Map.of("status", "approved", "ztat_token", terminalJIT.getApprovals().get(0).getToken()));
+                        }
+                        else {
+                            log.info("User {} is not the owner of the request {}", operatingUser.getId(), ztatId);
+                            return ResponseEntity.ok(Map.of("status", "unknown"));
+                        }
+                    } else {
+                        log.info("User {} is not the owner of the request {}", operatingUser.getId(), ztatId);
+                        return ResponseEntity.ok(Map.of("status", "unknown"));
+                    }
+                case "ops":
+                    var opsJit = ztatService.getOpsJITRequest(ztatId);
+                    if (opsJit.getUser().getId() == operatingUser.getId()){
+                        if ( ztatService.isApproved(opsJit) ) {
+                            return ResponseEntity.ok(Map.of("status", "approved", "ztat_token", opsJit.getApprovals().get(0).getToken()));
+                        }
+                        else {
+                            return ResponseEntity.ok(Map.of("status", "unknown"));
+                        }
+                    } else {
+                        return ResponseEntity.ok(Map.of("status", "unknown"));
+                    }
 
-        // Generate a Zero Trust Access Token (ZTAT)
-        //String ztatToken = ztatService.generateZtatToken(ztatRequest);
-        var ztatToken = "lskejtgsadlkjg";
+                default:
 
-        return ResponseEntity.ok(Map.of("ztat_token", ztatToken));
+            }
+        }
+        return ResponseEntity.ok(Map.of("status", "unknown"));
     }
+
 }

api/src/main/resources/templates/sso/ztats/view_ztats.html

@@ -136,8 +136,10 @@ <h2 class="toast-header">Trust AT (TAT) Management</h2>
                         <div id="approvedTats" class="tab-pane fade">
                             <div id="approvedtats-table" class="tab-pane fade show active">
                                 <ul class="nav nav-pills mb-3">
-                                    <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#open-terminal">Terminal TATs</a></li>
-                                    <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#open-ops">Operational TATs</a></li>
+                                    <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab"
+                                                            href="#approved-terminal">Terminal TATs</a></li>
+                                    <li class="nav-item"><a class="nav-link" data-bs-toggle="tab"
+                                                            href="#approved-ops">Operational TATs</a></li>
                                 </ul>
                                 <div class="tab-content">
                                     <!-- Terminal TATs -->