From 65c8beea91de9dfe1336073b7feabd530651c539 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 8 Jul 2025 00:29:02 +0000
Subject: [PATCH 1/9] Initial plan


From 42fbb3ee647d4016c6180f361c0da354ccfb73b4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 8 Jul 2025 00:48:42 +0000
Subject: [PATCH 2/9] Implement ATPL chat configuration system with enhanced
 capabilities model

Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
---
 .../controllers/api/ATPLChatController.java   | 206 +++++++
 .../view/ATPLConfigController.java            |   6 +
 .../sso/services/ATPLChatService.java         | 262 +++++++++
 .../resources/templates/sso/atpl/chat.html    | 555 ++++++++++++++++++
 .../resources/templates/sso/atpl/list.html    |   9 +-
 .../sentrius/sso/core/trust/Capability.java   |   6 +
 6 files changed, 1043 insertions(+), 1 deletion(-)
 create mode 100644 api/src/main/java/io/sentrius/sso/controllers/api/ATPLChatController.java
 create mode 100644 api/src/main/java/io/sentrius/sso/services/ATPLChatService.java
 create mode 100644 api/src/main/resources/templates/sso/atpl/chat.html

diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/ATPLChatController.java b/api/src/main/java/io/sentrius/sso/controllers/api/ATPLChatController.java
new file mode 100644
index 00000000..45524e57
--- /dev/null
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/ATPLChatController.java
@@ -0,0 +1,206 @@
+package io.sentrius.sso.controllers.api;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.sso.core.annotations.LimitAccess;
+import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.controllers.BaseController;
+import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
+import io.sentrius.sso.core.services.ATPLPolicyService;
+import io.sentrius.sso.core.services.ErrorOutputService;
+import io.sentrius.sso.core.services.UserService;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+import io.sentrius.sso.services.ATPLChatService;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/atpl/chat")
+public class ATPLChatController extends BaseController {
+    
+    private final ATPLChatService atplChatService;
+    private final ATPLPolicyService atplPolicyService;
+    private final ObjectMapper objectMapper;
+    
+    // Store conversation sessions (in production, use Redis or database)
+    private final Map<String, Map<String, Object>> chatSessions = new HashMap<>();
+    
+    public ATPLChatController(
+        UserService userService,
+        SystemOptions systemOptions,
+        ErrorOutputService errorOutputService,
+        ATPLChatService atplChatService,
+        ATPLPolicyService atplPolicyService,
+        ObjectMapper objectMapper
+    ) {
+        super(userService, systemOptions, errorOutputService);
+        this.atplChatService = atplChatService;
+        this.atplPolicyService = atplPolicyService;
+        this.objectMapper = objectMapper;
+    }
+    
+    @PostMapping("/message")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<ObjectNode> processMessage(
+        @RequestBody Map<String, Object> request,
+        HttpServletRequest httpRequest,
+        HttpServletResponse httpResponse
+    ) {
+        try {
+            String sessionId = (String) request.get("sessionId");
+            String message = (String) request.get("message");
+            
+            if (sessionId == null || message == null) {
+                return ResponseEntity.badRequest().body(createErrorResponse("Session ID and message are required"));
+            }
+            
+            // Get or create session context
+            Map<String, Object> sessionContext = chatSessions.computeIfAbsent(sessionId, k -> new HashMap<>());
+            
+            // Process the message with the ATPL chat service
+            String response = atplChatService.processATPLChatMessage(message, sessionContext);
+            
+            // Update session context with conversation history
+            updateSessionContext(sessionContext, message, response);
+            
+            ObjectNode result = objectMapper.createObjectNode();
+            result.put("response", response);
+            result.put("sessionId", sessionId);
+            
+            return ResponseEntity.ok(result);
+            
+        } catch (Exception e) {
+            log.error("Error processing ATPL chat message: {}", e.getMessage(), e);
+            return ResponseEntity.internalServerError().body(createErrorResponse("Failed to process message"));
+        }
+    }
+    
+    @PostMapping("/generate-policy")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<ObjectNode> generatePolicy(
+        @RequestBody Map<String, Object> request,
+        HttpServletRequest httpRequest,
+        HttpServletResponse httpResponse
+    ) {
+        try {
+            String sessionId = (String) request.get("sessionId");
+            Map<String, Object> sessionContext = chatSessions.get(sessionId);
+            
+            if (sessionContext == null) {
+                return ResponseEntity.badRequest().body(createErrorResponse("Session not found"));
+            }
+            
+            ObjectNode policyNode = atplChatService.generateATPLPolicy(sessionContext);
+            
+            ObjectNode result = objectMapper.createObjectNode();
+            result.set("policy", policyNode);
+            result.put("sessionId", sessionId);
+            
+            return ResponseEntity.ok(result);
+            
+        } catch (Exception e) {
+            log.error("Error generating ATPL policy: {}", e.getMessage(), e);
+            return ResponseEntity.internalServerError().body(createErrorResponse("Failed to generate policy"));
+        }
+    }
+    
+    @GetMapping("/suggestions")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<ObjectNode> getSuggestions(
+        @RequestParam String description,
+        HttpServletRequest httpRequest,
+        HttpServletResponse httpResponse
+    ) {
+        try {
+            List<String> suggestions = atplChatService.suggestCapabilities(description);
+            
+            ObjectNode result = objectMapper.createObjectNode();
+            ArrayNode suggestionsArray = objectMapper.createArrayNode();
+            suggestions.forEach(suggestionsArray::add);
+            result.set("suggestions", suggestionsArray);
+            
+            return ResponseEntity.ok(result);
+            
+        } catch (Exception e) {
+            log.error("Error getting suggestions: {}", e.getMessage(), e);
+            return ResponseEntity.internalServerError().body(createErrorResponse("Failed to get suggestions"));
+        }
+    }
+    
+    @GetMapping("/existing-policies")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<ObjectNode> getExistingPolicies(
+        HttpServletRequest httpRequest,
+        HttpServletResponse httpResponse
+    ) {
+        try {
+            List<ATPLPolicy> policies = atplPolicyService.getAllPolicies();
+            
+            ObjectNode result = objectMapper.createObjectNode();
+            ArrayNode policiesArray = objectMapper.createArrayNode();
+            
+            for (ATPLPolicy policy : policies) {
+                ObjectNode policyNode = objectMapper.createObjectNode();
+                policyNode.put("id", policy.getPolicyId());
+                policyNode.put("description", policy.getDescription());
+                policyNode.put("version", policy.getVersion());
+                
+                if (policy.getCapabilities() != null && policy.getCapabilities().getPrimitives() != null) {
+                    ArrayNode capabilitiesArray = objectMapper.createArrayNode();
+                    policy.getCapabilities().getPrimitives().forEach(cap -> {
+                        ObjectNode capNode = objectMapper.createObjectNode();
+                        capNode.put("id", cap.getId());
+                        capNode.put("description", cap.getDescription());
+                        capabilitiesArray.add(capNode);
+                    });
+                    policyNode.set("capabilities", capabilitiesArray);
+                }
+                
+                policiesArray.add(policyNode);
+            }
+            
+            result.set("policies", policiesArray);
+            return ResponseEntity.ok(result);
+            
+        } catch (Exception e) {
+            log.error("Error getting existing policies: {}", e.getMessage(), e);
+            return ResponseEntity.internalServerError().body(createErrorResponse("Failed to get existing policies"));
+        }
+    }
+    
+    private void updateSessionContext(Map<String, Object> sessionContext, String userMessage, String agentResponse) {
+        // Store conversation history
+        @SuppressWarnings("unchecked")
+        List<Map<String, String>> history = (List<Map<String, String>>) sessionContext.computeIfAbsent("conversation_history", k -> new java.util.ArrayList<>());
+        
+        Map<String, String> userEntry = new HashMap<>();
+        userEntry.put("type", "user");
+        userEntry.put("message", userMessage);
+        history.add(userEntry);
+        
+        Map<String, String> agentEntry = new HashMap<>();
+        agentEntry.put("type", "assistant");
+        agentEntry.put("message", agentResponse);
+        history.add(agentEntry);
+        
+        // Keep only last 10 exchanges
+        if (history.size() > 20) {
+            history.subList(0, history.size() - 20).clear();
+        }
+    }
+    
+    private ObjectNode createErrorResponse(String message) {
+        ObjectNode error = objectMapper.createObjectNode();
+        error.put("error", message);
+        return error;
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/io/sentrius/sso/controllers/view/ATPLConfigController.java b/api/src/main/java/io/sentrius/sso/controllers/view/ATPLConfigController.java
index 58b0414e..618f5241 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/view/ATPLConfigController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/view/ATPLConfigController.java
@@ -64,4 +64,10 @@ public String configurePage(Model model, @RequestParam(name= "id", required=fals
         }
         return "sso/atpl/configure";
     }
+
+    @GetMapping("/chat")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public String chatPage(Model model) {
+        return "sso/atpl/chat";
+    }
 }
\ No newline at end of file
diff --git a/api/src/main/java/io/sentrius/sso/services/ATPLChatService.java b/api/src/main/java/io/sentrius/sso/services/ATPLChatService.java
new file mode 100644
index 00000000..851f2cdd
--- /dev/null
+++ b/api/src/main/java/io/sentrius/sso/services/ATPLChatService.java
@@ -0,0 +1,262 @@
+package io.sentrius.sso.services;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.sso.core.services.ATPLPolicyService;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+import io.sentrius.sso.core.trust.CapabilitySet;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class ATPLChatService {
+    
+    private final ATPLPolicyService atplPolicyService;
+    private final ObjectMapper objectMapper;
+    
+    public String processATPLChatMessage(String userMessage, Map<String, Object> context) {
+        String lowerMessage = userMessage.toLowerCase();
+        
+        // Simple rule-based responses
+        if (lowerMessage.contains("start") || lowerMessage.contains("begin") || lowerMessage.contains("new")) {
+            return "I'll help you create a new ATPL policy. Let's start by understanding what your agent needs to do. " +
+                   "What are the main capabilities or functions your agent should have? For example:\n" +
+                   "• File operations (read, write, delete)\n" +
+                   "• System monitoring (CPU, memory, disk)\n" +
+                   "• Network communications\n" +
+                   "• Database access\n" +
+                   "• External API calls";
+        }
+        
+        if (lowerMessage.contains("endpoint")) {
+            List<ATPLPolicy> existingPolicies = atplPolicyService.getAllPolicies();
+            StringBuilder response = new StringBuilder();
+            response.append("For endpoints, consider what APIs or services your agent needs to access. ");
+            
+            if (!existingPolicies.isEmpty()) {
+                response.append("Here are some endpoints from existing policies:\n");
+                existingPolicies.forEach(policy -> {
+                    if (policy.getCapabilities() != null && policy.getCapabilities().getPrimitives() != null) {
+                        policy.getCapabilities().getPrimitives().forEach(cap -> {
+                            if (cap.getEndpoints() != null && !cap.getEndpoints().isEmpty()) {
+                                response.append("• ").append(String.join(", ", cap.getEndpoints())).append("\n");
+                            }
+                        });
+                    }
+                });
+            } else {
+                response.append("Common examples include:\n");
+                response.append("• /api/v1/data/read - for reading data\n");
+                response.append("• /api/v1/system/status - for system status\n");
+                response.append("• /api/v1/execute - for executing operations\n");
+            }
+            
+            response.append("\nWhat specific endpoints does your agent need to access?");
+            return response.toString();
+        }
+        
+        if (lowerMessage.contains("command")) {
+            return "For commands, think about what system commands your agent might need to execute. " +
+                   "Examples include:\n" +
+                   "• File operations: ls, cat, grep, find, cp, mv\n" +
+                   "• System monitoring: ps, top, df, netstat, ss\n" +
+                   "• Process management: systemctl, service, kill\n" +
+                   "• Network operations: ping, wget, curl\n" +
+                   "• Data processing: awk, sed, sort, uniq\n\n" +
+                   "What commands should your agent be able to run?";
+        }
+        
+        if (lowerMessage.contains("activity") || lowerMessage.contains("activities")) {
+            return "Activities define what your agent can do at a high level. Examples include:\n" +
+                   "• file_operations - reading, writing, managing files\n" +
+                   "• system_monitoring - checking system health and metrics\n" +
+                   "• data_processing - transforming, analyzing data\n" +
+                   "• network_access - making network requests\n" +
+                   "• user_management - managing user accounts\n" +
+                   "• service_management - starting, stopping services\n\n" +
+                   "What activities should your agent perform?";
+        }
+        
+        if (lowerMessage.contains("existing") || lowerMessage.contains("policies")) {
+            List<ATPLPolicy> existingPolicies = atplPolicyService.getAllPolicies();
+            if (existingPolicies.isEmpty()) {
+                return "No existing ATPL policies found. Would you like to create your first policy?";
+            }
+            
+            StringBuilder response = new StringBuilder();
+            response.append("Here are the existing ATPL policies:\n\n");
+            
+            existingPolicies.forEach(policy -> {
+                response.append("**").append(policy.getPolicyId()).append("**\n");
+                response.append("Version: ").append(policy.getVersion()).append("\n");
+                if (policy.getDescription() != null) {
+                    response.append("Description: ").append(policy.getDescription()).append("\n");
+                }
+                
+                if (policy.getCapabilities() != null && policy.getCapabilities().getPrimitives() != null) {
+                    response.append("Capabilities:\n");
+                    policy.getCapabilities().getPrimitives().forEach(cap -> {
+                        response.append("• ").append(cap.getId()).append(": ").append(cap.getDescription()).append("\n");
+                    });
+                }
+                response.append("\n");
+            });
+            
+            response.append("Would you like to create a new policy or modify an existing one?");
+            return response.toString();
+        }
+        
+        if (lowerMessage.contains("help") || lowerMessage.contains("what")) {
+            return "I'm here to help you create ATPL (Agent Trust Policy Language) policies. " +
+                   "I can assist with:\n\n" +
+                   "• **Policy Structure** - Understanding the basic components\n" +
+                   "• **Endpoints** - Defining what APIs your agent can access\n" +
+                   "• **Commands** - Specifying what system commands are allowed\n" +
+                   "• **Activities** - Defining high-level capabilities\n" +
+                   "• **Security** - Ensuring appropriate access controls\n\n" +
+                   "To get started, tell me about your agent's purpose or ask about any specific aspect!";
+        }
+        
+        if (lowerMessage.contains("security") || lowerMessage.contains("access")) {
+            return "Security is crucial for ATPL policies. Consider these aspects:\n\n" +
+                   "• **Principle of Least Privilege** - Only grant necessary permissions\n" +
+                   "• **Risk Assessment** - Tag high-risk capabilities appropriately\n" +
+                   "• **Endpoint Validation** - Ensure endpoints are legitimate and necessary\n" +
+                   "• **Command Restrictions** - Avoid dangerous commands like rm -rf, sudo\n" +
+                   "• **Activity Boundaries** - Clearly define what activities are allowed\n\n" +
+                   "What security considerations do you have for your agent?";
+        }
+        
+        // Default response
+        return "I understand you want to configure an ATPL policy. I can help you define:\n" +
+               "• **Endpoints** - API endpoints your agent can access\n" +
+               "• **Commands** - System commands your agent can execute\n" +
+               "• **Activities** - High-level capabilities your agent needs\n\n" +
+               "What would you like to configure first? Or tell me more about what your agent needs to do.";
+    }
+    
+    public ObjectNode generateATPLPolicy(Map<String, Object> configuration) {
+        try {
+            ObjectNode policyNode = objectMapper.createObjectNode();
+            
+            // Basic information
+            policyNode.put("version", "v0");
+            policyNode.put("policy_id", (String) configuration.getOrDefault("policy_id", "generated_policy_" + System.currentTimeMillis()));
+            policyNode.put("description", (String) configuration.getOrDefault("description", "Generated ATPL policy from chat session"));
+            
+            // Capabilities
+            ObjectNode capabilitiesNode = objectMapper.createObjectNode();
+            ArrayNode primitivesArray = objectMapper.createArrayNode();
+            
+            // Extract capabilities from session context
+            @SuppressWarnings("unchecked")
+            List<Map<String, Object>> capabilities = (List<Map<String, Object>>) configuration.get("capabilities");
+            
+            if (capabilities != null) {
+                for (Map<String, Object> cap : capabilities) {
+                    ObjectNode capNode = objectMapper.createObjectNode();
+                    capNode.put("id", (String) cap.get("id"));
+                    capNode.put("description", (String) cap.get("description"));
+                    
+                    // Add endpoints
+                    if (cap.containsKey("endpoints")) {
+                        ArrayNode endpointsArray = objectMapper.createArrayNode();
+                        @SuppressWarnings("unchecked")
+                        List<String> endpoints = (List<String>) cap.get("endpoints");
+                        endpoints.forEach(endpointsArray::add);
+                        capNode.set("endpoints", endpointsArray);
+                    }
+                    
+                    // Add commands
+                    if (cap.containsKey("commands")) {
+                        ArrayNode commandsArray = objectMapper.createArrayNode();
+                        @SuppressWarnings("unchecked")
+                        List<String> commands = (List<String>) cap.get("commands");
+                        commands.forEach(commandsArray::add);
+                        capNode.set("commands", commandsArray);
+                    }
+                    
+                    // Add activities
+                    if (cap.containsKey("activities")) {
+                        ArrayNode activitiesArray = objectMapper.createArrayNode();
+                        @SuppressWarnings("unchecked")
+                        List<String> activities = (List<String>) cap.get("activities");
+                        activities.forEach(activitiesArray::add);
+                        capNode.set("activities", activitiesArray);
+                    }
+                    
+                    primitivesArray.add(capNode);
+                }
+            } else {
+                // Create default capability based on conversation
+                ObjectNode defaultCap = objectMapper.createObjectNode();
+                defaultCap.put("id", "basic_access");
+                defaultCap.put("description", "Basic agent access capability");
+                
+                ArrayNode endpoints = objectMapper.createArrayNode();
+                endpoints.add("/api/v1/status");
+                defaultCap.set("endpoints", endpoints);
+                
+                ArrayNode commands = objectMapper.createArrayNode();
+                commands.add("ls");
+                commands.add("ps");
+                defaultCap.set("commands", commands);
+                
+                ArrayNode activities = objectMapper.createArrayNode();
+                activities.add("monitoring");
+                defaultCap.set("activities", activities);
+                
+                primitivesArray.add(defaultCap);
+            }
+            
+            capabilitiesNode.set("primitives", primitivesArray);
+            policyNode.set("capabilities", capabilitiesNode);
+            
+            return policyNode;
+            
+        } catch (Exception e) {
+            log.error("Error generating ATPL policy: {}", e.getMessage(), e);
+            return objectMapper.createObjectNode();
+        }
+    }
+    
+    public List<String> suggestCapabilities(String userDescription) {
+        List<String> suggestions = new ArrayList<>();
+        
+        String description = userDescription.toLowerCase();
+        
+        if (description.contains("read") || description.contains("view") || description.contains("get")) {
+            suggestions.add("read_access");
+        }
+        if (description.contains("write") || description.contains("modify") || description.contains("update")) {
+            suggestions.add("write_access");
+        }
+        if (description.contains("execute") || description.contains("run") || description.contains("command")) {
+            suggestions.add("execute_access");
+        }
+        if (description.contains("admin") || description.contains("manage") || description.contains("control")) {
+            suggestions.add("admin_access");
+        }
+        if (description.contains("network") || description.contains("connection") || description.contains("socket")) {
+            suggestions.add("network_access");
+        }
+        if (description.contains("file") || description.contains("disk") || description.contains("storage")) {
+            suggestions.add("filesystem_access");
+        }
+        if (description.contains("monitor") || description.contains("watch") || description.contains("observe")) {
+            suggestions.add("monitoring_access");
+        }
+        if (description.contains("database") || description.contains("db") || description.contains("sql")) {
+            suggestions.add("database_access");
+        }
+        
+        return suggestions;
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/resources/templates/sso/atpl/chat.html b/api/src/main/resources/templates/sso/atpl/chat.html
new file mode 100644
index 00000000..c0938f68
--- /dev/null
+++ b/api/src/main/resources/templates/sso/atpl/chat.html
@@ -0,0 +1,555 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" class="dark" data-bs-theme="dark">
+<head>
+    <meta th:replace="~{fragments/header}">
+    <title>[[${systemOptions.systemLogoName}]] - ATPL Chat Configuration</title>
+    <style>
+        .chat-container {
+            max-width: 1200px;
+            margin: 20px auto;
+            background: #1e1e1e;
+            border-radius: 15px;
+            padding: 0;
+            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.8);
+            overflow: hidden;
+            height: 80vh;
+            display: flex;
+            flex-direction: column;
+        }
+        
+        .chat-header {
+            background: linear-gradient(135deg, #2a2a2a 0%, #3a3a3a 100%);
+            padding: 20px;
+            text-align: center;
+            border-bottom: 1px solid #444;
+        }
+        
+        .chat-header h2 {
+            color: #ffffff;
+            margin: 0;
+            font-size: 1.5rem;
+            font-weight: 600;
+        }
+        
+        .chat-header p {
+            color: #aaa;
+            margin: 5px 0 0 0;
+            font-size: 0.9rem;
+        }
+        
+        .chat-messages {
+            flex: 1;
+            padding: 20px;
+            overflow-y: auto;
+            background: #1a1a1a;
+            display: flex;
+            flex-direction: column;
+            gap: 15px;
+        }
+        
+        .message {
+            max-width: 70%;
+            padding: 12px 16px;
+            border-radius: 12px;
+            word-wrap: break-word;
+            animation: slideIn 0.3s ease-out;
+        }
+        
+        .message.user {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            align-self: flex-end;
+            margin-left: auto;
+        }
+        
+        .message.assistant {
+            background: linear-gradient(135deg, #2b2b2b 0%, #3b3b3b 100%);
+            color: #eee;
+            align-self: flex-start;
+            border: 1px solid #444;
+        }
+        
+        .message.system {
+            background: linear-gradient(135deg, #28a745 0%, #1e7e34 100%);
+            color: white;
+            align-self: center;
+            text-align: center;
+            font-style: italic;
+        }
+        
+        .chat-input-container {
+            padding: 20px;
+            background: #2a2a2a;
+            border-top: 1px solid #444;
+            display: flex;
+            gap: 10px;
+            align-items: center;
+        }
+        
+        .chat-input {
+            flex: 1;
+            padding: 12px 16px;
+            border: 1px solid #444;
+            border-radius: 24px;
+            background: #1a1a1a;
+            color: #eee;
+            font-size: 14px;
+            outline: none;
+            transition: border-color 0.2s ease;
+        }
+        
+        .chat-input:focus {
+            border-color: #007bff;
+            box-shadow: 0 0 0 2px rgba(0, 123, 255, 0.25);
+        }
+        
+        .chat-input::placeholder {
+            color: #888;
+        }
+        
+        .send-button {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            border: none;
+            padding: 12px 20px;
+            border-radius: 24px;
+            cursor: pointer;
+            font-weight: 500;
+            transition: all 0.2s ease;
+            min-width: 80px;
+        }
+        
+        .send-button:hover {
+            background: linear-gradient(135deg, #0056b3 0%, #004085 100%);
+            transform: translateY(-1px);
+        }
+        
+        .send-button:disabled {
+            background: #444;
+            cursor: not-allowed;
+            transform: none;
+        }
+        
+        .typing-indicator {
+            display: none;
+            padding: 12px 16px;
+            background: #2b2b2b;
+            border-radius: 12px;
+            align-self: flex-start;
+            border: 1px solid #444;
+            color: #aaa;
+            font-style: italic;
+        }
+        
+        .typing-indicator.active {
+            display: block;
+        }
+        
+        .action-buttons {
+            display: flex;
+            gap: 10px;
+            margin-top: 10px;
+            flex-wrap: wrap;
+        }
+        
+        .action-button {
+            background: linear-gradient(135deg, #28a745 0%, #1e7e34 100%);
+            color: white;
+            border: none;
+            padding: 8px 16px;
+            border-radius: 20px;
+            cursor: pointer;
+            font-size: 12px;
+            transition: all 0.2s ease;
+        }
+        
+        .action-button:hover {
+            background: linear-gradient(135deg, #1e7e34 0%, #155724 100%);
+            transform: translateY(-1px);
+        }
+        
+        .policy-preview {
+            background: #1a1a1a;
+            border: 1px solid #444;
+            border-radius: 8px;
+            padding: 15px;
+            margin-top: 15px;
+            max-height: 200px;
+            overflow-y: auto;
+        }
+        
+        .policy-preview pre {
+            color: #eee;
+            font-family: 'Courier New', monospace;
+            font-size: 12px;
+            margin: 0;
+            white-space: pre-wrap;
+        }
+        
+        .quick-actions {
+            display: flex;
+            gap: 10px;
+            margin-bottom: 15px;
+            flex-wrap: wrap;
+        }
+        
+        .quick-action {
+            background: linear-gradient(135deg, #6c757d 0%, #495057 100%);
+            color: white;
+            border: none;
+            padding: 8px 12px;
+            border-radius: 16px;
+            cursor: pointer;
+            font-size: 12px;
+            transition: all 0.2s ease;
+        }
+        
+        .quick-action:hover {
+            background: linear-gradient(135deg, #495057 0%, #343a40 100%);
+        }
+        
+        @keyframes slideIn {
+            from {
+                opacity: 0;
+                transform: translateY(10px);
+            }
+            to {
+                opacity: 1;
+                transform: translateY(0);
+            }
+        }
+        
+        .chat-messages::-webkit-scrollbar {
+            width: 6px;
+        }
+        
+        .chat-messages::-webkit-scrollbar-track {
+            background: rgba(255, 255, 255, 0.1);
+            border-radius: 10px;
+        }
+        
+        .chat-messages::-webkit-scrollbar-thumb {
+            background: rgba(255, 255, 255, 0.3);
+            border-radius: 10px;
+        }
+        
+        .chat-messages::-webkit-scrollbar-thumb:hover {
+            background: rgba(255, 255, 255, 0.5);
+        }
+        
+        .loading {
+            display: inline-block;
+            width: 20px;
+            height: 20px;
+            border: 2px solid #444;
+            border-radius: 50%;
+            border-top-color: #007bff;
+            animation: spin 1s ease-in-out infinite;
+        }
+        
+        @keyframes spin {
+            to { transform: rotate(360deg); }
+        }
+    </style>
+</head>
+<body>
+    <div th:replace="~{fragments/navigation}"></div>
+    
+    <div class="container-fluid">
+        <div class="main-content">
+            <div th:replace="~{fragments/alerts}"></div>
+            
+            <div class="chat-container">
+                <div class="chat-header">
+                    <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
+                    <p>Let me help you create a comprehensive Agent Trust Policy Language configuration</p>
+                </div>
+                
+                <div class="chat-messages" id="chatMessages">
+                    <div class="message system">
+                        <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an ATPL policy. 
+                        What kind of agent are you looking to configure?
+                    </div>
+                </div>
+                
+                <div class="chat-input-container">
+                    <div class="quick-actions">
+                        <button class="quick-action" onclick="sendQuickMessage('I want to create a new ATPL policy')">
+                            <i class="fas fa-plus"></i> New Policy
+                        </button>
+                        <button class="quick-action" onclick="sendQuickMessage('What endpoints does my agent need?')">
+                            <i class="fas fa-link"></i> Endpoints
+                        </button>
+                        <button class="quick-action" onclick="sendQuickMessage('What commands should I allow?')">
+                            <i class="fas fa-terminal"></i> Commands
+                        </button>
+                        <button class="quick-action" onclick="sendQuickMessage('Show me existing policies')">
+                            <i class="fas fa-list"></i> Existing Policies
+                        </button>
+                    </div>
+                    
+                    <div class="d-flex w-100 gap-2">
+                        <input type="text" class="chat-input" id="chatInput" 
+                               placeholder="Describe what your agent needs to do..." 
+                               onkeypress="handleKeyPress(event)">
+                        <button class="send-button" id="sendButton" onclick="sendMessage()">
+                            <i class="fas fa-paper-plane"></i> Send
+                        </button>
+                    </div>
+                </div>
+                
+                <div class="typing-indicator" id="typingIndicator">
+                    <div class="loading"></div> Assistant is thinking...
+                </div>
+            </div>
+            
+            <div class="action-buttons mt-3 text-center">
+                <button class="btn btn-success" onclick="generatePolicy()">
+                    <i class="fas fa-magic"></i> Generate Policy
+                </button>
+                <button class="btn btn-secondary" onclick="clearChat()">
+                    <i class="fas fa-trash"></i> Clear Chat
+                </button>
+                <button class="btn btn-info" onclick="exportChat()">
+                    <i class="fas fa-download"></i> Export Chat
+                </button>
+            </div>
+        </div>
+    </div>
+
+    <script>
+        let sessionId = 'atpl-chat-' + Date.now();
+        let conversationHistory = [];
+        
+        async function sendMessage() {
+            const input = document.getElementById('chatInput');
+            const message = input.value.trim();
+            
+            if (!message) return;
+            
+            // Add user message to chat
+            addMessage(message, 'user');
+            input.value = '';
+            
+            // Show typing indicator
+            showTypingIndicator();
+            
+            try {
+                const response = await fetch('/api/v1/atpl/chat/message', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'X-CSRF-TOKEN': document.querySelector('meta[name="_csrf"]').getAttribute('content')
+                    },
+                    body: JSON.stringify({
+                        sessionId: sessionId,
+                        message: message
+                    })
+                });
+                
+                const data = await response.json();
+                
+                if (data.error) {
+                    addMessage('Sorry, I encountered an error: ' + data.error, 'assistant');
+                } else {
+                    const assistantMessage = data.response || 'I received your message and I\'m processing it.';
+                    addMessage(assistantMessage, 'assistant');
+                    
+                    // Add relevant action buttons based on context
+                    addContextualActions(message);
+                }
+                
+            } catch (error) {
+                console.error('Error sending message:', error);
+                addMessage('Sorry, I\'m having trouble connecting right now. Please try again.', 'assistant');
+            }
+            
+            hideTypingIndicator();
+        }
+        
+        function sendQuickMessage(message) {
+            document.getElementById('chatInput').value = message;
+            sendMessage();
+        }
+        
+        function addMessage(text, type) {
+            const messagesContainer = document.getElementById('chatMessages');
+            const messageDiv = document.createElement('div');
+            messageDiv.className = `message ${type}`;
+            
+            if (type === 'user') {
+                messageDiv.innerHTML = `<i class="fas fa-user"></i> ${text}`;
+            } else if (type === 'assistant') {
+                messageDiv.innerHTML = `<i class="fas fa-robot"></i> ${text}`;
+            } else {
+                messageDiv.innerHTML = text;
+            }
+            
+            messagesContainer.appendChild(messageDiv);
+            messagesContainer.scrollTop = messagesContainer.scrollHeight;
+            
+            // Store in conversation history
+            conversationHistory.push({type: type, message: text, timestamp: new Date()});
+        }
+        
+        function addContextualActions(userMessage) {
+            const messagesContainer = document.getElementById('chatMessages');
+            const actionsDiv = document.createElement('div');
+            actionsDiv.className = 'action-buttons';
+            
+            const lowerMessage = userMessage.toLowerCase();
+            
+            if (lowerMessage.includes('endpoint')) {
+                actionsDiv.innerHTML += `
+                    <button class="action-button" onclick="sendQuickMessage('I need read-only access to /api/v1/data')">
+                        <i class="fas fa-eye"></i> Read Access
+                    </button>
+                    <button class="action-button" onclick="sendQuickMessage('I need write access to /api/v1/system')">
+                        <i class="fas fa-edit"></i> Write Access
+                    </button>
+                `;
+            }
+            
+            if (lowerMessage.includes('command')) {
+                actionsDiv.innerHTML += `
+                    <button class="action-button" onclick="sendQuickMessage('I need basic file operations like ls, cat, grep')">
+                        <i class="fas fa-file"></i> File Operations
+                    </button>
+                    <button class="action-button" onclick="sendQuickMessage('I need system monitoring commands like ps, top, df')">
+                        <i class="fas fa-chart-line"></i> System Monitoring
+                    </button>
+                `;
+            }
+            
+            if (actionsDiv.innerHTML) {
+                messagesContainer.appendChild(actionsDiv);
+                messagesContainer.scrollTop = messagesContainer.scrollHeight;
+            }
+        }
+        
+        function showTypingIndicator() {
+            document.getElementById('typingIndicator').classList.add('active');
+            document.getElementById('sendButton').disabled = true;
+        }
+        
+        function hideTypingIndicator() {
+            document.getElementById('typingIndicator').classList.remove('active');
+            document.getElementById('sendButton').disabled = false;
+        }
+        
+        function handleKeyPress(event) {
+            if (event.key === 'Enter') {
+                sendMessage();
+            }
+        }
+        
+        async function generatePolicy() {
+            if (conversationHistory.length === 0) {
+                alert('Please have a conversation first to generate a policy.');
+                return;
+            }
+            
+            try {
+                const response = await fetch('/api/v1/atpl/chat/generate-policy', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'X-CSRF-TOKEN': document.querySelector('meta[name="_csrf"]').getAttribute('content')
+                    },
+                    body: JSON.stringify({
+                        sessionId: sessionId
+                    })
+                });
+                
+                const data = await response.json();
+                
+                if (data.error) {
+                    addMessage('Error generating policy: ' + data.error, 'assistant');
+                } else {
+                    addMessage('Here\'s your generated ATPL policy:', 'assistant');
+                    
+                    // Add policy preview
+                    const messagesContainer = document.getElementById('chatMessages');
+                    const policyDiv = document.createElement('div');
+                    policyDiv.className = 'policy-preview';
+                    policyDiv.innerHTML = `
+                        <pre>${JSON.stringify(data.policy, null, 2)}</pre>
+                        <div class="mt-2">
+                            <button class="btn btn-sm btn-primary" onclick="copyToClipboard('${JSON.stringify(data.policy)}')">
+                                <i class="fas fa-copy"></i> Copy
+                            </button>
+                            <button class="btn btn-sm btn-success" onclick="savePolicy('${JSON.stringify(data.policy)}')">
+                                <i class="fas fa-save"></i> Save
+                            </button>
+                        </div>
+                    `;
+                    messagesContainer.appendChild(policyDiv);
+                    messagesContainer.scrollTop = messagesContainer.scrollHeight;
+                }
+                
+            } catch (error) {
+                console.error('Error generating policy:', error);
+                addMessage('Sorry, I couldn\'t generate the policy right now.', 'assistant');
+            }
+        }
+        
+        function clearChat() {
+            document.getElementById('chatMessages').innerHTML = `
+                <div class="message system">
+                    <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an ATPL policy. 
+                    What kind of agent are you looking to configure?
+                </div>
+            `;
+            conversationHistory = [];
+            sessionId = 'atpl-chat-' + Date.now();
+        }
+        
+        function exportChat() {
+            const chatData = {
+                sessionId: sessionId,
+                timestamp: new Date().toISOString(),
+                conversation: conversationHistory
+            };
+            
+            const dataStr = JSON.stringify(chatData, null, 2);
+            const dataUri = 'data:application/json;charset=utf-8,'+ encodeURIComponent(dataStr);
+            
+            const exportFileDefaultName = 'atpl-chat-' + new Date().toISOString().split('T')[0] + '.json';
+            
+            const linkElement = document.createElement('a');
+            linkElement.setAttribute('href', dataUri);
+            linkElement.setAttribute('download', exportFileDefaultName);
+            linkElement.click();
+        }
+        
+        function copyToClipboard(text) {
+            navigator.clipboard.writeText(text).then(() => {
+                alert('Policy copied to clipboard!');
+            }).catch(err => {
+                console.error('Failed to copy: ', err);
+            });
+        }
+        
+        function savePolicy(policyJson) {
+            // This would redirect to the regular ATPL configuration page with the policy pre-filled
+            const form = document.createElement('form');
+            form.method = 'POST';
+            form.action = '/sso/v1/atpl/save';
+            
+            const input = document.createElement('input');
+            input.type = 'hidden';
+            input.name = 'policy';
+            input.value = policyJson;
+            
+            form.appendChild(input);
+            document.body.appendChild(form);
+            form.submit();
+        }
+        
+        // Initialize focus on input
+        document.addEventListener('DOMContentLoaded', function() {
+            document.getElementById('chatInput').focus();
+        });
+    </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/api/src/main/resources/templates/sso/atpl/list.html b/api/src/main/resources/templates/sso/atpl/list.html
index 00c1ebe8..3b7fee2c 100644
--- a/api/src/main/resources/templates/sso/atpl/list.html
+++ b/api/src/main/resources/templates/sso/atpl/list.html
@@ -72,7 +72,14 @@
                 <div th:replace="~{fragments/alerts}"></div>
                 <div class="header-bar">
                     <h2 class="text-white">ATPL Policy List</h2>
-                    <a href="/sso/v1/atpl/configure" class="btn btn-primary">+ Create New Policy</a>
+                    <div class="btn-group">
+                        <a href="/sso/v1/atpl/chat" class="btn btn-success">
+                            <i class="fas fa-comments"></i> Chat Assistant
+                        </a>
+                        <a href="/sso/v1/atpl/configure" class="btn btn-primary">
+                            <i class="fas fa-plus"></i> Create New Policy
+                        </a>
+                    </div>
                 </div>
                 <div class="policy-grid">
                     <div class="policy-card" th:each="policy : ${savedPolicies}">
diff --git a/core/src/main/java/io/sentrius/sso/core/trust/Capability.java b/core/src/main/java/io/sentrius/sso/core/trust/Capability.java
index fb624a1b..9d68711b 100644
--- a/core/src/main/java/io/sentrius/sso/core/trust/Capability.java
+++ b/core/src/main/java/io/sentrius/sso/core/trust/Capability.java
@@ -25,6 +25,12 @@ public class Capability {
     private List<String> endpoints = new ArrayList<>();
     @Builder.Default
     private List<String> tags = new ArrayList<>();
+    @Builder.Default
+    private List<String> commands = new ArrayList<>();
+    @Builder.Default
+    private List<String> activities = new ArrayList<>();
+    @Builder.Default
+    private List<String> subcommands = new ArrayList<>();
 
     public String getId() {
         return id;

From e878eee0d38fc46cadc15b3032ee58e3f200f785 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 8 Jul 2025 00:53:30 +0000
Subject: [PATCH 3/9] Add comprehensive tests for ATPL chat service and
 finalize implementation

Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
---
 .../sso/services/ATPLChatServiceTest.java     | 160 ++++++++++++++++++
 1 file changed, 160 insertions(+)
 create mode 100644 api/src/test/java/io/sentrius/sso/services/ATPLChatServiceTest.java

diff --git a/api/src/test/java/io/sentrius/sso/services/ATPLChatServiceTest.java b/api/src/test/java/io/sentrius/sso/services/ATPLChatServiceTest.java
new file mode 100644
index 00000000..8a90455e
--- /dev/null
+++ b/api/src/test/java/io/sentrius/sso/services/ATPLChatServiceTest.java
@@ -0,0 +1,160 @@
+package io.sentrius.sso.services;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+import io.sentrius.sso.core.services.ATPLPolicyService;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+
+@ExtendWith(MockitoExtension.class)
+class ATPLChatServiceTest {
+
+    @Mock
+    private ATPLPolicyService atplPolicyService;
+
+    private ObjectMapper objectMapper;
+    private ATPLChatService atplChatService;
+
+    @BeforeEach
+    void setUp() {
+        objectMapper = new ObjectMapper();
+        atplChatService = new ATPLChatService(atplPolicyService, objectMapper);
+    }
+
+    @Test
+    void testProcessATPLChatMessage_StartMessage() {
+        // Given
+        String userMessage = "I want to start creating a new ATPL policy";
+        Map<String, Object> context = new HashMap<>();
+
+        // When
+        String response = atplChatService.processATPLChatMessage(userMessage, context);
+
+        // Then
+        assertNotNull(response);
+        assertTrue(response.contains("I'll help you create a new ATPL policy"));
+        assertTrue(response.contains("File operations"));
+        assertTrue(response.contains("System monitoring"));
+    }
+
+    @Test
+    void testProcessATPLChatMessage_EndpointMessage() {
+        // Given
+        String userMessage = "What endpoints should I define?";
+        Map<String, Object> context = new HashMap<>();
+        
+        // Mock existing policies
+        List<ATPLPolicy> existingPolicies = new ArrayList<>();
+        when(atplPolicyService.getAllPolicies()).thenReturn(existingPolicies);
+
+        // When
+        String response = atplChatService.processATPLChatMessage(userMessage, context);
+
+        // Then
+        assertNotNull(response);
+        assertTrue(response.contains("endpoints"));
+        assertTrue(response.contains("/api/v1/"));
+    }
+
+    @Test
+    void testProcessATPLChatMessage_CommandMessage() {
+        // Given
+        String userMessage = "What commands should I allow?";
+        Map<String, Object> context = new HashMap<>();
+
+        // When
+        String response = atplChatService.processATPLChatMessage(userMessage, context);
+
+        // Then
+        assertNotNull(response);
+        assertTrue(response.contains("commands"));
+        assertTrue(response.contains("ls"));
+        assertTrue(response.contains("ps"));
+    }
+
+    @Test
+    void testSuggestCapabilities() {
+        // Given
+        String description = "I need an agent that can read files and monitor the system";
+
+        // When
+        List<String> suggestions = atplChatService.suggestCapabilities(description);
+
+        // Then
+        assertNotNull(suggestions);
+        assertTrue(suggestions.contains("read_access"));
+        assertTrue(suggestions.contains("monitoring_access"));
+        assertTrue(suggestions.contains("filesystem_access"));
+    }
+
+    @Test
+    void testGenerateATPLPolicy() {
+        // Given
+        Map<String, Object> configuration = new HashMap<>();
+        configuration.put("policy_id", "test_policy");
+        configuration.put("description", "Test policy description");
+
+        // When
+        ObjectNode policy = atplChatService.generateATPLPolicy(configuration);
+
+        // Then
+        assertNotNull(policy);
+        assertEquals("v0", policy.get("version").asText());
+        assertEquals("test_policy", policy.get("policy_id").asText());
+        assertEquals("Test policy description", policy.get("description").asText());
+        assertTrue(policy.has("capabilities"));
+        assertTrue(policy.get("capabilities").has("primitives"));
+    }
+
+    @Test
+    void testGenerateATPLPolicy_WithCapabilities() {
+        // Given
+        Map<String, Object> configuration = new HashMap<>();
+        configuration.put("policy_id", "test_policy_with_caps");
+        
+        List<Map<String, Object>> capabilities = new ArrayList<>();
+        Map<String, Object> capability = new HashMap<>();
+        capability.put("id", "test_capability");
+        capability.put("description", "Test capability");
+        
+        List<String> endpoints = List.of("/api/v1/test");
+        List<String> commands = List.of("ls", "ps");
+        List<String> activities = List.of("monitoring");
+        
+        capability.put("endpoints", endpoints);
+        capability.put("commands", commands);
+        capability.put("activities", activities);
+        
+        capabilities.add(capability);
+        configuration.put("capabilities", capabilities);
+
+        // When
+        ObjectNode policy = atplChatService.generateATPLPolicy(configuration);
+
+        // Then
+        assertNotNull(policy);
+        assertTrue(policy.has("capabilities"));
+        assertTrue(policy.get("capabilities").has("primitives"));
+        
+        ObjectNode firstCapability = (ObjectNode) policy.get("capabilities").get("primitives").get(0);
+        assertEquals("test_capability", firstCapability.get("id").asText());
+        assertEquals("Test capability", firstCapability.get("description").asText());
+        assertTrue(firstCapability.has("endpoints"));
+        assertTrue(firstCapability.has("commands"));
+        assertTrue(firstCapability.has("activities"));
+    }
+}
\ No newline at end of file

From 5f2616067c33a2bff4bf71aa831b967d2b8078e3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 8 Jul 2025 01:32:32 +0000
Subject: [PATCH 4/9] Fix template reference error in ATPL chat interface

Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
---
 api/src/main/resources/templates/sso/atpl/chat.html | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/api/src/main/resources/templates/sso/atpl/chat.html b/api/src/main/resources/templates/sso/atpl/chat.html
index c0938f68..e7842d51 100644
--- a/api/src/main/resources/templates/sso/atpl/chat.html
+++ b/api/src/main/resources/templates/sso/atpl/chat.html
@@ -253,10 +253,11 @@
     </style>
 </head>
 <body>
-    <div th:replace="~{fragments/navigation}"></div>
-    
-    <div class="container-fluid">
-        <div class="main-content">
+<div class="container-fluid">
+    <div class="row flex-nowrap">
+        <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
+        <div class="col py-4">
+            <div class="main-content">
             <div th:replace="~{fragments/alerts}"></div>
             
             <div class="chat-container">
@@ -316,6 +317,7 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
             </div>
         </div>
     </div>
+</div>
 
     <script>
         let sessionId = 'atpl-chat-' + Date.now();

From 043c7f4abb3ca9ef40df44c558ff0a0e0184dfa8 Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Tue, 8 Jul 2025 17:51:57 -0400
Subject: [PATCH 5/9] fix issues with PR

---
 .local.env                                    |  16 +-
 .local.env.bak                                |  16 +-
 .../launcher/api/AgentLauncherController.java |   4 +-
 .../launcher/service/PodLauncherService.java  |  69 +++--
 .../analysis/agents/agents/ChatAgent.java     |   8 +
 .../analysis/agents/agents/PromptBuilder.java |  57 ++--
 .../agents/agents/RegisteredAgent.java        |   1 -
 .../analysis/agents/agents/VerbRegistry.java  |  31 ++
 .../analysis/agents/verbs/AgentVerbs.java     |  60 +++-
 .../analysis/agents/verbs/AtplVerbs.java      |  75 +++++
 .../analysis/agents/verbs/ChatVerbs.java      | 100 ++++---
 .../sentrius/agent/config/SecurityConfig.java |   4 +-
 .../sentrius/sso/config/SecurityConfig.java   |   2 -
 api/src/main/resources/static/js/chat.js      |  20 +-
 .../resources/templates/sso/atpl/chat.html    | 268 ++++++++++++------
 .../dto/capabilities/AccessLimitations.java   |   4 +
 .../dto/capabilities/EndpointDescriptor.java  |   6 +
 .../dto/capabilities/ParameterDescriptor.java |   6 +-
 .../sso/core/dto/ztat/AgentExecution.java     |   5 +
 .../sso/core/model/verbs/ListInterpreter.java |   6 +-
 .../services/agents/AgentClientService.java   |  29 ++
 .../capabilities/EndpointScanningService.java |   4 +-
 .../sso/core/services/security/JwtUtil.java   |   5 +-
 .../model/security/AccessControlAspect.java   |   4 +
 .../core/services/agents/AgentService.java    |   2 +
 .../api/OpenAIProxyController.java            |  29 +-
 .../io/sentrius/sso/genai/GenerativeAPI.java  |  11 +-
 .../templates/configmap.yaml                  | 205 ++++++++++++++
 28 files changed, 823 insertions(+), 224 deletions(-)
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java

diff --git a/.local.env b/.local.env
index a1973fd1..decdf6df 100644
--- a/.local.env
+++ b/.local.env
@@ -1,8 +1,8 @@
-SENTRIUS_VERSION=1.1.193
-SENTRIUS_SSH_VERSION=1.1.35
-SENTRIUS_KEYCLOAK_VERSION=1.1.47
-SENTRIUS_AGENT_VERSION=1.1.34
-SENTRIUS_AI_AGENT_VERSION=1.1.64
-LLMPROXY_VERSION=1.0.46
-LAUNCHER_VERSION=1.0.51
-AGENTPROXY_VERSION=1.0.66
\ No newline at end of file
+SENTRIUS_VERSION=1.1.233
+SENTRIUS_SSH_VERSION=1.1.36
+SENTRIUS_KEYCLOAK_VERSION=1.1.48
+SENTRIUS_AGENT_VERSION=1.1.35
+SENTRIUS_AI_AGENT_VERSION=1.1.85
+LLMPROXY_VERSION=1.0.49
+LAUNCHER_VERSION=1.0.55
+AGENTPROXY_VERSION=1.0.67
\ No newline at end of file
diff --git a/.local.env.bak b/.local.env.bak
index a1973fd1..decdf6df 100644
--- a/.local.env.bak
+++ b/.local.env.bak
@@ -1,8 +1,8 @@
-SENTRIUS_VERSION=1.1.193
-SENTRIUS_SSH_VERSION=1.1.35
-SENTRIUS_KEYCLOAK_VERSION=1.1.47
-SENTRIUS_AGENT_VERSION=1.1.34
-SENTRIUS_AI_AGENT_VERSION=1.1.64
-LLMPROXY_VERSION=1.0.46
-LAUNCHER_VERSION=1.0.51
-AGENTPROXY_VERSION=1.0.66
\ No newline at end of file
+SENTRIUS_VERSION=1.1.233
+SENTRIUS_SSH_VERSION=1.1.36
+SENTRIUS_KEYCLOAK_VERSION=1.1.48
+SENTRIUS_AGENT_VERSION=1.1.35
+SENTRIUS_AI_AGENT_VERSION=1.1.85
+LLMPROXY_VERSION=1.0.49
+LAUNCHER_VERSION=1.0.55
+AGENTPROXY_VERSION=1.0.67
\ No newline at end of file
diff --git a/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java b/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
index a8665b42..d44a86d1 100644
--- a/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
+++ b/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
@@ -12,7 +12,6 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -50,8 +49,7 @@ public ResponseEntity<?> createPod(
             return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
         }
 
-        var clientId = agent.getAgentName();
-        podLauncherService.launchAgentPod(clientId, agent.getAgentCallbackUrl());
+        podLauncherService.launchAgentPod(agent);
 
         return ResponseEntity.ok(Map.of("status", "success"));
     }
diff --git a/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java b/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
index 84b23475..e08409a9 100644
--- a/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
+++ b/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
@@ -3,9 +3,11 @@
 import io.kubernetes.client.custom.IntOrString;
 import io.kubernetes.client.custom.Quantity;
 import io.kubernetes.client.openapi.ApiClient;
+import io.kubernetes.client.openapi.ApiException;
 import io.kubernetes.client.openapi.apis.CoreV1Api;
 import io.kubernetes.client.openapi.models.*;
 import io.kubernetes.client.util.Config;
+import io.sentrius.sso.core.dto.AgentRegistrationDTO;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -116,7 +118,7 @@ public void deleteAgentById(String agentId) throws Exception {
     }
 
 
-    public V1Pod launchAgentPod(String agentId, String callbackUrl) throws Exception {
+    public V1Pod launchAgentPod(AgentRegistrationDTO agent) throws Exception {
         var myAgentRegistry = "";
         if (agentRegistry != null ) {
             if ("local".equalsIgnoreCase(agentRegistry)) {
@@ -125,6 +127,22 @@ public V1Pod launchAgentPod(String agentId, String callbackUrl) throws Exception
                 myAgentRegistry += "/";
             }
         }
+        String agentId = agent.getAgentName();
+        String callbackUrl = agent.getAgentCallbackUrl();
+        String agentType = agent.getAgentType();
+        String agentFile= "chat-helper.yaml";
+        // TODO This should be pluggable
+        switch(agentType){
+            case "chat":
+                agentFile = "chat-helper.yaml";
+                break;
+            case "atpl-helper":
+                agentFile = "chat-atpl-helper.yaml";
+                break;
+            case "default":
+            default:
+                agentFile = "chat-helper.yaml";
+        }
 
         var constructedCallbackUrl = buildAgentCallbackUrl(agentId);
 
@@ -142,7 +160,8 @@ public V1Pod launchAgentPod(String agentId, String callbackUrl) throws Exception
                     .imagePullPolicy("IfNotPresent")
 
                     .args(List.of("--spring.config.location=file:/config/agent.properties",
-                        "--agent.namePrefix=" + agentId, "--agent.ai.config=/config/chat-helper.yaml", "--agent.listen.websocket=true",
+                        "--agent.namePrefix=" + agentId, "--agent.ai.config=/config/" + agentFile, "--agent.listen" +
+                            ".websocket=true",
                         "--agent.callback.url=" + constructedCallbackUrl
                         ))
                     .resources(new V1ResourceRequirements()
@@ -169,24 +188,34 @@ public V1Pod launchAgentPod(String agentId, String callbackUrl) throws Exception
 
         var createdPod = coreV1Api.createNamespacedPod(agentNamespace, pod).execute();
 
-        // Create corresponding service for WebSocket routing
-        V1Service service = new V1Service()
-            .metadata(new V1ObjectMeta()
-                .name("sentrius-agent-" + agentId)
-                .labels(Map.of("agentId", agentId)))
-            .spec(new V1ServiceSpec()
-                .selector(Map.of("agentId", agentId))
-                .ports(List.of(new V1ServicePort()
-                    .protocol("TCP")
-                    .port(8090)
-                    .targetPort(new IntOrString(8090))
-                ))
-                .type("ClusterIP")
-            );
-
-        log.info("Created service pod: {} and service {}", createdPod, service);
-        coreV1Api.createNamespacedService(agentNamespace, service).execute();
-
+        try {
+            // Create corresponding service for WebSocket routing
+            V1Service service = new V1Service()
+                .metadata(new V1ObjectMeta()
+                    .name("sentrius-agent-" + agentId)
+                    .labels(Map.of("agentId", agentId)))
+                .spec(new V1ServiceSpec()
+                    .selector(Map.of("agentId", agentId))
+                    .ports(List.of(new V1ServicePort()
+                        .protocol("TCP")
+                        .port(8090)
+                        .targetPort(new IntOrString(8090))
+                    ))
+                    .type("ClusterIP")
+                );
+
+            log.info("Created service pod: {} and service {}", createdPod, service);
+            coreV1Api.createNamespacedService(agentNamespace, service).execute();
+
+        }catch(ApiException e){
+            if (e.getCode() == 409){
+                log.info("Service for agent {} already exists, skipping creation", agentId);
+            }
+            else{
+                throw e;
+            }
+        }
         return createdPod;
     }
+
 }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/ChatAgent.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/ChatAgent.java
index d0580c93..6a2e87be 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/ChatAgent.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/ChatAgent.java
@@ -135,6 +135,14 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
             }
         }
 
+        try {
+            verbRegistry.scanEndpoints(agentExecution);
+        } catch (ZtatException e) {
+            throw new RuntimeException(e);
+        } catch (JsonProcessingException e) {
+            throw new RuntimeException(e);
+        }
+
         while(running) {
 
                 log.info("Agent Registered...");
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java
index 924cb95e..017e1856 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java
@@ -25,12 +25,17 @@ public PromptBuilder(VerbRegistry verbRegistry, AgentConfig agentConfig) {
         this.agentConfig = agentConfig;
     }
 
+    public String buildPrompt(){
+        return buildPrompt(true);
+    }
+
     /**
      * Builds a prompt string that includes roles, context, instructions, and available verbs.
      *
      * @return A formatted prompt string.
      */
-    public String buildPrompt() {
+    public String buildPrompt(boolean applyInstructions)
+    {
         StringBuilder prompt = new StringBuilder();
 
         // Append roles to the prompt
@@ -39,32 +44,34 @@ public String buildPrompt() {
         // Append context to the prompt
         prompt.append("Context: ").append(agentConfig.getContext()).append("\n\n");
 
-        // Append instructions for using the JSON format
-        prompt.append("Instructions: ").append("Respond using this JSON format. Only use verbs provided in " +
-            "Available Verbs. Formulate a complete plan with all possible steps.:\n" +
-            "\n" +
-            "{\n" +
-            "  \"plan\": [\n" +
-            "    {\n" +
-            "      \"verb\": \"list_open_terminals\",\n" +
-            "      \"params\": {}\n" +
-            "    },\n" +
-            "    {\n" +
-            "      \"verb\": \"send_terminal_command\",\n" +
-            "      \"params\": {}\n" +
-            "    }\n" +
-            "  ]\n" +
-            "}\n" );
+        if (applyInstructions) {
+            // Append instructions for using the JSON format
+            prompt.append("Instructions: ").append("Respond using this JSON format. Only use verbs provided in " +
+                "Available Verbs. Formulate a complete plan with all possible steps.:\n" +
+                "\n" +
+                "{\n" +
+                "  \"plan\": [\n" +
+                "    {\n" +
+                "      \"verb\": \"list_open_terminals\",\n" +
+                "      \"params\": {}\n" +
+                "    },\n" +
+                "    {\n" +
+                "      \"verb\": \"send_terminal_command\",\n" +
+                "      \"params\": {}\n" +
+                "    }\n" +
+                "  ]\n" +
+                "}\n");
 
-        // Append the list of available verbs
-        prompt.append("Available Verbs:\n");
+            // Append the list of available verbs
+            prompt.append("Available Verbs:\n");
 
-        // Iterate through the verbs in the registry and append their details
-        verbRegistry.getVerbs().forEach((name, verb) -> {
-            prompt.append("- ").append(name);
-            prompt.append(" (").append(buildMethodSignature(verb.getMethod())).append(") - ");
-            prompt.append(verb.getDescription()).append("\n");
-        });
+            // Iterate through the verbs in the registry and append their details
+            verbRegistry.getVerbs().forEach((name, verb) -> {
+                prompt.append("- ").append(name);
+                prompt.append(" (").append(buildMethodSignature(verb.getMethod())).append(") - ");
+                prompt.append(verb.getDescription()).append("\n");
+            });
+        }
 
         return prompt.toString();
     }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java
index f7ae840f..6c2c9fb7 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/RegisteredAgent.java
@@ -2,7 +2,6 @@
 
 import java.util.HashMap;
 import java.util.Map;
-import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import io.sentrius.agent.analysis.agents.verbs.AgentVerbs;
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java
index 4c6496c7..54426470 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java
@@ -1,5 +1,6 @@
 package io.sentrius.agent.analysis.agents.agents;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import io.github.classgraph.ClassGraph;
 import io.github.classgraph.ScanResult;
 import io.sentrius.sso.core.dto.capabilities.EndpointDescriptor;
@@ -10,6 +11,7 @@
 import io.sentrius.sso.core.model.verbs.OutputInterpreterIfc;
 import io.sentrius.sso.core.model.verbs.Verb;
 import io.sentrius.sso.core.model.verbs.VerbResponse;
+import io.sentrius.sso.core.services.agents.AgentClientService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.core.services.capabilities.EndpointScanningService;
 import lombok.RequiredArgsConstructor;
@@ -20,6 +22,7 @@
 
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -34,6 +37,8 @@ public class VerbRegistry {
     private final ApplicationContext applicationContext;
 
     private final ZeroTrustClientService zeroTrustClientService;
+
+    private final AgentClientService agentClientService;
     
     private final EndpointScanningService endpointScanningService;
 
@@ -42,6 +47,26 @@ public class VerbRegistry {
 
     private final AgentEndpointDiscoveryService agentEndpointDiscoveryService;
 
+    private List<EndpointDescriptor> endpoints = new ArrayList<>();
+
+    public void scanEndpoints(AgentExecution execution) throws ZtatException, JsonProcessingException {
+        synchronized (this) {
+            var endpoints = agentClientService.getAvailableEndpoints(execution);
+            log.info("Scanning endpoints for verbs...");
+            var verbs = agentClientService.getAvailableVerbs(execution);
+
+            endpoints.forEach(x -> {
+                log.info("Discovered endpoint: {}", x);
+            });
+
+            this.endpoints.addAll(endpoints);
+
+            verbs.forEach(x -> {
+                log.info("Discovered verb: {}", x);
+            });
+        }
+    }
+
     public void scanClasspath() {
         // Scan the classpath for classes with the @Verb annotation
         synchronized (this) {
@@ -83,6 +108,7 @@ public void scanClasspath() {
                     }
                 });
             }
+
         }
     }
 
@@ -173,6 +199,10 @@ public VerbResponse execute(AgentExecution agentExecution, VerbResponse priorRes
         }
     }
 
+    public List<EndpointDescriptor> getEndpoints() {
+        return endpoints;
+    }
+
     public Map<String, AgentVerb> getVerbs() {
         return new HashMap<>(verbs);
     }
@@ -202,4 +232,5 @@ public List<EndpointDescriptor> getAiCallableVerbDescriptors() {
                 })
                 .collect(Collectors.toList());
     }
+
 }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
index d8224979..0e85d24d 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
@@ -78,13 +78,15 @@ public class AgentVerbs {
      * @param verbRegistry The registry containing available verbs and their metadata.
      * @throws JsonProcessingException If there is an error processing JSON during initialization.
      */
-    public AgentVerbs(ZeroTrustClientService zeroTrustClientService, LLMService llmService, VerbRegistry verbRegistry,
+    public AgentVerbs( @Value("${agent.ai.config}") String agentConfigFile,
+                       ZeroTrustClientService zeroTrustClientService, LLMService llmService, VerbRegistry verbRegistry,
                       AgentClientService agentService
     ) throws JsonProcessingException {
         this.zeroTrustClientService = zeroTrustClientService;
         this.llmService = llmService;
         this.verbRegistry = verbRegistry;
         this.agentClientService = agentService;
+        this.agentConfigFile = agentConfigFile;
 
         log.info("Loading agent config from {}", agentConfigFile);
     }
@@ -280,7 +282,7 @@ public String justifyAgent(AgentExecution execution, ZtatRequestDTO ztatRequest,
     public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objectList) throws ZtatException, IOException {
         InputStream is = getClass().getClassLoader().getResourceAsStream(agentConfigFile);
         if (is == null) {
-            throw new RuntimeException("assessor-config.yaml not found on classpath");
+            throw new RuntimeException("agentConfigFile not found on classpath");
         }
         AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
 
@@ -288,15 +290,54 @@ public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objec
 
         List<AssessedTerminal> responses = new ArrayList<>();
         log.info("Object list is {}", objectList);
-        for (var obj : objectList) {
+        if (null != objectList) {
+            for (var obj : objectList) {
+                List<Message> messages = new ArrayList<>();
+                var context = config.getContext();
+
+                var userMessage =Message.builder().role("user").content(obj.toString()).build();
+                execution.addMessages(userMessage);
+                messages.add(userMessage);
+
+
+
+                LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+
+                var resp = llmService.askQuestion(execution, chatRequest);
+                Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
+                log.info("Response is {}", resp);
+                for (Response.Choice choice : response.getChoices()) {
+                    var content = choice.getMessage().getContent();
+                    if (content.startsWith("```json")) {
+                        content = content.substring(7, content.length() - 3);
+                    }
+
+
+                    responses.add(AssessedTerminal.builder().assessment(JsonUtil.MAPPER.readValue(
+                        content,
+                        Assessment.class
+                    )).messages(messages).build());
+                    log.info("content is {}", content);
+                }
+                log.info("Object is {}", obj);
+            }
+        }else {
             List<Message> messages = new ArrayList<>();
             var context = config.getContext();
 
-            messages.add(Message.builder().role("user").content(obj.toString()).build());
-            messages.add(Message.builder().role("system").content(context).build());
+
+            messages.addAll( execution.getMessages());
+
+            var assistantMessage =
+                Message.builder().role("assistant").content("Assess the previous data, but respond with the " +
+                    "following format { \"assessment\"{ sessionId, risk, description} } where description is your " +
+                    "assessment, sessionId is a random UUID or a previously found sessionId, and risk is a measure of" +
+                    " low, medium, and high of the previous data" ).build();
+            execution.addMessages(assistantMessage);
+
 
             LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
-            execution.addMessages( messages );
+            execution.addMessages(messages);
             var resp = llmService.askQuestion(execution, chatRequest);
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
             log.info("Response is {}", resp);
@@ -307,11 +348,12 @@ public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objec
                 }
 
 
-                responses.add(AssessedTerminal.builder().assessment(JsonUtil.MAPPER.readValue(content,
-                    Assessment.class)).messages(messages).build());
+                responses.add(AssessedTerminal.builder().assessment(JsonUtil.MAPPER.readValue(
+                    content,
+                    Assessment.class
+                )).messages(messages).build());
                 log.info("content is {}", content);
             }
-            log.info("Object is {}", obj);
         }
         return responses;
     }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
new file mode 100644
index 00000000..6dd4b758
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
@@ -0,0 +1,75 @@
+package io.sentrius.agent.analysis.agents.verbs;
+
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.google.common.collect.Maps;
+import io.sentrius.agent.analysis.agents.interpreters.AsessmentListInterpreter;
+import io.sentrius.agent.analysis.agents.interpreters.TerminalListInterpreter;
+import io.sentrius.agent.analysis.agents.interpreters.TerminalOutputInterpreter;
+import io.sentrius.agent.analysis.model.AssessedTerminal;
+import io.sentrius.sso.core.dto.HostSystemDTO;
+import io.sentrius.sso.core.dto.ztat.AgentExecution;
+import io.sentrius.sso.core.dto.ztat.TokenDTO;
+import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
+import io.sentrius.sso.core.exceptions.ZtatException;
+import io.sentrius.sso.core.model.verbs.DefaultInterpreter;
+import io.sentrius.sso.core.model.verbs.Verb;
+import io.sentrius.sso.core.services.agents.LLMService;
+import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
+import io.sentrius.sso.core.utils.JsonUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+/**
+ * The `TerminalVerbs` class provides methods to interact with terminal-related operations.
+ * It includes functionality to list open terminals and fetch terminal logs.
+ */
+@Slf4j
+@Service
+public class AtplVerbs {
+
+    final ZeroTrustClientService zeroTrustClientService;
+    final LLMService llmService;
+    final AgentVerbs agentVerbs;
+
+    /**
+     * Constructs a `TerminalVerbs` instance with the required services.
+     *
+     * @param zeroTrustClientService The service for interacting with Zero Trust APIs.
+     * @param llmService The service for interacting with the LLM (Large Language Model).
+     */
+    public AtplVerbs(ZeroTrustClientService zeroTrustClientService, LLMService llmService, AgentVerbs agentVerbs) {
+        this.zeroTrustClientService = zeroTrustClientService;
+        this.llmService = llmService;
+        this.agentVerbs = agentVerbs;
+    }
+
+    /**
+     * Retrieves a list of currently open terminals.
+     *
+     * @param args A map of arguments for the operation (currently unused).
+     * @return An `ArrayNode` containing the list of open terminals.
+     * @throws io.sentrius.sso.core.exceptions.ZtatException If there is an error during the operation.
+     */
+    @Verb(name = "save_policy", description = "Saves an ATPL policy.",
+        outputInterpreter = DefaultInterpreter.class, requiresTokenManagement = true)
+    public ArrayNode savePolicy(TokenDTO token, Map<String, Object> args) throws ZtatException {
+        try {
+            String response = zeroTrustClientService.callGetOnApi(token, "/ssh/terminal/list/all");
+            if (response == null) {
+                throw new RuntimeException("Failed to retrieve terminal list");
+            }
+            log.info("Terminal list response: {}", response);
+            return (ArrayNode) JsonUtil.MAPPER.readTree(response);
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to retrieve terminal list", e);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
index 369515d4..9a0d5413 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
@@ -7,9 +7,11 @@
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import io.sentrius.agent.analysis.agents.agents.AgentConfig;
 import io.sentrius.agent.analysis.agents.agents.AgentVerb;
@@ -78,17 +80,31 @@ public TerminalResponse interpretUserData(
 
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
-            var prompt = promptBuilder.buildPrompt();
+            var prompt = promptBuilder.buildPrompt(false
+            );
             List<Message> messages = new ArrayList<>();
 
             messages.add(Message.builder().role("system").content(prompt).build());
+            var endpoints = verbRegistry.getEndpoints();
+            ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
+            for (var verb : endpoints) {
+                ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
+                endpoint.put("name", verb.getName());
+                
+                endpoint.put("endpoint", verb.getPath());
+                endpointArray.add(endpoint);
+            }
+            messages.add(Message.builder().role("system").content("These are a list of available endpoints, " +
+                "description," +
+                " their " +
+                "name:" + endpointArray).build());
             messages.add(Message.builder().role("system").content("Please ensure your nextOperation abides by the " +
                 "following json format and leave it empty if user's request doesn't require explicit use of system " +
                 "operations" +
                 ". Please summarize prior terminal " +
                 "sessions, using " +
                 "terminal output if needed " +
-                "for clarity of the next LLM request and for the user: " + terminalResponse).build());
+                "for clarity of the next LLM request and for the user. Ensure your response meets this json format: " + terminalResponse).build());
             messages.add(Message.builder().role("user").content(userMessage.getContent()).build());
             LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
@@ -104,35 +120,21 @@ public TerminalResponse interpretUserData(
                 }
                 log.info("content is {}", content);
                 if (null != content && !content.isEmpty()) {
-                    var newResponse =   JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(content,
-                        TerminalResponse.class);
-                    return newResponse;
+                    try {
+                        var newResponse = JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(
+                            content,
+                            TerminalResponse.class
+                        );
+                        return newResponse;
+                    }catch (JsonParseException e) {
+                        log.error("Failed to parse terminal response: {}", e.getMessage());
+                        return TerminalResponse.builder().responseForUser(content).terminalSummaryForLLM(lastMessage.getTerminalSummaryForLLM()).build();
+                    }
                 }
             }
         } else {
             InputStream terminalHelperStream = getClass().getClassLoader().getResourceAsStream("terminal-helper.json");
             if (terminalHelperStream == null) {
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                 throw new RuntimeException("assessor-config.yaml not found on classpath");
 
             }
@@ -145,13 +147,26 @@ public TerminalResponse interpretUserData(
 
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
-            var prompt = promptBuilder.buildPrompt();
+            var prompt = promptBuilder.buildPrompt(false);
             List<Message> messages = new ArrayList<>();
 
             messages.add(Message.builder().role("system").content(prompt).build());
+            var endpoints = verbRegistry.getEndpoints();
+            ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
+            for (var verb : endpoints) {
+                ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
+                endpoint.put("name", verb.getName());
+                
+                endpoint.put("endpoint", verb.getPath());
+                endpointArray.add(endpoint);
+            }
+            messages.add(Message.builder().role("system").content("These are a list of available endpoints, " +
+                "description," +
+                " their " +
+                "name:" + endpointArray).build());
             messages.add(Message.builder().role("system").content("Please ensure your nextOperation abide by the " +
                 "following json format. Please summarize prior terminal sessions, using terminal output if needed " +
-                "for clarity of the next LLM request and for the user: " + terminalResponse).build());
+                "for clarity of the next LLM request and for the user. Ensure your response meets this json format:  " + terminalResponse).build());
             messages.add(Message.builder().role("assistant").content("prior response: " + lastMessage.getTerminalSummaryForLLM()).build());
             messages.add(Message.builder().role("user").content(userMessage.getContent()).build());
 
@@ -169,9 +184,17 @@ public TerminalResponse interpretUserData(
                 }
                 log.info("content is {}", content);
                 if (null != content && !content.isEmpty()) {
-                    var newResponse =   JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(content,
-                        TerminalResponse.class);
-                    return newResponse;
+                    try {
+                        var newResponse = JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(
+                            content,
+                            TerminalResponse.class
+                        );
+                        return newResponse;
+                    }catch (JsonParseException e) {
+                        log.error("Failed to parse terminal response: {}", e.getMessage());
+                        return TerminalResponse.builder().responseForUser(content).terminalSummaryForLLM(lastMessage.getTerminalSummaryForLLM()).build();
+                    }
+
                 }
             }
         }
@@ -204,10 +227,23 @@ public TerminalResponse interpret_plan_response(
 
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
-            var prompt = promptBuilder.buildPrompt();
+            var prompt = promptBuilder.buildPrompt(false);
             List<Message> messages = new ArrayList<>();
 
             messages.add(Message.builder().role("system").content(prompt).build());
+            var endpoints = verbRegistry.getEndpoints();
+            ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
+            for (var verb : endpoints) {
+                ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
+                endpoint.put("name", verb.getName());
+                
+                endpoint.put("endpoint", verb.getPath());
+                endpointArray.add(endpoint);
+            }
+            messages.add(Message.builder().role("system").content("These are a list of available endpoints, " +
+                "description," +
+                " their " +
+                    "name:" + endpointArray).build());
             messages.add(Message.builder().role("system").content("You have executed verbs for the previous user " +
                 "messages. Please generate a user response that summarizes the last message.").build());
             if (null != agentVerb ){
diff --git a/analytics/src/main/java/io/sentrius/agent/config/SecurityConfig.java b/analytics/src/main/java/io/sentrius/agent/config/SecurityConfig.java
index f42d2155..c6ef7f12 100644
--- a/analytics/src/main/java/io/sentrius/agent/config/SecurityConfig.java
+++ b/analytics/src/main/java/io/sentrius/agent/config/SecurityConfig.java
@@ -73,9 +73,9 @@ public JwtAuthenticationConverter jwtAuthenticationConverterForKeycloak() {
         log.info("**** Initializing JwtAuthenticationConverter");
 
         converter.setJwtGrantedAuthoritiesConverter(jwt -> {
-            log.info("**** Jwt Authentication Converter invoked");
+
             Collection<GrantedAuthority> authorities = new JwtGrantedAuthoritiesConverter().convert(jwt);
-            log.info("JWT Claims: {}", jwt.getClaims());
+
 
             String userId = jwt.getClaimAsString("sub");
             String username = jwt.getClaimAsString("preferred_username");
diff --git a/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java b/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java
index 843482f0..bef57d79 100644
--- a/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java
+++ b/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java
@@ -78,9 +78,7 @@ public JwtAuthenticationConverter jwtAuthenticationConverterForKeycloak() {
         log.info("**** Initializing JwtAuthenticationConverter");
 
         converter.setJwtGrantedAuthoritiesConverter(jwt -> {
-            log.info("**** Jwt Authentication Converter invoked");
             Collection<GrantedAuthority> authorities = new JwtGrantedAuthoritiesConverter().convert(jwt);
-            log.info("JWT Claims: {}", jwt.getClaims());
 
             String userId = jwt.getClaimAsString("sub");
             String username = jwt.getClaimAsString("preferred_username");
diff --git a/api/src/main/resources/static/js/chat.js b/api/src/main/resources/static/js/chat.js
index 64ca585c..aa47e530 100644
--- a/api/src/main/resources/static/js/chat.js
+++ b/api/src/main/resources/static/js/chat.js
@@ -3,18 +3,20 @@
 // =========================
 const chatSessions = new Map(); // key: agentId, value: ChatSession
 
-window.addEventListener("beforeunload", persistChatSessions);
+//window.addEventListener("beforeunload", persistChatSessions);
 
 // Restore on page load
-(function restoreSessions() {
+(function restoreSesions() {
     const saved = localStorage.getItem("openChats");
     if (!saved) return;
 
-    const chatData = JSON.parse(saved);
+    /*const chatData = JSON.parse(saved);
     for (const [agentId, data] of Object.entries(chatData)) {
         const session = new ChatSession(data.agentName, data.agentId, data.sessionId, data.agentHost, data.messages);
         chatSessions.set(agentId, session);
     }
+    */
+
 })();
 
 // =========================
@@ -281,11 +283,10 @@ export function switchToAgent(agentName,agentId, sessionId, agentHost) {
 }
 
 export function sendMessage(event) {
+
+    if (event && event.key && event.key !== 'Enter') return;
+
     console.log("Send message event:", event);
-    if (event.key !== "Enter"){
-        console.log("Key pressed is not Enter, ignoring.");
-        return;
-    }
 
     const input = document.getElementById("chat-input");
     const messageText = input.value.trim();
@@ -384,4 +385,7 @@ export async function fetchAvailableAgents() {
 }
 
 window.sendMessage = sendMessage;
-window.toggleChat = toggleChat;
\ No newline at end of file
+window.toggleChat = toggleChat;
+window.fetchAvailableAgents = fetchAvailableAgents;
+window.chatSessions = chatSessions;
+window.ChatSession = ChatSession;
\ No newline at end of file
diff --git a/api/src/main/resources/templates/sso/atpl/chat.html b/api/src/main/resources/templates/sso/atpl/chat.html
index e7842d51..f9ba1821 100644
--- a/api/src/main/resources/templates/sso/atpl/chat.html
+++ b/api/src/main/resources/templates/sso/atpl/chat.html
@@ -3,6 +3,8 @@
 <head>
     <meta th:replace="~{fragments/header}">
     <title>[[${systemOptions.systemLogoName}]] - ATPL Chat Configuration</title>
+    <script th:src="@{/node/js/google-protobuf/google-protobuf.js}"></script>
+    <script th:src="@{/js/bundled_session_pb.js}"></script>
     <style>
         .chat-container {
             max-width: 1200px;
@@ -46,6 +48,7 @@
             flex-direction: column;
             gap: 15px;
         }
+
         
         .message {
             max-width: 70%;
@@ -250,11 +253,48 @@
         @keyframes spin {
             to { transform: rotate(360deg); }
         }
+
+        .chat-message {
+            margin-bottom: 12px;
+            padding: 12px 16px;
+            border-radius: 12px;
+            max-width: 85%;
+            word-wrap: break-word;
+            animation: fadeInUp 0.3s ease;
+        }
+
+        .chat-message.user {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            margin-left: auto;
+            border-bottom-right-radius: 4px;
+        }
+
+        .chat-message.agent {
+            background: linear-gradient(135deg, #404040 0%, #505050 100%);
+            color: #ffffff;
+            margin-right: auto;
+            border-bottom-left-radius: 4px;
+        }
+
+        .chat-message strong {
+            display: block;
+            font-size: 12px;
+            opacity: 0.8;
+            margin-bottom: 4px;
+            font-weight: 500;
+        }
+
+        .chat-message-content {
+            font-size: 14px;
+            line-height: 1.4;
+        }
     </style>
 </head>
 <body>
 <div class="container-fluid">
     <div class="row flex-nowrap">
+        <input type="hidden" id="csrf-token" th:value="${_csrf.token}" />
         <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
         <div class="col py-4">
             <div class="main-content">
@@ -266,14 +306,14 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                     <p>Let me help you create a comprehensive Agent Trust Policy Language configuration</p>
                 </div>
                 
-                <div class="chat-messages" id="chatMessages">
+                <div class="chat-messages" id="chat-messages">
                     <div class="message system">
                         <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an ATPL policy. 
                         What kind of agent are you looking to configure?
                     </div>
                 </div>
                 
-                <div class="chat-input-container">
+                <div class="chat-input-container" id="chat-container">
                     <div class="quick-actions">
                         <button class="quick-action" onclick="sendQuickMessage('I want to create a new ATPL policy')">
                             <i class="fas fa-plus"></i> New Policy
@@ -290,10 +330,10 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                     </div>
                     
                     <div class="d-flex w-100 gap-2">
-                        <input type="text" class="chat-input" id="chatInput" 
+                        <input type="text" class="chat-input" id="chat-input"
                                placeholder="Describe what your agent needs to do..." 
                                onkeypress="handleKeyPress(event)">
-                        <button class="send-button" id="sendButton" onclick="sendMessage()">
+                        <button class="send-button" id="sendButton" onclick="sendChatMessage()">
                             <i class="fas fa-paper-plane"></i> Send
                         </button>
                     </div>
@@ -319,66 +359,105 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
     </div>
 </div>
 
-    <script>
-        let sessionId = 'atpl-chat-' + Date.now();
+    <script type="module">
+        import * as Chat from '/js/chat.js';
+        let sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
         let conversationHistory = [];
-        
-        async function sendMessage() {
-            const input = document.getElementById('chatInput');
-            const message = input.value.trim();
-            
-            if (!message) return;
-            
-            // Add user message to chat
-            addMessage(message, 'user');
-            input.value = '';
-            
-            // Show typing indicator
-            showTypingIndicator();
-            
-            try {
-                const response = await fetch('/api/v1/atpl/chat/message', {
-                    method: 'POST',
-                    headers: {
-                        'Content-Type': 'application/json',
-                        'X-CSRF-TOKEN': document.querySelector('meta[name="_csrf"]').getAttribute('content')
-                    },
-                    body: JSON.stringify({
-                        sessionId: sessionId,
-                        message: message
-                    })
-                });
-                
-                const data = await response.json();
-                
-                if (data.error) {
-                    addMessage('Sorry, I encountered an error: ' + data.error, 'assistant');
-                } else {
-                    const assistantMessage = data.response || 'I received your message and I\'m processing it.';
-                    addMessage(assistantMessage, 'assistant');
-                    
-                    // Add relevant action buttons based on context
-                    addContextualActions(message);
+        let availableAgent = null;
+        const csrfToken = document.getElementById("csrf-token").value;
+        (async function ensureATPLAgent() {
+            let availableAgent = null;
+            const csrfToken = document.getElementById("csrf-token").value;
+
+            // Initial check
+            const agents = await Chat.fetchAvailableAgents().catch(err => {
+                console.error("Initial agent fetch failed:", err);
+                return [];
+            });
+
+            availableAgent = agents.find(agent =>
+                agent.agentName && agent.agentName.includes("atpl-helper")
+            );
+
+            if (!availableAgent) {
+                // Launch the agent if not found
+                let formJson = {
+                    "agentName": "atpl-helper",
+                    "agentType": "atpl-helper"
+                };
+
+                try {
+                    const response = await fetch('/api/v1/agent/bootstrap/launcher/create', {
+                        method: 'POST',
+                        headers: {
+                            'Content-Type': 'application/json',
+                            "X-CSRF-TOKEN": csrfToken
+                        },
+                        body: JSON.stringify(formJson)
+                    });
+
+                    if (!response.ok) {
+                        throw new Error("Agent creation failed with status " + response.status);
+                    }
+
+                    await response.json();
+
+                    // Wait briefly to give agent time to register
+                    await new Promise(resolve => setTimeout(resolve, 2000)); // adjust as needed
+
+                    const agentsAfterCreate = await Chat.fetchAvailableAgents();
+                    availableAgent = agentsAfterCreate.find(agent =>
+                        agent.agentName && agent.agentName.includes("atpl-helper")
+                    );
+
+                    if (!availableAgent) {
+                        $("#alertTopError").text("Agent not available yet").show().delay(3000).fadeOut();
+                    } else {
+                        $("#alertTop").hide();
+                        console.log("Agent created and available:", availableAgent);
+                    }
+
+                } catch (err) {
+                    console.error("Error during agent creation or follow-up fetch:", err);
+                    $("#alertTop").hide();
+                    $("#alertTopError").text("Agent not created").show().delay(3000).fadeOut();
                 }
-                
-            } catch (error) {
-                console.error('Error sending message:', error);
-                addMessage('Sorry, I\'m having trouble connecting right now. Please try again.', 'assistant');
+            } else {
+                console.log("ATPL helper agent already available:", availableAgent);
             }
-            
-            hideTypingIndicator();
-        }
+
+            if (availableAgent) {
+                const container = document.getElementById("chat-container");
+                container.dataset.agentId = availableAgent.agentId;
+                container.dataset.agentName = availableAgent.agentName;
+                container.dataset.agentHost = availableAgent.agentCallback;
+
+                let session = chatSessions.get(availableAgent.agentId);
+                if (!session) {
+                    console.log("New session creating:");
+                    session = new ChatSession(availableAgent.agentName, availableAgent.agentId, sessionId,
+                        availableAgent.agentCallback);
+                    session.connect().then(() => {
+                        console.log("Connected to chat server");
+                    });
+                    console.log("New session created:", session);
+
+                    chatSessions.set(availableAgent.agentId, session);
+                }
+            }
+        })();
+
         
         function sendQuickMessage(message) {
-            document.getElementById('chatInput').value = message;
+            document.getElementById('chat-input').value = message;
             sendMessage();
         }
-        
+
         function addMessage(text, type) {
-            const messagesContainer = document.getElementById('chatMessages');
+            const messagesContainer = document.getElementById('chat-messages');
             const messageDiv = document.createElement('div');
             messageDiv.className = `message ${type}`;
-            
+
             if (type === 'user') {
                 messageDiv.innerHTML = `<i class="fas fa-user"></i> ${text}`;
             } else if (type === 'assistant') {
@@ -386,21 +465,21 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
             } else {
                 messageDiv.innerHTML = text;
             }
-            
+
             messagesContainer.appendChild(messageDiv);
             messagesContainer.scrollTop = messagesContainer.scrollHeight;
-            
+
             // Store in conversation history
             conversationHistory.push({type: type, message: text, timestamp: new Date()});
         }
-        
+
         function addContextualActions(userMessage) {
-            const messagesContainer = document.getElementById('chatMessages');
+            const messagesContainer = document.getElementById('chat-messages');
             const actionsDiv = document.createElement('div');
             actionsDiv.className = 'action-buttons';
-            
+
             const lowerMessage = userMessage.toLowerCase();
-            
+
             if (lowerMessage.includes('endpoint')) {
                 actionsDiv.innerHTML += `
                     <button class="action-button" onclick="sendQuickMessage('I need read-only access to /api/v1/data')">
@@ -411,7 +490,7 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                     </button>
                 `;
             }
-            
+
             if (lowerMessage.includes('command')) {
                 actionsDiv.innerHTML += `
                     <button class="action-button" onclick="sendQuickMessage('I need basic file operations like ls, cat, grep')">
@@ -422,35 +501,41 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                     </button>
                 `;
             }
-            
+
             if (actionsDiv.innerHTML) {
                 messagesContainer.appendChild(actionsDiv);
                 messagesContainer.scrollTop = messagesContainer.scrollHeight;
             }
         }
-        
+
         function showTypingIndicator() {
             document.getElementById('typingIndicator').classList.add('active');
             document.getElementById('sendButton').disabled = true;
         }
-        
+
         function hideTypingIndicator() {
             document.getElementById('typingIndicator').classList.remove('active');
             document.getElementById('sendButton').disabled = false;
         }
-        
+
         function handleKeyPress(event) {
             if (event.key === 'Enter') {
-                sendMessage();
+                Chat.sendMessage(event);
             }
         }
-        
+
+        window.handleKeyPress = handleKeyPress;
+
+        window.sendChatMessage = function() {
+            Chat.sendMessage(null);
+        }
+
         async function generatePolicy() {
             if (conversationHistory.length === 0) {
                 alert('Please have a conversation first to generate a policy.');
                 return;
             }
-            
+
             try {
                 const response = await fetch('/api/v1/atpl/chat/generate-policy', {
                     method: 'POST',
@@ -462,16 +547,16 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                         sessionId: sessionId
                     })
                 });
-                
+
                 const data = await response.json();
-                
+
                 if (data.error) {
                     addMessage('Error generating policy: ' + data.error, 'assistant');
                 } else {
                     addMessage('Here\'s your generated ATPL policy:', 'assistant');
-                    
+
                     // Add policy preview
-                    const messagesContainer = document.getElementById('chatMessages');
+                    const messagesContainer = document.getElementById('chat-messages');
                     const policyDiv = document.createElement('div');
                     policyDiv.className = 'policy-preview';
                     policyDiv.innerHTML = `
@@ -488,42 +573,47 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                     messagesContainer.appendChild(policyDiv);
                     messagesContainer.scrollTop = messagesContainer.scrollHeight;
                 }
-                
+
             } catch (error) {
                 console.error('Error generating policy:', error);
                 addMessage('Sorry, I couldn\'t generate the policy right now.', 'assistant');
             }
         }
-        
+
         function clearChat() {
-            document.getElementById('chatMessages').innerHTML = `
+            document.getElementById('chat-messages').innerHTML = `
                 <div class="message system">
-                    <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an ATPL policy. 
+                    <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an ATPL policy.
                     What kind of agent are you looking to configure?
                 </div>
             `;
             conversationHistory = [];
-            sessionId = 'atpl-chat-' + Date.now();
+            sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
         }
-        
+
+        window.clearChat = clearChat;
+
         function exportChat() {
             const chatData = {
                 sessionId: sessionId,
                 timestamp: new Date().toISOString(),
                 conversation: conversationHistory
             };
-            
+
             const dataStr = JSON.stringify(chatData, null, 2);
             const dataUri = 'data:application/json;charset=utf-8,'+ encodeURIComponent(dataStr);
-            
+
             const exportFileDefaultName = 'atpl-chat-' + new Date().toISOString().split('T')[0] + '.json';
-            
+
             const linkElement = document.createElement('a');
             linkElement.setAttribute('href', dataUri);
             linkElement.setAttribute('download', exportFileDefaultName);
             linkElement.click();
         }
-        
+
+
+        window.exportChat = exportChat;
+
         function copyToClipboard(text) {
             navigator.clipboard.writeText(text).then(() => {
                 alert('Policy copied to clipboard!');
@@ -531,27 +621,31 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                 console.error('Failed to copy: ', err);
             });
         }
-        
+
+        window.copyToClipboard = copyToClipboard;
+
         function savePolicy(policyJson) {
             // This would redirect to the regular ATPL configuration page with the policy pre-filled
             const form = document.createElement('form');
             form.method = 'POST';
             form.action = '/sso/v1/atpl/save';
-            
+
             const input = document.createElement('input');
             input.type = 'hidden';
             input.name = 'policy';
             input.value = policyJson;
-            
+
             form.appendChild(input);
             document.body.appendChild(form);
             form.submit();
         }
-        
+
         // Initialize focus on input
         document.addEventListener('DOMContentLoaded', function() {
-            document.getElementById('chatInput').focus();
+            document.getElementById('chat-input').focus();
         });
+
+        window.savePolicy = savePolicy;
     </script>
 </body>
 </html>
\ No newline at end of file
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/capabilities/AccessLimitations.java b/core/src/main/java/io/sentrius/sso/core/dto/capabilities/AccessLimitations.java
index b65789f5..02452eb0 100644
--- a/core/src/main/java/io/sentrius/sso/core/dto/capabilities/AccessLimitations.java
+++ b/core/src/main/java/io/sentrius/sso/core/dto/capabilities/AccessLimitations.java
@@ -8,9 +8,11 @@
 import io.sentrius.sso.core.model.security.enums.SystemOperationsEnum;
 import io.sentrius.sso.core.model.security.enums.UserAccessEnum;
 import io.sentrius.sso.core.model.security.enums.ZeroTrustAccessTokenEnum;
+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;
 
 /**
@@ -20,6 +22,8 @@
 @Data
 @Getter
 @Setter
+@NoArgsConstructor
+@AllArgsConstructor
 public class AccessLimitations {
     private String notificationMessage;
     private IdentityType[] allowedIdentityTypes;
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/capabilities/EndpointDescriptor.java b/core/src/main/java/io/sentrius/sso/core/dto/capabilities/EndpointDescriptor.java
index c9813088..cf6fec30 100644
--- a/core/src/main/java/io/sentrius/sso/core/dto/capabilities/EndpointDescriptor.java
+++ b/core/src/main/java/io/sentrius/sso/core/dto/capabilities/EndpointDescriptor.java
@@ -2,10 +2,13 @@
 
 import java.util.List;
 import java.util.Map;
+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.ToString;
 
 /**
  * Represents a unified descriptor for both REST API endpoints and Verb methods.
@@ -15,6 +18,9 @@
 @Data
 @Getter
 @Setter
+@ToString
+@NoArgsConstructor
+@AllArgsConstructor
 public class EndpointDescriptor {
     private String name;
     private String description;
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/capabilities/ParameterDescriptor.java b/core/src/main/java/io/sentrius/sso/core/dto/capabilities/ParameterDescriptor.java
index a108a1d1..c90df220 100644
--- a/core/src/main/java/io/sentrius/sso/core/dto/capabilities/ParameterDescriptor.java
+++ b/core/src/main/java/io/sentrius/sso/core/dto/capabilities/ParameterDescriptor.java
@@ -1,8 +1,10 @@
 package io.sentrius.sso.core.dto.capabilities;
 
+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;
 
 /**
@@ -12,10 +14,12 @@
 @Data
 @Getter
 @Setter
+@NoArgsConstructor
+@AllArgsConstructor
 public class ParameterDescriptor {
     private String name;
     private String description;
-    private Class<?> type;
+    private String type;
     private boolean required;
     private Object defaultValue;
     private String source; // "PATH", "QUERY", "BODY", "HEADER", "METHOD_PARAM"
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/ztat/AgentExecution.java b/core/src/main/java/io/sentrius/sso/core/dto/ztat/AgentExecution.java
index 5e01c3df..81789c1b 100644
--- a/core/src/main/java/io/sentrius/sso/core/dto/ztat/AgentExecution.java
+++ b/core/src/main/java/io/sentrius/sso/core/dto/ztat/AgentExecution.java
@@ -30,4 +30,9 @@ public void addMessages(List<Message> messages) {
         this.messages.addAll(messages);
 
     }
+
+    public void addMessages(Message message) {
+        this.messages.add(message);
+
+    }
 }
diff --git a/core/src/main/java/io/sentrius/sso/core/model/verbs/ListInterpreter.java b/core/src/main/java/io/sentrius/sso/core/model/verbs/ListInterpreter.java
index 050784ac..61ff0263 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/verbs/ListInterpreter.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/verbs/ListInterpreter.java
@@ -20,7 +20,7 @@ public List<T> interpret(Map<String, Object> input) throws Exception {
             TypeReference<List<T>> typeRef = new TypeReference<>() {};
             return JsonUtil.convertArrayNodeToList(node,typeRef);
         } else {
-            throw new IllegalArgumentException("Invalid input type " + input.get("verb.response.type"));
+            return null;
         }
 
     }
@@ -30,13 +30,13 @@ private List<T> interpretList(Map<String, Object> input) {
 
         var field = input.get("verb.response.map.key");
         if (field == null) {
-            throw new IllegalArgumentException("Input response does not contain required fields");
+            return null;
         }
 
         var object = input.get(field);
         if (object instanceof List){
             return (List<T>) object;
         }
-        throw new IllegalArgumentException("Input response does not contain required fields");
+        return null;
     }
 }
diff --git a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
index 712dc624..8b1b55ea 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
@@ -11,6 +11,7 @@
 import io.sentrius.sso.core.dto.AgentCommunicationDTO;
 import io.sentrius.sso.core.dto.AgentHeartbeatDTO;
 import io.sentrius.sso.core.dto.AgentRegistrationDTO;
+import io.sentrius.sso.core.dto.capabilities.EndpointDescriptor;
 import io.sentrius.sso.core.dto.ztat.AgentExecution;
 import io.sentrius.sso.core.dto.ztat.AtatRequest;
 import io.sentrius.sso.core.dto.ztat.TokenDTO;
@@ -207,4 +208,32 @@ public String getCallbackUrl() {
         return callbackUrl;
     }
 
+    public List<EndpointDescriptor> getAvailableEndpoints(TokenDTO token) throws ZtatException, JsonProcessingException {
+        String url = "/api/v1/capabilities/endpoints";
+        Object response = zeroTrustClientService.callGetOnApi(token, url);
+        if (response instanceof String str) {
+            return JsonUtil.MAPPER.readValue(str, new TypeReference<List<EndpointDescriptor>>() {});
+        } else if (response instanceof List<?> list) {
+            // Already deserialized
+            return list.stream()
+                .map(item -> JsonUtil.MAPPER.convertValue(item, EndpointDescriptor.class))
+                .toList();
+        }
+        return List.of();
+    }
+
+    public List<EndpointDescriptor> getAvailableVerbs(TokenDTO token) throws ZtatException, JsonProcessingException {
+        String url = "/api/v1/capabilities/verbs";
+        Object response = zeroTrustClientService.callGetOnApi(token, url);
+        if (response instanceof String str) {
+            return JsonUtil.MAPPER.readValue(str, new TypeReference<List<EndpointDescriptor>>() {});
+        } else if (response instanceof List<?> list) {
+            // Already deserialized
+            return list.stream()
+                .map(item -> JsonUtil.MAPPER.convertValue(item, EndpointDescriptor.class))
+                .toList();
+        }
+        return List.of();
+    }
+
 }
diff --git a/core/src/main/java/io/sentrius/sso/core/services/capabilities/EndpointScanningService.java b/core/src/main/java/io/sentrius/sso/core/services/capabilities/EndpointScanningService.java
index 2ece69d2..00394ac6 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/capabilities/EndpointScanningService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/capabilities/EndpointScanningService.java
@@ -284,7 +284,7 @@ private List<ParameterDescriptor> extractRestParameters(Method method) {
 
             parameters.add(ParameterDescriptor.builder()
                     .name(name)
-                    .type(parameter.getType())
+                    .type(parameter.getType().getCanonicalName())
                     .required(required)
                     .source(source)
                     .build());
@@ -307,7 +307,7 @@ private List<ParameterDescriptor> extractVerbParameters(Method method, Verb verb
             parameters.add(ParameterDescriptor.builder()
                     .name(parameter.getName())
                     .description(description)
-                    .type(parameter.getType())
+                    .type(parameter.getType().getCanonicalName())
                     .required(true) // Assume required for verb parameters
                     .source("METHOD_PARAM")
                     .build());
diff --git a/core/src/main/java/io/sentrius/sso/core/services/security/JwtUtil.java b/core/src/main/java/io/sentrius/sso/core/services/security/JwtUtil.java
index dde006eb..b62b10f2 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/security/JwtUtil.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/security/JwtUtil.java
@@ -95,10 +95,7 @@ public static String extractKid(String jwt) {
                 jwt = jwt.substring(7);
             }
             String[] parts = jwt.split("\\.");
-            log.info("JWT parts: header={}, payload={}, signaturePresent={}",
-                parts.length > 0 ? parts[0] : "null",
-                parts.length > 1 ? parts[1] : "null",
-                parts.length == 3);
+
             if (parts.length != 3) {
                 throw new IllegalArgumentException("Invalid JWT token format");
             }
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java b/dataplane/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java
index 888d4cd9..a9a4dd6f 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java
@@ -70,16 +70,20 @@ public class AccessControlAspect {
         allowedEndpoints.add("/api/v1/zerotrust/accesstoken/status");
         allowedEndpoints.add("/api/v1/zerotrust/accesstoken/jwt/verify");
         allowedEndpoints.add("/api/v1/agent/bootstrap/register");
+        allowedEndpoints.add("/api/v1/capabilities/endpoints");
+        allowedEndpoints.add("/api/v1/capabilities/verbs");
     }
 
     Tracer tracer = GlobalOpenTelemetry.getTracer("io.sentrius.sso");
 
     private boolean isAllowedEndpoint(String endpoint) {
         for (String allowedEndpoint : allowedEndpoints) {
+            log.info("Checking if endpoint {} matches {}", endpoint, allowedEndpoint);
             if (endpoint.startsWith(allowedEndpoint)) {
                 return true;
             }
         }
+        log.info("Endpoint {} doesn't match", endpoint);
         return false;
     }
 
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentService.java
index ca397061..baf59342 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentService.java
@@ -44,6 +44,7 @@
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.client.RestTemplate;
 
 @Service
@@ -84,6 +85,7 @@ public AgentService(
         this.provenanceKafkaProducer = provenanceKafkaProducer;
     }
 
+    @Transactional
     public void recordHeartbeat(String agentId, String name, AgentHeartbeatDTO heartbeatDTO) {
         AgentHeartbeat heartbeat = repository.findByAgentId(agentId)
             .orElse(new AgentHeartbeat());
diff --git a/integration-proxy/src/main/java/io/sentrius/sso/controllers/api/OpenAIProxyController.java b/integration-proxy/src/main/java/io/sentrius/sso/controllers/api/OpenAIProxyController.java
index 4ee6dd07..0a83ee29 100644
--- a/integration-proxy/src/main/java/io/sentrius/sso/controllers/api/OpenAIProxyController.java
+++ b/integration-proxy/src/main/java/io/sentrius/sso/controllers/api/OpenAIProxyController.java
@@ -180,20 +180,35 @@ public ResponseEntity<?> chat(@RequestHeader("Authorization") String token,
 
 
         Span span = tracer.spanBuilder("AgentToAgentCommunication").startSpan();
+        int retries = 2;
         try (Scope scope = span.makeCurrent()) {
-            var resp = endpoint.sample(RawConversationRequest.builder().request(chatRequest).build());
-            span.setAttribute("communication.id", comm.get().getId().toString());
-            span.setAttribute("source.agent", operatingUser.getUsername());
-                span.setAttribute("target.agent", "SYSTEM");
-            span.setAttribute("message.type", "interpretation_request");
-            return ResponseEntity.ok(resp);
+                HttpException httpException = null;
+                do {
+                    try {
+                    var resp = endpoint.sample(RawConversationRequest.builder().request(chatRequest).build());
+                    span.setAttribute("communication.id", comm.get().getId().toString());
+                    span.setAttribute("source.agent", operatingUser.getUsername());
+                    span.setAttribute("target.agent", "SYSTEM");
+                    span.setAttribute("message.type", "interpretation_request");
+                    return ResponseEntity.ok(resp);
+                }catch(HttpException e){
+                    if (e.getMessage().contains("timeout")) {
+                        httpException = e;
+                    } else {
+                        throw e;
+                    }
+                }
+            } while(retries-- > 0);
+            if (null != httpException) {
+                throw httpException;
+            }
         } catch (ExecutionException | InterruptedException e) {
             throw new RuntimeException(e);
         } finally {
             span.end();
         }
 
-
+        return null;
     }
 
     @PostMapping("/justify")
diff --git a/llm-dataplane/src/main/java/io/sentrius/sso/genai/GenerativeAPI.java b/llm-dataplane/src/main/java/io/sentrius/sso/genai/GenerativeAPI.java
index d1c01fc9..5f767633 100644
--- a/llm-dataplane/src/main/java/io/sentrius/sso/genai/GenerativeAPI.java
+++ b/llm-dataplane/src/main/java/io/sentrius/sso/genai/GenerativeAPI.java
@@ -1,6 +1,7 @@
 package io.sentrius.sso.genai;
 
 import java.io.IOException;
+import java.time.Duration;
 import java.util.Objects;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -42,12 +43,17 @@ public GenerativeAPI(TokenProvider authToken, OkHttpClient client) {
     }
 
     public GenerativeAPI(TokenProvider authToken) {
-        this(authToken, new OkHttpClient());
+
+        this(authToken,  new OkHttpClient.Builder()
+            .connectTimeout(Duration.ofSeconds(15))
+            .readTimeout(Duration.ofSeconds(30))
+            .writeTimeout(Duration.ofSeconds(15))
+            .build());
     }
 
     /**
      * Builds the request body for an API endpoint request.
-     *
+     *a
      * @param request the API endpoint request
      * @return the request body as a string
      */
@@ -84,6 +90,7 @@ public String sample(final ApiEndPointRequest apiRequest) throws HttpException {
                     throw new HttpException(response.code(), response.body().string());
                 }
             } else {
+                log.info("body is {}" , response.body());
                 return response.body().string();
             }
         } catch (IOException e) {
diff --git a/sentrius-chart-launcher/templates/configmap.yaml b/sentrius-chart-launcher/templates/configmap.yaml
index 169431fd..cd2493a8 100644
--- a/sentrius-chart-launcher/templates/configmap.yaml
+++ b/sentrius-chart-launcher/templates/configmap.yaml
@@ -16,6 +16,211 @@ data:
         "terminalSummaryForLLM": "<Summary of the terminal thus far for the next LLM assessment>",
           "responseForUser": "<Response to the user>"
       }
+  chat-atpl-helper.yaml: |
+    description: "Agent that handles logs and OpenAI access."
+    context: |
+      You are a helpful agent that helps define a a trust policy. Guide the user through the process of defining a trust policy for an agent.
+      Here is the schema for the Agent Trust Policy Language (ATPL). If no version or policy_id given generate them.
+      Most fields are optional, but the minimum will be capabilities. primitives are simple endpoint connections.
+      Focus on getting those filled in. Following this list will be a message containing all endpoints of the system.
+      {
+      "$schema": "https://json-schema.org/draft/2020-12/schema",
+      "$id": "https://sentrius.io/schemas/atpl.schema.json",
+      "title": "Agent Trust Policy Language (ATPL)",
+      "type": "object",
+      "required": ["version", "policy_id", "capabilities"],
+      "properties": {
+        "version": {
+          "type": "string",
+          "pattern": "^v[0-9]+$"
+        },
+        "policy_id": {
+          "type": "string"
+        },
+        "description": {
+          "type": "string"
+        },
+        "match": {
+          "type": "object",
+          "properties": {
+            "agent_tags": {
+              "type": "array",
+              "items": { "type": "string" }
+            }
+          }
+        },
+        "identity": {
+          "type": "object",
+          "properties": {
+            "issuer": { "type": "string" },
+            "subject_prefix": { "type": "string" },
+            "mfa_required": { "type": "boolean" },
+            "certificate_authority": { "type": "string" }
+          }
+        },
+        "provenance": {
+          "type": "object",
+          "properties": {
+            "source": { "type": "string" },
+            "signature_required": { "type": "boolean" },
+            "approved_committers": {
+              "type": "array",
+              "items": { "type": "string" }
+            }
+          }
+        },
+        "runtime": {
+          "type": "object",
+          "properties": {
+            "enclave_required": { "type": "boolean" },
+            "attestation_type": { "type": "string" },
+            "verified_at_boot": { "type": "boolean" }
+          }
+        },
+        "behavior": {
+          "type": "object",
+          "properties": {
+            "minimum_positive_runs": { "type": "integer" },
+            "max_incidents": { "type": "integer" },
+            "incident_types": {
+              "type": "object",
+              "properties": {
+                "denylist": {
+                  "type": "array",
+                  "items": { "type": "string" }
+                }
+              }
+            }
+          }
+        },
+        "trust_score": {
+          "type": "object",
+          "properties": {
+            "minimum": { "type": "integer" },
+            "weightings": {
+              "type": "object",
+              "properties": {
+                "identity": { "type": "number" },
+                "provenance": { "type": "number" },
+                "runtime": { "type": "number" },
+                "behavior": { "type": "number" }
+              }
+            }
+          }
+        },
+        "capabilities": {
+          "type": "object",
+          "required": ["primitives", "composed"],
+          "properties": {
+            "primitives": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": ["id", "description"],
+                "properties": {
+                  "id": { "type": "string" },
+                  "description": { "type": "string" },
+                  "endpoints": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "commands": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "subcommands": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "activities": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "tags": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  }
+                }
+              }
+            },
+            "composed": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": ["id", "includes"],
+                "properties": {
+                  "id": { "type": "string" },
+                  "includes": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "tags": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "endpoints": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "commands": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "subcommands": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  },
+                  "activities": {
+                    "type": "array",
+                    "items": { "type": "string" }
+                  }
+                }
+              }
+            }
+          }
+        }
+          ,
+        "actions": {
+          "type": "object",
+          "properties": {
+            "on_failure": {
+              "type": "string",
+              "enum": ["deny", "log", "alert"]
+            },
+            "on_success": {
+              "type": "string",
+              "enum": ["allow", "log"]
+            },
+            "on_marginal": {
+              "oneOf": [
+                {"type": "string", "enum": ["require_ztat", "log"]},
+                {
+                  "type": "object",
+                  "properties": {
+                    "action": {"type": "string", "enum": ["require_ztat"]},
+                    "ztat_provider": {"type": "string"}
+                  },
+                  "required": ["action"]
+                }
+              ]
+            }
+          }
+        },
+        "ztat": {
+          "type": "object",
+          "properties": {
+            "provider": {"type": "string"},
+            "ttl": {"type": "string"},
+            "approved_issuers": {
+              "type": "array",
+              "items": {"type": "string"}
+            },
+            "key_binding": {"type": "string"},
+            "approval_required": {"type": "boolean"}
+          }
+        }
+      }
+      }
   launcher.properties: |
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=false

From 844895202e7b94e70173fe05df2694b3bd557d11 Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Wed, 9 Jul 2025 18:55:25 -0400
Subject: [PATCH 6/9] intermediate commit

---
 .local.env                                    |   8 +-
 .local.env.bak                                |   8 +-
 .../launcher/api/AgentLauncherController.java |  10 +-
 .../launcher/service/PodLauncherService.java  |  44 +-
 .../config/AgentWebSocketProxyHandler.java    |  24 +-
 .../sentrius/sso/config/SecurityConfig.java   |   4 -
 .../analysis/agents/agents/AgentVerb.java     |   2 +
 .../analysis/agents/agents/PromptBuilder.java |  39 +-
 .../analysis/agents/agents/VerbRegistry.java  |   1 +
 .../interpreters/AgentContextInterpreter.java |  22 +
 .../interpreters/ObjectNodeInterpreter.java   |  37 +
 .../interpreters/StringInterpreter.java       |  22 +
 .../interpreters/StringToAtplInterpreter.java |  23 +
 .../analysis/agents/verbs/AgentVerbs.java     | 131 +++-
 .../analysis/agents/verbs/AtplVerbs.java      |  57 +-
 .../analysis/agents/verbs/ChatVerbs.java      | 173 +++--
 .../analysis/agents/verbs/ExampleFactory.java |  41 ++
 .../analysis/api/websocket/ChatWSHandler.java |   9 +-
 .../analysis/model/TerminalResponse.java      |   3 +
 .../sentrius/agent/config/SecurityConfig.java |   2 -
 ai-agent/src/main/resources/atpl-schema.json  | 199 +++++
 ai-agent/src/main/resources/chat-helper.json  |   4 +
 .../src/main/resources/terminal-helper.json   |   6 +-
 .../controllers/api/AgentApiController.java   |  74 +-
 .../api/AgentBootstrapController.java         |  38 +-
 .../controllers/api/HostApiController.java    |   2 +-
 .../controllers/api/SystemApiController.java  |  16 +-
 .../sso/controllers/view/AgentController.java |   7 +
 .../db/migration/V18_agent_launch.sql         |  17 +
 .../main/resources/static/js/add_system.js    |  14 +-
 .../templates/sso/agents/design_chat.html     | 692 ++++++++++++++++++
 .../resources/templates/sso/dashboard.html    | 329 ++++-----
 .../templates/sso/enclaves/list_servers.html  |   2 +-
 .../sso/core/dto/AgentRegistrationDTO.java    |   2 +
 .../sso/core/dto/agents/AgentContextDTO.java  |  29 +
 .../dto/agents/AgentContextRequestDTO.java    |  23 +
 .../dto/agents/AgentLaunchResponseDTO.java    |  11 +
 .../sentrius/sso/core/model/verbs/Verb.java   |   4 +
 .../services/agents/AgentClientService.java   |  43 ++
 .../agents/ZeroTrustClientService.java        |   7 +-
 .../sentrius/sso/core/trust/ATPLPolicy.java   |   2 +
 .../sso/core/config/SystemOptions.java        |   3 +-
 .../sso/core/model/agents/AgentContext.java   |  46 ++
 .../sso/core/model/agents/AgentLaunch.java    |  38 +
 .../repository/AgentContextRepository.java    |   9 +
 .../repository/AgentLaunchRepository.java     |   8 +
 .../services/agents/AgentContextService.java  |  31 +
 .../services/agents/AgentLaunchService.java   |  32 +
 .../templates/configmap.yaml                  | 220 +-----
 49 files changed, 2077 insertions(+), 491 deletions(-)
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/AgentContextInterpreter.java
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringInterpreter.java
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringToAtplInterpreter.java
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ExampleFactory.java
 create mode 100644 ai-agent/src/main/resources/atpl-schema.json
 create mode 100644 api/src/main/resources/db/migration/V18_agent_launch.sql
 create mode 100644 api/src/main/resources/templates/sso/agents/design_chat.html
 create mode 100644 core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextDTO.java
 create mode 100644 core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextRequestDTO.java
 create mode 100644 core/src/main/java/io/sentrius/sso/core/dto/agents/AgentLaunchResponseDTO.java
 create mode 100644 dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java
 create mode 100644 dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java
 create mode 100644 dataplane/src/main/java/io/sentrius/sso/core/repository/AgentContextRepository.java
 create mode 100644 dataplane/src/main/java/io/sentrius/sso/core/repository/AgentLaunchRepository.java
 create mode 100644 dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java
 create mode 100644 dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentLaunchService.java

diff --git a/.local.env b/.local.env
index decdf6df..d6e5e1f1 100644
--- a/.local.env
+++ b/.local.env
@@ -1,8 +1,8 @@
-SENTRIUS_VERSION=1.1.233
+SENTRIUS_VERSION=1.1.246
 SENTRIUS_SSH_VERSION=1.1.36
 SENTRIUS_KEYCLOAK_VERSION=1.1.48
 SENTRIUS_AGENT_VERSION=1.1.35
-SENTRIUS_AI_AGENT_VERSION=1.1.85
+SENTRIUS_AI_AGENT_VERSION=1.1.124
 LLMPROXY_VERSION=1.0.49
-LAUNCHER_VERSION=1.0.55
-AGENTPROXY_VERSION=1.0.67
\ No newline at end of file
+LAUNCHER_VERSION=1.0.62
+AGENTPROXY_VERSION=1.0.69
\ No newline at end of file
diff --git a/.local.env.bak b/.local.env.bak
index decdf6df..d6e5e1f1 100644
--- a/.local.env.bak
+++ b/.local.env.bak
@@ -1,8 +1,8 @@
-SENTRIUS_VERSION=1.1.233
+SENTRIUS_VERSION=1.1.246
 SENTRIUS_SSH_VERSION=1.1.36
 SENTRIUS_KEYCLOAK_VERSION=1.1.48
 SENTRIUS_AGENT_VERSION=1.1.35
-SENTRIUS_AI_AGENT_VERSION=1.1.85
+SENTRIUS_AI_AGENT_VERSION=1.1.124
 LLMPROXY_VERSION=1.0.49
-LAUNCHER_VERSION=1.0.55
-AGENTPROXY_VERSION=1.0.67
\ No newline at end of file
+LAUNCHER_VERSION=1.0.62
+AGENTPROXY_VERSION=1.0.69
\ No newline at end of file
diff --git a/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java b/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
index d44a86d1..67c73712 100644
--- a/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
+++ b/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
@@ -60,9 +60,17 @@ public ResponseEntity<String> deleteAgent(@RequestParam(name="agentId") String a
             podLauncherService.deleteAgentById(agentId);
             return ResponseEntity.ok("Shutdown triggered");
         } catch (Exception e) {
-            e.printStackTrace();
             return ResponseEntity.status(500).body("Shutdown failed: " + e.getMessage());
         }
     }
 
+    @GetMapping("/status")
+    public ResponseEntity<String> getAgentStatus(@RequestParam(name="agentId") String agentId) {
+        try {
+            return ResponseEntity.ok(podLauncherService.statusById(agentId) );
+        } catch (Exception e) {
+            return ResponseEntity.status(500).body("Status failed: " + e.getMessage());
+        }
+    }
+
 }
diff --git a/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java b/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
index e08409a9..85050124 100644
--- a/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
+++ b/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
@@ -102,7 +102,7 @@ public void deleteAgentById(String agentId) throws Exception {
                     } catch (Exception ex) {
                         log.warn("Service not found or already deleted: {}", ex.getMessage());
                     }
-                }else {
+                } else {
                     log.info("Not Deleting pod: {}", podName);
                 }
 
@@ -113,9 +113,49 @@ public void deleteAgentById(String agentId) throws Exception {
 
 
         }
+    }
+
+
+        public String statusById(String agentId) throws Exception {
+            // Delete all pods with this agentId label
+            var pods = coreV1Api.listNamespacedPod(
+                agentNamespace
+            ).execute().getItems();
+
+            for (V1Pod pod : pods) {
+
+                var labels = pod.getMetadata().getLabels();
+                var podName = pod.getMetadata().getName();
+
+                Matcher matcher = pattern.matcher(agentId);
+
+                if (matcher.matches() && labels != null && labels.containsKey("agentId")) {
+                    String name = matcher.group(1);
+
+                    var value = labels.get("agentId");
+                    if (value.equals(name)) {
+                        // get pod status
+                        //
+                        V1PodStatus status = pod.getStatus();
+                        if (status == null) {
+                            log.warn("Pod {} has no status information", podName);
+                            return "Unknown";
+                        }
+                        return status.getPhase(); // e.g., "Running", "Pending", "Failed", "Succeeded"
+
+                    }
+
+
+                }
+
+
+            }
+            return "NotFound";
+        }
+
+
 
 
-    }
 
 
     public V1Pod launchAgentPod(AgentRegistrationDTO agent) throws Exception {
diff --git a/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java b/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java
index ecbcfa91..c801c5a7 100644
--- a/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java
+++ b/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java
@@ -123,22 +123,38 @@ public Mono<Void> handle(WebSocketSession clientSession) {
                     })
                     .as(clientSession::send)
                     .doOnSuccess(aVoid -> log.info("agent -> client completed gracefully")) // Corrected for Mono
-                    .doOnError(e -> log.error("Error in agent -> client stream", e))
+                    .doOnError(e -> {
+                        log.error("Error in agent -> client stream", e);
+                        sessionManager.unregister(agentSession.getId());
+                    })
                     .onErrorResume(e -> {
+                        sessionManager.unregister(agentSession.getId());
                         log.error("Agent to client stream error, closing agent session.", e);
                         return agentSession.close().then(Mono.empty());
                     })
                     .doFinally(sig -> log.info("Agent to client stream finalized: {}", sig));
 
                     return Mono.when(clientToAgent, agentToClient)
-                        .doOnTerminate(() -> log.info("WebSocket proxy connection terminated (client and agent streams completed/cancelled)"))
-                        .doOnError(e -> log.error("Overall proxy connection failed", e))
+                        .doOnTerminate(() -> {
+                            log.info("WebSocket proxy connection terminated (client and agent " +
+                                "streams completed/cancelled)");
+                            sessionManager.unregister(agentSession.getId());
+
+                        })
+                        .doOnError(e -> {
+                            log.error("Overall proxy connection failed", e);
+                            sessionManager.unregister(agentSession.getId());
+
+                        })
                         .doFinally(sig -> {
                             sessionManager.unregister(finalSessionId);
                             log.info("WebSocket proxy stream closed completely: {}. Final session ID: {}", sig, finalSessionId);
                         });
             }
-            ).doOnError(e -> log.error("Failed to establish proxy connection", e));
+            ).doOnError(e -> {
+                log.error("Failed to establish proxy connection", e);
+                sessionManager.unregister(finalSessionId);
+            });
 
 
         } catch (Exception ex) {
diff --git a/agent-proxy/src/main/java/io/sentrius/sso/config/SecurityConfig.java b/agent-proxy/src/main/java/io/sentrius/sso/config/SecurityConfig.java
index 4595af51..17cf55df 100644
--- a/agent-proxy/src/main/java/io/sentrius/sso/config/SecurityConfig.java
+++ b/agent-proxy/src/main/java/io/sentrius/sso/config/SecurityConfig.java
@@ -55,10 +55,6 @@ private ReactiveJwtAuthenticationConverter grantedAuthoritiesExtractor() {
 
         converter.setJwtGrantedAuthoritiesConverter(jwt -> {
             Collection<GrantedAuthority> authorities = new JwtGrantedAuthoritiesConverter().convert(jwt);
-            log.info("JWT Claims: {}", jwt.getClaims());
-
-            String username = jwt.getClaimAsString("preferred_username");
-            String email = jwt.getClaimAsString("email");
 
             return Flux.fromIterable(authorities);
         });
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/AgentVerb.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/AgentVerb.java
index 523997ba..aeef6f6a 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/AgentVerb.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/AgentVerb.java
@@ -24,4 +24,6 @@ public class AgentVerb {
     @Builder.Default
     Class<? extends OutputInterpreterIfc> outputInterpreter = DefaultInterpreter.class;
     Class<? extends InputInterpreterIfc> inputInterpreter = DefaultInterpreter.class;
+
+    private String exampleJson = "";
 }
\ No newline at end of file
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java
index 017e1856..12c7a62a 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/PromptBuilder.java
@@ -3,6 +3,8 @@
 import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.stream.Collectors;
+import io.sentrius.agent.analysis.agents.verbs.ExampleFactory;
+import io.sentrius.sso.core.utils.JsonUtil;
 
 /**
  * The `PromptBuilder` class is responsible for constructing a prompt string
@@ -61,21 +63,50 @@ public String buildPrompt(boolean applyInstructions)
                 "    }\n" +
                 "  ]\n" +
                 "}\n");
-
+        }
             // Append the list of available verbs
-            prompt.append("Available Verbs:\n");
+            prompt.append("Verb operations:\n");
 
             // Iterate through the verbs in the registry and append their details
             verbRegistry.getVerbs().forEach((name, verb) -> {
                 prompt.append("- ").append(name);
                 prompt.append(" (").append(buildMethodSignature(verb.getMethod())).append(") - ");
                 prompt.append(verb.getDescription()).append("\n");
+                // Optionally generate example params based on arg1 class
+                Class<?>[] paramTypes = verb.getMethod().getParameterTypes();
+
+                if (paramTypes.length > 1 && !paramTypes[1].equals(Void.class)) {
+                    var paramName = verb.getMethod().getParameters()[1].getName();
+                    Object example = ExampleFactory.createExample(paramName, paramTypes[1]);  // create a stub from
+                    // your DTO
+                    try {
+                        if (verb.getExampleJson() != null && !verb.getExampleJson().isEmpty()) {
+                            prompt.append("  Example arg1: ").append(verb.getExampleJson()).append("\n");
+                        } else if (example != null) {
+                            // Serialize the example object to JSON
+                            String exampleJson = JsonUtil.MAPPER.writeValueAsString(example);
+                            prompt.append("  Example arg1: ").append(exampleJson).append("\n");
+                        }
+
+                    } catch (Exception e) {
+                        prompt.append("  Example params: [unavailable due to serialization error]\n");
+                    }
+                } else {
+                    prompt.append("  Example params: {}\n");
+                }
             });
-        }
 
         return prompt.toString();
     }
 
+    public static String indent(String input, int spaces) {
+        String indent = " ".repeat(spaces);
+        return Arrays.stream(input.split("\n"))
+            .map(line -> indent + line)
+            .collect(Collectors.joining("\n"));
+    }
+
+
     /**
      * Builds a method signature string for a given method.
      *
@@ -84,6 +115,8 @@ public String buildPrompt(boolean applyInstructions)
      */
     private String buildMethodSignature(Method method) {
         return Arrays.stream(method.getParameters())
+            .filter( p -> !p.getType().getSimpleName().equalsIgnoreCase("TokenDTO") &&
+            !p.getType().getSimpleName().equalsIgnoreCase("AgentExecution"))
             .map(p -> p.getName() + ": " + p.getType().getSimpleName())
             .collect(Collectors.joining(", "));
     }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java
index 54426470..c9b0e963 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/VerbRegistry.java
@@ -93,6 +93,7 @@ public void scanClasspath() {
                                         .name(name)
                                         .description(annotation.description())
                                         .method(method)
+                                        .exampleJson(annotation.exampleJson())
                                         .requiresTokenManagement(annotation.requiresTokenManagement())
                                         .returnType(annotation.returnType())
                                         .outputInterpreter(annotation.outputInterpreter())
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/AgentContextInterpreter.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/AgentContextInterpreter.java
new file mode 100644
index 00000000..1743671d
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/AgentContextInterpreter.java
@@ -0,0 +1,22 @@
+package io.sentrius.agent.analysis.agents.interpreters;
+
+import java.util.Map;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.model.verbs.InputInterpreterIfc;
+import io.sentrius.sso.core.utils.JsonUtil;
+
+
+public class AgentContextInterpreter implements InputInterpreterIfc<AgentContextDTO> {
+    @Override
+    public AgentContextDTO interpret(Map<String,Object> input) throws Exception {
+        Object agentContextObj = input.get("agentContext");
+        Object arg1Obj = input.get("arg1");
+
+        if (agentContextObj != null) {
+            return JsonUtil.MAPPER.convertValue(agentContextObj, AgentContextDTO.class);
+        } else if (arg1Obj != null) {
+            return JsonUtil.MAPPER.convertValue(arg1Obj, AgentContextDTO.class);
+        }
+        return null;
+    }
+}
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java
new file mode 100644
index 00000000..1f2e56ee
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java
@@ -0,0 +1,37 @@
+package io.sentrius.agent.analysis.agents.interpreters;
+
+import java.util.HashMap;
+import java.util.Map;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.sso.core.model.verbs.InputInterpreterIfc;
+import io.sentrius.sso.core.model.verbs.OutputInterpreterIfc;
+import io.sentrius.sso.core.model.verbs.VerbResponse;
+import io.sentrius.sso.core.utils.JsonUtil;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class ObjectNodeInterpreter implements InputInterpreterIfc<ObjectNode>, OutputInterpreterIfc {
+    @Override
+    public ObjectNode interpret(Map<String, Object> input) throws Exception {
+
+        Object arg1Value = input.get("arg1");
+        if (arg1Value == null) {
+            throw new IllegalArgumentException("Missing 'arg1' field in arguments map.");
+        }
+
+        // Convert the value under "arg1" to an ObjectNode
+        return JsonUtil.MAPPER.valueToTree(arg1Value);
+    }
+
+    @Override
+    public Map<String, Object> interpret(VerbResponse input) throws Exception {
+        if (input.getResponse() instanceof ObjectNode) {
+            Map<String, Object> responseMap = new HashMap<>();
+            ((ObjectNode)input.getResponse()).fieldNames().forEachRemaining( x ->{
+                    responseMap.put(x, ((ObjectNode)input.getResponse()).get(x).asText() );
+                });
+            return responseMap;
+        }
+        return Map.of();
+    }
+}
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringInterpreter.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringInterpreter.java
new file mode 100644
index 00000000..996a3bc9
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringInterpreter.java
@@ -0,0 +1,22 @@
+package io.sentrius.agent.analysis.agents.interpreters;
+
+import java.util.Map;
+import io.sentrius.sso.core.model.verbs.InputInterpreterIfc;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+import io.sentrius.sso.core.utils.JsonUtil;
+
+public class StringInterpreter implements InputInterpreterIfc<ATPLPolicy> {
+
+    @Override
+    public ATPLPolicy interpret(Map<String,Object> input) throws Exception {
+        Object policyObj = input.get("policy");
+        Object arg1Obj = input.get("arg1");
+
+        if (policyObj != null) {
+            return JsonUtil.MAPPER.convertValue(policyObj, ATPLPolicy.class);
+        } else if (arg1Obj != null) {
+            return JsonUtil.MAPPER.convertValue(arg1Obj, ATPLPolicy.class);
+        }
+        return null;
+    }
+}
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringToAtplInterpreter.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringToAtplInterpreter.java
new file mode 100644
index 00000000..9852f5f4
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/StringToAtplInterpreter.java
@@ -0,0 +1,23 @@
+package io.sentrius.agent.analysis.agents.interpreters;
+
+import java.util.Map;
+import com.fasterxml.jackson.core.JsonParser;
+import io.sentrius.agent.analysis.model.TerminalResponse;
+import io.sentrius.sso.core.model.verbs.InputInterpreterIfc;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+import io.sentrius.sso.core.utils.JsonUtil;
+
+public class StringToAtplInterpreter implements InputInterpreterIfc<ATPLPolicy> {
+    @Override
+    public ATPLPolicy interpret(Map<String,Object> input) throws Exception {
+        Object policyObj = input.get("policy");
+        Object arg1Obj = input.get("arg1");
+
+        if (policyObj != null) {
+            return JsonUtil.MAPPER.convertValue(policyObj, ATPLPolicy.class);
+        } else if (arg1Obj != null) {
+            return JsonUtil.MAPPER.convertValue(arg1Obj, ATPLPolicy.class);
+        }
+        return null;
+    }
+}
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
index 0e85d24d..7f9e6b6f 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
@@ -10,20 +10,25 @@
 import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import io.sentrius.agent.analysis.agents.agents.AgentConfig;
 import io.sentrius.agent.analysis.agents.agents.PromptBuilder;
 import io.sentrius.agent.analysis.agents.agents.VerbRegistry;
+import io.sentrius.agent.analysis.agents.interpreters.AgentContextInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.AsessmentListInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.ObjectListInterpreter;
+import io.sentrius.agent.analysis.agents.interpreters.ObjectNodeInterpreter;
+import io.sentrius.agent.analysis.agents.interpreters.StringInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.ZtatOutputInterpreter;
 import io.sentrius.agent.analysis.model.AssessedTerminal;
 import io.sentrius.agent.analysis.model.Assessment;
@@ -32,11 +37,15 @@
 import io.sentrius.agent.analysis.model.ZtatAsessment;
 import io.sentrius.agent.analysis.model.ZtatResponse;
 import io.sentrius.sso.core.dto.AgentCommunicationDTO;
+import io.sentrius.sso.core.dto.AgentRegistrationDTO;
 import io.sentrius.sso.core.dto.ZtatDTO;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.dto.agents.AgentContextRequestDTO;
 import io.sentrius.sso.core.dto.ztat.AgentExecution;
 import io.sentrius.sso.core.dto.ztat.AtatRequest;
 import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
+import io.sentrius.sso.core.model.verbs.DefaultInterpreter;
 import io.sentrius.sso.core.model.verbs.Verb;
 import io.sentrius.sso.core.services.agents.AgentClientService;
 import io.sentrius.sso.core.services.agents.LLMService;
@@ -272,7 +281,8 @@ public String justifyAgent(AgentExecution execution, ZtatRequestDTO ztatRequest,
      * @throws ZtatException If there is an error during the operation.
      * @throws IOException If there is an error reading the configuration file.
      */
-    @Verb(name = "assess_data", returnType = ArrayNode.class, description = "Accepts api server data based on the " +
+    @Verb(name = "assess_api_data", returnType = ArrayNode.class, description = "Accepts api server data based on the" +
+        " " +
         "context and seeks" +
         " to perform the assessment by prompting the LLM. Can be used to assess data or request information from " +
         "users and/or agents, but not for assessing ztat requests.",
@@ -282,7 +292,7 @@ public String justifyAgent(AgentExecution execution, ZtatRequestDTO ztatRequest,
     public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objectList) throws ZtatException, IOException {
         InputStream is = getClass().getClassLoader().getResourceAsStream(agentConfigFile);
         if (is == null) {
-            throw new RuntimeException("agentConfigFile not found on classpath");
+            throw new RuntimeException(agentConfigFile + " not found on classpath");
         }
         AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
 
@@ -553,4 +563,121 @@ public List<ZtatAsessment> analyzeAtatRequests(AgentExecution execution, List<At
     }
 
 
+    @Verb(name = "create_agent_context", returnType = AgentContextDTO.class, description = "Creates an agent Context",
+        inputInterpreter = ObjectNodeInterpreter.class, requiresTokenManagement = true,
+        exampleJson = "{ \"context\": \"Notify when a new user is added\" }")
+    public ObjectNode createAgentContext(AgentExecution execution, ObjectNode context)
+        throws ZtatException, JsonProcessingException {
+        log.info("Creating agent context");
+        AgentContextRequestDTO dto = AgentContextRequestDTO.builder().context(context.get("context").toString()).
+            description(context.get("context").toString()).name("name").build();
+        var createdContext = agentClientService.createAgentContext(execution, dto);
+        // Here you would typically create a context in your system, e.g., store it in a database or cache.
+        ObjectNode contextNode = JsonUtil.MAPPER.createObjectNode();
+        contextNode.put("contextId", createdContext.getId().toString());
+        return contextNode;
+    }
+
+    @Verb(name = "create_agent", returnType = AgentContextDTO.class, description = "Creates an agent who has the " +
+        "context",
+        exampleJson = "{ \"contextId\": \"associatedContextId\", \"agentName\": \"agentName\" }",
+        inputInterpreter = ObjectNodeInterpreter.class, requiresTokenManagement = true )
+    public ObjectNode createAgent(AgentExecution execution, ObjectNode dto)
+        throws ZtatException, JsonProcessingException {
+        log.info("Creating agent with context: {}", dto);
+        AgentRegistrationDTO agentRegistration = AgentRegistrationDTO.builder()
+            .agentContextId(dto.get("contextId").asText())
+            .agentName(dto.get("agentName").asText())
+            .build();
+
+        var response = agentClientService.createAgent(execution, agentRegistration);
+        ObjectNode contextNode = JsonUtil.MAPPER.createObjectNode();
+        contextNode.put("agentId", agentRegistration.getAgentName());
+        return contextNode;
+    }
+
+    @Verb(name = "get_agent_status", returnType = AgentContextDTO.class, description = "Queries the agent status. Can" +
+        " be Running, pending, NotFound, or Failed" ,
+        exampleJson = "{ \"agentName\": \"agentName\" }",
+        inputInterpreter = ObjectNodeInterpreter.class, requiresTokenManagement = true )
+    public ObjectNode getAgentStatus(AgentExecution execution, ObjectNode agentIdentifier)
+        throws ZtatException, JsonProcessingException {
+        log.info("Creating agent context");
+
+        var response = agentClientService.getCreatedAgentStatus(execution, agentIdentifier.get("agentName").asText());
+        JsonNode node = JsonUtil.MAPPER.readTree(response);
+        ObjectNode contextNode = JsonUtil.MAPPER.createObjectNode();
+        contextNode.put("agentId", agentIdentifier.get("agentName").asText());
+        contextNode.put("status", node.get("status").asText());
+        return contextNode;
+    }
+
+    @Verb(name = "get_endpoints_like", returnType = AgentContextDTO.class, description = "Queries for endpoints in " +
+        "the system that match the input text." ,
+        exampleJson = "{ \"endpoints_like\": [ \"listing users\", \"deleting users\" ] }",
+        inputInterpreter = ObjectNodeInterpreter.class, requiresTokenManagement = true )
+    public ObjectNode getEndpointsLike(AgentExecution execution, ObjectNode queryInput)
+        throws ZtatException, JsonProcessingException {
+        log.info("Querying for endpoints like: {}", queryInput);
+        ObjectNode contextNode = JsonUtil.MAPPER.createObjectNode();
+
+
+        var endpoints = verbRegistry.getEndpoints();
+        ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
+        for (var verb : endpoints) {
+            ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
+            endpoint.put("name", verb.getName());
+
+            endpoint.put("endpoint", verb.getPath());
+            endpointArray.add(endpoint);
+        }
+
+        var listedEndpoints = Message.builder().role("system").content("These are a list of available endpoints, " +
+            "description," +
+            " their " +
+            "name. The user will provide a description of necessary actions. return endpoints that meet the " +
+            "criteria with the name and endpoint in a json array (ex : [ { \"name\": " +
+            "\"listUsers\", \"endpoint\": \"/api/v1/users/list\" } ]:" + endpointArray).build();
+
+        contextNode.put("agentId", "agent1234");
+        contextNode.put("status", "Running");
+        List<Message> messages = new ArrayList<>();
+        messages.add( listedEndpoints);
+        execution.addMessages(Message.builder().role("user").content(queryInput.toString()).build());
+        LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+        var resp = llmService.askQuestion(execution, chatRequest);
+
+        Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
+        log.info("Response is {}", resp);
+        for (Response.Choice choice : response.getChoices()) {
+            var content = choice.getMessage().getContent();
+            if (content.startsWith("```json")) {
+                content = content.substring(7, content.length() - 3);
+            } else if (content.startsWith("```")) {
+                content = content.substring(3, content.length() - 3);
+            }
+            log.info("content is {}", content);
+            if (null != content && !content.isEmpty()) {
+                try {
+
+                    ObjectNode newResponse = JsonUtil.MAPPER.createObjectNode();
+                    JsonNode node = JsonUtil.MAPPER.readTree(content);
+
+                    if (node.isArray()) {
+                        ArrayNode arrayNode = (ArrayNode) node;
+                        newResponse.put("endpoints", arrayNode);
+                        return newResponse;
+                    } else {
+                        log.warn("Expected JSON array but got: {}", node.getNodeType());
+                    }
+
+                    return newResponse;
+                }catch (JsonParseException e) {
+                    log.error("Failed to parse terminal response: {}", e.getMessage());
+                    throw e;
+                }
+            }
+        }
+        return contextNode;
+    }
 }
\ No newline at end of file
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
index 6dd4b758..0e6034b2 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
@@ -1,27 +1,18 @@
 package io.sentrius.agent.analysis.agents.verbs;
 
 import java.io.IOException;
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.List;
+import java.io.InputStream;
 import java.util.Map;
 import com.fasterxml.jackson.databind.node.ArrayNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.google.common.collect.Maps;
-import io.sentrius.agent.analysis.agents.interpreters.AsessmentListInterpreter;
-import io.sentrius.agent.analysis.agents.interpreters.TerminalListInterpreter;
-import io.sentrius.agent.analysis.agents.interpreters.TerminalOutputInterpreter;
-import io.sentrius.agent.analysis.model.AssessedTerminal;
-import io.sentrius.sso.core.dto.HostSystemDTO;
-import io.sentrius.sso.core.dto.ztat.AgentExecution;
+import io.sentrius.agent.analysis.agents.interpreters.StringToAtplInterpreter;
+import io.sentrius.sso.core.dto.ztat.AtatRequest;
 import io.sentrius.sso.core.dto.ztat.TokenDTO;
-import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.model.verbs.DefaultInterpreter;
 import io.sentrius.sso.core.model.verbs.Verb;
 import io.sentrius.sso.core.services.agents.LLMService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
+import io.sentrius.sso.core.trust.ATPLPolicy;
 import io.sentrius.sso.core.utils.JsonUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
@@ -50,18 +41,50 @@ public AtplVerbs(ZeroTrustClientService zeroTrustClientService, LLMService llmSe
         this.agentVerbs = agentVerbs;
     }
 
+    @Verb(name = "qry_policy_id", description = "Queries by policyId.",
+        inputInterpreter = StringToAtplInterpreter.class,
+        outputInterpreter = DefaultInterpreter.class, requiresTokenManagement = true)
+    public ArrayNode queryPolicyById(TokenDTO token, String policyId) throws ZtatException {
+        try {
+
+            log.info("policy is : {}", policyId);
+            String response = zeroTrustClientService.callGetOnApi(token, "/api/v1/policies/" + policyId);
+            if (response == null) {
+                throw new RuntimeException("Failed to retrieve terminal list");
+            }
+            log.info("Terminal list response: {}", response);
+            return (ArrayNode) JsonUtil.MAPPER.readTree(response);
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to retrieve terminal list", e);
+        }
+    }
+
+    @Verb(name = "get_atpl_schema", description = "Gets Schema. No argument required. Returns JSON Schema.",
+        inputInterpreter = DefaultInterpreter.class,
+        outputInterpreter = DefaultInterpreter.class, requiresTokenManagement = true)
+    public String getAtplSchema(TokenDTO token, Map<String,Object> args) throws ZtatException, IOException {
+        InputStream schema = getClass().getClassLoader().getResourceAsStream("atpl-schema.json");
+        if (schema == null) {
+            throw new RuntimeException("atpl-schema.json not found on classpath");
+
+        }
+        return new String(schema.readAllBytes());
+    }
+
     /**
      * Retrieves a list of currently open terminals.
      *
-     * @param args A map of arguments for the operation (currently unused).
      * @return An `ArrayNode` containing the list of open terminals.
      * @throws io.sentrius.sso.core.exceptions.ZtatException If there is an error during the operation.
      */
-    @Verb(name = "save_policy", description = "Saves an ATPL policy.",
+    @Verb(name = "save_policy", description = "Saves an ATPL policy. Accepts ATPL policy in JSON format.",
+        inputInterpreter = StringToAtplInterpreter.class,
         outputInterpreter = DefaultInterpreter.class, requiresTokenManagement = true)
-    public ArrayNode savePolicy(TokenDTO token, Map<String, Object> args) throws ZtatException {
+    public ArrayNode savePolicy(TokenDTO token, ATPLPolicy policy) throws ZtatException {
         try {
-            String response = zeroTrustClientService.callGetOnApi(token, "/ssh/terminal/list/all");
+
+            log.info("policy is : {}", policy);
+            String response = zeroTrustClientService.callPostOnApi("/api/v1/policies", policy);
             if (response == null) {
                 throw new RuntimeException("Failed to retrieve terminal list");
             }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
index 9a0d5413..c4890c6e 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
@@ -7,6 +7,7 @@
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.ListIterator;
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -19,10 +20,13 @@
 import io.sentrius.agent.analysis.agents.agents.VerbRegistry;
 import io.sentrius.agent.analysis.model.TerminalResponse;
 import io.sentrius.agent.analysis.model.WebSocky;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.dto.capabilities.EndpointDescriptor;
 import io.sentrius.sso.core.dto.ztat.AgentExecution;
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.model.verbs.Verb;
 import io.sentrius.sso.core.services.agents.AgentClientService;
+import io.sentrius.sso.core.services.agents.AgentExecutionService;
 import io.sentrius.sso.core.services.agents.LLMService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.core.utils.JsonUtil;
@@ -40,9 +44,13 @@
 @RequiredArgsConstructor
 public class ChatVerbs {
 
+    private final AgentExecutionService agentExecutionService;
     @Value("${agent.ai.config}")
     private String agentConfigFile;
 
+    @Value("${agent.ai.context.db.id:none}")
+    private String agentDatabaseContext;
+
     final ZeroTrustClientService zeroTrustClientService;
     final LLMService llmService;
     final VerbRegistry verbRegistry;
@@ -71,40 +79,45 @@ public TerminalResponse interpretUserData(
                 throw new RuntimeException("assessor-config.yaml not found on classpath");
 
             }
+            AgentConfig config = null;
             String terminalResponse = new String(terminalHelperStream.readAllBytes());
             InputStream is = getStream(agentConfigFile);
             if (is == null) {
-                throw new RuntimeException(agentConfigFile +  " not found on classpath");
+                throw new RuntimeException(agentConfigFile + " not found on classpath");
+            }
+            if (agentDatabaseContext != null && !agentDatabaseContext.equals("none")) {
+                AgentContextDTO agentContext = agentClientService.getAgentContext(execution,
+                    agentDatabaseContext);
+               config = AgentConfig.builder().description(agentContext.getDescription())
+                    .context(agentContext.getContext()).build();
+                log.info("Agent context loaded: {}", agentContext);
+            }else {
+
+                config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
             }
-            AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
 
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
             var prompt = promptBuilder.buildPrompt(false
             );
             List<Message> messages = new ArrayList<>();
+            var context = Message.builder().role("system").content(prompt).build();
+            messages.add(context);
 
-            messages.add(Message.builder().role("system").content(prompt).build());
-            var endpoints = verbRegistry.getEndpoints();
-            ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
-            for (var verb : endpoints) {
-                ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
-                endpoint.put("name", verb.getName());
-                
-                endpoint.put("endpoint", verb.getPath());
-                endpointArray.add(endpoint);
-            }
-            messages.add(Message.builder().role("system").content("These are a list of available endpoints, " +
-                "description," +
-                " their " +
-                "name:" + endpointArray).build());
+            messages.add(Message.builder().role("system").content("You have executed verbs for the previous user " +
+                "messages. Please generate a user response that summarizes the last message.").build());
+            int size = getMessageSize(context);
+
+            var history = getContextWindow(execution.getMessages(), 1024*96 - (size));
+            messages.addAll(history);
             messages.add(Message.builder().role("system").content("Please ensure your nextOperation abides by the " +
                 "following json format and leave it empty if user's request doesn't require explicit use of system " +
                 "operations" +
                 ". Please summarize prior terminal " +
                 "sessions, using " +
                 "terminal output if needed " +
-                "for clarity of the next LLM request and for the user. Ensure your response meets this json format: " + terminalResponse).build());
+                "for clarity of the next LLM request and for the user. Ensure your all future responses meets this " +
+                "json format: " + terminalResponse).build());
             messages.add(Message.builder().role("user").content(userMessage.getContent()).build());
             LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
@@ -128,7 +141,7 @@ public TerminalResponse interpretUserData(
                         return newResponse;
                     }catch (JsonParseException e) {
                         log.error("Failed to parse terminal response: {}", e.getMessage());
-                        return TerminalResponse.builder().responseForUser(content).terminalSummaryForLLM(lastMessage.getTerminalSummaryForLLM()).build();
+                        return TerminalResponse.builder().responseForUser(content).build();
                     }
                 }
             }
@@ -149,30 +162,35 @@ public TerminalResponse interpretUserData(
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
             var prompt = promptBuilder.buildPrompt(false);
             List<Message> messages = new ArrayList<>();
+            var context = Message.builder().role("system").content(prompt).build();
+            messages.add(context);
 
-            messages.add(Message.builder().role("system").content(prompt).build());
-            var endpoints = verbRegistry.getEndpoints();
-            ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
-            for (var verb : endpoints) {
-                ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
-                endpoint.put("name", verb.getName());
-                
-                endpoint.put("endpoint", verb.getPath());
-                endpointArray.add(endpoint);
-            }
-            messages.add(Message.builder().role("system").content("These are a list of available endpoints, " +
+            /*
+            var listedEndpoints = Message.builder().role("system").content("These are a list of available endpoints, " +
                 "description," +
                 " their " +
-                "name:" + endpointArray).build());
-            messages.add(Message.builder().role("system").content("Please ensure your nextOperation abide by the " +
-                "following json format. Please summarize prior terminal sessions, using terminal output if needed " +
-                "for clarity of the next LLM request and for the user. Ensure your response meets this json format:  " + terminalResponse).build());
-            messages.add(Message.builder().role("assistant").content("prior response: " + lastMessage.getTerminalSummaryForLLM()).build());
+                "name:" + endpointArray).build();
+            messages.add(listedEndpoints);
+            messages.add(Message.builder().role("system").content("You have executed verbs for the previous user " +
+                "messages. Please generate a user response that summarizes the last message.").build());
+            int size = getMessageSize(context) + getMessageSize(listedEndpoints);
+
+            var history = getContextWindow(execution.getMessages(), 1024*96 - (size));
+            messages.addAll(history);
+
+             */
+            var history = getContextWindow(execution.getMessages(), 1024*96 );
+            messages.addAll(history);
+
+//            messages.add(Message.builder().role("assistant").content("prior response: " + lastMessage
+//            .getTerminalSummaryForLLM()).build());
+
+            execution.addMessages( userMessage );
             messages.add(Message.builder().role("user").content(userMessage.getContent()).build());
 
             LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
-            execution.addMessages( messages );
+
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
             log.info("Response is {}", resp);
             for (Response.Choice choice : response.getChoices()) {
@@ -184,6 +202,8 @@ public TerminalResponse interpretUserData(
                 }
                 log.info("content is {}", content);
                 if (null != content && !content.isEmpty()) {
+
+                    execution.addMessages( choice.getMessage() );
                     try {
                         var newResponse = JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(
                             content,
@@ -202,6 +222,56 @@ public TerminalResponse interpretUserData(
         return null;
     }
 
+    public List<Message> getContextWindow(List<Message> allMessages, int maxContextSize) {
+        List<Message> systemMessages = new ArrayList<>();
+        List<Message> window = new ArrayList<>();
+        int totalSize = 0;
+
+        // First: collect system messages (or other required ones)
+        for (Message msg : allMessages) {
+            if ("system".equals(msg.role)) {
+                systemMessages.add(msg);
+                totalSize += getMessageSize(msg);
+            }
+        }
+
+        // If system messages already exceed max context, return only those
+        if (totalSize >= maxContextSize) {
+            return systemMessages;
+        }
+
+        int remainingSize = maxContextSize - totalSize;
+
+        // Then: collect non-system messages from the end, up to remainingSize
+        ListIterator<Message> iter = allMessages.listIterator(allMessages.size());
+        while (iter.hasPrevious()) {
+            Message msg = iter.previous();
+
+            if ("system".equals(msg.role)) continue; // already added
+
+            int messageSize = getMessageSize(msg);
+            if (messageSize > remainingSize) break;
+
+            window.add(0, msg); // prepend
+            remainingSize -= messageSize;
+        }
+
+        // Combine system + selected recent messages
+        List<Message> result = new ArrayList<>();
+        result.addAll(systemMessages);
+        result.addAll(window);
+
+        return result;
+    }
+
+
+    private int getMessageSize(Message msg) {
+        int size = 0;
+        if (msg.role != null) size += msg.role.length();
+        if (msg.content != null) size += msg.content.length();
+        if (msg.refusal != null) size += msg.refusal.length();
+        return size;
+    }
 
     public TerminalResponse interpret_plan_response(
         AgentExecution execution, @NonNull WebSocky socketConnection,
@@ -230,27 +300,26 @@ public TerminalResponse interpret_plan_response(
             var prompt = promptBuilder.buildPrompt(false);
             List<Message> messages = new ArrayList<>();
 
-            messages.add(Message.builder().role("system").content(prompt).build());
-            var endpoints = verbRegistry.getEndpoints();
-            ArrayNode endpointArray = JsonUtil.MAPPER.createArrayNode();
-            for (var verb : endpoints) {
-                ObjectNode endpoint = JsonUtil.MAPPER.createObjectNode();
-                endpoint.put("name", verb.getName());
-                
-                endpoint.put("endpoint", verb.getPath());
-                endpointArray.add(endpoint);
+            if (execution.getMessages().isEmpty()) {
+                var context = Message.builder().role("system").content(prompt).build();
+                messages.add(context);
+
+
+
             }
-            messages.add(Message.builder().role("system").content("These are a list of available endpoints, " +
-                "description," +
-                " their " +
-                    "name:" + endpointArray).build());
+
             messages.add(Message.builder().role("system").content("You have executed verbs for the previous user " +
                 "messages. Please generate a user response that summarizes the last message.").build());
-            if (null != agentVerb ){
-                messages.add(Message.builder().role("system").content("You have executed verb: " + agentVerb.getName() +
-                    " with the following description: " + agentVerb.getDescription()).build());
+            if (null != agentVerb) {
+                messages.add(
+                    Message.builder().role("system").content("You have executed verb: " + agentVerb.getName() +
+                        " with the following description: " + agentVerb.getDescription()).build());
             }
-            messages.add(Message.builder().role("assistant").content("prior response: " + lastMessage.getTerminalSummaryForLLM()).build());
+
+            var history = getContextWindow(execution.getMessages(), 1024*96 );
+            messages.addAll(history);
+            //messages.add(Message.builder().role("assistant").content("prior response: " + lastMessage
+        // .getTerminalSummaryForLLM()).build());
             messages.add(Message.builder().role("assistant").content(planExecutionOutput).build());
 
             LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ExampleFactory.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ExampleFactory.java
new file mode 100644
index 00000000..418ec15c
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ExampleFactory.java
@@ -0,0 +1,41 @@
+package io.sentrius.agent.analysis.agents.verbs;
+
+import java.util.List;
+import java.util.Map;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.trust.ATPLPolicy;
+import io.sentrius.sso.core.trust.Capability;
+import io.sentrius.sso.core.trust.CapabilitySet;
+
+public class ExampleFactory {
+    public static Object createExample(String paramName, Class<?> type) {
+        if (type.equals(Map.class)) {
+            return Map.of("key", "value");
+        }
+        if (type.equals(List.class)) {
+            return List.of(Map.of("key", "value"));
+        }
+        if (type.equals(String.class)) {
+            return "{ \"" + paramName + "\" : Example String value\" }";
+        }
+        if (type.equals(AgentContextDTO.class)) {
+            return AgentContextDTO.builder().context("This is the context for the agent").description("Agent " +
+                "description").build();
+        }
+        if (type.equals(ATPLPolicy.class)) {
+            return ATPLPolicy.builder()
+                .policyId("policy-001")
+                .description("Example policy")
+                .version("v0")
+                .capabilities(
+                    CapabilitySet.builder().primitives(
+                        List.of(
+                            Capability.builder().description("description").endpoints(List.of(
+                    "endpoint1", "endpoint2")).build()
+                        )).build())
+                .build();
+        }
+        // fallback
+        return Map.of("field", "value");
+    }
+}
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java
index 6ff71c11..d2d4318f 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java
@@ -184,8 +184,10 @@ protected void handleTextMessage(WebSocketSession session, TextMessage message)
                                 websocketCommunication, userMessage);
                             log.info("Response: {}", response);
                             var newMessage = Session.ChatMessage.newBuilder()
-                                .setMessage(String.format("{\"type\":\"user-message\",\"message\":\"%s\"}",
-                                    response.getResponseForUser()))
+                                .setMessage(response.getResponseForUser()/*String.format("{\"type\":\"user-message\"," +
+                                        "\"message\":\"%s\"}",
+                                    response.getResponseForUser())*/
+                                )
                                 .setSender("agent")
                                 .setChatGroupId("")
                                 .setSessionId(Long.parseLong(websocketCommunication.getSessionId()))
@@ -206,10 +208,11 @@ protected void handleTextMessage(WebSocketSession session, TextMessage message)
                                     var lastVerbResponse =
                                         websocketCommunication.getVerbResponses().stream().reduce((prev, next) -> next)
                                             .orElse(null);
+                                    var arguments = response.getArguments();
                                     var executionResponse = verbRegistry.execute(
                                         chatAgent.getAgentExecution(),
                                         lastVerbResponse,
-                                        response.getNextOperation(), Maps.newHashMap()
+                                        response.getNextOperation(), arguments
                                     );
 
                                     var nextResponse = chatVerbs.interpret_plan_response(
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/model/TerminalResponse.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/model/TerminalResponse.java
index 02655a82..5bcacf37 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/model/TerminalResponse.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/model/TerminalResponse.java
@@ -2,6 +2,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 import io.sentrius.sso.core.dto.HostSystemDTO;
 import io.sentrius.sso.genai.Message;
 import lombok.AllArgsConstructor;
@@ -23,4 +24,6 @@ public class TerminalResponse {
     String nextOperation;
     String terminalSummaryForLLM;
     String responseForUser;
+    @Builder.Default
+    public Map<String, Object> arguments = Map.of();
 }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/config/SecurityConfig.java b/ai-agent/src/main/java/io/sentrius/agent/config/SecurityConfig.java
index 398de64d..ff352101 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/config/SecurityConfig.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/config/SecurityConfig.java
@@ -66,9 +66,7 @@ public JwtAuthenticationConverter jwtAuthenticationConverterForKeycloak() {
         log.info("**** Initializing JwtAuthenticationConverter");
 
         converter.setJwtGrantedAuthoritiesConverter(jwt -> {
-            log.info("**** Jwt Authentication Converter invoked");
             Collection<GrantedAuthority> authorities = new JwtGrantedAuthoritiesConverter().convert(jwt);
-            log.info("JWT Claims: {}", jwt.getClaims());
 
             String userId = jwt.getClaimAsString("sub");
             String username = jwt.getClaimAsString("preferred_username");
diff --git a/ai-agent/src/main/resources/atpl-schema.json b/ai-agent/src/main/resources/atpl-schema.json
new file mode 100644
index 00000000..14839924
--- /dev/null
+++ b/ai-agent/src/main/resources/atpl-schema.json
@@ -0,0 +1,199 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://sentrius.io/schemas/atpl.schema.json",
+  "title": "Agent Trust Policy Language (ATPL)",
+  "type": "object",
+  "required": ["version", "policy_id", "capabilities"],
+  "properties": {
+    "version": {
+      "type": "string",
+      "pattern": "^v[0-9]+$"
+    },
+    "policy_id": {
+      "type": "string"
+    },
+    "description": {
+      "type": "string"
+    },
+    "match": {
+      "type": "object",
+      "properties": {
+        "agent_tags": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      }
+    },
+    "identity": {
+      "type": "object",
+      "properties": {
+        "issuer": { "type": "string" },
+        "subject_prefix": { "type": "string" },
+        "mfa_required": { "type": "boolean" },
+        "certificate_authority": { "type": "string" }
+      }
+    },
+    "provenance": {
+      "type": "object",
+      "properties": {
+        "source": { "type": "string" },
+        "signature_required": { "type": "boolean" },
+        "approved_committers": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      }
+    },
+    "runtime": {
+      "type": "object",
+      "properties": {
+        "allow_drift": { "type": "boolean" },
+        "enclave_required": { "type": "boolean" },
+        "attestation_type": { "type": "string" },
+        "verified_at_boot": { "type": "boolean" }
+      }
+    },
+    "behavior": {
+      "type": "object",
+      "properties": {
+        "minimum_positive_runs": { "type": "integer" },
+        "max_incidents": { "type": "integer" },
+        "incident_types": {
+          "type": "object",
+          "properties": {
+            "denylist": {
+              "type": "array",
+              "items": { "type": "string" }
+            }
+          }
+        }
+      }
+    },
+    "trust_score": {
+      "type": "object",
+      "properties": {
+        "minimum": { "type": "integer" },
+        "weightings": {
+          "type": "object",
+          "properties": {
+            "identity": { "type": "number" },
+            "provenance": { "type": "number" },
+            "runtime": { "type": "number" },
+            "behavior": { "type": "number" }
+          }
+        }
+      }
+    },
+    "capabilities": {
+      "type": "object",
+      "required": ["primitives", "composed"],
+      "properties": {
+        "primitives": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["id", "description"],
+            "properties": {
+              "id": { "type": "string" },
+              "description": { "type": "string" },
+              "endpoints": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "commands": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "subcommands": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "activities": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "tags": {
+                "type": "array",
+                "items": { "type": "string" }
+              }
+            }
+          }
+        },
+        "composed": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["id", "includes"],
+            "properties": {
+              "id": { "type": "string" },
+              "includes": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "tags": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "endpoints": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "commands": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "subcommands": {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              "activities": {
+                "type": "array",
+                "items": { "type": "string" }
+              }
+            }
+          }
+        }
+      }
+    }
+  ,
+    "actions": {
+      "type": "object",
+      "properties": {
+        "on_failure": {
+          "type": "string",
+          "enum": ["deny", "log", "alert"]
+        },
+        "on_success": {
+          "type": "string",
+          "enum": ["allow", "log"]
+        },
+        "on_marginal": {
+          "oneOf": [
+            {"type": "string", "enum": ["require_ztat", "log"]},
+            {
+              "type": "object",
+              "properties": {
+                "action": {"type": "string", "enum": ["require_ztat"]},
+                "ztat_provider": {"type": "string"}
+              },
+              "required": ["action"]
+            }
+          ]
+        }
+      }
+    },
+    "ztat": {
+      "type": "object",
+      "properties": {
+        "provider": {"type": "string"},
+        "ttl": {"type": "string"},
+        "approved_issuers": {
+          "type": "array",
+          "items": {"type": "string"}
+        },
+        "key_binding": {"type": "string"},
+        "approval_required": {"type": "boolean"}
+      }
+    }
+  }
+}
diff --git a/ai-agent/src/main/resources/chat-helper.json b/ai-agent/src/main/resources/chat-helper.json
index 7bc969b9..bffb7174 100644
--- a/ai-agent/src/main/resources/chat-helper.json
+++ b/ai-agent/src/main/resources/chat-helper.json
@@ -1,6 +1,10 @@
 {
   "previousOperation": "<previousOperation>",
   "nextOperation": "<nextOperation>",
+  "arguments": {
+    "argumentname": "<argumentvalue for nextOperation>",
+    "argumentname2": "<argumentvalue>"
+  },
   "terminalSummaryForLLM": "<Summary of the terminal thus far for the next LLM assessment>",
     "responseForUser": "<Response to the user>"
 }
\ No newline at end of file
diff --git a/ai-agent/src/main/resources/terminal-helper.json b/ai-agent/src/main/resources/terminal-helper.json
index 7bc969b9..02be454b 100644
--- a/ai-agent/src/main/resources/terminal-helper.json
+++ b/ai-agent/src/main/resources/terminal-helper.json
@@ -1,6 +1,10 @@
 {
   "previousOperation": "<previousOperation>",
   "nextOperation": "<nextOperation>",
+  "arguments": {
+    "argumentname": "<argumentvalue for nextOperation>",
+    "argumentname2": "<argumentvalue>"
+  },
   "terminalSummaryForLLM": "<Summary of the terminal thus far for the next LLM assessment>",
-    "responseForUser": "<Response to the user>"
+  "responseForUser": "<Response to the user>"
 }
\ No newline at end of file
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java
index 40a303e3..ab573e2d 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java
@@ -15,11 +15,16 @@
 import java.util.concurrent.ExecutionException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import io.sentrius.sso.config.ApiPaths;
+import io.sentrius.sso.config.AppConfig;
 import io.sentrius.sso.core.annotations.LimitAccess;
 import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.controllers.BaseController;
 import io.sentrius.sso.core.dto.AgentCommunicationDTO;
+import io.sentrius.sso.core.dto.AgentDTO;
 import io.sentrius.sso.core.dto.AgentHeartbeatDTO;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.dto.agents.AgentContextRequestDTO;
+import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.model.chat.AgentCommunication;
 import io.sentrius.sso.core.model.security.enums.IdentityType;
 import io.sentrius.sso.core.model.security.UserType;
@@ -32,6 +37,8 @@
 import io.sentrius.sso.core.services.ATPLPolicyService;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.UserService;
+import io.sentrius.sso.core.services.agents.AgentClientService;
+import io.sentrius.sso.core.services.agents.AgentContextService;
 import io.sentrius.sso.core.services.agents.AgentService;
 import io.sentrius.sso.core.services.auditing.AuditService;
 import io.sentrius.sso.core.services.security.CryptoService;
@@ -54,6 +61,7 @@
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -75,7 +83,10 @@ public class AgentApiController extends BaseController {
     final ZeroTrustRequestService ztrService;
     final AgentService agentService;
     final ProvenanceKafkaProducer provenanceKafkaProducer;
-    private final ZeroTrustRequestService ztatRequestService;
+    final ZeroTrustRequestService ztatRequestService;
+    final AgentContextService agentContextService;
+    final AgentClientService agentClientService;
+    final AppConfig appConfig;
 
     public AgentApiController(
         UserService userService,
@@ -85,7 +96,8 @@ public AgentApiController(
         CryptoService cryptoService, SessionTrackingService sessionTrackingService, KeycloakService keycloakService,
         ATPLPolicyService atplPolicyService,
         ZeroTrustAccessTokenService ztatService, ZeroTrustRequestService ztrService, AgentService agentService,
-        ProvenanceKafkaProducer provenanceKafkaProducer, ZeroTrustRequestService ztatRequestService
+        ProvenanceKafkaProducer provenanceKafkaProducer, ZeroTrustRequestService ztatRequestService,
+        AgentContextService agentContextService, AgentClientService agentClientService, AppConfig appConfig
     ) {
         super(userService, systemOptions, errorOutputService);
         this.auditService = auditService;
@@ -98,6 +110,9 @@ public AgentApiController(
         this.agentService = agentService;
         this.provenanceKafkaProducer = provenanceKafkaProducer;
         this.ztatRequestService = ztatRequestService;
+        this.agentContextService = agentContextService;
+        this.agentClientService = agentClientService;
+        this.appConfig = appConfig;
     }
 
     public SessionLog createSession(@RequestParam String username, @RequestParam String ipAddress) {
@@ -282,7 +297,7 @@ public ResponseEntity<?> createAgentChatRequest(
 
     @GetMapping("/list")
     @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
-    public ResponseEntity<?> listAgents(HttpServletRequest request, HttpServletResponse response){
+    public ResponseEntity<?> listAgents(HttpServletRequest request, HttpServletResponse response) throws ZtatException {
         var operatingUser = getOperatingUser(request, response );
         if (null == operatingUser) {
             log.warn("No operating user found");
@@ -290,7 +305,24 @@ public ResponseEntity<?> listAgents(HttpServletRequest request, HttpServletRespo
         }
         log.info("Received list request from user: {} {}", operatingUser.getUsername(), operatingUser);
         var agents = agentService.getAllAgents(true);
-        return ResponseEntity.ok(agents);
+
+        List<AgentDTO> prunedAgentList = agents.stream().filter(agent -> {
+                try {
+                    String podResponse =
+                        agentClientService.getAgentPodStatus(appConfig.getSentriusLauncherService(), agent.getAgentName());
+                    if (podResponse != null && (podResponse.equalsIgnoreCase("running") || podResponse.equalsIgnoreCase("pending"))){
+                        return true;
+                    } else {
+                        log.info("Agent {} is not running or pending, removing from list. Status is {}",
+                            agent.getAgentName(), podResponse);
+                    }
+                } catch (ZtatException ignored) {
+
+                }
+            return false;
+            }
+        ).toList();
+        return ResponseEntity.ok(prunedAgentList);
 
     }
 
@@ -754,4 +786,38 @@ private boolean validateUser(User requestor, User operatingUser, AgentCommunicat
         return canSend;
     }
 
+    @GetMapping("/context/{contextId}")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<AgentContextDTO> getContext(
+        HttpServletRequest request,
+        HttpServletResponse response,
+        @PathVariable("contextId") String contextId){
+        var databaseContext = agentContextService.getContextOrThrow(UUID.fromString(contextId));
+        return ResponseEntity.ok(AgentContextDTO.builder()
+            .id(databaseContext.getId())
+            .name(databaseContext.getName())
+            .description(databaseContext.getDescription())
+            .context(databaseContext.getContext())
+            .createdAt(databaseContext.getCreatedAt())
+            .updatedAt(databaseContext.getUpdatedAt())
+            .build());
+    }
+
+    @PostMapping("/context")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<AgentContextDTO> createContext(
+        HttpServletRequest request,
+        HttpServletResponse response,
+        AgentContextRequestDTO dtoRequest){
+        var databaseContext = agentContextService.create(dtoRequest);
+        return ResponseEntity.ok(AgentContextDTO.builder()
+            .id(databaseContext.getId())
+            .name(databaseContext.getName())
+            .description(databaseContext.getDescription())
+            .context(databaseContext.getContext())
+            .createdAt(databaseContext.getCreatedAt())
+            .updatedAt(databaseContext.getUpdatedAt())
+            .build());
+    }
+
 }
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java b/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java
index f8ecdc3f..147f2ac5 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java
@@ -40,6 +40,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -62,6 +63,7 @@ public class AgentBootstrapController extends BaseController {
     private final ZeroTrustClientService zeroTrustClientService;
     private final ObjectMapper yamlMapper = new ObjectMapper(new YAMLFactory());
     final AppConfig appConfig;
+    private final AgentClientService agentClientService;
 
 
     public AgentBootstrapController(
@@ -72,7 +74,8 @@ public AgentBootstrapController(
         CryptoService cryptoService, SessionTrackingService sessionTrackingService, KeycloakService keycloakService,
         ATPLPolicyService atplPolicyService,
         ZeroTrustAccessTokenService ztatService, ZeroTrustRequestService ztrService, AgentService agentService,
-        ZeroTrustClientService zeroTrustClientService, AppConfig appConfig
+        ZeroTrustClientService zeroTrustClientService, AppConfig appConfig,
+        AgentClientService agentClientService
     ) {
         super(userService, systemOptions, errorOutputService);
         this.auditService = auditService;
@@ -85,6 +88,7 @@ public AgentBootstrapController(
         this.agentService = agentService;
         this.zeroTrustClientService = zeroTrustClientService;
         this.appConfig = appConfig;
+        this.agentClientService = agentClientService;
     }
 
 
@@ -168,7 +172,26 @@ public ResponseEntity<String> launchPod(
         @RequestBody AgentRegistrationDTO registrationDTO, HttpServletRequest request, HttpServletResponse response
         ) throws GeneralSecurityException, IOException, ZtatException {
 
+        try{
+            log.info("Launching agent pod with ID: {}", registrationDTO.getAgentName());
 
+            var status = getAgentStatus( registrationDTO.getAgentName(), request, response);
+            if (  status != null ) {
+                var body = status.getBody();
+                if (body != null) {
+
+                    if (body.contains("Running") || body.contains("Pending")) {
+                        log.info("Agent {} is already running or pending", registrationDTO.getAgentName());
+                        return ResponseEntity.ok("{\"status\": \"already exists\"}");
+                    } else {
+                        log.warn("Agent {} is not running, attempting to launch again", registrationDTO.getAgentName());
+                    }
+                }
+            }
+        } catch (Exception e) {
+            log.error("Error getting agent status", e);
+
+        }
         var operatingUser = getOperatingUser(request, response );
         zeroTrustClientService.callAuthenticatedPostOnApi(appConfig.getSentriusLauncherService(),  "agent/launcher/create",
             registrationDTO);
@@ -192,6 +215,19 @@ public ResponseEntity<String> deletePod(
     }
 
 
+    @GetMapping("/launcher/status")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public ResponseEntity<String> getAgentStatus(
+        @RequestParam("agentId") String agentId, HttpServletRequest request, HttpServletResponse response
+    ) throws GeneralSecurityException, IOException, ZtatException {
+
+
+        var operatingUser = getOperatingUser(request, response );
+        String podResponse =
+            agentClientService.getAgentPodStatus(appConfig.getSentriusLauncherService(), agentId);
+        // bootstrap with a default policy
+        return ResponseEntity.ok("{\"status\": \"" + podResponse + "\"}");
+    }
 
 
 
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java
index 8306c824..de7b96a5 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java
@@ -196,7 +196,7 @@ public ResponseEntity<ObjectNode> connectSSHServer(HttpServletRequest request, H
         if (enclaveId == null || hostId == null) {
             return ResponseEntity.badRequest().build();
         }
-        if (systemOptions.getSshEnabled() == false){
+        if (systemOptions.getLockdownEnabled() == true){
             node.put("sessionId","");
             node.put("errorToUser","SSH is disabled");
             return ResponseEntity.ok(node);
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/SystemApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/SystemApiController.java
index ccedfb67..26721f4e 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/SystemApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/SystemApiController.java
@@ -73,20 +73,20 @@ protected SystemApiController(
         this.configurationApplicationTask = configurationApplicationTask;
     }
 
-    @GetMapping("/settings/sshEnabled")
-    public ResponseEntity<ObjectNode> getSSHEnabled() {
+    @GetMapping("/settings/lockdownEnabled")
+    public ResponseEntity<ObjectNode> getLockdownEnabled() {
         ObjectNode node = JsonUtil.MAPPER.createObjectNode();
-        node.put("sshEnabled", systemOptions.getSshEnabled());
+        node.put("lockdownEnabled", systemOptions.getLockdownEnabled());
         return ResponseEntity.ok(node);
     }
 
-    @PutMapping("/settings/ssh/toggle")
+    @PutMapping("/settings/lockdown/toggle")
     @LimitAccess(applicationAccess ={ ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
-    public ResponseEntity<ObjectNode> toggleSSHEnabled() {
-        log.info("Toggling SSH enabled");
+    public ResponseEntity<ObjectNode> toggleLockdown() {
+        log.info("Toggling Lockdown enabled");
         ObjectNode node = JsonUtil.MAPPER.createObjectNode();
-        systemOptions.setValue("sshEnabled", !systemOptions.getSshEnabled());
-        node.put("sshEnabled", systemOptions.getSshEnabled());
+        systemOptions.setValue("lockdownEnabled", !systemOptions.getLockdownEnabled());
+        node.put("lockdownEnabled", systemOptions.getLockdownEnabled());
         return ResponseEntity.ok(node);
     }
 
diff --git a/api/src/main/java/io/sentrius/sso/controllers/view/AgentController.java b/api/src/main/java/io/sentrius/sso/controllers/view/AgentController.java
index 58bcf2b9..3670cdd1 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/view/AgentController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/view/AgentController.java
@@ -48,6 +48,12 @@ public String listAgents(Model m) {
         return "sso/agents/list_agents";
     }
 
+    @GetMapping("/design/chat")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
+    public String designAgent(Model m) {
+        return "sso/agents/design_chat";
+    }
+
     @GetMapping("/connections")
     @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
     public String listConnections(Model m, @RequestParam("agentId") String agentId) throws GeneralSecurityException {
@@ -59,4 +65,5 @@ public String listConnections(Model m, @RequestParam("agentId") String agentId)
         return "sso/agents/agent_comms";
     }
 
+
 }
diff --git a/api/src/main/resources/db/migration/V18_agent_launch.sql b/api/src/main/resources/db/migration/V18_agent_launch.sql
new file mode 100644
index 00000000..63694ba6
--- /dev/null
+++ b/api/src/main/resources/db/migration/V18_agent_launch.sql
@@ -0,0 +1,17 @@
+CREATE TABLE agent_contexts (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    name TEXT NOT NULL,
+    description TEXT,
+    context TEXT NOT NULL, -- YAML or any other string format
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT now(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT now()
+);
+
+CREATE TABLE agent_launches (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    agent_id TEXT NOT NULL,                         -- e.g., name or UUID of the launched agent
+    context_id UUID NOT NULL REFERENCES agent_contexts(id),
+    launched_by TEXT,                               -- who or what initiated it
+    launch_parameters TEXT,                        -- optional overrides or launch args
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT now()
+);
\ No newline at end of file
diff --git a/api/src/main/resources/static/js/add_system.js b/api/src/main/resources/static/js/add_system.js
index 3752b900..0ae07c5e 100644
--- a/api/src/main/resources/static/js/add_system.js
+++ b/api/src/main/resources/static/js/add_system.js
@@ -9,14 +9,14 @@ document.addEventListener('DOMContentLoaded', function () {
     if (disableSSHButton) {
 
 
-            fetch(`/api/v1/system/settings/sshEnabled`)
+            fetch(`/api/v1/system/settings/lockdownEnabled`)
                 .then(response => response.json())
                 .then(data => {
-                    if (data.sshEnabled) {
-                        disableSSHButton.innerText = 'Disable SSH';
+                    if (data.lockdownEnabled) {
+                        disableSSHButton.innerText = 'LockDown Systems';
                     }
                     else {
-                        disableSSHButton.innerText = 'Enable SSH';
+                        disableSSHButton.innerText = 'Re-enable Systems';
                     }
                 })
                 .catch(error => {
@@ -25,7 +25,7 @@ document.addEventListener('DOMContentLoaded', function () {
         document.getElementById('disable-ssh-button').addEventListener('click', function(event) {
             event.preventDefault(); // Prevent the default anchor behavior
             const csrfToken = document.getElementById('csrf-token').value; // Get CSRF token value
-            fetch('/api/v1/system/settings/ssh/toggle', {
+            fetch('/api/v1/system/settings/lockdown/toggle', {
                 method: 'PUT', // Specify PUT request
                 headers: {
                     'Content-Type': 'application/json', // Optional, adjust based on your API
@@ -34,10 +34,10 @@ document.addEventListener('DOMContentLoaded', function () {
             }).then(response => response.json())
                 .then(data => {
                     if (data.sshEnabled) {
-                        disableSSHButton.innerText = 'Disable SSH';
+                        disableSSHButton.innerText = 'LockDown Systems';
                     }
                     else {
-                        disableSSHButton.innerText = 'Enable SSH';
+                        disableSSHButton.innerText = 'Re-enable Systems';
                     }
                 })
                 .catch(error => {
diff --git a/api/src/main/resources/templates/sso/agents/design_chat.html b/api/src/main/resources/templates/sso/agents/design_chat.html
new file mode 100644
index 00000000..789b180b
--- /dev/null
+++ b/api/src/main/resources/templates/sso/agents/design_chat.html
@@ -0,0 +1,692 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" class="dark" data-bs-theme="dark">
+<head>
+    <meta th:replace="~{fragments/header}">
+    <title>[[${systemOptions.systemLogoName}]] - Agent Designer</title>
+    <script th:src="@{/node/js/google-protobuf/google-protobuf.js}"></script>
+    <script th:src="@{/js/bundled_session_pb.js}"></script>
+    <style>
+        .chat-container {
+            max-width: 1200px;
+            margin: 20px auto;
+            background: #1e1e1e;
+            border-radius: 15px;
+            padding: 0;
+            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.8);
+            overflow: hidden;
+            height: 80vh;
+            display: flex;
+            flex-direction: column;
+        }
+        
+        .chat-header {
+            background: linear-gradient(135deg, #2a2a2a 0%, #3a3a3a 100%);
+            padding: 20px;
+            text-align: center;
+            border-bottom: 1px solid #444;
+        }
+        
+        .chat-header h2 {
+            color: #ffffff;
+            margin: 0;
+            font-size: 1.5rem;
+            font-weight: 600;
+        }
+        
+        .chat-header p {
+            color: #aaa;
+            margin: 5px 0 0 0;
+            font-size: 0.9rem;
+        }
+        
+        .chat-messages {
+            flex: 1;
+            padding: 20px;
+            overflow-y: auto;
+            background: #1a1a1a;
+            display: flex;
+            flex-direction: column;
+            gap: 15px;
+        }
+
+        
+        .message {
+            max-width: 70%;
+            padding: 12px 16px;
+            border-radius: 12px;
+            word-wrap: break-word;
+            animation: slideIn 0.3s ease-out;
+        }
+        
+        .message.user {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            align-self: flex-end;
+            margin-left: auto;
+        }
+        
+        .message.assistant {
+            background: linear-gradient(135deg, #2b2b2b 0%, #3b3b3b 100%);
+            color: #eee;
+            align-self: flex-start;
+            border: 1px solid #444;
+        }
+        
+        .message.system {
+            background: linear-gradient(135deg, #28a745 0%, #1e7e34 100%);
+            color: white;
+            align-self: center;
+            text-align: center;
+            font-style: italic;
+        }
+        
+        .chat-input-container {
+            padding: 20px;
+            background: #2a2a2a;
+            border-top: 1px solid #444;
+            display: flex;
+            gap: 10px;
+            align-items: center;
+        }
+        
+        .chat-input {
+            flex: 1;
+            padding: 12px 16px;
+            border: 1px solid #444;
+            border-radius: 24px;
+            background: #1a1a1a;
+            color: #eee;
+            font-size: 14px;
+            outline: none;
+            transition: border-color 0.2s ease;
+        }
+        
+        .chat-input:focus {
+            border-color: #007bff;
+            box-shadow: 0 0 0 2px rgba(0, 123, 255, 0.25);
+        }
+        
+        .chat-input::placeholder {
+            color: #888;
+        }
+        
+        .send-button {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            border: none;
+            padding: 12px 20px;
+            border-radius: 24px;
+            cursor: pointer;
+            font-weight: 500;
+            transition: all 0.2s ease;
+            min-width: 80px;
+        }
+        
+        .send-button:hover {
+            background: linear-gradient(135deg, #0056b3 0%, #004085 100%);
+            transform: translateY(-1px);
+        }
+        
+        .send-button:disabled {
+            background: #444;
+            cursor: not-allowed;
+            transform: none;
+        }
+        
+        .typing-indicator {
+            display: none;
+            padding: 12px 16px;
+            background: #2b2b2b;
+            border-radius: 12px;
+            align-self: flex-start;
+            border: 1px solid #444;
+            color: #aaa;
+            font-style: italic;
+        }
+        
+        .typing-indicator.active {
+            display: block;
+        }
+        
+        .action-buttons {
+            display: flex;
+            gap: 10px;
+            margin-top: 10px;
+            flex-wrap: wrap;
+        }
+        
+        .action-button {
+            background: linear-gradient(135deg, #28a745 0%, #1e7e34 100%);
+            color: white;
+            border: none;
+            padding: 8px 16px;
+            border-radius: 20px;
+            cursor: pointer;
+            font-size: 12px;
+            transition: all 0.2s ease;
+        }
+        
+        .action-button:hover {
+            background: linear-gradient(135deg, #1e7e34 0%, #155724 100%);
+            transform: translateY(-1px);
+        }
+        
+        .policy-preview {
+            background: #1a1a1a;
+            border: 1px solid #444;
+            border-radius: 8px;
+            padding: 15px;
+            margin-top: 15px;
+            max-height: 200px;
+            overflow-y: auto;
+        }
+        
+        .policy-preview pre {
+            color: #eee;
+            font-family: 'Courier New', monospace;
+            font-size: 12px;
+            margin: 0;
+            white-space: pre-wrap;
+        }
+        
+        .quick-actions {
+            display: flex;
+            gap: 10px;
+            margin-bottom: 15px;
+            flex-wrap: wrap;
+        }
+        
+        .quick-action {
+            background: linear-gradient(135deg, #6c757d 0%, #495057 100%);
+            color: white;
+            border: none;
+            padding: 8px 12px;
+            border-radius: 16px;
+            cursor: pointer;
+            font-size: 12px;
+            transition: all 0.2s ease;
+        }
+        
+        .quick-action:hover {
+            background: linear-gradient(135deg, #495057 0%, #343a40 100%);
+        }
+        
+        @keyframes slideIn {
+            from {
+                opacity: 0;
+                transform: translateY(10px);
+            }
+            to {
+                opacity: 1;
+                transform: translateY(0);
+            }
+        }
+        
+        .chat-messages::-webkit-scrollbar {
+            width: 6px;
+        }
+        
+        .chat-messages::-webkit-scrollbar-track {
+            background: rgba(255, 255, 255, 0.1);
+            border-radius: 10px;
+        }
+        
+        .chat-messages::-webkit-scrollbar-thumb {
+            background: rgba(255, 255, 255, 0.3);
+            border-radius: 10px;
+        }
+        
+        .chat-messages::-webkit-scrollbar-thumb:hover {
+            background: rgba(255, 255, 255, 0.5);
+        }
+        
+        .loading {
+            display: inline-block;
+            width: 20px;
+            height: 20px;
+            border: 2px solid #444;
+            border-radius: 50%;
+            border-top-color: #007bff;
+            animation: spin 1s ease-in-out infinite;
+        }
+        
+        @keyframes spin {
+            to { transform: rotate(360deg); }
+        }
+
+        .chat-message {
+            margin-bottom: 12px;
+            padding: 12px 16px;
+            border-radius: 12px;
+            max-width: 85%;
+            word-wrap: break-word;
+            animation: fadeInUp 0.3s ease;
+        }
+
+        .chat-message.user {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            margin-left: auto;
+            border-bottom-right-radius: 4px;
+        }
+
+        .chat-message.agent {
+            background: linear-gradient(135deg, #404040 0%, #505050 100%);
+            color: #ffffff;
+            margin-right: auto;
+            border-bottom-left-radius: 4px;
+        }
+
+        .chat-message strong {
+            display: block;
+            font-size: 12px;
+            opacity: 0.8;
+            margin-bottom: 4px;
+            font-weight: 500;
+        }
+
+        .chat-message-content {
+            font-size: 14px;
+            line-height: 1.4;
+        }
+    </style>
+</head>
+<body>
+<div class="container-fluid">
+    <div class="row flex-nowrap">
+        <input type="hidden" id="csrf-token" th:value="${_csrf.token}" />
+        <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
+        <div class="col py-4">
+            <div class="main-content">
+            <div th:replace="~{fragments/alerts}"></div>
+            
+            <div class="chat-container">
+                <div class="chat-header">
+                    <h2><i class="fas fa-robot"></i> Agent Designer Assistant</h2>
+                    <p>Let me help you create an agent</p>
+                </div>
+                
+                <div class="chat-messages" id="chat-messages">
+                    <div class="message system">
+                        <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an agent.
+                        What kind of agent are you looking to configure?
+                    </div>
+                </div>
+                
+                <div class="chat-input-container" id="chat-container">
+                    <div class="quick-actions">
+                        <button class="quick-action" onclick="sendQuickMessage('I want to create a new ATPL policy')">
+                            <i class="fas fa-plus"></i> New Policy
+                        </button>
+                        <button class="quick-action" onclick="sendQuickMessage('What endpoints does my agent need?')">
+                            <i class="fas fa-link"></i> Endpoints
+                        </button>
+                        <button class="quick-action" onclick="sendQuickMessage('What commands should I allow?')">
+                            <i class="fas fa-terminal"></i> Commands
+                        </button>
+                        <button class="quick-action" onclick="sendQuickMessage('Show me existing policies')">
+                            <i class="fas fa-list"></i> Existing Policies
+                        </button>
+                    </div>
+                    
+                    <div class="d-flex w-100 gap-2">
+                        <input type="text" class="chat-input" id="chat-input"
+                               placeholder="Describe what your agent needs to do..." 
+                               onkeypress="handleKeyPress(event)">
+                        <button class="send-button" id="sendButton" onclick="sendChatMessage()">
+                            <i class="fas fa-paper-plane"></i> Send
+                        </button>
+                    </div>
+                </div>
+                
+                <div class="typing-indicator" id="typingIndicator">
+                    <div class="loading"></div> Assistant is thinking...
+                </div>
+            </div>
+            
+            <div class="action-buttons mt-3 text-center">
+                <button class="btn btn-success" onclick="generatePolicy()">
+                    <i class="fas fa-magic"></i> Generate Policy
+                </button>
+                <button class="btn btn-secondary" onclick="clearChat()">
+                    <i class="fas fa-trash"></i> Clear Chat
+                </button>
+                <button class="btn btn-info" onclick="exportChat()">
+                    <i class="fas fa-download"></i> Export Chat
+                </button>
+            </div>
+        </div>
+    </div>
+</div>
+
+    <script type="module">
+        import * as Chat from '/js/chat.js';
+        let sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
+        let conversationHistory = [];
+        let availableAgent = null;
+        const csrfToken = document.getElementById("csrf-token").value;
+        async function waitForAgent(matchFn, options = {}) {
+            const {
+                interval = 2000,  // 2 seconds between retries
+                timeout = 20000   // give up after 20 seconds
+            } = options;
+
+            const start = Date.now();
+
+            while (Date.now() - start < timeout) {
+                const agents = await Chat.fetchAvailableAgents();
+                const found = agents.find(matchFn);
+
+                if (found) {
+                    return found;
+                }
+
+                $("#alertTopError").text("Agent not available yet").show().delay(3000).fadeOut();
+                await new Promise(resolve => setTimeout(resolve, interval));
+            }
+
+            throw new Error("Agent did not become available in time.");
+        }
+        (async function ensureATPLAgent() {
+            let availableAgent = null;
+            const csrfToken = document.getElementById("csrf-token").value;
+
+            // Initial check
+            const agents = await Chat.fetchAvailableAgents().catch(err => {
+                console.error("Initial agent fetch failed:", err);
+                return [];
+            });
+
+            availableAgent = agents.find(agent =>
+                agent.agentName && agent.agentName.includes("atpl-helper")
+            );
+
+            if (!availableAgent) {
+                // Launch the agent if not found
+                let formJson = {
+                    "agentName": "atpl-helper",
+                    "agentType": "atpl-helper"
+                };
+
+                try {
+                    const response = await fetch('/api/v1/agent/bootstrap/launcher/create', {
+                        method: 'POST',
+                        headers: {
+                            'Content-Type': 'application/json',
+                            "X-CSRF-TOKEN": csrfToken
+                        },
+                        body: JSON.stringify(formJson)
+                    });
+
+                    if (!response.ok) {
+                        throw new Error("Agent creation failed with status " + response.status);
+                    }
+
+                    await response.json();
+
+                    // Wait briefly to give agent time to register
+                    await new Promise(resolve => setTimeout(resolve, 2000)); // adjust as needed
+
+                    try {
+                        const availableAgent = await waitForAgent(agent =>
+                            agent.agentName && agent.agentName.includes("atpl-helper")
+                        );
+
+                        $("#alertTopError").hide();
+                        $("#alertTopBanner").text("Agent is now ready").show().delay(3000).fadeOut();
+                        $("#alertTop").hide();
+                        const container = document.getElementById("chat-container");
+                        container.dataset.agentId = availableAgent.agentId;
+                        container.dataset.agentName = availableAgent.agentName;
+                        container.dataset.agentHost = availableAgent.agentCallback;
+
+                        let session = chatSessions.get(availableAgent.agentId);
+                        if (!session) {
+                            console.log("New session creating:");
+                            session = new ChatSession(availableAgent.agentName, availableAgent.agentId, sessionId,
+                                availableAgent.agentCallback);
+                            session.connect().then(() => {
+                                console.log("Connected to chat server");
+                            });
+                            console.log("New session created:", session);
+
+                            chatSessions.set(availableAgent.agentId, session);
+                        }
+                        console.log("Agent created and available:", availableAgent);
+                    } catch (e) {
+                        console.error(e);
+                        $("#alertTopError").text("Timed out waiting for agent").show().delay(3000).fadeOut();
+                    }
+
+                } catch (err) {
+                    console.error("Error during agent creation or follow-up fetch:", err);
+                    $("#alertTop").hide();
+                    $("#alertTopError").text("Agent not created").show().delay(3000).fadeOut();
+                }
+            } else {
+                console.log("ATPL helper agent already available:", availableAgent);
+            }
+
+            if (availableAgent) {
+                const container = document.getElementById("chat-container");
+                container.dataset.agentId = availableAgent.agentId;
+                container.dataset.agentName = availableAgent.agentName;
+                container.dataset.agentHost = availableAgent.agentCallback;
+
+                let session = chatSessions.get(availableAgent.agentId);
+                if (!session) {
+                    console.log("New session creating:");
+                    session = new ChatSession(availableAgent.agentName, availableAgent.agentId, sessionId,
+                        availableAgent.agentCallback);
+                    session.connect().then(() => {
+                        console.log("Connected to chat server");
+                    });
+                    console.log("New session created:", session);
+
+                    chatSessions.set(availableAgent.agentId, session);
+                }
+            }
+        })();
+
+        
+        function sendQuickMessage(message) {
+            document.getElementById('chat-input').value = message;
+            sendMessage();
+        }
+
+        function addMessage(text, type) {
+            const messagesContainer = document.getElementById('chat-messages');
+            const messageDiv = document.createElement('div');
+            messageDiv.className = `message ${type}`;
+
+            if (type === 'user') {
+                messageDiv.innerHTML = `<i class="fas fa-user"></i> ${text}`;
+            } else if (type === 'assistant') {
+                messageDiv.innerHTML = `<i class="fas fa-robot"></i> ${text}`;
+            } else {
+                messageDiv.innerHTML = text;
+            }
+
+            messagesContainer.appendChild(messageDiv);
+            messagesContainer.scrollTop = messagesContainer.scrollHeight;
+
+            // Store in conversation history
+            conversationHistory.push({type: type, message: text, timestamp: new Date()});
+        }
+
+        function addContextualActions(userMessage) {
+            const messagesContainer = document.getElementById('chat-messages');
+            const actionsDiv = document.createElement('div');
+            actionsDiv.className = 'action-buttons';
+
+            const lowerMessage = userMessage.toLowerCase();
+
+            if (lowerMessage.includes('endpoint')) {
+                actionsDiv.innerHTML += `
+                    <button class="action-button" onclick="sendQuickMessage('I need read-only access to /api/v1/data')">
+                        <i class="fas fa-eye"></i> Read Access
+                    </button>
+                    <button class="action-button" onclick="sendQuickMessage('I need write access to /api/v1/system')">
+                        <i class="fas fa-edit"></i> Write Access
+                    </button>
+                `;
+            }
+
+            if (lowerMessage.includes('command')) {
+                actionsDiv.innerHTML += `
+                    <button class="action-button" onclick="sendQuickMessage('I need basic file operations like ls, cat, grep')">
+                        <i class="fas fa-file"></i> File Operations
+                    </button>
+                    <button class="action-button" onclick="sendQuickMessage('I need system monitoring commands like ps, top, df')">
+                        <i class="fas fa-chart-line"></i> System Monitoring
+                    </button>
+                `;
+            }
+
+            if (actionsDiv.innerHTML) {
+                messagesContainer.appendChild(actionsDiv);
+                messagesContainer.scrollTop = messagesContainer.scrollHeight;
+            }
+        }
+
+        function showTypingIndicator() {
+            document.getElementById('typingIndicator').classList.add('active');
+            document.getElementById('sendButton').disabled = true;
+        }
+
+        function hideTypingIndicator() {
+            document.getElementById('typingIndicator').classList.remove('active');
+            document.getElementById('sendButton').disabled = false;
+        }
+
+        function handleKeyPress(event) {
+            if (event.key === 'Enter') {
+                Chat.sendMessage(event);
+            }
+        }
+
+        window.handleKeyPress = handleKeyPress;
+
+        window.sendChatMessage = function() {
+            Chat.sendMessage(null);
+        }
+
+        async function generatePolicy() {
+            if (conversationHistory.length === 0) {
+                alert('Please have a conversation first to generate a policy.');
+                return;
+            }
+
+            try {
+                const response = await fetch('/api/v1/atpl/chat/generate-policy', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'X-CSRF-TOKEN': document.querySelector('meta[name="_csrf"]').getAttribute('content')
+                    },
+                    body: JSON.stringify({
+                        sessionId: sessionId
+                    })
+                });
+
+                const data = await response.json();
+
+                if (data.error) {
+                    addMessage('Error generating policy: ' + data.error, 'assistant');
+                } else {
+                    addMessage('Here\'s your generated ATPL policy:', 'assistant');
+
+                    // Add policy preview
+                    const messagesContainer = document.getElementById('chat-messages');
+                    const policyDiv = document.createElement('div');
+                    policyDiv.className = 'policy-preview';
+                    policyDiv.innerHTML = `
+                        <pre>${JSON.stringify(data.policy, null, 2)}</pre>
+                        <div class="mt-2">
+                            <button class="btn btn-sm btn-primary" onclick="copyToClipboard('${JSON.stringify(data.policy)}')">
+                                <i class="fas fa-copy"></i> Copy
+                            </button>
+                            <button class="btn btn-sm btn-success" onclick="savePolicy('${JSON.stringify(data.policy)}')">
+                                <i class="fas fa-save"></i> Save
+                            </button>
+                        </div>
+                    `;
+                    messagesContainer.appendChild(policyDiv);
+                    messagesContainer.scrollTop = messagesContainer.scrollHeight;
+                }
+
+            } catch (error) {
+                console.error('Error generating policy:', error);
+                addMessage('Sorry, I couldn\'t generate the policy right now.', 'assistant');
+            }
+        }
+
+        function clearChat() {
+            document.getElementById('chat-messages').innerHTML = `
+                <div class="message system">
+                    <i class="fas fa-sparkles"></i> Welcome! I'm here to help you create an ATPL policy.
+                    What kind of agent are you looking to configure?
+                </div>
+            `;
+            conversationHistory = [];
+            sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
+        }
+
+        window.clearChat = clearChat;
+
+        function exportChat() {
+            const chatData = {
+                sessionId: sessionId,
+                timestamp: new Date().toISOString(),
+                conversation: conversationHistory
+            };
+
+            const dataStr = JSON.stringify(chatData, null, 2);
+            const dataUri = 'data:application/json;charset=utf-8,'+ encodeURIComponent(dataStr);
+
+            const exportFileDefaultName = 'atpl-chat-' + new Date().toISOString().split('T')[0] + '.json';
+
+            const linkElement = document.createElement('a');
+            linkElement.setAttribute('href', dataUri);
+            linkElement.setAttribute('download', exportFileDefaultName);
+            linkElement.click();
+        }
+
+
+        window.exportChat = exportChat;
+
+        function copyToClipboard(text) {
+            navigator.clipboard.writeText(text).then(() => {
+                alert('Policy copied to clipboard!');
+            }).catch(err => {
+                console.error('Failed to copy: ', err);
+            });
+        }
+
+        window.copyToClipboard = copyToClipboard;
+
+        function savePolicy(policyJson) {
+            // This would redirect to the regular ATPL configuration page with the policy pre-filled
+            const form = document.createElement('form');
+            form.method = 'POST';
+            form.action = '/sso/v1/atpl/save';
+
+            const input = document.createElement('input');
+            input.type = 'hidden';
+            input.name = 'policy';
+            input.value = policyJson;
+
+            form.appendChild(input);
+            document.body.appendChild(form);
+            form.submit();
+        }
+
+        // Initialize focus on input
+        document.addEventListener('DOMContentLoaded', function() {
+            document.getElementById('chat-input').focus();
+        });
+
+        window.savePolicy = savePolicy;
+    </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/api/src/main/resources/templates/sso/dashboard.html b/api/src/main/resources/templates/sso/dashboard.html
index 60006ff0..adc32699 100755
--- a/api/src/main/resources/templates/sso/dashboard.html
+++ b/api/src/main/resources/templates/sso/dashboard.html
@@ -351,168 +351,168 @@
         });
 
     </script>
-    <style>
-        #chat-container {
-            position: fixed;
-            bottom: 20px;
-            right: 20px;
-            width: 360px;
-            height: 500px;
-            z-index: 1000;
-            background: linear-gradient(135deg, #1a1a1a 0%, #2d2d2d 100%);
-            border: 1px solid #404040;
-            border-radius: 16px;
-            padding: 0;
-            display: none;
-            display: flex;
-            flex-direction: column;
-            box-shadow: 0 12px 32px rgba(0, 0, 0, 0.5), 0 4px 16px rgba(0, 0, 0, 0.3);
-            overflow: hidden;
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
-            transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
-            backdrop-filter: blur(10px);
-        }
-
-        #chat-container.hidden {
-            transform: translateY(20px);
-            opacity: 0;
-            pointer-events: none;
-        }
-
-        #chat-container:not(.hidden) {
-            transform: translateY(0);
-            opacity: 1;
-            pointer-events: auto;
-        }
-
-        #chat-header {
-            background: linear-gradient(135deg, #2a2a2a 0%, #3a3a3a 100%);
-            padding: 16px 20px;
-            cursor: pointer;
-            text-align: center;
-            font-weight: 600;
-            position: relative;
-            border-bottom: 1px solid #404040;
-            color: #ffffff;
-            font-size: 15px;
-            letter-spacing: 0.5px;
-        }
-
-        #chat-header:hover {
-            background: linear-gradient(135deg, #2f2f2f 0%, #3f3f3f 100%);
-        }
-
-        #close-chat {
-            position: absolute;
-            right: 16px;
-            top: 50%;
-            transform: translateY(-50%);
-            cursor: pointer;
-            color: #888;
-            font-size: 18px;
-            transition: color 0.2s ease;
-            padding: 4px;
-        }
-
-        #close-chat:hover {
-            color: #ff4757;
-        }
-
-        #chat-messages {
-            flex: 1;
-            overflow-y: auto;
-            padding: 16px;
-            background: linear-gradient(135deg, #1a1a1a 0%, #252525 100%);
-            font-size: 14px;
-            line-height: 1.5;
-            min-height: 0;
-        }
-
-        #chat-messages::-webkit-scrollbar {
-            width: 6px;
-        }
-
-        #chat-messages::-webkit-scrollbar-track {
-            background: rgba(255, 255, 255, 0.1);
-            border-radius: 10px;
-        }
-
-        #chat-messages::-webkit-scrollbar-thumb {
-            background: rgba(255, 255, 255, 0.3);
-            border-radius: 10px;
-        }
-
-        #chat-messages::-webkit-scrollbar-thumb:hover {
-            background: rgba(255, 255, 255, 0.5);
-        }
-
-        .chat-message {
-            margin-bottom: 12px;
-            padding: 12px 16px;
-            border-radius: 12px;
-            max-width: 85%;
-            word-wrap: break-word;
-            animation: fadeInUp 0.3s ease;
-        }
-
-        .chat-message.user {
-            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
-            color: white;
-            margin-left: auto;
-            border-bottom-right-radius: 4px;
-        }
-
-        .chat-message.agent {
-            background: linear-gradient(135deg, #404040 0%, #505050 100%);
-            color: #ffffff;
-            margin-right: auto;
-            border-bottom-left-radius: 4px;
-        }
-
-        .chat-message strong {
-            display: block;
-            font-size: 12px;
-            opacity: 0.8;
-            margin-bottom: 4px;
-            font-weight: 500;
-        }
-
-        .chat-message-content {
-            font-size: 14px;
-            line-height: 1.4;
-        }
-
-        #chat-input {
-            width: 100%;
-            padding: 16px 20px;
-            border: none;
-            background: linear-gradient(135deg, #2a2a2a 0%, #3a3a3a 100%);
-            color: #ffffff;
-            font-size: 14px;
-            border-top: 1px solid #404040;
-            outline: none;
-            font-family: inherit;
-            transition: all 0.2s ease;
-        }
-
-        #chat-input::placeholder {
-            color: #888;
-        }
-
-        #chat-input:focus {
-            background: linear-gradient(135deg, #2f2f2f 0%, #3f3f3f 100%);
-            box-shadow: inset 0 0 0 1px #007bff;
-        }
-
-        @keyframes fadeInUp {
-            from {
-                opacity: 0;
-                transform: translateY(10px);
-            }
-            to {
-                opacity: 1;
-                transform: translateY(0);
-            }
+    <style>
+        #chat-container {
+            position: fixed;
+            bottom: 20px;
+            right: 20px;
+            width: 360px;
+            height: 500px;
+            z-index: 1000;
+            background: linear-gradient(135deg, #1a1a1a 0%, #2d2d2d 100%);
+            border: 1px solid #404040;
+            border-radius: 16px;
+            padding: 0;
+            display: none;
+            display: flex;
+            flex-direction: column;
+            box-shadow: 0 12px 32px rgba(0, 0, 0, 0.5), 0 4px 16px rgba(0, 0, 0, 0.3);
+            overflow: hidden;
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+            transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
+            backdrop-filter: blur(10px);
+        }
+
+        #chat-container.hidden {
+            transform: translateY(20px);
+            opacity: 0;
+            pointer-events: none;
+        }
+
+        #chat-container:not(.hidden) {
+            transform: translateY(0);
+            opacity: 1;
+            pointer-events: auto;
+        }
+
+        #chat-header {
+            background: linear-gradient(135deg, #2a2a2a 0%, #3a3a3a 100%);
+            padding: 16px 20px;
+            cursor: pointer;
+            text-align: center;
+            font-weight: 600;
+            position: relative;
+            border-bottom: 1px solid #404040;
+            color: #ffffff;
+            font-size: 15px;
+            letter-spacing: 0.5px;
+        }
+
+        #chat-header:hover {
+            background: linear-gradient(135deg, #2f2f2f 0%, #3f3f3f 100%);
+        }
+
+        #close-chat {
+            position: absolute;
+            right: 16px;
+            top: 50%;
+            transform: translateY(-50%);
+            cursor: pointer;
+            color: #888;
+            font-size: 18px;
+            transition: color 0.2s ease;
+            padding: 4px;
+        }
+
+        #close-chat:hover {
+            color: #ff4757;
+        }
+
+        #chat-messages {
+            flex: 1;
+            overflow-y: auto;
+            padding: 16px;
+            background: linear-gradient(135deg, #1a1a1a 0%, #252525 100%);
+            font-size: 14px;
+            line-height: 1.5;
+            min-height: 0;
+        }
+
+        #chat-messages::-webkit-scrollbar {
+            width: 6px;
+        }
+
+        #chat-messages::-webkit-scrollbar-track {
+            background: rgba(255, 255, 255, 0.1);
+            border-radius: 10px;
+        }
+
+        #chat-messages::-webkit-scrollbar-thumb {
+            background: rgba(255, 255, 255, 0.3);
+            border-radius: 10px;
+        }
+
+        #chat-messages::-webkit-scrollbar-thumb:hover {
+            background: rgba(255, 255, 255, 0.5);
+        }
+
+        .chat-message {
+            margin-bottom: 12px;
+            padding: 12px 16px;
+            border-radius: 12px;
+            max-width: 85%;
+            word-wrap: break-word;
+            animation: fadeInUp 0.3s ease;
+        }
+
+        .chat-message.user {
+            background: linear-gradient(135deg, #007bff 0%, #0056b3 100%);
+            color: white;
+            margin-left: auto;
+            border-bottom-right-radius: 4px;
+        }
+
+        .chat-message.agent {
+            background: linear-gradient(135deg, #404040 0%, #505050 100%);
+            color: #ffffff;
+            margin-right: auto;
+            border-bottom-left-radius: 4px;
+        }
+
+        .chat-message strong {
+            display: block;
+            font-size: 12px;
+            opacity: 0.8;
+            margin-bottom: 4px;
+            font-weight: 500;
+        }
+
+        .chat-message-content {
+            font-size: 14px;
+            line-height: 1.4;
+        }
+
+        #chat-input {
+            width: 100%;
+            padding: 16px 20px;
+            border: none;
+            background: linear-gradient(135deg, #2a2a2a 0%, #3a3a3a 100%);
+            color: #ffffff;
+            font-size: 14px;
+            border-top: 1px solid #404040;
+            outline: none;
+            font-family: inherit;
+            transition: all 0.2s ease;
+        }
+
+        #chat-input::placeholder {
+            color: #888;
+        }
+
+        #chat-input:focus {
+            background: linear-gradient(135deg, #2f2f2f 0%, #3f3f3f 100%);
+            box-shadow: inset 0 0 0 1px #007bff;
+        }
+
+        @keyframes fadeInUp {
+            from {
+                opacity: 0;
+                transform: translateY(10px);
+            }
+            to {
+                opacity: 1;
+                transform: translateY(0);
+            }
         }
 
         small-card {
@@ -657,8 +657,9 @@ <h5 class="card-title">AI Admin Operations</h5>
                                     </button>
 
 
-                                    <a href="#" class="btn btn-primary" data-bs-toggle="modal"
-                                       data-bs-target="#userFormModal">Usage Patterns</a>
+                                    <a href="/sso/v1/agent/design/chat" class="btn btn-success">
+                                        <i class="fas fa-comments"></i> Design Agent
+                                    </a>
                                 </div>
                                 <div id="agent-dropdown" class="dropdown-menu p-3 shadow" style="display: none; min-width: 250px;">
                                     <label for="agent-select" class="form-label">Select an Agent</label>
diff --git a/api/src/main/resources/templates/sso/enclaves/list_servers.html b/api/src/main/resources/templates/sso/enclaves/list_servers.html
index 9904c65d..e993953e 100755
--- a/api/src/main/resources/templates/sso/enclaves/list_servers.html
+++ b/api/src/main/resources/templates/sso/enclaves/list_servers.html
@@ -229,7 +229,7 @@ <h3>Available Agents</h3>
             .then(data => {
 
                 $("#alertTopError").hide();
-                $("#alertTop").text("Agent Deleted").show().delay(3000).fadeOut();
+                $("#alertTop").text("Agent Shutdown Initiated").show().delay(3000).fadeOut();
                 $('#agent-table').DataTable().ajax.reload();
             })
             .catch(error => {
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/AgentRegistrationDTO.java b/core/src/main/java/io/sentrius/sso/core/dto/AgentRegistrationDTO.java
index 6877b0cb..c6f2cdb2 100644
--- a/core/src/main/java/io/sentrius/sso/core/dto/AgentRegistrationDTO.java
+++ b/core/src/main/java/io/sentrius/sso/core/dto/AgentRegistrationDTO.java
@@ -20,4 +20,6 @@ public class AgentRegistrationDTO {
     private final String clientId;
     private final String agentType;
     private final String agentCallbackUrl;
+    @Builder.Default
+    private final String agentContextId = "";
 }
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextDTO.java b/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextDTO.java
new file mode 100644
index 00000000..19e3b8de
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextDTO.java
@@ -0,0 +1,29 @@
+package io.sentrius.sso.core.dto.agents;
+
+import java.time.Instant;
+import java.util.UUID;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Builder
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class AgentContextDTO {
+    @Builder.Default
+    private UUID id = UUID.randomUUID();
+    private String name;
+    @Builder.Default
+    private String description = "";
+    private String context; // The YAML or text body
+    @Builder.Default
+    private Instant createdAt = Instant.now();
+    @Builder.Default
+    private Instant updatedAt =  Instant.now();
+}
+
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextRequestDTO.java b/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextRequestDTO.java
new file mode 100644
index 00000000..5537a072
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentContextRequestDTO.java
@@ -0,0 +1,23 @@
+package io.sentrius.sso.core.dto.agents;
+
+import java.time.Instant;
+import java.util.UUID;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+
+@Builder
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString
+public class AgentContextRequestDTO {
+
+    private String name;
+    private String description;
+    private String context;
+
+}
+
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentLaunchResponseDTO.java b/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentLaunchResponseDTO.java
new file mode 100644
index 00000000..733fdde6
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/dto/agents/AgentLaunchResponseDTO.java
@@ -0,0 +1,11 @@
+package io.sentrius.sso.core.dto.agents;
+import java.util.UUID;
+
+public class AgentLaunchResponseDTO {
+    private String agentId;
+    private UUID contextId;
+    private String launchedBy;
+    private String launchParameters; // Optional
+
+    // Getters and setters
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/model/verbs/Verb.java b/core/src/main/java/io/sentrius/sso/core/model/verbs/Verb.java
index 80313edc..18004615 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/verbs/Verb.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/verbs/Verb.java
@@ -17,4 +17,8 @@
     // if set to true, this verb will be callable by AI agents
     boolean isAiCallable() default true;
     boolean requiresTokenManagement() default false;
+
+
+    // New field for example input
+    String exampleJson() default "";
 }
\ No newline at end of file
diff --git a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
index 8b1b55ea..c94da864 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
@@ -11,6 +11,8 @@
 import io.sentrius.sso.core.dto.AgentCommunicationDTO;
 import io.sentrius.sso.core.dto.AgentHeartbeatDTO;
 import io.sentrius.sso.core.dto.AgentRegistrationDTO;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.dto.agents.AgentContextRequestDTO;
 import io.sentrius.sso.core.dto.capabilities.EndpointDescriptor;
 import io.sentrius.sso.core.dto.ztat.AgentExecution;
 import io.sentrius.sso.core.dto.ztat.AtatRequest;
@@ -18,6 +20,7 @@
 import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.services.security.KeycloakService;
+import io.sentrius.sso.core.trust.AgentContext;
 import io.sentrius.sso.core.utils.JsonUtil;
 import io.sentrius.sso.provenance.ProvenanceEvent;
 import lombok.extern.slf4j.Slf4j;
@@ -236,4 +239,44 @@ public List<EndpointDescriptor> getAvailableVerbs(TokenDTO token) throws ZtatExc
         return List.of();
     }
 
+    public String getAgentPodStatus(String launcherService, String agentId) throws ZtatException {
+        return zeroTrustClientService.callAuthenticatedGetOnApi(launcherService,
+            "agent/launcher" +
+                "/status", Maps.immutableEntry("agentId", List.of(agentId)) );
+    }
+
+    public AgentContextDTO getAgentContext(TokenDTO token, String agentContextId) throws ZtatException,
+        JsonProcessingException {
+        String url = "/api/v1/agent/context/" + agentContextId;
+        String response = zeroTrustClientService.callGetOnApi(token, url);
+        if (response != null) {
+            return JsonUtil.MAPPER.readValue(response, AgentContextDTO.class);
+        }
+        return null;
+    }
+
+    public AgentContextDTO createAgentContext(AgentExecution execution, AgentContextRequestDTO dto)
+        throws ZtatException, JsonProcessingException {
+        String url = "/api/v1/agent/context";
+        String response = zeroTrustClientService.callPostOnApi(execution, url, dto, null );
+        if (response != null) {
+            return JsonUtil.MAPPER.readValue(response, AgentContextDTO.class);
+        }
+        return null;
+    }
+
+    public String createAgent(AgentExecution execution, AgentRegistrationDTO registrationDTO)
+        throws ZtatException, JsonProcessingException {
+        String ask = "/agent/bootstrap/launcher/create";
+
+        var acommResponse = zeroTrustClientService.callPostOnApi(ask, registrationDTO);
+        return acommResponse;
+    }
+
+    public String getCreatedAgentStatus(AgentExecution execution, String agentId)
+        throws ZtatException, JsonProcessingException {
+        String ask = "/agent/bootstrap/launcher/status";
+
+        return zeroTrustClientService.callGetOnApi(execution, ask , Maps.immutableEntry("agentId", List.of(agentId)));
+    }
 }
diff --git a/core/src/main/java/io/sentrius/sso/core/services/agents/ZeroTrustClientService.java b/core/src/main/java/io/sentrius/sso/core/services/agents/ZeroTrustClientService.java
index 078fc1ad..43eeb73a 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/agents/ZeroTrustClientService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/agents/ZeroTrustClientService.java
@@ -115,8 +115,10 @@ <T> String callPostOnApi(@NonNull TokenDTO token, String endpoint, @NonNull Stri
         }
         var builder = UriComponentsBuilder.fromUri(URI.create(endpoint))
             .path(apiEndpoint);
-        for (Map.Entry<String, List<String>> entry : params) {
-            builder.queryParam(entry.getKey(), entry.getValue());
+        if (null != params) {
+            for (Map.Entry<String, List<String>> entry : params) {
+                builder.queryParam(entry.getKey(), entry.getValue());
+            }
         }
         try{
             ResponseEntity<String> response = restTemplate.exchange(builder.build(true).toUriString(), HttpMethod.POST, requestEntity, String.class);
@@ -302,7 +304,6 @@ public <T> String callAuthenticatedGetOnApi(
         headers.setContentType(MediaType.APPLICATION_JSON);
         headers.setBearerAuth(keycloakJwt);
 
-        log.info("**** EXPOSING JWT {}", keycloakJwt);
         HttpEntity<T> requestEntity = new HttpEntity<>(headers);
         if (!apiEndpoint.startsWith("/")) {
             apiEndpoint = "/" + apiEndpoint;
diff --git a/core/src/main/java/io/sentrius/sso/core/trust/ATPLPolicy.java b/core/src/main/java/io/sentrius/sso/core/trust/ATPLPolicy.java
index 94422a49..bbad29cb 100644
--- a/core/src/main/java/io/sentrius/sso/core/trust/ATPLPolicy.java
+++ b/core/src/main/java/io/sentrius/sso/core/trust/ATPLPolicy.java
@@ -1,6 +1,7 @@
 package io.sentrius.sso.core.trust;
 
 import java.util.Set;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
@@ -15,6 +16,7 @@
 @Setter
 @AllArgsConstructor
 @NoArgsConstructor
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class ATPLPolicy {
     @Builder.Default
     private String version = "v0";
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/config/SystemOptions.java b/dataplane/src/main/java/io/sentrius/sso/core/config/SystemOptions.java
index 98ae4246..56a2d3a2 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/config/SystemOptions.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/config/SystemOptions.java
@@ -3,7 +3,6 @@
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -124,7 +123,7 @@ public class SystemOptions {
   public Boolean enableLLMQuestions = false;
 
 
-  public Boolean sshEnabled = true;
+  public Boolean lockdownEnabled = false;
 
   @Updatable(description = "AI risk score before user sessions are halted. Changes won't apply to currently running " +
       "sessions")
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java
new file mode 100644
index 00000000..a100173d
--- /dev/null
+++ b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java
@@ -0,0 +1,46 @@
+package io.sentrius.sso.core.model.agents;
+
+import java.time.Instant;
+import java.util.UUID;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.Lob;
+
+import jakarta.persistence.PrePersist;
+import jakarta.persistence.PreUpdate;
+import lombok.Getter;
+import lombok.Setter;
+
+@Entity
+@Getter
+@Setter
+public class AgentContext {
+
+    @Id
+    @GeneratedValue
+    private UUID id;
+
+    private String name;
+    private String description;
+
+    @Lob
+    @Column(columnDefinition = "TEXT")
+    private String context; // YAML or JSON string
+
+    private Instant createdAt;
+    private Instant updatedAt;
+
+    @PrePersist
+    protected void onCreate() {
+        createdAt = updatedAt = Instant.now();
+    }
+
+    @PreUpdate
+    protected void onUpdate() {
+        updatedAt = Instant.now();
+    }
+
+    // Getters and setters omitted for brevity
+}
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java
new file mode 100644
index 00000000..c52a011b
--- /dev/null
+++ b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java
@@ -0,0 +1,38 @@
+package io.sentrius.sso.core.model.agents;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.Setter;
+import java.time.Instant;
+import java.util.UUID;
+
+@Entity
+@Setter
+@Getter
+public class AgentLaunch {
+
+    @Id
+    @GeneratedValue
+    private UUID id;
+
+    private String agentId;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "context_id", nullable = false)
+    private AgentContext context;
+
+    private String launchedBy;
+
+    @Lob
+    @Column(columnDefinition = "TEXT")
+    private String launchParameters;
+
+    private Instant createdAt;
+
+    @PrePersist
+    protected void onCreate() {
+        createdAt = Instant.now();
+    }
+
+    // Getters and setters omitted
+}
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/repository/AgentContextRepository.java b/dataplane/src/main/java/io/sentrius/sso/core/repository/AgentContextRepository.java
new file mode 100644
index 00000000..a8b8b4e2
--- /dev/null
+++ b/dataplane/src/main/java/io/sentrius/sso/core/repository/AgentContextRepository.java
@@ -0,0 +1,9 @@
+package io.sentrius.sso.core.repository;
+
+import io.sentrius.sso.core.model.agents.AgentContext;
+import org.springframework.data.jpa.repository.JpaRepository;
+import java.util.UUID;
+
+public interface AgentContextRepository extends JpaRepository<AgentContext, UUID> {
+}
+
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/repository/AgentLaunchRepository.java b/dataplane/src/main/java/io/sentrius/sso/core/repository/AgentLaunchRepository.java
new file mode 100644
index 00000000..6f571d9f
--- /dev/null
+++ b/dataplane/src/main/java/io/sentrius/sso/core/repository/AgentLaunchRepository.java
@@ -0,0 +1,8 @@
+package io.sentrius.sso.core.repository;
+
+import io.sentrius.sso.core.model.agents.AgentLaunch;
+import org.springframework.data.jpa.repository.JpaRepository;
+import java.util.UUID;
+
+public interface AgentLaunchRepository extends JpaRepository<AgentLaunch, UUID> {
+}
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java
new file mode 100644
index 00000000..37c85f29
--- /dev/null
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java
@@ -0,0 +1,31 @@
+package io.sentrius.sso.core.services.agents;
+
+
+import java.util.UUID;
+import io.sentrius.sso.core.dto.agents.AgentContextRequestDTO;
+import io.sentrius.sso.core.model.agents.AgentContext;
+import io.sentrius.sso.core.repository.AgentContextRepository;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AgentContextService {
+
+    private final AgentContextRepository contextRepo;
+
+    public AgentContextService(AgentContextRepository contextRepo) {
+        this.contextRepo = contextRepo;
+    }
+
+    public AgentContext create(AgentContextRequestDTO dto) {
+        AgentContext context = new AgentContext();
+        context.setName(dto.getName());
+        context.setDescription(dto.getDescription());
+        context.setContext(dto.getContext());
+        return contextRepo.save(context);
+    }
+
+    public AgentContext getContextOrThrow(UUID id) {
+        return contextRepo.findById(id)
+            .orElseThrow(() -> new IllegalArgumentException("Agent context not found: " + id));
+    }
+}
\ No newline at end of file
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentLaunchService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentLaunchService.java
new file mode 100644
index 00000000..bcda2dfe
--- /dev/null
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentLaunchService.java
@@ -0,0 +1,32 @@
+package io.sentrius.sso.core.services.agents;
+
+import java.util.UUID;
+import io.sentrius.sso.core.model.agents.AgentContext;
+import io.sentrius.sso.core.model.agents.AgentLaunch;
+import io.sentrius.sso.core.repository.AgentLaunchRepository;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AgentLaunchService {
+
+    private final AgentLaunchRepository launchRepo;
+    private final AgentContextService contextService;
+
+    public AgentLaunchService(AgentLaunchRepository launchRepo, AgentContextService contextService) {
+        this.launchRepo = launchRepo;
+        this.contextService = contextService;
+    }
+
+    public UUID recordLaunch(String agentId, UUID contextId, String launchedBy, String parameters) {
+        AgentContext context = contextService.getContextOrThrow(contextId);
+
+        AgentLaunch launch = new AgentLaunch();
+        launch.setAgentId(agentId);
+        launch.setContext(context);
+        launch.setLaunchedBy(launchedBy);
+        launch.setLaunchParameters(parameters);
+
+        AgentLaunch saved = launchRepo.save(launch);
+        return saved.getId();
+    }
+}
\ No newline at end of file
diff --git a/sentrius-chart-launcher/templates/configmap.yaml b/sentrius-chart-launcher/templates/configmap.yaml
index cd2493a8..878b47ac 100644
--- a/sentrius-chart-launcher/templates/configmap.yaml
+++ b/sentrius-chart-launcher/templates/configmap.yaml
@@ -16,211 +16,29 @@ data:
         "terminalSummaryForLLM": "<Summary of the terminal thus far for the next LLM assessment>",
           "responseForUser": "<Response to the user>"
       }
-  chat-atpl-helper.yaml: |
+  assessor-config.yaml: |
     description: "Agent that handles logs and OpenAI access."
     context: |
-      You are a helpful agent that helps define a a trust policy. Guide the user through the process of defining a trust policy for an agent.
-      Here is the schema for the Agent Trust Policy Language (ATPL). If no version or policy_id given generate them.
-      Most fields are optional, but the minimum will be capabilities. primitives are simple endpoint connections.
-      Focus on getting those filled in. Following this list will be a message containing all endpoints of the system.
+      Your job is to fetch logs for currently open terminals and assess if the user is performing risky behavior.
+      If risk is medium or higher kill the terminal session.
+      Risk should be defined in a json response of the form:
       {
-      "$schema": "https://json-schema.org/draft/2020-12/schema",
-      "$id": "https://sentrius.io/schemas/atpl.schema.json",
-      "title": "Agent Trust Policy Language (ATPL)",
-      "type": "object",
-      "required": ["version", "policy_id", "capabilities"],
-      "properties": {
-        "version": {
-          "type": "string",
-          "pattern": "^v[0-9]+$"
-        },
-        "policy_id": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "match": {
-          "type": "object",
-          "properties": {
-            "agent_tags": {
-              "type": "array",
-              "items": { "type": "string" }
-            }
-          }
-        },
-        "identity": {
-          "type": "object",
-          "properties": {
-            "issuer": { "type": "string" },
-            "subject_prefix": { "type": "string" },
-            "mfa_required": { "type": "boolean" },
-            "certificate_authority": { "type": "string" }
-          }
-        },
-        "provenance": {
-          "type": "object",
-          "properties": {
-            "source": { "type": "string" },
-            "signature_required": { "type": "boolean" },
-            "approved_committers": {
-              "type": "array",
-              "items": { "type": "string" }
-            }
-          }
-        },
-        "runtime": {
-          "type": "object",
-          "properties": {
-            "enclave_required": { "type": "boolean" },
-            "attestation_type": { "type": "string" },
-            "verified_at_boot": { "type": "boolean" }
-          }
-        },
-        "behavior": {
-          "type": "object",
-          "properties": {
-            "minimum_positive_runs": { "type": "integer" },
-            "max_incidents": { "type": "integer" },
-            "incident_types": {
-              "type": "object",
-              "properties": {
-                "denylist": {
-                  "type": "array",
-                  "items": { "type": "string" }
-                }
-              }
-            }
-          }
-        },
-        "trust_score": {
-          "type": "object",
-          "properties": {
-            "minimum": { "type": "integer" },
-            "weightings": {
-              "type": "object",
-              "properties": {
-                "identity": { "type": "number" },
-                "provenance": { "type": "number" },
-                "runtime": { "type": "number" },
-                "behavior": { "type": "number" }
-              }
-            }
-          }
-        },
-        "capabilities": {
-          "type": "object",
-          "required": ["primitives", "composed"],
-          "properties": {
-            "primitives": {
-              "type": "array",
-              "items": {
-                "type": "object",
-                "required": ["id", "description"],
-                "properties": {
-                  "id": { "type": "string" },
-                  "description": { "type": "string" },
-                  "endpoints": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "commands": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "subcommands": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "activities": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "tags": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  }
-                }
-              }
-            },
-            "composed": {
-              "type": "array",
-              "items": {
-                "type": "object",
-                "required": ["id", "includes"],
-                "properties": {
-                  "id": { "type": "string" },
-                  "includes": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "tags": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "endpoints": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "commands": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "subcommands": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  },
-                  "activities": {
-                    "type": "array",
-                    "items": { "type": "string" }
-                  }
-                }
-              }
-            }
-          }
-        }
-          ,
-        "actions": {
-          "type": "object",
-          "properties": {
-            "on_failure": {
-              "type": "string",
-              "enum": ["deny", "log", "alert"]
-            },
-            "on_success": {
-              "type": "string",
-              "enum": ["allow", "log"]
-            },
-            "on_marginal": {
-              "oneOf": [
-                {"type": "string", "enum": ["require_ztat", "log"]},
-                {
-                  "type": "object",
-                  "properties": {
-                    "action": {"type": "string", "enum": ["require_ztat"]},
-                    "ztat_provider": {"type": "string"}
-                  },
-                  "required": ["action"]
-                }
-              ]
-            }
-          }
-        },
-        "ztat": {
-          "type": "object",
-          "properties": {
-            "provider": {"type": "string"},
-            "ttl": {"type": "string"},
-            "approved_issuers": {
-              "type": "array",
-              "items": {"type": "string"}
-            },
-            "key_binding": {"type": "string"},
-            "approval_required": {"type": "boolean"}
-          }
-        }
-      }
+            "sessionId": "<id>",
+            "risk": "<low|medium|high>",
+            "description": "<why they received the risk>"
       }
+  chat-atpl-helper.yaml: |
+    description: "Agent that handles logs and OpenAI access."
+    context: |
+      You help launch agents. User will define agent responsibilities that will fill in the agent context. Create the
+      trust policy for the agent, and
+      name its policy id after the agent name. If the user has a trust policy ID, use it, but don't ask for it.
+      Query for schema of the trust policy and ask the user to fill it
+      required parts if they ask to create one, but don't ask them about the policy unless they bring it up. Save it,
+      then launch the agent with the defined
+      responsibilities and
+      using the trust policy ID. If you need to define the trust policy system endpoints are available for query.
+      You can query status of the agent launch and return it to the user. Validate the agent launch by checking if the agent is running.
   launcher.properties: |
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=false

From 2ff4645ea7a9b01286019e27fc73a3205c2694be Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Thu, 10 Jul 2025 16:28:10 -0400
Subject: [PATCH 7/9] update

---
 .local.env                                    |  16 +--
 .local.env.bak                                |  16 +--
 .../launcher/service/PodLauncherService.java  |  47 ++++----
 .../config/AgentWebSocketProxyHandler.java    |   2 +-
 .../interpreters/ObjectNodeInterpreter.java   |  17 ++-
 .../analysis/agents/verbs/AgentVerbs.java     |  50 +++------
 .../analysis/agents/verbs/AtplVerbs.java      |  10 +-
 .../analysis/agents/verbs/ChatVerbs.java      | 101 ++++++++----------
 .../agent/analysis/agents/verbs/VerbBase.java |  67 ++++++++++++
 .../analysis/api/websocket/ChatWSHandler.java |  80 ++++++++------
 .../controllers/api/AgentApiController.java   |   6 +-
 ...agent_launch.sql => V18__agent_launch.sql} |   0
 .../templates/sso/agents/design_chat.html     |  24 +----
 .../services/agents/AgentClientService.java   |   9 +-
 .../sso/core/model/agents/AgentContext.java   |   2 +
 .../sso/core/model/agents/AgentLaunch.java    |   1 +
 .../sso/core/services/ATPLPolicyService.java  |   3 +-
 .../services/agents/AgentContextService.java  |   6 +-
 docker/agent-proxy/Dockerfile                 |   4 +-
 docker/integrationproxy/Dockerfile            |   4 +-
 docker/sentrius-agent/Dockerfile              |   4 +-
 docker/sentrius-ai-agent/Dockerfile           |   2 +-
 docker/sentrius-launchable-agent/Dockerfile   |   4 +-
 docker/sentrius-launcher-service/Dockerfile   |   4 +-
 docker/sentrius/Dockerfile                    |   4 +-
 ops-scripts/local/deploy-helm.sh              |  11 ++
 .../templates/configmap.yaml                  |   1 +
 sentrius-chart-launcher/values.yaml           |  10 ++
 sentrius-chart/templates/configmap.yaml       |  10 ++
 sentrius-chart/values.yaml                    |   8 ++
 30 files changed, 317 insertions(+), 206 deletions(-)
 create mode 100644 ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/VerbBase.java
 rename api/src/main/resources/db/migration/{V18_agent_launch.sql => V18__agent_launch.sql} (100%)

diff --git a/.local.env b/.local.env
index d6e5e1f1..d82cabb4 100644
--- a/.local.env
+++ b/.local.env
@@ -1,8 +1,8 @@
-SENTRIUS_VERSION=1.1.246
-SENTRIUS_SSH_VERSION=1.1.36
-SENTRIUS_KEYCLOAK_VERSION=1.1.48
-SENTRIUS_AGENT_VERSION=1.1.35
-SENTRIUS_AI_AGENT_VERSION=1.1.124
-LLMPROXY_VERSION=1.0.49
-LAUNCHER_VERSION=1.0.62
-AGENTPROXY_VERSION=1.0.69
\ No newline at end of file
+SENTRIUS_VERSION=1.1.261
+SENTRIUS_SSH_VERSION=1.1.40
+SENTRIUS_KEYCLOAK_VERSION=1.1.52
+SENTRIUS_AGENT_VERSION=1.1.39
+SENTRIUS_AI_AGENT_VERSION=1.1.148
+LLMPROXY_VERSION=1.0.53
+LAUNCHER_VERSION=1.0.73
+AGENTPROXY_VERSION=1.0.74
\ No newline at end of file
diff --git a/.local.env.bak b/.local.env.bak
index d6e5e1f1..d82cabb4 100644
--- a/.local.env.bak
+++ b/.local.env.bak
@@ -1,8 +1,8 @@
-SENTRIUS_VERSION=1.1.246
-SENTRIUS_SSH_VERSION=1.1.36
-SENTRIUS_KEYCLOAK_VERSION=1.1.48
-SENTRIUS_AGENT_VERSION=1.1.35
-SENTRIUS_AI_AGENT_VERSION=1.1.124
-LLMPROXY_VERSION=1.0.49
-LAUNCHER_VERSION=1.0.62
-AGENTPROXY_VERSION=1.0.69
\ No newline at end of file
+SENTRIUS_VERSION=1.1.261
+SENTRIUS_SSH_VERSION=1.1.40
+SENTRIUS_KEYCLOAK_VERSION=1.1.52
+SENTRIUS_AGENT_VERSION=1.1.39
+SENTRIUS_AI_AGENT_VERSION=1.1.148
+LLMPROXY_VERSION=1.0.53
+LAUNCHER_VERSION=1.0.73
+AGENTPROXY_VERSION=1.0.74
\ No newline at end of file
diff --git a/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java b/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
index 85050124..da128093 100644
--- a/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
+++ b/agent-launcher/src/main/java/io/sentrius/agent/launcher/service/PodLauncherService.java
@@ -13,6 +13,7 @@
 import org.springframework.stereotype.Service;
 
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.regex.Matcher;
@@ -167,25 +168,37 @@ public V1Pod launchAgentPod(AgentRegistrationDTO agent) throws Exception {
                 myAgentRegistry += "/";
             }
         }
-        String agentId = agent.getAgentName();
+        String agentId = agent.getAgentName().toLowerCase();
         String callbackUrl = agent.getAgentCallbackUrl();
         String agentType = agent.getAgentType();
-        String agentFile= "chat-helper.yaml";
-        // TODO This should be pluggable
-        switch(agentType){
-            case "chat":
-                agentFile = "chat-helper.yaml";
-                break;
-            case "atpl-helper":
-                agentFile = "chat-atpl-helper.yaml";
-                break;
-            case "default":
-            default:
-                agentFile = "chat-helper.yaml";
-        }
 
         var constructedCallbackUrl = buildAgentCallbackUrl(agentId);
 
+
+        List<String> argList = new ArrayList<>();
+        argList.add("--spring.config.location=file:/config/agent.properties");
+        argList.add("--agent.namePrefix=" + agentId);
+        argList.add("--agent.listen.websocket=true");
+        argList.add("--agent.callback.url=" + constructedCallbackUrl);
+        if (agent.getAgentContextId() != null && !agent.getAgentContextId().isEmpty()) {
+            argList.add("--agent.ai.context.db.id=" + agent.getAgentContextId());
+        }else {
+            String agentFile= "chat-helper.yaml";
+            switch(agentType){
+                case "chat":
+                    agentFile = "chat-helper.yaml";
+                    break;
+                case "atpl-helper":
+                    agentFile = "chat-atpl-helper.yaml";
+                    break;
+                case "default":
+                default:
+                    agentFile = "chat-helper.yaml";
+            }
+            argList.add("--agent.ai.config=/config/" + agentFile);
+        }
+
+
         String image = String.format("%ssentrius-launchable-agent:%s", myAgentRegistry, agentVersion);
 
         log.info("Launching agent pod with ID: {}, Image: {}, Callback URL: {}", agentId, image, callbackUrl);
@@ -199,11 +212,7 @@ public V1Pod launchAgentPod(AgentRegistrationDTO agent) throws Exception {
                     .image(image)
                     .imagePullPolicy("IfNotPresent")
 
-                    .args(List.of("--spring.config.location=file:/config/agent.properties",
-                        "--agent.namePrefix=" + agentId, "--agent.ai.config=/config/" + agentFile, "--agent.listen" +
-                            ".websocket=true",
-                        "--agent.callback.url=" + constructedCallbackUrl
-                        ))
+                    .args(argList)
                     .resources(new V1ResourceRequirements()
                         .limits(Map.of(
                             "cpu", Quantity.fromString("1000m"),
diff --git a/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java b/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java
index c801c5a7..109128a2 100644
--- a/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java
+++ b/agent-proxy/src/main/java/io/sentrius/sso/config/AgentWebSocketProxyHandler.java
@@ -65,7 +65,7 @@ public Mono<Void> handle(WebSocketSession clientSession) {
             log.info("Handling WebSocket connection for host: {}, sessionId: {}, chatGroupId: {}, ztat: {}",
                 agentHost, sessionId, chatGroupId, ztat);
 
-            URI agentUri = agentLocator.resolveWebSocketUri(agentHost, sessionId, chatGroupId, ztat);
+            URI agentUri = agentLocator.resolveWebSocketUri(agentHost.toLowerCase(), sessionId, chatGroupId, ztat);
 
             log.info("Resolved agent URI: {}", agentUri);
 
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java
index 1f2e56ee..d4ea3a81 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/interpreters/ObjectNodeInterpreter.java
@@ -2,6 +2,7 @@
 
 import java.util.HashMap;
 import java.util.Map;
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import io.sentrius.sso.core.model.verbs.InputInterpreterIfc;
 import io.sentrius.sso.core.model.verbs.OutputInterpreterIfc;
@@ -13,14 +14,20 @@
 public class ObjectNodeInterpreter implements InputInterpreterIfc<ObjectNode>, OutputInterpreterIfc {
     @Override
     public ObjectNode interpret(Map<String, Object> input) throws Exception {
+        Object raw = input.containsKey("arg1") ? input.get("arg1") : input;
 
-        Object arg1Value = input.get("arg1");
-        if (arg1Value == null) {
-            throw new IllegalArgumentException("Missing 'arg1' field in arguments map.");
+        JsonNode node = JsonUtil.MAPPER.valueToTree(raw);
+
+        if (node == null || node.isNull()) {
+            throw new IllegalArgumentException("Input is null or could not be converted to ObjectNode");
+        }
+
+        if (!node.isObject()) {
+            throw new IllegalArgumentException("Expected ObjectNode, got: " + node.getNodeType());
         }
 
-        // Convert the value under "arg1" to an ObjectNode
-        return JsonUtil.MAPPER.valueToTree(arg1Value);
+        return (ObjectNode) node;
+
     }
 
     @Override
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
index 7f9e6b6f..6d3e2752 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java
@@ -24,16 +24,12 @@
 import io.sentrius.agent.analysis.agents.agents.AgentConfig;
 import io.sentrius.agent.analysis.agents.agents.PromptBuilder;
 import io.sentrius.agent.analysis.agents.agents.VerbRegistry;
-import io.sentrius.agent.analysis.agents.interpreters.AgentContextInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.AsessmentListInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.ObjectListInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.ObjectNodeInterpreter;
-import io.sentrius.agent.analysis.agents.interpreters.StringInterpreter;
 import io.sentrius.agent.analysis.agents.interpreters.ZtatOutputInterpreter;
 import io.sentrius.agent.analysis.model.AssessedTerminal;
 import io.sentrius.agent.analysis.model.Assessment;
-import io.sentrius.agent.analysis.model.TerminalResponse;
-import io.sentrius.agent.analysis.model.WebSocky;
 import io.sentrius.agent.analysis.model.ZtatAsessment;
 import io.sentrius.agent.analysis.model.ZtatResponse;
 import io.sentrius.sso.core.dto.AgentCommunicationDTO;
@@ -45,7 +41,6 @@
 import io.sentrius.sso.core.dto.ztat.AtatRequest;
 import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
-import io.sentrius.sso.core.model.verbs.DefaultInterpreter;
 import io.sentrius.sso.core.model.verbs.Verb;
 import io.sentrius.sso.core.services.agents.AgentClientService;
 import io.sentrius.sso.core.services.agents.LLMService;
@@ -54,7 +49,6 @@
 import io.sentrius.sso.genai.Message;
 import io.sentrius.sso.genai.Response;
 import io.sentrius.sso.genai.model.LLMRequest;
-import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -66,16 +60,14 @@
  */
 @Service
 @Slf4j
-public class AgentVerbs {
+public class AgentVerbs extends VerbBase {
 
     final ZeroTrustClientService zeroTrustClientService;
     final LLMService llmService;
     final VerbRegistry verbRegistry;
-    final AgentClientService agentClientService;
 
 
-    @Value("${agent.ai.config}")
-    private String agentConfigFile;
+
 
     final ObjectMapper mapper = new ObjectMapper(new YAMLFactory()); // Jackson ObjectMapper for YAML parsing
 
@@ -88,14 +80,14 @@ public class AgentVerbs {
      * @throws JsonProcessingException If there is an error processing JSON during initialization.
      */
     public AgentVerbs( @Value("${agent.ai.config}") String agentConfigFile,
+                       @Value("${agent.ai.context.db.id:none}") String agentDatabaseContext,
                        ZeroTrustClientService zeroTrustClientService, LLMService llmService, VerbRegistry verbRegistry,
                       AgentClientService agentService
     ) throws JsonProcessingException {
+        super(agentConfigFile, agentDatabaseContext, agentService);
         this.zeroTrustClientService = zeroTrustClientService;
         this.llmService = llmService;
         this.verbRegistry = verbRegistry;
-        this.agentClientService = agentService;
-        this.agentConfigFile = agentConfigFile;
 
         log.info("Loading agent config from {}", agentConfigFile);
     }
@@ -112,11 +104,8 @@ public AgentVerbs( @Value("${agent.ai.config}") String agentConfigFile,
         isAiCallable = false, requiresTokenManagement = true)
     public ArrayNode promptAgent(AgentExecution execution, Map<String, Object> args) throws ZtatException,
         IOException {
-        InputStream is = getClass().getClassLoader().getResourceAsStream(agentConfigFile);
-        if (is == null) {
-            throw new RuntimeException(agentConfigFile +  " not found on classpath");
-        }
-        AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+
+        AgentConfig config = getAgentConfig(execution);
 
         log.info("Agent config loaded: {}", config);
         PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
@@ -125,7 +114,7 @@ public ArrayNode promptAgent(AgentExecution execution, Map<String, Object> args)
 
         messages.add(Message.builder().role("system").content(prompt).build());
 
-        LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+        LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
         var resp = llmService.askQuestion(execution, chatRequest);
         execution.addMessages( messages );
         Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
@@ -232,7 +221,7 @@ public String justifyAgent(AgentExecution execution, ZtatRequestDTO ztatRequest,
                     messages.add(Message.builder().role("system").content("please respond in the following json " +
                         "format: " + respondZtat).build());
 
-                    LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+                    LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
                     execution.addMessages( messages );
                     var resp = llmService.askQuestion(execution, chatRequest);
                     Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
@@ -290,11 +279,7 @@ public String justifyAgent(AgentExecution execution, ZtatRequestDTO ztatRequest,
         inputInterpreter =
         ObjectListInterpreter.class, requiresTokenManagement = true)
     public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objectList) throws ZtatException, IOException {
-        InputStream is = getClass().getClassLoader().getResourceAsStream(agentConfigFile);
-        if (is == null) {
-            throw new RuntimeException(agentConfigFile + " not found on classpath");
-        }
-        AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+        AgentConfig config = getAgentConfig(execution);
 
         log.info("Agent config loaded: {}", config);
 
@@ -311,7 +296,7 @@ public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objec
 
 
 
-                LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+                LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
 
                 var resp = llmService.askQuestion(execution, chatRequest);
                 Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
@@ -346,7 +331,7 @@ public List<AssessedTerminal> assessData(AgentExecution execution, List<?> objec
             execution.addMessages(assistantMessage);
 
 
-            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
             execution.addMessages(messages);
             var resp = llmService.askQuestion(execution, chatRequest);
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
@@ -431,11 +416,6 @@ public List<ZtatAsessment> analyzeAtatRequests(AgentExecution execution, List<At
         throws ZtatException,
         IOException, TimeoutException {
         // set up context
-        InputStream is = getClass().getClassLoader().getResourceAsStream(agentConfigFile);
-        if (is == null) {
-            throw new RuntimeException("assessor-config.yaml not found on classpath");
-
-        }
 
         InputStream assessZtatStream = getClass().getClassLoader().getResourceAsStream("assess-ztat.json");
         if (assessZtatStream == null) {
@@ -444,7 +424,7 @@ public List<ZtatAsessment> analyzeAtatRequests(AgentExecution execution, List<At
         }
         String assessZtat = new String(assessZtatStream.readAllBytes());
 
-        AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+        AgentConfig config = getAgentConfig(execution);
         log.info("Agent config loaded: {}", config);
         List<ZtatAsessment> responses = new ArrayList<>();
         log.info("Size of requests {}", requests.size());
@@ -466,7 +446,7 @@ public List<ZtatAsessment> analyzeAtatRequests(AgentExecution execution, List<At
 
             log.info("Messages is {}", messages);
 
-            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
+            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini-mini").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
             log.info("Assess Response is {}", resp);
@@ -530,7 +510,7 @@ public List<ZtatAsessment> analyzeAtatRequests(AgentExecution execution, List<At
 
                         log.info("Messages is {}", messages);
 
-                        chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
+                        chatRequest = LLMRequest.builder().model("gpt-4o-mini-mini").messages(messages).build();
                         resp = llmService.askQuestion(execution, chatRequest);
                         response = JsonUtil.MAPPER.readValue(resp, Response.class);
                         if (response.getChoices().isEmpty()) {
@@ -644,7 +624,7 @@ public ObjectNode getEndpointsLike(AgentExecution execution, ObjectNode queryInp
         List<Message> messages = new ArrayList<>();
         messages.add( listedEndpoints);
         execution.addMessages(Message.builder().role("user").content(queryInput.toString()).build());
-        LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+        LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
         var resp = llmService.askQuestion(execution, chatRequest);
 
         Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
index 0e6034b2..05b94469 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AtplVerbs.java
@@ -10,11 +10,13 @@
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.model.verbs.DefaultInterpreter;
 import io.sentrius.sso.core.model.verbs.Verb;
+import io.sentrius.sso.core.services.agents.AgentClientService;
 import io.sentrius.sso.core.services.agents.LLMService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.core.trust.ATPLPolicy;
 import io.sentrius.sso.core.utils.JsonUtil;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 /**
@@ -23,7 +25,7 @@
  */
 @Slf4j
 @Service
-public class AtplVerbs {
+public class AtplVerbs extends VerbBase {
 
     final ZeroTrustClientService zeroTrustClientService;
     final LLMService llmService;
@@ -35,7 +37,11 @@ public class AtplVerbs {
      * @param zeroTrustClientService The service for interacting with Zero Trust APIs.
      * @param llmService The service for interacting with the LLM (Large Language Model).
      */
-    public AtplVerbs(ZeroTrustClientService zeroTrustClientService, LLMService llmService, AgentVerbs agentVerbs) {
+    public AtplVerbs(@Value("${agent.ai.config}") String agentConfigFile,
+                     @Value("${agent.ai.context.db.id:none}") String agentDatabaseContext,
+                     ZeroTrustClientService zeroTrustClientService, LLMService llmService, AgentVerbs agentVerbs,
+                     AgentClientService agentClientService) {
+        super(agentConfigFile, agentDatabaseContext, agentClientService);
         this.zeroTrustClientService = zeroTrustClientService;
         this.llmService = llmService;
         this.agentVerbs = agentVerbs;
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
index c4890c6e..f0c01d2d 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/ChatVerbs.java
@@ -41,21 +41,30 @@
 
 @Service
 @Slf4j
-@RequiredArgsConstructor
-public class ChatVerbs {
 
-    private final AgentExecutionService agentExecutionService;
-    @Value("${agent.ai.config}")
-    private String agentConfigFile;
+public class ChatVerbs extends VerbBase{
 
-    @Value("${agent.ai.context.db.id:none}")
-    private String agentDatabaseContext;
+    private final AgentExecutionService agentExecutionService;
 
     final ZeroTrustClientService zeroTrustClientService;
     final LLMService llmService;
     final VerbRegistry verbRegistry;
     final AgentClientService agentClientService;
 
+    protected ChatVerbs(@Value("${agent.ai.config}") String agentConfigFile,
+                        @Value("${agent.ai.context.db.id:none}") String agentDatabaseContext,
+                        AgentClientService agentClientService, AgentExecutionService agentExecutionService,
+                        ZeroTrustClientService zeroTrustClientService, LLMService llmService, VerbRegistry verbRegistry,
+                        AgentClientService agentClientService1
+    ) {
+        super(agentConfigFile, agentDatabaseContext, agentClientService);
+        this.agentExecutionService = agentExecutionService;
+        this.zeroTrustClientService = zeroTrustClientService;
+        this.llmService = llmService;
+        this.verbRegistry = verbRegistry;
+        this.agentClientService = agentClientService1;
+    }
+
     /**
      * Prompts the agent for workload based on the provided arguments.
      *
@@ -79,23 +88,10 @@ public TerminalResponse interpretUserData(
                 throw new RuntimeException("assessor-config.yaml not found on classpath");
 
             }
-            AgentConfig config = null;
+
             String terminalResponse = new String(terminalHelperStream.readAllBytes());
-            InputStream is = getStream(agentConfigFile);
-            if (is == null) {
-                throw new RuntimeException(agentConfigFile + " not found on classpath");
-            }
-            if (agentDatabaseContext != null && !agentDatabaseContext.equals("none")) {
-                AgentContextDTO agentContext = agentClientService.getAgentContext(execution,
-                    agentDatabaseContext);
-               config = AgentConfig.builder().description(agentContext.getDescription())
-                    .context(agentContext.getContext()).build();
-                log.info("Agent context loaded: {}", agentContext);
-            }else {
-
-                config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
-            }
 
+            AgentConfig config = getAgentConfig(execution);
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
             var prompt = promptBuilder.buildPrompt(false
@@ -117,9 +113,9 @@ public TerminalResponse interpretUserData(
                 "sessions, using " +
                 "terminal output if needed " +
                 "for clarity of the next LLM request and for the user. Ensure your all future responses meets this " +
-                "json format: " + terminalResponse).build());
+                "json format (TerminalResponse format): " + terminalResponse).build());
             messages.add(Message.builder().role("user").content(userMessage.getContent()).build());
-            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
             execution.addMessages( messages );
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
@@ -152,18 +148,15 @@ public TerminalResponse interpretUserData(
 
             }
             String terminalResponse = new String(terminalHelperStream.readAllBytes());
-            InputStream is = getStream(agentConfigFile);
-            if (is == null) {
-                throw new RuntimeException(agentConfigFile +  " not found on classpath");
-            }
-            AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+
+            AgentConfig config = getAgentConfig(execution);
 
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
             var prompt = promptBuilder.buildPrompt(false);
             List<Message> messages = new ArrayList<>();
-            var context = Message.builder().role("system").content(prompt).build();
-            messages.add(context);
+            //var context = Message.builder().role("system").content(prompt).build();
+            //messages.add(context);
 
             /*
             var listedEndpoints = Message.builder().role("system").content("These are a list of available endpoints, " +
@@ -188,7 +181,7 @@ public TerminalResponse interpretUserData(
             execution.addMessages( userMessage );
             messages.add(Message.builder().role("user").content(userMessage.getContent()).build());
 
-            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
 
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
@@ -289,11 +282,8 @@ public TerminalResponse interpret_plan_response(
 
             }
             String terminalResponse = new String(terminalHelperStream.readAllBytes());
-            InputStream is = getStream(agentConfigFile);
-            if (is == null) {
-                throw new RuntimeException(agentConfigFile +  " not found on classpath");
-            }
-            AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+
+            AgentConfig config = getAgentConfig(execution);
 
             log.info("Agent config loaded: {}", config);
             PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
@@ -301,30 +291,35 @@ public TerminalResponse interpret_plan_response(
             List<Message> messages = new ArrayList<>();
 
             if (execution.getMessages().isEmpty()) {
+                log.info("*** Adding Prompt");
                 var context = Message.builder().role("system").content(prompt).build();
                 messages.add(context);
 
 
 
+                messages.add(Message.builder().role("system").content("You have executed verbs for the previous user " +
+                    "messages. Please generate a user response that summarizes the last message. Keep all responses in " +
+                    "TerminalResponse format" +
+                    ".").build());
             }
 
-            messages.add(Message.builder().role("system").content("You have executed verbs for the previous user " +
-                "messages. Please generate a user response that summarizes the last message.").build());
+
             if (null != agentVerb) {
                 messages.add(
                     Message.builder().role("system").content("You have executed verb: " + agentVerb.getName() +
                         " with the following description: " + agentVerb.getDescription()).build());
             }
 
-            var history = getContextWindow(execution.getMessages(), 1024*96 );
-            messages.addAll(history);
+
             //messages.add(Message.builder().role("assistant").content("prior response: " + lastMessage
         // .getTerminalSummaryForLLM()).build());
             messages.add(Message.builder().role("assistant").content(planExecutionOutput).build());
 
-            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o").messages(messages).build();
+            LLMRequest chatRequest = LLMRequest.builder().model("gpt-4o-mini").messages(messages).build();
             var resp = llmService.askQuestion(execution, chatRequest);
             execution.addMessages( messages );
+            var history = getContextWindow(execution.getMessages(), 1024*96 );
+            messages.addAll(history);
             Response response = JsonUtil.MAPPER.readValue(resp, Response.class);
             log.info("Response is {}", resp);
             for (Response.Choice choice : response.getChoices()) {
@@ -336,23 +331,21 @@ public TerminalResponse interpret_plan_response(
                 }
                 log.info("content is {}", content);
                 if (null != content && !content.isEmpty()) {
-                    var newResponse =   JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(content,
-                        TerminalResponse.class);
-                    return newResponse;
+                    try {
+                        var newResponse = JsonUtil.MAPPER.enable(JsonParser.Feature.ALLOW_COMMENTS).readValue(
+                            content,
+                            TerminalResponse.class
+                        );
+                        return newResponse;
+                    } catch (Exception e){
+                        return TerminalResponse.builder().responseForUser(content).build();
+                    }
+
                 }
             }
         return null;
     }
 
-    private InputStream getStream(String requestedPath) throws IOException {
-        Path path = Paths.get(requestedPath); // 🔁 Replace with your actual path
 
-        if (!Files.exists(path)) {
-            throw new RuntimeException("File not found at path: " + path.toAbsolutePath());
-        }
-
-        return Files.newInputStream(path);
-
-    }
 
 }
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/VerbBase.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/VerbBase.java
new file mode 100644
index 00000000..77dda611
--- /dev/null
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/VerbBase.java
@@ -0,0 +1,67 @@
+package io.sentrius.agent.analysis.agents.verbs;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import io.sentrius.agent.analysis.agents.agents.AgentConfig;
+import io.sentrius.sso.core.dto.agents.AgentContextDTO;
+import io.sentrius.sso.core.dto.ztat.AgentExecution;
+import io.sentrius.sso.core.exceptions.ZtatException;
+import io.sentrius.sso.core.services.agents.AgentClientService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+
+@Slf4j
+public abstract class VerbBase {
+    @Value("${agent.ai.config}")
+    protected String agentConfigFile;
+
+    @Value("${agent.ai.context.db.id:none}")
+    protected String agentDatabaseContext;
+
+
+    protected final AgentClientService agentClientService;
+
+    protected VerbBase(@Value("${agent.ai.config}") String agentConfigFile,
+                       @Value("${agent.ai.context.db.id:none}") String agentDatabaseContext,
+                       AgentClientService agentClientService) {
+        this.agentClientService = agentClientService;
+        this.agentConfigFile = agentConfigFile;
+        this.agentDatabaseContext = agentDatabaseContext;
+    }
+
+    protected AgentConfig getAgentConfig(AgentExecution execution) throws IOException, ZtatException {
+        AgentConfig config = null;
+        if (agentDatabaseContext != null && !agentDatabaseContext.equals("none")) {
+            AgentContextDTO agentContext = agentClientService.getAgentContext(execution,
+                agentDatabaseContext);
+            config = AgentConfig.builder().description(agentContext.getDescription())
+                .context(agentContext.getContext()).build();
+            log.info("Agent context loaded: {}", agentContext);
+        }else {
+
+            InputStream is = getStream(agentConfigFile);
+            if (is == null) {
+                throw new RuntimeException(agentConfigFile + " not found on classpath");
+            }
+
+            config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+        }
+        return config;
+    }
+
+    private InputStream getStream(String requestedPath) throws IOException {
+        Path path = Paths.get(requestedPath); // 🔁 Replace with your actual path
+
+        if (!Files.exists(path)) {
+            throw new RuntimeException("File not found at path: " + path.toAbsolutePath());
+        }
+
+        return Files.newInputStream(path);
+
+    }
+}
diff --git a/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java b/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java
index d2d4318f..ad28049f 100644
--- a/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java
+++ b/ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java
@@ -205,41 +205,55 @@ protected void handleTextMessage(WebSocketSession session, TextMessage message)
                                 verbRegistry.isVerbRegistered(response.getNextOperation()))
                             {
                                 try {
+
+                                    TerminalResponse nextResponse = null;
+
                                     var lastVerbResponse =
-                                        websocketCommunication.getVerbResponses().stream().reduce((prev, next) -> next)
+                                        websocketCommunication.getVerbResponses().stream()
+                                            .reduce((prev, next) -> next)
                                             .orElse(null);
-                                    var arguments = response.getArguments();
-                                    var executionResponse = verbRegistry.execute(
-                                        chatAgent.getAgentExecution(),
-                                        lastVerbResponse,
-                                        response.getNextOperation(), arguments
-                                    );
-
-                                    var nextResponse = chatVerbs.interpret_plan_response(
-                                        chatAgent.getAgentExecution(), websocketCommunication,
-                                        verbRegistry.getVerbs().get(response.getNextOperation()),
-                                        executionResponse.getResponse().toString()
-                                    );
-
-                                    websocky.get().getMessages().add(nextResponse);
-
-                                    websocketCommunication.getVerbResponses().add(executionResponse);
-
-                                    var newNextMessage = Session.ChatMessage.newBuilder()
-                                        .setMessage(String.format(
-                                            "{\"type\":\"user-message\",\"message\":\"%s\"}",
-                                            nextResponse.getResponseForUser()
-                                        ))
-                                        .setSender("agent")
-                                        .setChatGroupId("")
-                                        .setSessionId(Long.parseLong(websocketCommunication.getSessionId()))
-                                        .setTimestamp(System.currentTimeMillis())
-                                        .build();
-                                    messageBytes = newNextMessage.toByteArray();
-                                    base64Message = Base64.getEncoder().encodeToString(messageBytes);
-                                    session.sendMessage(new TextMessage(
-                                        base64Message
-                                    ));
+                                    do {
+
+                                        var arguments = response.getArguments();
+                                        var executionResponse = verbRegistry.execute(
+                                            chatAgent.getAgentExecution(),
+                                            lastVerbResponse,
+                                            response.getNextOperation(), arguments
+                                        );
+
+//                                        chatAgent.getAgentExecution().addMessages(Message.builder().role("System")
+//                                        .content("System executed operation: " + response.getNextOperation()).build());
+
+                                        nextResponse = chatVerbs.interpret_plan_response(
+                                            chatAgent.getAgentExecution(), websocketCommunication,
+                                            verbRegistry.getVerbs().get(response.getNextOperation()),
+                                            executionResponse.getResponse().toString()
+                                        );
+
+                                        websocky.get().getMessages().add(nextResponse);
+
+                                        websocketCommunication.getVerbResponses().add(executionResponse);
+
+                                        var newNextMessage = Session.ChatMessage.newBuilder()
+                                            .setMessage(
+                                                nextResponse.getResponseForUser()
+                                            )
+                                            .setSender("agent")
+                                            .setChatGroupId("")
+                                            .setSessionId(Long.parseLong(websocketCommunication.getSessionId()))
+                                            .setTimestamp(System.currentTimeMillis())
+                                            .build();
+                                        messageBytes = newNextMessage.toByteArray();
+                                        base64Message = Base64.getEncoder().encodeToString(messageBytes);
+                                        session.sendMessage(new TextMessage(
+                                            base64Message
+                                        ));
+                                        log.info("Next response: {}", nextResponse.getResponseForUser());
+                                        log.info("Next getNextOperation: {}", nextResponse.getNextOperation());
+                                        log.info("Next getArguments: {}", nextResponse.getArguments());
+                                        lastVerbResponse = executionResponse;
+                                        response = nextResponse;
+                                    }while (nextResponse.getNextOperation() != null && !nextResponse.getNextOperation().isEmpty());
                                 }catch (Exception e){
                                     e.printStackTrace();
                                     log.error("Error executing next operation: {}", e.getMessage());
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java
index ab573e2d..21551a15 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java
@@ -308,6 +308,10 @@ public ResponseEntity<?> listAgents(HttpServletRequest request, HttpServletRespo
 
         List<AgentDTO> prunedAgentList = agents.stream().filter(agent -> {
                 try {
+                    if (null == agent.getAgentName() || agent.getAgentName().isEmpty()) {
+                        log.info("Agent {} has no name, removing from list", agent.getAgentId());
+                        return false;
+                    }
                     String podResponse =
                         agentClientService.getAgentPodStatus(appConfig.getSentriusLauncherService(), agent.getAgentName());
                     if (podResponse != null && (podResponse.equalsIgnoreCase("running") || podResponse.equalsIgnoreCase("pending"))){
@@ -808,7 +812,7 @@ public ResponseEntity<AgentContextDTO> getContext(
     public ResponseEntity<AgentContextDTO> createContext(
         HttpServletRequest request,
         HttpServletResponse response,
-        AgentContextRequestDTO dtoRequest){
+        @RequestBody AgentContextRequestDTO dtoRequest){
         var databaseContext = agentContextService.create(dtoRequest);
         return ResponseEntity.ok(AgentContextDTO.builder()
             .id(databaseContext.getId())
diff --git a/api/src/main/resources/db/migration/V18_agent_launch.sql b/api/src/main/resources/db/migration/V18__agent_launch.sql
similarity index 100%
rename from api/src/main/resources/db/migration/V18_agent_launch.sql
rename to api/src/main/resources/db/migration/V18__agent_launch.sql
diff --git a/api/src/main/resources/templates/sso/agents/design_chat.html b/api/src/main/resources/templates/sso/agents/design_chat.html
index 789b180b..87e5fc0d 100644
--- a/api/src/main/resources/templates/sso/agents/design_chat.html
+++ b/api/src/main/resources/templates/sso/agents/design_chat.html
@@ -302,7 +302,7 @@
             
             <div class="chat-container">
                 <div class="chat-header">
-                    <h2><i class="fas fa-robot"></i> Agent Designer Assistant</h2>
+                    <h2><i class="fas fa-robot"></i> Agent Designer</h2>
                     <p>Let me help you create an agent</p>
                 </div>
                 
@@ -314,21 +314,6 @@ <h2><i class="fas fa-robot"></i> Agent Designer Assistant</h2>
                 </div>
                 
                 <div class="chat-input-container" id="chat-container">
-                    <div class="quick-actions">
-                        <button class="quick-action" onclick="sendQuickMessage('I want to create a new ATPL policy')">
-                            <i class="fas fa-plus"></i> New Policy
-                        </button>
-                        <button class="quick-action" onclick="sendQuickMessage('What endpoints does my agent need?')">
-                            <i class="fas fa-link"></i> Endpoints
-                        </button>
-                        <button class="quick-action" onclick="sendQuickMessage('What commands should I allow?')">
-                            <i class="fas fa-terminal"></i> Commands
-                        </button>
-                        <button class="quick-action" onclick="sendQuickMessage('Show me existing policies')">
-                            <i class="fas fa-list"></i> Existing Policies
-                        </button>
-                    </div>
-                    
                     <div class="d-flex w-100 gap-2">
                         <input type="text" class="chat-input" id="chat-input"
                                placeholder="Describe what your agent needs to do..." 
@@ -345,9 +330,6 @@ <h2><i class="fas fa-robot"></i> Agent Designer Assistant</h2>
             </div>
             
             <div class="action-buttons mt-3 text-center">
-                <button class="btn btn-success" onclick="generatePolicy()">
-                    <i class="fas fa-magic"></i> Generate Policy
-                </button>
                 <button class="btn btn-secondary" onclick="clearChat()">
                     <i class="fas fa-trash"></i> Clear Chat
                 </button>
@@ -368,7 +350,7 @@ <h2><i class="fas fa-robot"></i> Agent Designer Assistant</h2>
         async function waitForAgent(matchFn, options = {}) {
             const {
                 interval = 2000,  // 2 seconds between retries
-                timeout = 20000   // give up after 20 seconds
+                timeout = 60000   // give up after 20 seconds
             } = options;
 
             const start = Date.now();
@@ -381,7 +363,7 @@ <h2><i class="fas fa-robot"></i> Agent Designer Assistant</h2>
                     return found;
                 }
 
-                $("#alertTopError").text("Agent not available yet").show().delay(3000).fadeOut();
+                $("#alertTopError").text("Agent not available yet").show().delay(10000).fadeOut();
                 await new Promise(resolve => setTimeout(resolve, interval));
             }
 
diff --git a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
index c94da864..0f6344ca 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
@@ -7,6 +7,7 @@
 import java.util.concurrent.TimeoutException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.collect.Maps;
 import io.sentrius.sso.core.dto.AgentCommunicationDTO;
 import io.sentrius.sso.core.dto.AgentHeartbeatDTO;
@@ -20,7 +21,6 @@
 import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
 import io.sentrius.sso.core.services.security.KeycloakService;
-import io.sentrius.sso.core.trust.AgentContext;
 import io.sentrius.sso.core.utils.JsonUtil;
 import io.sentrius.sso.provenance.ProvenanceEvent;
 import lombok.extern.slf4j.Slf4j;
@@ -248,9 +248,10 @@ public String getAgentPodStatus(String launcherService, String agentId) throws Z
     public AgentContextDTO getAgentContext(TokenDTO token, String agentContextId) throws ZtatException,
         JsonProcessingException {
         String url = "/api/v1/agent/context/" + agentContextId;
-        String response = zeroTrustClientService.callGetOnApi(token, url);
+        var response = zeroTrustClientService.callGetOnApi(token, url);
         if (response != null) {
-            return JsonUtil.MAPPER.readValue(response, AgentContextDTO.class);
+            AgentContextDTO context = JsonUtil.MAPPER.convertValue(response, AgentContextDTO.class);
+            return context;
         }
         return null;
     }
@@ -269,7 +270,7 @@ public String createAgent(AgentExecution execution, AgentRegistrationDTO registr
         throws ZtatException, JsonProcessingException {
         String ask = "/agent/bootstrap/launcher/create";
 
-        var acommResponse = zeroTrustClientService.callPostOnApi(ask, registrationDTO);
+        var acommResponse = zeroTrustClientService.callPostOnApi(execution, ask, registrationDTO);
         return acommResponse;
     }
 
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java
index a100173d..eb5cb76b 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentContext.java
@@ -10,10 +10,12 @@
 
 import jakarta.persistence.PrePersist;
 import jakarta.persistence.PreUpdate;
+import jakarta.persistence.Table;
 import lombok.Getter;
 import lombok.Setter;
 
 @Entity
+@Table(name = "agent_contexts")
 @Getter
 @Setter
 public class AgentContext {
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java
index c52a011b..d8ba71d2 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/model/agents/AgentLaunch.java
@@ -8,6 +8,7 @@
 
 @Entity
 @Setter
+@Table(name = "agent_launches")
 @Getter
 public class AgentLaunch {
 
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/ATPLPolicyService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/ATPLPolicyService.java
index c262ce10..539f5aea 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/ATPLPolicyService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/ATPLPolicyService.java
@@ -112,7 +112,8 @@ public boolean allowsEndpoint(ATPLPolicy policy, String endpoint) {
         var f =  policy.getCapabilities().getPrimitives().stream()
             .filter(p -> {
                 log.info("Checking if {} contains {} {} ", p.getEndpoints(), endpoint, p.getEndpoints().contains(endpoint));
-                return p.getEndpoints().contains(endpoint);
+                return p.getEndpoints().contains(endpoint) ||
+                    p.getEndpoints().stream().anyMatch(endpoint::startsWith);
             })
             .findFirst();
 
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java
index 37c85f29..c4534f68 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentContextService.java
@@ -5,8 +5,11 @@
 import io.sentrius.sso.core.dto.agents.AgentContextRequestDTO;
 import io.sentrius.sso.core.model.agents.AgentContext;
 import io.sentrius.sso.core.repository.AgentContextRepository;
+import lombok.NonNull;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
+@Slf4j
 @Service
 public class AgentContextService {
 
@@ -16,7 +19,8 @@ public AgentContextService(AgentContextRepository contextRepo) {
         this.contextRepo = contextRepo;
     }
 
-    public AgentContext create(AgentContextRequestDTO dto) {
+    public AgentContext create(@NonNull AgentContextRequestDTO dto) {
+        log.info("Creating AgentContext from {}", dto);
         AgentContext context = new AgentContext();
         context.setName(dto.getName());
         context.setDescription(dto.getDescription());
diff --git a/docker/agent-proxy/Dockerfile b/docker/agent-proxy/Dockerfile
index 8585f2ae..ddecf12f 100644
--- a/docker/agent-proxy/Dockerfile
+++ b/docker/agent-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
@@ -36,4 +36,4 @@ RUN apt-get update && apt-get install -y curl
 
 
 # Command to run the app
-CMD ["java", "-jar", "/app/agentproxy.jar", "--spring.config.location=/config/agentproxy-application.properties"]
+CMD ["java","-XX:+UseContainerSupport", "-jar", "/app/agentproxy.jar", "--spring.config.location=/config/agentproxy-application.properties"]
diff --git a/docker/integrationproxy/Dockerfile b/docker/integrationproxy/Dockerfile
index a74b0745..9f60bf7f 100644
--- a/docker/integrationproxy/Dockerfile
+++ b/docker/integrationproxy/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
@@ -36,4 +36,4 @@ RUN apt-get update && apt-get install -y curl
 
 
 # Command to run the app
-CMD ["java", "-jar", "/app/llmproxy.jar", "--spring.config.location=/config/llmproxy-application.properties"]
+CMD ["java","-XX:+UseContainerSupport", "-jar", "/app/llmproxy.jar", "--spring.config.location=/config/llmproxy-application.properties"]
diff --git a/docker/sentrius-agent/Dockerfile b/docker/sentrius-agent/Dockerfile
index 3d6ce1ac..463177c2 100644
--- a/docker/sentrius-agent/Dockerfile
+++ b/docker/sentrius-agent/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
@@ -34,4 +34,4 @@ RUN apt-get update && apt-get install -y curl
 
 
 # Command to run the app
-CMD ["java", "-jar", "/app/agent.jar", "--spring.config.location=/config/analysis-agent-application.properties"]
+CMD ["java","-XX:+UseContainerSupport", "-jar", "/app/agent.jar", "--spring.config.location=/config/analysis-agent-application.properties"]
diff --git a/docker/sentrius-ai-agent/Dockerfile b/docker/sentrius-ai-agent/Dockerfile
index a0162a53..a16732ac 100644
--- a/docker/sentrius-ai-agent/Dockerfile
+++ b/docker/sentrius-ai-agent/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
diff --git a/docker/sentrius-launchable-agent/Dockerfile b/docker/sentrius-launchable-agent/Dockerfile
index 0eeb7240..596ab416 100644
--- a/docker/sentrius-launchable-agent/Dockerfile
+++ b/docker/sentrius-launchable-agent/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
@@ -33,5 +33,5 @@ RUN apt-get update && apt-get install -y curl
 
 
 # Command to run the app
-ENTRYPOINT ["java", "-jar", "/app/agent.jar"]
+ENTRYPOINT ["java","-XX:+UseContainerSupport", "-jar", "/app/agent.jar"]
 #CMD ["java", "-jar", "/app/agent.jar", "--spring.config.location=/config/ai-agent-application.properties"]
diff --git a/docker/sentrius-launcher-service/Dockerfile b/docker/sentrius-launcher-service/Dockerfile
index c904b798..e1a570f5 100644
--- a/docker/sentrius-launcher-service/Dockerfile
+++ b/docker/sentrius-launcher-service/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
@@ -32,4 +32,4 @@ RUN apt-get update && apt-get install -y curl
 
 
 # Command to run the app
-CMD ["java", "-jar", "/app/launcher.jar", "--spring.config.location=/config/launcher.properties"]
\ No newline at end of file
+ENTRYPOINT ["java","-XX:+UseContainerSupport", "-jar", "/app/launcher.jar", "--spring.config.location=/config/launcher.properties"]
\ No newline at end of file
diff --git a/docker/sentrius/Dockerfile b/docker/sentrius/Dockerfile
index 54e3db34..2e94ae32 100644
--- a/docker/sentrius/Dockerfile
+++ b/docker/sentrius/Dockerfile
@@ -1,5 +1,5 @@
 # Use an OpenJDK image as the base
-FROM openjdk:17-jdk-slim
+FROM eclipse-temurin:17-jdk-jammy
 
 # Declare the argument
 ARG INCLUDE_DEV_CERTS=false
@@ -35,4 +35,4 @@ RUN apt-get update && apt-get install -y curl
 
 
 # Command to run the app
-CMD ["java", "-jar", "/app/sentrius.jar", "--spring.config.location=/config/api-application.properties", "--dynamic.properties.path=/config/dynamic.properties"]
+CMD ["java","-XX:+UseContainerSupport", "-jar", "/app/sentrius.jar", "--spring.config.location=/config/api-application.properties", "--dynamic.properties.path=/config/dynamic.properties"]
diff --git a/ops-scripts/local/deploy-helm.sh b/ops-scripts/local/deploy-helm.sh
index 3a3bb5c7..9fd76c65 100755
--- a/ops-scripts/local/deploy-helm.sh
+++ b/ops-scripts/local/deploy-helm.sh
@@ -129,6 +129,13 @@ fi
 
 }
 
+if ! kubectl get pods -n ingress-nginx 2>/dev/null | grep -q ingress-nginx-controller; then
+    echo "🔧 Enabling ingress controller in Minikube..."
+    minikube addons enable ingress
+else
+    echo "✅ Ingress controller already enabled."
+fi
+
 # Configure TLS settings
 if [[ "$ENABLE_TLS" == "true" ]]; then
     echo "Deploying with TLS enabled..."
@@ -214,6 +221,8 @@ helm upgrade --install sentrius ./sentrius-chart --namespace ${TENANT} \
     --set tenant=${TENANT} \
     --set environment=${ENVIRONMENT} \
     --set subdomain="${SUBDOMAIN}" \
+    --set metrics.enabled=false \
+    --set metrics.class.exclusion="org.springframework.boot.actuate.autoconfigure.metrics.SystemMetricsAutoConfiguration" \
     --set agentproxySubdomain="${APROXY_SUBDOMAIN}" \
     --set keycloakSubdomain="${KEYCLOAK_SUBDOMAIN}" \
     --set keycloakHostname="${KEYCLOAK_HOSTNAME}" \
@@ -264,6 +273,8 @@ helm upgrade --install sentrius-agents ./sentrius-chart-launcher --namespace ${T
     --set integrationproxyFQDN=sentrius-integrationproxy.${TENANT}.svc.cluster.local \
     --set agentproxyFQDN=sentrius-llmproxy.${TENANT}.svc.cluster.local \
     --set subdomain="${SUBDOMAIN}" \
+    --set metrics.enabled=false \
+    --set metrics.class.exclusion="org.springframework.boot.actuate.autoconfigure.metrics.SystemMetricsAutoConfiguration" \
     --set agentproxySubdomain="${APROXY_SUBDOMAIN}" \
     --set agentproxyDomain="${APROXY_DOMAIN}" \
     --set keycloakSubdomain="${KEYCLOAK_SUBDOMAIN}" \
diff --git a/sentrius-chart-launcher/templates/configmap.yaml b/sentrius-chart-launcher/templates/configmap.yaml
index 878b47ac..ae9c230f 100644
--- a/sentrius-chart-launcher/templates/configmap.yaml
+++ b/sentrius-chart-launcher/templates/configmap.yaml
@@ -39,6 +39,7 @@ data:
       responsibilities and
       using the trust policy ID. If you need to define the trust policy system endpoints are available for query.
       You can query status of the agent launch and return it to the user. Validate the agent launch by checking if the agent is running.
+      regex for agent names: [a-z]([-a-z0-9]*[a-z0-9])?
   launcher.properties: |
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=false
diff --git a/sentrius-chart-launcher/values.yaml b/sentrius-chart-launcher/values.yaml
index 71b6fca7..5aeb11ab 100644
--- a/sentrius-chart-launcher/values.yaml
+++ b/sentrius-chart-launcher/values.yaml
@@ -18,10 +18,20 @@ sentriusFQDN: sentrius-sentrius.dev.svc.cluster.local
 integrationproxyFQDN: sentrius-integrationproxy.dev.svc.cluster.local
 agentProxyFQDN: sentrius-agentproxy.dev.svc.cluster.local
 
+
+
 certificates:
   enabled: false  # Disable certs for local; enable for cloud
   issuer: "letsencrypt-prod"  # Change for cloud environments
 
+metrics:
+  enabled: true
+  class:
+    exclusion: ""
+  serviceMonitor:
+    enabled: true
+    interval: "30s"
+    scrapeTimeout: "10s"
 
 # Sentrius configuration
 sentrius:
diff --git a/sentrius-chart/templates/configmap.yaml b/sentrius-chart/templates/configmap.yaml
index 2a7119cc..4f7fe741 100644
--- a/sentrius-chart/templates/configmap.yaml
+++ b/sentrius-chart/templates/configmap.yaml
@@ -25,6 +25,8 @@ data:
     keystore.alias=KEYBOX-ENCRYPTION_KEY
     spring.thymeleaf.enabled=true
     spring.freemarker.enabled=false
+    management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
+    spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
     #flyway configuration
     spring.main.web-application-type=reactive
     spring.flyway.enabled=false
@@ -80,6 +82,8 @@ data:
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=true
     spring.freemarker.enabled=false
+    management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
+    spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
     #flyway configuration
     spring.flyway.enabled=false
     spring.datasource.url=jdbc:postgresql://sentrius-postgres:5432/sentrius
@@ -149,6 +153,8 @@ data:
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=true
     spring.freemarker.enabled=false
+    management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
+    spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
     #flyway configuration
     spring.flyway.enabled=false
     logging.level.org.springframework.web=INFO
@@ -211,6 +217,8 @@ data:
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=true
     spring.freemarker.enabled=false
+    management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
+    spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
     #flyway configuration
     spring.flyway.enabled=true
     spring.datasource.url=jdbc:postgresql://sentrius-postgres:5432/sentrius
@@ -288,6 +296,8 @@ data:
     spring.main.web-application-type=servlet
     spring.thymeleaf.enabled=true
     spring.freemarker.enabled=false
+    management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
+    spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
     #flyway configuration
     spring.flyway.enabled=true
     spring.datasource.url=jdbc:postgresql://sentrius-postgres:5432/sentrius
diff --git a/sentrius-chart/values.yaml b/sentrius-chart/values.yaml
index b61ccadc..ac1d9038 100644
--- a/sentrius-chart/values.yaml
+++ b/sentrius-chart/values.yaml
@@ -15,6 +15,14 @@ launcherFQDN: sentrius-launcher-service.dev.svc.cluster.local
 agentproxySubdomain: "agentproxy.{{ .Values.tenant }}.sentrius.cloud"
 agentproxyDomain: "https://agentproxy.{{ .Values.tenant }}.sentrius.cloud"
 
+metrics:
+  enabled: true
+  class:
+    exclusion: ""
+  serviceMonitor:
+    enabled: true
+    interval: "30s"
+    scrapeTimeout: "10s"
 
 certificates:
   enabled: false  # Disable certs for local; enable for cloud

From c685c85d2b6c7b9f27d85aee5eef485dd5ff0592 Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Thu, 10 Jul 2025 16:29:39 -0400
Subject: [PATCH 8/9] fix tests

---
 .../sentrius/analysis/agents/agents/PromptBuilderTest.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ai-agent/src/test/java/io/sentrius/sentrius/analysis/agents/agents/PromptBuilderTest.java b/ai-agent/src/test/java/io/sentrius/sentrius/analysis/agents/agents/PromptBuilderTest.java
index 2fc5c663..341a6895 100644
--- a/ai-agent/src/test/java/io/sentrius/sentrius/analysis/agents/agents/PromptBuilderTest.java
+++ b/ai-agent/src/test/java/io/sentrius/sentrius/analysis/agents/agents/PromptBuilderTest.java
@@ -51,7 +51,7 @@ void buildPromptIncludesAvailableVerbs() {
 
         String result = promptBuilder.buildPrompt();
 
-        assertTrue(result.contains("Available Verbs:"));
+        assertTrue(result.contains("Verb operations:"));
         assertTrue(result.contains("- verbName ("));
         assertTrue(result.contains("Description of the verb"));
     }
@@ -72,7 +72,7 @@ void buildPromptHandlesNoAvailableVerbs() {
 
         String result = promptBuilder.buildPrompt();
 
-        assertTrue(result.contains("Available Verbs:"));
+        assertTrue(result.contains("Verb operations:"));
         assertFalse(result.contains("- "));
     }
 }
\ No newline at end of file

From 3bb5a993bd61fb4cd69079d58b17cddc63fa82ab Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Mon, 21 Jul 2025 14:11:26 -0400
Subject: [PATCH 9/9] fix codeql concerns

---
 .../launcher/api/AgentLauncherController.java |  3 ++-
 .../api/AgentBootstrapController.java         |  2 --
 .../templates/sso/agents/design_chat.html     |  4 ++--
 .../resources/templates/sso/atpl/chat.html    |  4 ++--
 .../services/agents/AgentClientService.java   | 24 ++++++++++++++++++-
 5 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java b/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
index 67c73712..8d6af2bc 100644
--- a/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
+++ b/agent-launcher/src/main/java/io/sentrius/agent/launcher/api/AgentLauncherController.java
@@ -69,7 +69,8 @@ public ResponseEntity<String> getAgentStatus(@RequestParam(name="agentId") Strin
         try {
             return ResponseEntity.ok(podLauncherService.statusById(agentId) );
         } catch (Exception e) {
-            return ResponseEntity.status(500).body("Status failed: " + e.getMessage());
+            log.error("Status failed", e);
+            return ResponseEntity.status(500).body("Status retrieval failed");
         }
     }
 
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java b/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java
index 147f2ac5..98041cb6 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/AgentBootstrapController.java
@@ -221,8 +221,6 @@ public ResponseEntity<String> getAgentStatus(
         @RequestParam("agentId") String agentId, HttpServletRequest request, HttpServletResponse response
     ) throws GeneralSecurityException, IOException, ZtatException {
 
-
-        var operatingUser = getOperatingUser(request, response );
         String podResponse =
             agentClientService.getAgentPodStatus(appConfig.getSentriusLauncherService(), agentId);
         // bootstrap with a default policy
diff --git a/api/src/main/resources/templates/sso/agents/design_chat.html b/api/src/main/resources/templates/sso/agents/design_chat.html
index 87e5fc0d..af69acc8 100644
--- a/api/src/main/resources/templates/sso/agents/design_chat.html
+++ b/api/src/main/resources/templates/sso/agents/design_chat.html
@@ -343,7 +343,7 @@ <h2><i class="fas fa-robot"></i> Agent Designer</h2>
 
     <script type="module">
         import * as Chat from '/js/chat.js';
-        let sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
+        let sessionId = crypto.randomUUID();
         let conversationHistory = [];
         let availableAgent = null;
         const csrfToken = document.getElementById("csrf-token").value;
@@ -611,7 +611,7 @@ <h2><i class="fas fa-robot"></i> Agent Designer</h2>
                 </div>
             `;
             conversationHistory = [];
-            sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
+            sessionId = crypto.randomUUID();
         }
 
         window.clearChat = clearChat;
diff --git a/api/src/main/resources/templates/sso/atpl/chat.html b/api/src/main/resources/templates/sso/atpl/chat.html
index f9ba1821..20670b65 100644
--- a/api/src/main/resources/templates/sso/atpl/chat.html
+++ b/api/src/main/resources/templates/sso/atpl/chat.html
@@ -361,7 +361,7 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
 
     <script type="module">
         import * as Chat from '/js/chat.js';
-        let sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
+        let sessionId = crypto.randomUUID();
         let conversationHistory = [];
         let availableAgent = null;
         const csrfToken = document.getElementById("csrf-token").value;
@@ -588,7 +588,7 @@ <h2><i class="fas fa-robot"></i> ATPL Configuration Assistant</h2>
                 </div>
             `;
             conversationHistory = [];
-            sessionId = Math.floor(Math.random() * 1e12); // up to 12 digit
+            sessionId = crypto.randomUUID();
         }
 
         window.clearChat = clearChat;
diff --git a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
index 0f6344ca..9d036a8d 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/agents/AgentClientService.java
@@ -240,9 +240,31 @@ public List<EndpointDescriptor> getAvailableVerbs(TokenDTO token) throws ZtatExc
     }
 
     public String getAgentPodStatus(String launcherService, String agentId) throws ZtatException {
-        return zeroTrustClientService.callAuthenticatedGetOnApi(launcherService,
+        var podResponse = zeroTrustClientService.callAuthenticatedGetOnApi(launcherService,
             "agent/launcher" +
                 "/status", Maps.immutableEntry("agentId", List.of(agentId)) );
+        String apiResponse = "Running";
+        switch(podResponse){
+            case "Running":
+                apiResponse = "Running";
+                break;
+            case "Pending":
+                apiResponse = "Pending";
+                break;
+            case "Succeeded":
+                apiResponse = "Succeeded";
+                break;
+            case "Failed":
+                apiResponse = "Failed";
+                break;
+            case "NotFound":
+                apiResponse = "NotFound";
+                break;
+            default:
+                log.error("Unknown pod status response: {}", podResponse);
+                apiResponse = "Unknown";
+        }
+        return apiResponse;
     }
 
     public AgentContextDTO getAgentContext(TokenDTO token, String agentContextId) throws ZtatException,