feat[backend,frontend](incident-response): add shell selection for Windows agents, fix flow agent loading, enforce alert name in triggers, and rename default to dedicated agent

Author: Kbayero

backend/src/main/java/com/park/utmstack/domain/alert_response_rule/UtmAlertResponseRule.java

@@ -64,6 +64,10 @@ public class UtmAlertResponseRule implements Serializable {
     @Column(name = "last_modified_date")
     private Instant lastModifiedDate;
 
+    @Size(max = 20)
+    @Column(name = "rule_shell", length = 20)
+    private String ruleShell;
+
     @Column(name = "system_owner", nullable = false)
     private Boolean systemOwner;
 
@@ -92,6 +96,7 @@ public UtmAlertResponseRule(UtmAlertResponseRuleDTO dto) {
         this.ruleActive = dto.getActive();
         this.agentPlatform = dto.getAgentPlatform();
         this.defaultAgent = dto.getDefaultAgent();
+        this.ruleShell = dto.getShell();
         this.systemOwner = dto.getSystemOwner();
         if (!CollectionUtils.isEmpty(dto.getExcludedAgents()))
             this.excludedAgents = String.join(",", dto.getExcludedAgents());

backend/src/main/java/com/park/utmstack/service/alert_response_rule/UtmAlertResponseRuleService.java

@@ -283,8 +283,9 @@ public void executeRuleCommands() {
                     if (agent.getStatus().equals(AgentStatusEnum.ONLINE)) {
                         String reason = "The incident response automation executed this command because it was accomplished the conditions of the rule with ID: " + cmd.getRuleId();
                         final StringBuilder results = new StringBuilder();
+                        String shell = cmd.getRule() != null ? cmd.getRule().getRuleShell() : null;
                         incidentResponseCommandService.sendCommand(String.valueOf(agent.getId()), utmIncidentVariableService.replaceVariablesInCommand(cmd.getCommand()), "INCIDENT_RESPONSE_AUTOMATION",
-                                cmd.getRuleId().toString(), reason, Constants.SYSTEM_ACCOUNT, new StreamObserver<>() {
+                                cmd.getRuleId().toString(), reason, Constants.SYSTEM_ACCOUNT, shell, new StreamObserver<>() {
                                     @Override
                                     public void onNext(CommandResult commandResult) {
                                         results.append(commandResult.getResult());

backend/src/main/java/com/park/utmstack/service/dto/UtmAlertResponseRuleDTO.java

@@ -46,6 +46,9 @@ public class UtmAlertResponseRuleDTO {
     @Size(max = 500)
     private String defaultAgent;
 
+    @Size(max = 20)
+    private String shell;
+
     private List<String> excludedAgents = new ArrayList<>();
 
     @JsonProperty(access = JsonProperty.Access.READ_ONLY)
@@ -76,6 +79,7 @@ public UtmAlertResponseRuleDTO(UtmAlertResponseRule rule) {
         this.active = rule.getRuleActive();
         this.agentPlatform = rule.getAgentPlatform();
         this.defaultAgent = rule.getDefaultAgent();
+        this.shell = rule.getRuleShell();
         if (StringUtils.hasText(rule.getExcludedAgents())) {
             this.excludedAgents.addAll(Arrays.asList(rule.getExcludedAgents().split(",")));
         }

backend/src/main/java/com/park/utmstack/service/incident_response/grpc_impl/IncidentResponseCommandService.java

@@ -22,18 +22,22 @@ public void sendCommand(String agentId,
                             String originId,
                             String reason,
                             String executedBy,
+                            String shell,
                             StreamObserver<CommandResult> responseObserver) {
-        // Get the stub
-        // Create the UtmCommand with the provided agent key and command
 
-        UtmCommand utmCommand = UtmCommand.newBuilder()
+        UtmCommand.Builder builder = UtmCommand.newBuilder()
             .setAgentId(agentId)
             .setCommand(command)
             .setOriginId(originId)
             .setOriginType(originType)
             .setReason(reason)
-            .setExecutedBy(executedBy)
-            .build();
+            .setExecutedBy(executedBy);
+
+        if (shell != null && !shell.isEmpty()) {
+            builder.setShell(shell);
+        }
+
+        UtmCommand utmCommand = builder.build();
 
         // Send command using the bidirectional stream
         StreamObserver<UtmCommand> requestObserver = nonBlockingStub.processCommand(responseObserver);

backend/src/main/java/com/park/utmstack/web/rest/incident_response/UTMIncidentCommandWebsocket.java

@@ -61,7 +61,7 @@ public void processCommand(@NotNull String command, @DestinationVariable @NotNul
                 String commandVar = utmIncidentVariableService.replaceVariablesInCommand(commandVM.getCommand());
 
                 incidentResponseCommandService.sendCommand(String.valueOf(agentDTO.getId()), commandVar, commandVM.getOriginType(),
-                        commandVM.getOriginId(), commandVM.getReason(), executedBy, new StreamObserver<>() {
+                        commandVM.getOriginId(), commandVM.getReason(), executedBy, commandVM.getShell(), new StreamObserver<>() {
                             @Override
                             public void onNext(CommandResult value) {
                                 String output = utmIncidentVariableService.replaceSecretVariableValuesWithPlaceholders(value.getResult());

backend/src/main/java/com/park/utmstack/web/rest/vm/CommandVM.java

@@ -12,6 +12,8 @@ public class CommandVM {
     @NotBlank
     String reason;
 
+    String shell;
+
     public String getCommand() {
         return command;
     }
@@ -43,4 +45,12 @@ public String getReason() {
     public void setReason(String reason) {
         this.reason = reason;
     }
+
+    public String getShell() {
+        return shell;
+    }
+
+    public void setShell(String shell) {
+        this.shell = shell;
+    }
 }

backend/src/main/resources/config/liquibase/changelog/20260409001_add_shell_to_alert_response_rule.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260409001" author="Yorjander">
+        <addColumn tableName="utm_alert_response_rule">
+            <column name="rule_shell" type="varchar(20)" defaultValue="cmd"/>
+        </addColumn>
+    </changeSet>
+</databaseChangeLog>

backend/src/main/resources/config/liquibase/master.xml

@@ -589,4 +589,6 @@
 
   <include file="/config/liquibase/changelog/20260408002_seed_module_id_in_utm_data_types.xml" relativeToChangelogFile="false"/>
 
+  <include file="/config/liquibase/changelog/20260409001_add_shell_to_alert_response_rule.xml" relativeToChangelogFile="false"/>
+
 </databaseChangeLog>

frontend/src/app/incident-response/shared/component/action-builder/action-builder.component.html

@@ -56,7 +56,7 @@ <h4 class="panel-title m-0">Flow Actions</h4>
 
         <div class="col-6">
           <label class="pb-1" [for]="group.get('agentType').value ? 'default' : 'exclude'">
-            {{ group.get('agentType').value ? 'Default agent' : 'Exclude agents' }}
+            {{ group.get('agentType').value ? 'Dedicated agent' : 'Exclude agents' }}
           </label>
 
           <!-- Default agent select -->

frontend/src/app/incident-response/shared/component/ir-create-rule/ir-create-rule.component.html

@@ -116,6 +116,7 @@
                        class="w-30"
                        [loadingText]="'Loading alert fields...'"
                        [loading]="!alertFields"
+                       [disabled]="i === 0"
                        bindLabel="label"
                        bindValue="field"
                        formControlName="field"
@@ -139,15 +140,16 @@
                        formControlName="value"
                        id="values">
             </ng-select>
-            <i class="icon-cross2 cursor-pointer ml-3" ngbTooltip="Delete condition"
+            <i *ngIf="i > 0" class="icon-cross2 cursor-pointer ml-3" ngbTooltip="Delete condition"
                placement="left"
                (click)="removeRuleCondition(i)"></i>
+            <i *ngIf="i === 0" class="icon-lock2 ml-3 text-muted" ngbTooltip="Alert name is required"></i>
           </div>
           <div class="d-flex justify-content-between pr-4">
             <div>
-              <span *ngIf="ruleConditions.length === 0 || !ruleConditions.valid"
+              <span *ngIf="!ruleConditions.valid"
                     class="text-danger-300 font-size-base">
-                You must set at least one trigger condition
+                You must select an alert name and complete all trigger conditions
               </span>
             </div>
             <button class="btn utm-button btn-success align-self-end" (click)="addRuleCondition()">
@@ -175,7 +177,7 @@
       <div class="d-flex mt-3 flex-column">
         <div class="alert alert-info alert-styled-right mb-2 info-dismissible">
           <span class="font-weight-semibold">Info! </span>
-          <span>Select the agent handling strategy for the automation. If <strong>not active</strong>, commands will run on specified platform agents if the trigger conditions and dataSource field value of the alert match. Alternatively, choose a <strong>default agent</strong> to run the automation if no other agent matches the criteria. If this option is <strong>active</strong>, commands will run only on specified platform agents if the trigger conditions and dataSource field value of the alert match, if not, the <strong>automation won't be executed</strong>.</span>
+          <span>Select the agent handling strategy for the automation. If <strong>not active</strong>, commands will run on specified platform agents if the trigger conditions and dataSource field value of the alert match. Alternatively, choose a <strong>dedicated agent</strong> to run the automation if no other agent matches the criteria. If this option is <strong>active</strong>, commands will run only on specified platform agents if the trigger conditions and dataSource field value of the alert match, if not, the <strong>automation won't be executed</strong>.</span>
         </div>
           <app-utm-toggle (toggleChange)="onChangeToggle($event)"
                           [active]="formRule.get('agentType').value"
@@ -208,7 +210,7 @@
       </div>
       <div *ngIf="formRule.get('agentType').value" class="d-flex mt-2 flex-column">
         <div  class="col-6 p-0">
-          <label class="pb-1" for="exclude">Default agent</label>
+          <label class="pb-1" for="exclude">Dedicated agent</label>
           <ng-select [clearable]="false"
                      [items]="agents"
                      [placeholder]="'Select agent'"
@@ -235,6 +237,13 @@
       </div>
     </div>
     <div *ngIf="step===3" class="configure-step mt-3 mb-3">
+      <div *ngIf="isWindows()" class="form-group mb-3">
+        <label class="pb-1">Shell</label>
+        <select formControlName="shell" class="form-control w-25">
+          <option value="cmd">cmd</option>
+          <option value="powershell">powershell</option>
+        </select>
+      </div>
       <span class="font-size-lg mb-2"> <i
         class="icon-keyboard"></i> Press <b>TAB</b> to use alert fields in the command</span>
       <div class="window">