From ec27517bdd7a29f2f0f5532b1c9ba84df0d1ac45 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Fri, 11 Jul 2025 10:37:50 -0600
Subject: [PATCH] New Config Values

New config values with annotations and defaults.

Updated Nginx config to allow streaming requests to not be buffered on the way to the client.
---
 salt/nginx/etc/nginx.conf | 30 +++++++++++++++++-------------
 salt/soc/defaults.yaml    |  4 ++++
 salt/soc/soc_soc.yaml     | 11 +++++++++++
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 742f5d08d..caa05bbff 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -196,19 +196,23 @@ http {
 		}
 
 		location / {
-			auth_request          /auth/sessions/whoami;
-			auth_request_set      $userid $upstream_http_x_kratos_authenticated_identity_id;
-			proxy_set_header      x-user-id $userid;
-			proxy_pass            http://{{ GLOBALS.manager }}:9822/;
-			proxy_read_timeout    300;
-			proxy_connect_timeout 300;
-			proxy_set_header      Host $host;
-			proxy_set_header      X-Real-IP $remote_addr;
-			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_set_header      Proxy "";
-			proxy_set_header      Upgrade $http_upgrade;
-			proxy_set_header      Connection "Upgrade";
-			proxy_set_header      X-Forwarded-Proto $scheme;
+			auth_request            /auth/sessions/whoami;
+			auth_request_set        $userid $upstream_http_x_kratos_authenticated_identity_id;
+			proxy_set_header        x-user-id $userid;
+			proxy_pass              http://{{ GLOBALS.manager }}:9822/;
+			proxy_read_timeout      300;
+			proxy_connect_timeout   300;
+			proxy_set_header        Host $host;
+			proxy_set_header        X-Real-IP $remote_addr;
+			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header        Proxy "";
+			proxy_set_header        Upgrade $http_upgrade;
+			proxy_set_header        Connection "Upgrade";
+			proxy_set_header        X-Forwarded-Proto $scheme;
+
+			proxy_buffering         off;
+			proxy_cache             off;
+			proxy_request_buffering off;
 		}
 
 		location ~ ^/auth/.*?(login|oidc/callback) {
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 7bb2c1f03..c86889be7 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1491,6 +1491,10 @@ soc:
               - repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
                 branch: main
                 folder: securityonion-normalized
+        assistant:
+          apiKey:
+          apiUrl: https://onionai-dev.securityonion.net
+          model: claude-sonnet
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 2d0eb3792..b8133999f 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -580,6 +580,17 @@ soc:
               - field: folder
                 label: Folder
             airgap: *pbRepos
+        assistant:
+          apiKey:
+            description: The auth token to be used when reaching out to the AI Assistant.
+            global: True
+          apiUrl:
+            description: The URL of the AI gateway.
+            advanced: True
+            global: True
+          model:
+            description: The model to use as the AI Assistant
+            global: True
       client:
         apiTimeoutMs:
           description: Duration (in milliseconds) to wait for a response from the SOC server API before giving up and showing an error on the SOC UI.