- Convert all ~40 inline styles in UnlockLayout.vue to Tailwind CSS v4 arbitrary-value classes, matching MainLayout.vue color conventions (CSS variables + hex arbitraries). Visual appearance preserved exactly.
- Create ToolShell.vue reusable wrapper that owns output/running state and execute/setOutput API via defineExpose.
- Refactor PingTool, TracerouteTool, DnsLookup, WhoisTool, BandwidthTest to use ToolShell — each tool now contains only its unique inputs and invoke calls. Zero vue-tsc errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Extract handleKeydown into useKeyboardShortcuts.ts composable; reduces
MainLayout by ~20 lines and isolates keyboard logic cleanly
- ConnectionTree: watch groups for additions and auto-expand new entries
- MonitorBar: generation counter prevents stale event listeners on rapid
tab switching
- NetworkScanner: revoke blob URL after CSV export click (memory leak)
- TransferProgress: implement the auto-expand/collapse watcher that was
only commented but never wired up
- FileTree: block binary/large file uploads with clear user error rather
than silently corrupting — backend sftp_write_file is text-only
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- percent_decode: collect bytes into Vec<u8> then String::from_utf8_lossy to handle
non-ASCII paths correctly instead of casting byte as char (corrupted codepoints > 127)
- format_mtime: remove dead `st`/`y`/`_y` variables and unused UNIX_EPOCH/Duration imports
- reorder_connections/reorder_groups: wrap UPDATE loops in BEGIN/COMMIT transactions
with ROLLBACK on error to prevent partial sort order writes
- scan_network: validate subnet matches 3-octet format before use in remote shell commands
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New shell_escape() utility for safe command interpolation
- Applied across all MCP tools, docker, scanner, network commands
- MCP server generates random bearer token at startup
- Token written to mcp-token file with 0600 permissions
- All MCP HTTP requests require Authorization header
- Bridge binary reads token and sends on every request
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Vault key uses Zeroizing<[u8; 32]>, passwords zeroized after use
- vault/credentials Mutex upgraded to tokio::sync::Mutex
- CWD tracker + monitor use CancellationToken for clean shutdown
- Monitor exec_command has 10s timeout, 3-strike dead connection heuristic
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TabBar: move listen() into onMounted, store UnlistenFn
- Session store: track per-session unlisten fns, clean on close
- useRdp: store frame unlisten in composable scope, call in stopFrameLoop
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
VUE-1: store workspace save interval ID, clear in onUnmounted
VUE-2: extract beforeunload handler to named function, remove in onUnmounted
VUE-3: move useTerminal() to <script setup> top level in DetachedSession
VUE-4: call useTerminal() before nextTick await in CopilotPanel launch()
VUE-5: remove duplicate ResizeObserver from LocalTerminalView (useTerminal already creates one)
VUE-6: store terminal.onResize() IDisposable, dispose in onBeforeUnmount
VUE-7: extract connectSsh(), connectRdp(), resolveCredentials() from 220-line connect()
VUE-8: check session protocol before ssh_resize vs pty_resize in TerminalView
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Was only setting the remote clipboard without pasting. Now sends
clipboard content then simulates Ctrl+V (scancode 0x001D + 0x002F)
with 50ms delay for clipboard propagation. Works for any text
including special characters and multi-line content.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The AI can now open its own SSH sessions without the Commander
pre-opening them:
- ssh_connect(hostname, username, password?, private_key_path?, port?)
Returns session_id for use with all other tools
Supports password auth and SSH key file auth
Also added app_handle and error_watcher to MCP server state so
new sessions get full scrollback, monitoring, and CWD tracking.
This completes the autonomy loop: the AI discovers what's available
(list_sessions), connects to what it needs (ssh_connect), operates
(terminal_execute, docker_ps, sftp_read), and disconnects when done.
Total MCP tools: 31.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 new MCP tools completing the RDP interaction loop:
- rdp_click — click at x,y coordinates (left/right/middle button)
Use terminal_screenshot first to identify coordinates
- rdp_type — type text into RDP session via clipboard paste
- rdp_clipboard — set clipboard content on remote desktop
The AI can now screenshot an RDP session, analyze it visually,
click buttons, type text, and read clipboard content. Full GUI
automation through the MCP bridge.
Total MCP tools: 30.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
8 new MCP tools exposed through the bridge:
Docker:
- docker_ps — list all containers with status/image/ports
- docker_action — start/stop/restart/remove/logs/builder-prune/system-prune
- docker_exec — execute command inside a running container
System:
- service_status — check systemd service status
- process_list — ps aux with optional name filter
Git (remote repos):
- git_status — branch, dirty files, ahead/behind
- git_pull — pull latest changes
- git_log — recent 20 commits
Total MCP tools: 27. All accessible through the wraith-mcp-bridge.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resize fix:
- ResizeObserver now checks contentRect dimensions before fitting
- Ignores resize events when container width/height < 50px (hidden tab)
- Prevents xterm.js from calculating 8-char columns on zero-width containers
Flickering fix:
- markActivity throttled to once per second per session
- Was firing on every single data event (hundreds per second during
active output), triggering Vue reactivity updates on the sessions
array, causing tab bar and session container re-renders
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
RDP performance overhaul:
- Switched from polling (rAF loop calling rdp_get_frame every tick)
to event-driven rendering (backend emits rdp:frame:{id} when
frame buffer updates, frontend fetches on demand)
- Eliminates thousands of empty IPC round-trips per second when
the screen is idle
- Backend passes AppHandle into run_active_session for event emission
- Frontend uses listen() instead of requestAnimationFrame polling
MCP terminal fix:
- terminal_type and terminal_execute now send \r (carriage return)
instead of \n (newline) — PTY terminals expect CR to submit
- Fixes commands not auto-sending, requiring manual Enter press
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
terminal_type MCP tool (19 tools total):
- Fire-and-forget text input to any session
- Optional press_enter flag (default: true)
- No marker wrapping, no output capture
- Use case: AI sends messages/commands without needing output back
Tab resize fix:
- Double requestAnimationFrame before fitAddon.fit() on tab switch
- Container has real dimensions after browser layout pass
- Also sends ssh_resize/pty_resize to backend with correct cols/rows
- Fixes 6-8 char wide terminals after switching tabs
Close confirmation:
- beforeunload event shows browser "Leave page?" dialog
- Only triggers if sessions are active
- Synchronous — cannot hang the close like onCloseRequested did
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
onCloseRequested async handler was permanently blocking window close
on Windows, even with the 2s timeout. The confirm() dialog and async
invoke chain prevented the close event from completing.
Fix: removed onCloseRequested entirely. Workspace now auto-saves
every 30 seconds via setInterval. Close button works immediately
with no handler blocking it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Tauri native updater needs update.json hosted at a static URL.
Gitea packages don't support a 'latest' alias, so the endpoint
returned 'package does not exist'. Reverted Settings and startup
check to use check_for_updates command which queries the Gitea
releases API directly and works reliably.
The native auto-updater will work once we have proper static hosting
for update.json (or a redirect endpoint). For now, the manual check
+ download page approach is functional.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DashMap::clone() deep-copies all entries into a new map. The MCP
server's cloned SshService/SftpService/RdpService/ScrollbackRegistry
were snapshots from startup that never saw new sessions.
Fix: wrap all DashMap fields in Arc<DashMap<...>> so clones share
the same underlying map. Sessions added after MCP startup are now
visible to MCP tools.
Affected: SshService, SftpService, RdpService, ScrollbackRegistry.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Help menu (File → Help):
- Getting Started guide (connections, SFTP, copilot, tabs)
- Keyboard Shortcuts reference table
- MCP Integration page (setup command, all 18 tools documented,
bridge path auto-populated, architecture explanation)
- About page with version and tech stack
- Opens as a tabbed popup window
Tab detach fixes:
- Added detached-*, editor-*, help-* to capabilities window list
(detached windows had no event permissions — silent failure)
- SessionContainer filters out detached sessions (active=false)
so the main window stops rendering the terminal when detached
- Terminal now only renders in the detached popup window
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
On startup, Wraith checks if wraith-mcp-bridge exists in the data
directory. If missing or version mismatch, downloads the correct
version from Gitea packages automatically. No installer changes needed.
Flow:
1. Check data_dir/wraith-mcp-bridge.exe exists
2. Check data_dir/mcp-bridge-version matches app version
3. If not, download from packages/vstockwell/generic/wraith/{ver}/
4. Set execute permissions on Unix
5. Write version marker
Also exposes mcp_bridge_path command so the frontend can show the
path in settings for users to add to PATH or configure Claude Code.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The onCloseRequested async handler was blocking window close when
save_workspace invoke hung or threw. Fixed with:
1. Confirmation dialog: "Are you sure you want to close Wraith?"
(only shown if sessions are active, cancel prevents close)
2. Workspace save wrapped in Promise.race with 2s timeout so a
stuck invoke can never block the close indefinitely
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two issues:
1. convertEol was false for PTY sessions, but Windows ConPTY sends
bare \n without \r. Now enabled on Windows PTY sessions (checked
via navigator.platform). Unix PTY still false (driver handles it).
2. LocalTerminalView had no ResizeObserver, so the terminal never
reflowed when the container size changed. Added ResizeObserver
matching the SSH TerminalView pattern. Also added proper cleanup
on unmount.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Right-click any tab → "Detach to Window" opens the session in its
own Tauri window. The tab dims (opacity + italic) while detached.
Close the detached window → session reattaches to the main tab bar.
Architecture:
- DetachedSession.vue: standalone terminal that connects to the same
backend session (SSH/PTY events keep flowing)
- App.vue detects #/detached-session?sessionId=X hash
- Tab context menu: Detach to Window, Close
- session:reattach event emitted on window close, main window listens
- Monitor bar included in detached SSH windows
- Session.active flag tracks detached state
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PowerShell parser choked on the em dash character in Write-Host
string literals. Replaced with ASCII-safe alternatives and single
quotes to avoid any encoding issues in the CI runner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Removed useless CLAUDE_MCP_SERVERS env var injection (doesn't work)
- CI builds wraith-mcp-bridge.exe as a separate cargo --bin step
- Bridge binary signed with EV cert alongside the installer
- Uploaded to Gitea packages per version
- Attached to Gitea release as a downloadable asset
- Users add to PATH then: claude mcp add wraith -- wraith-mcp-bridge
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tauri auto-updater:
- Signing pubkey in tauri.conf.json
- tauri-plugin-updater initialized in lib.rs
- CI workflow passes TAURI_SIGNING_PRIVATE_KEY env vars to cargo tauri build
- CI generates update.json manifest with signature and uploads to
packages/latest/update.json endpoint
- Frontend checks for updates on startup via @tauri-apps/plugin-updater
- Downloads, installs, and relaunches seamlessly
- Settings → About button uses native updater too
RDP vault credentials:
- RDP connections now resolve credentials from vault via credentialId
- Same path as SSH: list_credentials → find by ID → decrypt_password
- Falls back to conn.options JSON if no vault credential linked
- Fixes blank username in RDP connect
Sidebar drag persist:
- reorder_connections and reorder_groups Tauri commands
- Batch-update sort_order in database on drop
- Order survives app restart
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Same root cause as the PTY crash (v1.2.6): tokio::spawn called from
Tauri setup hook without a tokio runtime guard. Switched error watcher
to std:🧵:spawn. Also wrapped both error watcher and MCP server
spawn in individual catch_unwind blocks so neither can crash the app.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Workspace restore was running synchronously in onMounted which could
crash if saved connection IDs were stale. The import of
@tauri-apps/api/window for onCloseRequested could also fail in
certain contexts.
Fix: defer restore to setTimeout(500ms) so the app renders first,
wrap each reconnect in individual try/catch, wrap the window close
listener setup in try/catch.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tab activity notifications:
- Background tabs pulse blue when new output arrives
- Clears when you switch to the tab
- useTerminal marks activity on every data event
Session persistence:
- Workspace saved to DB on window close (connection IDs + positions)
- Restored on launch — auto-reconnects saved sessions in order
- workspace_commands: save_workspace, load_workspace
Docker Manager (Tools → Docker Manager):
- Containers tab: list all, start/stop/restart/remove/logs
- Images tab: list all, remove
- Volumes tab: list all, remove
- One-click Builder Prune and System Prune buttons
- All operations via SSH exec channels — no Docker socket exposure
Sidebar drag-and-drop:
- Drag groups to reorder
- Drag connections between groups
- Drag connections within a group to reorder
- Blue border indicator on drop targets
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MCP: RdpService had a manual Clone impl that called unreachable!().
Replaced with a real clone that shares the DashMap. MCP server can
now clone all services and start successfully.
RDP: rustls needs CryptoProvider::install_default() before any TLS
operations. ironrdp-tls uses rustls for the RDP TLS handshake.
Added aws_lc_rs provider installation at app startup.
Both panics found via wraith.log debug logging from v1.6.3.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Debug logging:
- wraith_log!() macro available in all modules, writes to wraith.log
- SSH connect/auth, PTY spawn, RDP connect all log with session IDs
- MCP startup panic now shows the actual error message
Copilot "Tools" button:
- Shows when a PTY session is active in the copilot panel
- Injects a formatted list of all 18 MCP tools into the chat
- Groups tools by category: session, terminal, SFTP, network, utilities
- Includes parameter signatures so the AI knows how to call them
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Was logging "panicked — continuing" without the WHY. Now captures
the panic payload (String, &str, or type_id) so the log shows
exactly what went wrong in clone_services().
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
RDP: wrapped connection thread in catch_unwind so panics are logged
to wraith.log instead of silently killing the channel. Error message
now directs user to check the log.
CWD: changed cd . to cd ~ after OSC 7 hook injection so SFTP starts
at the user's home directory on macOS (where / requires explicit nav).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The printf argument had escaped quotes that passed through literally,
producing paths like /"/Users/foo". Removed the outer escaped quotes
— printf %s handles the command substitution directly. Also simplified
PROMPT_COMMAND assignment to avoid quote nesting issues.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CARGO_PKG_VERSION is always 0.1.0 (hardcoded in Cargo.toml). CI
patches tauri.conf.json from the git tag. Now reads app_handle.config()
for the real version so the update checker compares correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Checks Gitea releases API for latest version on startup. If newer
version available, shows confirm dialog to open download page.
Also adds "Check for Updates" button in Settings → About with
version comparison, release notes display, and download button.
Backend: check_for_updates command with semver comparison (6 tests).
96 total tests, zero warnings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
/home doesn't exist on macOS (home dirs are /Users/). Changed default
SFTP path to / so it always loads. OSC 7 parser now strips stray
quotes from shell printf output that produced paths like /"/path".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switched to printf '\e]7;file://localhost/%s\a' with sed space encoding.
BEL (\a) terminator is more universally supported than ST (\e\\).
Shared __wraith_osc7 function avoids duplicating the printf across
bash/zsh branches.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
