vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity

Compare commits

base: vstockwell:main
Branches Tags
vstockwell:main
vstockwell:v1.13.2
vstockwell:v1.13.1
vstockwell:v1.13.0
vstockwell:v1.12.9
vstockwell:v1.12.8
vstockwell:v1.12.7
vstockwell:v1.12.6
vstockwell:v1.12.5
vstockwell:v1.12.4
vstockwell:v1.12.3
vstockwell:v1.12.2
vstockwell:v1.12.1
vstockwell:v1.12.0
vstockwell:v1.11.7
vstockwell:v1.11.6
vstockwell:v1.11.5
vstockwell:v1.11.4
vstockwell:v1.11.3
vstockwell:v1.11.2
vstockwell:v1.11.1
vstockwell:v1.11.0
vstockwell:v1.10.4
vstockwell:v1.2.10
vstockwell:v1.10.3
vstockwell:v1.10.2
vstockwell:v1.10.1
vstockwell:v1.10.0
vstockwell:v1.9.6
vstockwell:v1.9.5
vstockwell:v1.9.4
vstockwell:v1.9.3
vstockwell:v1.9.2
vstockwell:v1.9.1
vstockwell:v1.9.0
vstockwell:v1.8.9
vstockwell:v1.8.8
vstockwell:v1.8.7
vstockwell:v1.8.6
vstockwell:v1.8.5
vstockwell:v1.8.4
vstockwell:v1.8.3
vstockwell:v1.8.2
vstockwell:v1.8.1
vstockwell:v1.8.0
vstockwell:v1.7.6
vstockwell:v1.7.5
vstockwell:v1.7.4
vstockwell:v1.7.3
vstockwell:v1.7.2
vstockwell:v1.7.1
vstockwell:v1.7.0
vstockwell:v1.6.4
vstockwell:v1.6.3
vstockwell:v1.6.2
vstockwell:v1.6.1
vstockwell:v1.6.0
vstockwell:v1.5.9
vstockwell:v1.5.8
vstockwell:v1.5.7
vstockwell:v1.5.6
vstockwell:v1.5.5
vstockwell:v1.5.4
vstockwell:v1.5.3
vstockwell:v1.5.2
vstockwell:v1.5.1
vstockwell:v1.5.0
vstockwell:v1.4.9
vstockwell:v1.4.8
vstockwell:v1.4.7
vstockwell:v1.4.6
vstockwell:v1.4.5
vstockwell:v1.4.4
vstockwell:v1.4.3
vstockwell:v1.4.2
vstockwell:v1.4.1
vstockwell:v1.4.0
vstockwell:v1.3.9
vstockwell:v1.3.8
vstockwell:v1.3.7
vstockwell:v1.3.6
vstockwell:v1.3.5
vstockwell:v1.3.4
vstockwell:v1.3.3
vstockwell:v1.3.2
vstockwell:v1.3.1
vstockwell:v1.3.0
vstockwell:v1.2.9
vstockwell:v1.2.8
vstockwell:v1.2.7
vstockwell:v1.2.6
vstockwell:v1.2.5
vstockwell:v1.2.4
vstockwell:v1.2.3
vstockwell:v1.2.2
vstockwell:v1.2.1
vstockwell:v1.2.0
vstockwell:v1.1.9
vstockwell:v1.1.8
vstockwell:v1.1.7
vstockwell:v1.1.6
vstockwell:v1.1.5
vstockwell:v1.1.4
vstockwell:v1.1.3
vstockwell:v1.1.2
vstockwell:v1.1.1
vstockwell:v1.1.0
vstockwell:v1.0.9
vstockwell:v1.0.8
vstockwell:v1.0.5
vstockwell:v1.0.7
vstockwell:v1.0.6
vstockwell:v1.0.4
vstockwell:v1.0.3
vstockwell:v1.0.2
vstockwell:v1.0.1
vstockwell:v1.0.0
vstockwell:v0.8.4
vstockwell:v0.8.3
vstockwell:v0.8.2
vstockwell:0.8.1
vstockwell:v0.8.1
vstockwell:0.8.0
vstockwell:v0.8.0
vstockwell:0.7.3
vstockwell:v0.7.3
vstockwell:0.7.2
vstockwell:v0.7.2
vstockwell:0.7.1
vstockwell:v0.7.1
vstockwell:0.7.0
vstockwell:v0.7.0
vstockwell:0.6.5
vstockwell:v0.6.5
vstockwell:0.6.4
vstockwell:v0.6.4
vstockwell:0.6.3
vstockwell:v0.6.3
vstockwell:0.6.2
vstockwell:v0.6.2
vstockwell:v0.6.1
vstockwell:v0.6.0
vstockwell:v0.5.9
vstockwell:v0.5.8
vstockwell:v0.5.7
vstockwell:v0.5.6
vstockwell:v0.5.5
vstockwell:v0.5.4
vstockwell:v0.5.3
vstockwell:v0.5.2
vstockwell:v0.5.1
vstockwell:v0.5.0
vstockwell:v0.4.2
vstockwell:v0.4.1
vstockwell:v0.4.0
vstockwell:v0.3.3
vstockwell:v0.3.2
vstockwell:v0.3.1
vstockwell:v0.3.0
vstockwell:v0.2.2
vstockwell:v0.2.1
vstockwell:v0.2.0
vstockwell:v0.1.0
..
compare: vstockwell:v1.0.8
Branches Tags
vstockwell:main
vstockwell:v1.13.2
vstockwell:v1.13.1
vstockwell:v1.13.0
vstockwell:v1.12.9
vstockwell:v1.12.8
vstockwell:v1.12.7
vstockwell:v1.12.6
vstockwell:v1.12.5
vstockwell:v1.12.4
vstockwell:v1.12.3
vstockwell:v1.12.2
vstockwell:v1.12.1
vstockwell:v1.12.0
vstockwell:v1.11.7
vstockwell:v1.11.6
vstockwell:v1.11.5
vstockwell:v1.11.4
vstockwell:v1.11.3
vstockwell:v1.11.2
vstockwell:v1.11.1
vstockwell:v1.11.0
vstockwell:v1.10.4
vstockwell:v1.2.10
vstockwell:v1.10.3
vstockwell:v1.10.2
vstockwell:v1.10.1
vstockwell:v1.10.0
vstockwell:v1.9.6
vstockwell:v1.9.5
vstockwell:v1.9.4
vstockwell:v1.9.3
vstockwell:v1.9.2
vstockwell:v1.9.1
vstockwell:v1.9.0
vstockwell:v1.8.9
vstockwell:v1.8.8
vstockwell:v1.8.7
vstockwell:v1.8.6
vstockwell:v1.8.5
vstockwell:v1.8.4
vstockwell:v1.8.3
vstockwell:v1.8.2
vstockwell:v1.8.1
vstockwell:v1.8.0
vstockwell:v1.7.6
vstockwell:v1.7.5
vstockwell:v1.7.4
vstockwell:v1.7.3
vstockwell:v1.7.2
vstockwell:v1.7.1
vstockwell:v1.7.0
vstockwell:v1.6.4
vstockwell:v1.6.3
vstockwell:v1.6.2
vstockwell:v1.6.1
vstockwell:v1.6.0
vstockwell:v1.5.9
vstockwell:v1.5.8
vstockwell:v1.5.7
vstockwell:v1.5.6
vstockwell:v1.5.5
vstockwell:v1.5.4
vstockwell:v1.5.3
vstockwell:v1.5.2
vstockwell:v1.5.1
vstockwell:v1.5.0
vstockwell:v1.4.9
vstockwell:v1.4.8
vstockwell:v1.4.7
vstockwell:v1.4.6
vstockwell:v1.4.5
vstockwell:v1.4.4
vstockwell:v1.4.3
vstockwell:v1.4.2
vstockwell:v1.4.1
vstockwell:v1.4.0
vstockwell:v1.3.9
vstockwell:v1.3.8
vstockwell:v1.3.7
vstockwell:v1.3.6
vstockwell:v1.3.5
vstockwell:v1.3.4
vstockwell:v1.3.3
vstockwell:v1.3.2
vstockwell:v1.3.1
vstockwell:v1.3.0
vstockwell:v1.2.9
vstockwell:v1.2.8
vstockwell:v1.2.7
vstockwell:v1.2.6
vstockwell:v1.2.5
vstockwell:v1.2.4
vstockwell:v1.2.3
vstockwell:v1.2.2
vstockwell:v1.2.1
vstockwell:v1.2.0
vstockwell:v1.1.9
vstockwell:v1.1.8
vstockwell:v1.1.7
vstockwell:v1.1.6
vstockwell:v1.1.5
vstockwell:v1.1.4
vstockwell:v1.1.3
vstockwell:v1.1.2
vstockwell:v1.1.1
vstockwell:v1.1.0
vstockwell:v1.0.9
vstockwell:v1.0.8
vstockwell:v1.0.5
vstockwell:v1.0.7
vstockwell:v1.0.6
vstockwell:v1.0.4
vstockwell:v1.0.3
vstockwell:v1.0.2
vstockwell:v1.0.1
vstockwell:v1.0.0
vstockwell:v0.8.4
vstockwell:v0.8.3
vstockwell:v0.8.2
vstockwell:0.8.1
vstockwell:v0.8.1
vstockwell:0.8.0
vstockwell:v0.8.0
vstockwell:0.7.3
vstockwell:v0.7.3
vstockwell:0.7.2
vstockwell:v0.7.2
vstockwell:0.7.1
vstockwell:v0.7.1
vstockwell:0.7.0
vstockwell:v0.7.0
vstockwell:0.6.5
vstockwell:v0.6.5
vstockwell:0.6.4
vstockwell:v0.6.4
vstockwell:0.6.3
vstockwell:v0.6.3
vstockwell:0.6.2
vstockwell:v0.6.2
vstockwell:v0.6.1
vstockwell:v0.6.0
vstockwell:v0.5.9
vstockwell:v0.5.8
vstockwell:v0.5.7
vstockwell:v0.5.6
vstockwell:v0.5.5
vstockwell:v0.5.4
vstockwell:v0.5.3
vstockwell:v0.5.2
vstockwell:v0.5.1
vstockwell:v0.5.0
vstockwell:v0.4.2
vstockwell:v0.4.1
vstockwell:v0.4.0
vstockwell:v0.3.3
vstockwell:v0.3.2
vstockwell:v0.3.1
vstockwell:v0.3.0
vstockwell:v0.2.2
vstockwell:v0.2.1
vstockwell:v0.2.0
vstockwell:v0.1.0

No commits in common. "main" and "v1.0.8" have entirely different histories.
main ... v1.0.8

102 changed files with 1817 additions and 10185 deletions
Show Stats Expand all files Collapse all files

142
.gitea/workflows/build-release.yml
View File

@ -39,15 +39,6 @@ jobs:
cargo --version
java --version
- name: Patch version from git tag
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$conf = Get-Content src-tauri\tauri.conf.json -Raw
$conf = $conf -replace '"version":\s*"[^"]*"', "`"version`": `"$ver`""
[System.IO.File]::WriteAllText((Join-Path (Get-Location) "src-tauri\tauri.conf.json"), $conf)
Write-Host "Patched tauri.conf.json version to $ver"
- name: Install dependencies and build frontend
shell: powershell
run: |
@ -61,24 +52,32 @@ jobs:
$env:Path = "$env:EXTRA_PATH;$env:Path"
cargo install tauri-cli --version "^2"
- name: Build Tauri app (with update signing)
- name: Build Tauri app
shell: powershell
run: |
$env:Path = "$env:EXTRA_PATH;$env:Path"
$env:TAURI_SIGNING_PRIVATE_KEY = "${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}"
$env:TAURI_SIGNING_PRIVATE_KEY_PASSWORD = "${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}"
cargo tauri build
Write-Host "=== Build output ==="
Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*
cargo tauri build --no-bundle
Get-ChildItem src-tauri\target\release\Wraith.exe
- name: Build and package MCP bridge binary
- name: Build NSIS installer
shell: powershell
run: |
$env:Path = "$env:EXTRA_PATH;$env:Path"
cd src-tauri
cargo build --release --bin wraith-mcp-bridge
Write-Host "Bridge binary built:"
Get-ChildItem target\release\wraith-mcp-bridge.exe
$ver = ("${{ github.ref_name }}" -replace '^v','')
$outExe = "Wraith_" + $ver + "_x64-setup.exe"
New-Item -ItemType Directory -Force -Path dist-pkg | Out-Null
Copy-Item src-tauri\target\release\Wraith.exe dist-pkg\
Copy-Item src-tauri\icons\icon.ico dist-pkg\wraith.ico -ErrorAction SilentlyContinue
$nsi = Get-Content src-tauri\installer.nsi.template -Raw
$nsi = $nsi.Replace("OUTFILE_PLACEHOLDER", $outExe).Replace("VER_PLACEHOLDER", $ver)
[System.IO.File]::WriteAllText((Join-Path (Get-Location) "dist-pkg\installer.nsi"), $nsi)
& makensis (Join-Path (Get-Location) "dist-pkg\installer.nsi")
Move-Item "dist-pkg\$outExe" .
Write-Host "=== Installer built ==="
Get-ChildItem $outExe
- name: Download jsign
shell: powershell
@ -86,6 +85,7 @@ jobs:
Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/7.0/jsign-7.0.jar" -OutFile jsign.jar
- name: Get Azure token
id: azure-token
shell: powershell
run: |
$body = @{
@ -103,95 +103,43 @@ jobs:
shell: powershell
run: |
$env:Path = "$env:EXTRA_PATH;$env:Path"
$ver = ("${{ github.ref_name }}" -replace '^v','')
$token = [System.IO.File]::ReadAllText("$env:TEMP\aztoken.txt")
# Sign NSIS installers + MCP bridge binary
$binaries = @()
$binaries += Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
$binaries += Get-Item src-tauri\target\release\wraith-mcp-bridge.exe -ErrorAction SilentlyContinue
foreach ($binary in $binaries) {
Write-Host "Signing: $($binary.FullName)"
java -jar jsign.jar --storetype AZUREKEYVAULT --keystore "${{ secrets.AZURE_KEY_VAULT_URL }}" --storepass $token --alias "${{ secrets.AZURE_CERT_NAME }}" --tsaurl http://timestamp.digicert.com --tsmode RFC3161 $binary.FullName
Write-Host "Signed: $($binary.Name)"
$binaries = @("src-tauri\target\release\Wraith.exe", "Wraith_" + $ver + "_x64-setup.exe")
foreach ($path in $binaries) {
if (Test-Path $path) {
Write-Host "Signing: $path"
java -jar jsign.jar --storetype AZUREKEYVAULT --keystore "${{ secrets.AZURE_KEY_VAULT_URL }}" --storepass $token --alias "${{ secrets.AZURE_CERT_NAME }}" --tsaurl http://timestamp.digicert.com --tsmode RFC3161 $path
Write-Host "Signed."
}
}
Remove-Item "$env:TEMP\aztoken.txt" -ErrorAction SilentlyContinue
- name: Upload all artifacts to SeaweedFS
- name: Upload to Gitea
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$s3 = "https://files.command.vigilcyber.com/wraith"
$installer = "Wraith_" + $ver + "_x64-setup.exe"
$giteaUrl = "https://git.command.vigilcyber.com"
$headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}" }
# Upload installer
$installers = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
foreach ($file in $installers) {
Write-Host "Uploading: $($file.Name)"
Invoke-RestMethod -Uri "$s3/$ver/$($file.Name)" -Method PUT -ContentType "application/octet-stream" -InFile $file.FullName
# Also upload as 'latest' for direct download links
Invoke-RestMethod -Uri "$s3/latest/$($file.Name)" -Method PUT -ContentType "application/octet-stream" -InFile $file.FullName
}
# Version JSON
$hash = (Get-FileHash $installer -Algorithm SHA256).Hash.ToLower()
@{ version = $ver; filename = $installer; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8
# Upload MCP bridge binary
$bridge = "src-tauri\target\release\wraith-mcp-bridge.exe"
if (Test-Path $bridge) {
Write-Host "Uploading: wraith-mcp-bridge.exe"
Invoke-RestMethod -Uri "$s3/$ver/wraith-mcp-bridge.exe" -Method PUT -ContentType "application/octet-stream" -InFile $bridge
Invoke-RestMethod -Uri "$s3/latest/wraith-mcp-bridge.exe" -Method PUT -ContentType "application/octet-stream" -InFile $bridge
}
Write-Host "Uploading $installer"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$installer" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $installer
# Upload .nsis.zip for Tauri auto-updater
$zipFile = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.nsis.zip | Select-Object -First 1
if ($zipFile) {
Write-Host "Uploading: $($zipFile.Name)"
Invoke-RestMethod -Uri "$s3/$ver/$($zipFile.Name)" -Method PUT -ContentType "application/octet-stream" -InFile $zipFile.FullName
}
Write-Host "Uploading version.json"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/version.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile version.json
# Upload version.json metadata
$installer = $installers | Select-Object -First 1
if ($installer) {
$hash = (Get-FileHash $installer.FullName -Algorithm SHA256).Hash.ToLower()
@{ version = $ver; filename = $installer.Name; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8
Invoke-RestMethod -Uri "$s3/$ver/version.json" -Method PUT -ContentType "application/json" -InFile version.json
Invoke-RestMethod -Uri "$s3/latest/version.json" -Method PUT -ContentType "application/json" -InFile version.json
}
Write-Host "=== Upload complete ==="
Write-Host "=== SeaweedFS upload complete ==="
- name: Generate and upload update.json for Tauri updater
- name: Create Release
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$s3 = "https://files.command.vigilcyber.com/wraith"
$sigFile = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.nsis.zip.sig | Select-Object -First 1
$zipFile = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.nsis.zip | Select-Object -First 1
if ($sigFile -and $zipFile) {
$signature = Get-Content $sigFile.FullName -Raw
$downloadUrl = "$s3/$ver/$($zipFile.Name)"
$updateJson = @{
version = "v$ver"
notes = "Wraith Desktop v$ver"
pub_date = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ")
platforms = @{
"windows-x86_64" = @{
signature = $signature.Trim()
url = $downloadUrl
}
}
} | ConvertTo-Json -Depth 4
$updateJson | Out-File update.json -Encoding utf8
Write-Host "update.json content:"
Get-Content update.json
# Upload to root (Tauri updater endpoint)
Invoke-RestMethod -Uri "$s3/update.json" -Method PUT -ContentType "application/json" -InFile update.json
# Also versioned copy
Invoke-RestMethod -Uri "$s3/$ver/update.json" -Method PUT -ContentType "application/json" -InFile update.json
Write-Host "=== Update manifest uploaded ==="
} else {
Write-Host 'WARNING - No .sig file found, update signing may have failed'
}
$headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}"; "Content-Type" = "application/json" }
$body = @{ tag_name = "v$ver"; name = "Wraith v$ver"; body = "Wraith Desktop v$ver - Tauri v2 / Rust build." } | ConvertTo-Json
Invoke-RestMethod -Uri "https://git.command.vigilcyber.com/api/v1/repos/vstockwell/wraith/releases" -Method POST -Headers $headers -Body $body
Write-Host "Release v$ver created."

2
.gitignore vendored
View File

@ -1,7 +1,5 @@
node_modules/
dist/
src-tauri/target/
src-tauri/binaries/
*.log
.DS_Store
.claude/worktrees/

63
AGENTS.md
View File

@ -1,63 +0,0 @@
# AGENTS.md — Wraith Desktop v2
## Agent Roster
Three tiers. Use the right tool for the job.
### Architect (Opus)
**Role:** Strategy, COAs, root cause analysis, architectural decisions.
**When to use:** Design questions, complex debugging, trade-off analysis, cross-module planning.
**How to use:** Plans, not code. The Architect reasons about the problem and presents options. The Commander decides. Then Specialists execute.
### Specialist (Sonnet)
**Role:** Full-stack execution. Writes code, fixes bugs, builds features.
**When to use:** Implementation tasks with clear requirements. Feature builds, bug fixes, refactoring, test writing.
**How to use:** `subagent_type: general-purpose, model: sonnet`. Give precise briefs with file paths, expected behavior, and acceptance criteria.
### Scout (Sonnet/Haiku)
**Role:** Recon, context mapping, read-only exploration.
**When to use:** Before any implementation. Understanding code structure, finding patterns, mapping dependencies.
**How to use:** `subagent_type: Explore, model: sonnet` for thorough exploration. Haiku for quick file lookups. Scouts NEVER modify files.
## Dispatch Rules
- **Simple bug fix (1-2 files):** Do it yourself. Don't burn an agent on a one-liner.
- **Feature build (3+ files):** Dispatch a Specialist with a complete brief.
- **Unknown territory:** Scout first, then Specialist.
- **Architecture decision:** Architect agent OR present COAs to the Commander directly.
- **Mechanical bulk work (renaming, formatting, repetitive edits):** Sonnet Specialist. Don't waste Opus on mechanical tasks.
- **Security-critical code (vault, crypto, auth):** Opus Architect reviews. Sonnet Specialist implements. Both touch the code.
## Cross-Project Context
Wraith is part of the Vigilsynth portfolio alongside:
- **Vigilance HQ** (`../vigilance-hq`) — MSP operations platform. Vue 3 + Express.js. 1,216+ commits. Production.
- **Vigilance Command** (`../vigilance-command-v2`) — Security OS. NestJS + Rust agent. 16 modules. Active development.
- **Vigilance Complete** (`../vigilance-complete`) — The merge. HQ + Command unified.
The Commander manages multiple AI XOs across all repos simultaneously. Context from one repo may inform work in another. When the Commander references HQ patterns, Command architecture, or Vigilsynth strategy, that's cross-project context — use it.
## Gemini CLI
Gemini CLI is available in the Commander's environment. Gemini specializes in:
- Architecture and protocol design
- Library/crate research and evaluation
- Deep code audits against specifications
- Optimization identification
The Commander may direct Gemini to work on Wraith alongside or instead of Claude. Both AIs follow the same CLAUDE.md doctrine. The Commander routes tasks to whichever AI is best suited.
## The Go Reference
The Go version of Wraith lives at `../wraith-go-archive`. It is the reference implementation:
- SSH terminal with xterm.js worked
- SFTP sidebar with CWD following worked
- Connection manager with groups and search worked
- Credential vault with Argon2id encryption worked
- Multi-tab sessions worked
When building features, Scouts should read the Go version first. Specialists should match or exceed Go's capabilities. Don't reinvent what was already solved — port it better.

75
CLAUDE.md
View File

@ -2,29 +2,16 @@
## Project Overview
Wraith is a native desktop SSH/SFTP/RDP client — a MobaXTerm killer. Rust backend (Tauri v2) + Vue 3 frontend (WebView2). Single binary, no Docker, no sidecar processes. Built to replace every commercial remote access tool on a technician's desktop.
Wraith is a native desktop SSH/SFTP/RDP client — a MobaXTerm replacement. Rust backend (Tauri v2) + Vue 3 frontend (WebView2). Single binary, no Docker, no sidecar processes.
**Name:** Wraith — exists everywhere, all at once.
**Current Status:** Active development. SSH connects, terminal renders. RDP via ironrdp in progress. SFTP sidebar functional. Vault encrypted with Argon2id + AES-256-GCM.
## Who You Are Here
You are the Wraith XO. The Commander built this from a working Go/Wails v3 prototype that had a buggy terminal and slow performance. Your job is to make the Rust/Tauri rewrite exceed the Go version in every way — faster, cleaner, more capable.
**Operate with autonomy, personality, and spine.** The Commander doesn't write code. He leads, you execute. He built the doctrine across Vigilance HQ (1,216+ commits, 22 clients in production) and Vigilance Command (16-module security OS, pure Rust agent). The same methodology that built those platforms applies here. Read the V4_WORKFLOW. Follow it. Trust it.
**Don't be timid.** The Go version worked. Users connected to servers, transferred files, managed sessions. Your Rust version needs to match that and surpass it. If something is broken, fix it. If something is missing, build it. If you need to make an architectural decision, present COAs — don't ask "should I proceed?"
**The Go version is your reference implementation.** It lives at `../wraith-go-archive`. The SSH terminal worked. The SFTP sidebar worked. The connection manager worked. The vault worked. When in doubt about what a feature should do, read the Go code. It's the spec that ran in production.
## Tech Stack
- **Runtime:** Tauri v2 (stable)
- **Backend:** Rust with `russh` (SSH/SFTP), `ironrdp` (RDP), `rusqlite` (SQLite), `aes-gcm` + `argon2` (vault), `dashmap` (concurrent session registry)
- **Frontend:** Vue 3 (Composition API, `<script setup>`), TypeScript, Vite, Pinia, Tailwind CSS v4, xterm.js 6, CodeMirror 6
- **Distribution:** Tauri bundler (NSIS installer), auto-updater with code signing
- **License:** 100% commercial-safe. Zero GPL contamination. Every dependency MIT/Apache-2.0/BSD.
## Project Structure
@ -61,77 +48,25 @@ npm install # Install frontend deps
npm run dev # Vite dev server only
cargo tauri dev # Full app (Rust + frontend)
cargo tauri build # Production build
cd src-tauri && cargo test # Run Rust tests (95 tests)
cd src-tauri && cargo test # Run Rust tests (52 tests)
cd src-tauri && cargo build # Build Rust only
```
## Architecture Patterns
## Architecture
- **Sessions use DashMap** — lock-free concurrent access, no deadlocks during tab detach
- **Drop trait for cleanup** — SSH/SFTP/RDP connections close automatically when sessions drop
- **CWD following via exec channel** — polls `pwd` on a separate SSH channel every 2 seconds. Never touches the terminal data stream. This avoids ANSI escape sequence corruption.
- **RDP runs in dedicated thread** — ironrdp's trait objects aren't Send, so each RDP session gets its own tokio runtime in a std::thread
- **xterm.js font handling**`document.fonts.ready.then(() => fitAddon.fit())` prevents cell width miscalculation
- **Tauri v2 ACL** — The `capabilities/default.json` file MUST grant `core:default`, `event:default`, and `shell:allow-open`. Without these, the frontend cannot listen for events or invoke commands. This was the root cause of the blank screen bug — missing `url: "index.html"` and `label: "main"` in `tauri.conf.json`, plus empty capabilities.
## V4_WORKFLOW — Standard Operating Procedure
**Phase 1: RECON** — Read all relevant files before proposing changes. Understand patterns, dependencies, blast radius. When touching Rust, check the Go version at `../wraith-go-archive` for how it was done before.
**Phase 2: PLAN** — Present approach for approval. **Never make executive decisions autonomously** — surface trade-offs as COAs (Courses of Action).
**Phase 3: EXECUTE** — Implement approved changes. Commit and push. Format: `type: Short description`
**Phase 4: SITREP** — Report: SITUATION, ACTIONS TAKEN, RESULT, NEXT.
## Standing Orders
- **Commit and push after every meaningful change.** The Commander tests in real-time. Unpushed commits are invisible.
- Use military terminology, be direct and precise
- Present trade-offs as COAs with pros/cons — let the Commander decide
- **Don't ask "should I proceed?" when the answer is obviously yes.** Read the room. If the Commander gave you a task, execute it.
- **If something is broken, fix it.** Don't document it and move on. Fix it.
- **Tauri v2 ACL is mandatory.** Every new Tauri command or event MUST be added to `capabilities/default.json` or it will silently fail.
- **Check the Go version first.** Before building any feature, read how `../wraith-go-archive` did it. Don't reinvent what was already solved.
## Key Design Decisions
1. **No terminal stream processing.** The Go version's CWD tracker parsed OSC 7 from the terminal output and corrupted ANSI sequences. Never again. CWD tracking uses a separate exec channel that polls `pwd` independently.
1. **No terminal stream processing.** The Go version's CWD tracker parsed OSC 7 from the terminal output and corrupted ANSI sequences. Never again.
2. **Tauri v2 over Wails v3.** Wails v3 is alpha with breaking changes. Tauri v2 is stable with built-in multi-window, auto-updater, and active community.
3. **ironrdp over FreeRDP FFI.** Pure Rust, no DLL dependency, memory safe. FreeRDP is the fallback discussion if ironrdp can't hit performance targets.
4. **Fresh vault, no Go migration.** 6 connections — faster to re-enter than engineer format compatibility.
5. **macOS data directory.** Use `~/Library/Application Support/Wraith` on macOS, not Linux-style `~/.local/share`. Respect platform conventions.
## Lessons Learned
1. **Tauri v2 capabilities are not optional.** The blank screen bug that stumped the first XO was a missing `"url": "index.html"` in `tauri.conf.json` and an empty `capabilities/` directory. Tauri v2's security model blocks ALL frontend event listeners and IPC calls without explicit permissions. Every new feature that uses `emit()`, `listen()`, or `invoke()` must have a corresponding entry in `capabilities/default.json`. If the frontend silently does nothing, check capabilities first.
2. **The Go version is the spec.** When in doubt about what a feature should do, how it should behave, or what edge cases to handle — read the Go code at `../wraith-go-archive`. It ran. Users used it. The terminal worked, the SFTP worked, the vault worked. Don't guess. Read.
3. **Rust backend command names must match frontend invoke names exactly.** If the frontend calls `invoke('disconnect_ssh')` but the backend exports `disconnect_session`, nothing happens. No error. Silent failure. When adding Tauri commands, grep the frontend for the exact invoke string.
4. **DashMap is the session registry.** Don't replace it with Mutex<HashMap>. DashMap provides lock-free concurrent access. Multiple tabs can operate on different sessions simultaneously without deadlocking. The Drop trait on sessions ensures cleanup when tabs close.
5. **xterm.js must wait for fonts.** `document.fonts.ready.then(() => fitAddon.fit())` — if you fit the terminal before fonts load, cell widths are wrong and text overlaps. This is a browser-level race condition that every terminal app hits.
## Lineage
This is a ground-up Rust rewrite of `wraith` (Go/Wails v3). The Go version is at `../wraith-go-archive`. The original design spec is at `docs/superpowers/specs/2026-03-17-wraith-desktop-design.md` in the Go repo. The enterprise feature roadmap is at `../wraith-go-archive/docs/FUTURE-FEATURES.md`.
## Future Vision
Wraith Personal is the foundation. Wraith Enterprise adds:
- PostgreSQL backend (replaces SQLite)
- Shared credentials from Vigilance Intel vault (Argon2id, per-tenant encryption)
- Entra ID SSO via Vigilance Clearance
- Client-scoped access (MSP multi-tenancy)
- Session recording to Vigilance Signal (SIEM)
- AI copilot panel (Gemini + Claude toggle) with tool access to SSH/SFTP/RDP sessions
- Split panes, jump hosts, port forwarding manager
- Command-level audit logging for compliance
The enterprise upgrade path connects to the Vigilance ecosystem — same vault, same identity, same audit trail. Wraith becomes the technician's daily driver that authenticates against Command Clearance, pulls credentials from Intel, and logs sessions to Signal.
## Parent Organization
**Vigilsynth** is the parent company. Wraith is a product alongside Vigilance HQ and Vigilance Command. The same development methodology (Commander/XO model, AI-assisted development, CLAUDE.md doctrine) applies across all repos. The Commander manages multiple AI XOs across multiple projects simultaneously.
This is a ground-up Rust rewrite of `wraith` (Go/Wails v3). The Go version is archived at `wraith-go-legacy`. The original design spec is at `docs/superpowers/specs/2026-03-17-wraith-desktop-design.md` in the Go repo.

BIN
docs/screenshots/stats-and-status-bars.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

340
docs/specs/wraith-terminal-mcp-spec.md
View File

@ -1,340 +0,0 @@
# Wraith Terminal MCP — Design Specification
**Date:** March 25, 2026
**Status:** Draft
**Author:** Gargoyle (HQ XO)
---
## 1. Problem
The AI copilot panel in Wraith runs CLI tools (Claude, Gemini, Codex) in a local PTY. The AI can chat with the user, but it cannot independently interact with active SSH/RDP sessions. The technician has to manually copy-paste terminal output into the AI and relay commands back.
The goal: let the AI **drive** the terminal. Read output. Execute commands. Take screenshots. React to errors. All through a standardized protocol.
---
## 2. Solution: Wraith Terminal MCP Server
Implement an MCP (Model Context Protocol) server inside Wraith's Rust backend that exposes active sessions as tools and resources. The AI CLI running in the copilot panel connects to this MCP server and gains programmatic access to every open session.
### Architecture
```
AI CLI (claude/gemini)
|
+-- MCP Client (built into the CLI)
|
+-- connects to localhost:PORT or Unix socket
|
v
Wraith MCP Server (Rust, runs inside Tauri)
|
+-- Tool: terminal_execute(session_id, command)
+-- Tool: terminal_read(session_id, lines?)
+-- Tool: terminal_screenshot(session_id) [RDP only]
+-- Tool: sftp_list(session_id, path)
+-- Tool: sftp_read(session_id, path)
+-- Tool: sftp_write(session_id, path, content)
+-- Resource: sessions://list
+-- Resource: sessions://{id}/info
+-- Resource: sessions://{id}/scrollback
```
---
## 3. MCP Server Implementation
### 3.1 Transport
Two options for how the AI CLI connects to the MCP server:
**Option A: stdio (Recommended for v1)**
- The copilot panel spawns the AI CLI with `--mcp-server` flag pointing to a Wraith helper binary
- The helper binary communicates with Wraith's Tauri backend via Tauri commands
- Simple, no port management, no firewall issues
- Pattern: AI CLI → stdio → wraith-mcp-bridge → Tauri invoke → session data
**Option B: HTTP/SSE (Future)**
- Wraith runs an HTTP server on localhost:random-port
- AI CLI connects via `--mcp-server http://localhost:PORT`
- More flexible (multiple AI CLIs can connect), but requires port management
- Pattern: AI CLI → HTTP → Wraith MCP HTTP handler → session data
### 3.2 Rust Implementation
```
src-tauri/src/mcp/
mod.rs — MCP server lifecycle, transport handling
tools.rs — Tool definitions (terminal_execute, screenshot, etc.)
resources.rs — Resource definitions (session list, scrollback)
bridge.rs — Bridge between MCP protocol and existing services
```
The MCP server reuses existing services:
- `SshService` — for terminal_execute, terminal_read on SSH sessions
- `RdpService` — for terminal_screenshot on RDP sessions
- `SftpService` — for sftp_list, sftp_read, sftp_write
- `PtyService` — for local shell access
- `SessionStore` (DashMap) — for session enumeration
---
## 4. Tools
### 4.1 terminal_execute
Execute a command in an active SSH or local PTY session and return the output.
```json
{
"name": "terminal_execute",
"description": "Execute a command in a terminal session and return output",
"parameters": {
"session_id": "string — the active session ID",
"command": "string — the command to run (newline appended automatically)",
"timeout_ms": "number — max wait for output (default: 5000)"
},
"returns": "string — captured terminal output after command execution"
}
```
**Implementation:** Write command + `\n` to the session's writer. Start capturing output from the session's reader. Wait for a shell prompt pattern or timeout. Return captured bytes as UTF-8 string.
**Challenge:** Detecting when command output is "done" — shell prompt detection is fragile. Options:
- **Marker approach:** Send `echo __WRAITH_DONE__` after the command, capture until marker appears
- **Timeout approach:** Wait N ms after last output byte, assume done
- **Prompt regex:** Configurable prompt pattern (default: `$ `, `# `, `> `, `PS>`)
Recommend: marker approach for SSH, timeout approach for PTY (since local shells have predictable prompt timing).
### 4.2 terminal_read
Read the current scrollback or recent output from a session without executing anything.
```json
{
"name": "terminal_read",
"description": "Read recent terminal output from a session",
"parameters": {
"session_id": "string",
"lines": "number — last N lines (default: 50)"
},
"returns": "string — terminal scrollback content (ANSI stripped)"
}
```
**Implementation:** Maintain a circular buffer of recent output per session (last 10KB). On read, return the last N lines with ANSI escape codes stripped.
**Note:** The buffer exists in the Rust backend, not xterm.js. The AI doesn't need to scrape the DOM — it reads from the same data stream that feeds the terminal.
### 4.3 terminal_screenshot
Capture the current frame of an RDP session as a base64-encoded PNG.
```json
{
"name": "terminal_screenshot",
"description": "Capture a screenshot of an RDP session",
"parameters": {
"session_id": "string — must be an RDP session"
},
"returns": "string — base64-encoded PNG image"
}
```
**Implementation:** The RDP frame buffer is already maintained by `RdpService`. Encode the current frame as PNG (using the `image` crate), base64 encode, return. The AI CLI passes this to the multimodal AI provider for visual analysis.
**Use case:** "Screenshot the error on screen. What can you tell me about it?"
### 4.4 sftp_list
List files in a directory on the remote host via the session's SFTP channel.
```json
{
"name": "sftp_list",
"description": "List files in a remote directory",
"parameters": {
"session_id": "string",
"path": "string — remote directory path"
},
"returns": "array of { name, size, modified, is_dir }"
}
```
### 4.5 sftp_read
Read a file from the remote host.
```json
{
"name": "sftp_read",
"description": "Read a file from the remote host",
"parameters": {
"session_id": "string",
"path": "string — remote file path",
"max_bytes": "number — limit (default: 1MB)"
},
"returns": "string — file content (UTF-8) or base64 for binary"
}
```
### 4.6 sftp_write
Write a file to the remote host.
```json
{
"name": "sftp_write",
"description": "Write content to a file on the remote host",
"parameters": {
"session_id": "string",
"path": "string — remote file path",
"content": "string — file content"
}
}
```
---
## 5. Resources
### 5.1 sessions://list
Returns all active sessions with their type, connection info, and status.
```json
[
{
"id": "ssh-abc123",
"type": "ssh",
"name": "prod-web-01",
"host": "10.0.1.50",
"username": "admin",
"status": "connected"
},
{
"id": "rdp-def456",
"type": "rdp",
"name": "dc-01",
"host": "10.0.1.10",
"status": "connected"
}
]
```
### 5.2 sessions://{id}/info
Detailed info about a specific session — connection parameters, uptime, bytes transferred.
### 5.3 sessions://{id}/scrollback
Full scrollback buffer for a terminal session (last 10KB, ANSI stripped).
---
## 6. Security
- **MCP server only binds to localhost** — no remote access, no network exposure
- **Session access inherits Wraith's auth** — if the user is logged into Wraith, the MCP server trusts the connection
- **No credential exposure** — the MCP tools execute commands through existing authenticated sessions. The AI never sees passwords or SSH keys.
- **Audit trail** — every MCP tool invocation logged with timestamp, session ID, command, and result size
- **Read-only option** — sessions can be marked read-only in connection settings, preventing terminal_execute and sftp_write
---
## 7. AI CLI Integration
### 7.1 Claude Code
Claude Code already supports MCP servers via `--mcp-server` flag or `.claude/settings.json`. Configuration:
```json
{
"mcpServers": {
"wraith": {
"command": "wraith-mcp-bridge",
"args": []
}
}
}
```
The `wraith-mcp-bridge` is a small binary that Wraith ships alongside the main app. It communicates with the running Wraith instance via Tauri's IPC.
### 7.2 Gemini CLI
Gemini CLI supports MCP servers similarly. Same bridge binary, same configuration pattern.
### 7.3 Auto-Configuration
When the copilot panel launches an AI CLI, Wraith can auto-inject the MCP server configuration via environment variables or command-line flags, so the user doesn't have to manually configure anything.
```rust
// When spawning the AI CLI in the PTY:
let mut cmd = CommandBuilder::new(shell_path);
cmd.env("CLAUDE_MCP_SERVERS", r#"{"wraith":{"command":"wraith-mcp-bridge"}}"#);
```
---
## 8. Data Flow Example
**User says to Claude in copilot panel:** "Check disk space on the server I'm connected to"
1. Claude's MCP client calls `sessions://list` → gets `[{id: "ssh-abc", name: "prod-web-01", ...}]`
2. Claude calls `terminal_execute(session_id: "ssh-abc", command: "df -h")`
3. Wraith MCP bridge → Tauri invoke → SshService.write("ssh-abc", "df -h\n")
4. Wraith captures output until prompt marker
5. Returns: `/dev/sda1 50G 45G 5G 90% /`
6. Claude analyzes: "Your root partition is at 90%. You should clean up /var/log or expand the disk."
**User says:** "Screenshot the RDP session, what's that error?"
1. Claude calls `terminal_screenshot(session_id: "rdp-def")`
2. Wraith MCP bridge → RdpService.get_frame("rdp-def") → PNG encode → base64
3. Returns 200KB base64 PNG
4. Claude (multimodal) analyzes the image: "That's a Windows Event Viewer showing Event ID 1001 — application crash in outlook.exe. The faulting module is mso.dll. This is a known Office corruption issue. Run `sfc /scannow` or repair Office from Control Panel."
---
## 9. Implementation Phases
### Phase 1: Bridge + Basic Tools (MVP)
- `wraith-mcp-bridge` binary (stdio transport)
- `terminal_execute` tool (marker-based output capture)
- `terminal_read` tool (scrollback buffer)
- `sessions://list` resource
- Auto-configuration when spawning AI CLI
### Phase 2: SFTP + Screenshot
- `sftp_list`, `sftp_read`, `sftp_write` tools
- `terminal_screenshot` tool (RDP frame capture)
- Session info resource
### Phase 3: Advanced
- HTTP/SSE transport for multi-client access
- Read-only session enforcement
- Audit trail logging
- AI-initiated session creation ("Connect me to prod-web-01")
---
## 10. Dependencies
| Component | Crate/Tool | License |
|---|---|---|
| MCP protocol | Custom implementation (JSON-RPC over stdio) | Proprietary |
| PNG encoding | `image` crate | MIT/Apache-2.0 |
| Base64 | `base64` crate (already in deps) | MIT/Apache-2.0 |
| ANSI stripping | `strip-ansi-escapes` crate | MIT/Apache-2.0 |
| Bridge binary | Rust, ships alongside Wraith | Proprietary |
---
## 11. Black Binder Note
An MCP server embedded in a remote access client that gives AI tools programmatic access to live SSH, RDP, and SFTP sessions is, to the company's knowledge, a novel integration. No competing SSH/RDP client ships with an MCP server that allows AI assistants to interact with active remote sessions.
The combination of terminal command execution, RDP screenshot analysis, and SFTP file operations through a standardized AI tool protocol represents a new category of AI-augmented remote access.

780
docs/superpowers/plans/2026-03-24-local-pty-copilot.md
View File

@ -1,780 +0,0 @@
# Local PTY Copilot Panel — Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Replace the Gemini API stub with a local PTY terminal in the sidebar where users run CLI tools (claude, gemini, codex) directly.
**Architecture:** New `PtyService` module mirrors `SshService` patterns — DashMap session registry, `portable-pty` for cross-platform PTY spawn, `spawn_blocking` output loop emitting Tauri events. Frontend reuses existing `useTerminal` composable with a new `backend` parameter. Gemini stub deleted entirely.
**Tech Stack:** portable-pty (Rust PTY), xterm.js (existing), Tauri v2 events (existing)
**Spec:** `docs/superpowers/specs/2026-03-24-local-pty-copilot-design.md`
---
### Task 1: Add portable-pty dependency
**Files:**
- Modify: `src-tauri/Cargo.toml`
- [ ] **Step 1: Add portable-pty to Cargo.toml**
Add under the existing dependencies:
```toml
portable-pty = "0.8"
```
- [ ] **Step 2: Verify it resolves**
Run: `cd src-tauri && cargo check`
Expected: compiles with no errors
- [ ] **Step 3: Commit**
```bash
git add src-tauri/Cargo.toml src-tauri/Cargo.lock
git commit -m "deps: add portable-pty for local PTY support"
```
---
### Task 2: Create PtyService backend module
**Files:**
- Create: `src-tauri/src/pty/mod.rs`
- [ ] **Step 1: Create the pty module with PtyService, PtySession, ShellInfo, list_shells**
```rust
//! Local PTY service — spawns shells for the AI copilot panel.
use std::io::{Read, Write};
use std::sync::{Arc, Mutex};
use base64::Engine;
use dashmap::DashMap;
use portable_pty::{native_pty_system, Child, CommandBuilder, MasterPty, PtySize};
use serde::Serialize;
use tauri::{AppHandle, Emitter};
#[derive(Debug, Serialize, Clone)]
pub struct ShellInfo {
pub name: String,
pub path: String,
}
pub struct PtySession {
pub id: String,
pub shell_path: String,
writer: Mutex<Box<dyn Write + Send>>,
master: Mutex<Box<dyn MasterPty + Send>>,
child: Mutex<Box<dyn Child + Send + Sync>>,
}
pub struct PtyService {
sessions: DashMap<String, Arc<PtySession>>,
}
impl PtyService {
pub fn new() -> Self {
Self { sessions: DashMap::new() }
}
/// Detect available shells on the system.
pub fn list_shells(&self) -> Vec<ShellInfo> {
let mut shells = Vec::new();
#[cfg(unix)]
{
// Check $SHELL first (user's default)
if let Ok(user_shell) = std::env::var("SHELL") {
if std::path::Path::new(&user_shell).exists() {
let name = std::path::Path::new(&user_shell)
.file_name()
.and_then(|n| n.to_str())
.unwrap_or("shell")
.to_string();
shells.push(ShellInfo { name, path: user_shell });
}
}
for (name, path) in [("bash", "/bin/bash"), ("zsh", "/bin/zsh"), ("sh", "/bin/sh")] {
if std::path::Path::new(path).exists() && !shells.iter().any(|s| s.path == path) {
shells.push(ShellInfo { name: name.to_string(), path: path.to_string() });
}
}
}
#[cfg(windows)]
{
shells.push(ShellInfo { name: "PowerShell".to_string(), path: "powershell.exe".to_string() });
shells.push(ShellInfo { name: "CMD".to_string(), path: "cmd.exe".to_string() });
for git_bash in [
r"C:\Program Files\Git\bin\bash.exe",
r"C:\Program Files (x86)\Git\bin\bash.exe",
] {
if std::path::Path::new(git_bash).exists() {
shells.push(ShellInfo { name: "Git Bash".to_string(), path: git_bash.to_string() });
break;
}
}
}
shells
}
/// Spawn a local shell and start reading its output.
pub fn spawn(
&self,
shell_path: &str,
cols: u16,
rows: u16,
app_handle: AppHandle,
) -> Result<String, String> {
let session_id = uuid::Uuid::new_v4().to_string();
let pty_system = native_pty_system();
let pair = pty_system
.openpty(PtySize { rows, cols, pixel_width: 0, pixel_height: 0 })
.map_err(|e| format!("Failed to open PTY: {}", e))?;
let mut cmd = CommandBuilder::new(shell_path);
// Inherit parent environment so PATH includes CLI tools
// CommandBuilder inherits env by default — no action needed
let child = pair.slave
.spawn_command(cmd)
.map_err(|e| format!("Failed to spawn shell '{}': {}", shell_path, e))?;
let reader = pair.master
.try_clone_reader()
.map_err(|e| format!("Failed to clone PTY reader: {}", e))?;
let writer = pair.master
.take_writer()
.map_err(|e| format!("Failed to take PTY writer: {}", e))?;
let session = Arc::new(PtySession {
id: session_id.clone(),
shell_path: shell_path.to_string(),
writer: Mutex::new(writer),
master: Mutex::new(pair.master),
child: Mutex::new(child),
});
self.sessions.insert(session_id.clone(), session);
// Output reader loop — runs in a blocking thread because
// portable-pty's reader is synchronous (std::io::Read).
let sid = session_id.clone();
let app = app_handle;
tokio::task::spawn_blocking(move || {
let mut reader = std::io::BufReader::new(reader);
let mut buf = [0u8; 4096];
loop {
match reader.read(&mut buf) {
Ok(0) => {
let _ = app.emit(&format!("pty:close:{}", sid), ());
break;
}
Ok(n) => {
let encoded = base64::engine::general_purpose::STANDARD.encode(&buf[..n]);
let _ = app.emit(&format!("pty:data:{}", sid), encoded);
}
Err(_) => {
let _ = app.emit(&format!("pty:close:{}", sid), ());
break;
}
}
}
});
Ok(session_id)
}
/// Write data to a PTY session's stdin.
pub fn write(&self, session_id: &str, data: &[u8]) -> Result<(), String> {
let session = self.sessions.get(session_id)
.ok_or_else(|| format!("PTY session {} not found", session_id))?;
let mut writer = session.writer.lock()
.map_err(|e| format!("Failed to lock PTY writer: {}", e))?;
writer.write_all(data)
.map_err(|e| format!("Failed to write to PTY {}: {}", session_id, e))
}
/// Resize a PTY session.
pub fn resize(&self, session_id: &str, cols: u16, rows: u16) -> Result<(), String> {
let session = self.sessions.get(session_id)
.ok_or_else(|| format!("PTY session {} not found", session_id))?;
let master = session.master.lock()
.map_err(|e| format!("Failed to lock PTY master: {}", e))?;
master.resize(PtySize { rows, cols, pixel_width: 0, pixel_height: 0 })
.map_err(|e| format!("Failed to resize PTY {}: {}", session_id, e))
}
/// Kill and remove a PTY session.
pub fn disconnect(&self, session_id: &str) -> Result<(), String> {
let (_, session) = self.sessions.remove(session_id)
.ok_or_else(|| format!("PTY session {} not found", session_id))?;
if let Ok(mut child) = session.child.lock() {
let _ = child.kill();
}
Ok(())
}
}
```
- [ ] **Step 2: Verify it compiles**
Add `pub mod pty;` to `src-tauri/src/lib.rs` temporarily (just the module declaration, full AppState wiring comes in Task 4).
Run: `cd src-tauri && cargo check`
Expected: compiles (warnings about unused code are fine here)
- [ ] **Step 3: Commit**
```bash
git add src-tauri/src/pty/mod.rs src-tauri/src/lib.rs
git commit -m "feat: PtyService — local PTY spawn, write, resize, disconnect"
```
---
### Task 3: Create PTY Tauri commands
**Files:**
- Create: `src-tauri/src/commands/pty_commands.rs`
- Modify: `src-tauri/src/commands/mod.rs`
- [ ] **Step 1: Create pty_commands.rs**
```rust
//! Tauri commands for local PTY session management.
use tauri::{AppHandle, State};
use crate::pty::ShellInfo;
use crate::AppState;
#[tauri::command]
pub fn list_available_shells(state: State<'_, AppState>) -> Vec<ShellInfo> {
state.pty.list_shells()
}
#[tauri::command]
pub fn spawn_local_shell(
shell_path: String,
cols: u32,
rows: u32,
app_handle: AppHandle,
state: State<'_, AppState>,
) -> Result<String, String> {
state.pty.spawn(&shell_path, cols as u16, rows as u16, app_handle)
}
#[tauri::command]
pub fn pty_write(
session_id: String,
data: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.pty.write(&session_id, data.as_bytes())
}
#[tauri::command]
pub fn pty_resize(
session_id: String,
cols: u32,
rows: u32,
state: State<'_, AppState>,
) -> Result<(), String> {
state.pty.resize(&session_id, cols as u16, rows as u16)
}
#[tauri::command]
pub fn disconnect_pty(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.pty.disconnect(&session_id)
}
```
- [ ] **Step 2: Add `pub mod pty_commands;` to `src-tauri/src/commands/mod.rs`**
Replace the `ai_commands` line:
```rust
pub mod vault;
pub mod settings;
pub mod connections;
pub mod credentials;
pub mod ssh_commands;
pub mod sftp_commands;
pub mod rdp_commands;
pub mod theme_commands;
pub mod pty_commands;
```
- [ ] **Step 3: Commit**
```bash
git add src-tauri/src/commands/pty_commands.rs src-tauri/src/commands/mod.rs
git commit -m "feat: PTY Tauri commands — spawn, write, resize, disconnect, list shells"
```
---
### Task 4: Wire PtyService into AppState and delete Gemini stub
**Files:**
- Modify: `src-tauri/src/lib.rs`
- Delete: `src-tauri/src/ai/mod.rs`
- Delete: `src-tauri/src/commands/ai_commands.rs`
- [ ] **Step 1: Update lib.rs**
Full replacement of `lib.rs`:
Changes:
1. Replace `pub mod ai;` with `pub mod pty;`
2. Replace `use` for ai with `use pty::PtyService;`
3. Replace `gemini: Mutex<Option<ai::GeminiClient>>` with `pub pty: PtyService`
4. Replace `gemini: Mutex::new(None)` with `pty: PtyService::new()`
5. Replace AI command registrations with PTY command registrations in `generate_handler!`
The `generate_handler!` line 110 should change from:
```
commands::ai_commands::set_gemini_auth, commands::ai_commands::gemini_chat, commands::ai_commands::is_gemini_authenticated,
```
to:
```
commands::pty_commands::list_available_shells, commands::pty_commands::spawn_local_shell, commands::pty_commands::pty_write, commands::pty_commands::pty_resize, commands::pty_commands::disconnect_pty,
```
- [ ] **Step 2: Delete Gemini files**
```bash
rm src-tauri/src/ai/mod.rs
rmdir src-tauri/src/ai
rm src-tauri/src/commands/ai_commands.rs
```
- [ ] **Step 3: Verify build**
Run: `cd src-tauri && cargo build`
Expected: compiles with zero warnings
- [ ] **Step 4: Run tests**
Run: `cd src-tauri && cargo test`
Expected: 82 tests pass (existing tests unaffected)
- [ ] **Step 5: Commit**
```bash
git add -A
git commit -m "refactor: replace Gemini stub with PtyService in AppState"
```
---
### Task 5: Parameterize useTerminal composable
**Files:**
- Modify: `src/composables/useTerminal.ts`
- [ ] **Step 1: Add backend parameter**
Change the function signature from:
```typescript
export function useTerminal(sessionId: string): UseTerminalReturn {
```
to:
```typescript
export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'): UseTerminalReturn {
```
- [ ] **Step 2: Derive command/event names from backend**
Add at the top of the function body (after the addons, before the Terminal constructor):
```typescript
const writeCmd = backend === 'ssh' ? 'ssh_write' : 'pty_write';
const resizeCmd = backend === 'ssh' ? 'ssh_resize' : 'pty_resize';
const dataEvent = backend === 'ssh' ? `ssh:data:${sessionId}` : `pty:data:${sessionId}`;
```
- [ ] **Step 3: Set convertEol based on backend**
In the Terminal constructor options, change:
```typescript
convertEol: true,
```
to:
```typescript
convertEol: backend === 'ssh',
```
- [ ] **Step 4: Replace hardcoded command names**
Replace all `invoke("ssh_write"` with `invoke(writeCmd` (3 occurrences: onData handler, right-click paste handler).
Replace `invoke("ssh_resize"` with `invoke(resizeCmd` (1 occurrence: onResize handler).
Replace `` `ssh:data:${sessionId}` `` with `dataEvent` (1 occurrence: listen call in mount).
Replace error log strings: `"SSH write error:"``"Write error:"`, `"SSH resize error:"``"Resize error:"`.
- [ ] **Step 5: Verify existing SSH path still works**
Run: `npx vue-tsc --noEmit` — should compile clean. Existing callers pass no second argument, so they default to `'ssh'`.
- [ ] **Step 6: Commit**
```bash
git add src/composables/useTerminal.ts
git commit -m "refactor: parameterize useTerminal for ssh/pty backends"
```
---
### Task 6: Create CopilotPanel.vue
**Files:**
- Create: `src/components/ai/CopilotPanel.vue`
- [ ] **Step 1: Create the component**
```vue
<template>
<div class="flex flex-col h-full bg-[var(--wraith-bg-secondary)] border-l border-[var(--wraith-border)] w-80">
<!-- Header -->
<div class="p-3 border-b border-[var(--wraith-border)] flex items-center justify-between gap-2">
<span class="text-xs font-bold tracking-widest text-[var(--wraith-accent-blue)]">AI COPILOT</span>
<div class="flex items-center gap-1.5">
<select
v-model="selectedShell"
class="bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] rounded px-1.5 py-0.5 text-[10px] text-[var(--wraith-text-secondary)] outline-none"
:disabled="connected"
>
<option v-for="shell in shells" :key="shell.path" :value="shell.path">
{{ shell.name }}
</option>
</select>
<button
v-if="!connected"
class="px-2 py-0.5 text-[10px] font-bold rounded bg-[var(--wraith-accent-blue)] text-black cursor-pointer"
:disabled="!selectedShell"
@click="launch"
>
Launch
</button>
<button
v-else
class="px-2 py-0.5 text-[10px] font-bold rounded bg-[var(--wraith-accent-red,#f85149)] text-white cursor-pointer"
@click="kill"
>
Kill
</button>
</div>
</div>
<!-- Terminal area -->
<div v-if="connected" ref="containerRef" class="flex-1 min-h-0" />
<!-- Session ended prompt -->
<div v-else-if="sessionEnded" class="flex-1 flex flex-col items-center justify-center gap-3 p-4">
<p class="text-xs text-[var(--wraith-text-muted)]">Session ended</p>
<button
class="px-3 py-1.5 text-xs rounded bg-[var(--wraith-accent-blue)] text-black font-bold cursor-pointer"
@click="launch"
>
Relaunch
</button>
</div>
<!-- Empty state -->
<div v-else class="flex-1 flex flex-col items-center justify-center gap-2 p-4">
<p class="text-xs text-[var(--wraith-text-muted)] text-center">
Select a shell and click Launch to start a local terminal.
</p>
<p class="text-[10px] text-[var(--wraith-text-muted)] text-center">
Run <code class="text-[var(--wraith-accent-blue)]">claude</code>,
<code class="text-[var(--wraith-accent-blue)]">gemini</code>, or
<code class="text-[var(--wraith-accent-blue)]">codex</code> here.
</p>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, nextTick, onMounted, onBeforeUnmount } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { listen, type UnlistenFn } from "@tauri-apps/api/event";
import { useTerminal } from "@/composables/useTerminal";
interface ShellInfo { name: string; path: string; }
const shells = ref<ShellInfo[]>([]);
const selectedShell = ref("");
const connected = ref(false);
const sessionEnded = ref(false);
const containerRef = ref<HTMLElement | null>(null);
let sessionId = "";
let terminalInstance: ReturnType<typeof useTerminal> | null = null;
let closeUnlisten: UnlistenFn | null = null;
async function loadShells(): Promise<void> {
try {
shells.value = await invoke<ShellInfo[]>("list_available_shells");
if (shells.value.length > 0 && !selectedShell.value) {
selectedShell.value = shells.value[0].path;
}
} catch (err) {
console.error("Failed to list shells:", err);
}
}
async function launch(): Promise<void> {
if (!selectedShell.value) return;
sessionEnded.value = false;
// Use defaults until terminal is mounted and measured
const cols = 80;
const rows = 24;
try {
sessionId = await invoke<string>("spawn_local_shell", {
shellPath: selectedShell.value,
cols,
rows,
});
connected.value = true;
// Wait for DOM update so containerRef is available
await nextTick();
if (containerRef.value) {
terminalInstance = useTerminal(sessionId, "pty");
terminalInstance.mount(containerRef.value);
// Fit after mount to get real dimensions, then resize the PTY
setTimeout(() => {
if (terminalInstance) {
terminalInstance.fit();
const term = terminalInstance.terminal;
invoke("pty_resize", {
sessionId,
cols: term.cols,
rows: term.rows,
}).catch(() => {});
}
}, 50);
}
// Listen for shell exit
closeUnlisten = await listen(`pty:close:${sessionId}`, () => {
cleanup();
sessionEnded.value = true;
});
} catch (err) {
console.error("Failed to spawn shell:", err);
connected.value = false;
}
}
function kill(): void {
if (sessionId) {
invoke("disconnect_pty", { sessionId }).catch(() => {});
}
cleanup();
}
function cleanup(): void {
if (terminalInstance) {
terminalInstance.destroy();
terminalInstance = null;
}
if (closeUnlisten) {
closeUnlisten();
closeUnlisten = null;
}
connected.value = false;
sessionId = "";
}
onMounted(loadShells);
onBeforeUnmount(() => {
if (connected.value) kill();
});
</script>
```
- [ ] **Step 2: Verify TypeScript compiles**
Run: `npx vue-tsc --noEmit`
Expected: no errors
- [ ] **Step 3: Commit**
```bash
git add src/components/ai/CopilotPanel.vue
git commit -m "feat: CopilotPanel — local PTY terminal in AI sidebar"
```
---
### Task 7: Update MainLayout and delete GeminiPanel
**Files:**
- Modify: `src/layouts/MainLayout.vue`
- Delete: `src/components/ai/GeminiPanel.vue`
- [ ] **Step 1: Update MainLayout imports and template**
In `MainLayout.vue`:
Replace the import (line 205):
```typescript
import GeminiPanel from "@/components/ai/GeminiPanel.vue";
```
with:
```typescript
import CopilotPanel from "@/components/ai/CopilotPanel.vue";
```
Replace the template usage (line 168):
```html
<GeminiPanel v-if="geminiVisible" />
```
with:
```html
<CopilotPanel v-if="copilotVisible" />
```
Rename the ref and all references (line 219, 71, 73, 293):
- `geminiVisible``copilotVisible`
- Update the toolbar button title: `"Gemini XO (Ctrl+Shift+G)"``"AI Copilot (Ctrl+Shift+G)"`
- [ ] **Step 2: Delete GeminiPanel.vue**
```bash
rm src/components/ai/GeminiPanel.vue
```
- [ ] **Step 3: Verify frontend compiles**
Run: `npx vue-tsc --noEmit`
Expected: no errors
- [ ] **Step 4: Commit**
```bash
git add -A
git commit -m "feat: swap GeminiPanel for CopilotPanel in MainLayout"
```
---
### Task 8: Add PTY tests
**Files:**
- Modify: `src-tauri/src/pty/mod.rs`
- [ ] **Step 1: Add test module to pty/mod.rs**
Append to the bottom of `src-tauri/src/pty/mod.rs`:
```rust
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn list_shells_returns_at_least_one() {
let svc = PtyService::new();
let shells = svc.list_shells();
assert!(!shells.is_empty(), "should find at least one shell");
for shell in &shells {
assert!(!shell.name.is_empty());
assert!(!shell.path.is_empty());
}
}
#[test]
fn list_shells_no_duplicates() {
let svc = PtyService::new();
let shells = svc.list_shells();
let paths: Vec<&str> = shells.iter().map(|s| s.path.as_str()).collect();
let mut unique = paths.clone();
unique.sort();
unique.dedup();
assert_eq!(paths.len(), unique.len(), "shell list should not contain duplicates");
}
#[test]
fn disconnect_nonexistent_session_errors() {
let svc = PtyService::new();
assert!(svc.disconnect("nonexistent").is_err());
}
#[test]
fn write_nonexistent_session_errors() {
let svc = PtyService::new();
assert!(svc.write("nonexistent", b"hello").is_err());
}
#[test]
fn resize_nonexistent_session_errors() {
let svc = PtyService::new();
assert!(svc.resize("nonexistent", 80, 24).is_err());
}
}
```
- [ ] **Step 2: Run tests**
Run: `cd src-tauri && cargo test`
Expected: 87+ tests pass (82 existing + 5 new), zero warnings
- [ ] **Step 3: Commit**
```bash
git add src-tauri/src/pty/mod.rs
git commit -m "test: PtyService unit tests — shell detection, error paths"
```
---
### Task 9: Final build, verify, tag
**Files:** None (verification only)
- [ ] **Step 1: Full Rust build with zero warnings**
Run: `cd src-tauri && cargo build`
Expected: zero warnings, zero errors
- [ ] **Step 2: Full test suite**
Run: `cd src-tauri && cargo test`
Expected: 87+ tests, all passing
- [ ] **Step 3: Frontend type check**
Run: `npx vue-tsc --noEmit`
Expected: no errors
- [ ] **Step 4: Push and tag**
```bash
git push
git tag v1.2.5
git push origin v1.2.5
```
- [ ] **Step 5: Update CLAUDE.md test count**
Update the test count in CLAUDE.md to reflect the new total. Commit and push (do NOT re-tag).

186
docs/superpowers/specs/2026-03-24-local-pty-copilot-design.md
View File

@ -1,186 +0,0 @@
# Local PTY Copilot Panel — Design Spec
**Date:** 2026-03-24
**Status:** Approved
**Author:** Claude Opus 4.6 (XO)
## Problem
The AI panel is a Gemini API stub (~130 lines backend, ~124 lines frontend) with no OAuth, no conversation history, no tool use. The Commander pays $200/mo Claude Max, $20/mo Gemini, $20/mo ChatGPT — all of which include CLI tool access (Claude Code, Gemini CLI, Codex CLI). These CLIs are designed for terminals. Wraith has a terminal. Ship a local PTY in the sidebar and let the user run whichever CLI they want.
## Solution
Replace the Gemini stub with a local PTY terminal in the sidebar panel. Reuse the existing xterm.js infrastructure. User picks a shell (bash, sh, zsh, PowerShell, Git Bash), the panel spawns it locally, and they run `claude`, `gemini`, `codex`, or anything else.
## Architecture
### Backend — `src-tauri/src/pty/mod.rs`
New module following the same patterns as `SshService`:
```
PtyService
sessions: DashMap<String, Arc<PtySession>>
PtySession
id: String
writer: Mutex<Box<dyn Write + Send>> // from master.take_writer()
master: Mutex<Box<dyn MasterPty + Send>> // kept for resize()
child: Mutex<Box<dyn Child + Send + Sync>> // for kill/wait
shell_path: String
PtyService methods:
spawn(shell_path, cols, rows, app_handle) -> Result<String, String>
write(session_id, data) -> Result<(), String>
resize(session_id, cols, rows) -> Result<(), String>
disconnect(session_id) -> Result<(), String>
list_shells() -> Vec<ShellInfo>
```
Note: `writer` and `master` require `Mutex` wrappers because `portable-pty` trait objects are `Send` but not `Sync`, and the `DashMap` requires `Sync` on stored values.
**PTY crate:** `portable-pty` — cross-platform (Unix PTY, Windows ConPTY). MIT licensed. Part of the wezterm project.
**Shell detection** (`list_shells`):
- Unix: check existence of `/bin/bash`, `/bin/sh`, `/bin/zsh`, `$SHELL`
- Windows: `powershell.exe`, `cmd.exe`, plus scan for Git Bash at common paths (`C:\Program Files\Git\bin\bash.exe`, `C:\Program Files (x86)\Git\bin\bash.exe`)
- Return `Vec<ShellInfo>` with `{ name, path }` pairs
**Output loop** — spawned per session via `spawn_blocking` (not async — `portable-pty` reader is synchronous `std::io::Read`):
```rust
tokio::task::spawn_blocking(move || {
let mut reader = BufReader::new(pty_reader);
let mut buf = [0u8; 4096];
loop {
match reader.read(&mut buf) {
Ok(0) => { app.emit("pty:close:{id}", ()); break; }
Ok(n) => { app.emit("pty:data:{id}", base64(&buf[..n])); }
Err(_) => break;
}
}
});
```
`AppHandle::emit()` is synchronous in Tauri v2, so it works from a blocking thread context without issues.
**Environment:** `CommandBuilder` inherits the parent process environment by default. This is required so that `PATH` includes the user's CLI tools (`claude`, `gemini`, `codex`). No env filtering should be applied.
### Backend — Tauri Commands (`src-tauri/src/commands/pty_commands.rs`)
```rust
spawn_local_shell(shell_path: String, cols: u32, rows: u32) -> Result<String, String>
pty_write(session_id: String, data: String) -> Result<(), String>
pty_resize(session_id: String, cols: u32, rows: u32) -> Result<(), String>
disconnect_pty(session_id: String) -> Result<(), String>
list_available_shells() -> Result<Vec<ShellInfo>, String>
```
All registered in `lib.rs` invoke handler. All added to `capabilities/default.json`.
### Backend — AppState Changes
```rust
pub struct AppState {
// ... existing fields ...
pub pty: PtyService, // ADD
// pub gemini: Mutex<...>, // DELETE
}
```
### Frontend — `src/components/ai/CopilotPanel.vue`
Replaces `GeminiPanel.vue`. Structure:
1. **Header bar:** "AI Copilot" title + shell selector dropdown + spawn/kill buttons
2. **Terminal area:** xterm.js instance via `useTerminal` composable (adapted for PTY events)
3. **State:** shell list (from `list_available_shells`), active session ID, connected flag
4. **Close handling:** Listen for `pty:close:{session_id}` events to update `connected` state and show "Session ended — Relaunch?" UI. This differs from the SSH path where tab closure handles cleanup.
Shell selector is a `<select>` dropdown populated on mount. "Launch" button calls `spawn_local_shell`. Terminal mounts when session starts.
**Initial terminal size:** On spawn, measure terminal dimensions via `fitAddon.fit()` before invoking `spawn_local_shell`. Pass the measured cols/rows. If the terminal is not yet mounted, use defaults (80x24) and immediately resize after mount.
### Frontend — `useTerminal` Adaptation
Current `useTerminal.ts` hardcodes `ssh_write`, `ssh_resize`, and `ssh:data:` events.
**Chosen approach:** Parameterize the composable to accept a "backend type":
```typescript
export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh')
```
- `backend === 'ssh'``invoke("ssh_write")`, `listen("ssh:data:{id}")`, `convertEol: true`
- `backend === 'pty'``invoke("pty_write")`, `listen("pty:data:{id}")`, `convertEol: false`
Same xterm.js instance, same resize observer, same clipboard, same base64 decode. Only the invoke target, event prefix, and EOL conversion change.
**Important:** The local PTY driver already translates LF to CRLF. The SSH path needs `convertEol: true` because raw SSH streams may send bare LF. Setting `convertEol: true` on the PTY path would produce double newlines.
### Cleanup — Delete Gemini Stub
Remove entirely:
- `src-tauri/src/ai/mod.rs`
- `src-tauri/src/commands/ai_commands.rs`
- `src/components/ai/GeminiPanel.vue`
- `AppState.gemini` field and `Mutex<Option<ai::GeminiClient>>` in `lib.rs`
- AI command registrations from invoke handler
- `pub mod ai;` from `lib.rs`
Keep `reqwest` in `Cargo.toml` — the RDP stack (`ironrdp-tokio`, `sspi`) depends on it transitively and may require the `json` feature flag our direct dependency enables.
### Data Flow
```
User types in copilot panel
→ useTerminal.onData(data)
→ invoke("pty_write", { sessionId, data })
→ PtyService.write() → writer.write_all(data)
→ PTY stdin → shell process
Shell output → PTY stdout
→ output reader loop (spawn_blocking)
→ app.emit("pty:data:{id}", base64(bytes))
→ useTerminal listener → base64 decode → xterm.js.write()
Shell exits (user types "exit" or CLI tool quits)
→ reader returns Ok(0)
→ app.emit("pty:close:{id}", ())
→ CopilotPanel listens → updates connected state → shows relaunch UI
```
### Tauri ACL
No changes needed to `capabilities/default.json``core:default` covers command invocation, `core:event:default` covers event listening. The PTY commands are registered via `generate_handler!`.
### Testing
**Rust tests:**
- `list_shells()` returns at least one shell on any platform
- `spawn()` + `write("echo hello\n")` + read output contains "hello"
- `resize()` doesn't error on active session
- `disconnect()` removes session from registry
- `disconnect()` on nonexistent session returns error
**Frontend:** `useTerminal` composable already tested via SSH path. The `backend` parameter is a simple branch — no separate test needed.
### Dependencies
**Add:**
- `portable-pty` — cross-platform PTY (MIT license, part of wezterm project)
**No removals** — `reqwest`, `md5`, `pem`, and other existing deps serve SSH and RDP functionality.
### Migration
No data migration needed. The Gemini stub stores nothing persistent — no DB tables, no settings, no vault entries. Clean delete.
## Success Criteria
1. Commander opens Wraith, presses Ctrl+Shift+G
2. Shell dropdown shows detected shells (bash on macOS, PowerShell + Git Bash on Windows)
3. Selects shell, clicks Launch
4. Full interactive terminal appears in sidebar
5. Types `claude` (or `gemini` or `codex`) — CLI launches, works normally
6. Resize sidebar → terminal reflows
7. Close panel or kill session → PTY process terminates cleanly
8. Shell exits → panel shows "Session ended — Relaunch?" prompt

20
package-lock.json generated
View File

@ -19,9 +19,7 @@
"@codemirror/theme-one-dark": "^6.0.0",
"@codemirror/view": "^6.0.0",
"@tauri-apps/api": "^2.0.0",
"@tauri-apps/plugin-process": "^2.3.1",
"@tauri-apps/plugin-shell": "^2.0.0",
"@tauri-apps/plugin-updater": "^2.10.0",
"@xterm/addon-fit": "^0.11.0",
"@xterm/addon-search": "^0.16.0",
"@xterm/addon-web-links": "^0.12.0",
@ -1518,15 +1516,6 @@
"url": "https://opencollective.com/tauri"
}
},
"node_modules/@tauri-apps/plugin-process": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/plugin-process/-/plugin-process-2.3.1.tgz",
"integrity": "sha512-nCa4fGVaDL/B9ai03VyPOjfAHRHSBz5v6F/ObsB73r/dA3MHHhZtldaDMIc0V/pnUw9ehzr2iEG+XkSEyC0JJA==",
"license": "MIT OR Apache-2.0",
"dependencies": {
"@tauri-apps/api": "^2.8.0"
}
},
"node_modules/@tauri-apps/plugin-shell": {
"version": "2.3.5",
"resolved": "https://registry.npmjs.org/@tauri-apps/plugin-shell/-/plugin-shell-2.3.5.tgz",
@ -1536,15 +1525,6 @@
"@tauri-apps/api": "^2.10.1"
}
},
"node_modules/@tauri-apps/plugin-updater": {
"version": "2.10.0",
"resolved": "https://registry.npmjs.org/@tauri-apps/plugin-updater/-/plugin-updater-2.10.0.tgz",
"integrity": "sha512-ljN8jPlnT0aSn8ecYhuBib84alxfMx6Hc8vJSKMJyzGbTPFZAC44T2I1QNFZssgWKrAlofvJqCC6Rr472JWfkQ==",
"license": "MIT OR Apache-2.0",
"dependencies": {
"@tauri-apps/api": "^2.10.1"
}
},
"node_modules/@types/estree": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",

36
package.json
View File

@ -10,33 +10,31 @@
"tauri": "tauri"
},
"dependencies": {
"@codemirror/autocomplete": "^6.0.0",
"@codemirror/commands": "^6.0.0",
"@codemirror/lang-javascript": "^6.0.0",
"@codemirror/lang-json": "^6.0.0",
"@codemirror/lang-markdown": "^6.0.0",
"@codemirror/lang-python": "^6.0.0",
"@codemirror/language": "^6.0.0",
"@codemirror/state": "^6.0.0",
"@codemirror/theme-one-dark": "^6.0.0",
"@codemirror/view": "^6.0.0",
"vue": "^3.5.0",
"pinia": "^3.0.0",
"@tauri-apps/api": "^2.0.0",
"@tauri-apps/plugin-process": "^2.3.1",
"@tauri-apps/plugin-shell": "^2.0.0",
"@tauri-apps/plugin-updater": "^2.10.0",
"@xterm/xterm": "^6.0.0",
"@xterm/addon-fit": "^0.11.0",
"@xterm/addon-search": "^0.16.0",
"@xterm/addon-web-links": "^0.12.0",
"@xterm/xterm": "^6.0.0",
"pinia": "^3.0.0",
"vue": "^3.5.0"
"@codemirror/view": "^6.0.0",
"@codemirror/state": "^6.0.0",
"@codemirror/commands": "^6.0.0",
"@codemirror/language": "^6.0.0",
"@codemirror/lang-javascript": "^6.0.0",
"@codemirror/lang-json": "^6.0.0",
"@codemirror/lang-python": "^6.0.0",
"@codemirror/lang-markdown": "^6.0.0",
"@codemirror/autocomplete": "^6.0.0",
"@codemirror/theme-one-dark": "^6.0.0"
},
"devDependencies": {
"@tailwindcss/vite": "^4.0.0",
"@vitejs/plugin-vue": "^5.0.0",
"tailwindcss": "^4.0.0",
"typescript": "^5.7.0",
"vite": "^6.0.0",
"vue-tsc": "^2.0.0"
"@vitejs/plugin-vue": "^5.0.0",
"vue-tsc": "^2.0.0",
"tailwindcss": "^4.0.0",
"@tailwindcss/vite": "^4.0.0"
}
}

391
src-tauri/Cargo.lock generated
View File

@ -356,58 +356,6 @@ dependencies = [
"fs_extra",
]
[[package]]
name = "axum"
version = "0.8.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8"
dependencies = [
"axum-core",
"bytes",
"form_urlencoded",
"futures-util",
"http",
"http-body",
"http-body-util",
"hyper",
"hyper-util",
"itoa",
"matchit",
"memchr",
"mime",
"percent-encoding",
"pin-project-lite",
"serde_core",
"serde_json",
"serde_path_to_error",
"serde_urlencoded",
"sync_wrapper",
"tokio",
"tower",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "axum-core"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1"
dependencies = [
"bytes",
"futures-core",
"http",
"http-body",
"http-body-util",
"mime",
"pin-project-lite",
"sync_wrapper",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "base16ct"
version = "0.2.0"
@ -905,7 +853,7 @@ dependencies = [
"bitflags 2.11.0",
"core-foundation 0.10.1",
"core-graphics-types",
"foreign-types 0.5.0",
"foreign-types",
"libc",
]
@ -1468,12 +1416,6 @@ dependencies = [
"tendril 0.5.0",
]
[[package]]
name = "downcast-rs"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2"
[[package]]
name = "dpi"
version = "0.1.2"
@ -1787,21 +1729,10 @@ version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "38e2275cc4e4fc009b0669731a1e5ab7ebf11f469eaede2bab9309a5b4d6057f"
dependencies = [
"memoffset 0.9.1",
"memoffset",
"rustc_version",
]
[[package]]
name = "filedescriptor"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e40758ed24c9b2eeb76c35fb0aebc66c626084edd827e07e1552279814c6682d"
dependencies = [
"libc",
"thiserror 1.0.69",
"winapi",
]
[[package]]
name = "filetime"
version = "0.2.27"
@ -1866,15 +1797,6 @@ version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared 0.1.1",
]
[[package]]
name = "foreign-types"
version = "0.5.0"
@ -1882,7 +1804,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965"
dependencies = [
"foreign-types-macros",
"foreign-types-shared 0.3.1",
"foreign-types-shared",
]
[[package]]
@ -1896,12 +1818,6 @@ dependencies = [
"syn 2.0.117",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]]
name = "foreign-types-shared"
version = "0.3.1"
@ -2648,12 +2564,6 @@ version = "1.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
[[package]]
name = "httpdate"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
[[package]]
name = "hybrid-array"
version = "0.4.8"
@ -2679,7 +2589,6 @@ dependencies = [
"http",
"http-body",
"httparse",
"httpdate",
"itoa",
"pin-project-lite",
"pin-utils",
@ -2705,22 +2614,6 @@ dependencies = [
"webpki-roots",
]
[[package]]
name = "hyper-tls"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
dependencies = [
"bytes",
"http-body-util",
"hyper",
"hyper-util",
"native-tls",
"tokio",
"tokio-native-tls",
"tower-service",
]
[[package]]
name = "hyper-util"
version = "0.1.20"
@ -2946,15 +2839,6 @@ dependencies = [
"hybrid-array",
]
[[package]]
name = "ioctl-rs"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7970510895cee30b3e9128319f2cefd4bde883a39f38baa279567ba3a7eb97d"
dependencies = [
"libc",
]
[[package]]
name = "ipconfig"
version = "0.3.2"
@ -2991,7 +2875,6 @@ checksum = "47c225751e8fbfaaaac5572a80e25d0a0921e9cf408c55509526161b5609157c"
dependencies = [
"ironrdp-connector",
"ironrdp-core",
"ironrdp-displaycontrol",
"ironrdp-graphics",
"ironrdp-input",
"ironrdp-pdu",
@ -3555,12 +3438,6 @@ version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5"
[[package]]
name = "matchit"
version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
[[package]]
name = "md-5"
version = "0.10.6"
@ -3602,15 +3479,6 @@ version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
[[package]]
name = "memoffset"
version = "0.6.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce"
dependencies = [
"autocfg",
]
[[package]]
name = "memoffset"
version = "0.9.1"
@ -3697,23 +3565,6 @@ dependencies = [
"windows-sys 0.60.2",
]
[[package]]
name = "native-tls"
version = "0.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "465500e14ea162429d264d44189adc38b199b62b1c21eea9f69e4b73cb03bbf2"
dependencies = [
"libc",
"log",
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
]
[[package]]
name = "ndk"
version = "0.9.0"
@ -3750,20 +3601,6 @@ version = "1.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "650eef8c711430f1a879fdd01d4745a7deea475becfb90269c06775983bbf086"
[[package]]
name = "nix"
version = "0.25.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4"
dependencies = [
"autocfg",
"bitflags 1.3.2",
"cfg-if",
"libc",
"memoffset 0.6.5",
"pin-utils",
]
[[package]]
name = "nodrop"
version = "0.1.14"
@ -4065,50 +3902,12 @@ dependencies = [
"pathdiff",
]
[[package]]
name = "openssl"
version = "0.10.76"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf"
dependencies = [
"bitflags 2.11.0",
"cfg-if",
"foreign-types 0.3.2",
"libc",
"once_cell",
"openssl-macros",
"openssl-sys",
]
[[package]]
name = "openssl-macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.117",
]
[[package]]
name = "openssl-probe"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
[[package]]
name = "openssl-sys"
version = "0.9.112"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]]
name = "option-ext"
version = "0.2.0"
@ -4326,16 +4125,6 @@ dependencies = [
"sha1 0.11.0-rc.2",
]
[[package]]
name = "pem"
version = "3.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d30c53c26bc5b31a98cd02d20f25a7c8567146caf63ed593a9d87b2775291be"
dependencies = [
"base64 0.22.1",
"serde_core",
]
[[package]]
name = "pem-rfc7468"
version = "0.7.0"
@ -4843,27 +4632,6 @@ dependencies = [
"portable-atomic",
]
[[package]]
name = "portable-pty"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "806ee80c2a03dbe1a9fb9534f8d19e4c0546b790cde8fd1fea9d6390644cb0be"
dependencies = [
"anyhow",
"bitflags 1.3.2",
"downcast-rs",
"filedescriptor",
"lazy_static",
"libc",
"log",
"nix",
"serial",
"shared_library",
"shell-words",
"winapi",
"winreg 0.10.1",
]
[[package]]
name = "portpicker"
version = "0.1.1"
@ -5314,7 +5082,6 @@ checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
dependencies = [
"base64 0.22.1",
"bytes",
"encoding_rs",
"futures-channel",
"futures-core",
"futures-util",
@ -5324,12 +5091,9 @@ dependencies = [
"http-body-util",
"hyper",
"hyper-rustls",
"hyper-tls",
"hyper-util",
"js-sys",
"log",
"mime",
"native-tls",
"percent-encoding",
"pin-project-lite",
"quinn",
@ -5340,7 +5104,6 @@ dependencies = [
"serde_urlencoded",
"sync_wrapper",
"tokio",
"tokio-native-tls",
"tokio-rustls",
"tower",
"tower-http",
@ -6040,17 +5803,6 @@ dependencies = [
"zmij",
]
[[package]]
name = "serde_path_to_error"
version = "0.1.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
dependencies = [
"itoa",
"serde",
"serde_core",
]
[[package]]
name = "serde_repr"
version = "0.1.20"
@ -6133,48 +5885,6 @@ dependencies = [
"serde",
]
[[package]]
name = "serial"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1237a96570fc377c13baa1b88c7589ab66edced652e43ffb17088f003db3e86"
dependencies = [
"serial-core",
"serial-unix",
"serial-windows",
]
[[package]]
name = "serial-core"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f46209b345401737ae2125fe5b19a77acce90cd53e1658cda928e4fe9a64581"
dependencies = [
"libc",
]
[[package]]
name = "serial-unix"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f03fbca4c9d866e24a459cbca71283f545a37f8e3e002ad8c70593871453cab7"
dependencies = [
"ioctl-rs",
"libc",
"serial-core",
"termios",
]
[[package]]
name = "serial-windows"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "15c6d3b776267a75d31bbdfd5d36c0ca051251caafc285827052bc53bcdc8162"
dependencies = [
"libc",
"serial-core",
]
[[package]]
name = "serialize-to-javascript"
version = "0.1.2"
@ -6281,22 +5991,6 @@ dependencies = [
"windows-sys 0.60.2",
]
[[package]]
name = "shared_library"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a9e7e0f2bfae24d8a5b5a66c5b257a83c7412304311512a0c054cd5e619da11"
dependencies = [
"lazy_static",
"libc",
]
[[package]]
name = "shell-words"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc6fe69c597f9c37bfeeeeeb33da3530379845f10be461a66d16d03eca2ded77"
[[package]]
name = "shlex"
version = "1.3.0"
@ -7152,15 +6846,6 @@ dependencies = [
"utf-8",
]
[[package]]
name = "termios"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5d9cf598a6d7ce700a4e6a9199da127e6819a61e64b68609683cc9a01b5683a"
dependencies = [
"libc",
]
[[package]]
name = "thiserror"
version = "1.0.69"
@ -7316,16 +7001,6 @@ dependencies = [
"syn 2.0.117",
]
[[package]]
name = "tokio-native-tls"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
dependencies = [
"native-tls",
"tokio",
]
[[package]]
name = "tokio-rustls"
version = "0.26.4"
@ -7479,7 +7154,6 @@ dependencies = [
"tokio",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
@ -7669,35 +7343,6 @@ version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
[[package]]
name = "ureq"
version = "3.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dea7109cdcd5864d4eeb1b58a1648dc9bf520360d7af16ec26d0a9354bafcfc0"
dependencies = [
"base64 0.22.1",
"flate2",
"log",
"percent-encoding",
"rustls",
"rustls-pki-types",
"ureq-proto",
"utf8-zero",
"webpki-roots",
]
[[package]]
name = "ureq-proto"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e994ba84b0bd1b1b0cf92878b7ef898a5c1760108fe7b6010327e274917a808c"
dependencies = [
"base64 0.22.1",
"http",
"httparse",
"log",
]
[[package]]
name = "url"
version = "2.5.8"
@ -7729,12 +7374,6 @@ version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
[[package]]
name = "utf8-zero"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8c0a043c9540bae7c578c88f91dda8bd82e59ae27c21baca69c8b191aaf5a6e"
[[package]]
name = "utf8_iter"
version = "1.0.4"
@ -8732,15 +8371,6 @@ dependencies = [
"memchr",
]
[[package]]
name = "winreg"
version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d"
dependencies = [
"winapi",
]
[[package]]
name = "winreg"
version = "0.50.0"
@ -8876,15 +8506,10 @@ dependencies = [
name = "wraith"
version = "0.1.0"
dependencies = [
"aes 0.8.4",
"aes-gcm 0.10.3",
"anyhow",
"argon2",
"async-trait",
"axum",
"base64 0.22.1",
"block-padding 0.3.3",
"cbc 0.1.2",
"dashmap",
"env_logger",
"hex",
@ -8892,17 +8517,10 @@ dependencies = [
"ironrdp-tls",
"ironrdp-tokio",
"log",
"md5",
"pem",
"pkcs8 0.10.2",
"png",
"portable-pty",
"rand 0.9.2",
"reqwest 0.12.28",
"rusqlite",
"russh",
"russh-sftp",
"sec1 0.7.3",
"serde",
"serde_json",
"ssh-key",
@ -8914,11 +8532,8 @@ dependencies = [
"thiserror 2.0.18",
"tokio",
"tokio-rustls",
"tokio-util",
"ureq",
"uuid",
"x509-cert",
"zeroize",
]
[[package]]

33
src-tauri/Cargo.toml
View File

@ -2,20 +2,11 @@
name = "wraith"
version = "0.1.0"
edition = "2024"
default-run = "wraith"
[lib]
name = "wraith_lib"
crate-type = ["lib", "cdylib", "staticlib"]
[[bin]]
name = "wraith-mcp-bridge"
path = "src/bin/wraith_mcp_bridge.rs"
[features]
default = []
devtools = ["tauri/devtools"]
[build-dependencies]
tauri-build = { version = "2", features = [] }
@ -23,9 +14,6 @@ tauri-build = { version = "2", features = [] }
tauri = { version = "2", features = [] }
tauri-plugin-shell = "2"
tauri-plugin-updater = "2"
anyhow = "1"
reqwest = { version = "0.12", features = ["json"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
rusqlite = { version = "0.32", features = ["bundled"] }
@ -37,8 +25,6 @@ uuid = { version = "1", features = ["v4"] }
base64 = "0.22"
dashmap = "6"
tokio = { version = "1", features = ["full"] }
tokio-util = "0.7"
zeroize = { version = "1", features = ["derive"] }
async-trait = "0.1"
log = "0.4"
env_logger = "0.11"
@ -47,25 +33,8 @@ russh = "0.48"
russh-sftp = "2.1.1"
ssh-key = { version = "0.6", features = ["ed25519", "rsa"] }
# EC key PEM decryption (all already in dep tree via russh)
md5 = "0.7"
aes = "0.8"
cbc = "0.1"
block-padding = "0.3"
pem = "3"
pkcs8 = { version = "0.10", features = ["pem"] }
sec1 = { version = "0.7", features = ["pem"] }
# Local PTY for AI copilot panel
portable-pty = "0.8"
# MCP HTTP server (for bridge binary communication)
axum = "0.8"
ureq = "3"
png = "0.17"
# RDP (IronRDP)
ironrdp = { version = "0.14", features = ["connector", "session", "graphics", "input", "displaycontrol"] }
ironrdp = { version = "0.14", features = ["connector", "session", "graphics", "input"] }
ironrdp-tokio = { version = "0.8", features = ["reqwest-rustls-ring"] }
ironrdp-tls = { version = "0.2", features = ["rustls"] }
tokio-rustls = "0.26"

15
src-tauri/capabilities/default.json
View File

@ -1,15 +0,0 @@
{
"identifier": "default",
"description": "Default capabilities for the main Wraith window",
"windows": ["main", "tool-*", "detached-*", "editor-*", "help-*"],
"permissions": [
"core:default",
"core:event:default",
"core:window:default",
"core:window:allow-create",
"core:webview:default",
"core:webview:allow-create-webview-window",
"shell:allow-open",
"updater:default"
]
}

2
src-tauri/gen/schemas/capabilities.json
View File

@ -1 +1 @@
{"default":{"identifier":"default","description":"Default capabilities for the main Wraith window","local":true,"windows":["main","tool-*","detached-*","editor-*","help-*"],"permissions":["core:default","core:event:default","core:window:default","core:window:allow-create","core:webview:default","core:webview:allow-create-webview-window","shell:allow-open","updater:default"]}}
{}

21
src-tauri/installer.nsi.template
View File

@ -1,39 +1,18 @@
!include "MUI2.nsh"
!include "nsDialogs.nsh"
!include "LogicLib.nsh"
!include "WinMessages.nsh"
Name "Wraith"
OutFile "OUTFILE_PLACEHOLDER"
InstallDir "$PROGRAMFILES64\Wraith"
RequestExecutionLevel admin
Var DesktopShortcut
!insertmacro MUI_PAGE_DIRECTORY
Page custom OptionsPage OptionsPageLeave
!insertmacro MUI_PAGE_INSTFILES
!insertmacro MUI_LANGUAGE "English"
Function OptionsPage
nsDialogs::Create 1018
Pop $0
${NSD_CreateCheckbox} 0 0 100% 12u "Create Desktop Shortcut"
Pop $1
; Unchecked by default — no ${NSD_Check}
nsDialogs::Show
FunctionEnd
Function OptionsPageLeave
${NSD_GetState} $1 $DesktopShortcut
FunctionEnd
Section "Install"
SetOutPath "$INSTDIR"
File "Wraith.exe"
File "wraith.ico"
CreateDirectory "$SMPROGRAMS\Wraith"
CreateShortcut "$SMPROGRAMS\Wraith\Wraith.lnk" "$INSTDIR\Wraith.exe" "" "$INSTDIR\wraith.ico"
${If} $DesktopShortcut == ${BST_CHECKED}
CreateShortcut "$DESKTOP\Wraith.lnk" "$INSTDIR\Wraith.exe" "" "$INSTDIR\wraith.ico"
${EndIf}
WriteUninstaller "$INSTDIR\uninstall.exe"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Wraith" "DisplayName" "Wraith"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Wraith" "UninstallString" "$INSTDIR\uninstall.exe"

499
src-tauri/src/bin/wraith_mcp_bridge.rs
View File

@ -1,499 +0,0 @@
//! Wraith MCP Bridge — stdio JSON-RPC proxy to Wraith's HTTP API.
//!
//! This binary is spawned by AI CLIs (Claude Code, Gemini CLI) as an MCP
//! server. It reads JSON-RPC requests from stdin, translates them to HTTP
//! calls against the running Wraith instance, and writes responses to stdout.
//!
//! The Wraith instance's MCP HTTP port is read from the data directory's
//! `mcp-port` file.
use std::io::{self, BufRead, Write};
use serde::{Deserialize, Serialize};
use serde_json::Value;
#[derive(Deserialize)]
#[allow(dead_code)]
struct JsonRpcRequest {
jsonrpc: String,
id: Value,
method: String,
#[serde(default)]
params: Value,
}
#[derive(Serialize)]
struct JsonRpcResponse {
jsonrpc: String,
id: Value,
#[serde(skip_serializing_if = "Option::is_none")]
result: Option<Value>,
#[serde(skip_serializing_if = "Option::is_none")]
error: Option<JsonRpcError>,
}
#[derive(Serialize)]
struct JsonRpcError {
code: i32,
message: String,
}
fn get_data_dir() -> Result<std::path::PathBuf, String> {
if let Ok(appdata) = std::env::var("APPDATA") {
Ok(std::path::PathBuf::from(appdata).join("Wraith"))
} else if let Ok(home) = std::env::var("HOME") {
if cfg!(target_os = "macos") {
Ok(std::path::PathBuf::from(home).join("Library").join("Application Support").join("Wraith"))
} else {
Ok(std::path::PathBuf::from(home).join(".local").join("share").join("wraith"))
}
} else {
Err("Cannot determine data directory".to_string())
}
}
fn get_mcp_port() -> Result<u16, String> {
let port_file = get_data_dir()?.join("mcp-port");
let port_str = std::fs::read_to_string(&port_file)
.map_err(|e| format!("Cannot read MCP port file at {}: {} — is Wraith running?", port_file.display(), e))?;
port_str.trim().parse::<u16>()
.map_err(|e| format!("Invalid port in MCP port file: {}", e))
}
fn get_mcp_token() -> Result<String, String> {
let token_file = get_data_dir()?.join("mcp-token");
let token = std::fs::read_to_string(&token_file)
.map_err(|e| format!("Cannot read MCP token file at {}: {} — is Wraith running?", token_file.display(), e))?;
Ok(token.trim().to_string())
}
fn handle_initialize(id: Value) -> JsonRpcResponse {
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: Some(serde_json::json!({
"protocolVersion": "2024-11-05",
"capabilities": {
"tools": {}
},
"serverInfo": {
"name": "wraith-terminal",
"version": "1.0.0"
}
})),
error: None,
}
}
fn handle_tools_list(id: Value) -> JsonRpcResponse {
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: Some(serde_json::json!({
"tools": [
{
"name": "terminal_type",
"description": "Type text into a terminal session (like a human typing). Optionally presses Enter after. Use this to send messages or commands without output capture.",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The session ID to type into" },
"text": { "type": "string", "description": "The text to type" },
"press_enter": { "type": "boolean", "description": "Whether to press Enter after typing (default: true)" }
},
"required": ["session_id", "text"]
}
},
{
"name": "terminal_read",
"description": "Read recent terminal output from an active SSH or PTY session (ANSI codes stripped)",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The session ID to read from. Use list_sessions to find IDs." },
"lines": { "type": "number", "description": "Number of recent lines to return (default: 50)" }
},
"required": ["session_id"]
}
},
{
"name": "terminal_execute",
"description": "Execute a command in an active SSH session and return the output",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The SSH session ID to execute in" },
"command": { "type": "string", "description": "The command to run" },
"timeout_ms": { "type": "number", "description": "Max wait time in ms (default: 5000)" }
},
"required": ["session_id", "command"]
}
},
{
"name": "terminal_screenshot",
"description": "Capture a screenshot of an active RDP session as a base64-encoded PNG image for visual analysis",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The RDP session ID to screenshot" }
},
"required": ["session_id"]
}
},
{
"name": "sftp_list",
"description": "List files in a directory on a remote host via SFTP",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The SSH session ID" },
"path": { "type": "string", "description": "Remote directory path" }
},
"required": ["session_id", "path"]
}
},
{
"name": "sftp_read",
"description": "Read a file from a remote host via SFTP",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The SSH session ID" },
"path": { "type": "string", "description": "Remote file path" }
},
"required": ["session_id", "path"]
}
},
{
"name": "sftp_write",
"description": "Write content to a file on a remote host via SFTP",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The SSH session ID" },
"path": { "type": "string", "description": "Remote file path" },
"content": { "type": "string", "description": "File content to write" }
},
"required": ["session_id", "path", "content"]
}
},
{
"name": "network_scan",
"description": "Discover all devices on a remote network subnet via ARP + ping sweep",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "subnet": { "type": "string", "description": "First 3 octets, e.g. 192.168.1" } }, "required": ["session_id", "subnet"] }
},
{
"name": "port_scan",
"description": "Scan TCP ports on a target host through an SSH session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string" }, "ports": { "type": "array", "items": { "type": "number" }, "description": "Specific ports. Omit for quick scan of 24 common ports." } }, "required": ["session_id", "target"] }
},
{
"name": "ping",
"description": "Ping a host through an SSH session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string" } }, "required": ["session_id", "target"] }
},
{
"name": "traceroute",
"description": "Traceroute to a host through an SSH session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string" } }, "required": ["session_id", "target"] }
},
{
"name": "dns_lookup",
"description": "DNS lookup for a domain through an SSH session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "domain": { "type": "string" }, "record_type": { "type": "string", "description": "A, AAAA, MX, NS, TXT, CNAME, SOA, SRV, PTR" } }, "required": ["session_id", "domain"] }
},
{
"name": "whois",
"description": "Whois lookup for a domain or IP through an SSH session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string" } }, "required": ["session_id", "target"] }
},
{
"name": "wake_on_lan",
"description": "Send Wake-on-LAN magic packet through an SSH session to wake a device",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "mac_address": { "type": "string", "description": "MAC address (AA:BB:CC:DD:EE:FF)" } }, "required": ["session_id", "mac_address"] }
},
{
"name": "bandwidth_test",
"description": "Run an internet speed test on a remote host through SSH",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" } }, "required": ["session_id"] }
},
{
"name": "subnet_calc",
"description": "Calculate subnet details from CIDR notation (no SSH needed)",
"inputSchema": { "type": "object", "properties": { "cidr": { "type": "string", "description": "e.g. 192.168.1.0/24" } }, "required": ["cidr"] }
},
{
"name": "generate_ssh_key",
"description": "Generate an SSH key pair (ed25519 or RSA)",
"inputSchema": { "type": "object", "properties": { "key_type": { "type": "string", "description": "ed25519 or rsa" }, "comment": { "type": "string" } }, "required": ["key_type"] }
},
{
"name": "generate_password",
"description": "Generate a cryptographically secure random password",
"inputSchema": { "type": "object", "properties": { "length": { "type": "number" }, "uppercase": { "type": "boolean" }, "lowercase": { "type": "boolean" }, "digits": { "type": "boolean" }, "symbols": { "type": "boolean" } } }
},
{
"name": "docker_ps",
"description": "List all Docker containers with status, image, and ports",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" } }, "required": ["session_id"] }
},
{
"name": "docker_action",
"description": "Perform a Docker action: start, stop, restart, remove, logs, builder-prune, system-prune",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "action": { "type": "string", "description": "start|stop|restart|remove|logs|builder-prune|system-prune" }, "target": { "type": "string", "description": "Container name (not needed for prune actions)" } }, "required": ["session_id", "action", "target"] }
},
{
"name": "docker_exec",
"description": "Execute a command inside a running Docker container",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "container": { "type": "string" }, "command": { "type": "string" } }, "required": ["session_id", "container", "command"] }
},
{
"name": "service_status",
"description": "Check systemd service status on a remote host",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string", "description": "Service name" } }, "required": ["session_id", "target"] }
},
{
"name": "process_list",
"description": "List processes on a remote host (top CPU by default, or filter by name)",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string", "description": "Process name filter (empty for top 30 by CPU)" } }, "required": ["session_id", "target"] }
},
{
"name": "git_status",
"description": "Get git status of a remote repository",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "path": { "type": "string", "description": "Path to the git repo on the remote host" } }, "required": ["session_id", "path"] }
},
{
"name": "git_pull",
"description": "Pull latest changes on a remote repository",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "path": { "type": "string" } }, "required": ["session_id", "path"] }
},
{
"name": "git_log",
"description": "Show recent commits on a remote repository",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "path": { "type": "string" } }, "required": ["session_id", "path"] }
},
{
"name": "rdp_click",
"description": "Click at a position in an RDP session (use terminal_screenshot first to see coordinates)",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "x": { "type": "number" }, "y": { "type": "number" }, "button": { "type": "string", "description": "left (default), right, or middle" } }, "required": ["session_id", "x", "y"] }
},
{
"name": "rdp_type",
"description": "Type text into an RDP session via clipboard paste",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "text": { "type": "string" } }, "required": ["session_id", "text"] }
},
{
"name": "rdp_clipboard",
"description": "Set the clipboard content on a remote RDP session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "text": { "type": "string" } }, "required": ["session_id", "text"] }
},
{
"name": "ssh_connect",
"description": "Open a new SSH connection through Wraith. Returns the session ID for use with other tools.",
"inputSchema": { "type": "object", "properties": {
"hostname": { "type": "string" },
"port": { "type": "number", "description": "Default: 22" },
"username": { "type": "string" },
"password": { "type": "string", "description": "Password (for password auth)" },
"private_key_path": { "type": "string", "description": "Path to SSH private key file on the local machine" }
}, "required": ["hostname", "username"] }
},
{
"name": "list_sessions",
"description": "List all active Wraith sessions (SSH, RDP, PTY) with connection details",
"inputSchema": {
"type": "object",
"properties": {}
}
}
]
})),
error: None,
}
}
fn call_wraith(port: u16, token: &str, endpoint: &str, body: Value) -> Result<Value, String> {
let url = format!("http://127.0.0.1:{}{}", port, endpoint);
let body_str = serde_json::to_string(&body).unwrap_or_default();
let mut resp = ureq::post(url)
.header("Content-Type", "application/json")
.header("Authorization", &format!("Bearer {}", token))
.send(body_str.as_bytes())
.map_err(|e| format!("HTTP request to Wraith failed: {}", e))?;
let resp_str = resp.body_mut().read_to_string()
.map_err(|e| format!("Failed to read Wraith response: {}", e))?;
let json: Value = serde_json::from_str(&resp_str)
.map_err(|e| format!("Failed to parse Wraith response: {}", e))?;
if json.get("ok").and_then(|v| v.as_bool()) == Some(true) {
Ok(json.get("data").cloned().unwrap_or(Value::Null))
} else {
let err_msg = json.get("error").and_then(|e| e.as_str()).unwrap_or("Unknown error");
Err(err_msg.to_string())
}
}
fn handle_tool_call(id: Value, port: u16, token: &str, tool_name: &str, args: &Value) -> JsonRpcResponse {
let result = match tool_name {
"list_sessions" => call_wraith(port, token, "/mcp/sessions", serde_json::json!({})),
"terminal_type" => call_wraith(port, token, "/mcp/terminal/type", args.clone()),
"terminal_read" => call_wraith(port, token, "/mcp/terminal/read", args.clone()),
"terminal_execute" => call_wraith(port, token, "/mcp/terminal/execute", args.clone()),
"sftp_list" => call_wraith(port, token, "/mcp/sftp/list", args.clone()),
"sftp_read" => call_wraith(port, token, "/mcp/sftp/read", args.clone()),
"sftp_write" => call_wraith(port, token, "/mcp/sftp/write", args.clone()),
"network_scan" => call_wraith(port, token, "/mcp/tool/scan-network", args.clone()),
"port_scan" => call_wraith(port, token, "/mcp/tool/scan-ports", args.clone()),
"ping" => call_wraith(port, token, "/mcp/tool/ping", args.clone()),
"traceroute" => call_wraith(port, token, "/mcp/tool/traceroute", args.clone()),
"dns_lookup" => call_wraith(port, token, "/mcp/tool/dns", args.clone()),
"whois" => call_wraith(port, token, "/mcp/tool/whois", args.clone()),
"wake_on_lan" => call_wraith(port, token, "/mcp/tool/wol", args.clone()),
"bandwidth_test" => call_wraith(port, token, "/mcp/tool/bandwidth", args.clone()),
"subnet_calc" => call_wraith(port, token, "/mcp/tool/subnet", args.clone()),
"generate_ssh_key" => call_wraith(port, token, "/mcp/tool/keygen", args.clone()),
"generate_password" => call_wraith(port, token, "/mcp/tool/passgen", args.clone()),
"docker_ps" => call_wraith(port, token, "/mcp/docker/ps", args.clone()),
"docker_action" => call_wraith(port, token, "/mcp/docker/action", args.clone()),
"docker_exec" => call_wraith(port, token, "/mcp/docker/exec", args.clone()),
"service_status" => call_wraith(port, token, "/mcp/service/status", args.clone()),
"process_list" => call_wraith(port, token, "/mcp/process/list", args.clone()),
"git_status" => call_wraith(port, token, "/mcp/git/status", args.clone()),
"git_pull" => call_wraith(port, token, "/mcp/git/pull", args.clone()),
"git_log" => call_wraith(port, token, "/mcp/git/log", args.clone()),
"rdp_click" => call_wraith(port, token, "/mcp/rdp/click", args.clone()),
"rdp_type" => call_wraith(port, token, "/mcp/rdp/type", args.clone()),
"rdp_clipboard" => call_wraith(port, token, "/mcp/rdp/clipboard", args.clone()),
"ssh_connect" => call_wraith(port, token, "/mcp/ssh/connect", args.clone()),
"terminal_screenshot" => {
let result = call_wraith(port, token, "/mcp/screenshot", args.clone());
// Screenshot returns base64 PNG — wrap as image content for multimodal AI
return match result {
Ok(b64) => JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: Some(serde_json::json!({
"content": [{
"type": "image",
"data": b64,
"mimeType": "image/png"
}]
})),
error: None,
},
Err(e) => JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: None,
error: Some(JsonRpcError { code: -32000, message: e }),
},
};
}
_ => Err(format!("Unknown tool: {}", tool_name)),
};
match result {
Ok(data) => JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: Some(serde_json::json!({
"content": [{
"type": "text",
"text": if data.is_string() {
data.as_str().unwrap().to_string()
} else {
serde_json::to_string_pretty(&data).unwrap_or_default()
}
}]
})),
error: None,
},
Err(e) => JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: None,
error: Some(JsonRpcError { code: -32000, message: e }),
},
}
}
fn main() {
let port = match get_mcp_port() {
Ok(p) => p,
Err(e) => {
eprintln!("wraith-mcp-bridge: {}", e);
std::process::exit(1);
}
};
let token = match get_mcp_token() {
Ok(t) => t,
Err(e) => {
eprintln!("wraith-mcp-bridge: {}", e);
std::process::exit(1);
}
};
let stdin = io::stdin();
let mut stdout = io::stdout();
for line in stdin.lock().lines() {
let line = match line {
Ok(l) => l,
Err(_) => break,
};
if line.trim().is_empty() {
continue;
}
let request: JsonRpcRequest = match serde_json::from_str(&line) {
Ok(r) => r,
Err(e) => {
let err_resp = JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id: Value::Null,
result: None,
error: Some(JsonRpcError { code: -32700, message: format!("Parse error: {}", e) }),
};
let _ = writeln!(stdout, "{}", serde_json::to_string(&err_resp).unwrap());
let _ = stdout.flush();
continue;
}
};
let response = match request.method.as_str() {
"initialize" => handle_initialize(request.id),
"tools/list" => handle_tools_list(request.id),
"tools/call" => {
let tool_name = request.params.get("name")
.and_then(|v| v.as_str())
.unwrap_or("");
let args = request.params.get("arguments")
.cloned()
.unwrap_or(Value::Object(serde_json::Map::new()));
handle_tool_call(request.id, port, &token, tool_name, &args)
}
"notifications/initialized" | "notifications/cancelled" => {
// Notifications don't get responses
continue;
}
_ => JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id: request.id,
result: None,
error: Some(JsonRpcError { code: -32601, message: format!("Method not found: {}", request.method) }),
},
};
let _ = writeln!(stdout, "{}", serde_json::to_string(&response).unwrap());
let _ = stdout.flush();
}
}

16
src-tauri/src/commands/connections.rs
View File

@ -92,19 +92,3 @@ pub fn search_connections(
) -> Result<Vec<ConnectionRecord>, String> {
state.connections.search(&query)
}
#[tauri::command]
pub fn reorder_connections(
ids: Vec<i64>,
state: State<'_, AppState>,
) -> Result<(), String> {
state.connections.reorder_connections(&ids)
}
#[tauri::command]
pub fn reorder_groups(
ids: Vec<i64>,
state: State<'_, AppState>,
) -> Result<(), String> {
state.connections.reorder_groups(&ids)
}

79
src-tauri/src/commands/credentials.rs
View File

@ -3,16 +3,34 @@ use tauri::State;
use crate::credentials::Credential;
use crate::AppState;
/// Guard helper: lock the credentials mutex and return a ref to the inner
/// `CredentialService`, or a "Vault is locked" error if the vault has not
/// been unlocked for this session.
///
/// This is a macro rather than a function because returning a `MutexGuard`
/// from a helper function would require lifetime annotations that complicate
/// the tauri command signatures unnecessarily.
macro_rules! require_unlocked {
($state:expr) => {{
let guard = $state
.credentials
.lock()
.map_err(|_| "Credentials mutex was poisoned".to_string())?;
if guard.is_none() {
return Err("Vault is locked — call unlock before accessing credentials".into());
}
// SAFETY: we just checked `is_none` above, so `unwrap` cannot panic.
guard
}};
}
/// Return all credentials ordered by name.
///
/// Secret values (passwords, private keys) are never included — only metadata.
#[tauri::command]
pub async fn list_credentials(state: State<'_, AppState>) -> Result<Vec<Credential>, String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.list()
pub fn list_credentials(state: State<'_, AppState>) -> Result<Vec<Credential>, String> {
let guard = require_unlocked!(state);
guard.as_ref().unwrap().list()
}
/// Store a new username/password credential.
@ -21,18 +39,18 @@ pub async fn list_credentials(state: State<'_, AppState>) -> Result<Vec<Credenti
/// Returns the created credential record (without the plaintext password).
/// `domain` is `None` for non-domain credentials; `Some("")` is treated as NULL.
#[tauri::command]
pub async fn create_password(
pub fn create_password(
name: String,
username: String,
password: String,
domain: Option<String>,
state: State<'_, AppState>,
) -> Result<Credential, String> {
let guard = state.credentials.lock().await;
let svc = guard
let guard = require_unlocked!(state);
guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.create_password(name, username, password, domain)
.unwrap()
.create_password(name, username, password, domain)
}
/// Store a new SSH private key credential.
@ -41,18 +59,18 @@ pub async fn create_password(
/// Pass `None` for `passphrase` when the key has no passphrase.
/// Returns the created credential record without any secret material.
#[tauri::command]
pub async fn create_ssh_key(
pub fn create_ssh_key(
name: String,
username: String,
private_key_pem: String,
passphrase: Option<String>,
state: State<'_, AppState>,
) -> Result<Credential, String> {
let guard = state.credentials.lock().await;
let svc = guard
let guard = require_unlocked!(state);
guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.create_ssh_key(name, username, private_key_pem, passphrase)
.unwrap()
.create_ssh_key(name, username, private_key_pem, passphrase)
}
/// Delete a credential by id.
@ -60,30 +78,7 @@ pub async fn create_ssh_key(
/// For SSH key credentials, the associated `ssh_keys` row is also deleted.
/// Returns `Err` if the vault is locked or the id does not exist.
#[tauri::command]
pub async fn delete_credential(id: i64, state: State<'_, AppState>) -> Result<(), String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.delete(id)
}
/// Decrypt and return the password for a credential.
#[tauri::command]
pub async fn decrypt_password(credential_id: i64, state: State<'_, AppState>) -> Result<String, String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.decrypt_password(credential_id)
}
/// Decrypt and return the SSH private key and passphrase.
#[tauri::command]
pub async fn decrypt_ssh_key(ssh_key_id: i64, state: State<'_, AppState>) -> Result<(String, String), String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.decrypt_ssh_key(ssh_key_id)
pub fn delete_credential(id: i64, state: State<'_, AppState>) -> Result<(), String> {
let guard = require_unlocked!(state);
guard.as_ref().unwrap().delete(id)
}

105
src-tauri/src/commands/docker_commands.rs
View File

@ -1,105 +0,0 @@
//! Tauri commands for Docker management via SSH exec channels.
use tauri::State;
use serde::Serialize;
use crate::AppState;
use crate::ssh::exec::exec_on_session;
use crate::utils::shell_escape;
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DockerContainer {
pub id: String,
pub name: String,
pub image: String,
pub status: String,
pub ports: String,
pub created: String,
}
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DockerImage {
pub id: String,
pub repository: String,
pub tag: String,
pub size: String,
pub created: String,
}
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DockerVolume {
pub name: String,
pub driver: String,
pub mountpoint: String,
}
#[tauri::command]
pub async fn docker_list_containers(session_id: String, all: Option<bool>, state: State<'_, AppState>) -> Result<Vec<DockerContainer>, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let flag = if all.unwrap_or(true) { "-a" } else { "" };
let output = exec_on_session(&session.handle, &format!("docker ps {} --format '{{{{.ID}}}}|{{{{.Names}}}}|{{{{.Image}}}}|{{{{.Status}}}}|{{{{.Ports}}}}|{{{{.CreatedAt}}}}' 2>&1", flag)).await?;
Ok(output.lines().filter(|l| !l.is_empty() && !l.starts_with("CONTAINER")).map(|line| {
let p: Vec<&str> = line.splitn(6, '|').collect();
DockerContainer {
id: p.first().unwrap_or(&"").to_string(),
name: p.get(1).unwrap_or(&"").to_string(),
image: p.get(2).unwrap_or(&"").to_string(),
status: p.get(3).unwrap_or(&"").to_string(),
ports: p.get(4).unwrap_or(&"").to_string(),
created: p.get(5).unwrap_or(&"").to_string(),
}
}).collect())
}
#[tauri::command]
pub async fn docker_list_images(session_id: String, state: State<'_, AppState>) -> Result<Vec<DockerImage>, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let output = exec_on_session(&session.handle, "docker images --format '{{.ID}}|{{.Repository}}|{{.Tag}}|{{.Size}}|{{.CreatedAt}}' 2>&1").await?;
Ok(output.lines().filter(|l| !l.is_empty()).map(|line| {
let p: Vec<&str> = line.splitn(5, '|').collect();
DockerImage {
id: p.first().unwrap_or(&"").to_string(),
repository: p.get(1).unwrap_or(&"").to_string(),
tag: p.get(2).unwrap_or(&"").to_string(),
size: p.get(3).unwrap_or(&"").to_string(),
created: p.get(4).unwrap_or(&"").to_string(),
}
}).collect())
}
#[tauri::command]
pub async fn docker_list_volumes(session_id: String, state: State<'_, AppState>) -> Result<Vec<DockerVolume>, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let output = exec_on_session(&session.handle, "docker volume ls --format '{{.Name}}|{{.Driver}}|{{.Mountpoint}}' 2>&1").await?;
Ok(output.lines().filter(|l| !l.is_empty()).map(|line| {
let p: Vec<&str> = line.splitn(3, '|').collect();
DockerVolume {
name: p.first().unwrap_or(&"").to_string(),
driver: p.get(1).unwrap_or(&"").to_string(),
mountpoint: p.get(2).unwrap_or(&"").to_string(),
}
}).collect())
}
#[tauri::command]
pub async fn docker_action(session_id: String, action: String, target: String, state: State<'_, AppState>) -> Result<String, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let t = shell_escape(&target);
let cmd = match action.as_str() {
"start" => format!("docker start {} 2>&1", t),
"stop" => format!("docker stop {} 2>&1", t),
"restart" => format!("docker restart {} 2>&1", t),
"remove" => format!("docker rm -f {} 2>&1", t),
"logs" => format!("docker logs --tail 100 {} 2>&1", t),
"remove-image" => format!("docker rmi {} 2>&1", t),
"remove-volume" => format!("docker volume rm {} 2>&1", t),
"builder-prune" => "docker builder prune -f 2>&1".to_string(),
"system-prune" => "docker system prune -f 2>&1".to_string(),
"system-prune-all" => "docker system prune -a -f 2>&1".to_string(),
_ => return Err(format!("Unknown docker action: {}", action)),
};
exec_on_session(&session.handle, &cmd).await
}

142
src-tauri/src/commands/mcp_commands.rs
View File

@ -1,142 +0,0 @@
//! Tauri commands for MCP tool operations.
//!
//! These expose terminal_read, terminal_execute, and session listing to both
//! the frontend and the MCP bridge binary.
use serde::Serialize;
use tauri::State;
use crate::AppState;
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct McpSessionInfo {
pub id: String,
pub session_type: String, // "ssh" or "pty"
pub name: String,
pub host: Option<String>,
pub username: Option<String>,
}
/// List all active sessions (SSH + PTY) with metadata.
#[tauri::command]
pub fn mcp_list_sessions(state: State<'_, AppState>) -> Vec<McpSessionInfo> {
let mut sessions = Vec::new();
// SSH sessions
for info in state.ssh.list_sessions() {
sessions.push(McpSessionInfo {
id: info.id,
session_type: "ssh".to_string(),
name: format!("{}@{}:{}", info.username, info.hostname, info.port),
host: Some(info.hostname),
username: Some(info.username),
});
}
sessions
}
/// Read the last N lines from a session's scrollback buffer (ANSI stripped).
#[tauri::command]
pub fn mcp_terminal_read(
session_id: String,
lines: Option<usize>,
state: State<'_, AppState>,
) -> Result<String, String> {
let n = lines.unwrap_or(50);
let buf = state.scrollback.get(&session_id)
.ok_or_else(|| format!("No scrollback buffer for session {}", session_id))?;
Ok(buf.read_lines(n))
}
/// Execute a command in an SSH session and capture output using a marker.
///
/// Sends the command followed by `echo __WRAITH_MCP_DONE__`, then reads the
/// scrollback until the marker appears or timeout is reached.
#[tauri::command]
pub async fn mcp_terminal_execute(
session_id: String,
command: String,
timeout_ms: Option<u64>,
state: State<'_, AppState>,
) -> Result<String, String> {
let timeout = timeout_ms.unwrap_or(5000);
let marker = "__WRAITH_MCP_DONE__";
// Record current buffer position
let buf = state.scrollback.get(&session_id)
.ok_or_else(|| format!("No scrollback buffer for session {}", session_id))?;
let before = buf.total_written();
// Send command + marker echo
let full_cmd = format!("{}\recho {}\r", command, marker);
state.ssh.write(&session_id, full_cmd.as_bytes()).await?;
// Poll scrollback until marker appears or timeout
let start = std::time::Instant::now();
let timeout_dur = std::time::Duration::from_millis(timeout);
loop {
if start.elapsed() > timeout_dur {
// Return whatever we captured so far
let raw = buf.read_raw();
let total = buf.total_written();
// Extract just the new content since we sent the command
let new_bytes = total.saturating_sub(before);
let output = if new_bytes > 0 && raw.len() >= new_bytes {
&raw[raw.len() - new_bytes.min(raw.len())..]
} else {
""
};
return Ok(format!("[timeout after {}ms]\n{}", timeout, output));
}
let raw = buf.read_raw();
if raw.contains(marker) {
// Extract output between command echo and marker
let total = buf.total_written();
let new_bytes = total.saturating_sub(before);
let output = if new_bytes > 0 && raw.len() >= new_bytes {
raw[raw.len() - new_bytes.min(raw.len())..].to_string()
} else {
String::new()
};
// Strip the command echo and marker from output
let clean = output
.lines()
.filter(|line| {
!line.contains(marker)
&& !line.trim().starts_with(&command.trim_start().chars().take(20).collect::<String>())
})
.collect::<Vec<_>>()
.join("\n");
return Ok(clean.trim().to_string());
}
// Yield the executor before sleeping so other tasks aren't starved,
// then wait 200 ms — much cheaper than the original 50 ms busy-poll.
tokio::task::yield_now().await;
tokio::time::sleep(std::time::Duration::from_millis(200)).await;
}
}
/// Get the path where the MCP bridge binary is installed.
#[tauri::command]
pub fn mcp_bridge_path() -> String {
crate::mcp::bridge_manager::bridge_path().to_string_lossy().to_string()
}
/// Get the active session context — last 20 lines of scrollback for a session.
/// Called by the frontend when the user switches tabs, emitted to the copilot.
#[tauri::command]
pub fn mcp_get_session_context(
session_id: String,
state: State<'_, AppState>,
) -> Result<String, String> {
let buf = state.scrollback.get(&session_id)
.ok_or_else(|| format!("No scrollback buffer for session {}", session_id))?;
Ok(buf.read_lines(20))
}

9
src-tauri/src/commands/mod.rs
View File

@ -6,12 +6,3 @@ pub mod ssh_commands;
pub mod sftp_commands;
pub mod rdp_commands;
pub mod theme_commands;
pub mod pty_commands;
pub mod mcp_commands;
pub mod scanner_commands;
pub mod tools_commands;
pub mod updater;
pub mod tools_commands_r2;
pub mod workspace_commands;
pub mod docker_commands;
pub mod window_commands;

49
src-tauri/src/commands/pty_commands.rs
View File

@ -1,49 +0,0 @@
//! Tauri commands for local PTY session management.
use tauri::{AppHandle, State};
use crate::pty::ShellInfo;
use crate::AppState;
#[tauri::command]
pub fn list_available_shells(state: State<'_, AppState>) -> Vec<ShellInfo> {
state.pty.list_shells()
}
#[tauri::command]
pub fn spawn_local_shell(
shell_path: String,
cols: u32,
rows: u32,
app_handle: AppHandle,
state: State<'_, AppState>,
) -> Result<String, String> {
state.pty.spawn(&shell_path, cols as u16, rows as u16, app_handle, &state.scrollback)
}
#[tauri::command]
pub fn pty_write(
session_id: String,
data: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.pty.write(&session_id, data.as_bytes())
}
#[tauri::command]
pub fn pty_resize(
session_id: String,
cols: u32,
rows: u32,
state: State<'_, AppState>,
) -> Result<(), String> {
state.pty.resize(&session_id, cols as u16, rows as u16)
}
#[tauri::command]
pub fn disconnect_pty(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.pty.disconnect(&session_id)
}

86
src-tauri/src/commands/rdp_commands.rs
View File

@ -3,53 +3,36 @@
//! Mirrors the pattern used by `ssh_commands.rs` — thin command wrappers that
//! delegate to the `RdpService` via `State<AppState>`.
use tauri::{AppHandle, State};
use tauri::ipc::Response;
use serde::Deserialize;
use tauri::State;
use crate::rdp::{RdpConfig, RdpSessionInfo};
use crate::AppState;
/// Connect to an RDP server.
///
/// Performs the full connection handshake (TCP -> TLS -> CredSSP -> RDP) and
/// starts streaming frame updates in the background.
///
/// Returns the session UUID.
#[tauri::command]
pub fn connect_rdp(
config: RdpConfig,
app_handle: AppHandle,
state: State<'_, AppState>,
) -> Result<String, String> {
state.rdp.connect(config, app_handle)
state.rdp.connect(config)
}
/// Get the dirty region since last call as raw RGBA bytes via binary IPC.
/// Get the current frame buffer as a base64-encoded RGBA string.
///
/// Binary format: 8-byte header + pixel data
/// Header: [x: u16, y: u16, width: u16, height: u16] (little-endian)
/// If header is all zeros, the payload is a full frame (width*height*4 bytes).
/// If header is non-zero, payload contains only the dirty rectangle pixels.
/// Returns empty payload if nothing changed.
/// The frontend decodes this and draws it onto a `<canvas>` element.
/// Pixel format: RGBA, 4 bytes per pixel, row-major, top-left origin.
#[tauri::command]
pub fn rdp_get_frame(
pub async fn rdp_get_frame(
session_id: String,
state: State<'_, AppState>,
) -> Result<Response, String> {
let (region, pixels) = state.rdp.get_frame(&session_id)?;
if pixels.is_empty() {
return Ok(Response::new(Vec::new()));
}
// Prepend 8-byte dirty rect header
let mut out = Vec::with_capacity(8 + pixels.len());
match region {
Some(rect) => {
out.extend_from_slice(&rect.x.to_le_bytes());
out.extend_from_slice(&rect.y.to_le_bytes());
out.extend_from_slice(&rect.width.to_le_bytes());
out.extend_from_slice(&rect.height.to_le_bytes());
}
None => {
out.extend_from_slice(&[0u8; 8]); // full frame marker
}
}
out.extend_from_slice(&pixels);
Ok(Response::new(out))
) -> Result<String, String> {
state.rdp.get_frame(&session_id).await
}
/// Send a mouse event to an RDP session.
@ -64,7 +47,7 @@ pub fn rdp_get_frame(
/// - 0x0100 = negative wheel direction
/// - 0x0400 = horizontal wheel
#[tauri::command]
pub fn rdp_send_mouse(
pub async fn rdp_send_mouse(
session_id: String,
x: u16,
y: u16,
@ -82,7 +65,7 @@ pub fn rdp_send_mouse(
///
/// `pressed` is `true` for key-down, `false` for key-up.
#[tauri::command]
pub fn rdp_send_key(
pub async fn rdp_send_key(
session_id: String,
scancode: u16,
pressed: bool,
@ -91,44 +74,11 @@ pub fn rdp_send_key(
state.rdp.send_key(&session_id, scancode, pressed)
}
/// Send clipboard text to an RDP session by simulating keystrokes.
#[tauri::command]
pub fn rdp_send_clipboard(
session_id: String,
text: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.rdp.send_clipboard(&session_id, &text)
}
/// Force the next get_frame to return a full frame regardless of dirty state.
/// Used when switching tabs or after resize to ensure the canvas is fully repainted.
#[tauri::command]
pub fn rdp_force_refresh(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.rdp.force_refresh(&session_id)
}
/// Resize the RDP session's desktop resolution.
/// Sends a Display Control Virtual Channel request to the server.
/// The server will re-render at the new resolution and send updated frames.
#[tauri::command]
pub fn rdp_resize(
session_id: String,
width: u16,
height: u16,
state: State<'_, AppState>,
) -> Result<(), String> {
state.rdp.resize(&session_id, width, height)
}
/// Disconnect an RDP session.
///
/// Sends a graceful shutdown to the RDP server and removes the session.
#[tauri::command]
pub fn disconnect_rdp(
pub async fn disconnect_rdp(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
@ -137,7 +87,7 @@ pub fn disconnect_rdp(
/// List all active RDP sessions (metadata only).
#[tauri::command]
pub fn list_rdp_sessions(
pub async fn list_rdp_sessions(
state: State<'_, AppState>,
) -> Result<Vec<RdpSessionInfo>, String> {
Ok(state.rdp.list_sessions())

44
src-tauri/src/commands/scanner_commands.rs
View File

@ -1,44 +0,0 @@
//! Tauri commands for network scanning through SSH sessions.
use tauri::State;
use crate::scanner::{self, DiscoveredHost, PortResult};
use crate::AppState;
/// Discover hosts on the remote network via ARP + ping sweep.
/// `subnet` should be the first 3 octets, e.g. "192.168.1"
#[tauri::command]
pub async fn scan_network(
session_id: String,
subnet: String,
state: State<'_, AppState>,
) -> Result<Vec<DiscoveredHost>, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
scanner::scan_network(&session.handle, &subnet).await
}
/// Scan specific ports on a target host through an SSH session.
#[tauri::command]
pub async fn scan_ports(
session_id: String,
target: String,
ports: Vec<u16>,
state: State<'_, AppState>,
) -> Result<Vec<PortResult>, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
scanner::scan_ports(&session.handle, &target, &ports).await
}
/// Quick scan of common ports (22, 80, 443, 3389, etc.) on a target.
#[tauri::command]
pub async fn quick_scan(
session_id: String,
target: String,
state: State<'_, AppState>,
) -> Result<Vec<PortResult>, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
scanner::quick_port_scan(&session.handle, &target).await
}

27
src-tauri/src/commands/ssh_commands.rs
View File

@ -10,6 +10,10 @@ use crate::ssh::session::{AuthMethod, SessionInfo};
use crate::AppState;
/// Connect to an SSH server with password authentication.
///
/// Opens a PTY, starts a shell, and begins streaming output via
/// `ssh:data:{session_id}` events. Also opens an SFTP subsystem channel on
/// the same connection. Returns the session UUID.
#[tauri::command]
pub async fn connect_ssh(
hostname: String,
@ -32,13 +36,17 @@ pub async fn connect_ssh(
cols,
rows,
&state.sftp,
&state.scrollback,
&state.error_watcher,
)
.await
}
/// Connect to an SSH server with private key authentication.
///
/// The `private_key_pem` should be the PEM-encoded private key content.
/// `passphrase` is `None` if the key is not encrypted.
///
/// Opens a PTY, starts a shell, and begins streaming output via
/// `ssh:data:{session_id}` events. Returns the session UUID.
#[tauri::command]
pub async fn connect_ssh_with_key(
hostname: String,
@ -65,13 +73,13 @@ pub async fn connect_ssh_with_key(
cols,
rows,
&state.sftp,
&state.scrollback,
&state.error_watcher,
)
.await
}
/// Write data to a session's PTY stdin.
///
/// The `data` parameter is a string that will be sent as UTF-8 bytes.
#[tauri::command]
pub async fn ssh_write(
session_id: String,
@ -93,15 +101,8 @@ pub async fn ssh_resize(
}
/// Disconnect an SSH session — closes the channel and removes it.
#[tauri::command]
pub async fn disconnect_session(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.ssh.disconnect(&session_id, &state.sftp).await
}
/// Alias for disconnect_session.
///
/// Also removes the associated SFTP client.
#[tauri::command]
pub async fn disconnect_ssh(
session_id: String,

188
src-tauri/src/commands/tools_commands.rs
View File

@ -1,188 +0,0 @@
//! Tauri commands for built-in tools: ping, traceroute, WoL, keygen, passgen.
use tauri::State;
use serde::Serialize;
use crate::AppState;
use crate::ssh::exec::exec_on_session;
use crate::utils::shell_escape;
// ── Ping ─────────────────────────────────────────────────────────────────────
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PingResult {
pub target: String,
pub output: String,
}
/// Ping a host through an SSH session's exec channel.
#[tauri::command]
pub async fn tool_ping(
session_id: String,
target: String,
count: Option<u32>,
state: State<'_, AppState>,
) -> Result<PingResult, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let n = count.unwrap_or(4);
let cmd = format!("ping -c {} {} 2>&1", n, shell_escape(&target));
let output = exec_on_session(&session.handle, &cmd).await?;
Ok(PingResult { target, output })
}
/// Traceroute through an SSH session's exec channel.
#[tauri::command]
pub async fn tool_traceroute(
session_id: String,
target: String,
state: State<'_, AppState>,
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let t = shell_escape(&target);
let cmd = format!("traceroute {} 2>&1 || tracert {} 2>&1", t, t);
exec_on_session(&session.handle, &cmd).await
}
// ── Wake on LAN ──────────────────────────────────────────────────────────────
/// Send a Wake-on-LAN magic packet through an SSH session.
/// The remote host broadcasts the WoL packet on its local network.
#[tauri::command]
pub async fn tool_wake_on_lan(
session_id: String,
mac_address: String,
state: State<'_, AppState>,
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
// Build WoL magic packet as a shell one-liner using python or perl (widely available)
let mac_clean = mac_address.replace([':', '-'], "");
if mac_clean.len() != 12 || !mac_clean.chars().all(|c| c.is_ascii_hexdigit()) {
return Err(format!("Invalid MAC address: {}", mac_address));
}
let cmd = format!(
r#"python3 -c "
import socket, struct
mac = bytes.fromhex({mac_clean_escaped})
pkt = b'\xff'*6 + mac*16
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
s.sendto(pkt, ('255.255.255.255', 9))
s.close()
print('WoL packet sent to {mac_display_escaped}')
" 2>&1 || echo "python3 not available install python3 on remote host for WoL""#,
mac_clean_escaped = shell_escape(&mac_clean),
mac_display_escaped = shell_escape(&mac_address),
);
exec_on_session(&session.handle, &cmd).await
}
// ── SSH Key Generator ────────────────────────────────────────────────────────
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct GeneratedKey {
pub private_key: String,
pub public_key: String,
pub fingerprint: String,
pub key_type: String,
}
/// Generate an SSH key pair locally (no SSH session needed).
#[tauri::command]
pub fn tool_generate_ssh_key(
key_type: String,
comment: Option<String>,
) -> Result<GeneratedKey, String> {
tool_generate_ssh_key_inner(&key_type, comment)
}
pub fn tool_generate_ssh_key_inner(
key_type: &str,
comment: Option<String>,
) -> Result<GeneratedKey, String> {
use ssh_key::{Algorithm, HashAlg, LineEnding};
let comment_str = comment.unwrap_or_else(|| "wraith-generated".to_string());
let algorithm = match key_type.to_lowercase().as_str() {
"ed25519" => Algorithm::Ed25519,
"rsa" | "rsa-2048" => Algorithm::Rsa { hash: Some(ssh_key::HashAlg::Sha256) },
"rsa-4096" => Algorithm::Rsa { hash: Some(ssh_key::HashAlg::Sha256) },
_ => return Err(format!("Unsupported key type: {}. Use ed25519 or rsa", key_type)),
};
let private_key = ssh_key::PrivateKey::random(&mut ssh_key::rand_core::OsRng, algorithm)
.map_err(|e| format!("Key generation failed: {}", e))?;
let private_pem = private_key.to_openssh(LineEnding::LF)
.map_err(|e| format!("Failed to encode private key: {}", e))?;
let public_key = private_key.public_key();
let public_openssh = public_key.to_openssh()
.map_err(|e| format!("Failed to encode public key: {}", e))?;
let fingerprint = public_key.fingerprint(HashAlg::Sha256).to_string();
Ok(GeneratedKey {
private_key: private_pem.to_string(),
public_key: format!("{} {}", public_openssh, comment_str),
fingerprint,
key_type: key_type.to_lowercase(),
})
}
// ── Password Generator ───────────────────────────────────────────────────────
/// Generate a cryptographically secure random password.
#[tauri::command]
pub fn tool_generate_password(
length: Option<usize>,
uppercase: Option<bool>,
lowercase: Option<bool>,
digits: Option<bool>,
symbols: Option<bool>,
) -> Result<String, String> {
tool_generate_password_inner(length, uppercase, lowercase, digits, symbols)
}
pub fn tool_generate_password_inner(
length: Option<usize>,
uppercase: Option<bool>,
lowercase: Option<bool>,
digits: Option<bool>,
symbols: Option<bool>,
) -> Result<String, String> {
use rand::Rng;
let len = length.unwrap_or(20).max(4).min(128);
let use_upper = uppercase.unwrap_or(true);
let use_lower = lowercase.unwrap_or(true);
let use_digits = digits.unwrap_or(true);
let use_symbols = symbols.unwrap_or(true);
let mut charset = String::new();
if use_upper { charset.push_str("ABCDEFGHIJKLMNOPQRSTUVWXYZ"); }
if use_lower { charset.push_str("abcdefghijklmnopqrstuvwxyz"); }
if use_digits { charset.push_str("0123456789"); }
if use_symbols { charset.push_str("!@#$%^&*()-_=+[]{}|;:,.<>?"); }
if charset.is_empty() {
return Err("At least one character class must be enabled".to_string());
}
let chars: Vec<char> = charset.chars().collect();
let mut rng = rand::rng();
let password: String = (0..len)
.map(|_| chars[rng.random_range(0..chars.len())])
.collect();
Ok(password)
}

184
src-tauri/src/commands/tools_commands_r2.rs
View File

@ -1,184 +0,0 @@
//! Tauri commands for Tools Round 2: DNS, Whois, Bandwidth, Subnet Calculator.
use tauri::State;
use serde::Serialize;
use crate::AppState;
use crate::ssh::exec::exec_on_session;
use crate::utils::shell_escape;
// ── DNS Lookup ───────────────────────────────────────────────────────────────
#[tauri::command]
pub async fn tool_dns_lookup(
session_id: String,
domain: String,
record_type: Option<String>,
state: State<'_, AppState>,
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let d = shell_escape(&domain);
let rt = shell_escape(&record_type.unwrap_or_else(|| "A".to_string()));
let cmd = format!(
r#"dig {} {} +short 2>/dev/null || nslookup -type={} {} 2>/dev/null || host -t {} {} 2>/dev/null"#,
d, rt, rt, d, rt, d
);
exec_on_session(&session.handle, &cmd).await
}
// ── Whois ────────────────────────────────────────────────────────────────────
#[tauri::command]
pub async fn tool_whois(
session_id: String,
target: String,
state: State<'_, AppState>,
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let cmd = format!("whois {} 2>&1 | head -80", shell_escape(&target));
exec_on_session(&session.handle, &cmd).await
}
// ── Bandwidth Test ───────────────────────────────────────────────────────────
#[tauri::command]
pub async fn tool_bandwidth_iperf(
session_id: String,
server: String,
duration: Option<u32>,
state: State<'_, AppState>,
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let dur = duration.unwrap_or(5);
let s = shell_escape(&server);
let cmd = format!(
"iperf3 -c {} -t {} --json 2>/dev/null || iperf3 -c {} -t {} 2>&1 || echo 'iperf3 not installed — run: apt install iperf3 / brew install iperf3'",
s, dur, s, dur
);
exec_on_session(&session.handle, &cmd).await
}
#[tauri::command]
pub async fn tool_bandwidth_speedtest(
session_id: String,
state: State<'_, AppState>,
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
// Try multiple speedtest tools in order of preference
let cmd = r#"
if command -v speedtest-cli >/dev/null 2>&1; then
speedtest-cli --simple 2>&1
elif command -v speedtest >/dev/null 2>&1; then
speedtest --simple 2>&1
elif command -v curl >/dev/null 2>&1; then
echo "=== Download speed (curl) ==="
curl -o /dev/null -w "Download: %{speed_download} bytes/sec (%{size_download} bytes in %{time_total}s)\n" https://speed.cloudflare.com/__down?bytes=25000000 2>/dev/null
echo "=== Upload speed (curl) ==="
dd if=/dev/zero bs=1M count=10 2>/dev/null | curl -X POST -o /dev/null -w "Upload: %{speed_upload} bytes/sec (%{size_upload} bytes in %{time_total}s)\n" -d @- https://speed.cloudflare.com/__up 2>/dev/null
else
echo "No speedtest tool found. Install: pip install speedtest-cli"
fi
"#;
exec_on_session(&session.handle, cmd).await
}
// ── Subnet Calculator ────────────────────────────────────────────────────────
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct SubnetInfo {
pub cidr: String,
pub network: String,
pub broadcast: String,
pub netmask: String,
pub wildcard: String,
pub first_host: String,
pub last_host: String,
pub total_hosts: u64,
pub usable_hosts: u64,
pub prefix_length: u8,
pub class: String,
pub is_private: bool,
}
/// Pure Rust subnet calculator — no SSH session needed.
#[tauri::command]
pub fn tool_subnet_calc(cidr: String) -> Result<SubnetInfo, String> {
tool_subnet_calc_inner(&cidr)
}
pub fn tool_subnet_calc_inner(cidr: &str) -> Result<SubnetInfo, String> {
let cidr = cidr.to_string();
let parts: Vec<&str> = cidr.split('/').collect();
if parts.len() != 2 {
return Err("Expected CIDR notation: e.g. 192.168.1.0/24".to_string());
}
let ip_str = parts[0];
let prefix: u8 = parts[1].parse()
.map_err(|_| format!("Invalid prefix length: {}", parts[1]))?;
if prefix > 32 {
return Err(format!("Prefix length must be 0-32, got {}", prefix));
}
let octets: Vec<u8> = ip_str.split('.')
.map(|o| o.parse::<u8>())
.collect::<Result<Vec<_>, _>>()
.map_err(|_| format!("Invalid IP address: {}", ip_str))?;
if octets.len() != 4 {
return Err(format!("Invalid IP address: {}", ip_str));
}
let ip: u32 = (octets[0] as u32) << 24
| (octets[1] as u32) << 16
| (octets[2] as u32) << 8
| (octets[3] as u32);
let mask: u32 = if prefix == 0 { 0 } else { !0u32 << (32 - prefix) };
let wildcard = !mask;
let network = ip & mask;
let broadcast = network | wildcard;
let first_host = if prefix >= 31 { network } else { network + 1 };
let last_host = if prefix >= 31 { broadcast } else { broadcast - 1 };
let total: u64 = 1u64 << (32 - prefix as u64);
let usable = if prefix >= 31 { total } else { total - 2 };
let class = match octets[0] {
0..=127 => "A",
128..=191 => "B",
192..=223 => "C",
224..=239 => "D (Multicast)",
_ => "E (Reserved)",
};
let is_private = matches!(
(octets[0], octets[1]),
(10, _) | (172, 16..=31) | (192, 168)
);
Ok(SubnetInfo {
cidr: format!("{}/{}", to_ip(network), prefix),
network: to_ip(network),
broadcast: to_ip(broadcast),
netmask: to_ip(mask),
wildcard: to_ip(wildcard),
first_host: to_ip(first_host),
last_host: to_ip(last_host),
total_hosts: total,
usable_hosts: usable,
prefix_length: prefix,
class: class.to_string(),
is_private,
})
}
fn to_ip(val: u32) -> String {
format!("{}.{}.{}.{}", val >> 24, (val >> 16) & 0xFF, (val >> 8) & 0xFF, val & 0xFF)
}

94
src-tauri/src/commands/updater.rs
View File

@ -1,94 +0,0 @@
//! Version check against Gitea releases API.
use serde::Serialize;
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct UpdateInfo {
pub current_version: String,
pub latest_version: String,
pub update_available: bool,
pub download_url: String,
pub release_notes: String,
}
/// Check Gitea for the latest release and compare with current version.
#[tauri::command]
pub async fn check_for_updates(app_handle: tauri::AppHandle) -> Result<UpdateInfo, String> {
// Read version from tauri.conf.json (patched by CI from git tag)
// rather than CARGO_PKG_VERSION which is always 0.1.0
let current = app_handle.config().version.clone().unwrap_or_else(|| "0.0.0".to_string());
let client = reqwest::Client::builder()
.timeout(std::time::Duration::from_secs(10))
.build()
.map_err(|e| format!("HTTP client error: {}", e))?;
let resp = client
.get("https://git.command.vigilcyber.com/api/v1/repos/vstockwell/wraith/releases?limit=1")
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("Failed to check for updates: {}", e))?;
let releases: Vec<serde_json::Value> = resp.json().await
.map_err(|e| format!("Failed to parse releases: {}", e))?;
let latest = releases.first()
.ok_or_else(|| "No releases found".to_string())?;
let tag = latest.get("tag_name")
.and_then(|v| v.as_str())
.unwrap_or("v0.0.0")
.trim_start_matches('v')
.to_string();
let notes = latest.get("body")
.and_then(|v| v.as_str())
.unwrap_or("")
.to_string();
// Direct download from SeaweedFS
let html_url = format!("https://files.command.vigilcyber.com/wraith/{}/", tag);
let update_available = version_is_newer(&tag, &current);
Ok(UpdateInfo {
current_version: current,
latest_version: tag,
update_available,
download_url: html_url,
release_notes: notes,
})
}
/// Compare semver strings. Returns true if `latest` is newer than `current`.
fn version_is_newer(latest: &str, current: &str) -> bool {
let parse = |v: &str| -> Vec<u32> {
v.split('.').filter_map(|s| s.parse().ok()).collect()
};
let l = parse(latest);
let c = parse(current);
for i in 0..3 {
let lv = l.get(i).copied().unwrap_or(0);
let cv = c.get(i).copied().unwrap_or(0);
if lv > cv { return true; }
if lv < cv { return false; }
}
false
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn version_comparison() {
assert!(version_is_newer("1.5.7", "1.5.6"));
assert!(version_is_newer("1.6.0", "1.5.9"));
assert!(version_is_newer("2.0.0", "1.9.9"));
assert!(!version_is_newer("1.5.6", "1.5.6"));
assert!(!version_is_newer("1.5.5", "1.5.6"));
assert!(!version_is_newer("1.4.0", "1.5.0"));
}
}

31
src-tauri/src/commands/vault.rs
View File

@ -1,5 +1,4 @@
use tauri::State;
use zeroize::Zeroize;
use crate::vault::{self, VaultService};
use crate::credentials::CredentialService;
@ -22,15 +21,14 @@ pub fn is_first_run(state: State<'_, AppState>) -> bool {
/// Returns `Err` if the vault has already been set up or if any storage
/// operation fails.
#[tauri::command]
pub async fn create_vault(mut password: String, state: State<'_, AppState>) -> Result<(), String> {
let result = async {
pub fn create_vault(password: String, state: State<'_, AppState>) -> Result<(), String> {
if !state.is_first_run() {
return Err("Vault already exists — use unlock instead of create".into());
}
let salt = vault::generate_salt();
let key = vault::derive_key(&password, &salt);
let vs = VaultService::new(key.clone());
let vs = VaultService::new(key);
// Persist the salt so we can re-derive the key on future unlocks.
state.settings.set("vault_salt", &hex::encode(salt))?;
@ -41,14 +39,10 @@ pub async fn create_vault(mut password: String, state: State<'_, AppState>) -> R
// Activate the vault and credentials service for this session.
let cred_svc = CredentialService::new(state.db.clone(), VaultService::new(key));
*state.credentials.lock().await = Some(cred_svc);
*state.vault.lock().await = Some(vs);
*state.credentials.lock().unwrap() = Some(cred_svc);
*state.vault.lock().unwrap() = Some(vs);
Ok(())
}.await;
password.zeroize();
result
}
/// Unlock an existing vault using the master password.
@ -58,8 +52,7 @@ pub async fn create_vault(mut password: String, state: State<'_, AppState>) -> R
///
/// Returns `Err("Incorrect master password")` if the password is wrong.
#[tauri::command]
pub async fn unlock(mut password: String, state: State<'_, AppState>) -> Result<(), String> {
let result = async {
pub fn unlock(password: String, state: State<'_, AppState>) -> Result<(), String> {
let salt_hex = state
.settings
.get("vault_salt")
@ -69,7 +62,7 @@ pub async fn unlock(mut password: String, state: State<'_, AppState>) -> Result<
.map_err(|e| format!("Stored vault salt is corrupt: {e}"))?;
let key = vault::derive_key(&password, &salt);
let vs = VaultService::new(key.clone());
let vs = VaultService::new(key);
// Verify the password by decrypting the check value.
let check_blob = state
@ -87,18 +80,14 @@ pub async fn unlock(mut password: String, state: State<'_, AppState>) -> Result<
// Activate the vault and credentials service for this session.
let cred_svc = CredentialService::new(state.db.clone(), VaultService::new(key));
*state.credentials.lock().await = Some(cred_svc);
*state.vault.lock().await = Some(vs);
*state.credentials.lock().unwrap() = Some(cred_svc);
*state.vault.lock().unwrap() = Some(vs);
Ok(())
}.await;
password.zeroize();
result
}
/// Returns `true` if the vault is currently unlocked for this session.
#[tauri::command]
pub async fn is_unlocked(state: State<'_, AppState>) -> Result<bool, String> {
Ok(state.is_unlocked().await)
pub fn is_unlocked(state: State<'_, AppState>) -> bool {
state.is_unlocked()
}

40
src-tauri/src/commands/window_commands.rs
View File

@ -1,40 +0,0 @@
use tauri::AppHandle;
use tauri::WebviewWindowBuilder;
/// Open a child window from the Rust side using WebviewWindowBuilder.
///
/// The `url` parameter supports hash fragments (e.g. "index.html#/tool/ping?sessionId=abc").
/// WebviewUrl::App takes a PathBuf and cannot handle hash/query — so we load plain
/// index.html and set the hash via JS after the window is created.
#[tauri::command]
pub fn open_child_window(
app_handle: AppHandle,
label: String,
title: String,
url: String,
width: f64,
height: f64,
) -> Result<(), String> {
// Split "index.html#/tool/ping?sessionId=abc" into path and fragment
let (path, hash) = match url.split_once('#') {
Some((p, h)) => (p.to_string(), Some(format!("#{}", h))),
None => (url.clone(), None),
};
let webview_url = tauri::WebviewUrl::App(path.into());
let window = WebviewWindowBuilder::new(&app_handle, &label, webview_url)
.title(&title)
.inner_size(width, height)
.resizable(true)
.center()
.build()
.map_err(|e| format!("Failed to create window '{}': {}", label, e))?;
// Set the hash fragment after the window loads — this triggers App.vue's
// onMounted hash detection to render the correct tool/detached component.
if let Some(hash) = hash {
let _ = window.eval(&format!("window.location.hash = '{}';", hash));
}
Ok(())
}

16
src-tauri/src/commands/workspace_commands.rs
View File

@ -1,16 +0,0 @@
//! Tauri commands for workspace persistence.
use tauri::State;
use crate::AppState;
use crate::workspace::{WorkspaceSnapshot, WorkspaceTab};
#[tauri::command]
pub fn save_workspace(tabs: Vec<WorkspaceTab>, state: State<'_, AppState>) -> Result<(), String> {
let snapshot = WorkspaceSnapshot { tabs };
state.workspace.save(&snapshot)
}
#[tauri::command]
pub fn load_workspace(state: State<'_, AppState>) -> Result<Option<WorkspaceSnapshot>, String> {
Ok(state.workspace.load())
}

68
src-tauri/src/connections/mod.rs
View File

@ -19,7 +19,6 @@ use crate::db::Database;
// ── domain types ──────────────────────────────────────────────────────────────
#[derive(Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct ConnectionGroup {
pub id: i64,
pub name: String,
@ -39,8 +38,10 @@ pub struct ConnectionRecord {
pub group_id: Option<i64>,
pub credential_id: Option<i64>,
pub color: Option<String>,
pub tags: Vec<String>,
/// JSON array string, e.g. `["linux","prod"]`
pub tags: String,
pub notes: Option<String>,
/// JSON object string, e.g. `{"keepalive":30}`
pub options: String,
pub sort_order: i64,
pub last_connected: Option<String>,
@ -253,7 +254,7 @@ impl ConnectionService {
group_id: input.group_id,
credential_id: input.credential_id,
color: input.color,
tags: input.tags,
tags: tags_json,
notes: input.notes,
options: options_json,
sort_order,
@ -430,54 +431,6 @@ impl ConnectionService {
Ok(records)
}
/// Batch-update sort_order for a list of connection IDs.
pub fn reorder_connections(&self, ids: &[i64]) -> Result<(), String> {
let conn = self.db.conn();
conn.execute_batch("BEGIN")
.map_err(|e| format!("Failed to begin reorder transaction: {e}"))?;
let result = (|| {
for (i, id) in ids.iter().enumerate() {
conn.execute(
"UPDATE connections SET sort_order = ?1 WHERE id = ?2",
params![i as i64, id],
)
.map_err(|e| format!("Failed to reorder connection {id}: {e}"))?;
}
Ok(())
})();
if result.is_err() {
let _ = conn.execute_batch("ROLLBACK");
} else {
conn.execute_batch("COMMIT")
.map_err(|e| format!("Failed to commit reorder transaction: {e}"))?;
}
result
}
/// Batch-update sort_order for a list of group IDs.
pub fn reorder_groups(&self, ids: &[i64]) -> Result<(), String> {
let conn = self.db.conn();
conn.execute_batch("BEGIN")
.map_err(|e| format!("Failed to begin reorder transaction: {e}"))?;
let result = (|| {
for (i, id) in ids.iter().enumerate() {
conn.execute(
"UPDATE groups SET sort_order = ?1 WHERE id = ?2",
params![i as i64, id],
)
.map_err(|e| format!("Failed to reorder group {id}: {e}"))?;
}
Ok(())
})();
if result.is_err() {
let _ = conn.execute_batch("ROLLBACK");
} else {
conn.execute_batch("COMMIT")
.map_err(|e| format!("Failed to commit reorder transaction: {e}"))?;
}
result
}
}
// ── private helpers ───────────────────────────────────────────────────────────
@ -486,8 +439,6 @@ impl ConnectionService {
///
/// Column order must match the SELECT lists used throughout this module.
fn map_connection_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<ConnectionRecord> {
let tags_json: String = row.get(8)?;
let tags: Vec<String> = serde_json::from_str(&tags_json).unwrap_or_default();
Ok(ConnectionRecord {
id: row.get(0)?,
name: row.get(1)?,
@ -497,7 +448,7 @@ fn map_connection_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<ConnectionRec
group_id: row.get::<_, Option<i64>>(5)?,
credential_id: row.get::<_, Option<i64>>(6)?,
color: row.get::<_, Option<String>>(7)?,
tags,
tags: row.get(8)?,
notes: row.get::<_, Option<String>>(9)?,
options: row.get(10)?,
sort_order: row.get(11)?,
@ -605,10 +556,12 @@ mod tests {
}
#[test]
fn tags_serialised_as_vec() {
fn tags_serialised_as_json_array() {
let svc = make_service();
let rec = svc.create_connection(default_input("tagged")).unwrap();
assert_eq!(rec.tags, vec!["linux", "prod"]);
// tags should be a valid JSON array
let parsed: Vec<String> = serde_json::from_str(&rec.tags).unwrap();
assert_eq!(parsed, vec!["linux", "prod"]);
}
#[test]
@ -676,7 +629,8 @@ mod tests {
.unwrap();
let updated = svc.get_connection(rec.id).unwrap();
assert_eq!(updated.tags, vec!["windows"]);
let parsed: Vec<String> = serde_json::from_str(&updated.tags).unwrap();
assert_eq!(parsed, vec!["windows"]);
}
#[test]

99
src-tauri/src/db/mod.rs
View File

@ -31,11 +31,10 @@ impl Database {
/// Acquire a lock on the underlying connection.
///
/// Recovers gracefully from a poisoned mutex by taking the inner value.
/// A poisoned mutex means a thread panicked while holding the lock; the
/// connection itself is still valid, so we can continue operating.
/// Panics if the mutex was poisoned (which only happens if a thread
/// panicked while holding the lock — a non-recoverable situation anyway).
pub fn conn(&self) -> std::sync::MutexGuard<'_, Connection> {
self.conn.lock().unwrap_or_else(|e| e.into_inner())
self.conn.lock().unwrap()
}
/// Run all embedded SQL migrations.
@ -48,95 +47,3 @@ impl Database {
Ok(())
}
}
// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn open_in_memory() {
let db = Database::open(Path::new(":memory:"));
assert!(db.is_ok());
}
#[test]
fn migrate_creates_tables() {
let db = Database::open(Path::new(":memory:")).unwrap();
db.migrate().unwrap();
let conn = db.conn();
let tables: Vec<String> = conn
.prepare("SELECT name FROM sqlite_master WHERE type='table' ORDER BY name")
.unwrap()
.query_map([], |row| row.get(0))
.unwrap()
.collect::<Result<Vec<_>, _>>()
.unwrap();
assert!(tables.contains(&"connections".to_string()));
assert!(tables.contains(&"credentials".to_string()));
assert!(tables.contains(&"groups".to_string()));
assert!(tables.contains(&"host_keys".to_string()));
assert!(tables.contains(&"settings".to_string()));
assert!(tables.contains(&"themes".to_string()));
assert!(tables.contains(&"ssh_keys".to_string()));
assert!(tables.contains(&"connection_history".to_string()));
}
#[test]
fn migrate_is_idempotent() {
let db = Database::open(Path::new(":memory:")).unwrap();
db.migrate().unwrap();
db.migrate().unwrap(); // second run must not error
}
#[test]
fn foreign_keys_enabled() {
let db = Database::open(Path::new(":memory:")).unwrap();
let conn = db.conn();
let fk_enabled: i64 = conn
.query_row("PRAGMA foreign_keys", [], |row| row.get(0))
.unwrap();
assert_eq!(fk_enabled, 1);
}
#[test]
fn wal_mode_enabled() {
let db = Database::open(Path::new(":memory:")).unwrap();
// In-memory databases use "memory" journal mode, but WAL is set
// for file-backed DBs. Just verify the pragma doesn't error.
let conn = db.conn();
let mode: String = conn
.query_row("PRAGMA journal_mode", [], |row| row.get(0))
.unwrap();
// In-memory always reports "memory"; file-backed would report "wal".
assert!(!mode.is_empty());
}
#[test]
fn clone_shares_connection() {
let db = Database::open(Path::new(":memory:")).unwrap();
db.migrate().unwrap();
let db2 = db.clone();
// Write through one handle, read through the other.
db.conn()
.execute(
"INSERT INTO settings (key, value) VALUES ('test', 'yes')",
[],
)
.unwrap();
let val: String = db2
.conn()
.query_row("SELECT value FROM settings WHERE key = 'test'", [], |r| {
r.get(0)
})
.unwrap();
assert_eq!(val, "yes");
}
}

269
src-tauri/src/lib.rs
View File

@ -1,12 +1,3 @@
// Global debug log macro — must be declared before modules that use it
#[macro_export]
macro_rules! wraith_log {
($($arg:tt)*) => {{
let msg = format!($($arg)*);
let _ = $crate::write_log(&$crate::data_directory().join("wraith.log"), &msg);
}};
}
pub mod db;
pub mod vault;
pub mod settings;
@ -17,13 +8,10 @@ pub mod sftp;
pub mod rdp;
pub mod theme;
pub mod workspace;
pub mod pty;
pub mod mcp;
pub mod scanner;
pub mod commands;
pub mod utils;
use std::path::PathBuf;
use std::sync::Mutex;
use db::Database;
use vault::VaultService;
@ -35,206 +23,153 @@ use ssh::session::SshService;
use rdp::RdpService;
use theme::ThemeService;
use workspace::WorkspaceService;
use pty::PtyService;
use mcp::ScrollbackRegistry;
use mcp::error_watcher::ErrorWatcher;
/// Application state shared across all Tauri commands via State<AppState>.
pub struct AppState {
pub db: Database,
pub vault: tokio::sync::Mutex<Option<VaultService>>,
pub vault: Mutex<Option<VaultService>>,
pub settings: SettingsService,
pub connections: ConnectionService,
pub credentials: tokio::sync::Mutex<Option<CredentialService>>,
pub credentials: Mutex<Option<CredentialService>>,
pub ssh: SshService,
pub sftp: SftpService,
pub rdp: RdpService,
pub theme: ThemeService,
pub workspace: WorkspaceService,
pub pty: PtyService,
pub scrollback: ScrollbackRegistry,
pub error_watcher: std::sync::Arc<ErrorWatcher>,
}
impl AppState {
pub fn new(data_dir: PathBuf) -> Result<Self, Box<dyn std::error::Error>> {
std::fs::create_dir_all(&data_dir)?;
let database = Database::open(&data_dir.join("wraith.db"))?;
let db_path = data_dir.join("wraith.db");
let database = Database::open(&db_path)?;
database.migrate()?;
let settings = SettingsService::new(database.clone());
let connections = ConnectionService::new(database.clone());
let ssh = SshService::new(database.clone());
let sftp = SftpService::new();
let rdp = RdpService::new();
let theme = ThemeService::new(database.clone());
// WorkspaceService shares the same SettingsService interface; we clone
// the Database to construct a second SettingsService for the workspace
// module so it can remain self-contained.
let workspace_settings = SettingsService::new(database.clone());
let workspace = WorkspaceService::new(workspace_settings);
Ok(Self {
db: database.clone(),
vault: tokio::sync::Mutex::new(None),
connections: ConnectionService::new(database.clone()),
credentials: tokio::sync::Mutex::new(None),
ssh: SshService::new(database.clone()),
sftp: SftpService::new(),
rdp: RdpService::new(),
theme: ThemeService::new(database),
workspace: WorkspaceService::new(settings.clone()),
db: database,
vault: Mutex::new(None),
settings,
pty: PtyService::new(),
scrollback: ScrollbackRegistry::new(),
error_watcher: std::sync::Arc::new(ErrorWatcher::new()),
connections,
credentials: Mutex::new(None),
ssh,
sftp,
rdp,
theme,
workspace,
})
}
pub fn clone_services(&self) -> (SshService, rdp::RdpService, SftpService, ScrollbackRegistry, std::sync::Arc<ErrorWatcher>) {
(self.ssh.clone(), self.rdp.clone(), self.sftp.clone(), self.scrollback.clone(), self.error_watcher.clone())
}
/// Returns true if the vault has never been set up.
pub fn is_first_run(&self) -> bool {
self.settings.get("vault_salt").unwrap_or_default().is_empty()
}
pub async fn is_unlocked(&self) -> bool {
self.vault.lock().await.is_some()
/// Returns true if the vault is currently unlocked.
pub fn is_unlocked(&self) -> bool {
self.vault.lock().unwrap().is_some()
}
}
/// Determine the data directory for Wraith.
pub fn data_directory() -> PathBuf {
if let Ok(appdata) = std::env::var("APPDATA") { return PathBuf::from(appdata).join("Wraith"); }
// Windows: %APPDATA%\Wraith
if let Ok(appdata) = std::env::var("APPDATA") {
return PathBuf::from(appdata).join("Wraith");
}
// macOS/Linux: XDG_DATA_HOME or ~/.local/share/wraith
if let Ok(home) = std::env::var("HOME") {
if cfg!(target_os = "macos") { return PathBuf::from(home).join("Library").join("Application Support").join("Wraith"); }
if let Ok(xdg) = std::env::var("XDG_DATA_HOME") { return PathBuf::from(xdg).join("wraith"); }
if let Ok(xdg) = std::env::var("XDG_DATA_HOME") {
return PathBuf::from(xdg).join("wraith");
}
return PathBuf::from(home).join(".local").join("share").join("wraith");
}
// Fallback
PathBuf::from(".")
}
/// Cached log file handle — opened once on first use, reused for all subsequent
/// writes. Avoids the open/close syscall pair that the original implementation
/// paid on every `wraith_log!` invocation.
static LOG_FILE: std::sync::OnceLock<std::sync::Mutex<std::fs::File>> = std::sync::OnceLock::new();
fn write_log(path: &std::path::Path, msg: &str) -> std::io::Result<()> {
use std::io::Write;
let handle = LOG_FILE.get_or_init(|| {
let file = std::fs::OpenOptions::new()
.create(true)
.append(true)
.open(path)
.expect("failed to open wraith.log");
std::sync::Mutex::new(file)
});
let mut f = handle.lock().unwrap_or_else(|e| e.into_inner());
let elapsed = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap_or_default()
.as_secs();
writeln!(f, "[{}] {}", elapsed, msg)
}
#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
// Install rustls crypto provider before any TLS operations (RDP needs this)
let _ = tokio_rustls::rustls::crypto::aws_lc_rs::default_provider().install_default();
let data_dir = data_directory();
let app_state = AppState::new(data_dir)
.expect("Failed to initialize application state");
// Initialize file-based logging to data_dir/wraith.log
let log_path = data_directory().join("wraith.log");
let _ = write_log(&log_path, "=== Wraith starting ===");
let app_state = match AppState::new(data_directory()) {
Ok(s) => s,
Err(e) => {
let _ = write_log(&log_path, &format!("FATAL: AppState init failed: {}", e));
panic!("Failed to init AppState: {}", e);
}
};
// Seed built-in themes (INSERT OR IGNORE — safe to call on every boot).
app_state.theme.seed_builtins();
// Crash recovery detection: log dirty shutdowns so they can be acted on.
if app_state.workspace.was_clean_shutdown() {
app_state
.workspace
.clear_clean_shutdown()
.unwrap_or_else(|e| eprintln!("workspace: failed to clear clean-shutdown flag: {e}"));
} else {
// No clean-shutdown flag found — either first run or a crash/kill.
// Only log if a snapshot exists (i.e. there were open tabs last time).
if app_state.workspace.load().is_some() {
eprintln!("workspace: dirty shutdown detected — a previous session may not have exited cleanly");
}
}
tauri::Builder::default()
.plugin(tauri_plugin_shell::init())
.plugin(tauri_plugin_updater::Builder::new().build())
.manage(app_state)
.setup(|app| {
#[cfg(debug_assertions)]
{
use tauri::Manager;
if let Some(window) = app.get_webview_window("main") {
window.open_devtools();
}
}
// Start MCP and error watcher — completely non-fatal.
{
use tauri::Manager;
let log_file = data_directory().join("wraith.log");
let _ = write_log(&log_file, "Setup: starting MCP and error watcher");
match std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
app.state::<AppState>().inner().clone_services()
})) {
Ok(state) => {
let (ssh, rdp, sftp, scrollback, watcher) = state;
let _ = write_log(&log_file, "Setup: cloned services OK");
// Error watcher — std::thread, no tokio needed
let watcher_for_mcp = watcher.clone();
let app_handle = app.handle().clone();
let app_handle_for_mcp = app.handle().clone();
let _ = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
mcp::error_watcher::start_error_watcher(watcher, scrollback.clone(), app_handle);
}));
let _ = write_log(&log_file, "Setup: error watcher started");
// MCP HTTP server — needs async runtime
let log_file2 = log_file.clone();
let _ = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
tauri::async_runtime::spawn(async move {
match mcp::server::start_mcp_server(ssh, rdp, sftp, scrollback, app_handle_for_mcp, watcher_for_mcp).await {
Ok(port) => { let _ = write_log(&log_file2, &format!("MCP server started on localhost:{}", port)); }
Err(e) => { let _ = write_log(&log_file2, &format!("MCP server FAILED: {}", e)); }
}
});
}));
let _ = write_log(&log_file, "Setup: MCP spawn dispatched");
// Download/update MCP bridge binary if needed
let app_ver = app.config().version.clone().unwrap_or_else(|| "0.0.0".to_string());
let log_file3 = log_file.clone();
tauri::async_runtime::spawn(async move {
match mcp::bridge_manager::ensure_bridge(&app_ver).await {
Ok(()) => { let _ = write_log(&log_file3, "Setup: MCP bridge binary OK"); }
Err(e) => { let _ = write_log(&log_file3, &format!("Setup: MCP bridge download failed: {}", e)); }
}
});
}
Err(panic) => {
let msg = if let Some(s) = panic.downcast_ref::<String>() {
s.clone()
} else if let Some(s) = panic.downcast_ref::<&str>() {
s.to_string()
} else {
format!("{:?}", panic.type_id())
};
let _ = write_log(&log_file, &format!("MCP startup panicked: {}", msg));
}
}
}
Ok(())
})
.invoke_handler(tauri::generate_handler![
commands::vault::is_first_run, commands::vault::create_vault, commands::vault::unlock, commands::vault::is_unlocked,
commands::settings::get_setting, commands::settings::set_setting,
commands::connections::list_connections, commands::connections::create_connection, commands::connections::get_connection, commands::connections::update_connection, commands::connections::delete_connection,
commands::connections::list_groups, commands::connections::create_group, commands::connections::delete_group, commands::connections::rename_group, commands::connections::search_connections, commands::connections::reorder_connections, commands::connections::reorder_groups,
commands::credentials::list_credentials, commands::credentials::create_password, commands::credentials::create_ssh_key, commands::credentials::delete_credential, commands::credentials::decrypt_password, commands::credentials::decrypt_ssh_key,
commands::ssh_commands::connect_ssh, commands::ssh_commands::connect_ssh_with_key, commands::ssh_commands::ssh_write, commands::ssh_commands::ssh_resize, commands::ssh_commands::disconnect_ssh, commands::ssh_commands::disconnect_session, commands::ssh_commands::list_ssh_sessions,
commands::sftp_commands::sftp_list, commands::sftp_commands::sftp_read_file, commands::sftp_commands::sftp_write_file, commands::sftp_commands::sftp_mkdir, commands::sftp_commands::sftp_delete, commands::sftp_commands::sftp_rename,
commands::rdp_commands::connect_rdp, commands::rdp_commands::rdp_get_frame, commands::rdp_commands::rdp_force_refresh, commands::rdp_commands::rdp_send_mouse, commands::rdp_commands::rdp_send_key, commands::rdp_commands::rdp_send_clipboard, commands::rdp_commands::rdp_resize, commands::rdp_commands::disconnect_rdp, commands::rdp_commands::list_rdp_sessions,
commands::theme_commands::list_themes, commands::theme_commands::get_theme,
commands::pty_commands::list_available_shells, commands::pty_commands::spawn_local_shell, commands::pty_commands::pty_write, commands::pty_commands::pty_resize, commands::pty_commands::disconnect_pty,
commands::mcp_commands::mcp_list_sessions, commands::mcp_commands::mcp_terminal_read, commands::mcp_commands::mcp_terminal_execute, commands::mcp_commands::mcp_get_session_context, commands::mcp_commands::mcp_bridge_path,
commands::scanner_commands::scan_network, commands::scanner_commands::scan_ports, commands::scanner_commands::quick_scan,
commands::tools_commands::tool_ping, commands::tools_commands::tool_traceroute, commands::tools_commands::tool_wake_on_lan, commands::tools_commands::tool_generate_ssh_key, commands::tools_commands::tool_generate_password,
commands::tools_commands_r2::tool_dns_lookup, commands::tools_commands_r2::tool_whois, commands::tools_commands_r2::tool_bandwidth_iperf, commands::tools_commands_r2::tool_bandwidth_speedtest, commands::tools_commands_r2::tool_subnet_calc,
commands::updater::check_for_updates,
commands::workspace_commands::save_workspace, commands::workspace_commands::load_workspace,
commands::docker_commands::docker_list_containers, commands::docker_commands::docker_list_images, commands::docker_commands::docker_list_volumes, commands::docker_commands::docker_action,
commands::window_commands::open_child_window,
commands::vault::is_first_run,
commands::vault::create_vault,
commands::vault::unlock,
commands::vault::is_unlocked,
commands::settings::get_setting,
commands::settings::set_setting,
commands::connections::list_connections,
commands::connections::create_connection,
commands::connections::get_connection,
commands::connections::update_connection,
commands::connections::delete_connection,
commands::connections::list_groups,
commands::connections::create_group,
commands::connections::delete_group,
commands::connections::rename_group,
commands::connections::search_connections,
commands::credentials::list_credentials,
commands::credentials::create_password,
commands::credentials::create_ssh_key,
commands::credentials::delete_credential,
commands::ssh_commands::connect_ssh,
commands::ssh_commands::connect_ssh_with_key,
commands::ssh_commands::ssh_write,
commands::ssh_commands::ssh_resize,
commands::ssh_commands::disconnect_ssh,
commands::ssh_commands::list_ssh_sessions,
commands::sftp_commands::sftp_list,
commands::sftp_commands::sftp_read_file,
commands::sftp_commands::sftp_write_file,
commands::sftp_commands::sftp_mkdir,
commands::sftp_commands::sftp_delete,
commands::sftp_commands::sftp_rename,
commands::rdp_commands::connect_rdp,
commands::rdp_commands::rdp_get_frame,
commands::rdp_commands::rdp_send_mouse,
commands::rdp_commands::rdp_send_key,
commands::rdp_commands::disconnect_rdp,
commands::rdp_commands::list_rdp_sessions,
commands::theme_commands::list_themes,
commands::theme_commands::get_theme,
])
.run(tauri::generate_context!())
.expect("error while running tauri application");

85
src-tauri/src/mcp/bridge_manager.rs
View File

@ -1,85 +0,0 @@
//! MCP bridge binary self-management.
//!
//! On startup, checks if wraith-mcp-bridge exists in the data directory.
//! If missing or outdated, downloads the correct version from Gitea packages.
use std::path::PathBuf;
/// Get the expected path for the bridge binary.
pub fn bridge_path() -> PathBuf {
let dir = crate::data_directory();
if cfg!(windows) {
dir.join("wraith-mcp-bridge.exe")
} else {
dir.join("wraith-mcp-bridge")
}
}
/// Check if the bridge binary exists and is the correct version.
/// If not, download it from Gitea packages.
pub async fn ensure_bridge(app_version: &str) -> Result<(), String> {
let path = bridge_path();
let version_file = crate::data_directory().join("mcp-bridge-version");
// Check if bridge exists and version matches
if path.exists() {
if let Ok(installed_ver) = std::fs::read_to_string(&version_file) {
if installed_ver.trim() == app_version {
wraith_log!("[MCP Bridge] v{} already installed at {}", app_version, path.display());
return Ok(());
}
}
}
wraith_log!("[MCP Bridge] Downloading v{} to {}", app_version, path.display());
let binary_name = if cfg!(windows) {
"wraith-mcp-bridge.exe"
} else {
"wraith-mcp-bridge"
};
let url = format!(
"https://files.command.vigilcyber.com/wraith/{}/{}",
app_version, binary_name
);
let client = reqwest::Client::builder()
.timeout(std::time::Duration::from_secs(30))
.build()
.map_err(|e| format!("HTTP client error: {}", e))?;
let resp = client.get(&url).send().await
.map_err(|e| format!("Failed to download MCP bridge: {}", e))?;
if !resp.status().is_success() {
return Err(format!("MCP bridge download failed: HTTP {}", resp.status()));
}
let bytes = resp.bytes().await
.map_err(|e| format!("Failed to read MCP bridge response: {}", e))?;
// Write the binary
std::fs::write(&path, &bytes)
.map_err(|e| format!("Failed to write MCP bridge to {}: {}", path.display(), e))?;
// Make executable on Unix
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let mut perms = std::fs::metadata(&path)
.map_err(|e| format!("Failed to read permissions: {}", e))?
.permissions();
perms.set_mode(0o755);
std::fs::set_permissions(&path, perms)
.map_err(|e| format!("Failed to set execute permission: {}", e))?;
}
// Write version marker
std::fs::write(&version_file, app_version)
.map_err(|e| format!("Failed to write version file: {}", e))?;
wraith_log!("[MCP Bridge] v{} installed successfully ({} bytes)", app_version, bytes.len());
Ok(())
}

115
src-tauri/src/mcp/error_watcher.rs
View File

@ -1,115 +0,0 @@
//! Background error pattern scanner for terminal sessions.
//!
//! Watches scrollback buffers for common error patterns and emits
//! `mcp:error:{session_id}` events to the frontend when detected.
use std::sync::Arc;
use dashmap::DashMap;
use tauri::{AppHandle, Emitter};
use crate::mcp::ScrollbackRegistry;
/// Common error patterns to watch for across all sessions.
const ERROR_PATTERNS: &[&str] = &[
"Permission denied",
"permission denied",
"Connection refused",
"connection refused",
"No space left on device",
"Disk quota exceeded",
"Out of memory",
"OOM",
"Killed",
"Segmentation fault",
"segfault",
"FATAL",
"CRITICAL",
"panic:",
"stack overflow",
"Too many open files",
"Connection timed out",
"Connection reset by peer",
"Host key verification failed",
"command not found",
"No such file or directory",
];
/// Tracks the last scanned position per session to avoid re-emitting.
pub struct ErrorWatcher {
last_scanned: DashMap<String, usize>,
}
impl ErrorWatcher {
pub fn new() -> Self {
Self { last_scanned: DashMap::new() }
}
/// Scan all registered sessions for new error patterns.
/// Returns a list of (session_id, matched_line) pairs.
pub fn scan(&self, scrollback: &ScrollbackRegistry) -> Vec<(String, String)> {
let mut alerts = Vec::new();
// Collect session IDs and positions first to avoid holding the iter
let sessions: Vec<(String, usize)> = self.last_scanned.iter()
.map(|entry| (entry.key().clone(), *entry.value()))
.collect();
for (session_id, last_pos) in sessions {
if let Some(buf) = scrollback.get(&session_id) {
let total = buf.total_written();
if total <= last_pos {
continue;
}
// Only scan bytes written since the last check — avoids
// reading the entire 64 KB ring buffer on every 2-second tick.
let new_content = buf.read_since(last_pos);
for line in new_content.lines() {
for pattern in ERROR_PATTERNS {
if line.contains(pattern) {
alerts.push((session_id.clone(), line.to_string()));
break;
}
}
}
self.last_scanned.insert(session_id, total);
}
}
alerts
}
/// Register a session for watching.
pub fn watch(&self, session_id: &str) {
self.last_scanned.insert(session_id.to_string(), 0);
}
/// Stop watching a session.
pub fn unwatch(&self, session_id: &str) {
self.last_scanned.remove(session_id);
}
}
/// Spawn a background task that scans for errors every 2 seconds.
pub fn start_error_watcher(
watcher: Arc<ErrorWatcher>,
scrollback: ScrollbackRegistry,
app_handle: AppHandle,
) {
std::thread::spawn(move || {
loop {
std::thread::sleep(std::time::Duration::from_secs(2));
let alerts = watcher.scan(&scrollback);
for (session_id, line) in alerts {
let _ = app_handle.emit("mcp:error", serde_json::json!({
"sessionId": session_id,
"message": line,
}));
}
}
});
}

46
src-tauri/src/mcp/mod.rs
View File

@ -1,46 +0,0 @@
//! MCP (Model Context Protocol) infrastructure for Wraith.
//!
//! Provides programmatic access to active sessions so AI tools running in the
//! copilot panel can read terminal output, execute commands, and enumerate
//! sessions.
pub mod scrollback;
pub mod server;
pub mod error_watcher;
pub mod bridge_manager;
use std::sync::Arc;
use dashmap::DashMap;
use crate::mcp::scrollback::ScrollbackBuffer;
/// Registry of scrollback buffers keyed by session ID.
/// Shared between SSH/PTY output loops (writers) and MCP tools (readers).
#[derive(Clone)]
pub struct ScrollbackRegistry {
buffers: Arc<DashMap<String, Arc<ScrollbackBuffer>>>,
}
impl ScrollbackRegistry {
pub fn new() -> Self {
Self { buffers: Arc::new(DashMap::new()) }
}
/// Create and register a new scrollback buffer for a session.
pub fn create(&self, session_id: &str) -> Arc<ScrollbackBuffer> {
let buf = Arc::new(ScrollbackBuffer::new());
self.buffers.insert(session_id.to_string(), buf.clone());
buf
}
/// Get the scrollback buffer for a session.
pub fn get(&self, session_id: &str) -> Option<Arc<ScrollbackBuffer>> {
self.buffers.get(session_id).map(|r| r.value().clone())
}
/// Remove a session's scrollback buffer.
pub fn remove(&self, session_id: &str) {
self.buffers.remove(session_id);
}
}

285
src-tauri/src/mcp/scrollback.rs
View File

@ -1,285 +0,0 @@
//! Per-session scrollback buffer for MCP terminal_read.
//!
//! A thread-safe circular buffer that stores the last N bytes of terminal
//! output. Both SSH and PTY output loops write to it. The MCP tools read
//! from it without touching xterm.js or the frontend.
use std::sync::Mutex;
const DEFAULT_CAPACITY: usize = 64 * 1024; // 64KB per session
/// Thread-safe circular buffer for terminal output.
pub struct ScrollbackBuffer {
inner: Mutex<RingBuffer>,
}
struct RingBuffer {
data: Vec<u8>,
capacity: usize,
/// Write position (wraps around)
write_pos: usize,
/// Total bytes written (for detecting wrap)
total_written: usize,
}
impl ScrollbackBuffer {
pub fn new() -> Self {
Self::with_capacity(DEFAULT_CAPACITY)
}
pub fn with_capacity(capacity: usize) -> Self {
Self {
inner: Mutex::new(RingBuffer {
data: vec![0u8; capacity],
capacity,
write_pos: 0,
total_written: 0,
}),
}
}
/// Append bytes to the buffer. Old data is overwritten when full.
pub fn push(&self, bytes: &[u8]) {
if bytes.is_empty() {
return;
}
let mut buf = self.inner.lock().unwrap_or_else(|e| e.into_inner());
let cap = buf.capacity;
// If input exceeds capacity, only keep the last `cap` bytes
let data = if bytes.len() > cap {
&bytes[bytes.len() - cap..]
} else {
bytes
};
let write_pos = buf.write_pos;
let first_len = (cap - write_pos).min(data.len());
buf.data[write_pos..write_pos + first_len].copy_from_slice(&data[..first_len]);
if first_len < data.len() {
buf.data[..data.len() - first_len].copy_from_slice(&data[first_len..]);
}
buf.write_pos = (write_pos + data.len()) % cap;
buf.total_written += bytes.len();
}
/// Read the last `n` lines from the buffer, with ANSI escape codes stripped.
pub fn read_lines(&self, n: usize) -> String {
let raw = self.read_raw();
let text = strip_ansi(&raw);
let lines: Vec<&str> = text.lines().collect();
let start = lines.len().saturating_sub(n);
lines[start..].join("\n")
}
/// Read all buffered content as raw bytes (ordered oldest→newest).
pub fn read_raw(&self) -> String {
let buf = self.inner.lock().unwrap_or_else(|e| e.into_inner());
let bytes = if buf.total_written >= buf.capacity {
// Buffer has wrapped — read from write_pos to end, then start to write_pos
let mut out = Vec::with_capacity(buf.capacity);
out.extend_from_slice(&buf.data[buf.write_pos..]);
out.extend_from_slice(&buf.data[..buf.write_pos]);
out
} else {
// Buffer hasn't wrapped yet
buf.data[..buf.write_pos].to_vec()
};
String::from_utf8_lossy(&bytes).to_string()
}
/// Total bytes written since creation.
pub fn total_written(&self) -> usize {
self.inner.lock().unwrap_or_else(|e| e.into_inner()).total_written
}
/// Read only the bytes written after `position` (total_written offset),
/// ordered oldest→newest, with ANSI codes stripped.
///
/// Returns an empty string when there is nothing new since `position`.
/// This is more efficient than `read_raw()` for incremental scanning because
/// it avoids copying the full 64 KB ring buffer when only a small delta exists.
pub fn read_since(&self, position: usize) -> String {
let buf = self.inner.lock().unwrap_or_else(|e| e.into_inner());
let total = buf.total_written;
if total <= position {
return String::new();
}
let new_bytes = total - position;
let cap = buf.capacity;
// How many bytes are actually stored in the ring (max = capacity)
let stored = total.min(cap);
// Clamp new_bytes to what's actually in the buffer
let readable = new_bytes.min(stored);
// Write position is where the *next* byte would go; reading backwards
// from write_pos gives us the most recent `readable` bytes.
let write_pos = buf.write_pos;
let bytes = if readable <= write_pos {
// Contiguous slice ending at write_pos
buf.data[write_pos - readable..write_pos].to_vec()
} else {
// Wraps around: tail of buffer + head up to write_pos
let tail_len = readable - write_pos;
let tail_start = cap - tail_len;
let mut out = Vec::with_capacity(readable);
out.extend_from_slice(&buf.data[tail_start..]);
out.extend_from_slice(&buf.data[..write_pos]);
out
};
let raw = String::from_utf8_lossy(&bytes).to_string();
strip_ansi(&raw)
}
}
/// Strip ANSI escape sequences from text.
fn strip_ansi(input: &str) -> String {
let mut output = String::with_capacity(input.len());
let mut chars = input.chars().peekable();
while let Some(ch) = chars.next() {
if ch == '\x1b' {
// ESC sequence — consume until terminator
if let Some(&next) = chars.peek() {
if next == '[' {
chars.next(); // consume '['
// CSI sequence — consume until letter
while let Some(&c) = chars.peek() {
chars.next();
if c.is_ascii_alphabetic() || c == '~' || c == '@' {
break;
}
}
} else if next == ']' {
chars.next(); // consume ']'
// OSC sequence — consume until BEL or ST
while let Some(&c) = chars.peek() {
chars.next();
if c == '\x07' {
break;
}
if c == '\x1b' {
if chars.peek() == Some(&'\\') {
chars.next();
}
break;
}
}
} else {
chars.next(); // consume single-char escape
}
}
} else if ch == '\r' {
// Skip carriage returns for cleaner output
continue;
} else {
output.push(ch);
}
}
output
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn push_and_read_basic() {
let buf = ScrollbackBuffer::new();
buf.push(b"hello world\n");
let lines = buf.read_lines(10);
assert!(lines.contains("hello world"));
}
#[test]
fn read_lines_limits_output() {
let buf = ScrollbackBuffer::new();
buf.push(b"line1\nline2\nline3\nline4\nline5\n");
let lines = buf.read_lines(2);
assert!(!lines.contains("line3"));
assert!(lines.contains("line4"));
assert!(lines.contains("line5"));
}
#[test]
fn circular_buffer_wraps() {
let buf = ScrollbackBuffer::with_capacity(16);
buf.push(b"AAAAAAAAAAAAAAAA"); // fill 16 bytes
buf.push(b"BBBB"); // overwrite first 4
let raw = buf.read_raw();
assert!(raw.starts_with("AAAAAAAAAAAA")); // 12 A's remain
assert!(raw.ends_with("BBBB"));
}
#[test]
fn strip_ansi_removes_csi() {
let input = "\x1b[32mgreen\x1b[0m normal";
assert_eq!(strip_ansi(input), "green normal");
}
#[test]
fn strip_ansi_removes_osc() {
let input = "\x1b]0;title\x07text";
assert_eq!(strip_ansi(input), "text");
}
#[test]
fn strip_ansi_preserves_plain_text() {
let input = "no escapes here\njust text";
assert_eq!(strip_ansi(input), "no escapes here\njust text");
}
#[test]
fn empty_buffer_returns_empty() {
let buf = ScrollbackBuffer::new();
assert_eq!(buf.read_lines(10), "");
assert_eq!(buf.total_written(), 0);
}
#[test]
fn total_written_tracks_all_bytes() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"12345678"); // 8 bytes
buf.push(b"ABCD"); // 4 more, wraps
assert_eq!(buf.total_written(), 12);
}
#[test]
fn push_empty_is_noop() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"hello");
buf.push(b"");
assert_eq!(buf.total_written(), 5);
assert!(buf.read_raw().contains("hello"));
}
#[test]
fn push_larger_than_capacity() {
let buf = ScrollbackBuffer::with_capacity(4);
buf.push(b"ABCDEFGH"); // 8 bytes into 4-byte buffer
let raw = buf.read_raw();
assert_eq!(raw, "EFGH"); // only last 4 bytes kept
assert_eq!(buf.total_written(), 8);
}
#[test]
fn push_exact_capacity() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"12345678");
let raw = buf.read_raw();
assert_eq!(raw, "12345678");
assert_eq!(buf.total_written(), 8);
}
#[test]
fn push_wrap_around_boundary() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"123456"); // write_pos = 6
buf.push(b"ABCD"); // wraps: 2 at end, 2 at start
let raw = buf.read_raw();
// Buffer: [C, D, 3, 4, 5, 6, A, B], write_pos=2
// Read from pos 2: "3456AB" + wrap: no, read from write_pos to end then start
assert_eq!(raw, "3456ABCD");
}
}

631
src-tauri/src/mcp/server.rs
View File

@ -1,631 +0,0 @@
//! Tiny HTTP server for MCP bridge communication.
//!
//! Runs on localhost:0 (random port) at Tauri startup. The port is written
//! to ~/.wraith/mcp-port so the bridge binary can find it.
use std::sync::Arc;
use axum::{
extract::State as AxumState,
http::{Request, StatusCode},
middleware::{self, Next},
response::Response,
routing::post,
Json, Router,
};
use serde::{Deserialize, Serialize};
use tokio::net::TcpListener;
use crate::mcp::ScrollbackRegistry;
use crate::rdp::RdpService;
use crate::sftp::SftpService;
use crate::ssh::exec::exec_on_session;
use crate::ssh::session::SshService;
use crate::utils::shell_escape;
/// Shared state passed to axum handlers.
pub struct McpServerState {
pub ssh: SshService,
pub rdp: RdpService,
pub sftp: SftpService,
pub scrollback: ScrollbackRegistry,
pub app_handle: tauri::AppHandle,
pub error_watcher: std::sync::Arc<crate::mcp::error_watcher::ErrorWatcher>,
pub bearer_token: String,
}
/// Middleware that validates the `Authorization: Bearer <token>` header.
async fn auth_middleware(
AxumState(state): AxumState<Arc<McpServerState>>,
req: Request<axum::body::Body>,
next: Next,
) -> Result<Response, StatusCode> {
let auth_header = req
.headers()
.get("authorization")
.and_then(|v| v.to_str().ok())
.unwrap_or("");
let expected = format!("Bearer {}", state.bearer_token);
if auth_header != expected {
return Err(StatusCode::UNAUTHORIZED);
}
Ok(next.run(req).await)
}
#[derive(Deserialize)]
struct TerminalReadRequest {
session_id: String,
lines: Option<usize>,
}
#[derive(Deserialize)]
struct ScreenshotRequest {
session_id: String,
}
#[derive(Deserialize)]
struct SftpListRequest {
session_id: String,
path: String,
}
#[derive(Deserialize)]
struct SftpReadRequest {
session_id: String,
path: String,
}
#[derive(Deserialize)]
struct SftpWriteRequest {
session_id: String,
path: String,
content: String,
}
#[derive(Deserialize)]
struct TerminalTypeRequest {
session_id: String,
text: String,
press_enter: Option<bool>,
}
#[derive(Deserialize)]
struct TerminalExecuteRequest {
session_id: String,
command: String,
timeout_ms: Option<u64>,
}
#[derive(Serialize)]
struct McpResponse<T: Serialize> {
ok: bool,
data: Option<T>,
error: Option<String>,
}
fn ok_response<T: Serialize>(data: T) -> Json<McpResponse<T>> {
Json(McpResponse { ok: true, data: Some(data), error: None })
}
fn err_response<T: Serialize>(msg: String) -> Json<McpResponse<T>> {
Json(McpResponse { ok: false, data: None, error: Some(msg) })
}
async fn handle_list_sessions(
AxumState(state): AxumState<Arc<McpServerState>>,
) -> Json<McpResponse<Vec<serde_json::Value>>> {
let mut sessions: Vec<serde_json::Value> = state.ssh.list_sessions()
.into_iter()
.map(|s| serde_json::json!({
"id": s.id,
"type": "ssh",
"name": format!("{}@{}:{}", s.username, s.hostname, s.port),
"host": s.hostname,
"username": s.username,
}))
.collect();
// Include RDP sessions
for s in state.rdp.list_sessions() {
sessions.push(serde_json::json!({
"id": s.id,
"type": "rdp",
"name": s.hostname.clone(),
"host": s.hostname,
"width": s.width,
"height": s.height,
}));
}
ok_response(sessions)
}
async fn handle_sftp_list(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<SftpListRequest>,
) -> Json<McpResponse<Vec<serde_json::Value>>> {
match state.sftp.list(&req.session_id, &req.path).await {
Ok(entries) => {
let items: Vec<serde_json::Value> = entries.into_iter().map(|e| {
serde_json::json!({
"name": e.name,
"path": e.path,
"size": e.size,
"is_dir": e.is_dir,
"modified": e.mod_time,
})
}).collect();
ok_response(items)
}
Err(e) => err_response(e),
}
}
async fn handle_sftp_read(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<SftpReadRequest>,
) -> Json<McpResponse<String>> {
match state.sftp.read_file(&req.session_id, &req.path).await {
Ok(content) => ok_response(content),
Err(e) => err_response(e),
}
}
async fn handle_sftp_write(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<SftpWriteRequest>,
) -> Json<McpResponse<String>> {
match state.sftp.write_file(&req.session_id, &req.path, &req.content).await {
Ok(()) => ok_response("OK".to_string()),
Err(e) => err_response(e),
}
}
async fn handle_screenshot(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<ScreenshotRequest>,
) -> Json<McpResponse<String>> {
match state.rdp.screenshot_png_base64(&req.session_id) {
Ok(b64) => ok_response(b64),
Err(e) => err_response(e),
}
}
async fn handle_terminal_type(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<TerminalTypeRequest>,
) -> Json<McpResponse<String>> {
let text = if req.press_enter.unwrap_or(true) {
format!("{}\r", req.text)
} else {
req.text.clone()
};
match state.ssh.write(&req.session_id, text.as_bytes()).await {
Ok(()) => ok_response("sent".to_string()),
Err(e) => err_response(e),
}
}
async fn handle_terminal_read(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<TerminalReadRequest>,
) -> Json<McpResponse<String>> {
let n = req.lines.unwrap_or(50);
match state.scrollback.get(&req.session_id) {
Some(buf) => ok_response(buf.read_lines(n)),
None => err_response(format!("No scrollback buffer for session {}", req.session_id)),
}
}
async fn handle_terminal_execute(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<TerminalExecuteRequest>,
) -> Json<McpResponse<String>> {
let timeout = req.timeout_ms.unwrap_or(5000);
let marker = "__WRAITH_MCP_DONE__";
let buf = match state.scrollback.get(&req.session_id) {
Some(b) => b,
None => return err_response(format!("No scrollback buffer for session {}", req.session_id)),
};
let before = buf.total_written();
let full_cmd = format!("{}\recho {}\r", req.command, marker);
if let Err(e) = state.ssh.write(&req.session_id, full_cmd.as_bytes()).await {
return err_response(e);
}
let start = std::time::Instant::now();
let timeout_dur = std::time::Duration::from_millis(timeout);
loop {
if start.elapsed() > timeout_dur {
let raw = buf.read_raw();
let total = buf.total_written();
let new_bytes = total.saturating_sub(before);
let output = if new_bytes > 0 && raw.len() >= new_bytes {
&raw[raw.len() - new_bytes.min(raw.len())..]
} else {
""
};
return ok_response(format!("[timeout after {}ms]\n{}", timeout, output));
}
let raw = buf.read_raw();
if raw.contains(marker) {
let total = buf.total_written();
let new_bytes = total.saturating_sub(before);
let output = if new_bytes > 0 && raw.len() >= new_bytes {
raw[raw.len() - new_bytes.min(raw.len())..].to_string()
} else {
String::new()
};
let clean = output
.lines()
.filter(|line| !line.contains(marker))
.collect::<Vec<_>>()
.join("\n");
return ok_response(clean.trim().to_string());
}
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
}
}
// ── Tool handlers (all tools exposed to AI via MCP) ──────────────────────────
#[derive(Deserialize)]
struct ToolSessionTarget { session_id: String, target: String }
#[derive(Deserialize)]
struct ToolSessionOnly { session_id: String }
#[derive(Deserialize)]
struct ToolDnsRequest { session_id: String, domain: String, record_type: Option<String> }
#[derive(Deserialize)]
struct ToolWolRequest { session_id: String, mac_address: String }
#[derive(Deserialize)]
struct ToolScanNetworkRequest { session_id: String, subnet: String }
#[derive(Deserialize)]
struct ToolScanPortsRequest { session_id: String, target: String, ports: Option<Vec<u16>> }
#[derive(Deserialize)]
struct ToolSubnetRequest { cidr: String }
#[derive(Deserialize)]
struct ToolKeygenRequest { key_type: String, comment: Option<String> }
#[derive(Deserialize)]
struct ToolPassgenRequest { length: Option<usize>, uppercase: Option<bool>, lowercase: Option<bool>, digits: Option<bool>, symbols: Option<bool> }
async fn handle_tool_ping(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("ping -c 4 {} 2>&1", shell_escape(&req.target))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_traceroute(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let t = shell_escape(&req.target);
match exec_on_session(&session.handle, &format!("traceroute {} 2>&1 || tracert {} 2>&1", t, t)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_dns(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolDnsRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let rt = shell_escape(&req.record_type.unwrap_or_else(|| "A".to_string()));
let d = shell_escape(&req.domain);
match exec_on_session(&session.handle, &format!("dig {} {} +short 2>/dev/null || nslookup -type={} {} 2>/dev/null || host -t {} {} 2>/dev/null", d, rt, rt, d, rt, d)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_whois(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("whois {} 2>&1 | head -80", shell_escape(&req.target))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_wol(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolWolRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let mac_clean = req.mac_address.replace([':', '-'], "");
let cmd = format!(r#"python3 -c "import socket;mac=bytes.fromhex({});pkt=b'\xff'*6+mac*16;s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM);s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST,1);s.sendto(pkt,('255.255.255.255',9));s.close();print('WoL sent to {}')" 2>&1"#, shell_escape(&mac_clean), shell_escape(&req.mac_address));
match exec_on_session(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_scan_network(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolScanNetworkRequest>) -> Json<McpResponse<serde_json::Value>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match crate::scanner::scan_network(&session.handle, &req.subnet).await {
Ok(hosts) => ok_response(serde_json::to_value(hosts).unwrap_or_default()),
Err(e) => err_response(e),
}
}
async fn handle_tool_scan_ports(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolScanPortsRequest>) -> Json<McpResponse<serde_json::Value>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let result = if let Some(ports) = req.ports {
crate::scanner::scan_ports(&session.handle, &req.target, &ports).await
} else {
crate::scanner::quick_port_scan(&session.handle, &req.target).await
};
match result { Ok(r) => ok_response(serde_json::to_value(r).unwrap_or_default()), Err(e) => err_response(e) }
}
async fn handle_tool_subnet(_state: AxumState<Arc<McpServerState>>, Json(req): Json<ToolSubnetRequest>) -> Json<McpResponse<serde_json::Value>> {
match crate::commands::tools_commands_r2::tool_subnet_calc_inner(&req.cidr) {
Ok(info) => ok_response(serde_json::to_value(info).unwrap_or_default()),
Err(e) => err_response(e),
}
}
async fn handle_tool_bandwidth(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionOnly>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let cmd = r#"if command -v speedtest-cli >/dev/null 2>&1; then speedtest-cli --simple 2>&1; elif command -v curl >/dev/null 2>&1; then curl -o /dev/null -w "Download: %{speed_download} bytes/sec\n" https://speed.cloudflare.com/__down?bytes=25000000 2>/dev/null; else echo "No speedtest tool found"; fi"#;
match exec_on_session(&session.handle, cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_keygen(_state: AxumState<Arc<McpServerState>>, Json(req): Json<ToolKeygenRequest>) -> Json<McpResponse<serde_json::Value>> {
match crate::commands::tools_commands::tool_generate_ssh_key_inner(&req.key_type, req.comment) {
Ok(key) => ok_response(serde_json::to_value(key).unwrap_or_default()),
Err(e) => err_response(e),
}
}
async fn handle_tool_passgen(_state: AxumState<Arc<McpServerState>>, Json(req): Json<ToolPassgenRequest>) -> Json<McpResponse<String>> {
match crate::commands::tools_commands::tool_generate_password_inner(req.length, req.uppercase, req.lowercase, req.digits, req.symbols) {
Ok(pw) => ok_response(pw),
Err(e) => err_response(e),
}
}
// ── Docker handlers ──────────────────────────────────────────────────────────
#[derive(Deserialize)]
struct DockerActionRequest { session_id: String, action: String, target: String }
#[derive(Deserialize)]
struct DockerListRequest { session_id: String }
#[derive(Deserialize)]
struct DockerExecRequest { session_id: String, container: String, command: String }
async fn handle_docker_ps(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<DockerListRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, "docker ps -a --format '{{.Names}}|{{.Image}}|{{.Status}}|{{.Ports}}' 2>&1").await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_docker_action(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<DockerActionRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let t = shell_escape(&req.target);
let cmd = match req.action.as_str() {
"start" => format!("docker start {} 2>&1", t),
"stop" => format!("docker stop {} 2>&1", t),
"restart" => format!("docker restart {} 2>&1", t),
"remove" => format!("docker rm -f {} 2>&1", t),
"logs" => format!("docker logs --tail 100 {} 2>&1", t),
"builder-prune" => "docker builder prune -f 2>&1".to_string(),
"system-prune" => "docker system prune -f 2>&1".to_string(),
_ => return err_response(format!("Unknown action: {}", req.action)),
};
match exec_on_session(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_docker_exec(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<DockerExecRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let cmd = format!("docker exec {} {} 2>&1", shell_escape(&req.container), shell_escape(&req.command));
match exec_on_session(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
// ── Service/process handlers ─────────────────────────────────────────────────
async fn handle_service_status(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let t = shell_escape(&req.target);
match exec_on_session(&session.handle, &format!("systemctl status {} --no-pager 2>&1 || service {} status 2>&1", t, t)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_process_list(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let filter = if req.target.is_empty() { "aux --sort=-%cpu | head -30".to_string() } else { format!("aux | grep -i {} | grep -v grep", shell_escape(&req.target)) };
match exec_on_session(&session.handle, &format!("ps {}", filter)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
// ── Git handlers ─────────────────────────────────────────────────────────────
#[derive(Deserialize)]
struct GitRequest { session_id: String, path: String }
async fn handle_git_status(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<GitRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("cd {} && git status --short --branch 2>&1", shell_escape(&req.path))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_git_pull(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<GitRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("cd {} && git pull 2>&1", shell_escape(&req.path))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_git_log(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<GitRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("cd {} && git log --oneline -20 2>&1", shell_escape(&req.path))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
// ── Session creation handlers ────────────────────────────────────────────────
#[derive(Deserialize)]
struct SshConnectRequest {
hostname: String,
port: Option<u16>,
username: String,
password: Option<String>,
private_key_path: Option<String>,
}
async fn handle_ssh_connect(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<SshConnectRequest>) -> Json<McpResponse<String>> {
use crate::ssh::session::AuthMethod;
let port = req.port.unwrap_or(22);
let auth = if let Some(key_path) = req.private_key_path {
// Read key file
let pem = match std::fs::read_to_string(&key_path) {
Ok(p) => p,
Err(e) => return err_response(format!("Failed to read key file {}: {}", key_path, e)),
};
AuthMethod::Key { private_key_pem: pem, passphrase: req.password }
} else {
AuthMethod::Password(req.password.unwrap_or_default())
};
match state.ssh.connect(
state.app_handle.clone(),
&req.hostname,
port,
&req.username,
auth,
120, 40,
&state.sftp,
&state.scrollback,
&state.error_watcher,
).await {
Ok(session_id) => ok_response(session_id),
Err(e) => err_response(e),
}
}
// ── RDP interaction handlers ─────────────────────────────────────────────────
#[derive(Deserialize)]
struct RdpClickRequest { session_id: String, x: u16, y: u16, button: Option<String> }
#[derive(Deserialize)]
struct RdpTypeRequest { session_id: String, text: String }
#[derive(Deserialize)]
struct RdpClipboardRequest { session_id: String, text: String }
async fn handle_rdp_click(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<RdpClickRequest>) -> Json<McpResponse<String>> {
use crate::rdp::input::mouse_flags;
let button_flag = match req.button.as_deref().unwrap_or("left") {
"right" => mouse_flags::BUTTON2,
"middle" => mouse_flags::BUTTON3,
_ => mouse_flags::BUTTON1,
};
// Move to position
if let Err(e) = state.rdp.send_mouse(&req.session_id, req.x, req.y, mouse_flags::MOVE) { return err_response(e); }
// Click down
if let Err(e) = state.rdp.send_mouse(&req.session_id, req.x, req.y, button_flag | mouse_flags::DOWN) { return err_response(e); }
// Click up
if let Err(e) = state.rdp.send_mouse(&req.session_id, req.x, req.y, button_flag) { return err_response(e); }
ok_response(format!("clicked ({}, {})", req.x, req.y))
}
async fn handle_rdp_type(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<RdpTypeRequest>) -> Json<McpResponse<String>> {
// Set clipboard then simulate Ctrl+V to paste (most reliable for arbitrary text)
if let Err(e) = state.rdp.send_clipboard(&req.session_id, &req.text) { return err_response(e); }
// Small delay for clipboard to propagate, then Ctrl+V
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
// Ctrl down
let _ = state.rdp.send_key(&req.session_id, 0x001D, true);
// V down
let _ = state.rdp.send_key(&req.session_id, 0x002F, true);
// V up
let _ = state.rdp.send_key(&req.session_id, 0x002F, false);
// Ctrl up
let _ = state.rdp.send_key(&req.session_id, 0x001D, false);
ok_response(format!("typed {} chars via clipboard paste", req.text.len()))
}
async fn handle_rdp_clipboard(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<RdpClipboardRequest>) -> Json<McpResponse<String>> {
if let Err(e) = state.rdp.send_clipboard(&req.session_id, &req.text) { return err_response(e); }
ok_response("clipboard set".to_string())
}
/// Start the MCP HTTP server and write the port to disk.
pub async fn start_mcp_server(
ssh: SshService,
rdp: RdpService,
sftp: SftpService,
scrollback: ScrollbackRegistry,
app_handle: tauri::AppHandle,
error_watcher: std::sync::Arc<crate::mcp::error_watcher::ErrorWatcher>,
) -> Result<u16, String> {
// Generate a cryptographically random bearer token for authentication
use rand::Rng;
let bearer_token: String = rand::rng()
.sample_iter(&rand::distr::Alphanumeric)
.take(64)
.map(char::from)
.collect();
let state = Arc::new(McpServerState { ssh, rdp, sftp, scrollback, app_handle, error_watcher, bearer_token: bearer_token.clone() });
let app = Router::new()
.route("/mcp/sessions", post(handle_list_sessions))
.route("/mcp/terminal/type", post(handle_terminal_type))
.route("/mcp/terminal/read", post(handle_terminal_read))
.route("/mcp/terminal/execute", post(handle_terminal_execute))
.route("/mcp/screenshot", post(handle_screenshot))
.route("/mcp/sftp/list", post(handle_sftp_list))
.route("/mcp/sftp/read", post(handle_sftp_read))
.route("/mcp/sftp/write", post(handle_sftp_write))
.route("/mcp/tool/ping", post(handle_tool_ping))
.route("/mcp/tool/traceroute", post(handle_tool_traceroute))
.route("/mcp/tool/dns", post(handle_tool_dns))
.route("/mcp/tool/whois", post(handle_tool_whois))
.route("/mcp/tool/wol", post(handle_tool_wol))
.route("/mcp/tool/scan-network", post(handle_tool_scan_network))
.route("/mcp/tool/scan-ports", post(handle_tool_scan_ports))
.route("/mcp/tool/subnet", post(handle_tool_subnet))
.route("/mcp/tool/bandwidth", post(handle_tool_bandwidth))
.route("/mcp/tool/keygen", post(handle_tool_keygen))
.route("/mcp/tool/passgen", post(handle_tool_passgen))
.route("/mcp/docker/ps", post(handle_docker_ps))
.route("/mcp/docker/action", post(handle_docker_action))
.route("/mcp/docker/exec", post(handle_docker_exec))
.route("/mcp/service/status", post(handle_service_status))
.route("/mcp/process/list", post(handle_process_list))
.route("/mcp/git/status", post(handle_git_status))
.route("/mcp/git/pull", post(handle_git_pull))
.route("/mcp/git/log", post(handle_git_log))
.route("/mcp/rdp/click", post(handle_rdp_click))
.route("/mcp/rdp/type", post(handle_rdp_type))
.route("/mcp/rdp/clipboard", post(handle_rdp_clipboard))
.route("/mcp/ssh/connect", post(handle_ssh_connect))
.layer(middleware::from_fn_with_state(state.clone(), auth_middleware))
.with_state(state);
let listener = TcpListener::bind("127.0.0.1:0").await
.map_err(|e| format!("Failed to bind MCP server: {}", e))?;
let port = listener.local_addr()
.map_err(|e| format!("Failed to get MCP server port: {}", e))?
.port();
// Write port to well-known location
let data_dir = crate::data_directory();
let port_file = data_dir.join("mcp-port");
std::fs::write(&port_file, port.to_string())
.map_err(|e| format!("Failed to write MCP port file: {}", e))?;
// Write bearer token to a separate file with restrictive permissions
let token_file = data_dir.join("mcp-token");
std::fs::write(&token_file, &bearer_token)
.map_err(|e| format!("Failed to write MCP token file: {}", e))?;
// Set owner-only read/write permissions (Unix)
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let _ = std::fs::set_permissions(&token_file, std::fs::Permissions::from_mode(0o600));
}
tokio::spawn(async move {
axum::serve(listener, app).await.ok();
});
Ok(port)
}

231
src-tauri/src/pty/mod.rs
View File

@ -1,231 +0,0 @@
//! Local PTY service — spawns shells for the AI copilot panel.
use std::io::{Read, Write};
use std::sync::{Arc, Mutex};
use base64::Engine;
use dashmap::DashMap;
use portable_pty::{native_pty_system, Child, CommandBuilder, MasterPty, PtySize};
use serde::Serialize;
use tauri::{AppHandle, Emitter};
use crate::mcp::ScrollbackRegistry;
#[derive(Debug, Serialize, Clone)]
pub struct ShellInfo {
pub name: String,
pub path: String,
}
pub struct PtySession {
pub id: String,
pub shell_path: String,
writer: Mutex<Box<dyn Write + Send>>,
master: Mutex<Box<dyn MasterPty + Send>>,
child: Mutex<Box<dyn Child + Send + Sync>>,
}
pub struct PtyService {
sessions: DashMap<String, Arc<PtySession>>,
}
impl PtyService {
pub fn new() -> Self {
Self { sessions: DashMap::new() }
}
/// Detect available shells on the system.
pub fn list_shells(&self) -> Vec<ShellInfo> {
let mut shells = Vec::new();
#[cfg(unix)]
{
if let Ok(user_shell) = std::env::var("SHELL") {
if std::path::Path::new(&user_shell).exists() {
let name = std::path::Path::new(&user_shell)
.file_name()
.and_then(|n| n.to_str())
.unwrap_or("shell")
.to_string();
shells.push(ShellInfo { name, path: user_shell });
}
}
for (name, path) in [("bash", "/bin/bash"), ("zsh", "/bin/zsh"), ("sh", "/bin/sh")] {
if std::path::Path::new(path).exists() && !shells.iter().any(|s| s.path == path) {
shells.push(ShellInfo { name: name.to_string(), path: path.to_string() });
}
}
}
#[cfg(windows)]
{
shells.push(ShellInfo { name: "PowerShell".to_string(), path: "powershell.exe".to_string() });
shells.push(ShellInfo { name: "CMD".to_string(), path: "cmd.exe".to_string() });
for git_bash in [
r"C:\Program Files\Git\bin\bash.exe",
r"C:\Program Files (x86)\Git\bin\bash.exe",
] {
if std::path::Path::new(git_bash).exists() {
shells.push(ShellInfo { name: "Git Bash".to_string(), path: git_bash.to_string() });
break;
}
}
// WSL (Windows Subsystem for Linux)
if std::path::Path::new(r"C:\Windows\System32\wsl.exe").exists() {
shells.push(ShellInfo { name: "WSL".to_string(), path: r"C:\Windows\System32\wsl.exe".to_string() });
}
}
shells
}
/// Spawn a local shell and start reading its output.
pub fn spawn(
&self,
shell_path: &str,
cols: u16,
rows: u16,
app_handle: AppHandle,
scrollback: &ScrollbackRegistry,
) -> Result<String, String> {
let session_id = uuid::Uuid::new_v4().to_string();
wraith_log!("[PTY] Spawning shell: {} (session {})", shell_path, session_id);
let pty_system = native_pty_system();
let pair = pty_system
.openpty(PtySize { rows, cols, pixel_width: 0, pixel_height: 0 })
.map_err(|e| format!("Failed to open PTY: {}", e))?;
let cmd = CommandBuilder::new(shell_path);
let child = pair.slave
.spawn_command(cmd)
.map_err(|e| format!("Failed to spawn shell '{}': {}", shell_path, e))?;
let reader = pair.master
.try_clone_reader()
.map_err(|e| format!("Failed to clone PTY reader: {}", e))?;
let writer = pair.master
.take_writer()
.map_err(|e| format!("Failed to take PTY writer: {}", e))?;
let session = Arc::new(PtySession {
id: session_id.clone(),
shell_path: shell_path.to_string(),
writer: Mutex::new(writer),
master: Mutex::new(pair.master),
child: Mutex::new(child),
});
self.sessions.insert(session_id.clone(), session);
// Create scrollback buffer for MCP terminal_read
let scrollback_buf = scrollback.create(&session_id);
// Output reader loop — runs in a dedicated OS thread because
// portable-pty's reader is synchronous (std::io::Read) and
// long-lived. Using std::thread::spawn avoids requiring a
// tokio runtime context (sync Tauri commands may not have one).
let sid = session_id.clone();
let app = app_handle;
std::thread::spawn(move || {
let mut reader = std::io::BufReader::new(reader);
let mut buf = [0u8; 4096];
loop {
match reader.read(&mut buf) {
Ok(0) => {
let _ = app.emit(&format!("pty:close:{}", sid), ());
break;
}
Ok(n) => {
scrollback_buf.push(&buf[..n]);
let encoded = base64::engine::general_purpose::STANDARD.encode(&buf[..n]);
let _ = app.emit(&format!("pty:data:{}", sid), encoded);
}
Err(_) => {
let _ = app.emit(&format!("pty:close:{}", sid), ());
break;
}
}
}
});
Ok(session_id)
}
/// Write data to a PTY session's stdin.
pub fn write(&self, session_id: &str, data: &[u8]) -> Result<(), String> {
let session = self.sessions.get(session_id)
.ok_or_else(|| format!("PTY session {} not found", session_id))?;
let mut writer = session.writer.lock()
.map_err(|e| format!("Failed to lock PTY writer: {}", e))?;
writer.write_all(data)
.map_err(|e| format!("Failed to write to PTY {}: {}", session_id, e))
}
/// Resize a PTY session.
pub fn resize(&self, session_id: &str, cols: u16, rows: u16) -> Result<(), String> {
let session = self.sessions.get(session_id)
.ok_or_else(|| format!("PTY session {} not found", session_id))?;
let master = session.master.lock()
.map_err(|e| format!("Failed to lock PTY master: {}", e))?;
master.resize(PtySize { rows, cols, pixel_width: 0, pixel_height: 0 })
.map_err(|e| format!("Failed to resize PTY {}: {}", session_id, e))
}
/// Kill and remove a PTY session.
pub fn disconnect(&self, session_id: &str) -> Result<(), String> {
let (_, session) = self.sessions.remove(session_id)
.ok_or_else(|| format!("PTY session {} not found", session_id))?;
if let Ok(mut child) = session.child.lock() {
let _ = child.kill();
}
Ok(())
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn list_shells_returns_at_least_one() {
let svc = PtyService::new();
let shells = svc.list_shells();
assert!(!shells.is_empty(), "should find at least one shell");
for shell in &shells {
assert!(!shell.name.is_empty());
assert!(!shell.path.is_empty());
}
}
#[test]
fn list_shells_no_duplicates() {
let svc = PtyService::new();
let shells = svc.list_shells();
let mut paths: Vec<&str> = shells.iter().map(|s| s.path.as_str()).collect();
let original_len = paths.len();
paths.sort();
paths.dedup();
assert_eq!(original_len, paths.len(), "shell list should not contain duplicates");
}
#[test]
fn disconnect_nonexistent_session_errors() {
let svc = PtyService::new();
assert!(svc.disconnect("nonexistent").is_err());
}
#[test]
fn write_nonexistent_session_errors() {
let svc = PtyService::new();
assert!(svc.write("nonexistent", b"hello").is_err());
}
#[test]
fn resize_nonexistent_session_errors() {
let svc = PtyService::new();
assert!(svc.resize("nonexistent", 80, 24).is_err());
}
}

118
src-tauri/src/rdp/input.rs
View File

@ -190,121 +190,3 @@ pub fn is_extended(scancode: u32) -> bool {
pub fn scancode_value(scancode: u32) -> u8 {
(scancode & 0xFF) as u8
}
// ── tests ─────────────────────────────────────────────────────────────────────
#[cfg(test)]
mod tests {
use super::*;
// ── scancode lookup ──────────────────────────────────────────────────────
#[test]
fn escape_key_maps_correctly() {
assert_eq!(js_key_to_scancode("Escape"), Some(0x0001));
}
#[test]
fn letter_keys_map_correctly() {
assert_eq!(js_key_to_scancode("KeyA"), Some(0x001E));
assert_eq!(js_key_to_scancode("KeyZ"), Some(0x002C));
}
#[test]
fn function_keys_map_correctly() {
assert_eq!(js_key_to_scancode("F1"), Some(0x003B));
assert_eq!(js_key_to_scancode("F12"), Some(0x0058));
}
#[test]
fn enter_key_maps_correctly() {
assert_eq!(js_key_to_scancode("Enter"), Some(0x001C));
}
#[test]
fn space_key_maps_correctly() {
assert_eq!(js_key_to_scancode("Space"), Some(0x0039));
}
#[test]
fn unknown_key_returns_none() {
assert_eq!(js_key_to_scancode("FakeKey"), None);
assert_eq!(js_key_to_scancode(""), None);
}
// ── extended key detection ───────────────────────────────────────────────
#[test]
fn non_extended_key_detected() {
assert!(!is_extended(0x001E)); // KeyA
assert!(!is_extended(0x0001)); // Escape
}
#[test]
fn extended_key_detected() {
assert!(is_extended(0xE038)); // AltRight
assert!(is_extended(0xE01D)); // ControlRight
assert!(is_extended(0xE048)); // ArrowUp
}
#[test]
fn arrow_keys_are_extended() {
let arrows = ["ArrowUp", "ArrowDown", "ArrowLeft", "ArrowRight"];
for key in arrows {
let sc = js_key_to_scancode(key).unwrap();
assert!(is_extended(sc), "{key} should be extended");
}
}
// ── scancode value extraction ────────────────────────────────────────────
#[test]
fn scancode_value_extracts_low_byte() {
assert_eq!(scancode_value(0x001E), 0x1E); // KeyA
assert_eq!(scancode_value(0xE038), 0x38); // AltRight — low byte only
}
#[test]
fn numpad_enter_is_extended() {
let sc = js_key_to_scancode("NumpadEnter").unwrap();
assert!(is_extended(sc));
assert_eq!(scancode_value(sc), 0x1C); // same low byte as regular Enter
}
// ── mouse flags ─────────────────────────────────────────────────────────
#[test]
fn mouse_flags_are_distinct_bits() {
let flags = [
mouse_flags::MOVE,
mouse_flags::BUTTON1,
mouse_flags::BUTTON2,
mouse_flags::BUTTON3,
mouse_flags::DOWN,
mouse_flags::WHEEL,
mouse_flags::WHEEL_NEG,
mouse_flags::HWHEEL,
];
// Each flag should be a single power of 2 (or a known composite).
for &f in &flags {
assert!(f > 0, "flag should be nonzero");
assert!(f.count_ones() == 1, "flag {:#06x} should be a single bit", f);
}
}
#[test]
fn left_click_down_composable() {
let event = mouse_flags::BUTTON1 | mouse_flags::DOWN;
assert_eq!(event & mouse_flags::BUTTON1, mouse_flags::BUTTON1);
assert_eq!(event & mouse_flags::DOWN, mouse_flags::DOWN);
}
// ── coverage: every key in the map is reachable ─────────────────────────
#[test]
fn scancode_map_has_expected_size() {
// 13 Fn/Esc + 14 number row + 14 QWERTY + 13 home row + 12 bottom
// + 8 modifiers + 9 nav + 4 arrows + 17 numpad + 17 media + 3 intl = ~124
assert!(SCANCODE_MAP.len() >= 100, "map should have 100+ entries, got {}", SCANCODE_MAP.len());
}
}

640
src-tauri/src/rdp/mod.rs
View File

@ -1,19 +1,25 @@
//! RDP session manager — connects to Windows RDP servers via IronRDP,
//! maintains an RGBA frame buffer per session, and exposes input injection.
//!
//! Architecture:
//! - `RdpService` holds a `DashMap` of active sessions.
//! - Each session spawns a tokio task that runs the IronRDP active stage loop,
//! reading frames from the server and updating a shared `Vec<u8>` (RGBA).
//! - The frontend fetches frames via a Tauri command that reads the buffer.
//! - Mouse/keyboard input is sent to the session via an mpsc channel.
pub mod input;
use std::sync::Arc;
use std::sync::atomic::{AtomicBool, Ordering};
use base64::Engine;
use dashmap::DashMap;
use log::{error, info, warn};
use tauri::Emitter;
use log::{debug, error, info, warn};
use serde::{Deserialize, Serialize};
use tokio::io::{AsyncRead, AsyncWrite};
use tokio::net::TcpStream;
use tokio::sync::mpsc;
use tokio::sync::Mutex as TokioMutex;
use ironrdp::connector::{self, ClientConnector, ConnectionResult, Credentials, DesktopSize};
use ironrdp::graphics::image_processing::PixelFormat;
@ -52,6 +58,7 @@ pub struct RdpSessionInfo {
pub connected: bool,
}
/// Input events sent from the frontend to a session's background task.
enum InputEvent {
Mouse {
x: u16,
@ -62,87 +69,84 @@ enum InputEvent {
scancode: u16,
pressed: bool,
},
Clipboard(String),
Resize { width: u16, height: u16 },
Disconnect,
}
/// Dirty rectangle from the last GraphicsUpdate — used for partial frame transfer.
#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DirtyRect {
pub x: u16,
pub y: u16,
pub width: u16,
pub height: u16,
}
// ── Session handle ────────────────────────────────────────────────────────────
/// A handle to a running RDP session. The actual IronRDP connection runs in a
/// background tokio task. This struct holds the shared frame buffer and an input
/// channel.
struct RdpSessionHandle {
id: String,
hostname: String,
width: u16,
height: u16,
/// Frame buffer: RDP thread writes via RwLock write, IPC reads via RwLock read.
front_buffer: Arc<std::sync::RwLock<Vec<u8>>>,
/// Accumulated dirty region since last get_frame — union of all GraphicsUpdate rects.
dirty_region: Arc<std::sync::Mutex<Option<DirtyRect>>>,
frame_dirty: Arc<AtomicBool>,
/// RGBA pixel data — updated by the background task, read by the frontend.
frame_buffer: Arc<TokioMutex<Vec<u8>>>,
/// Send input events to the background task.
input_tx: mpsc::UnboundedSender<InputEvent>,
}
// ── Service ───────────────────────────────────────────────────────────────────
pub struct RdpService {
sessions: Arc<DashMap<String, Arc<RdpSessionHandle>>>,
sessions: DashMap<String, Arc<RdpSessionHandle>>,
}
impl RdpService {
pub fn new() -> Self {
Self {
sessions: Arc::new(DashMap::new()),
sessions: DashMap::new(),
}
}
pub fn connect(&self, config: RdpConfig, app_handle: tauri::AppHandle) -> Result<String, String> {
/// Connect to an RDP server. Returns the session UUID on success.
///
/// The entire RDP connection (handshake + active session loop) runs in a
/// dedicated thread with its own tokio runtime. This avoids Send/lifetime
/// issues with ironrdp's internal trait objects and tokio::spawn.
pub fn connect(&self, config: RdpConfig) -> Result<String, String> {
let session_id = uuid::Uuid::new_v4().to_string();
wraith_log!("[RDP] Connecting to {}:{} as {} (session {})", config.hostname, config.port, config.username, session_id);
let width = config.width;
let height = config.height;
let hostname = config.hostname.clone();
// Create shared frame buffer — initialized to opaque black.
let buf_size = (width as usize) * (height as usize) * 4;
let mut initial_buf = vec![0u8; buf_size];
for pixel in initial_buf.chunks_exact_mut(4) {
pixel[3] = 255;
}
let front_buffer = Arc::new(std::sync::RwLock::new(initial_buf));
let dirty_region = Arc::new(std::sync::Mutex::new(None));
let frame_dirty = Arc::new(AtomicBool::new(false));
let frame_buffer = Arc::new(TokioMutex::new(initial_buf));
// Create input channel.
let (input_tx, input_rx) = mpsc::unbounded_channel();
// Build session handle (accessible from main thread for frame reads + input sends).
let handle = Arc::new(RdpSessionHandle {
id: session_id.clone(),
hostname: hostname.clone(),
width,
height,
front_buffer: front_buffer.clone(),
dirty_region: dirty_region.clone(),
frame_dirty: frame_dirty.clone(),
frame_buffer: frame_buffer.clone(),
input_tx,
});
self.sessions.insert(session_id.clone(), handle);
// Spawn dedicated thread for the RDP connection + session loop.
let sid = session_id.clone();
let sessions_ref = self.sessions.clone();
let (ready_tx, ready_rx) = std::sync::mpsc::channel::<Result<(), String>>();
std::thread::spawn(move || {
let result = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
let rt = tokio::runtime::Builder::new_current_thread()
.enable_all()
.build()
.unwrap();
rt.block_on(async move {
// Build connector config.
let connector_config = match build_connector_config(&config) {
Ok(c) => c,
Err(e) => {
@ -152,34 +156,28 @@ impl RdpService {
}
};
let (connection_result, framed) = match tokio::time::timeout(std::time::Duration::from_secs(15), establish_connection(connector_config, &config.hostname, config.port)).await {
Ok(Ok(r)) => r,
Ok(Err(e)) => {
// Establish connection (TCP + TLS + CredSSP + RDP handshake).
let (connection_result, framed) =
match establish_connection(connector_config, &config.hostname, config.port).await {
Ok(r) => r,
Err(e) => {
let _ = ready_tx.send(Err(format!("RDP connection failed: {}", e)));
sessions_ref.remove(&sid);
return;
}
Err(_) => {
let _ = ready_tx.send(Err("RDP connection timed out after 15s".to_string()));
sessions_ref.remove(&sid);
return;
}
};
info!("RDP connection established to {}:{} (session {})", config.hostname, config.port, sid);
let _ = ready_tx.send(Ok(()));
// Run active session loop until disconnect.
if let Err(e) = run_active_session(
connection_result,
framed,
front_buffer,
dirty_region,
frame_dirty,
frame_buffer,
input_rx,
width as u16,
height as u16,
app_handle,
sid.clone(),
)
.await
{
@ -188,20 +186,9 @@ impl RdpService {
info!("RDP session {} ended", sid);
sessions_ref.remove(&sid);
});
}));
if let Err(panic) = result {
let msg = if let Some(s) = panic.downcast_ref::<String>() {
s.clone()
} else if let Some(s) = panic.downcast_ref::<&str>() {
s.to_string()
} else {
"unknown panic".to_string()
};
let _ = crate::write_log(&crate::data_directory().join("wraith.log"), &format!("RDP thread PANIC: {}", msg));
// ready_tx is dropped here, which triggers the "died unexpectedly" error
}
});
// Wait for the connection to establish or fail.
match ready_rx.recv() {
Ok(Ok(())) => {}
Ok(Err(e)) => {
@ -210,135 +197,126 @@ impl RdpService {
}
Err(_) => {
self.sessions.remove(&session_id);
return Err("RDP connection thread panicked — check wraith.log for details".into());
return Err("RDP connection thread died unexpectedly".into());
}
}
Ok(session_id)
}
/// Get the dirty region since the last call. Returns (region_metadata, pixel_bytes).
/// The pixel bytes contain only the dirty rectangle in row-major RGBA order.
/// If nothing changed, returns empty bytes. If the dirty region covers >50% of the
/// frame, falls back to full frame for efficiency (avoids row-by-row extraction).
pub fn get_frame(&self, session_id: &str) -> Result<(Option<DirtyRect>, Vec<u8>), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
if !handle.frame_dirty.swap(false, Ordering::Acquire) {
return Ok((None, Vec::new()));
/// Get the current frame buffer as base64-encoded RGBA data.
pub async fn get_frame(&self, session_id: &str) -> Result<String, String> {
let handle = self
.sessions
.get(session_id)
.ok_or_else(|| format!("RDP session {} not found", session_id))?;
let buf = handle.frame_buffer.lock().await;
let encoded = base64::engine::general_purpose::STANDARD.encode(&*buf);
Ok(encoded)
}
let region = handle.dirty_region.lock().unwrap_or_else(|e| e.into_inner()).take();
let buf = handle.front_buffer.read().unwrap_or_else(|e| e.into_inner());
let stride = handle.width as usize * 4;
let total_pixels = handle.width as usize * handle.height as usize;
/// Get the raw frame buffer bytes (for potential future optimization).
pub async fn get_frame_raw(&self, session_id: &str) -> Result<Vec<u8>, String> {
let handle = self
.sessions
.get(session_id)
.ok_or_else(|| format!("RDP session {} not found", session_id))?;
match region {
Some(rect) if (rect.width as usize * rect.height as usize) < total_pixels / 2 => {
// Partial: extract only the dirty rectangle
let rw = rect.width as usize;
let rh = rect.height as usize;
let rx = rect.x as usize;
let ry = rect.y as usize;
let mut out = Vec::with_capacity(rw * rh * 4);
for row in ry..ry + rh {
let start = row * stride + rx * 4;
let end = start + rw * 4;
if end <= buf.len() {
out.extend_from_slice(&buf[start..end]);
}
}
Ok((Some(rect), out))
}
_ => {
// Full frame: dirty region covers most of the screen or is missing
Ok((None, buf.clone()))
}
}
}
pub fn get_frame_raw(&self, session_id: &str) -> Result<Vec<u8>, String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
let buf = handle.front_buffer.read().unwrap_or_else(|e| e.into_inner());
let buf = handle.frame_buffer.lock().await;
Ok(buf.clone())
}
/// Capture the current RDP frame as a base64-encoded PNG.
pub fn screenshot_png_base64(&self, session_id: &str) -> Result<String, String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
let width = handle.width as u32;
let height = handle.height as u32;
let buf = handle.front_buffer.read().unwrap_or_else(|e| e.into_inner());
// Encode RGBA raw bytes to PNG (fast compression for speed)
let mut png_data = Vec::new();
{
let mut encoder = png::Encoder::new(&mut png_data, width, height);
encoder.set_color(png::ColorType::Rgba);
encoder.set_depth(png::BitDepth::Eight);
encoder.set_compression(png::Compression::Fast);
let mut writer = encoder.write_header()
.map_err(|e| format!("PNG header error: {}", e))?;
writer.write_image_data(&buf)
.map_err(|e| format!("PNG encode error: {}", e))?;
}
Ok(base64::engine::general_purpose::STANDARD.encode(&png_data))
}
pub fn send_clipboard(&self, session_id: &str, text: &str) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle.input_tx.send(InputEvent::Clipboard(text.to_string())).map_err(|_| format!("RDP session {} input channel closed", session_id))
}
/// Send a mouse event to the RDP session.
///
/// The `flags` parameter uses MS-RDPBCGR mouse event flags (see `input::mouse_flags`).
/// The frontend should construct these from DOM mouse events.
pub fn send_mouse(&self, session_id: &str, x: u16, y: u16, flags: u32) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle.input_tx.send(InputEvent::Mouse { x, y, flags }).map_err(|_| format!("RDP session {} input channel closed", session_id))
let handle = self
.sessions
.get(session_id)
.ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle
.input_tx
.send(InputEvent::Mouse { x, y, flags })
.map_err(|_| format!("RDP session {} input channel closed", session_id))
}
/// Send a keyboard event to the RDP session.
///
/// `scancode` is the RDP hardware scancode (use `input::js_key_to_scancode`
/// on the frontend side or pass it through). `pressed` indicates key-down
/// vs key-up.
pub fn send_key(&self, session_id: &str, scancode: u16, pressed: bool) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle.input_tx.send(InputEvent::Key { scancode, pressed }).map_err(|_| format!("RDP session {} input channel closed", session_id))
}
pub fn force_refresh(&self, session_id: &str) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
// Clear any accumulated dirty region so get_frame returns the full buffer
*handle.dirty_region.lock().unwrap_or_else(|e| e.into_inner()) = None;
handle.frame_dirty.store(true, Ordering::Release);
Ok(())
}
pub fn resize(&self, session_id: &str, width: u16, height: u16) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle.input_tx.send(InputEvent::Resize { width, height }).map_err(|_| format!("RDP session {} input channel closed", session_id))
let handle = self
.sessions
.get(session_id)
.ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle
.input_tx
.send(InputEvent::Key { scancode, pressed })
.map_err(|_| format!("RDP session {} input channel closed", session_id))
}
/// Disconnect an RDP session.
pub fn disconnect(&self, session_id: &str) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
let handle = self
.sessions
.get(session_id)
.ok_or_else(|| format!("RDP session {} not found", session_id))?;
// Send disconnect signal — the background task will clean up.
let _ = handle.input_tx.send(InputEvent::Disconnect);
// Remove from map immediately so no new commands target it.
drop(handle);
self.sessions.remove(session_id);
info!("RDP session {} disconnect requested", session_id);
Ok(())
}
/// List all active RDP sessions.
pub fn list_sessions(&self) -> Vec<RdpSessionInfo> {
self.sessions.iter().map(|entry| {
self.sessions
.iter()
.map(|entry| {
let h = entry.value();
RdpSessionInfo { id: h.id.clone(), hostname: h.hostname.clone(), width: h.width, height: h.height, connected: !h.input_tx.is_closed() }
}).collect()
RdpSessionInfo {
id: h.id.clone(),
hostname: h.hostname.clone(),
width: h.width,
height: h.height,
connected: !h.input_tx.is_closed(),
}
})
.collect()
}
}
// Clone the DashMap reference for use in spawned tasks.
impl Clone for RdpService {
fn clone(&self) -> Self {
Self { sessions: self.sessions.clone() }
// This is intentionally a shallow clone — we want to share the same
// sessions map. But since DashMap doesn't implement Clone directly in
// a way we can use here, we use a different approach: the service
// itself is stored in AppState and accessed via State<AppState>.
// The Clone here is only needed if we want to pass a reference to
// spawned tasks, which we handle via Arc<DashMap> internally.
unreachable!("RdpService should not be cloned — access via State<AppState>");
}
}
// ── Connection establishment ──────────────────────────────────────────────────
/// Build the IronRDP `connector::Config` from our simplified `RdpConfig`.
fn build_connector_config(config: &RdpConfig) -> Result<connector::Config, String> {
Ok(connector::Config {
credentials: Credentials::UsernamePassword { username: config.username.clone(), password: config.password.clone() },
credentials: Credentials::UsernamePassword {
username: config.username.clone(),
password: config.password.clone(),
},
domain: config.domain.clone(),
enable_tls: false,
enable_credssp: true,
@ -348,11 +326,15 @@ fn build_connector_config(config: &RdpConfig) -> Result<connector::Config, Strin
keyboard_functional_keys_count: 12,
ime_file_name: String::new(),
dig_product_id: String::new(),
desktop_size: DesktopSize { width: config.width, height: config.height },
desktop_size: DesktopSize {
width: config.width,
height: config.height,
},
bitmap: None,
client_build: 0,
client_name: "Wraith Desktop".to_owned(),
client_dir: r"C:\Windows\System32\mstscax.dll".to_owned(),
client_dir: "C:\\Windows\\System32\\mstscax.dll".to_owned(),
#[cfg(windows)]
platform: MajorPlatformType::WINDOWS,
#[cfg(target_os = "macos")]
@ -361,16 +343,13 @@ fn build_connector_config(config: &RdpConfig) -> Result<connector::Config, Strin
platform: MajorPlatformType::UNIX,
#[cfg(not(any(windows, target_os = "macos", target_os = "linux")))]
platform: MajorPlatformType::UNIX,
enable_server_pointer: true,
pointer_software_rendering: true,
request_data: None,
autologon: false,
enable_audio_playback: false,
performance_flags: PerformanceFlags::DISABLE_WALLPAPER
| PerformanceFlags::DISABLE_MENUANIMATIONS
| PerformanceFlags::DISABLE_CURSOR_SHADOW
| PerformanceFlags::ENABLE_FONT_SMOOTHING
| PerformanceFlags::ENABLE_DESKTOP_COMPOSITION,
performance_flags: PerformanceFlags::default(),
desktop_scale_factor: 0,
hardware_id: None,
license_cache: None,
@ -378,216 +357,263 @@ fn build_connector_config(config: &RdpConfig) -> Result<connector::Config, Strin
})
}
/// Trait alias for types that implement both AsyncRead and AsyncWrite.
trait AsyncReadWrite: AsyncRead + AsyncWrite + 'static {}
impl<T: AsyncRead + AsyncWrite + 'static> AsyncReadWrite for T {}
type UpgradedFramed = TokioFramed<Box<dyn AsyncReadWrite + Unpin + Send + Sync + 'static>>;
async fn establish_connection(config: connector::Config, hostname: &str, port: u16) -> Result<(ConnectionResult, UpgradedFramed), String> {
/// Perform the full RDP connection: TCP -> TLS upgrade -> CredSSP -> RDP handshake.
async fn establish_connection(
config: connector::Config,
hostname: &str,
port: u16,
) -> Result<(ConnectionResult, UpgradedFramed), String> {
// Resolve and connect TCP.
let addr = format!("{}:{}", hostname, port);
let stream = TcpStream::connect(&addr).await.map_err(|e| format!("TCP connect to {} failed: {}", addr, e))?;
let client_addr = stream.local_addr().map_err(|e| format!("Failed to get local address: {}", e))?;
let stream = TcpStream::connect(&addr)
.await
.map_err(|e| format!("TCP connect to {} failed: {}", addr, e))?;
let client_addr = stream
.local_addr()
.map_err(|e| format!("Failed to get local address: {}", e))?;
let mut framed = TokioFramed::new(stream);
let mut connector = ClientConnector::new(config, client_addr);
let should_upgrade = ironrdp_tokio::connect_begin(&mut framed, &mut connector).await.map_err(|e| format!("RDP connect_begin failed: {}", e))?;
// Phase 1: Initial connection (pre-TLS).
let should_upgrade = ironrdp_tokio::connect_begin(&mut framed, &mut connector)
.await
.map_err(|e| format!("RDP connect_begin failed: {}", e))?;
debug!("RDP TLS upgrade starting for {}", hostname);
// Phase 2: TLS upgrade.
let (initial_stream, leftover_bytes) = framed.into_inner();
let (tls_stream, tls_cert) = ironrdp_tls::upgrade(initial_stream, hostname).await.map_err(|e| format!("TLS upgrade failed: {}", e))?;
let (tls_stream, tls_cert) = ironrdp_tls::upgrade(initial_stream, hostname)
.await
.map_err(|e| format!("TLS upgrade failed: {}", e))?;
let upgraded = ironrdp_tokio::mark_as_upgraded(should_upgrade, &mut connector);
// Wrap the TLS stream in an erased box for the framed type.
let erased_stream: Box<dyn AsyncReadWrite + Unpin + Send + Sync> = Box::new(tls_stream);
let mut upgraded_framed = TokioFramed::new_with_leftover(erased_stream, leftover_bytes);
let server_public_key = ironrdp_tls::extract_tls_server_public_key(&tls_cert).ok_or_else(|| "Failed to extract TLS server public key".to_string())?.to_owned();
let connection_result = ironrdp_tokio::connect_finalize(upgraded, connector, &mut upgraded_framed, &mut ReqwestNetworkClient::new(), hostname.into(), server_public_key, None).await.map_err(|e| format!("RDP connect_finalize failed: {}", e))?;
// Phase 3: CredSSP + finalize.
let server_public_key = ironrdp_tls::extract_tls_server_public_key(&tls_cert)
.ok_or_else(|| "Failed to extract TLS server public key".to_string())?
.to_owned();
let connection_result = ironrdp_tokio::connect_finalize(
upgraded,
connector,
&mut upgraded_framed,
&mut ReqwestNetworkClient::new(),
hostname.into(),
server_public_key,
None, // No Kerberos config
)
.await
.map_err(|e| format!("RDP connect_finalize failed: {}", e))?;
debug!("RDP connection finalized for {}", hostname);
Ok((connection_result, upgraded_framed))
}
async fn run_active_session(connection_result: ConnectionResult, framed: UpgradedFramed, front_buffer: Arc<std::sync::RwLock<Vec<u8>>>, dirty_region: Arc<std::sync::Mutex<Option<DirtyRect>>>, frame_dirty: Arc<AtomicBool>, mut input_rx: mpsc::UnboundedReceiver<InputEvent>, mut width: u16, mut height: u16, app_handle: tauri::AppHandle, session_id: String) -> Result<(), String> {
// ── Active session loop ───────────────────────────────────────────────────────
/// Run the active RDP session loop — processes incoming frames and outgoing input.
async fn run_active_session(
connection_result: ConnectionResult,
framed: UpgradedFramed,
frame_buffer: Arc<TokioMutex<Vec<u8>>>,
mut input_rx: mpsc::UnboundedReceiver<InputEvent>,
width: u16,
height: u16,
) -> Result<(), String> {
let (mut reader, mut writer) = split_tokio_framed(framed);
let mut image = DecodedImage::new(PixelFormat::RgbA32, width, height);
let mut active_stage = ActiveStage::new(connection_result);
let mut input_db = rdp_input::Database::new();
loop {
let outputs = tokio::select! {
// Read a PDU from the server.
frame = reader.read_pdu() => {
let (action, payload) = frame.map_err(|e| format!("Failed to read RDP frame: {}", e))?;
active_stage.process(&mut image, action, &payload).map_err(|e| format!("Failed to process RDP frame: {}", e))?
let (action, payload) = frame
.map_err(|e| format!("Failed to read RDP frame: {}", e))?;
active_stage
.process(&mut image, action, &payload)
.map_err(|e| format!("Failed to process RDP frame: {}", e))?
}
// Receive input from the frontend.
input_event = input_rx.recv() => {
match input_event {
Some(InputEvent::Disconnect) | None => {
if let Ok(outputs) = active_stage.graceful_shutdown() {
for out in outputs { if let ActiveStageOutput::ResponseFrame(frame) = out { let _ = writer.write_all(&frame).await; } }
info!("RDP session disconnect signal received");
// Attempt graceful shutdown.
match active_stage.graceful_shutdown() {
Ok(outputs) => {
for out in outputs {
if let ActiveStageOutput::ResponseFrame(frame) = out {
let _ = writer.write_all(&frame).await;
}
}
}
Err(e) => {
warn!("Graceful RDP shutdown failed: {}", e);
}
}
return Ok(());
}
Some(InputEvent::Mouse { x, y, flags }) => {
let ops = translate_mouse_flags(x, y, flags);
let events = input_db.apply(ops);
active_stage.process_fastpath_input(&mut image, &events).map_err(|e| format!("Failed to process mouse input: {}", e))?
active_stage
.process_fastpath_input(&mut image, &events)
.map_err(|e| format!("Failed to process mouse input: {}", e))?
}
Some(InputEvent::Key { scancode, pressed }) => {
let sc = Scancode::from_u16(scancode);
let op = if pressed { Operation::KeyPressed(sc) } else { Operation::KeyReleased(sc) };
let op = if pressed {
Operation::KeyPressed(sc)
} else {
Operation::KeyReleased(sc)
};
let events = input_db.apply([op]);
active_stage.process_fastpath_input(&mut image, &events).map_err(|e| format!("Failed to process keyboard input: {}", e))?
}
Some(InputEvent::Clipboard(text)) => {
let shift_sc = Scancode::from_u16(0x002A);
let mut all_outputs = Vec::new();
for ch in text.chars() {
if let Some((sc_val, shift)) = char_to_scancode(ch) {
let sc = Scancode::from_u16(sc_val);
if shift {
let evts = input_db.apply([Operation::KeyPressed(shift_sc)]);
all_outputs.extend(active_stage.process_fastpath_input(&mut image, &evts).map_err(|e| format!("clipboard input error: {}", e))?);
}
let evts = input_db.apply([Operation::KeyPressed(sc)]);
all_outputs.extend(active_stage.process_fastpath_input(&mut image, &evts).map_err(|e| format!("clipboard input error: {}", e))?);
let evts = input_db.apply([Operation::KeyReleased(sc)]);
all_outputs.extend(active_stage.process_fastpath_input(&mut image, &evts).map_err(|e| format!("clipboard input error: {}", e))?);
if shift {
let evts = input_db.apply([Operation::KeyReleased(shift_sc)]);
all_outputs.extend(active_stage.process_fastpath_input(&mut image, &evts).map_err(|e| format!("clipboard input error: {}", e))?);
}
}
}
all_outputs
}
Some(InputEvent::Resize { width: new_w, height: new_h }) => {
// Ensure dimensions are within RDP spec (200-8192, even width)
let w = (new_w.max(200).min(8192) & !1) as u32;
let h = new_h.max(200).min(8192) as u32;
if let Some(Ok(resize_frame)) = active_stage.encode_resize(w, h, None, None) {
writer.write_all(&resize_frame).await.map_err(|e| format!("Failed to send resize: {}", e))?;
// Reallocate image and front buffer for new dimensions
image = DecodedImage::new(PixelFormat::RgbA32, w as u16, h as u16);
let buf_size = w as usize * h as usize * 4;
let mut new_buf = vec![0u8; buf_size];
for pixel in new_buf.chunks_exact_mut(4) { pixel[3] = 255; }
*front_buffer.write().unwrap_or_else(|e| e.into_inner()) = new_buf;
width = w as u16;
height = h as u16;
info!("RDP session {} resized to {}x{}", session_id, width, height);
}
Vec::new()
active_stage
.process_fastpath_input(&mut image, &events)
.map_err(|e| format!("Failed to process keyboard input: {}", e))?
}
}
}
};
// Process outputs from the active stage.
for out in outputs {
match out {
ActiveStageOutput::ResponseFrame(frame) => { writer.write_all(&frame).await.map_err(|e| format!("Failed to write RDP response frame: {}", e))?; }
ActiveStageOutput::GraphicsUpdate(region) => {
let rx = region.left as usize;
let ry = region.top as usize;
let rr = (region.right as usize).saturating_add(1).min(width as usize);
let rb = (region.bottom as usize).saturating_add(1).min(height as usize);
let stride = width as usize * 4;
// Copy only the dirty rectangle rows from decoded image → front buffer
{
ActiveStageOutput::ResponseFrame(frame) => {
writer
.write_all(&frame)
.await
.map_err(|e| format!("Failed to write RDP response frame: {}", e))?;
}
ActiveStageOutput::GraphicsUpdate(_region) => {
// Copy the decoded image data into the shared frame buffer.
let mut buf = frame_buffer.lock().await;
let src = image.data();
let mut front = front_buffer.write().unwrap_or_else(|e| e.into_inner());
for row in ry..rb {
let src_start = row * stride + rx * 4;
let src_end = row * stride + rr * 4;
if src_end <= src.len() && src_end <= front.len() {
front[src_start..src_end].copy_from_slice(&src[src_start..src_end]);
let dst_len = buf.len();
if src.len() == dst_len {
buf.copy_from_slice(src);
} else {
// Desktop size may have changed — resize the buffer.
*buf = src.to_vec();
}
}
ActiveStageOutput::Terminate(reason) => {
info!("RDP session terminated: {:?}", reason);
return Ok(());
}
// Accumulate dirty region (union of all rects since last get_frame)
{
let new_rect = DirtyRect { x: rx as u16, y: ry as u16, width: (rr - rx) as u16, height: (rb - ry) as u16 };
let mut dr = dirty_region.lock().unwrap_or_else(|e| e.into_inner());
*dr = Some(match dr.take() {
None => new_rect,
Some(prev) => {
let x = prev.x.min(new_rect.x);
let y = prev.y.min(new_rect.y);
let r = (prev.x + prev.width).max(new_rect.x + new_rect.width);
let b = (prev.y + prev.height).max(new_rect.y + new_rect.height);
DirtyRect { x, y, width: r - x, height: b - y }
ActiveStageOutput::DeactivateAll(_connection_activation) => {
// The server requested deactivation-reactivation. For now,
// log and continue — a full implementation would re-run
// the connection activation sequence.
warn!("RDP server sent DeactivateAll — reconnection not yet implemented");
return Ok(());
}
});
// Pointer events — we could emit these to the frontend for
// custom cursor rendering, but for now we just log them.
ActiveStageOutput::PointerDefault => {
debug!("RDP pointer: default");
}
frame_dirty.store(true, Ordering::Release);
let _ = app_handle.emit(&format!("rdp:frame:{}", session_id), ());
ActiveStageOutput::PointerHidden => {
debug!("RDP pointer: hidden");
}
ActiveStageOutput::PointerPosition { x, y } => {
debug!("RDP pointer position: ({}, {})", x, y);
}
ActiveStageOutput::PointerBitmap(_) => {
debug!("RDP pointer bitmap received");
}
_ => {
// Future variants (MultitransportRequest, etc.)
}
ActiveStageOutput::Terminate(reason) => { info!("RDP session terminated: {:?}", reason); return Ok(()); }
ActiveStageOutput::DeactivateAll(_) => { warn!("RDP server sent DeactivateAll — reconnection not yet implemented"); return Ok(()); }
_ => {}
}
}
}
}
/// Map an ASCII character to (scancode, needs_shift) for RDP keystroke injection.
fn char_to_scancode(ch: char) -> Option<(u16, bool)> {
match ch {
'a'..='z' => {
let offsets: &[u16] = &[
0x1E, 0x30, 0x2E, 0x20, 0x12, 0x21, 0x22, 0x23, 0x17, 0x24,
0x25, 0x26, 0x32, 0x31, 0x18, 0x19, 0x10, 0x13, 0x1F, 0x14,
0x16, 0x2F, 0x11, 0x2D, 0x15, 0x2C,
];
Some((offsets[(ch as u8 - b'a') as usize], false))
}
'A'..='Z' => {
char_to_scancode(ch.to_ascii_lowercase()).map(|(sc, _)| (sc, true))
}
'0' => Some((0x0B, false)),
'1'..='9' => Some(((ch as u16 - '0' as u16) + 1, false)),
')' => Some((0x0B, true)),
'!' => Some((0x02, true)),
'@' => Some((0x03, true)),
'#' => Some((0x04, true)),
'$' => Some((0x05, true)),
'%' => Some((0x06, true)),
'^' => Some((0x07, true)),
'&' => Some((0x08, true)),
'*' => Some((0x09, true)),
'(' => Some((0x0A, true)),
'-' => Some((0x0C, false)),
'_' => Some((0x0C, true)),
'=' => Some((0x0D, false)),
'+' => Some((0x0D, true)),
'[' => Some((0x1A, false)),
'{' => Some((0x1A, true)),
']' => Some((0x1B, false)),
'}' => Some((0x1B, true)),
'\\' => Some((0x2B, false)),
'|' => Some((0x2B, true)),
';' => Some((0x27, false)),
':' => Some((0x27, true)),
'\'' => Some((0x28, false)),
'"' => Some((0x28, true)),
',' => Some((0x33, false)),
'<' => Some((0x33, true)),
'.' => Some((0x34, false)),
'>' => Some((0x34, true)),
'/' => Some((0x35, false)),
'?' => Some((0x35, true)),
'`' => Some((0x29, false)),
'~' => Some((0x29, true)),
' ' => Some((0x39, false)),
'\n' | '\r' => Some((0x1C, false)),
'\t' => Some((0x0F, false)),
_ => None,
}
}
// ── Input translation ─────────────────────────────────────────────────────────
/// Translate MS-RDPBCGR mouse flags into IronRDP `Operation` values.
///
/// The frontend sends raw MS-RDPBCGR flags so this mapping is straightforward.
fn translate_mouse_flags(x: u16, y: u16, flags: u32) -> Vec<Operation> {
let mut ops = Vec::new();
let pos = MousePosition { x, y };
if flags & mouse_flags::MOVE != 0 { ops.push(Operation::MouseMove(pos)); }
// Always include a move operation if the MOVE flag is set.
if flags & mouse_flags::MOVE != 0 {
ops.push(Operation::MouseMove(pos));
}
// Check for button press/release.
let is_down = flags & mouse_flags::DOWN != 0;
if flags & mouse_flags::BUTTON1 != 0 { if is_down { ops.push(Operation::MouseButtonPressed(MouseButton::Left)); } else { ops.push(Operation::MouseButtonReleased(MouseButton::Left)); } }
if flags & mouse_flags::BUTTON2 != 0 { if is_down { ops.push(Operation::MouseButtonPressed(MouseButton::Right)); } else { ops.push(Operation::MouseButtonReleased(MouseButton::Right)); } }
if flags & mouse_flags::BUTTON3 != 0 { if is_down { ops.push(Operation::MouseButtonPressed(MouseButton::Middle)); } else { ops.push(Operation::MouseButtonReleased(MouseButton::Middle)); } }
if flags & mouse_flags::WHEEL != 0 { let units: i16 = if flags & mouse_flags::WHEEL_NEG != 0 { -120 } else { 120 }; ops.push(Operation::WheelRotations(WheelRotations { is_vertical: true, rotation_units: units })); }
if flags & mouse_flags::HWHEEL != 0 { let units: i16 = if flags & mouse_flags::WHEEL_NEG != 0 { -120 } else { 120 }; ops.push(Operation::WheelRotations(WheelRotations { is_vertical: false, rotation_units: units })); }
if ops.is_empty() { ops.push(Operation::MouseMove(pos)); }
if flags & mouse_flags::BUTTON1 != 0 {
if is_down {
ops.push(Operation::MouseButtonPressed(MouseButton::Left));
} else {
ops.push(Operation::MouseButtonReleased(MouseButton::Left));
}
}
if flags & mouse_flags::BUTTON2 != 0 {
if is_down {
ops.push(Operation::MouseButtonPressed(MouseButton::Right));
} else {
ops.push(Operation::MouseButtonReleased(MouseButton::Right));
}
}
if flags & mouse_flags::BUTTON3 != 0 {
if is_down {
ops.push(Operation::MouseButtonPressed(MouseButton::Middle));
} else {
ops.push(Operation::MouseButtonReleased(MouseButton::Middle));
}
}
// Wheel events.
if flags & mouse_flags::WHEEL != 0 {
let negative = flags & mouse_flags::WHEEL_NEG != 0;
let units: i16 = if negative { -120 } else { 120 };
ops.push(Operation::WheelRotations(WheelRotations {
is_vertical: true,
rotation_units: units,
}));
}
if flags & mouse_flags::HWHEEL != 0 {
let negative = flags & mouse_flags::WHEEL_NEG != 0;
let units: i16 = if negative { -120 } else { 120 };
ops.push(Operation::WheelRotations(WheelRotations {
is_vertical: false,
rotation_units: units,
}));
}
// If no specific operation was generated but we have coordinates, treat
// it as a plain mouse move (some frontends send move without the flag).
if ops.is_empty() {
ops.push(Operation::MouseMove(pos));
}
ops
}

255
src-tauri/src/scanner/mod.rs
View File

@ -1,255 +0,0 @@
//! Network scanner tools — IP discovery, port scanning, and network mapping
//! through SSH exec channels. No agent installation required.
//!
//! All scans run on the REMOTE host through the existing SSH connection,
//! giving visibility into the remote network without direct access.
use std::sync::Arc;
use russh::client::Handle;
use russh::ChannelMsg;
use serde::Serialize;
use tokio::sync::Mutex as TokioMutex;
use crate::ssh::session::SshClient;
use crate::utils::shell_escape;
#[derive(Debug, Serialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct DiscoveredHost {
pub ip: String,
pub mac: Option<String>,
pub hostname: Option<String>,
pub vendor: Option<String>,
pub open_ports: Vec<u16>,
pub services: Vec<String>,
}
#[derive(Debug, Serialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct PortResult {
pub port: u16,
pub open: bool,
pub service: String,
}
/// Well-known port → service name mapping for common ports.
fn service_name(port: u16) -> &'static str {
match port {
21 => "FTP",
22 => "SSH",
23 => "Telnet",
25 => "SMTP",
53 => "DNS",
80 => "HTTP",
110 => "POP3",
135 => "RPC",
139 => "NetBIOS",
143 => "IMAP",
443 => "HTTPS",
445 => "SMB",
993 => "IMAPS",
995 => "POP3S",
1433 => "MSSQL",
1521 => "Oracle",
3306 => "MySQL",
3389 => "RDP",
5432 => "PostgreSQL",
5900 => "VNC",
6379 => "Redis",
8080 => "HTTP-Alt",
8443 => "HTTPS-Alt",
27017 => "MongoDB",
_ => "unknown",
}
}
/// Validate that `subnet` contains exactly three dot-separated octet groups,
/// each consisting only of 13 ASCII digits (e.g. "192.168.1").
/// Returns an error string if the format is invalid.
fn validate_subnet(subnet: &str) -> Result<(), String> {
let parts: Vec<&str> = subnet.split('.').collect();
if parts.len() != 3 {
return Err(format!(
"Invalid subnet '{}': expected three octets (e.g. 192.168.1)",
subnet
));
}
for part in &parts {
if part.is_empty() || part.len() > 3 || !part.chars().all(|c| c.is_ascii_digit()) {
return Err(format!(
"Invalid subnet '{}': each octet must be 13 decimal digits",
subnet
));
}
}
Ok(())
}
/// Discover hosts on the remote network using ARP table and ping sweep.
pub async fn scan_network(
handle: &Arc<TokioMutex<Handle<SshClient>>>,
subnet: &str,
) -> Result<Vec<DiscoveredHost>, String> {
// Validate subnet format before using it in remote shell commands.
validate_subnet(subnet)?;
// Script that works on Linux and macOS:
// 1. Ping sweep the subnet to populate ARP cache
// 2. Read ARP table for IP/MAC pairs
// 3. Try reverse DNS for hostnames
let escaped_subnet = shell_escape(subnet);
let script = format!(r#"
OS=$(uname -s 2>/dev/null)
SUBNET={escaped_subnet}
# Ping sweep (background, fast)
if [ "$OS" = "Linux" ]; then
for i in $(seq 1 254); do
ping -c 1 -W 1 "$SUBNET.$i" > /dev/null 2>&1 &
done
wait
elif [ "$OS" = "Darwin" ]; then
for i in $(seq 1 254); do
ping -c 1 -t 1 "$SUBNET.$i" > /dev/null 2>&1 &
done
wait
fi
# Read ARP table
if [ "$OS" = "Linux" ]; then
arp -n 2>/dev/null | grep -v incomplete | awk 'NR>1 {{printf "%s|%s\n", $1, $3}}'
elif [ "$OS" = "Darwin" ]; then
arp -a 2>/dev/null | grep -v incomplete | awk '{{gsub(/[()]/, ""); printf "%s|%s\n", $2, $4}}'
fi
"#);
let output = exec_command(handle, &script).await
.ok_or_else(|| "Failed to execute network scan".to_string())?;
let mut hosts = Vec::new();
for line in output.lines() {
let parts: Vec<&str> = line.split('|').collect();
if parts.len() >= 2 && !parts[0].is_empty() {
let ip = parts[0].trim().to_string();
let mac = if parts[1].trim().is_empty() || parts[1].trim() == "(incomplete)" {
None
} else {
Some(parts[1].trim().to_string())
};
hosts.push(DiscoveredHost {
ip,
mac,
hostname: None,
vendor: None,
open_ports: Vec::new(),
services: Vec::new(),
});
}
}
// Try reverse DNS for each host
if !hosts.is_empty() {
let ips: Vec<String> = hosts.iter().map(|h| h.ip.clone()).collect();
let dns_script = ips.iter()
.map(|ip| format!("echo \"{}|$(host {} 2>/dev/null | awk '/domain name pointer/ {{print $NF}}' | sed 's/\\.$//')\"", ip, ip))
.collect::<Vec<_>>()
.join("\n");
if let Some(dns_output) = exec_command(handle, &dns_script).await {
for line in dns_output.lines() {
let parts: Vec<&str> = line.split('|').collect();
if parts.len() >= 2 && !parts[1].is_empty() {
if let Some(host) = hosts.iter_mut().find(|h| h.ip == parts[0]) {
host.hostname = Some(parts[1].to_string());
}
}
}
}
}
Ok(hosts)
}
/// Scan specific ports on a target host through the SSH session.
pub async fn scan_ports(
handle: &Arc<TokioMutex<Handle<SshClient>>>,
target: &str,
ports: &[u16],
) -> Result<Vec<PortResult>, String> {
// Validate target — /dev/tcp requires a bare hostname/IP, not a shell-quoted value.
// Only allow alphanumeric, dots, hyphens, and colons (for IPv6).
if !target.chars().all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == ':') {
return Err(format!("Invalid target for port scan: {}", target));
}
// Use bash /dev/tcp for port scanning — no nmap required
let port_checks: Vec<String> = ports.iter()
.map(|p| format!(
"(echo >/dev/tcp/{target}/{p}) 2>/dev/null && echo \"{p}|open\" || echo \"{p}|closed\""
))
.collect();
// Run in parallel batches of 20 for speed
let mut results = Vec::new();
for chunk in port_checks.chunks(20) {
let script = chunk.join(" &\n") + " &\nwait";
let output = exec_command(handle, &script).await
.ok_or_else(|| "Port scan exec failed".to_string())?;
for line in output.lines() {
let parts: Vec<&str> = line.split('|').collect();
if parts.len() >= 2 {
if let Ok(port) = parts[0].parse::<u16>() {
results.push(PortResult {
port,
open: parts[1] == "open",
service: service_name(port).to_string(),
});
}
}
}
}
results.sort_by_key(|r| r.port);
Ok(results)
}
/// Quick scan of common ports on a target.
pub async fn quick_port_scan(
handle: &Arc<TokioMutex<Handle<SshClient>>>,
target: &str,
) -> Result<Vec<PortResult>, String> {
let common_ports: Vec<u16> = vec![
21, 22, 23, 25, 53, 80, 110, 135, 139, 143,
443, 445, 993, 995, 1433, 1521, 3306, 3389,
5432, 5900, 6379, 8080, 8443, 27017,
];
scan_ports(handle, target, &common_ports).await
}
async fn exec_command(handle: &Arc<TokioMutex<Handle<SshClient>>>, cmd: &str) -> Option<String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session().await.ok()?
};
channel.exec(true, cmd).await.ok()?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(ChannelMsg::Data { ref data }) => {
if let Ok(text) = std::str::from_utf8(data.as_ref()) {
output.push_str(text);
}
}
Some(ChannelMsg::Eof) | Some(ChannelMsg::Close) | None => break,
Some(ChannelMsg::ExitStatus { .. }) => {}
_ => {}
}
}
Some(output)
}

1
src-tauri/src/settings/mod.rs
View File

@ -8,7 +8,6 @@ use crate::db::Database;
///
/// All operations acquire the shared DB mutex for their duration and
/// return immediately — no async needed for a local SQLite store.
#[derive(Clone)]
pub struct SettingsService {
db: Database,
}

16
src-tauri/src/sftp/mod.rs
View File

@ -5,6 +5,7 @@
//! provides all file operations needed by the frontend.
use std::sync::Arc;
use std::time::{Duration, UNIX_EPOCH};
use dashmap::DashMap;
use log::{debug, info};
@ -34,6 +35,9 @@ pub struct FileEntry {
/// Format a Unix timestamp (seconds since epoch) as "Mon DD HH:MM".
fn format_mtime(unix_secs: u32) -> String {
// Build a SystemTime from the raw epoch value.
let st = UNIX_EPOCH + Duration::from_secs(unix_secs as u64);
// Convert to seconds-since-epoch for manual formatting. We avoid pulling
// in chrono just for this; a simple manual decomposition is sufficient for
// the "Mar 17 14:30" display format expected by the frontend.
@ -50,10 +54,12 @@ fn format_mtime(unix_secs: u32) -> String {
let era = if z >= 0 { z } else { z - 146_096 } / 146_097;
let doe = z - era * 146_097;
let yoe = (doe - doe / 1_460 + doe / 36_524 - doe / 146_096) / 365;
let y = yoe + era * 400;
let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
let mp = (5 * doy + 2) / 153;
let d = doy - (153 * mp + 2) / 5 + 1;
let m = if mp < 10 { mp + 3 } else { mp - 9 };
let _y = if m <= 2 { y + 1 } else { y };
let month = match m {
1 => "Jan",
@ -71,6 +77,9 @@ fn format_mtime(unix_secs: u32) -> String {
_ => "???",
};
// Suppress unused variable warning — st is only used as a sanity anchor.
let _ = st;
format!("{} {:2} {:02}:{:02}", month, d, hours, minutes)
}
@ -85,18 +94,17 @@ fn format_permissions(raw: Option<u32>) -> String {
// ── SFTP service ─────────────────────────────────────────────────────────────
/// Manages SFTP sessions keyed by SSH session ID.
#[derive(Clone)]
pub struct SftpService {
/// One `SftpSession` per SSH session, behind a mutex so async commands can
/// take a shared reference to the `SftpService` and still mutably borrow
/// individual sessions.
clients: Arc<DashMap<String, Arc<TokioMutex<SftpSession>>>>,
clients: DashMap<String, Arc<TokioMutex<SftpSession>>>,
}
impl SftpService {
pub fn new() -> Self {
Self {
clients: Arc::new(DashMap::new()),
clients: DashMap::new(),
}
}
@ -310,7 +318,7 @@ impl SftpService {
) -> Result<Arc<TokioMutex<SftpSession>>, String> {
self.clients
.get(session_id)
.map(|r| r.value().clone())
.map(|r| r.clone())
.ok_or_else(|| format!("No SFTP client for session {}", session_id))
}
}

18
src-tauri/src/ssh/cwd.rs
View File

@ -16,7 +16,6 @@ use russh::ChannelMsg;
use tauri::{AppHandle, Emitter};
use tokio::sync::watch;
use tokio::sync::Mutex as TokioMutex;
use tokio_util::sync::CancellationToken;
use crate::ssh::session::SshClient;
@ -40,15 +39,13 @@ impl CwdTracker {
/// Spawn a background tokio task that polls `pwd` every 2 seconds on a
/// separate exec channel.
///
/// The task runs until cancelled via the `CancellationToken`, or until the
/// SSH connection is closed or the channel cannot be opened.
/// CWD changes are emitted as `ssh:cwd:{session_id}` events.
/// The task runs until the SSH connection is closed or the channel cannot
/// be opened. CWD changes are emitted as `ssh:cwd:{session_id}` events.
pub fn start(
&self,
handle: Arc<TokioMutex<Handle<SshClient>>>,
app_handle: AppHandle,
session_id: String,
cancel: CancellationToken,
) {
let sender = self._sender.clone();
@ -59,10 +56,6 @@ impl CwdTracker {
let mut previous_cwd = String::new();
loop {
if cancel.is_cancelled() {
break;
}
// Open a fresh exec channel for each `pwd` invocation.
// Some SSH servers do not allow multiple exec requests on a
// single channel, so we open a new one each time.
@ -126,11 +119,8 @@ impl CwdTracker {
}
}
// Wait 2 seconds before the next poll, or cancel.
tokio::select! {
_ = tokio::time::sleep(tokio::time::Duration::from_secs(2)) => {}
_ = cancel.cancelled() => { break; }
}
// Wait 2 seconds before the next poll.
tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
}
debug!("CWD tracker for session {} stopped", session_id);

51
src-tauri/src/ssh/exec.rs
View File

@ -1,51 +0,0 @@
//! Shared SSH exec-channel helper used by commands, MCP handlers, and tools.
//!
//! Opens a one-shot exec channel on an existing SSH handle, runs `cmd`, collects
//! all stdout/stderr, and returns it as a `String`. The caller is responsible
//! for ensuring the session is still alive.
use std::sync::Arc;
use tokio::sync::Mutex as TokioMutex;
use crate::ssh::session::SshClient;
/// Execute `cmd` on a separate exec channel and return all output as a `String`.
///
/// Locks the handle for only as long as it takes to open the channel, then
/// releases it before reading — this avoids holding the lock while waiting on
/// remote I/O.
pub async fn exec_on_session(
handle: &Arc<TokioMutex<russh::client::Handle<SshClient>>>,
cmd: &str,
) -> Result<String, String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session()
.await
.map_err(|e| format!("Exec channel failed: {}", e))?
};
channel
.exec(true, cmd)
.await
.map_err(|e| format!("Exec failed: {}", e))?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(russh::ChannelMsg::Data { ref data }) => {
if let Ok(text) = std::str::from_utf8(data.as_ref()) {
output.push_str(text);
}
}
Some(russh::ChannelMsg::Eof)
| Some(russh::ChannelMsg::Close)
| None => break,
Some(russh::ChannelMsg::ExitStatus { .. }) => {}
_ => {}
}
}
Ok(output)
}

2
src-tauri/src/ssh/mod.rs
View File

@ -1,5 +1,3 @@
pub mod session;
pub mod host_key;
pub mod cwd;
pub mod monitor;
pub mod exec;

197
src-tauri/src/ssh/monitor.rs
View File

@ -1,197 +0,0 @@
//! Remote system monitoring via SSH exec channels.
//!
//! Periodically runs lightweight system commands over a separate exec channel
//! (same pattern as CWD tracker) and emits stats to the frontend.
//! No agent installation required — uses standard POSIX and platform commands.
use std::sync::Arc;
use log::warn;
use russh::client::Handle;
use russh::ChannelMsg;
use serde::Serialize;
use tauri::{AppHandle, Emitter};
use tokio::sync::Mutex as TokioMutex;
use tokio_util::sync::CancellationToken;
use crate::ssh::session::SshClient;
#[derive(Debug, Serialize, Clone, Default)]
#[serde(rename_all = "camelCase")]
pub struct SystemStats {
pub cpu_percent: f64,
pub mem_used_mb: u64,
pub mem_total_mb: u64,
pub mem_percent: f64,
pub disk_used_gb: f64,
pub disk_total_gb: f64,
pub disk_percent: f64,
pub net_rx_bytes: u64,
pub net_tx_bytes: u64,
pub os_type: String,
}
/// Spawn a background task that polls system stats every 5 seconds.
///
/// The task runs until cancelled via the `CancellationToken`, or until the
/// SSH connection is closed.
pub fn start_monitor(
handle: Arc<TokioMutex<Handle<SshClient>>>,
app_handle: AppHandle,
session_id: String,
cancel: CancellationToken,
) {
tokio::spawn(async move {
// Brief delay to let the shell start up
tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
let mut consecutive_timeouts: u32 = 0;
loop {
if cancel.is_cancelled() {
break;
}
let stats = collect_stats(&handle).await;
match stats {
Some(stats) => {
consecutive_timeouts = 0;
let _ = app_handle.emit(
&format!("ssh:monitor:{}", session_id),
&stats,
);
}
None => {
consecutive_timeouts += 1;
if consecutive_timeouts >= 3 {
warn!(
"SSH monitor for session {}: 3 consecutive failures, stopping",
session_id
);
break;
}
}
}
// Wait 5 seconds before the next poll, or cancel.
tokio::select! {
_ = tokio::time::sleep(tokio::time::Duration::from_secs(5)) => {}
_ = cancel.cancelled() => { break; }
}
}
});
}
async fn collect_stats(handle: &Arc<TokioMutex<Handle<SshClient>>>) -> Option<SystemStats> {
// Single command that works cross-platform: detect OS then gather stats
let script = r#"
OS=$(uname -s 2>/dev/null || echo "Unknown")
if [ "$OS" = "Linux" ]; then
CPU=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {printf "%.1f", usage}')
MEM=$(free -m 2>/dev/null | awk '/^Mem:/ {printf "%d %d", $3, $2}')
DISK=$(df -BG / 2>/dev/null | awk 'NR==2 {gsub("G",""); printf "%s %s", $3, $2}')
NET=$(cat /proc/net/dev 2>/dev/null | awk '/eth0:|ens|enp|wlan0:/ {gsub(":",""); printf "%s %s", $2, $10; exit}')
echo "WRAITH_STATS:$OS:$CPU:$MEM:$DISK:$NET"
elif [ "$OS" = "Darwin" ]; then
CPU=$(ps -A -o %cpu | awk '{s+=$1} END {printf "%.1f", s/4}')
MEM_PAGES=$(vm_stat 2>/dev/null | awk '/Pages active/ {gsub(/\./,""); print $3}')
MEM_TOTAL=$(sysctl -n hw.memsize 2>/dev/null | awk '{printf "%d", $1/1048576}')
MEM_USED=$(echo "$MEM_PAGES" | awk -v t="$MEM_TOTAL" '{printf "%d", $1*4096/1048576}')
DISK=$(df -g / 2>/dev/null | awk 'NR==2 {printf "%s %s", $3, $2}')
NET=$(netstat -ib 2>/dev/null | awk '/en0/ && /Link/ {printf "%s %s", $7, $10; exit}')
echo "WRAITH_STATS:$OS:$CPU:$MEM_USED $MEM_TOTAL:$DISK:$NET"
else
echo "WRAITH_STATS:$OS:0:0 0:0 0:0 0"
fi
"#;
let output = exec_command(handle, script).await?;
for line in output.lines() {
if let Some(rest) = line.strip_prefix("WRAITH_STATS:") {
return parse_stats(rest);
}
}
None
}
fn parse_stats(raw: &str) -> Option<SystemStats> {
let parts: Vec<&str> = raw.split(':').collect();
if parts.len() < 5 {
return None;
}
let os_type = parts[0].to_string();
let cpu_percent = parts[1].parse::<f64>().unwrap_or(0.0);
let mem_parts: Vec<&str> = parts[2].split_whitespace().collect();
let mem_used = mem_parts.first().and_then(|s| s.parse::<u64>().ok()).unwrap_or(0);
let mem_total = mem_parts.get(1).and_then(|s| s.parse::<u64>().ok()).unwrap_or(1);
let mem_percent = if mem_total > 0 { (mem_used as f64 / mem_total as f64) * 100.0 } else { 0.0 };
let disk_parts: Vec<&str> = parts[3].split_whitespace().collect();
let disk_used = disk_parts.first().and_then(|s| s.parse::<f64>().ok()).unwrap_or(0.0);
let disk_total = disk_parts.get(1).and_then(|s| s.parse::<f64>().ok()).unwrap_or(1.0);
let disk_percent = if disk_total > 0.0 { (disk_used / disk_total) * 100.0 } else { 0.0 };
let net_parts: Vec<&str> = parts.get(4).unwrap_or(&"0 0").split_whitespace().collect();
let net_rx = net_parts.first().and_then(|s| s.parse::<u64>().ok()).unwrap_or(0);
let net_tx = net_parts.get(1).and_then(|s| s.parse::<u64>().ok()).unwrap_or(0);
Some(SystemStats {
cpu_percent,
mem_used_mb: mem_used,
mem_total_mb: mem_total,
mem_percent,
disk_used_gb: disk_used,
disk_total_gb: disk_total,
disk_percent,
net_rx_bytes: net_rx,
net_tx_bytes: net_tx,
os_type,
})
}
/// Execute a command on a separate exec channel with a 10-second timeout.
async fn exec_command(handle: &Arc<TokioMutex<Handle<SshClient>>>, cmd: &str) -> Option<String> {
let result = tokio::time::timeout(
std::time::Duration::from_secs(10),
exec_command_inner(handle, cmd),
)
.await;
match result {
Ok(output) => output,
Err(_) => {
warn!("SSH monitor exec_command timed out after 10s");
None
}
}
}
async fn exec_command_inner(handle: &Arc<TokioMutex<Handle<SshClient>>>, cmd: &str) -> Option<String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session().await.ok()?
};
channel.exec(true, cmd).await.ok()?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(ChannelMsg::Data { ref data }) => {
if let Ok(text) = std::str::from_utf8(data.as_ref()) {
output.push_str(text);
}
}
Some(ChannelMsg::Eof) | Some(ChannelMsg::Close) | None => break,
Some(ChannelMsg::ExitStatus { .. }) => {}
_ => {}
}
}
Some(output)
}

687
src-tauri/src/ssh/session.rs
View File

@ -1,34 +1,41 @@
//! SSH session manager — connects, authenticates, manages PTY channels.
//!
//! Each SSH session runs asynchronously via tokio. Terminal stdout is read in a
//! loop and emitted to the frontend via Tauri events (`ssh:data:{session_id}`,
//! base64 encoded). Terminal stdin receives data from the frontend via Tauri
//! commands.
//!
//! Sessions are stored in a `DashMap<String, Arc<SshSession>>`.
use std::sync::Arc;
use async_trait::async_trait;
use base64::Engine;
use dashmap::DashMap;
use russh::client::{self, Handle};
use russh::{ChannelId, ChannelMsg, CryptoVec, Disconnect};
use log::{debug, error, info, warn};
use russh::client::{self, Handle, Msg};
use russh::{Channel, ChannelMsg, Disconnect};
use serde::Serialize;
use tauri::{AppHandle, Emitter};
use tokio::sync::Mutex as TokioMutex;
use tokio::sync::mpsc;
use crate::db::Database;
use crate::mcp::ScrollbackRegistry;
use crate::mcp::error_watcher::ErrorWatcher;
use crate::sftp::SftpService;
use crate::ssh::cwd::CwdTracker;
use crate::ssh::host_key::{HostKeyResult, HostKeyStore};
use tokio_util::sync::CancellationToken;
// ── auth method ──────────────────────────────────────────────────────────────
/// Authentication method for SSH connections.
pub enum AuthMethod {
Password(String),
Key { private_key_pem: String, passphrase: Option<String> },
Key {
private_key_pem: String,
passphrase: Option<String>,
},
}
/// Commands sent to the output loop that owns the Channel.
pub enum ChannelCommand {
Resize { cols: u32, rows: u32 },
Shutdown,
}
// ── session info (serializable for frontend) ─────────────────────────────────
#[derive(Debug, Serialize, Clone)]
#[serde(rename_all = "camelCase")]
@ -39,18 +46,29 @@ pub struct SessionInfo {
pub username: String,
}
// ── SSH session ──────────────────────────────────────────────────────────────
/// Represents a single active SSH session with a PTY channel.
pub struct SshSession {
pub id: String,
pub hostname: String,
pub port: u16,
pub username: String,
pub channel_id: ChannelId,
/// The PTY channel used for interactive shell I/O.
pub channel: Arc<TokioMutex<Channel<Msg>>>,
/// Handle to the underlying SSH connection (used for opening new channels).
pub handle: Arc<TokioMutex<Handle<SshClient>>>,
pub command_tx: mpsc::UnboundedSender<ChannelCommand>,
/// CWD tracker that polls via a separate exec channel.
pub cwd_tracker: Option<CwdTracker>,
pub cancel_token: CancellationToken,
}
// ── SSH client handler ───────────────────────────────────────────────────────
/// Minimal `russh::client::Handler` implementation.
///
/// Host key verification is done via TOFU in the `HostKeyStore`. The handler
/// stores the verification result so the connect flow can check it after
/// `client::connect` returns.
pub struct SshClient {
host_key_store: HostKeyStore,
hostname: String,
@ -60,401 +78,406 @@ pub struct SshClient {
#[async_trait]
impl client::Handler for SshClient {
type Error = russh::Error;
async fn check_server_key(&mut self, server_public_key: &ssh_key::PublicKey) -> Result<bool, Self::Error> {
async fn check_server_key(
&mut self,
server_public_key: &ssh_key::PublicKey,
) -> Result<bool, Self::Error> {
let key_type = server_public_key.algorithm().to_string();
let fingerprint = server_public_key.fingerprint(ssh_key::HashAlg::Sha256).to_string();
let raw_key = server_public_key.to_openssh().unwrap_or_default();
match self.host_key_store.verify(&self.hostname, self.port, &key_type, &fingerprint) {
let fingerprint = server_public_key
.fingerprint(ssh_key::HashAlg::Sha256)
.to_string();
let raw_key = server_public_key
.to_openssh()
.unwrap_or_default();
match self
.host_key_store
.verify(&self.hostname, self.port, &key_type, &fingerprint)
{
Ok(HostKeyResult::New) => {
let _ = self.host_key_store.store(&self.hostname, self.port, &key_type, &fingerprint, &raw_key);
info!(
"New host key for {}:{} ({}): {}",
self.hostname, self.port, key_type, fingerprint
);
// TOFU: store the key on first contact.
if let Err(e) = self.host_key_store.store(
&self.hostname,
self.port,
&key_type,
&fingerprint,
&raw_key,
) {
warn!("Failed to store host key: {}", e);
}
Ok(true)
}
Ok(HostKeyResult::Match) => Ok(true),
Ok(HostKeyResult::Changed) => Ok(false),
Err(_) => Ok(false),
Ok(HostKeyResult::Match) => {
debug!(
"Host key match for {}:{} ({})",
self.hostname, self.port, key_type
);
Ok(true)
}
Ok(HostKeyResult::Changed) => {
error!(
"HOST KEY CHANGED for {}:{} ({})! Expected stored fingerprint, got {}. \
Possible man-in-the-middle attack.",
self.hostname, self.port, key_type, fingerprint
);
// Reject the connection — the frontend should prompt the user
// to accept the new key and call delete + reconnect.
Ok(false)
}
Err(e) => {
error!("Host key verification error: {}", e);
// On DB error, reject to be safe.
Ok(false)
}
}
}
}
#[derive(Clone)]
// ── SSH service ──────────────────────────────────────────────────────────────
/// Manages all active SSH sessions.
pub struct SshService {
sessions: Arc<DashMap<String, Arc<SshSession>>>,
sessions: DashMap<String, Arc<SshSession>>,
db: Database,
}
impl SshService {
pub fn new(db: Database) -> Self {
Self { sessions: Arc::new(DashMap::new()), db }
Self {
sessions: DashMap::new(),
db,
}
}
pub async fn connect(&self, app_handle: AppHandle, hostname: &str, port: u16, username: &str, auth: AuthMethod, cols: u32, rows: u32, sftp_service: &SftpService, scrollback: &ScrollbackRegistry, error_watcher: &ErrorWatcher) -> Result<String, String> {
/// Establish an SSH connection, authenticate, open a PTY, start a shell,
/// and begin streaming output to the frontend.
///
/// Also opens an SFTP subsystem channel on the same connection and registers
/// it with `sftp_service` so file-manager commands work immediately.
///
/// Returns the session UUID on success.
pub async fn connect(
&self,
app_handle: AppHandle,
hostname: &str,
port: u16,
username: &str,
auth: AuthMethod,
cols: u32,
rows: u32,
sftp_service: &SftpService,
) -> Result<String, String> {
let session_id = uuid::Uuid::new_v4().to_string();
wraith_log!("[SSH] Connecting to {}:{} as {} (session {})", hostname, port, username, session_id);
let config = Arc::new(russh::client::Config::default());
let handler = SshClient { host_key_store: HostKeyStore::new(self.db.clone()), hostname: hostname.to_string(), port };
let mut handle = tokio::time::timeout(std::time::Duration::from_secs(10), client::connect(config, (hostname, port), handler))
// Build russh client config.
let config = russh::client::Config::default();
let config = Arc::new(config);
// Build our handler with TOFU host key verification.
let handler = SshClient {
host_key_store: HostKeyStore::new(self.db.clone()),
hostname: hostname.to_string(),
port,
};
// Connect to the SSH server.
let mut handle = client::connect(config, (hostname, port), handler)
.await
.map_err(|_| format!("SSH connection to {}:{} timed out after 10s", hostname, port))?
.map_err(|e| format!("SSH connection to {}:{} failed: {}", hostname, port, e))?;
// Authenticate.
let auth_success = match auth {
AuthMethod::Password(ref password) => {
tokio::time::timeout(std::time::Duration::from_secs(10), handle.authenticate_password(username, password))
AuthMethod::Password(password) => {
handle
.authenticate_password(username, &password)
.await
.map_err(|_| "SSH password authentication timed out after 10s".to_string())?
.map_err(|e| format!("SSH authentication error: {}", e))?
.map_err(|e| format!("Password authentication failed: {}", e))?
}
AuthMethod::Key { ref private_key_pem, ref passphrase } => {
let pem = resolve_private_key(private_key_pem)?;
let key = match russh::keys::decode_secret_key(&pem, passphrase.as_deref()) {
Ok(k) => k,
Err(_) if pem.contains("BEGIN EC PRIVATE KEY") => {
// EC keys in SEC1 format — decrypt and convert to PKCS#8
let converted = convert_ec_key_to_pkcs8(&pem, passphrase.as_deref())?;
russh::keys::decode_secret_key(&converted, None).map_err(|e| {
format!("Failed to decode converted EC key: {}", e)
})?
}
Err(e) => {
let first_line = pem.lines().next().unwrap_or("<empty>");
return Err(format!("Failed to decode private key (header: '{}'): {}", first_line, e));
}
};
tokio::time::timeout(std::time::Duration::from_secs(10), handle.authenticate_publickey(username, Arc::new(key)))
AuthMethod::Key {
private_key_pem,
passphrase,
} => {
let key = russh::keys::decode_secret_key(
&private_key_pem,
passphrase.as_deref(),
)
.map_err(|e| format!("Failed to decode private key: {}", e))?;
handle
.authenticate_publickey(username, Arc::new(key))
.await
.map_err(|_| "SSH key authentication timed out after 10s".to_string())?
.map_err(|e| format!("SSH authentication error: {}", e))?
.map_err(|e| format!("Public key authentication failed: {}", e))?
}
};
if !auth_success { return Err("Authentication failed: server rejected credentials".to_string()); }
if !auth_success {
return Err("Authentication failed: server rejected credentials".to_string());
}
let mut channel = handle.channel_open_session().await.map_err(|e| format!("Failed to open session channel: {}", e))?;
channel.request_pty(true, "xterm-256color", cols, rows, 0, 0, &[]).await.map_err(|e| format!("Failed to request PTY: {}", e))?;
channel.request_shell(true).await.map_err(|e| format!("Failed to start shell: {}", e))?;
// Open a session channel.
let channel = handle
.channel_open_session()
.await
.map_err(|e| format!("Failed to open session channel: {}", e))?;
// Request a PTY.
channel
.request_pty(
true,
"xterm-256color",
cols,
rows,
0, // pix_width
0, // pix_height
&[],
)
.await
.map_err(|e| format!("Failed to request PTY: {}", e))?;
// Start a shell.
channel
.request_shell(true)
.await
.map_err(|e| format!("Failed to start shell: {}", e))?;
let channel_id = channel.id();
let handle = Arc::new(TokioMutex::new(handle));
let (command_tx, mut command_rx) = mpsc::unbounded_channel::<ChannelCommand>();
let cancel_token = CancellationToken::new();
let cwd_tracker = CwdTracker::new();
cwd_tracker.start(handle.clone(), app_handle.clone(), session_id.clone(), cancel_token.clone());
let channel = Arc::new(TokioMutex::new(channel));
// Start CWD tracker.
let cwd_tracker = CwdTracker::new();
cwd_tracker.start(
handle.clone(),
app_handle.clone(),
session_id.clone(),
);
// Build session object.
let session = Arc::new(SshSession {
id: session_id.clone(),
hostname: hostname.to_string(),
port,
username: username.to_string(),
channel: channel.clone(),
handle: handle.clone(),
cwd_tracker: Some(cwd_tracker),
});
let session = Arc::new(SshSession { id: session_id.clone(), hostname: hostname.to_string(), port, username: username.to_string(), channel_id, handle: handle.clone(), command_tx: command_tx.clone(), cwd_tracker: Some(cwd_tracker), cancel_token: cancel_token.clone() });
self.sessions.insert(session_id.clone(), session);
{ let h = handle.lock().await;
if let Ok(sftp_channel) = h.channel_open_session().await {
if sftp_channel.request_subsystem(true, "sftp").await.is_ok() {
if let Ok(sftp_client) = russh_sftp::client::SftpSession::new(sftp_channel.into_stream()).await {
// Open a separate SFTP subsystem channel on the same SSH connection.
// This is distinct from the PTY channel — both are multiplexed over
// the same underlying transport.
{
let sftp_channel_result = {
let h = handle.lock().await;
h.channel_open_session().await
};
match sftp_channel_result {
Ok(sftp_channel) => {
match sftp_channel.request_subsystem(true, "sftp").await {
Ok(()) => {
match russh_sftp::client::SftpSession::new(
sftp_channel.into_stream(),
)
.await
{
Ok(sftp_client) => {
sftp_service.register_client(&session_id, sftp_client);
}
}
}
}
wraith_log!("[SSH] Connected and authenticated: {}", session_id);
// Create scrollback buffer for MCP terminal_read
let scrollback_buf = scrollback.create(&session_id);
error_watcher.watch(&session_id);
// Start remote monitoring if enabled (runs on a separate exec channel)
crate::ssh::monitor::start_monitor(handle.clone(), app_handle.clone(), session_id.clone(), cancel_token.clone());
// Inject OSC 7 CWD reporting hook into the user's shell.
// This enables SFTP CWD following on all platforms (Linux, macOS, FreeBSD).
// Sent via the PTY channel so it configures the interactive shell.
// Wrapped in stty -echo/echo so the command is invisible to the user,
// then clear the line with \r and overwrite with spaces.
{
let osc7_hook = concat!(
" stty -echo; ",
"__wraith_osc7() { printf '\\e]7;file://localhost/%s\\a' \"$(pwd | sed 's/ /%20/g')\"; }; ",
"if [ -n \"$ZSH_VERSION\" ]; then precmd() { __wraith_osc7; }; ",
"elif [ -n \"$BASH_VERSION\" ]; then PROMPT_COMMAND=__wraith_osc7; fi; ",
"stty echo; clear; cd ~\n"
Err(e) => {
warn!(
"SFTP session init failed for {}: {} — \
file manager will be unavailable",
session_id, e
);
let h = handle.lock().await;
let _ = h.data(channel_id, CryptoVec::from_slice(osc7_hook.as_bytes())).await;
}
}
}
Err(e) => {
warn!(
"SFTP subsystem request failed for {}: {} — \
file manager will be unavailable",
session_id, e
);
}
}
}
Err(e) => {
warn!(
"Failed to open SFTP channel for {}: {} — \
file manager will be unavailable",
session_id, e
);
}
}
}
// Output reader loop — owns the Channel exclusively.
// Writes go through Handle::data() so no shared mutex is needed.
// Spawn the stdout read loop.
let sid = session_id.clone();
let chan = channel.clone();
let app = app_handle.clone();
tokio::spawn(async move {
loop {
tokio::select! {
msg = channel.wait() => {
let msg = {
let mut ch = chan.lock().await;
ch.wait().await
};
match msg {
Some(ChannelMsg::Data { ref data }) => {
scrollback_buf.push(data.as_ref());
// Passive OSC 7 CWD detection — scan without modifying stream
if let Some(cwd) = extract_osc7_cwd(data.as_ref()) {
let _ = app.emit(&format!("ssh:cwd:{}", sid), &cwd);
let encoded = base64::engine::general_purpose::STANDARD
.encode(data.as_ref());
let event_name = format!("ssh:data:{}", sid);
if let Err(e) = app.emit(&event_name, encoded) {
error!("Failed to emit SSH data event: {}", e);
break;
}
let encoded = base64::engine::general_purpose::STANDARD.encode(data.as_ref());
let _ = app.emit(&format!("ssh:data:{}", sid), encoded);
}
Some(ChannelMsg::ExtendedData { ref data, .. }) => {
scrollback_buf.push(data.as_ref());
let encoded = base64::engine::general_purpose::STANDARD.encode(data.as_ref());
let _ = app.emit(&format!("ssh:data:{}", sid), encoded);
// stderr — emit on the same event channel so the
// terminal renders it inline (same as a real terminal).
let encoded = base64::engine::general_purpose::STANDARD
.encode(data.as_ref());
let event_name = format!("ssh:data:{}", sid);
if let Err(e) = app.emit(&event_name, encoded) {
error!("Failed to emit SSH stderr event: {}", e);
break;
}
}
Some(ChannelMsg::ExitStatus { exit_status }) => {
let _ = app.emit(&format!("ssh:exit:{}", sid), exit_status);
info!("SSH session {} exited with status {}", sid, exit_status);
let event_name = format!("ssh:exit:{}", sid);
let _ = app.emit(&event_name, exit_status);
break;
}
Some(ChannelMsg::Close) | None => {
let _ = app.emit(&format!("ssh:close:{}", sid), ());
Some(ChannelMsg::Eof) => {
debug!("SSH session {} received EOF", sid);
}
Some(ChannelMsg::Close) => {
info!("SSH session {} channel closed", sid);
let event_name = format!("ssh:close:{}", sid);
let _ = app.emit(&event_name, ());
break;
}
_ => {}
}
}
cmd = command_rx.recv() => {
match cmd {
Some(ChannelCommand::Resize { cols, rows }) => {
let _ = channel.window_change(cols, rows, 0, 0).await;
}
Some(ChannelCommand::Shutdown) | None => {
let _ = channel.eof().await;
let _ = channel.close().await;
None => {
info!("SSH session {} channel stream ended", sid);
let event_name = format!("ssh:close:{}", sid);
let _ = app.emit(&event_name, ());
break;
}
}
_ => {
// Ignore other channel messages (WindowAdjust, etc.)
}
}
}
});
info!(
"SSH session {} connected to {}@{}:{}",
session_id, username, hostname, port
);
Ok(session_id)
}
/// Write data to a session's PTY stdin.
pub async fn write(&self, session_id: &str, data: &[u8]) -> Result<(), String> {
let session = self.sessions.get(session_id).ok_or_else(|| format!("Session {} not found", session_id))?;
let handle = session.handle.lock().await;
handle.data(session.channel_id, CryptoVec::from_slice(data))
let session = self
.sessions
.get(session_id)
.ok_or_else(|| format!("Session {} not found", session_id))?;
let channel: tokio::sync::MutexGuard<'_, Channel<Msg>> =
session.channel.lock().await;
channel
.data(&data[..])
.await
.map_err(|_| format!("Failed to write to session {}", session_id))
.map_err(|e| format!("Failed to write to session {}: {}", session_id, e))
}
pub async fn resize(&self, session_id: &str, cols: u32, rows: u32) -> Result<(), String> {
let session = self.sessions.get(session_id).ok_or_else(|| format!("Session {} not found", session_id))?;
session.command_tx.send(ChannelCommand::Resize { cols, rows })
.map_err(|_| format!("Failed to resize session {}: channel closed", session_id))
/// Resize the PTY window for a session.
pub async fn resize(
&self,
session_id: &str,
cols: u32,
rows: u32,
) -> Result<(), String> {
let session = self
.sessions
.get(session_id)
.ok_or_else(|| format!("Session {} not found", session_id))?;
let channel: tokio::sync::MutexGuard<'_, Channel<Msg>> =
session.channel.lock().await;
channel
.window_change(cols, rows, 0, 0)
.await
.map_err(|e| format!("Failed to resize session {}: {}", session_id, e))
}
pub async fn disconnect(&self, session_id: &str, sftp_service: &SftpService) -> Result<(), String> {
let (_, session) = self.sessions.remove(session_id).ok_or_else(|| format!("Session {} not found", session_id))?;
// Cancel background tasks (CWD tracker, monitor) before tearing down the connection.
session.cancel_token.cancel();
let _ = session.command_tx.send(ChannelCommand::Shutdown);
{ let handle = session.handle.lock().await; let _ = handle.disconnect(Disconnect::ByApplication, "", "en").await; }
/// Disconnect a session — close the channel and remove it from the map.
///
/// Pass the `sftp_service` so the SFTP client can be dropped at the same
/// time as the SSH handle.
pub async fn disconnect(
&self,
session_id: &str,
sftp_service: &SftpService,
) -> Result<(), String> {
let (_, session) = self
.sessions
.remove(session_id)
.ok_or_else(|| format!("Session {} not found", session_id))?;
// Close the channel gracefully.
{
let channel: tokio::sync::MutexGuard<'_, Channel<Msg>> =
session.channel.lock().await;
let _ = channel.eof().await;
let _ = channel.close().await;
}
// Disconnect the SSH connection.
{
let handle = session.handle.lock().await;
let _ = handle
.disconnect(Disconnect::ByApplication, "", "en")
.await;
}
// Clean up the SFTP client for this session.
sftp_service.remove_client(session_id);
info!("SSH session {} disconnected", session_id);
Ok(())
}
/// Get a reference to a session by ID.
pub fn get_session(&self, session_id: &str) -> Option<Arc<SshSession>> {
self.sessions.get(session_id).map(|r| r.value().clone())
self.sessions.get(session_id).map(|entry| entry.clone())
}
/// List all active sessions (metadata only).
pub fn list_sessions(&self) -> Vec<SessionInfo> {
self.sessions.iter().map(|entry| {
self.sessions
.iter()
.map(|entry| {
let s = entry.value();
SessionInfo { id: s.id.clone(), hostname: s.hostname.clone(), port: s.port, username: s.username.clone() }
}).collect()
}
}
/// Decrypt a legacy PEM-encrypted EC key and re-encode as unencrypted PKCS#8.
/// Handles -----BEGIN EC PRIVATE KEY----- with Proc-Type/DEK-Info headers.
/// Uses the same MD5-based EVP_BytesToKey KDF that OpenSSL/russh use for RSA.
fn convert_ec_key_to_pkcs8(pem_text: &str, passphrase: Option<&str>) -> Result<String, String> {
use aes::cipher::{BlockDecryptMut, KeyIvInit};
// Parse PEM to extract headers and base64 body
let parsed = pem::parse(pem_text)
.map_err(|e| format!("Failed to parse PEM: {}", e))?;
if parsed.tag() != "EC PRIVATE KEY" {
return Err(format!("Expected EC PRIVATE KEY, got {}", parsed.tag()));
}
let der_bytes = parsed.contents();
// Check if the PEM has encryption headers (Proc-Type: 4,ENCRYPTED)
let is_encrypted = pem_text.contains("Proc-Type: 4,ENCRYPTED");
let decrypted = if is_encrypted {
let pass = passphrase
.ok_or_else(|| "EC key is encrypted but no passphrase provided".to_string())?;
// Extract IV from DEK-Info header
let iv = extract_dek_iv(pem_text)?;
// EVP_BytesToKey: key = MD5(password + iv[:8])
let mut ctx = md5::Context::new();
ctx.consume(pass.as_bytes());
ctx.consume(&iv[..8]);
let key_bytes = ctx.compute();
// Decrypt AES-128-CBC
let decryptor = cbc::Decryptor::<aes::Aes128>::new_from_slices(&key_bytes.0, &iv)
.map_err(|e| format!("AES init failed: {}", e))?;
let mut buf = der_bytes.to_vec();
let decrypted = decryptor
.decrypt_padded_mut::<block_padding::Pkcs7>(&mut buf)
.map_err(|_| "Decryption failed — wrong passphrase?".to_string())?;
decrypted.to_vec()
} else {
der_bytes.to_vec()
};
// Parse SEC1 DER → re-encode as PKCS#8 PEM
use sec1::der::Decode;
let ec_key = sec1::EcPrivateKey::from_der(&decrypted)
.map_err(|e| format!("Failed to parse EC key DER: {}", e))?;
// Build PKCS#8 wrapper around the SEC1 key
// The OID for the curve is embedded in the SEC1 parameters field
let oid = ec_key.parameters
.map(|p| { let sec1::EcParameters::NamedCurve(oid) = p; oid })
.ok_or_else(|| "EC key missing curve OID in parameters".to_string())?;
// Re-encode as PKCS#8 OneAsymmetricKey
use pkcs8::der::Encode;
let inner_der = ec_key.to_der()
.map_err(|e| format!("Failed to re-encode EC key: {}", e))?;
let algorithm = pkcs8::AlgorithmIdentifierRef {
oid: pkcs8::ObjectIdentifier::new("1.2.840.10045.2.1")
.map_err(|e| format!("Bad EC OID: {}", e))?,
parameters: Some(
pkcs8::der::asn1::AnyRef::new(pkcs8::der::Tag::ObjectIdentifier, oid.as_bytes())
.map_err(|e| format!("Bad curve param: {}", e))?
),
};
let pkcs8_info = pkcs8::PrivateKeyInfo {
algorithm,
private_key: &inner_der,
public_key: None,
};
let pkcs8_der = pkcs8_info.to_der()
.map_err(|e| format!("Failed to encode PKCS#8: {}", e))?;
// Wrap in PEM
let pkcs8_pem = pem::encode(&pem::Pem::new("PRIVATE KEY", pkcs8_der));
Ok(pkcs8_pem)
}
/// Extract the 16-byte IV from a DEK-Info: AES-128-CBC,<hex> header.
fn extract_dek_iv(pem_text: &str) -> Result<[u8; 16], String> {
for line in pem_text.lines() {
if let Some(rest) = line.strip_prefix("DEK-Info: AES-128-CBC,") {
let iv_hex = rest.trim();
let iv_bytes = hex::decode(iv_hex)
.map_err(|e| format!("Invalid DEK-Info IV hex: {}", e))?;
if iv_bytes.len() != 16 {
return Err(format!("IV must be 16 bytes, got {}", iv_bytes.len()));
}
let mut iv = [0u8; 16];
iv.copy_from_slice(&iv_bytes);
return Ok(iv);
}
}
Err("No DEK-Info: AES-128-CBC header found in encrypted PEM".to_string())
}
/// Passively extract CWD from OSC 7 escape sequences in terminal output.
/// Format: \e]7;file://hostname/path\a or \e]7;file://hostname/path\e\\
/// Returns the path portion without modifying the data stream.
fn extract_osc7_cwd(data: &[u8]) -> Option<String> {
let text = std::str::from_utf8(data).ok()?;
// Look for OSC 7 pattern: \x1b]7;file://
let marker = "\x1b]7;file://";
let start = text.find(marker)?;
let after_marker = &text[start + marker.len()..];
// Skip hostname (everything up to the next /)
let path_start = after_marker.find('/')?;
let path_part = &after_marker[path_start..];
// Find the terminator: BEL (\x07) or ST (\x1b\\)
let end = path_part.find('\x07')
.or_else(|| path_part.find("\x1b\\").map(|i| i));
let path = match end {
Some(e) => &path_part[..e],
None => path_part, // Might be split across chunks — take what we have
};
if path.is_empty() {
None
} else {
// URL-decode the path (spaces encoded as %20, etc.)
// Strip any stray quotes from shell printf output
let decoded = percent_decode(path);
let clean = decoded.trim_matches('"').trim_matches('\'').to_string();
if clean.is_empty() { None } else { Some(clean) }
}
}
fn percent_decode(input: &str) -> String {
let mut bytes: Vec<u8> = Vec::with_capacity(input.len());
let mut chars = input.chars();
while let Some(ch) = chars.next() {
if ch == '%' {
let hex: String = chars.by_ref().take(2).collect();
if let Ok(byte) = u8::from_str_radix(&hex, 16) {
bytes.push(byte);
} else {
bytes.extend_from_slice(b"%");
bytes.extend_from_slice(hex.as_bytes());
}
} else {
let mut buf = [0u8; 4];
bytes.extend_from_slice(ch.encode_utf8(&mut buf).as_bytes());
}
}
String::from_utf8_lossy(&bytes).into_owned()
}
/// Resolve a private key string — if it looks like PEM content, return as-is.
/// If it looks like a file path, read the file. Strip BOM and normalize.
fn resolve_private_key(input: &str) -> Result<String, String> {
let input = input.trim();
// Strip UTF-8 BOM if present
let input = input.strip_prefix('\u{feff}').unwrap_or(input);
if input.starts_with("-----BEGIN ") {
return Ok(input.to_string());
}
// Doesn't look like PEM — try as file path
let path = if input.starts_with('~') {
if let Ok(home) = std::env::var("HOME") {
input.replacen('~', &home, 1)
} else {
input.to_string()
}
} else {
input.to_string()
};
let path = std::path::Path::new(&path);
if path.exists() && path.is_file() {
std::fs::read_to_string(path)
.map(|s| s.trim().to_string())
.map_err(|e| format!("Failed to read private key file '{}': {}", path.display(), e))
} else if input.contains('/') || input.contains('\\') {
Err(format!("Private key file not found: {}", input))
} else {
// Neither PEM nor a path — pass through and let russh give its error
Ok(input.to_string())
SessionInfo {
id: s.id.clone(),
hostname: s.hostname.clone(),
port: s.port,
username: s.username.clone(),
}
})
.collect()
}
}

134
src-tauri/src/theme/mod.rs
View File

@ -59,7 +59,6 @@ struct BuiltinTheme {
// ── service ───────────────────────────────────────────────────────────────────
#[derive(Clone)]
pub struct ThemeService {
db: Database,
}
@ -254,7 +253,7 @@ impl ThemeService {
t.bright_blue, t.bright_magenta, t.bright_cyan, t.bright_white,
],
) {
wraith_log!("theme::seed_builtins: failed to seed '{}': {}", t.name, e);
eprintln!("theme::seed_builtins: failed to seed '{}': {}", t.name, e);
}
}
}
@ -273,7 +272,7 @@ impl ThemeService {
) {
Ok(s) => s,
Err(e) => {
wraith_log!("theme::list: failed to prepare query: {}", e);
eprintln!("theme::list: failed to prepare query: {}", e);
return vec![];
}
};
@ -281,12 +280,12 @@ impl ThemeService {
match stmt.query_map([], map_theme_row) {
Ok(rows) => rows
.filter_map(|r| {
r.map_err(|e| wraith_log!("theme::list: row error: {}", e))
r.map_err(|e| eprintln!("theme::list: row error: {}", e))
.ok()
})
.collect(),
Err(e) => {
wraith_log!("theme::list: query failed: {}", e);
eprintln!("theme::list: query failed: {}", e);
vec![]
}
}
@ -338,128 +337,3 @@ fn map_theme_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<Theme> {
is_builtin: row.get(21)?,
})
}
// ── tests ─────────────────────────────────────────────────────────────────────
#[cfg(test)]
mod tests {
use super::*;
use crate::db::Database;
fn make_service() -> ThemeService {
let db = Database::open(std::path::Path::new(":memory:")).unwrap();
db.migrate().unwrap();
ThemeService::new(db)
}
#[test]
fn list_empty_before_seed() {
let svc = make_service();
assert!(svc.list().is_empty());
}
#[test]
fn seed_builtins_creates_seven_themes() {
let svc = make_service();
svc.seed_builtins();
let themes = svc.list();
assert_eq!(themes.len(), 7);
}
#[test]
fn seed_builtins_is_idempotent() {
let svc = make_service();
svc.seed_builtins();
svc.seed_builtins(); // second run must not duplicate
assert_eq!(svc.list().len(), 7);
}
#[test]
fn all_builtins_marked_as_builtin() {
let svc = make_service();
svc.seed_builtins();
for theme in svc.list() {
assert!(theme.is_builtin, "{} should be marked as builtin", theme.name);
}
}
#[test]
fn builtin_names_correct() {
let svc = make_service();
svc.seed_builtins();
let names: Vec<String> = svc.list().into_iter().map(|t| t.name).collect();
assert!(names.contains(&"Dracula".to_string()));
assert!(names.contains(&"Nord".to_string()));
assert!(names.contains(&"Monokai".to_string()));
assert!(names.contains(&"One Dark".to_string()));
assert!(names.contains(&"Solarized Dark".to_string()));
assert!(names.contains(&"Gruvbox Dark".to_string()));
assert!(names.contains(&"MobaXTerm Classic".to_string()));
}
#[test]
fn get_by_name_returns_theme() {
let svc = make_service();
svc.seed_builtins();
let theme = svc.get_by_name("Dracula");
assert!(theme.is_some());
let t = theme.unwrap();
assert_eq!(t.name, "Dracula");
assert_eq!(t.background, "#282a36");
assert_eq!(t.foreground, "#f8f8f2");
}
#[test]
fn get_by_name_missing_returns_none() {
let svc = make_service();
svc.seed_builtins();
assert!(svc.get_by_name("Nonexistent Theme").is_none());
}
#[test]
fn get_by_name_is_case_sensitive() {
let svc = make_service();
svc.seed_builtins();
assert!(svc.get_by_name("dracula").is_none()); // lowercase should not match
}
#[test]
fn all_themes_have_valid_hex_colors() {
let svc = make_service();
svc.seed_builtins();
for theme in svc.list() {
let colors = [
&theme.foreground, &theme.background, &theme.cursor,
&theme.black, &theme.red, &theme.green, &theme.yellow,
&theme.blue, &theme.magenta, &theme.cyan, &theme.white,
&theme.bright_black, &theme.bright_red, &theme.bright_green,
&theme.bright_yellow, &theme.bright_blue, &theme.bright_magenta,
&theme.bright_cyan, &theme.bright_white,
];
for color in colors {
assert!(
color.starts_with('#') && color.len() == 7,
"Theme '{}' has invalid color: '{}'",
theme.name,
color
);
}
}
}
#[test]
fn list_ordered_builtin_first_then_name() {
let svc = make_service();
svc.seed_builtins();
let themes = svc.list();
// All are builtin, so should be ordered by name (case-insensitive)
for w in themes.windows(2) {
assert!(
w[0].name.to_lowercase() <= w[1].name.to_lowercase(),
"'{}' should come before '{}'",
w[0].name,
w[1].name
);
}
}
}

19
src-tauri/src/utils.rs
View File

@ -1,19 +0,0 @@
//! Shared utility functions.
/// Escape a string for safe interpolation into a POSIX shell command.
///
/// Wraps the input in single quotes and escapes any embedded single quotes
/// using the `'\''` technique. This prevents command injection when building
/// shell commands from user-supplied values.
///
/// # Examples
///
/// ```
/// # use wraith_lib::utils::shell_escape;
/// assert_eq!(shell_escape("hello"), "'hello'");
/// assert_eq!(shell_escape("it's"), "'it'\\''s'");
/// assert_eq!(shell_escape(";rm -rf /"), "';rm -rf /'");
/// ```
pub fn shell_escape(input: &str) -> String {
format!("'{}'", input.replace('\'', "'\\''"))
}

15
src-tauri/src/vault/mod.rs
View File

@ -4,7 +4,6 @@ use aes_gcm::{
Aes256Gcm, Key, Nonce,
};
use argon2::{Algorithm, Argon2, Params, Version};
use zeroize::Zeroizing;
// ---------------------------------------------------------------------------
// VaultService
@ -22,18 +21,18 @@ use zeroize::Zeroizing;
/// The version prefix allows a future migration to a different algorithm
/// without breaking existing stored blobs.
pub struct VaultService {
key: Zeroizing<[u8; 32]>,
key: [u8; 32],
}
impl VaultService {
pub fn new(key: Zeroizing<[u8; 32]>) -> Self {
pub fn new(key: [u8; 32]) -> Self {
Self { key }
}
/// Encrypt `plaintext` and return a `v1:{iv_hex}:{sealed_hex}` blob.
pub fn encrypt(&self, plaintext: &str) -> Result<String, String> {
// Build the AES-256-GCM cipher from our key.
let key = Key::<Aes256Gcm>::from_slice(&*self.key);
let key = Key::<Aes256Gcm>::from_slice(&self.key);
let cipher = Aes256Gcm::new(key);
// Generate a random 12-byte nonce (96-bit is the GCM standard).
@ -72,7 +71,7 @@ impl VaultService {
));
}
let key = Key::<Aes256Gcm>::from_slice(&*self.key);
let key = Key::<Aes256Gcm>::from_slice(&self.key);
let cipher = Aes256Gcm::new(key);
let nonce = Nonce::from_slice(&iv_bytes);
@ -96,7 +95,7 @@ impl VaultService {
/// t = 3 iterations
/// m = 65536 KiB (64 MiB) memory
/// p = 4 parallelism lanes
pub fn derive_key(password: &str, salt: &[u8]) -> Zeroizing<[u8; 32]> {
pub fn derive_key(password: &str, salt: &[u8]) -> [u8; 32] {
let params = Params::new(
65536, // m_cost: 64 MiB
3, // t_cost: iterations
@ -107,9 +106,9 @@ pub fn derive_key(password: &str, salt: &[u8]) -> Zeroizing<[u8; 32]> {
let argon2 = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
let mut output_key = Zeroizing::new([0u8; 32]);
let mut output_key = [0u8; 32];
argon2
.hash_password_into(password.as_bytes(), salt, &mut *output_key)
.hash_password_into(password.as_bytes(), salt, &mut output_key)
.expect("Argon2id key derivation failed");
output_key

3
src-tauri/src/workspace/mod.rs
View File

@ -24,7 +24,6 @@ pub struct WorkspaceSnapshot {
const SNAPSHOT_KEY: &str = "workspace_snapshot";
const CLEAN_SHUTDOWN_KEY: &str = "clean_shutdown";
#[derive(Clone)]
pub struct WorkspaceService {
settings: SettingsService,
}
@ -48,7 +47,7 @@ impl WorkspaceService {
pub fn load(&self) -> Option<WorkspaceSnapshot> {
let json = self.settings.get(SNAPSHOT_KEY)?;
serde_json::from_str(&json)
.map_err(|e| wraith_log!("workspace::load: failed to deserialize snapshot: {e}"))
.map_err(|e| eprintln!("workspace::load: failed to deserialize snapshot: {e}"))
.ok()
}

30
src-tauri/tauri.conf.json
View File

@ -1,6 +1,6 @@
{
"productName": "Wraith",
"version": "1.1.5",
"version": "0.1.0",
"identifier": "com.vigilcyber.wraith",
"build": {
"frontendDist": "../dist",
@ -11,25 +11,22 @@
"app": {
"windows": [
{
"label": "main", "url": "index.html", "title": "Wraith",
"title": "Wraith",
"width": 1200,
"height": 800,
"minWidth": 800,
"minHeight": 600,
"decorations": true,
"resizable": true,
"dragDropEnabled": false,
"additionalBrowserArgs": "--enable-gpu-rasterization --enable-zero-copy --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection"
"resizable": true
}
],
"security": {
"csp": null
},
"withGlobalTauri": false
}
},
"bundle": {
"active": true,
"targets": ["nsis"],
"targets": [],
"icon": [
"icons/32x32.png",
"icons/128x128.png",
@ -41,20 +38,21 @@
"nsis": {
"displayLanguageSelector": false,
"installerIcon": "icons/icon.ico",
"installMode": "perMachine",
"installerHooks": "./windows/hooks.nsh"
"installMode": "perMachine"
}
}
},
"plugins": {
"updater": {
"endpoints": [
"https://git.command.vigilcyber.com/api/v1/repos/vstockwell/wraith/releases/latest"
],
"windows": {
"installMode": "passive"
}
},
"shell": {
"open": true
},
"updater": {
"pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDNCRkQ2OUY2OEY0Q0ZFQkYKUldTLy9reVA5bW45T3dUQ1R5OFNCenVhL2srTXlLcHR4cFNaeCtJSmJUSTZKSUNHVTRIbWZwanEK",
"endpoints": [
"https://files.command.vigilcyber.com/wraith/update.json"
]
}
}
}

6
src-tauri/windows/hooks.nsh
View File

@ -1,6 +0,0 @@
; Wraith NSIS installer hooks
; Desktop shortcut is OFF by default — Tauri creates one, we remove it.
!macro NSIS_HOOK_POSTINSTALL
Delete "$DESKTOP\${MAINBINARYNAME}.lnk"
!macroend

60
src/App.vue
View File

@ -1,67 +1,27 @@
<script setup lang="ts">
import { ref, onMounted, onErrorCaptured, defineAsyncComponent } from "vue";
import { onMounted } from "vue";
import { useAppStore } from "@/stores/app.store";
import UnlockLayout from "@/layouts/UnlockLayout.vue";
import ToolWindow from "@/components/tools/ToolWindow.vue";
const MainLayout = defineAsyncComponent({
loader: () => import("@/layouts/MainLayout.vue"),
onError(error) { console.error("[App] MainLayout load failed:", error); },
});
const DetachedSession = defineAsyncComponent({
loader: () => import("@/components/session/DetachedSession.vue"),
onError(error) { console.error("[App] DetachedSession load failed:", error); },
});
// MainLayout is the full app shell lazy-load it so the unlock screen is
// instant and the heavy editor/terminal code only lands after auth.
import { defineAsyncComponent } from "vue";
const MainLayout = defineAsyncComponent(
() => import("@/layouts/MainLayout.vue")
);
const app = useAppStore();
const appError = ref<string | null>(null);
const isToolMode = ref(false);
const isDetachedMode = ref(false);
const toolName = ref("");
const toolSessionId = ref("");
onErrorCaptured((err) => {
appError.value = err instanceof Error ? err.message : String(err);
console.error("[App] Uncaught error:", err);
return false;
});
/** Parse hash and set mode flags. Called on mount and on hashchange. */
function applyHash(hash: string): void {
if (hash.startsWith("#/tool/")) {
isToolMode.value = true;
const rest = hash.substring(7);
const [name, query] = rest.split("?");
toolName.value = name;
toolSessionId.value = new URLSearchParams(query || "").get("sessionId") || "";
} else if (hash.startsWith("#/detached-session")) {
isDetachedMode.value = true;
}
}
onMounted(async () => {
// Check hash at load time (present if JS-side WebviewWindow set it in the URL)
applyHash(window.location.hash);
// Also listen for hash changes (Rust-side window sets hash via eval after load)
window.addEventListener("hashchange", () => applyHash(window.location.hash));
// Only init vault for the main app window (no hash)
if (!isToolMode.value && !isDetachedMode.value) {
await app.checkVaultState();
}
});
</script>
<template>
<div v-if="appError" class="fixed inset-0 z-50 flex items-center justify-center bg-[#0d1117] text-red-400 p-8 text-sm font-mono whitespace-pre-wrap">
{{ appError }}
</div>
<DetachedSession v-else-if="isDetachedMode" />
<ToolWindow v-else-if="isToolMode" :tool="toolName" :session-id="toolSessionId" />
<div v-else class="app-root">
<div class="app-root">
<!-- Show the unlock/create-vault screen until the store confirms we're in -->
<UnlockLayout v-if="!app.isUnlocked" />
<!-- Once unlocked, mount the full application shell -->
<MainLayout v-else />
</div>
</template>

20
src/assets/css/terminal.css
View File

@ -2,7 +2,7 @@
.terminal-container {
width: 100%;
min-height: 0;
height: 100%;
position: relative;
overflow: hidden;
background: var(--wraith-bg-primary);
@ -20,16 +20,14 @@
height: 100%;
}
/* WKWebView focus fix: xterm.js hides its helper textarea with opacity: 0,
width/height: 0, left: -9999em. macOS WKWebView doesn't reliably focus
elements with zero dimensions positioned off-screen. Override to keep it
within the viewport with non-zero dimensions so focus events fire. */
.terminal-container .xterm .xterm-helper-textarea {
left: 0 !important;
top: 0 !important;
width: 1px !important;
height: 1px !important;
opacity: 0.01 !important;
/* Selection styling */
.terminal-container .xterm-selection div {
background-color: rgba(88, 166, 255, 0.3) !important;
}
/* Cursor styling */
.terminal-container .xterm-cursor-layer {
z-index: 4;
}
/* Scrollbar inside terminal */

306
src/components/ai/CopilotPanel.vue
View File

@ -1,306 +0,0 @@
<template>
<div class="flex h-full relative">
<!-- Drag handle for resizing -->
<div
class="w-1 cursor-col-resize hover:bg-[var(--wraith-accent-blue)] active:bg-[var(--wraith-accent-blue)] transition-colors shrink-0"
@pointerdown="startResize"
/>
<div
class="flex flex-col h-full bg-[var(--wraith-bg-secondary)] border-l border-[var(--wraith-border)] flex-1 min-w-0"
:style="{ width: panelWidth + 'px' }"
>
<!-- Header -->
<div class="p-3 border-b border-[var(--wraith-border)] flex items-center justify-between gap-2">
<span class="text-xs font-bold tracking-widest text-[var(--wraith-accent-blue)]">AI COPILOT</span>
<div class="flex items-center gap-1.5">
<select
v-model="selectedShell"
class="bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] rounded px-1.5 py-0.5 text-[10px] text-[var(--wraith-text-secondary)] outline-none"
:disabled="connected"
>
<option v-for="shell in shells" :key="shell.path" :value="shell.path">
{{ shell.name }}
</option>
</select>
<button
v-if="!connected"
class="px-2 py-0.5 text-[10px] font-bold rounded bg-[var(--wraith-accent-blue)] text-black cursor-pointer"
:disabled="!selectedShell"
@click="launch"
>
Launch
</button>
<button
v-else
class="px-2 py-0.5 text-[10px] font-bold rounded bg-[var(--wraith-accent-red,#f85149)] text-white cursor-pointer"
@click="kill"
>
Kill
</button>
<button
v-if="connected"
class="px-2 py-0.5 text-[10px] rounded border border-[var(--wraith-border)] text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-primary)] cursor-pointer"
title="Inject available MCP tools into the chat"
@click="injectTools"
>
Tools
</button>
</div>
</div>
<!-- Terminal area -->
<div v-if="connected" ref="containerRef" class="flex-1 min-h-0" />
<!-- Session ended prompt -->
<div v-else-if="sessionEnded" class="flex-1 flex flex-col items-center justify-center gap-3 p-4">
<p class="text-xs text-[var(--wraith-text-muted)]">Session ended</p>
<button
class="px-3 py-1.5 text-xs rounded bg-[var(--wraith-accent-blue)] text-black font-bold cursor-pointer"
@click="launch"
>
Relaunch
</button>
</div>
<!-- Empty state with quick-launch presets -->
<div v-else class="flex-1 flex flex-col items-center justify-center gap-3 p-4">
<p class="text-xs text-[var(--wraith-text-muted)] text-center">
Select a shell and click Launch, or use a preset:
</p>
<div v-if="presets.length" class="flex flex-col gap-1.5 w-full max-w-[200px]">
<button
v-for="preset in presets"
:key="preset.name"
class="px-3 py-1.5 text-xs rounded bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] text-[var(--wraith-text-secondary)] hover:text-[var(--wraith-text-primary)] hover:border-[var(--wraith-accent-blue)] transition-colors cursor-pointer text-left"
@click="launchPreset(preset)"
>
{{ preset.name }}
</button>
</div>
<p class="text-[10px] text-[var(--wraith-text-muted)] text-center">
Configure presets in Settings AI Copilot
</p>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, nextTick, onMounted, onBeforeUnmount } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { listen, type UnlistenFn } from "@tauri-apps/api/event";
import { useTerminal } from "@/composables/useTerminal";
interface ShellInfo { name: string; path: string; }
// Resizable panel
const panelWidth = ref(640);
function startResize(e: PointerEvent): void {
e.preventDefault();
const startX = e.clientX;
const startWidth = panelWidth.value;
function onMove(ev: PointerEvent): void {
// Dragging left increases width (panel is on the right side)
const delta = startX - ev.clientX;
panelWidth.value = Math.max(320, Math.min(1200, startWidth + delta));
}
function onUp(): void {
document.removeEventListener("pointermove", onMove);
document.removeEventListener("pointerup", onUp);
}
document.addEventListener("pointermove", onMove);
document.addEventListener("pointerup", onUp);
}
interface LaunchPreset { name: string; shell: string; command: string; }
const presets = ref<LaunchPreset[]>([]);
const shells = ref<ShellInfo[]>([]);
const selectedShell = ref("");
const connected = ref(false);
const sessionEnded = ref(false);
const containerRef = ref<HTMLElement | null>(null);
let sessionId = "";
let terminalInstance: ReturnType<typeof useTerminal> | null = null;
let closeUnlisten: UnlistenFn | null = null;
async function loadShells(): Promise<void> {
try {
shells.value = await invoke<ShellInfo[]>("list_available_shells");
if (shells.value.length > 0 && !selectedShell.value) {
selectedShell.value = shells.value[0].path;
}
} catch (err) {
console.error("Failed to list shells:", err);
}
}
async function loadPresets(): Promise<void> {
try {
const raw = await invoke<string | null>("get_setting", { key: "copilot_presets" });
if (raw) {
presets.value = JSON.parse(raw);
} else {
// Seed with sensible defaults
presets.value = [
{ name: "Claude Code", shell: "", command: "claude" },
{ name: "Gemini CLI", shell: "", command: "gemini" },
{ name: "Codex CLI", shell: "", command: "codex" },
];
}
} catch {
presets.value = [];
}
}
async function launchPreset(preset: LaunchPreset): Promise<void> {
const shell = preset.shell || selectedShell.value;
if (!shell) return;
selectedShell.value = shell;
await launch();
// Wait for the shell prompt before sending the command.
// Poll the scrollback for a prompt indicator (PS>, $, #, %, >)
if (sessionId && connected.value) {
const maxWait = 5000;
const start = Date.now();
const poll = setInterval(async () => {
if (Date.now() - start > maxWait) {
clearInterval(poll);
// Send anyway after timeout
invoke("pty_write", { sessionId, data: preset.command + "\r" }).catch(() => {});
return;
}
try {
const lines = await invoke<string>("mcp_terminal_read", { sessionId, lines: 3 });
const lastLine = lines.split("\n").pop()?.trim() || "";
// Detect common shell prompts
if (lastLine.endsWith("$") || lastLine.endsWith("#") || lastLine.endsWith("%") || lastLine.endsWith(">") || lastLine.endsWith("PS>")) {
clearInterval(poll);
invoke("pty_write", { sessionId, data: preset.command + "\r" }).catch(() => {});
}
} catch {
// Scrollback not ready yet, keep polling
}
}, 200);
}
}
async function launch(): Promise<void> {
if (!selectedShell.value) return;
sessionEnded.value = false;
try {
sessionId = await invoke<string>("spawn_local_shell", {
shellPath: selectedShell.value,
cols: 80,
rows: 24,
});
connected.value = true;
// Instantiate terminal synchronously (before any further awaits) now that
// sessionId is known. Cleanup is owned by this component's onBeforeUnmount.
terminalInstance = useTerminal(sessionId, "pty");
nextTick(() => {
if (containerRef.value && terminalInstance) {
terminalInstance.mount(containerRef.value);
// Fit after mount to get real dimensions, then resize the PTY
setTimeout(() => {
if (terminalInstance) {
terminalInstance.fit();
const term = terminalInstance.terminal;
invoke("pty_resize", {
sessionId,
cols: term.cols,
rows: term.rows,
}).catch(() => {});
}
}, 50);
}
});
// Listen for shell exit
closeUnlisten = await listen(`pty:close:${sessionId}`, () => {
cleanup();
sessionEnded.value = true;
});
} catch (err) {
console.error("Failed to spawn shell:", err);
connected.value = false;
}
}
function injectTools(): void {
if (!sessionId || !connected.value) return;
const toolsPrompt = [
"You have access to these Wraith MCP tools via the wraith-mcp-bridge:",
"",
"SESSION MANAGEMENT:",
" list_sessions — List all active SSH/RDP/PTY sessions",
"",
"TERMINAL:",
" terminal_read(session_id, lines?) — Read recent terminal output (ANSI stripped)",
" terminal_execute(session_id, command, timeout_ms?) — Run a command and capture output",
" terminal_screenshot(session_id) — Capture RDP session as PNG",
"",
"SFTP:",
" sftp_list(session_id, path) — List remote directory",
" sftp_read(session_id, path) — Read remote file",
" sftp_write(session_id, path, content) — Write remote file",
"",
"NETWORK:",
" network_scan(session_id, subnet) — Discover devices on subnet (ARP + ping sweep)",
" port_scan(session_id, target, ports?) — Scan TCP ports",
" ping(session_id, target) — Ping a host",
" traceroute(session_id, target) — Traceroute to host",
" dns_lookup(session_id, domain, record_type?) — DNS lookup",
" whois(session_id, target) — Whois lookup",
" wake_on_lan(session_id, mac_address) — Send WoL magic packet",
" bandwidth_test(session_id) — Internet speed test",
"",
"UTILITIES (no session needed):",
" subnet_calc(cidr) — Calculate subnet details",
" generate_ssh_key(key_type, comment?) — Generate SSH key pair",
" generate_password(length?, uppercase?, lowercase?, digits?, symbols?) — Generate password",
"",
].join("\n");
invoke("pty_write", { sessionId, data: toolsPrompt + "\r" }).catch(() => {});
}
function kill(): void {
if (sessionId) {
invoke("disconnect_pty", { sessionId }).catch(() => {});
}
cleanup();
}
function cleanup(): void {
if (terminalInstance) {
terminalInstance.destroy();
terminalInstance = null;
}
if (closeUnlisten) {
closeUnlisten();
closeUnlisten = null;
}
connected.value = false;
sessionId = "";
}
onMounted(() => {
loadShells();
loadPresets();
});
onBeforeUnmount(() => {
if (connected.value) kill();
});
</script>

6
src/components/common/CommandPalette.vue
View File

@ -116,9 +116,9 @@ const connectionStore = useConnectionStore();
const sessionStore = useSessionStore();
const emit = defineEmits<{
"open-import": [];
"open-settings": [];
"open-new-connection": [protocol?: "ssh" | "rdp"];
(e: "open-import"): void;
(e: "open-settings"): void;
(e: "open-new-connection", protocol?: "ssh" | "rdp"): void;
}>();
const actions: PaletteAction[] = [

36
src/components/common/ImportDialog.vue Normal file
View File

@ -0,0 +1,36 @@
<script setup lang="ts">
import { ref } from "vue";
const visible = ref(false);
function open() {
visible.value = true;
}
function close() {
visible.value = false;
}
defineExpose({ open });
</script>
<template>
<Teleport to="body">
<div v-if="visible" class="fixed inset-0 z-50 flex items-center justify-center bg-black/60" @click.self="close">
<div class="bg-zinc-800 border border-zinc-700 rounded-xl shadow-2xl p-6 w-[400px]">
<h2 class="text-lg font-semibold text-zinc-100 mb-4">Import Connections</h2>
<p class="text-sm text-zinc-400 mb-6">
Import is not available in this version. Add connections manually via the sidebar.
</p>
<div class="flex justify-end">
<button
class="px-4 py-2 text-sm bg-zinc-700 hover:bg-zinc-600 text-zinc-200 rounded-lg"
@click="close"
>
Close
</button>
</div>
</div>
</div>
</Teleport>
</template>

154
src/components/common/SettingsModal.vue
View File

@ -154,56 +154,6 @@
</div>
</template>
<!-- AI Copilot -->
<template v-if="activeSection === 'copilot'">
<h4 class="text-xs font-semibold text-[var(--wraith-text-muted)] uppercase tracking-wider mb-3">Launch Presets</h4>
<p class="text-[10px] text-[var(--wraith-text-muted)] mb-3">
Configure quick-launch buttons for the AI copilot panel. Each preset spawns a shell and runs the command.
</p>
<div class="space-y-2">
<div
v-for="(preset, idx) in copilotPresets"
:key="idx"
class="flex items-center gap-2"
>
<input
v-model="preset.name"
type="text"
placeholder="Name"
class="w-24 px-2 py-1 text-xs rounded bg-[#0d1117] border border-[#30363d] text-[var(--wraith-text-primary)] outline-none focus:border-[var(--wraith-accent-blue)]"
/>
<input
v-model="preset.command"
type="text"
placeholder="Command (e.g. claude --dangerously-skip-permissions)"
class="flex-1 px-2 py-1 text-xs rounded bg-[#0d1117] border border-[#30363d] text-[var(--wraith-text-primary)] outline-none focus:border-[var(--wraith-accent-blue)] font-mono"
/>
<button
class="text-[var(--wraith-text-muted)] hover:text-[var(--wraith-accent-red)] transition-colors cursor-pointer text-sm"
@click="copilotPresets.splice(idx, 1)"
>
&times;
</button>
</div>
</div>
<div class="flex gap-2 mt-3">
<button
class="px-3 py-1.5 text-xs rounded border border-[#30363d] text-[var(--wraith-text-secondary)] hover:bg-[#30363d] transition-colors cursor-pointer"
@click="copilotPresets.push({ name: '', shell: '', command: '' })"
>
+ Add Preset
</button>
<button
class="px-3 py-1.5 text-xs rounded bg-[var(--wraith-accent-blue)] text-black font-bold transition-colors cursor-pointer"
@click="saveCopilotPresets"
>
Save
</button>
</div>
</template>
<!-- About -->
<template v-if="activeSection === 'about'">
<h4 class="text-xs font-semibold text-[var(--wraith-text-muted)] uppercase tracking-wider mb-3">About</h4>
@ -233,30 +183,6 @@
</div>
</div>
<!-- Update check -->
<div class="pt-2">
<button
class="w-full px-3 py-2 text-xs font-bold rounded bg-[var(--wraith-accent-blue)] text-black cursor-pointer disabled:opacity-40"
:disabled="updateChecking"
@click="checkUpdates"
>
{{ updateChecking ? "Checking..." : "Check for Updates" }}
</button>
<div v-if="updateInfo" class="mt-2 p-3 rounded bg-[#0d1117] border border-[#30363d]">
<template v-if="updateInfo.updateAvailable">
<p class="text-xs text-[#3fb950] mb-1">Update available: v{{ updateInfo.latestVersion }}</p>
<p v-if="updateInfo.releaseNotes" class="text-[10px] text-[var(--wraith-text-muted)] mb-2 max-h-20 overflow-auto">{{ updateInfo.releaseNotes }}</p>
<button
class="w-full px-3 py-1.5 text-xs font-bold rounded bg-[#238636] text-white cursor-pointer"
@click="downloadUpdate"
>
Download v{{ updateInfo.latestVersion }}
</button>
</template>
<p v-else class="text-xs text-[var(--wraith-text-muted)]">You're on the latest version.</p>
</div>
</div>
<div class="flex gap-2 pt-2">
<a
href="#"
@ -295,46 +221,12 @@
<script setup lang="ts">
import { ref, watch, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { getVersion } from "@tauri-apps/api/app";
import { open as shellOpen } from "@tauri-apps/plugin-shell";
type Section = "general" | "terminal" | "vault" | "copilot" | "about";
interface CopilotPreset { name: string; shell: string; command: string; }
type Section = "general" | "terminal" | "vault" | "about";
const visible = ref(false);
const activeSection = ref<Section>("general");
const copilotPresets = ref<CopilotPreset[]>([]);
interface UpdateCheckInfo {
currentVersion: string;
latestVersion: string;
updateAvailable: boolean;
downloadUrl: string;
releaseNotes: string;
}
const updateChecking = ref(false);
const updateInfo = ref<UpdateCheckInfo | null>(null);
async function checkUpdates(): Promise<void> {
updateChecking.value = true;
updateInfo.value = null;
try {
updateInfo.value = await invoke<UpdateCheckInfo>("check_for_updates");
} catch (err) {
alert(`Update check failed: ${err}`);
}
updateChecking.value = false;
}
async function downloadUpdate(): Promise<void> {
if (!updateInfo.value?.downloadUrl) return;
try {
await shellOpen(updateInfo.value.downloadUrl);
} catch {
window.open(updateInfo.value.downloadUrl, "_blank");
}
}
const currentVersion = ref("loading...");
const sections = [
@ -353,11 +245,6 @@ const sections = [
label: "Vault",
icon: `<svg viewBox="0 0 16 16" fill="currentColor" class="w-3.5 h-3.5"><path d="M4 4v2h-.25A1.75 1.75 0 0 0 2 7.75v5.5c0 .966.784 1.75 1.75 1.75h8.5A1.75 1.75 0 0 0 14 13.25v-5.5A1.75 1.75 0 0 0 12.25 6H12V4a4 4 0 1 0-8 0Zm6.5 2V4a2.5 2.5 0 0 0-5 0v2ZM8 9.5a1.5 1.5 0 0 1 .5 2.915V13.5a.5.5 0 0 1-1 0v-1.085A1.5 1.5 0 0 1 8 9.5Z"/></svg>`,
},
{
id: "copilot" as const,
label: "AI Copilot",
icon: `<svg viewBox="0 0 16 16" fill="currentColor" class="w-3.5 h-3.5"><path d="M5.5 8.5 9 5l-2-.5L4 7.5l1.5 1ZM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v10.5A1.75 1.75 0 0 1 13.25 15H2.75A1.75 1.75 0 0 1 1 13.25Zm1.75-.25a.25.25 0 0 0-.25.25v10.5c0 .138.112.25.25.25h10.5a.25.25 0 0 0 .25-.25V2.75a.25.25 0 0 0-.25-.25Z"/></svg>`,
},
{
id: "about" as const,
label: "About",
@ -386,9 +273,6 @@ const settings = ref({
/** Load saved settings from Rust backend on mount. */
onMounted(async () => {
// Populate version from Tauri app config
try { currentVersion.value = await getVersion(); } catch { currentVersion.value = "unknown"; }
try {
const [protocol, sidebarW, theme, fontSize, scrollback] = await Promise.all([
invoke<string | null>("get_setting", { key: "default_protocol" }),
@ -422,16 +306,9 @@ watch(
() => settings.value.defaultProtocol,
(val) => invoke("set_setting", { key: "default_protocol", value: val }).catch(console.error),
);
let sidebarWidthDebounce: ReturnType<typeof setTimeout>;
watch(
() => settings.value.sidebarWidth,
(val) => {
clearTimeout(sidebarWidthDebounce);
sidebarWidthDebounce = setTimeout(
() => invoke("set_setting", { key: "sidebar_width", value: String(val) }).catch(console.error),
300,
);
},
(val) => invoke("set_setting", { key: "sidebar_width", value: String(val) }).catch(console.error),
);
watch(
() => settings.value.terminalTheme,
@ -449,33 +326,6 @@ watch(
function open(): void {
visible.value = true;
activeSection.value = "general";
loadCopilotPresets();
}
async function loadCopilotPresets(): Promise<void> {
try {
const raw = await invoke<string | null>("get_setting", { key: "copilot_presets" });
if (raw) {
copilotPresets.value = JSON.parse(raw);
} else {
copilotPresets.value = [
{ name: "Claude Code", shell: "", command: "claude" },
{ name: "Gemini CLI", shell: "", command: "gemini" },
{ name: "Codex CLI", shell: "", command: "codex" },
];
}
} catch {
copilotPresets.value = [];
}
}
async function saveCopilotPresets(): Promise<void> {
try {
const json = JSON.stringify(copilotPresets.value.filter(p => p.name && p.command));
await invoke("set_setting", { key: "copilot_presets", value: json });
} catch (err) {
console.error("Failed to save copilot presets:", err);
}
}
function close(): void {

4
src/components/common/StatusBar.vue
View File

@ -1,5 +1,5 @@
<template>
<div class="h-[48px] flex items-center justify-between px-6 bg-[var(--wraith-bg-secondary)] border-t border-[var(--wraith-border)] text-base text-[var(--wraith-text-muted)] shrink-0">
<div class="h-6 flex items-center justify-between px-4 bg-[var(--wraith-bg-secondary)] border-t border-[var(--wraith-border)] text-[10px] text-[var(--wraith-text-muted)] shrink-0">
<!-- Left: connection info -->
<div class="flex items-center gap-3">
<template v-if="sessionStore.activeSession">
@ -47,7 +47,7 @@ const connectionStore = useConnectionStore();
const activeThemeName = ref("Default");
const emit = defineEmits<{
"open-theme-picker": [];
(e: "open-theme-picker"): void;
}>();
const connectionInfo = computed(() => {

2
src/components/common/ThemePicker.vue
View File

@ -112,8 +112,6 @@ export interface ThemeDefinition {
brightMagenta: string;
brightCyan: string;
brightWhite: string;
selectionBackground?: string;
selectionForeground?: string;
isBuiltin?: boolean;
}

39
src/components/connections/ConnectionEditDialog.vue
View File

@ -270,27 +270,10 @@
</div>
<div>
<label class="block text-xs text-[var(--wraith-text-secondary)] mb-1">Private Key (PEM)</label>
<div class="flex gap-2 mb-1">
<button
type="button"
class="px-3 py-1.5 text-xs rounded bg-[#21262d] border border-[#30363d] text-[var(--wraith-text-secondary)] hover:text-[var(--wraith-text-primary)] hover:border-[var(--wraith-accent-blue)] transition-colors cursor-pointer"
@click="browseKeyFile"
>
Browse...
</button>
<span v-if="keyFileName" class="text-xs text-[var(--wraith-text-muted)] self-center truncate">{{ keyFileName }}</span>
</div>
<input
ref="keyFileInputRef"
type="file"
class="hidden"
accept=".pem,.key,.pub,.id_rsa,.id_ed25519,.id_ecdsa,.ppk"
@change="loadKeyFile"
/>
<textarea
v-model="newCred.privateKeyPEM"
rows="5"
placeholder="Paste key or use Browse to load from file"
placeholder="-----BEGIN OPENSSH PRIVATE KEY-----&#10;...&#10;-----END OPENSSH PRIVATE KEY-----"
class="w-full px-3 py-2 text-sm rounded bg-[#161b22] border border-[#30363d] text-[var(--wraith-text-primary)] placeholder-[var(--wraith-text-muted)] outline-none focus:border-[var(--wraith-accent-blue)] transition-colors resize-none font-mono"
spellcheck="false"
/>
@ -402,25 +385,6 @@ const newCred = ref<NewCredForm>({
passphrase: "",
});
// SSH key file picker
const keyFileInputRef = ref<HTMLInputElement | null>(null);
const keyFileName = ref("");
function browseKeyFile(): void {
keyFileInputRef.value?.click();
}
function loadKeyFile(event: Event): void {
const file = (event.target as HTMLInputElement).files?.[0];
if (!file) return;
keyFileName.value = file.name;
const reader = new FileReader();
reader.onload = () => {
newCred.value.privateKeyPEM = (reader.result as string).trim();
};
reader.readAsText(file);
}
const form = ref<ConnectionForm>({
name: "",
hostname: "",
@ -467,7 +431,6 @@ function setProtocol(protocol: "ssh" | "rdp"): void {
function resetNewCredForm(): void {
newCred.value = { name: "", username: "", password: "", privateKeyPEM: "", passphrase: "" };
newCredError.value = "";
keyFileName.value = "";
}
async function deleteSelectedCredential(): Promise<void> {

96
src/components/rdp/RdpView.vue
View File

@ -28,8 +28,7 @@
</template>
<script setup lang="ts">
import { ref, computed, onMounted, onBeforeUnmount, watch } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { ref, onMounted, onBeforeUnmount, watch } from "vue";
import { useRdp, MouseFlag } from "@/composables/useRdp";
const props = defineProps<{
@ -43,8 +42,8 @@ const containerRef = ref<HTMLElement | null>(null);
const canvasWrapper = ref<HTMLElement | null>(null);
const canvasRef = ref<HTMLCanvasElement | null>(null);
const rdpWidth = computed(() => props.width ?? 1920);
const rdpHeight = computed(() => props.height ?? 1080);
const rdpWidth = props.width ?? 1920;
const rdpHeight = props.height ?? 1080;
const {
connected,
@ -77,8 +76,8 @@ function toRdpCoords(e: MouseEvent): { x: number; y: number } | null {
if (!canvas) return null;
const rect = canvas.getBoundingClientRect();
const scaleX = canvas.width / rect.width;
const scaleY = canvas.height / rect.height;
const scaleX = rdpWidth / rect.width;
const scaleY = rdpHeight / rect.height;
return {
x: Math.floor((e.clientX - rect.left) * scaleX),
@ -154,95 +153,25 @@ function handleKeyUp(e: KeyboardEvent): void {
sendKey(props.sessionId, e.code, false);
}
let resizeObserver: ResizeObserver | null = null;
let resizeTimeout: ReturnType<typeof setTimeout> | null = null;
onMounted(() => {
if (canvasRef.value) {
startFrameLoop(props.sessionId, canvasRef.value, rdpWidth.value, rdpHeight.value);
}
// Watch container size and request server-side RDP resize (debounced 500ms)
if (canvasWrapper.value) {
resizeObserver = new ResizeObserver((entries) => {
const entry = entries[0];
if (!entry || !connected.value) return;
const { width: cw, height: ch } = entry.contentRect;
if (cw < 200 || ch < 200) return;
// Round to even width (RDP spec requirement)
const newW = Math.round(cw) & ~1;
const newH = Math.round(ch);
if (resizeTimeout) clearTimeout(resizeTimeout);
resizeTimeout = setTimeout(() => {
invoke("rdp_resize", {
sessionId: props.sessionId,
width: newW,
height: newH,
}).then(() => {
if (canvasRef.value) {
canvasRef.value.width = newW;
canvasRef.value.height = newH;
}
// Force full frame after resize so canvas gets a clean repaint
setTimeout(() => {
invoke("rdp_force_refresh", { sessionId: props.sessionId }).catch(() => {});
}, 200);
}).catch((err: unknown) => {
console.warn("[RdpView] resize failed:", err);
});
}, 500);
});
resizeObserver.observe(canvasWrapper.value);
startFrameLoop(props.sessionId, canvasRef.value, rdpWidth, rdpHeight);
}
});
onBeforeUnmount(() => {
stopFrameLoop();
if (resizeObserver) { resizeObserver.disconnect(); resizeObserver = null; }
if (resizeTimeout) { clearTimeout(resizeTimeout); resizeTimeout = null; }
});
// Focus canvas, re-check dimensions, and force full frame on tab switch.
// Uses 300ms delay to let the flex layout fully settle (copilot panel toggle, etc.)
// Focus canvas when this tab becomes active and keyboard is grabbed
watch(
() => props.isActive,
(active) => {
if (!active || !canvasRef.value) return;
// Immediate focus so keyboard works right away
if (keyboardGrabbed.value) canvasRef.value.focus();
// Immediate force refresh to show SOMETHING while we check dimensions
invoke("rdp_force_refresh", { sessionId: props.sessionId }).catch(() => {});
// Delayed dimension check layout needs time to settle
if (active && keyboardGrabbed.value && canvasRef.value) {
setTimeout(() => {
const wrapper = canvasWrapper.value;
const canvas = canvasRef.value;
if (!wrapper || !canvas) return;
const { width: cw, height: ch } = wrapper.getBoundingClientRect();
const newW = Math.round(cw) & ~1;
const newH = Math.round(ch);
if (newW >= 200 && newH >= 200 && (newW !== canvas.width || newH !== canvas.height)) {
invoke("rdp_resize", {
sessionId: props.sessionId,
width: newW,
height: newH,
}).then(() => {
if (canvas) {
canvas.width = newW;
canvas.height = newH;
canvasRef.value?.focus();
}, 0);
}
setTimeout(() => {
invoke("rdp_force_refresh", { sessionId: props.sessionId }).catch(() => {});
}, 500);
}).catch(() => {});
}
}, 300);
},
);
</script>
@ -267,8 +196,9 @@ watch(
}
.rdp-canvas {
width: 100%;
height: 100%;
max-width: 100%;
max-height: 100%;
object-fit: contain;
cursor: default;
outline: none;
image-rendering: auto;

75
src/components/session/DetachedSession.vue
View File

@ -1,75 +0,0 @@
<template>
<div class="h-screen w-screen flex flex-col bg-[#0d1117]">
<!-- Minimal title bar -->
<div class="h-8 flex items-center justify-between px-3 bg-[#161b22] border-b border-[#30363d] shrink-0" data-tauri-drag-region>
<span class="text-xs text-[#8b949e]">{{ sessionName }}</span>
<span class="text-[10px] text-[#484f58]">Detached close to reattach</span>
</div>
<!-- Terminal -->
<div ref="containerRef" class="flex-1 min-h-0" />
<!-- Monitor bar for SSH sessions -->
<MonitorBar v-if="protocol === 'ssh'" :session-id="sessionId" />
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, onBeforeUnmount } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { getCurrentWindow } from "@tauri-apps/api/window";
import { useTerminal } from "@/composables/useTerminal";
import MonitorBar from "@/components/terminal/MonitorBar.vue";
const sessionId = ref("");
const sessionName = ref("Detached Session");
const protocol = ref("ssh");
const containerRef = ref<HTMLElement | null>(null);
// Parse session info from URL hash synchronously so backend type is known at setup time
const hash = window.location.hash;
const params = new URLSearchParams(hash.split("?")[1] || "");
const _initialSessionId = params.get("sessionId") || "";
const _initialProtocol = params.get("protocol") || "ssh";
const _backend = (_initialProtocol === "local" ? "pty" : "ssh") as 'ssh' | 'pty';
const terminalInstance = useTerminal(_initialSessionId, _backend);
onMounted(async () => {
sessionId.value = _initialSessionId;
sessionName.value = decodeURIComponent(params.get("name") || "Detached Session");
protocol.value = _initialProtocol;
if (!sessionId.value || !containerRef.value) return;
terminalInstance.mount(containerRef.value);
setTimeout(() => {
terminalInstance.fit();
terminalInstance.terminal.focus();
const resizeCmd = _backend === "ssh" ? "ssh_resize" : "pty_resize";
invoke(resizeCmd, {
sessionId: sessionId.value,
cols: terminalInstance.terminal.cols,
rows: terminalInstance.terminal.rows,
}).catch(() => {});
}, 50);
// On window close, emit event so main window reattaches the tab
const appWindow = getCurrentWindow();
appWindow.onCloseRequested(async () => {
// Emit a custom event that the main window listens for
const { emit } = await import("@tauri-apps/api/event");
await emit("session:reattach", {
sessionId: sessionId.value,
name: sessionName.value,
protocol: protocol.value,
});
});
});
onBeforeUnmount(() => {
terminalInstance.destroy();
});
</script>

23
src/components/session/SessionContainer.vue
View File

@ -14,19 +14,6 @@
/>
</div>
<!-- Local PTY views v-show keeps xterm alive across tab switches -->
<div
v-for="session in localSessions"
:key="session.id"
v-show="session.id === sessionStore.activeSessionId"
class="absolute inset-0"
>
<LocalTerminalView
:session-id="session.id"
:is-active="session.id === sessionStore.activeSessionId"
/>
</div>
<!-- RDP views toolbar + canvas, kept alive via v-show -->
<div
v-for="session in rdpSessions"
@ -73,7 +60,6 @@ import { computed, ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useSessionStore } from "@/stores/session.store";
import TerminalView from "@/components/terminal/TerminalView.vue";
import LocalTerminalView from "@/components/terminal/LocalTerminalView.vue";
import RdpView from "@/components/rdp/RdpView.vue";
import RdpToolbar from "@/components/rdp/RdpToolbar.vue";
import { ScancodeMap } from "@/composables/useRdp";
@ -91,17 +77,12 @@ function setTerminalRef(sessionId: string, el: unknown): void {
const sessionStore = useSessionStore();
// Only render sessions that are active (not detached to separate windows)
const sshSessions = computed(() =>
sessionStore.sessions.filter((s) => s.protocol === "ssh" && s.active),
);
const localSessions = computed(() =>
sessionStore.sessions.filter((s) => s.protocol === "local" && s.active),
sessionStore.sessions.filter((s) => s.protocol === "ssh"),
);
const rdpSessions = computed(() =>
sessionStore.sessions.filter((s) => s.protocol === "rdp" && s.active),
sessionStore.sessions.filter((s) => s.protocol === "rdp"),
);
/**

14
src/components/session/TabBadge.vue
View File

@ -31,21 +31,17 @@ import { computed } from "vue";
const props = defineProps<{
/** Connection protocol — drives the protocol-dot colour. */
protocol: "ssh" | "rdp" | "local";
protocol: "ssh" | "rdp";
/** Username from the active session (if known). */
username?: string;
/** Raw tags from the connection record. */
tags?: string[];
/** Connection status — drives the dot colour. */
status?: "connected" | "disconnected";
}>();
/** Green=connected SSH, blue=connected RDP, purple=local, red=disconnected. */
const protocolDotClass = computed(() => {
if (props.status === "disconnected") return "bg-[#f85149]";
if (props.protocol === "local") return "bg-[#bc8cff]";
return props.protocol === "ssh" ? "bg-[#3fb950]" : "bg-[#1f6feb]";
});
/** Green for SSH, blue for RDP. */
const protocolDotClass = computed(() =>
props.protocol === "ssh" ? "bg-[#3fb950]" : "bg-[#1f6feb]",
);
/** True when the session is running as root or Administrator. */
const isRoot = computed(() => {

164
src/components/session/TabBar.vue
View File

@ -2,35 +2,23 @@
<div class="flex items-center bg-[var(--wraith-bg-secondary)] border-b border-[var(--wraith-border)] h-9 shrink-0">
<!-- Tabs -->
<div class="flex items-center overflow-x-auto min-w-0">
<div
v-for="(session, index) in sessionStore.sessions"
<button
v-for="session in sessionStore.sessions"
:key="session.id"
draggable="true"
role="tab"
class="group flex items-center gap-1.5 px-3 h-9 text-xs whitespace-nowrap border-r border-[var(--wraith-border)] transition-all duration-500 cursor-pointer shrink-0 select-none"
class="group flex items-center gap-1.5 px-3 h-9 text-xs whitespace-nowrap border-r border-[var(--wraith-border)] transition-all duration-500 cursor-pointer shrink-0"
:class="[
session.id === sessionStore.activeSessionId
? 'bg-[var(--wraith-bg-primary)] text-[var(--wraith-text-primary)] border-b-2 border-b-[var(--wraith-accent-blue)]'
: 'text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-secondary)] hover:bg-[var(--wraith-bg-tertiary)]',
isRootUser(session) ? 'border-t-2 border-t-[#f8514966]' : '',
dragOverIndex === index ? 'border-l-2 border-l-[var(--wraith-accent-blue)]' : '',
session.hasActivity && session.id !== sessionStore.activeSessionId ? 'animate-pulse text-[var(--wraith-accent-blue)]' : '',
!session.active ? 'opacity-40 italic' : '',
]"
@click="sessionStore.activateSession(session.id)"
@dragstart="onDragStart(index, $event)"
@dragover.prevent="onDragOver(index)"
@dragleave="dragOverIndex = -1"
@drop.prevent="onDrop(index)"
@dragend="draggedIndex = -1; dragOverIndex = -1"
@contextmenu.prevent="showTabMenu($event, session)"
>
<!-- Badge: protocol dot + root dot + env pills -->
<TabBadge
:protocol="session.protocol"
:username="session.username"
:tags="getSessionTags(session)"
:status="session.status"
/>
<span>{{ session.name }}</span>
@ -42,54 +30,20 @@
>
&times;
</span>
</div>
</button>
</div>
<!-- New tab button with shell dropdown -->
<div class="relative shrink-0">
<!-- New tab button -->
<button
class="flex items-center justify-center w-9 h-9 text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-primary)] hover:bg-[var(--wraith-bg-tertiary)] transition-colors cursor-pointer"
title="New local terminal"
@click="toggleShellMenu"
@blur="closeShellMenuDeferred"
class="flex items-center justify-center w-9 h-9 text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-primary)] hover:bg-[var(--wraith-bg-tertiary)] transition-colors cursor-pointer shrink-0"
title="New session"
>
+
</button>
<div
v-if="shellMenuOpen"
class="absolute top-full right-0 mt-0.5 w-48 bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl overflow-hidden z-50 py-1"
>
<button
v-for="shell in availableShells"
:key="shell.path"
class="w-full flex items-center gap-2 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="spawnShell(shell)"
>
{{ shell.name }}
</button>
<div v-if="availableShells.length === 0" class="px-4 py-2 text-xs text-[var(--wraith-text-muted)]">
No shells found
</div>
</div>
</div>
<!-- Tab context menu -->
<Teleport to="body">
<div v-if="tabMenu.visible" class="fixed z-[100] w-44 bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl overflow-hidden py-1"
:style="{ top: tabMenu.y + 'px', left: tabMenu.x + 'px' }">
<button class="w-full px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] cursor-pointer"
@click="detachTab">Detach to Window</button>
<div class="border-t border-[#30363d] my-1" />
<button class="w-full px-4 py-2 text-xs text-left text-[var(--wraith-accent-red)] hover:bg-[#30363d] cursor-pointer"
@click="closeMenuTab">Close</button>
</div>
<div v-if="tabMenu.visible" class="fixed inset-0 z-[99]" @click="tabMenu.visible = false" @contextmenu.prevent="tabMenu.visible = false" />
</Teleport>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, onBeforeUnmount } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useSessionStore, type Session } from "@/stores/session.store";
import { useConnectionStore } from "@/stores/connection.store";
import TabBadge from "@/components/session/TabBadge.vue";
@ -97,110 +51,6 @@ import TabBadge from "@/components/session/TabBadge.vue";
const sessionStore = useSessionStore();
const connectionStore = useConnectionStore();
// Shell menu for + button
interface ShellInfo { name: string; path: string; }
const availableShells = ref<ShellInfo[]>([]);
const shellMenuOpen = ref(false);
function toggleShellMenu(): void {
shellMenuOpen.value = !shellMenuOpen.value;
}
function closeShellMenuDeferred(): void {
setTimeout(() => { shellMenuOpen.value = false; }, 150);
}
async function spawnShell(shell: ShellInfo): Promise<void> {
shellMenuOpen.value = false;
await sessionStore.spawnLocalTab(shell.name, shell.path);
}
// Tab right-click context menu
const tabMenu = ref<{ visible: boolean; x: number; y: number; session: Session | null }>({
visible: false, x: 0, y: 0, session: null,
});
function showTabMenu(event: MouseEvent, session: Session): void {
tabMenu.value = { visible: true, x: event.clientX, y: event.clientY, session };
}
async function detachTab(): Promise<void> {
const session = tabMenu.value.session;
tabMenu.value.visible = false;
if (!session) return;
// Mark as detached in the store
session.active = false;
// Open a new Tauri window for this session
try {
await invoke("open_child_window", {
label: `detached-${session.id.substring(0, 8)}-${Date.now()}`,
title: `${session.name} — Wraith`,
url: `index.html#/detached-session?sessionId=${session.id}&name=${encodeURIComponent(session.name)}&protocol=${session.protocol}`,
width: 900, height: 600,
});
} catch (err) { console.error("Detach window error:", err); }
}
function closeMenuTab(): void {
const session = tabMenu.value.session;
tabMenu.value.visible = false;
if (session) sessionStore.closeSession(session.id);
}
import { listen } from "@tauri-apps/api/event";
import type { UnlistenFn } from "@tauri-apps/api/event";
let unlistenReattach: UnlistenFn | null = null;
onMounted(async () => {
try {
availableShells.value = await invoke<ShellInfo[]>("list_available_shells");
} catch {
availableShells.value = [];
}
unlistenReattach = await listen<{ sessionId: string; name: string; protocol: string }>("session:reattach", (event) => {
const { sessionId } = event.payload;
const session = sessionStore.sessions.find(s => s.id === sessionId);
if (session) {
session.active = true;
sessionStore.activateSession(sessionId);
}
});
});
onBeforeUnmount(() => {
unlistenReattach?.();
});
// Drag-and-drop tab reordering
const draggedIndex = ref(-1);
const dragOverIndex = ref(-1);
function onDragStart(index: number, event: DragEvent): void {
draggedIndex.value = index;
if (event.dataTransfer) {
event.dataTransfer.effectAllowed = "move";
event.dataTransfer.setData("text/plain", String(index));
}
}
function onDragOver(index: number): void {
if (draggedIndex.value !== -1 && draggedIndex.value !== index) {
dragOverIndex.value = index;
}
}
function onDrop(toIndex: number): void {
if (draggedIndex.value !== -1 && draggedIndex.value !== toIndex) {
sessionStore.moveSession(draggedIndex.value, toIndex);
}
draggedIndex.value = -1;
dragOverIndex.value = -1;
}
/** Get tags for a session's underlying connection. */
function getSessionTags(session: Session): string[] {
const conn = connectionStore.connections.find((c) => c.id === session.connectionId);

115
src/components/sftp/FileTree.vue
View File

@ -98,7 +98,6 @@
:class="{ 'bg-[var(--wraith-bg-tertiary)] ring-1 ring-inset ring-[var(--wraith-accent-blue)]': selectedEntry?.path === entry.path }"
@click="selectedEntry = entry"
@dblclick="handleEntryDblClick(entry)"
@contextmenu.prevent="openContextMenu($event, entry)"
>
<!-- Icon -->
<svg
@ -137,62 +136,6 @@
</template>
</div>
<!-- Context menu -->
<Teleport to="body">
<div
v-if="contextMenu.visible"
class="fixed z-[100] w-44 bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl overflow-hidden py-1"
:style="{ top: contextMenu.y + 'px', left: contextMenu.x + 'px' }"
@click="contextMenu.visible = false"
@contextmenu.prevent
>
<button
v-if="!contextMenu.entry?.isDir"
class="w-full flex items-center gap-2 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] cursor-pointer"
@click="handleEdit(contextMenu.entry!)"
>
Edit
</button>
<button
v-if="!contextMenu.entry?.isDir"
class="w-full flex items-center gap-2 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] cursor-pointer"
@click="selectedEntry = contextMenu.entry!; handleDownload()"
>
Download
</button>
<button
v-if="contextMenu.entry?.isDir"
class="w-full flex items-center gap-2 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] cursor-pointer"
@click="navigateTo(contextMenu.entry!.path)"
>
Open Folder
</button>
<button
class="w-full flex items-center gap-2 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] cursor-pointer"
@click="handleRename(contextMenu.entry!)"
>
Rename
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-2 px-4 py-2 text-xs text-left text-[var(--wraith-accent-red)] hover:bg-[#30363d] cursor-pointer"
@click="selectedEntry = contextMenu.entry!; handleDelete()"
>
Delete
</button>
</div>
</Teleport>
<!-- Click-away handler to close context menu -->
<Teleport to="body">
<div
v-if="contextMenu.visible"
class="fixed inset-0 z-[99]"
@click="contextMenu.visible = false"
@contextmenu.prevent="contextMenu.visible = false"
/>
</Teleport>
<!-- Follow terminal toggle -->
<div class="flex items-center gap-2 px-3 py-1.5 border-t border-[var(--wraith-border)]">
<label class="flex items-center gap-1.5 cursor-pointer text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-secondary)] transition-colors">
@ -208,7 +151,7 @@
</template>
<script setup lang="ts">
import { ref, toRef } from "vue";
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useSftp, type FileEntry } from "@/composables/useSftp";
import { useTransfers } from "@/composables/useTransfers";
@ -221,41 +164,12 @@ const emit = defineEmits<{
openFile: [entry: FileEntry];
}>();
const { currentPath, entries, isLoading, followTerminal, navigateTo, goUp, refresh } = useSftp(toRef(props, 'sessionId'));
const { currentPath, entries, isLoading, followTerminal, navigateTo, goUp, refresh } = useSftp(props.sessionId);
const { addTransfer, completeTransfer, failTransfer } = useTransfers();
/** Currently selected entry (single-click to select, double-click to open/navigate). */
const selectedEntry = ref<FileEntry | null>(null);
/** Right-click context menu state. */
const contextMenu = ref<{ visible: boolean; x: number; y: number; entry: FileEntry | null }>({
visible: false, x: 0, y: 0, entry: null,
});
function openContextMenu(event: MouseEvent, entry: FileEntry): void {
selectedEntry.value = entry;
contextMenu.value = { visible: true, x: event.clientX, y: event.clientY, entry };
}
function handleEdit(entry: FileEntry): void {
emit("openFile", entry);
}
async function handleRename(entry: FileEntry): Promise<void> {
const newName = prompt("Rename to:", entry.name);
if (!newName || !newName.trim() || newName.trim() === entry.name) return;
const parentPath = entry.path.substring(0, entry.path.lastIndexOf("/"));
const newPath = parentPath + "/" + newName.trim();
try {
await invoke("sftp_rename", { sessionId: props.sessionId, oldPath: entry.path, newPath });
await refresh();
} catch (err) {
console.error("SFTP rename error:", err);
}
}
/** Hidden file input element used for the upload flow. */
const fileInputRef = ref<HTMLInputElement | null>(null);
@ -371,31 +285,6 @@ function handleFileSelected(event: Event): void {
failTransfer(transferId);
};
// Guard: the backend sftp_write_file command accepts a UTF-8 string only.
// Binary files (images, archives, executables, etc.) will be corrupted if
// sent as text. Warn and abort for known binary extensions or large files.
const BINARY_EXTENSIONS = new Set([
"png", "jpg", "jpeg", "gif", "webp", "bmp", "ico", "tiff", "svg",
"zip", "tar", "gz", "bz2", "xz", "7z", "rar", "zst",
"exe", "dll", "so", "dylib", "bin", "elf",
"pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx",
"mp3", "mp4", "avi", "mkv", "mov", "flac", "wav", "ogg",
"ttf", "otf", "woff", "woff2",
"db", "sqlite", "sqlite3",
]);
const ext = file.name.split(".").pop()?.toLowerCase() ?? "";
const isBinary = BINARY_EXTENSIONS.has(ext);
const isLarge = file.size > 1 * 1024 * 1024; // 1 MB
if (isBinary || isLarge) {
const reason = isBinary
? `"${ext}" files are binary and cannot be safely uploaded as text`
: `file is ${(file.size / (1024 * 1024)).toFixed(1)} MB — only text files under 1 MB are supported`;
alert(`Upload blocked: ${reason}.\n\nBinary file upload support will be added in a future release.`);
failTransfer(transferId);
return;
}
reader.readAsText(file);
}

8
src/components/sftp/TransferProgress.vue
View File

@ -52,15 +52,11 @@
</template>
<script setup lang="ts">
import { ref, watch } from "vue";
import { ref } from "vue";
import { useTransfers } from "@/composables/useTransfers";
const expanded = ref(false);
const { transfers } = useTransfers();
// Auto-expand when transfers become active, collapse when all are gone
watch(() => transfers.value.length, (newLen, oldLen) => {
if (newLen > 0 && oldLen === 0) expanded.value = true;
if (newLen === 0) expanded.value = false;
});
const { transfers } = useTransfers();
</script>

132
src/components/sidebar/ConnectionTree.vue
View File

@ -28,17 +28,10 @@
<!-- Only show groups that have matching connections during search -->
<div v-if="!connectionStore.searchQuery || connectionStore.groupHasResults(group.id)">
<!-- Group header -->
<div
class="w-full flex items-center gap-1.5 px-3 py-1.5 text-xs hover:bg-[var(--wraith-bg-tertiary)] transition-colors cursor-pointer select-none"
:class="{ 'border-t-2 border-t-[var(--wraith-accent-blue)]': dragOverGroupId === group.id }"
draggable="true"
<button
class="w-full flex items-center gap-1.5 px-3 py-1.5 text-xs hover:bg-[var(--wraith-bg-tertiary)] transition-colors cursor-pointer"
@click="toggleGroup(group.id)"
@contextmenu.prevent="showGroupMenu($event, group)"
@dragstart="onGroupDragStart(group, $event)"
@dragover.prevent="onGroupDragOver(group)"
@dragleave="dragOverGroupId = null"
@drop.prevent="onGroupDrop(group)"
@dragend="resetDragState"
>
<!-- Chevron -->
<svg
@ -65,23 +58,16 @@
<span class="ml-auto text-[var(--wraith-text-muted)] text-[10px]">
{{ connectionStore.connectionsByGroup(group.id).length }}
</span>
</div>
</button>
<!-- Connections in group -->
<div v-if="expandedGroups.has(group.id)">
<div
<button
v-for="conn in connectionStore.connectionsByGroup(group.id)"
:key="conn.id"
draggable="true"
class="w-full flex items-center gap-2 pl-8 pr-3 py-1.5 text-xs hover:bg-[var(--wraith-bg-tertiary)] transition-colors cursor-pointer select-none"
:class="{ 'border-t-2 border-t-[var(--wraith-accent-blue)]': dragOverConnId === conn.id }"
class="w-full flex items-center gap-2 pl-8 pr-3 py-1.5 text-xs hover:bg-[var(--wraith-bg-tertiary)] transition-colors cursor-pointer"
@dblclick="handleConnect(conn)"
@contextmenu.prevent="showConnectionMenu($event, conn)"
@dragstart="onConnDragStart(conn, group.id, $event)"
@dragover.prevent="onConnDragOver(conn)"
@dragleave="dragOverConnId = null"
@drop.prevent="onConnDrop(conn, group.id)"
@dragend="resetDragState"
>
<!-- Protocol dot -->
<span
@ -96,7 +82,7 @@
>
{{ tag }}
</span>
</div>
</button>
</div>
</div>
</template>
@ -110,7 +96,7 @@
</template>
<script setup lang="ts">
import { ref, watch } from "vue";
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useConnectionStore, type Connection, type Group } from "@/stores/connection.store";
import { useSessionStore } from "@/stores/session.store";
@ -132,107 +118,11 @@ const sessionStore = useSessionStore();
const contextMenu = ref<InstanceType<typeof ContextMenu> | null>(null);
const editDialog = ref<InstanceType<typeof ConnectionEditDialog> | null>(null);
// Drag and drop reordering
const dragOverGroupId = ref<number | null>(null);
const dragOverConnId = ref<number | null>(null);
let draggedGroup: Group | null = null;
let draggedConn: { conn: Connection; fromGroupId: number } | null = null;
function onGroupDragStart(group: Group, event: DragEvent): void {
draggedGroup = group;
draggedConn = null;
event.dataTransfer?.setData("text/plain", `group:${group.id}`);
}
function onGroupDragOver(target: Group): void {
if (draggedGroup && draggedGroup.id !== target.id) {
dragOverGroupId.value = target.id;
}
// Allow dropping connections onto groups to move them
if (draggedConn) {
dragOverGroupId.value = target.id;
}
}
async function onGroupDrop(target: Group): Promise<void> {
if (draggedGroup && draggedGroup.id !== target.id) {
const groups = connectionStore.groups;
const fromIdx = groups.findIndex(g => g.id === draggedGroup!.id);
const toIdx = groups.findIndex(g => g.id === target.id);
if (fromIdx !== -1 && toIdx !== -1) {
const [moved] = groups.splice(fromIdx, 1);
groups.splice(toIdx, 0, moved);
// Persist new order
const ids = groups.map(g => g.id);
invoke("reorder_groups", { ids }).catch(console.error);
}
}
if (draggedConn && draggedConn.fromGroupId !== target.id) {
try {
await invoke("update_connection", { id: draggedConn.conn.id, input: { groupId: target.id } });
await connectionStore.loadAll();
} catch (err) { console.error("Failed to move connection:", err); }
}
resetDragState();
}
function onConnDragStart(conn: Connection, groupId: number, event: DragEvent): void {
draggedConn = { conn, fromGroupId: groupId };
draggedGroup = null;
event.dataTransfer?.setData("text/plain", `conn:${conn.id}`);
}
function onConnDragOver(target: Connection): void {
if (draggedConn && draggedConn.conn.id !== target.id) {
dragOverConnId.value = target.id;
}
}
async function onConnDrop(target: Connection, targetGroupId: number): Promise<void> {
if (draggedConn && draggedConn.conn.id !== target.id) {
if (draggedConn.fromGroupId !== targetGroupId) {
try {
await invoke("update_connection", { id: draggedConn.conn.id, input: { groupId: targetGroupId } });
await connectionStore.loadAll();
} catch (err) { console.error("Failed to move connection:", err); }
} else {
const conns = connectionStore.connectionsByGroup(targetGroupId);
const fromIdx = conns.findIndex(c => c.id === draggedConn!.conn.id);
const toIdx = conns.findIndex(c => c.id === target.id);
if (fromIdx !== -1 && toIdx !== -1) {
const [moved] = conns.splice(fromIdx, 1);
conns.splice(toIdx, 0, moved);
// Persist new order
const ids = conns.map(c => c.id);
invoke("reorder_connections", { ids }).catch(console.error);
}
}
}
resetDragState();
}
function resetDragState(): void {
draggedGroup = null;
draggedConn = null;
dragOverGroupId.value = null;
dragOverConnId.value = null;
}
// All groups expanded by default
const expandedGroups = ref<Set<number>>(
new Set(connectionStore.groups.map((g) => g.id)),
);
// Auto-expand groups added after initial load
watch(() => connectionStore.groups, (newGroups) => {
for (const group of newGroups) {
if (!expandedGroups.value.has(group.id)) {
expandedGroups.value.add(group.id);
}
}
}, { deep: true });
function toggleGroup(groupId: number): void {
if (expandedGroups.value.has(groupId)) {
expandedGroups.value.delete(groupId);
@ -246,7 +136,7 @@ async function addGroup(): Promise<void> {
const name = prompt("New group name:");
if (!name) return;
try {
await invoke("create_group", { name, parent_id: null });
await invoke("create_group", { name, parentId: null });
await connectionStore.loadGroups();
} catch (err) {
console.error("Failed to create group:", err);
@ -305,7 +195,7 @@ function showGroupMenu(event: MouseEvent, group: Group): void {
const newName = prompt("Rename group:", group.name);
if (newName && newName !== group.name) {
try {
await invoke("rename_group", { id: group.id, name: newName });
await invoke("rename_group", { groupId: group.id, name: newName });
await connectionStore.loadGroups();
} catch (err) {
console.error("Failed to rename group:", err);
@ -349,7 +239,7 @@ async function duplicateConnection(conn: Connection): Promise<void> {
async function deleteConnection(conn: Connection): Promise<void> {
if (!confirm(`Delete "${conn.name}"?`)) return;
try {
await invoke("delete_connection", { id: conn.id });
await invoke("delete_connection", { connectionId: conn.id });
await connectionStore.loadConnections();
} catch (err) {
console.error("Failed to delete connection:", err);
@ -360,7 +250,7 @@ async function deleteConnection(conn: Connection): Promise<void> {
async function deleteGroup(group: Group): Promise<void> {
if (!confirm(`Delete group "${group.name}" and all its connections?`)) return;
try {
await invoke("delete_group", { id: group.id });
await invoke("delete_group", { groupId: group.id });
await connectionStore.loadAll();
} catch (err) {
console.error("Failed to delete group:", err);

12
src/components/sidebar/SidebarToggle.vue
View File

@ -5,11 +5,11 @@
:key="tab.id"
class="flex-1 py-2 text-xs font-medium text-center transition-colors cursor-pointer"
:class="
model === tab.id
modelValue === tab.id
? 'text-[var(--wraith-accent-blue)] border-b-2 border-[var(--wraith-accent-blue)]'
: 'text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-secondary)]'
"
@click="model = tab.id"
@click="emit('update:modelValue', tab.id)"
>
{{ tab.label }}
</button>
@ -24,5 +24,11 @@ const tabs = [
{ id: "sftp" as const, label: "SFTP" },
];
const model = defineModel<SidebarTab>();
defineProps<{
modelValue: SidebarTab;
}>();
const emit = defineEmits<{
"update:modelValue": [tab: SidebarTab];
}>();
</script>

112
src/components/terminal/LocalTerminalView.vue
View File

@ -1,112 +0,0 @@
<template>
<div class="flex flex-col h-full">
<div
ref="containerRef"
class="terminal-container flex-1"
@click="terminal.focus()"
/>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, onBeforeUnmount, watch } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useTerminal } from "@/composables/useTerminal";
import { useSessionStore } from "@/stores/session.store";
import "@/assets/css/terminal.css";
const props = defineProps<{
sessionId: string;
isActive: boolean;
}>();
const sessionStore = useSessionStore();
const containerRef = ref<HTMLElement | null>(null);
const { terminal, mount, fit, destroy } = useTerminal(props.sessionId, "pty");
/** Apply the session store's active theme to this local terminal instance. */
function applyTheme(): void {
const theme = sessionStore.activeTheme;
if (!theme) return;
terminal.options.theme = {
background: theme.background,
foreground: theme.foreground,
cursor: theme.cursor,
cursorAccent: theme.background,
selectionBackground: theme.selectionBackground ?? "#264f78",
selectionForeground: theme.selectionForeground ?? "#ffffff",
selectionInactiveBackground: theme.selectionBackground ?? "#264f78",
black: theme.black,
red: theme.red,
green: theme.green,
yellow: theme.yellow,
blue: theme.blue,
magenta: theme.magenta,
cyan: theme.cyan,
white: theme.white,
brightBlack: theme.brightBlack,
brightRed: theme.brightRed,
brightGreen: theme.brightGreen,
brightYellow: theme.brightYellow,
brightBlue: theme.brightBlue,
brightMagenta: theme.brightMagenta,
brightCyan: theme.brightCyan,
brightWhite: theme.brightWhite,
};
if (containerRef.value) {
containerRef.value.style.backgroundColor = theme.background;
}
terminal.refresh(0, terminal.rows - 1);
}
onMounted(() => {
if (containerRef.value) {
mount(containerRef.value);
}
// Apply current theme immediately if one is already active
if (sessionStore.activeTheme) {
applyTheme();
}
setTimeout(() => {
fit();
terminal.focus();
invoke("pty_resize", {
sessionId: props.sessionId,
cols: terminal.cols,
rows: terminal.rows,
}).catch(() => {});
}, 50);
});
watch(
() => props.isActive,
(active) => {
if (active) {
requestAnimationFrame(() => {
requestAnimationFrame(() => {
fit();
terminal.focus();
invoke("pty_resize", {
sessionId: props.sessionId,
cols: terminal.cols,
rows: terminal.rows,
}).catch(() => {});
});
});
}
},
);
// Watch for theme changes and apply to this local terminal
watch(() => sessionStore.activeTheme, (newTheme) => {
if (newTheme) applyTheme();
}, { deep: true });
onBeforeUnmount(() => {
destroy();
});
</script>

97
src/components/terminal/MonitorBar.vue
View File

@ -1,97 +0,0 @@
<template>
<div
v-if="stats"
class="flex items-center gap-4 px-6 h-[48px] bg-[var(--wraith-bg-tertiary)] border-t border-[var(--wraith-border)] text-base font-mono shrink-0 select-none"
>
<!-- CPU -->
<span class="flex items-center gap-1">
<span class="text-[var(--wraith-text-muted)]">CPU</span>
<span :class="colorClass(stats.cpuPercent, 50, 80)">{{ stats.cpuPercent.toFixed(0) }}%</span>
</span>
<!-- RAM -->
<span class="flex items-center gap-1">
<span class="text-[var(--wraith-text-muted)]">RAM</span>
<span :class="colorClass(stats.memPercent, 50, 80)">{{ stats.memUsedMb }}M/{{ stats.memTotalMb }}M ({{ stats.memPercent.toFixed(0) }}%)</span>
</span>
<!-- Disk -->
<span class="flex items-center gap-1">
<span class="text-[var(--wraith-text-muted)]">DISK</span>
<span :class="colorClass(stats.diskPercent, 70, 90)">{{ stats.diskUsedGb.toFixed(0) }}G/{{ stats.diskTotalGb.toFixed(0) }}G ({{ stats.diskPercent.toFixed(0) }}%)</span>
</span>
<!-- Network -->
<span class="flex items-center gap-1">
<span class="text-[var(--wraith-text-muted)]">NET</span>
<span class="text-[var(--wraith-text-secondary)]">{{ formatBytes(stats.netRxBytes) }} {{ formatBytes(stats.netTxBytes) }}</span>
</span>
<!-- OS -->
<span class="text-[var(--wraith-text-muted)] ml-auto">{{ stats.osType }}</span>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, onBeforeUnmount, watch } from "vue";
import { listen, type UnlistenFn } from "@tauri-apps/api/event";
const props = defineProps<{
sessionId: string;
}>();
interface SystemStats {
cpuPercent: number;
memUsedMb: number;
memTotalMb: number;
memPercent: number;
diskUsedGb: number;
diskTotalGb: number;
diskPercent: number;
netRxBytes: number;
netTxBytes: number;
osType: string;
}
const stats = ref<SystemStats | null>(null);
let unlistenFn: UnlistenFn | null = null;
let subscribeGeneration = 0;
function colorClass(value: number, warnThreshold: number, critThreshold: number): string {
if (value >= critThreshold) return "text-[#f85149]"; // red
if (value >= warnThreshold) return "text-[#e3b341]"; // amber
return "text-[#3fb950]"; // green
}
function formatBytes(bytes: number): string {
if (bytes >= 1073741824) return (bytes / 1073741824).toFixed(1) + "G";
if (bytes >= 1048576) return (bytes / 1048576).toFixed(1) + "M";
if (bytes >= 1024) return (bytes / 1024).toFixed(0) + "K";
return bytes + "B";
}
async function subscribe(): Promise<void> {
const gen = ++subscribeGeneration;
if (unlistenFn) unlistenFn();
const fn = await listen<SystemStats>(`ssh:monitor:${props.sessionId}`, (event) => {
stats.value = event.payload;
});
if (gen !== subscribeGeneration) {
// A newer subscribe() call has already taken over discard this listener
fn();
return;
}
unlistenFn = fn;
}
onMounted(subscribe);
watch(() => props.sessionId, () => {
stats.value = null;
subscribe();
});
onBeforeUnmount(() => {
if (unlistenFn) unlistenFn();
});
</script>

67
src/components/terminal/TerminalView.vue
View File

@ -49,22 +49,15 @@
<div
ref="containerRef"
class="terminal-container flex-1"
@click="handleFocus"
@focus="handleFocus"
/>
<!-- Remote monitoring bar -->
<MonitorBar :session-id="props.sessionId" />
</div>
</template>
<script setup lang="ts">
import { ref, nextTick, onMounted, onBeforeUnmount, watch } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { ref, nextTick, onMounted, watch } from "vue";
import { useTerminal } from "@/composables/useTerminal";
import { useSessionStore } from "@/stores/session.store";
import MonitorBar from "@/components/terminal/MonitorBar.vue";
import type { IDisposable } from "@xterm/xterm";
import "@/assets/css/terminal.css";
const props = defineProps<{
@ -75,11 +68,6 @@ const props = defineProps<{
const sessionStore = useSessionStore();
const containerRef = ref<HTMLElement | null>(null);
const { terminal, searchAddon, mount, fit } = useTerminal(props.sessionId);
let resizeDisposable: IDisposable | null = null;
function handleFocus(): void {
terminal.focus();
}
// --- Search state ---
const searchVisible = ref(false);
@ -145,38 +133,20 @@ onMounted(() => {
}
// Track terminal dimensions in the session store
resizeDisposable = terminal.onResize(({ cols, rows }) => {
terminal.onResize(({ cols, rows }) => {
sessionStore.setTerminalDimensions(props.sessionId, cols, rows);
});
// Focus the terminal after mount so keyboard input works immediately
setTimeout(() => {
fit();
terminal.focus();
}, 50);
});
// Re-fit and focus terminal when switching back to this tab.
// Must wait for the container to have real dimensions after becoming visible.
// Re-fit and focus terminal when this tab becomes active
watch(
() => props.isActive,
(active) => {
if (active) {
// Double rAF ensures the container has been laid out by the browser
requestAnimationFrame(() => {
requestAnimationFrame(() => {
setTimeout(() => {
fit();
terminal.focus();
// Also notify the backend of the correct size
const session = sessionStore.sessions.find(s => s.id === props.sessionId);
const resizeCmd = session?.protocol === "local" ? "pty_resize" : "ssh_resize";
invoke(resizeCmd, {
sessionId: props.sessionId,
cols: terminal.cols,
rows: terminal.rows,
}).catch(() => {});
});
});
}, 0);
}
},
);
@ -189,10 +159,6 @@ function applyTheme(): void {
background: theme.background,
foreground: theme.foreground,
cursor: theme.cursor,
cursorAccent: theme.background,
selectionBackground: theme.selectionBackground ?? "#264f78",
selectionForeground: theme.selectionForeground ?? "#ffffff",
selectionInactiveBackground: theme.selectionBackground ?? "#264f78",
black: theme.black,
red: theme.red,
green: theme.green,
@ -210,27 +176,14 @@ function applyTheme(): void {
brightCyan: theme.brightCyan,
brightWhite: theme.brightWhite,
};
// Sync the container background so areas outside the canvas match the theme
if (containerRef.value) {
containerRef.value.style.backgroundColor = theme.background;
}
// Force xterm.js to repaint all visible rows with the new theme colors
terminal.refresh(0, terminal.rows - 1);
}
// Watch for theme changes in the session store and apply to this terminal.
// Uses deep comparison because the theme is an object a shallow watch may miss
// updates if Pinia returns the same reactive proxy wrapper after reassignment.
// Watch for theme changes in the session store and apply to this terminal
watch(() => sessionStore.activeTheme, (newTheme) => {
if (newTheme) applyTheme();
}, { deep: true });
onBeforeUnmount(() => {
if (resizeDisposable) {
resizeDisposable.dispose();
resizeDisposable = null;
}
});
function handleFocus(): void {
terminal.focus();
}
</script>

43
src/components/tools/BandwidthTest.vue
View File

@ -1,43 +0,0 @@
<template>
<ToolShell ref="shell" placeholder="Select a mode and click Run Test">
<template #default="{ running }">
<select v-model="mode" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none cursor-pointer">
<option value="speedtest">Internet Speed Test</option>
<option value="iperf">iperf3 (LAN)</option>
</select>
<template v-if="mode === 'iperf'">
<input v-model="server" type="text" placeholder="iperf3 server IP" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-40" />
<input v-model.number="duration" type="number" min="1" max="60" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-16" />
<span class="text-xs text-[#484f58]">sec</span>
</template>
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="run">
{{ running ? "Testing..." : "Run Test" }}
</button>
</template>
</ToolShell>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const mode = ref("speedtest");
const server = ref("");
const duration = ref(5);
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
async function run(): Promise<void> {
if (mode.value === "iperf" && !server.value) {
shell.value?.setOutput("Enter an iperf3 server IP");
return;
}
shell.value?.execute(() => {
if (mode.value === "iperf") {
return invoke<string>("tool_bandwidth_iperf", { sessionId: props.sessionId, server: server.value, duration: duration.value });
}
return invoke<string>("tool_bandwidth_speedtest", { sessionId: props.sessionId });
});
}
</script>

29
src/components/tools/DnsLookup.vue
View File

@ -1,29 +0,0 @@
<template>
<ToolShell ref="shell" placeholder="Enter a domain and click Lookup">
<template #default="{ running }">
<input v-model="domain" type="text" placeholder="Domain name" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="lookup" />
<select v-model="recordType" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none cursor-pointer">
<option v-for="t in ['A','AAAA','MX','NS','TXT','CNAME','SOA','SRV','PTR']" :key="t" :value="t">{{ t }}</option>
</select>
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="lookup">Lookup</button>
</template>
</ToolShell>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const domain = ref("");
const recordType = ref("A");
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
async function lookup(): Promise<void> {
if (!domain.value) return;
shell.value?.execute(() =>
invoke<string>("tool_dns_lookup", { sessionId: props.sessionId, domain: domain.value, recordType: recordType.value })
);
}
</script>

117
src/components/tools/DockerPanel.vue
View File

@ -1,117 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-3">
<!-- Tabs -->
<div class="flex items-center gap-2">
<button v-for="t in ['containers','images','volumes']" :key="t"
class="px-3 py-1 text-xs rounded cursor-pointer transition-colors"
:class="tab === t ? 'bg-[#58a6ff] text-black font-bold' : 'bg-[#21262d] text-[#8b949e] hover:text-white'"
@click="tab = t; refresh()"
>{{ t.charAt(0).toUpperCase() + t.slice(1) }}</button>
<div class="ml-auto flex gap-1">
<button class="px-2 py-1 text-[10px] rounded bg-[#21262d] text-[#8b949e] hover:text-white cursor-pointer" @click="refresh">Refresh</button>
<button class="px-2 py-1 text-[10px] rounded bg-[#da3633] text-white cursor-pointer" @click="action('builder-prune', '')">Builder Prune</button>
<button class="px-2 py-1 text-[10px] rounded bg-[#da3633] text-white cursor-pointer" @click="action('system-prune', '')">System Prune</button>
</div>
</div>
<!-- Containers -->
<div v-if="tab === 'containers'" class="flex-1 overflow-auto border border-[#30363d] rounded">
<table class="w-full text-xs"><thead class="bg-[#161b22] sticky top-0"><tr>
<th class="text-left px-3 py-2 text-[#8b949e]">Name</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Image</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Status</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Actions</th>
</tr></thead><tbody>
<tr v-for="c in containers" :key="c.id" class="border-t border-[#21262d] hover:bg-[#161b22]">
<td class="px-3 py-1.5 font-mono">{{ c.name }}</td>
<td class="px-3 py-1.5 text-[#8b949e]">{{ c.image }}</td>
<td class="px-3 py-1.5" :class="c.status.startsWith('Up') ? 'text-[#3fb950]' : 'text-[#8b949e]'">{{ c.status }}</td>
<td class="px-3 py-1.5 flex gap-1">
<button v-if="!c.status.startsWith('Up')" class="px-1.5 py-0.5 text-[10px] rounded bg-[#238636] text-white cursor-pointer" @click="action('start', c.name)">Start</button>
<button v-if="c.status.startsWith('Up')" class="px-1.5 py-0.5 text-[10px] rounded bg-[#e3b341] text-black cursor-pointer" @click="action('stop', c.name)">Stop</button>
<button class="px-1.5 py-0.5 text-[10px] rounded bg-[#1f6feb] text-white cursor-pointer" @click="action('restart', c.name)">Restart</button>
<button class="px-1.5 py-0.5 text-[10px] rounded bg-[#21262d] text-[#8b949e] cursor-pointer" @click="viewLogs(c.name)">Logs</button>
<button class="px-1.5 py-0.5 text-[10px] rounded bg-[#da3633] text-white cursor-pointer" @click="action('remove', c.name)">Remove</button>
</td>
</tr>
</tbody></table>
</div>
<!-- Images -->
<div v-if="tab === 'images'" class="flex-1 overflow-auto border border-[#30363d] rounded">
<table class="w-full text-xs"><thead class="bg-[#161b22] sticky top-0"><tr>
<th class="text-left px-3 py-2 text-[#8b949e]">Repository</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Tag</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Size</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Actions</th>
</tr></thead><tbody>
<tr v-for="img in images" :key="img.id" class="border-t border-[#21262d] hover:bg-[#161b22]">
<td class="px-3 py-1.5 font-mono">{{ img.repository }}</td>
<td class="px-3 py-1.5">{{ img.tag }}</td>
<td class="px-3 py-1.5 text-[#8b949e]">{{ img.size }}</td>
<td class="px-3 py-1.5"><button class="px-1.5 py-0.5 text-[10px] rounded bg-[#da3633] text-white cursor-pointer" @click="action('remove-image', img.id)">Remove</button></td>
</tr>
</tbody></table>
</div>
<!-- Volumes -->
<div v-if="tab === 'volumes'" class="flex-1 overflow-auto border border-[#30363d] rounded">
<table class="w-full text-xs"><thead class="bg-[#161b22] sticky top-0"><tr>
<th class="text-left px-3 py-2 text-[#8b949e]">Name</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Driver</th>
<th class="text-left px-3 py-2 text-[#8b949e]">Actions</th>
</tr></thead><tbody>
<tr v-for="v in volumes" :key="v.name" class="border-t border-[#21262d] hover:bg-[#161b22]">
<td class="px-3 py-1.5 font-mono">{{ v.name }}</td>
<td class="px-3 py-1.5 text-[#8b949e]">{{ v.driver }}</td>
<td class="px-3 py-1.5"><button class="px-1.5 py-0.5 text-[10px] rounded bg-[#da3633] text-white cursor-pointer" @click="action('remove-volume', v.name)">Remove</button></td>
</tr>
</tbody></table>
</div>
<!-- Output -->
<pre v-if="output" class="max-h-32 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-2 text-[10px] font-mono text-[#e0e0e0]">{{ output }}</pre>
<div class="text-[10px] text-[#484f58]">{{ containers.length }} containers · {{ images.length }} images · {{ volumes.length }} volumes</div>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
interface DockerContainer { id: string; name: string; image: string; status: string; ports: string; }
interface DockerImage { repository: string; tag: string; id: string; size: string; }
interface DockerVolume { name: string; driver: string; mountpoint: string; }
const props = defineProps<{ sessionId: string }>();
const tab = ref("containers");
const containers = ref<DockerContainer[]>([]);
const images = ref<DockerImage[]>([]);
const volumes = ref<DockerVolume[]>([]);
const output = ref("");
async function refresh(): Promise<void> {
try {
if (tab.value === "containers") containers.value = await invoke("docker_list_containers", { sessionId: props.sessionId, all: true });
if (tab.value === "images") images.value = await invoke("docker_list_images", { sessionId: props.sessionId });
if (tab.value === "volumes") volumes.value = await invoke("docker_list_volumes", { sessionId: props.sessionId });
} catch (err) { output.value = String(err); }
}
async function action(act: string, target: string): Promise<void> {
try {
output.value = await invoke<string>("docker_action", { sessionId: props.sessionId, action: act, target });
await refresh();
} catch (err) { output.value = String(err); }
}
async function viewLogs(name: string): Promise<void> {
try { output.value = await invoke<string>("docker_action", { sessionId: props.sessionId, action: "logs", target: name }); }
catch (err) { output.value = String(err); }
}
onMounted(refresh);
</script>

107
src/components/tools/FileEditor.vue
View File

@ -1,107 +0,0 @@
<template>
<div class="flex flex-col h-full bg-[#0d1117]">
<!-- Toolbar -->
<div class="flex items-center gap-2 px-3 py-2 bg-[#161b22] border-b border-[#30363d] shrink-0">
<span class="text-xs text-[#8b949e] font-mono truncate flex-1">{{ filePath }}</span>
<span v-if="modified" class="text-[10px] text-[#e3b341]">modified</span>
<button
class="px-3 py-1 text-xs font-bold rounded bg-[#238636] text-white cursor-pointer disabled:opacity-40"
:disabled="saving || !modified"
@click="save"
>
{{ saving ? "Saving..." : "Save" }}
</button>
</div>
<!-- Editor area -->
<div ref="editorContainer" class="flex-1 min-h-0" />
</div>
</template>
<script setup lang="ts">
import { ref, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
const props = defineProps<{
sessionId: string;
}>();
const filePath = ref("");
const content = ref("");
const modified = ref(false);
const saving = ref(false);
const editorContainer = ref<HTMLElement | null>(null);
let editorContent = "";
onMounted(async () => {
// Parse path from URL
const params = new URLSearchParams(window.location.hash.split("?")[1] || "");
filePath.value = decodeURIComponent(params.get("path") || "");
if (!filePath.value || !props.sessionId) return;
// Load file content
try {
content.value = await invoke<string>("sftp_read_file", {
sessionId: props.sessionId,
path: filePath.value,
});
editorContent = content.value;
} catch (err) {
content.value = `Error loading file: ${err}`;
}
// Create a simple textarea editor (CodeMirror can be added later)
if (editorContainer.value) {
const textarea = document.createElement("textarea");
textarea.value = content.value;
textarea.spellcheck = false;
textarea.style.cssText = `
width: 100%; height: 100%; resize: none; border: none; outline: none;
background: #0d1117; color: #e0e0e0; padding: 12px; font-size: 13px;
font-family: 'Cascadia Mono', 'Cascadia Code', Consolas, 'JetBrains Mono', monospace;
line-height: 1.5; tab-size: 4;
`;
textarea.addEventListener("input", () => {
editorContent = textarea.value;
modified.value = editorContent !== content.value;
});
textarea.addEventListener("keydown", (e) => {
// Ctrl+S to save
if ((e.ctrlKey || e.metaKey) && e.key === "s") {
e.preventDefault();
save();
}
// Tab inserts spaces
if (e.key === "Tab") {
e.preventDefault();
const start = textarea.selectionStart;
const end = textarea.selectionEnd;
textarea.value = textarea.value.substring(0, start) + " " + textarea.value.substring(end);
textarea.selectionStart = textarea.selectionEnd = start + 4;
editorContent = textarea.value;
modified.value = true;
}
});
editorContainer.value.appendChild(textarea);
textarea.focus();
}
});
async function save(): Promise<void> {
if (!modified.value || saving.value) return;
saving.value = true;
try {
await invoke("sftp_write_file", {
sessionId: props.sessionId,
path: filePath.value,
content: editorContent,
});
content.value = editorContent;
modified.value = false;
} catch (err) {
alert(`Save failed: ${err}`);
}
saving.value = false;
}
</script>

219
src/components/tools/HelpWindow.vue
View File

@ -1,219 +0,0 @@
<template>
<div class="flex flex-col h-full">
<!-- Tabs -->
<div class="flex items-center gap-1 px-4 py-2 bg-[#161b22] border-b border-[#30363d] shrink-0">
<button v-for="t in tabs" :key="t.id"
class="px-3 py-1 text-xs rounded cursor-pointer transition-colors"
:class="activeTab === t.id ? 'bg-[#58a6ff] text-black font-bold' : 'text-[#8b949e] hover:text-white'"
@click="activeTab = t.id"
>{{ t.label }}</button>
</div>
<div class="flex-1 overflow-auto p-6">
<!-- Getting Started -->
<div v-if="activeTab === 'guide'" class="prose-wraith">
<h2>Getting Started with Wraith</h2>
<p>Wraith is a native desktop SSH/SFTP/RDP client with an integrated AI copilot.</p>
<h3>Creating a Connection</h3>
<ol>
<li>Click <strong>File &rarr; New Connection</strong> or the <strong>+ Host</strong> button in the sidebar</li>
<li>Enter hostname, port, and protocol (SSH or RDP)</li>
<li>Optionally link a credential from the vault</li>
<li>Double-click the connection to connect</li>
</ol>
<h3>Quick Connect</h3>
<p>Type <code>user@host:port</code> in the Quick Connect bar and press Enter.</p>
<h3>AI Copilot</h3>
<p>Press <strong>Ctrl+Shift+G</strong> to open the AI copilot panel. Select a shell, click Launch, and run your AI CLI (Claude Code, Gemini, Codex).</p>
<p>Configure one-click launch presets in <strong>Settings &rarr; AI Copilot</strong>.</p>
<h3>Local Terminals</h3>
<p>Click the <strong>+</strong> button in the tab bar to open a local shell (PowerShell, CMD, Git Bash, WSL, bash, zsh).</p>
<h3>SFTP Browser</h3>
<p>Switch to the <strong>SFTP</strong> tab in the sidebar. It follows the active SSH session and tracks the current working directory.</p>
<p>Right-click files for Edit, Download, Rename, Delete.</p>
<h3>Tab Management</h3>
<ul>
<li><strong>Drag tabs</strong> to reorder</li>
<li><strong>Right-click tab</strong> &rarr; Detach to Window (pop out to separate window)</li>
<li>Close the detached window to reattach</li>
<li>Tabs pulse blue when there's new activity in the background</li>
</ul>
<h3>Remote Monitoring</h3>
<p>Every SSH session shows a monitoring bar at the bottom with CPU, RAM, disk, and network stats polled every 5 seconds. No agent needed.</p>
</div>
<!-- Keyboard Shortcuts -->
<div v-if="activeTab === 'shortcuts'" class="prose-wraith">
<h2>Keyboard Shortcuts</h2>
<table>
<thead><tr><th>Shortcut</th><th>Action</th></tr></thead>
<tbody>
<tr><td><kbd>Ctrl+K</kbd></td><td>Command Palette</td></tr>
<tr><td><kbd>Ctrl+Shift+G</kbd></td><td>Toggle AI Copilot</td></tr>
<tr><td><kbd>Ctrl+B</kbd></td><td>Toggle Sidebar</td></tr>
<tr><td><kbd>Ctrl+W</kbd></td><td>Close Active Tab</td></tr>
<tr><td><kbd>Ctrl+Tab</kbd></td><td>Next Tab</td></tr>
<tr><td><kbd>Ctrl+Shift+Tab</kbd></td><td>Previous Tab</td></tr>
<tr><td><kbd>Ctrl+1-9</kbd></td><td>Switch to Tab N</td></tr>
<tr><td><kbd>Ctrl+F</kbd></td><td>Find in Terminal</td></tr>
<tr><td><kbd>Ctrl+S</kbd></td><td>Save (in editor windows)</td></tr>
</tbody>
</table>
<h3>Terminal</h3>
<table>
<thead><tr><th>Action</th><th>How</th></tr></thead>
<tbody>
<tr><td>Copy</td><td>Select text (auto-copies)</td></tr>
<tr><td>Paste</td><td>Right-click</td></tr>
</tbody>
</table>
</div>
<!-- MCP Integration -->
<div v-if="activeTab === 'mcp'" class="prose-wraith">
<h2>MCP Integration (AI Tool Access)</h2>
<p>Wraith includes an MCP (Model Context Protocol) server that gives AI CLI tools programmatic access to your active sessions.</p>
<h3>Setup</h3>
<p>The MCP bridge binary is automatically downloaded to:</p>
<pre>{{ bridgePath }}</pre>
<p>Register with Claude Code:</p>
<pre>claude mcp add wraith -- "{{ bridgePath }}"</pre>
<h3>Available MCP Tools (18)</h3>
<h4>Session Management</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>list_sessions</code></td><td>List all active SSH/RDP/PTY sessions</td></tr>
</tbody>
</table>
<h4>Terminal</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>terminal_read</code></td><td>Read recent terminal output (ANSI stripped)</td></tr>
<tr><td><code>terminal_execute</code></td><td>Run a command and capture output</td></tr>
<tr><td><code>terminal_screenshot</code></td><td>Capture RDP frame as PNG</td></tr>
</tbody>
</table>
<h4>SFTP</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>sftp_list</code></td><td>List remote directory</td></tr>
<tr><td><code>sftp_read</code></td><td>Read remote file</td></tr>
<tr><td><code>sftp_write</code></td><td>Write remote file</td></tr>
</tbody>
</table>
<h4>Network</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>network_scan</code></td><td>ARP + ping sweep subnet discovery</td></tr>
<tr><td><code>port_scan</code></td><td>TCP port scan</td></tr>
<tr><td><code>ping</code></td><td>Ping a host</td></tr>
<tr><td><code>traceroute</code></td><td>Traceroute to host</td></tr>
<tr><td><code>dns_lookup</code></td><td>DNS query (A, MX, TXT, etc.)</td></tr>
<tr><td><code>whois</code></td><td>Whois lookup</td></tr>
<tr><td><code>wake_on_lan</code></td><td>Send WoL magic packet</td></tr>
<tr><td><code>bandwidth_test</code></td><td>Internet speed test</td></tr>
</tbody>
</table>
<h4>Utilities (no session needed)</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>subnet_calc</code></td><td>Subnet calculator</td></tr>
<tr><td><code>generate_ssh_key</code></td><td>Generate SSH key pair</td></tr>
<tr><td><code>generate_password</code></td><td>Generate secure password</td></tr>
</tbody>
</table>
<h3>How It Works</h3>
<ol>
<li>Wraith starts an HTTP server on <code>localhost</code> (random port)</li>
<li>Port written to <code>mcp-port</code> in data directory</li>
<li>Bridge binary reads the port and proxies JSON-RPC over stdio</li>
<li>AI CLI spawns the bridge as an MCP server</li>
</ol>
</div>
<!-- About -->
<div v-if="activeTab === 'about'" class="prose-wraith">
<h2>About Wraith</h2>
<p class="text-2xl font-bold tracking-widest text-[#58a6ff]">WRAITH</p>
<p>Exists everywhere, all at once.</p>
<table>
<tbody>
<tr><td>Version</td><td>{{ version }}</td></tr>
<tr><td>Runtime</td><td>Tauri v2 + Rust</td></tr>
<tr><td>Frontend</td><td>Vue 3 + TypeScript</td></tr>
<tr><td>Terminal</td><td>xterm.js 6</td></tr>
<tr><td>SSH</td><td>russh 0.48</td></tr>
<tr><td>RDP</td><td>ironrdp 0.14</td></tr>
<tr><td>License</td><td>Proprietary</td></tr>
<tr><td>Publisher</td><td>Vigilance Cyber / Vigilsynth</td></tr>
</tbody>
</table>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { getVersion } from "@tauri-apps/api/app";
const tabs = [
{ id: "guide", label: "Getting Started" },
{ id: "shortcuts", label: "Shortcuts" },
{ id: "mcp", label: "MCP Integration" },
{ id: "about", label: "About" },
];
const activeTab = ref("guide");
const bridgePath = ref("loading...");
const version = ref("loading...");
onMounted(async () => {
// Read initial tab from URL
const params = new URLSearchParams(window.location.hash.split("?")[1] || "");
const page = params.get("page");
if (page && tabs.some(t => t.id === page)) activeTab.value = page;
try { version.value = await getVersion(); } catch { version.value = "unknown"; }
try { bridgePath.value = await invoke<string>("mcp_bridge_path"); } catch { bridgePath.value = "unknown"; }
});
</script>
<style scoped>
.prose-wraith h2 { font-size: 16px; font-weight: 700; color: #e0e0e0; margin-bottom: 12px; }
.prose-wraith h3 { font-size: 13px; font-weight: 600; color: #8b949e; margin-top: 20px; margin-bottom: 8px; text-transform: uppercase; letter-spacing: 0.05em; }
.prose-wraith h4 { font-size: 12px; font-weight: 600; color: #58a6ff; margin-top: 16px; margin-bottom: 6px; }
.prose-wraith p { font-size: 12px; color: #8b949e; margin-bottom: 8px; line-height: 1.6; }
.prose-wraith ol, .prose-wraith ul { font-size: 12px; color: #8b949e; margin-bottom: 8px; padding-left: 20px; }
.prose-wraith li { margin-bottom: 4px; line-height: 1.5; }
.prose-wraith code { background: #161b22; border: 1px solid #30363d; border-radius: 4px; padding: 1px 5px; font-size: 11px; color: #e0e0e0; }
.prose-wraith pre { background: #161b22; border: 1px solid #30363d; border-radius: 6px; padding: 10px 14px; font-size: 11px; color: #e0e0e0; overflow-x: auto; margin-bottom: 8px; font-family: 'Cascadia Mono', monospace; }
.prose-wraith kbd { background: #21262d; border: 1px solid #484f58; border-radius: 3px; padding: 1px 5px; font-size: 10px; color: #e0e0e0; }
.prose-wraith table { width: 100%; font-size: 12px; border-collapse: collapse; margin-bottom: 12px; }
.prose-wraith th { text-align: left; padding: 6px 10px; background: #161b22; color: #8b949e; font-weight: 500; border-bottom: 1px solid #30363d; }
.prose-wraith td { padding: 5px 10px; color: #e0e0e0; border-bottom: 1px solid #21262d; }
.prose-wraith strong { color: #e0e0e0; }
</style>

90
src/components/tools/NetworkScanner.vue
View File

@ -1,90 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<label class="text-xs text-[#8b949e]">Subnet (first 3 octets):</label>
<input v-model="subnet" type="text" placeholder="192.168.1" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-40" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="scanning" @click="scan">
{{ scanning ? "Scanning..." : "Scan Network" }}
</button>
<button v-if="hosts.length" class="px-3 py-1.5 text-xs rounded border border-[#30363d] text-[#8b949e] hover:text-white cursor-pointer" @click="exportCsv">Export CSV</button>
</div>
<div class="flex-1 overflow-auto border border-[#30363d] rounded">
<table class="w-full text-xs">
<thead class="bg-[#161b22] sticky top-0">
<tr>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium">IP Address</th>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium">Hostname</th>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium">MAC Address</th>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium">Open Ports</th>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium">Actions</th>
</tr>
</thead>
<tbody>
<tr v-for="host in hosts" :key="host.ip" class="border-t border-[#21262d] hover:bg-[#161b22]">
<td class="px-3 py-1.5 font-mono">{{ host.ip }}</td>
<td class="px-3 py-1.5">{{ host.hostname || "—" }}</td>
<td class="px-3 py-1.5 font-mono text-[#8b949e]">{{ host.mac || "—" }}</td>
<td class="px-3 py-1.5">
<span v-if="host.openPorts.length" class="text-[#3fb950]">{{ host.openPorts.join(", ") }}</span>
<button v-else class="text-[#58a6ff] hover:underline cursor-pointer" @click="quickScanHost(host)">scan</button>
</td>
<td class="px-3 py-1.5 flex gap-1">
<button class="px-2 py-0.5 text-[10px] rounded bg-[#238636] text-white cursor-pointer" @click="connectSsh(host)">SSH</button>
<button class="px-2 py-0.5 text-[10px] rounded bg-[#1f6feb] text-white cursor-pointer" @click="connectRdp(host)">RDP</button>
</td>
</tr>
<tr v-if="!hosts.length && !scanning">
<td colspan="5" class="px-3 py-8 text-center text-[#484f58]">Enter a subnet and click Scan</td>
</tr>
</tbody>
</table>
</div>
<div class="text-[10px] text-[#484f58]">{{ hosts.length }} hosts found Scanning through session {{ sessionId.substring(0, 8) }}...</div>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
const props = defineProps<{ sessionId: string }>();
interface Host { ip: string; mac: string | null; hostname: string | null; vendor: string | null; openPorts: number[]; services: string[]; }
const subnet = ref("192.168.1");
const hosts = ref<Host[]>([]);
const scanning = ref(false);
async function scan(): Promise<void> {
scanning.value = true;
try {
hosts.value = await invoke<Host[]>("scan_network", { sessionId: props.sessionId, subnet: subnet.value });
} catch (err) { alert(err); }
scanning.value = false;
}
async function quickScanHost(host: Host): Promise<void> {
try {
const results = await invoke<{ port: number; open: boolean; service: string }[]>("quick_scan", { sessionId: props.sessionId, target: host.ip });
host.openPorts = results.filter(r => r.open).map(r => r.port);
} catch (err) { console.error(err); }
}
function connectSsh(host: Host): void { alert(`TODO: Open SSH tab to ${host.ip}`); }
function connectRdp(host: Host): void { alert(`TODO: Open RDP tab to ${host.ip}`); }
function exportCsv(): void {
const lines = ["IP,Hostname,MAC,OpenPorts"];
for (const h of hosts.value) {
lines.push(`${h.ip},"${h.hostname || ""}","${h.mac || ""}","${h.openPorts.join(";")}"`);
}
const blob = new Blob([lines.join("\n")], { type: "text/csv" });
const a = document.createElement("a");
a.href = URL.createObjectURL(blob);
a.download = `wraith-scan-${subnet.value}-${Date.now()}.csv`;
a.click();
setTimeout(() => URL.revokeObjectURL(a.href), 1000);
}
</script>

67
src/components/tools/PasswordGen.vue
View File

@ -1,67 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-4">
<h2 class="text-sm font-bold text-[#58a6ff]">Password Generator</h2>
<div class="flex items-center gap-3">
<div>
<label class="block text-xs text-[#8b949e] mb-1">Length</label>
<input v-model.number="length" type="number" min="4" max="128" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-20" />
</div>
<div class="flex items-center gap-3 self-end">
<label class="flex items-center gap-1 text-xs text-[#8b949e] cursor-pointer"><input v-model="uppercase" type="checkbox" class="accent-[#58a6ff]" /> A-Z</label>
<label class="flex items-center gap-1 text-xs text-[#8b949e] cursor-pointer"><input v-model="lowercase" type="checkbox" class="accent-[#58a6ff]" /> a-z</label>
<label class="flex items-center gap-1 text-xs text-[#8b949e] cursor-pointer"><input v-model="digits" type="checkbox" class="accent-[#58a6ff]" /> 0-9</label>
<label class="flex items-center gap-1 text-xs text-[#8b949e] cursor-pointer"><input v-model="symbols" type="checkbox" class="accent-[#58a6ff]" /> !@#</label>
</div>
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#238636] text-white cursor-pointer self-end" @click="generate">Generate</button>
</div>
<div v-if="password" class="flex items-center gap-2">
<input readonly :value="password" class="flex-1 px-3 py-2 text-lg font-mono rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] select-all" @click="($event.target as HTMLInputElement).select()" />
<button class="px-3 py-2 text-xs rounded bg-[#58a6ff] text-black font-bold cursor-pointer" @click="copy">Copy</button>
</div>
<div v-if="history.length" class="flex-1 overflow-auto">
<h3 class="text-xs text-[#8b949e] mb-2">History</h3>
<div v-for="(pw, i) in history" :key="i" class="flex items-center gap-2 py-1 border-b border-[#21262d]">
<span class="flex-1 font-mono text-xs text-[#8b949e] truncate">{{ pw }}</span>
<button class="text-[10px] text-[#58a6ff] hover:underline cursor-pointer" @click="copyText(pw)">copy</button>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
const length = ref(20);
const uppercase = ref(true);
const lowercase = ref(true);
const digits = ref(true);
const symbols = ref(true);
const password = ref("");
const history = ref<string[]>([]);
async function generate(): Promise<void> {
try {
password.value = await invoke<string>("tool_generate_password", {
length: length.value,
uppercase: uppercase.value,
lowercase: lowercase.value,
digits: digits.value,
symbols: symbols.value,
});
history.value.unshift(password.value);
if (history.value.length > 20) history.value.pop();
} catch (err) { alert(err); }
}
function copy(): void {
navigator.clipboard.writeText(password.value).catch(() => {});
}
function copyText(text: string): void {
navigator.clipboard.writeText(text).catch(() => {});
}
</script>

28
src/components/tools/PingTool.vue
View File

@ -1,28 +0,0 @@
<template>
<ToolShell ref="shell" placeholder="Enter a host and click Ping">
<template #default="{ running }">
<input v-model="target" type="text" placeholder="Host to ping" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="ping" />
<input v-model.number="count" type="number" min="1" max="100" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-16" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="ping">Ping</button>
</template>
</ToolShell>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const count = ref(4);
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
async function ping(): Promise<void> {
if (!target.value) return;
shell.value?.execute(async () => {
const result = await invoke<{ target: string; output: string }>("tool_ping", { sessionId: props.sessionId, target: target.value, count: count.value });
return result.output;
});
}
</script>

81
src/components/tools/PortScanner.vue
View File

@ -1,81 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<input v-model="target" type="text" placeholder="Target IP or hostname" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-44" />
<input v-model="portRange" type="text" placeholder="Ports: 1-1024 or 22,80,443" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-48" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="scanning" @click="scan">
{{ scanning ? "Scanning..." : "Scan" }}
</button>
<button class="px-3 py-1.5 text-xs rounded border border-[#30363d] text-[#8b949e] hover:text-white cursor-pointer disabled:opacity-40" :disabled="scanning" @click="quickScan">Quick Scan</button>
</div>
<div class="flex-1 overflow-auto border border-[#30363d] rounded">
<table class="w-full text-xs">
<thead class="bg-[#161b22] sticky top-0">
<tr>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium w-20">Port</th>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium w-20">State</th>
<th class="text-left px-3 py-2 text-[#8b949e] font-medium">Service</th>
</tr>
</thead>
<tbody>
<tr v-for="r in results" :key="r.port" class="border-t border-[#21262d]">
<td class="px-3 py-1.5 font-mono">{{ r.port }}</td>
<td class="px-3 py-1.5" :class="r.open ? 'text-[#3fb950]' : 'text-[#484f58]'">{{ r.open ? "open" : "closed" }}</td>
<td class="px-3 py-1.5">{{ r.service }}</td>
</tr>
</tbody>
</table>
</div>
<div class="text-[10px] text-[#484f58]">{{ results.filter(r => r.open).length }} open / {{ results.length }} scanned</div>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const portRange = ref("1-1024");
const results = ref<{ port: number; open: boolean; service: string }[]>([]);
const scanning = ref(false);
function parsePorts(input: string): number[] {
const ports: number[] = [];
for (const part of input.split(",")) {
const trimmed = part.trim();
if (trimmed.includes("-")) {
const [start, end] = trimmed.split("-").map(Number);
if (!isNaN(start) && !isNaN(end)) {
for (let p = start; p <= Math.min(end, 65535); p++) ports.push(p);
}
} else {
const p = Number(trimmed);
if (!isNaN(p) && p > 0 && p <= 65535) ports.push(p);
}
}
return ports;
}
async function scan(): Promise<void> {
if (!target.value) return;
scanning.value = true;
try {
const ports = parsePorts(portRange.value);
results.value = await invoke("scan_ports", { sessionId: props.sessionId, target: target.value, ports });
} catch (err) { alert(err); }
scanning.value = false;
}
async function quickScan(): Promise<void> {
if (!target.value) return;
scanning.value = true;
try {
results.value = await invoke("quick_scan", { sessionId: props.sessionId, target: target.value });
} catch (err) { alert(err); }
scanning.value = false;
}
</script>

90
src/components/tools/SshKeyGen.vue
View File

@ -1,90 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-4">
<h2 class="text-sm font-bold text-[#58a6ff]">SSH Key Generator</h2>
<div class="flex items-center gap-3">
<div>
<label class="block text-xs text-[#8b949e] mb-1">Key Type</label>
<select v-model="keyType" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none cursor-pointer">
<option value="ed25519">Ed25519 (recommended)</option>
<option value="rsa">RSA 2048</option>
</select>
</div>
<div class="flex-1">
<label class="block text-xs text-[#8b949e] mb-1">Comment</label>
<input v-model="comment" type="text" placeholder="user@host" class="w-full px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff]" />
</div>
<div class="self-end">
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#238636] text-white cursor-pointer" @click="generate">Generate</button>
</div>
</div>
<template v-if="key">
<div>
<div class="flex items-center justify-between mb-1">
<label class="text-xs text-[#8b949e]">Public Key</label>
<button class="text-[10px] text-[#58a6ff] hover:underline cursor-pointer" @click="copy(key.publicKey)">Copy</button>
</div>
<textarea readonly :value="key.publicKey" rows="2" class="w-full px-3 py-2 text-xs font-mono rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] resize-none" />
</div>
<div>
<div class="flex items-center justify-between mb-1">
<label class="text-xs text-[#8b949e]">Private Key</label>
<button class="text-[10px] text-[#58a6ff] hover:underline cursor-pointer" @click="copy(key.privateKey)">Copy</button>
</div>
<textarea readonly :value="key.privateKey" rows="8" class="w-full px-3 py-2 text-xs font-mono rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] resize-none" />
</div>
<div class="flex items-center gap-3">
<div class="text-xs text-[#8b949e]">
Fingerprint: <span class="font-mono text-[#e0e0e0]">{{ key.fingerprint }}</span>
</div>
<button class="px-3 py-1 text-xs rounded bg-[#58a6ff] text-black font-bold cursor-pointer" @click="savePrivateKey">Save Private Key</button>
<button class="px-3 py-1 text-xs rounded border border-[#30363d] text-[#8b949e] hover:text-white cursor-pointer" @click="savePublicKey">Save Public Key</button>
</div>
</template>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
const keyType = ref("ed25519");
const comment = ref("");
interface GeneratedKey { privateKey: string; publicKey: string; fingerprint: string; keyType: string; }
const key = ref<GeneratedKey | null>(null);
async function generate(): Promise<void> {
try {
key.value = await invoke<GeneratedKey>("tool_generate_ssh_key", { keyType: keyType.value, comment: comment.value || null });
} catch (err) { alert(err); }
}
function copy(text: string): void {
navigator.clipboard.writeText(text).catch(() => {});
}
function saveFile(content: string, filename: string): void {
const blob = new Blob([content], { type: "text/plain" });
const a = document.createElement("a");
a.href = URL.createObjectURL(blob);
a.download = filename;
a.click();
URL.revokeObjectURL(a.href);
}
function savePrivateKey(): void {
if (!key.value) return;
const ext = key.value.keyType === "ed25519" ? "id_ed25519" : "id_rsa";
saveFile(key.value.privateKey, ext);
}
function savePublicKey(): void {
if (!key.value) return;
const ext = key.value.keyType === "ed25519" ? "id_ed25519.pub" : "id_rsa.pub";
saveFile(key.value.publicKey, ext);
}
</script>

49
src/components/tools/SubnetCalc.vue
View File

@ -1,49 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-4">
<div class="flex items-center gap-2">
<input v-model="cidr" type="text" placeholder="192.168.1.0/24" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-48 font-mono" @keydown.enter="calc" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer" @click="calc">Calculate</button>
<div class="flex items-center gap-1 ml-2">
<button v-for="quick in ['/8','/16','/24','/25','/26','/27','/28','/29','/30','/32']" :key="quick"
class="px-1.5 py-0.5 text-[10px] rounded bg-[#21262d] text-[#8b949e] hover:text-white hover:bg-[#30363d] cursor-pointer"
@click="cidr = cidr.replace(/\/\d+$/, '') + quick; calc()"
>{{ quick }}</button>
</div>
</div>
<div v-if="info" class="grid grid-cols-2 gap-x-6 gap-y-2 text-xs">
<div><span class="text-[#8b949e]">CIDR:</span> <span class="font-mono">{{ info.cidr }}</span></div>
<div><span class="text-[#8b949e]">Class:</span> {{ info.class }} <span v-if="info.isPrivate" class="text-[#3fb950]">(Private)</span></div>
<div><span class="text-[#8b949e]">Network:</span> <span class="font-mono">{{ info.network }}</span></div>
<div><span class="text-[#8b949e]">Broadcast:</span> <span class="font-mono">{{ info.broadcast }}</span></div>
<div><span class="text-[#8b949e]">Netmask:</span> <span class="font-mono">{{ info.netmask }}</span></div>
<div><span class="text-[#8b949e]">Wildcard:</span> <span class="font-mono">{{ info.wildcard }}</span></div>
<div><span class="text-[#8b949e]">First Host:</span> <span class="font-mono">{{ info.firstHost }}</span></div>
<div><span class="text-[#8b949e]">Last Host:</span> <span class="font-mono">{{ info.lastHost }}</span></div>
<div><span class="text-[#8b949e]">Total Hosts:</span> {{ info.totalHosts.toLocaleString() }}</div>
<div><span class="text-[#8b949e]">Usable Hosts:</span> {{ info.usableHosts.toLocaleString() }}</div>
<div><span class="text-[#8b949e]">Prefix Length:</span> /{{ info.prefixLength }}</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
const cidr = ref("192.168.1.0/24");
interface SubnetInfo {
cidr: string; network: string; broadcast: string; netmask: string; wildcard: string;
firstHost: string; lastHost: string; totalHosts: number; usableHosts: number;
prefixLength: number; class: string; isPrivate: boolean;
}
const info = ref<SubnetInfo | null>(null);
async function calc(): Promise<void> {
if (!cidr.value) return;
try { info.value = await invoke<SubnetInfo>("tool_subnet_calc", { cidr: cidr.value }); }
catch (err) { alert(err); }
}
</script>

37
src/components/tools/ToolShell.vue
View File

@ -1,37 +0,0 @@
<script setup lang="ts">
import { ref } from "vue";
defineProps<{
placeholder?: string;
}>();
const output = ref("");
const running = ref(false);
async function execute(fn: () => Promise<string>): Promise<void> {
running.value = true;
output.value = "";
try {
output.value = await fn();
} catch (err: unknown) {
output.value = `Error: ${err instanceof Error ? err.message : String(err)}`;
} finally {
running.value = false;
}
}
function setOutput(value: string): void {
output.value = value;
}
defineExpose({ execute, setOutput, output, running });
</script>
<template>
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<slot :running="running" />
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || placeholder || "Ready." }}</pre>
</div>
</template>

43
src/components/tools/ToolWindow.vue
View File

@ -1,43 +0,0 @@
<template>
<div class="h-screen w-screen flex flex-col bg-[#0d1117] text-[#e0e0e0]">
<NetworkScanner v-if="tool === 'network-scanner'" :session-id="sessionId" />
<PortScanner v-else-if="tool === 'port-scanner'" :session-id="sessionId" />
<PingTool v-else-if="tool === 'ping'" :session-id="sessionId" />
<TracerouteTool v-else-if="tool === 'traceroute'" :session-id="sessionId" />
<WakeOnLan v-else-if="tool === 'wake-on-lan'" :session-id="sessionId" />
<DnsLookup v-else-if="tool === 'dns-lookup'" :session-id="sessionId" />
<WhoisTool v-else-if="tool === 'whois'" :session-id="sessionId" />
<BandwidthTest v-else-if="tool === 'bandwidth'" :session-id="sessionId" />
<SubnetCalc v-else-if="tool === 'subnet-calc'" />
<DockerPanel v-else-if="tool === 'docker'" :session-id="sessionId" />
<FileEditor v-else-if="tool === 'editor'" :session-id="sessionId" />
<SshKeyGen v-else-if="tool === 'ssh-keygen'" />
<PasswordGen v-else-if="tool === 'password-gen'" />
<HelpWindow v-else-if="tool === 'help'" />
<div v-else class="flex-1 flex items-center justify-center text-sm text-[#484f58]">
Unknown tool: {{ tool }}
</div>
</div>
</template>
<script setup lang="ts">
import NetworkScanner from "./NetworkScanner.vue";
import PortScanner from "./PortScanner.vue";
import PingTool from "./PingTool.vue";
import TracerouteTool from "./TracerouteTool.vue";
import WakeOnLan from "./WakeOnLan.vue";
import DnsLookup from "./DnsLookup.vue";
import WhoisTool from "./WhoisTool.vue";
import BandwidthTest from "./BandwidthTest.vue";
import SubnetCalc from "./SubnetCalc.vue";
import DockerPanel from "./DockerPanel.vue";
import FileEditor from "./FileEditor.vue";
import SshKeyGen from "./SshKeyGen.vue";
import PasswordGen from "./PasswordGen.vue";
import HelpWindow from "./HelpWindow.vue";
defineProps<{
tool: string;
sessionId: string;
}>();
</script>

25
src/components/tools/TracerouteTool.vue
View File

@ -1,25 +0,0 @@
<template>
<ToolShell ref="shell" placeholder="Enter a host and click Trace">
<template #default="{ running }">
<input v-model="target" type="text" placeholder="Host to trace" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="trace" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="trace">Trace</button>
</template>
</ToolShell>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
async function trace(): Promise<void> {
if (!target.value) return;
shell.value?.execute(() =>
invoke<string>("tool_traceroute", { sessionId: props.sessionId, target: target.value })
);
}
</script>

32
src/components/tools/WakeOnLan.vue
View File

@ -1,32 +0,0 @@
<template>
<div class="flex flex-col h-full p-4 gap-4">
<h2 class="text-sm font-bold text-[#58a6ff]">Wake on LAN</h2>
<p class="text-xs text-[#8b949e]">Send a magic packet through the remote host to wake a machine on the same network.</p>
<div class="flex items-center gap-2">
<input v-model="macAddress" type="text" placeholder="MAC address (AA:BB:CC:DD:EE:FF)" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1 font-mono" @keydown.enter="wake" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="sending" @click="wake">Wake</button>
</div>
<pre v-if="result" class="bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono text-[#e0e0e0]">{{ result }}</pre>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
const props = defineProps<{ sessionId: string }>();
const macAddress = ref("");
const result = ref("");
const sending = ref(false);
async function wake(): Promise<void> {
if (!macAddress.value) return;
sending.value = true;
try {
result.value = await invoke<string>("tool_wake_on_lan", { sessionId: props.sessionId, macAddress: macAddress.value });
} catch (err) { result.value = String(err); }
sending.value = false;
}
</script>

25
src/components/tools/WhoisTool.vue
View File

@ -1,25 +0,0 @@
<template>
<ToolShell ref="shell" placeholder="Enter a domain or IP and click Whois">
<template #default="{ running }">
<input v-model="target" type="text" placeholder="Domain or IP" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="lookup" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="lookup">Whois</button>
</template>
</ToolShell>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
async function lookup(): Promise<void> {
if (!target.value) return;
shell.value?.execute(() =>
invoke<string>("tool_whois", { sessionId: props.sessionId, target: target.value })
);
}
</script>

106
src/composables/useKeyboardShortcuts.ts
View File

@ -1,106 +0,0 @@
import { onMounted, onBeforeUnmount } from "vue";
import type { Ref } from "vue";
import type { useSessionStore } from "@/stores/session.store";
interface KeyboardShortcutActions {
sessionStore: ReturnType<typeof useSessionStore>;
sidebarVisible: Ref<boolean>;
copilotVisible: Ref<boolean>;
openCommandPalette: () => void;
openActiveSearch: () => void;
}
export function useKeyboardShortcuts(actions: KeyboardShortcutActions): void {
const { sessionStore, sidebarVisible, copilotVisible, openCommandPalette, openActiveSearch } = actions;
function handleKeydown(event: KeyboardEvent): void {
const target = event.target as HTMLElement;
const isInputFocused =
target.tagName === "INPUT" ||
target.tagName === "TEXTAREA" ||
target.tagName === "SELECT";
const ctrl = event.ctrlKey || event.metaKey;
// Ctrl+K — command palette (fires even when input is focused)
if (ctrl && event.key === "k") {
event.preventDefault();
openCommandPalette();
return;
}
if (isInputFocused) return;
// Ctrl+W — close active tab
if (ctrl && event.key === "w") {
event.preventDefault();
const active = sessionStore.activeSession;
if (active) sessionStore.closeSession(active.id);
return;
}
// Ctrl+Tab — next tab
if (ctrl && event.key === "Tab" && !event.shiftKey) {
event.preventDefault();
const sessions = sessionStore.sessions;
if (sessions.length < 2) return;
const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId);
const next = sessions[(idx + 1) % sessions.length];
sessionStore.activateSession(next.id);
return;
}
// Ctrl+Shift+Tab — previous tab
if (ctrl && event.key === "Tab" && event.shiftKey) {
event.preventDefault();
const sessions = sessionStore.sessions;
if (sessions.length < 2) return;
const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId);
const prev = sessions[(idx - 1 + sessions.length) % sessions.length];
sessionStore.activateSession(prev.id);
return;
}
// Ctrl+1-9 — jump to tab by index
if (ctrl && event.key >= "1" && event.key <= "9") {
const tabIndex = parseInt(event.key, 10) - 1;
const sessions = sessionStore.sessions;
if (tabIndex < sessions.length) {
event.preventDefault();
sessionStore.activateSession(sessions[tabIndex].id);
}
return;
}
// Ctrl+B — toggle sidebar
if (ctrl && event.key === "b") {
event.preventDefault();
sidebarVisible.value = !sidebarVisible.value;
return;
}
// Ctrl+Shift+G — toggle AI copilot
if (ctrl && event.shiftKey && event.key.toLowerCase() === "g") {
event.preventDefault();
copilotVisible.value = !copilotVisible.value;
return;
}
// Ctrl+F — terminal search (SSH sessions only)
if (ctrl && event.key === "f") {
const active = sessionStore.activeSession;
if (active?.protocol === "ssh") {
event.preventDefault();
openActiveSearch();
}
return;
}
}
onMounted(() => {
document.addEventListener("keydown", handleKeydown);
});
onBeforeUnmount(() => {
document.removeEventListener("keydown", handleKeydown);
});
}

118
src/composables/useRdp.ts
View File

@ -1,5 +1,4 @@
import { ref, onBeforeUnmount } from "vue";
import type { Ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
/**
@ -153,13 +152,13 @@ export function jsKeyToScancode(code: string): number | null {
export interface UseRdpReturn {
/** Whether the RDP session is connected (first frame received) */
connected: Ref<boolean>;
connected: ReturnType<typeof ref<boolean>>;
/** Whether keyboard capture is enabled */
keyboardGrabbed: Ref<boolean>;
keyboardGrabbed: ReturnType<typeof ref<boolean>>;
/** Whether clipboard sync is enabled */
clipboardSync: Ref<boolean>;
/** Fetch and render the dirty region directly to a canvas context */
fetchAndRender: (sessionId: string, width: number, height: number, ctx: CanvasRenderingContext2D) => Promise<boolean>;
clipboardSync: ReturnType<typeof ref<boolean>>;
/** Fetch the current frame as RGBA ImageData */
fetchFrame: (sessionId: string, width: number, height: number) => Promise<ImageData | null>;
/** Send a mouse event to the backend */
sendMouse: (sessionId: string, x: number, y: number, flags: number) => void;
/** Send a key event to the backend */
@ -185,64 +184,58 @@ export interface UseRdpReturn {
* Composable that manages an RDP session's rendering and input.
*
* Uses Tauri's invoke() to call Rust commands:
* rdp_get_frame raw RGBA ArrayBuffer (binary IPC)
* rdp_get_frame base64 RGBA string
* rdp_send_mouse fire-and-forget
* rdp_send_key fire-and-forget
* rdp_send_clipboard fire-and-forget
*/
export function useRdp(): UseRdpReturn {
const connected = ref(false);
const keyboardGrabbed = ref(true);
const keyboardGrabbed = ref(false);
const clipboardSync = ref(false);
let animFrameId: number | null = null;
let unlistenFrame: (() => void) | null = null;
let frameCount = 0;
/**
* Fetch the dirty region from the Rust RDP backend and apply it to the canvas.
* Fetch the current frame from the Rust RDP backend.
*
* Binary format from backend: 8-byte header + pixel data
* Header: [x: u16, y: u16, w: u16, h: u16] (little-endian)
* If header is all zeros full frame (width*height*4 bytes)
* If header is non-zero dirty rectangle (w*h*4 bytes)
*
* Returns true if a frame was rendered, false if nothing changed.
* rdp_get_frame returns raw RGBA bytes (width*height*4) serialised as a
* base64 string over Tauri's IPC bridge. We decode it to Uint8ClampedArray
* and wrap in an ImageData for putImageData().
*/
async function fetchAndRender(
async function fetchFrame(
sessionId: string,
width: number,
height: number,
ctx: CanvasRenderingContext2D,
): Promise<boolean> {
let raw: ArrayBuffer;
): Promise<ImageData | null> {
let raw: string;
try {
raw = await invoke<ArrayBuffer>("rdp_get_frame", { sessionId });
raw = await invoke<string>("rdp_get_frame", { sessionId });
} catch {
return false;
// Session may not be connected yet or backend returned an error — skip frame
return null;
}
if (!raw || raw.byteLength <= 8) return false;
if (!raw) return null;
const view = new DataView(raw);
const rx = view.getUint16(0, true);
const ry = view.getUint16(2, true);
const rw = view.getUint16(4, true);
const rh = view.getUint16(6, true);
const pixelData = new Uint8ClampedArray(raw, 8);
// Decode base64 → binary string → Uint8ClampedArray
const binaryStr = atob(raw);
const bytes = new Uint8ClampedArray(binaryStr.length);
for (let i = 0; i < binaryStr.length; i++) {
bytes[i] = binaryStr.charCodeAt(i);
}
if (rx === 0 && ry === 0 && rw === 0 && rh === 0) {
// Full frame
// Validate: RGBA requires exactly width * height * 4 bytes
const expected = width * height * 4;
if (pixelData.length !== expected) return false;
ctx.putImageData(new ImageData(pixelData, width, height), 0, 0);
} else {
// Dirty rectangle — apply at offset
const expected = rw * rh * 4;
if (pixelData.length !== expected) return false;
ctx.putImageData(new ImageData(pixelData, rw, rh), rx, ry);
if (bytes.length !== expected) {
console.warn(
`[useRdp] Frame size mismatch: got ${bytes.length}, expected ${expected}`,
);
return null;
}
return true;
return new ImageData(bytes, width, height);
}
/**
@ -310,36 +303,26 @@ export function useRdp(): UseRdpReturn {
canvas.width = width;
canvas.height = height;
let fetchPending = false;
let rafScheduled = false;
function renderLoop(): void {
frameCount++;
// Fetch and render dirty region when backend signals new frame data.
// Uses rAF to coalesce rapid events into one fetch per display frame.
function scheduleFrameFetch(): void {
if (rafScheduled) return;
rafScheduled = true;
animFrameId = requestAnimationFrame(async () => {
rafScheduled = false;
if (fetchPending) return;
fetchPending = true;
if (!ctx) return;
const rendered = await fetchAndRender(sessionId, width, height, ctx);
fetchPending = false;
if (rendered && !connected.value) connected.value = true;
// Throttle to ~30fps by skipping odd-numbered rAF ticks
if (frameCount % 2 === 0) {
fetchFrame(sessionId, width, height).then((imageData) => {
if (imageData && ctx) {
ctx.putImageData(imageData, 0, 0);
// Mark connected on first successful frame
if (!connected.value) {
connected.value = true;
}
}
});
}
// Listen for frame events from the backend (push model)
import("@tauri-apps/api/event").then(({ listen }) => {
listen(`rdp:frame:${sessionId}`, () => {
scheduleFrameFetch();
}).then((unlisten) => {
unlistenFrame = unlisten;
});
});
animFrameId = requestAnimationFrame(renderLoop);
}
// Initial poll in case frames arrived before listener was set up
scheduleFrameFetch();
animFrameId = requestAnimationFrame(renderLoop);
}
/**
@ -350,11 +333,8 @@ export function useRdp(): UseRdpReturn {
cancelAnimationFrame(animFrameId);
animFrameId = null;
}
if (unlistenFrame !== null) {
unlistenFrame();
unlistenFrame = null;
}
connected.value = false;
frameCount = 0;
}
function toggleKeyboardGrab(): void {
@ -373,7 +353,7 @@ export function useRdp(): UseRdpReturn {
connected,
keyboardGrabbed,
clipboardSync,
fetchAndRender,
fetchFrame,
sendMouse,
sendKey,
sendClipboard,

77
src/composables/useSftp.ts
View File

@ -1,4 +1,4 @@
import { ref, watch, onBeforeUnmount, type Ref } from "vue";
import { ref, onBeforeUnmount, type Ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { listen, type UnlistenFn } from "@tauri-apps/api/event";
@ -21,29 +21,20 @@ export interface UseSftpReturn {
refresh: () => Promise<void>;
}
// Persist the last browsed path per session so switching tabs restores position
const sessionPaths: Record<string, string> = {};
/** Remove a session's saved path from the module-level cache. Call on session close. */
export function cleanupSession(sessionId: string): void {
delete sessionPaths[sessionId];
}
/**
* Composable that manages SFTP file browsing state.
* Accepts a reactive session ID ref so it reinitializes on tab switch
* without destroying the component.
* Calls the Rust SFTP commands via Tauri invoke.
*/
export function useSftp(sessionIdRef: Ref<string>): UseSftpReturn {
export function useSftp(sessionId: string): UseSftpReturn {
const currentPath = ref("/");
const entries = ref<FileEntry[]>([]);
const isLoading = ref(false);
const followTerminal = ref(true);
// Holds the unlisten function returned by listen() — called on cleanup.
let unlistenCwd: UnlistenFn | null = null;
let currentSessionId = "";
async function listDirectory(sessionId: string, path: string): Promise<FileEntry[]> {
async function listDirectory(path: string): Promise<FileEntry[]> {
try {
const result = await invoke<FileEntry[]>("sftp_list", { sessionId, path });
return result ?? [];
@ -54,12 +45,10 @@ export function useSftp(sessionIdRef: Ref<string>): UseSftpReturn {
}
async function navigateTo(path: string): Promise<void> {
if (!currentSessionId) return;
isLoading.value = true;
try {
currentPath.value = path;
sessionPaths[currentSessionId] = path;
entries.value = await listDirectory(currentSessionId, path);
entries.value = await listDirectory(path);
} finally {
isLoading.value = false;
}
@ -79,63 +68,25 @@ export function useSftp(sessionIdRef: Ref<string>): UseSftpReturn {
await navigateTo(currentPath.value);
}
async function switchToSession(sessionId: string): Promise<void> {
if (!sessionId) {
entries.value = [];
return;
}
// Save current path for the old session
if (currentSessionId) {
sessionPaths[currentSessionId] = currentPath.value;
}
// Unlisten old CWD events
if (unlistenCwd) {
unlistenCwd();
unlistenCwd = null;
}
currentSessionId = sessionId;
// Restore saved path or default to root
const savedPath = sessionPaths[sessionId] || "/";
currentPath.value = savedPath;
// Load the directory
isLoading.value = true;
try {
entries.value = await listDirectory(sessionId, savedPath);
} finally {
isLoading.value = false;
}
// Listen for CWD changes on the new session
try {
unlistenCwd = await listen<string>(`ssh:cwd:${sessionId}`, (event) => {
// Listen for CWD changes from the Rust backend (OSC 7 tracking).
// listen() returns Promise<UnlistenFn> — store it for cleanup.
listen<string>(`ssh:cwd:${sessionId}`, (event) => {
if (!followTerminal.value) return;
const newPath = event.payload;
if (newPath && newPath !== currentPath.value) {
navigateTo(newPath);
}
}).then((unlisten) => {
unlistenCwd = unlisten;
});
} catch {
// Event listener setup failed — non-fatal
}
}
// React to session ID changes
watch(sessionIdRef, (newId) => {
switchToSession(newId);
}, { immediate: true });
onBeforeUnmount(() => {
if (currentSessionId) {
sessionPaths[currentSessionId] = currentPath.value;
}
if (unlistenCwd) unlistenCwd();
});
// Load home directory on init
navigateTo("/home");
return {
currentPath,
entries,

48
src/composables/useTerminal.ts
View File

@ -5,7 +5,6 @@ import { SearchAddon } from "@xterm/addon-search";
import { WebLinksAddon } from "@xterm/addon-web-links";
import { invoke } from "@tauri-apps/api/core";
import { listen, type UnlistenFn } from "@tauri-apps/api/event";
import { useSessionStore } from "@/stores/session.store";
import "@xterm/xterm/css/xterm.css";
/** MobaXTerm Classicinspired terminal theme colors. */
@ -14,9 +13,8 @@ const defaultTheme = {
foreground: "#e0e0e0",
cursor: "#58a6ff",
cursorAccent: "#0d1117",
selectionBackground: "#264f78",
selectionBackground: "rgba(88, 166, 255, 0.3)",
selectionForeground: "#ffffff",
selectionInactiveBackground: "#264f78",
black: "#0d1117",
red: "#f85149",
green: "#3fb950",
@ -53,11 +51,7 @@ export interface UseTerminalReturn {
* - SSH stdout xterm.js (via Tauri listen, base64 encoded)
* - Terminal resize ssh_resize (via Tauri invoke)
*/
export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'): UseTerminalReturn {
const writeCmd = backend === 'ssh' ? 'ssh_write' : 'pty_write';
const resizeCmd = backend === 'ssh' ? 'ssh_resize' : 'pty_resize';
const dataEvent = backend === 'ssh' ? `ssh:data:${sessionId}` : `pty:data:${sessionId}`;
export function useTerminal(sessionId: string): UseTerminalReturn {
const fitAddon = new FitAddon();
const searchAddon = new SearchAddon();
const webLinksAddon = new WebLinksAddon();
@ -71,9 +65,7 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
cursorStyle: "block",
scrollback: 10000,
allowProposedApi: true,
// SSH always needs EOL conversion. PTY needs it on Windows (ConPTY sends bare \n)
// but not on Unix (PTY driver handles LF→CRLF). navigator.platform is the simplest check.
convertEol: backend === 'ssh' || navigator.platform.startsWith('Win'),
convertEol: true,
rightClickSelectsWord: false,
});
@ -81,17 +73,17 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
terminal.loadAddon(searchAddon);
terminal.loadAddon(webLinksAddon);
// Forward typed data to the backend
// Forward typed data to the SSH backend
terminal.onData((data: string) => {
invoke(writeCmd, { sessionId, data }).catch((err: unknown) => {
console.error("Write error:", err);
invoke("ssh_write", { sessionId, data }).catch((err: unknown) => {
console.error("SSH write error:", err);
});
});
// Forward resize events to the backend
// Forward resize events to the SSH backend
terminal.onResize((size: { cols: number; rows: number }) => {
invoke(resizeCmd, { sessionId, cols: size.cols, rows: size.rows }).catch((err: unknown) => {
console.error("Resize error:", err);
invoke("ssh_resize", { sessionId, cols: size.cols, rows: size.rows }).catch((err: unknown) => {
console.error("SSH resize error:", err);
});
});
@ -108,7 +100,7 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
e.stopPropagation();
navigator.clipboard.readText().then((text) => {
if (text) {
invoke(writeCmd, { sessionId, data: text }).catch(() => {});
invoke("ssh_write", { sessionId, data: text }).catch(() => {});
}
}).catch(() => {});
}
@ -156,7 +148,6 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
// cell widths — producing tiny dashes and 200+ column terminals.
document.fonts.ready.then(() => {
fitAddon.fit();
terminal.focus();
});
// Right-click paste on the terminal's DOM element
@ -165,17 +156,7 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
// Subscribe to SSH output events for this session.
// Tauri v2 listen() callback receives { payload: T } — the base64 string
// is in event.payload (not event.data as in Wails).
// Throttle activity marking to avoid Vue reactivity storms
let lastActivityMark = 0;
unlistenPromise = listen<string>(dataEvent, (event) => {
// Mark tab activity at most once per second
const now = Date.now();
if (now - lastActivityMark > 1000) {
lastActivityMark = now;
try { useSessionStore().markActivity(sessionId); } catch {}
}
unlistenPromise = listen<string>(`ssh:data:${sessionId}`, (event) => {
const b64data = event.payload;
try {
@ -202,12 +183,9 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
unlistenFn = fn;
});
// Auto-fit when the container resizes — but only if visible
resizeObserver = new ResizeObserver((entries) => {
const entry = entries[0];
if (entry && entry.contentRect.width > 50 && entry.contentRect.height > 50) {
// Auto-fit when the container resizes
resizeObserver = new ResizeObserver(() => {
fitAddon.fit();
}
});
resizeObserver.observe(container);
}

559
src/layouts/MainLayout.vue
View File

@ -32,11 +32,19 @@
<kbd class="text-[10px] text-[var(--wraith-text-muted)]">Ctrl+N</kbd>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleFileMenuAction('import')"
>
<svg class="w-3.5 h-3.5 shrink-0" viewBox="0 0 16 16" fill="currentColor"><path d="M2.75 14A1.75 1.75 0 0 1 1 12.25v-2.5a.75.75 0 0 1 1.5 0v2.5c0 .138.112.25.25.25h10.5a.25.25 0 0 0 .25-.25v-2.5a.75.75 0 0 1 1.5 0v2.5A1.75 1.75 0 0 1 13.25 14ZM11.78 4.72a.749.749 0 1 1-1.06 1.06L8.75 3.81V9.5a.75.75 0 0 1-1.5 0V3.81L5.28 5.78a.749.749 0 1 1-1.06-1.06l3.25-3.25a.749.749 0 0 1 1.06 0l3.25 3.25Z"/></svg>
<span class="flex-1">Import from MobaXTerm</span>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleFileMenuAction('settings')"
>
<svg class="w-3.5 h-3.5 shrink-0" viewBox="0 0 16 16" fill="currentColor"><path d="M8 0a8.2 8.2 0 0 1 .701.031C8.955.017 9.209 0 9.466 0a1.934 1.934 0 0 1 1.466.665c.33.367.51.831.54 1.316a7.96 7.96 0 0 1 .82.4c.463-.207.97-.29 1.476-.19.504.1.963.37 1.3.77.339.404.516.91.5 1.423a1.94 1.94 0 0 1-.405 1.168 8.02 8.02 0 0 1 .356.9 1.939 1.939 0 0 1 1.48.803 1.941 1.941 0 0 1 0 2.29 1.939 1.939 0 0 1-1.48.803c-.095.316-.215.622-.357.9a1.94 1.94 0 0 1-.094 2.59 1.94 1.94 0 0 1-2.776.22 7.96 7.96 0 0 1-.82.4 1.94 1.94 0 0 1-2.006 1.98A8.2 8.2 0 0 1 8 16a8.2 8.2 0 0 1-.701-.031 1.938 1.938 0 0 1-2.005-1.98 7.96 7.96 0 0 1-.82-.4 1.94 1.94 0 0 1-2.776-.22 1.94 1.94 0 0 1-.094-2.59 8.02 8.02 0 0 1-.357-.9A1.939 1.939 0 0 1 0 8.945a1.941 1.941 0 0 1 1.247-.803c.095-.316.215-.622.357-.9a1.94 1.94 0 0 1 .094-2.59 1.94 1.94 0 0 1 2.776-.22c.258-.157.532-.293.82-.4A1.934 1.934 0 0 1 6.834.665 1.934 1.934 0 0 1 8.3.03 8.2 8.2 0 0 1 8 0ZM8 5a3 3 0 1 0 0 6 3 3 0 0 0 0-6Z"/></svg>
<svg class="w-3.5 h-3.5 shrink-0" viewBox="0 0 16 16" fill="currentColor"><path d="M8 0a8.2 8.2 0 0 1 .701.031C8.955.017 9.209 0 9.466 0a1.934 1.934 0 0 1 1.466.665c.33.367.51.831.54 1.316a7.96 7.96 0 0 1 .82.4c.463-.207.97-.29 1.476-.19.504.1.963.37 1.3.77.339.404.516.91.5 1.423a1.94 1.94 0 0 1-.405 1.168 8.02 8.02 0 0 1 .356.9 1.939 1.939 0 0 1 1.48.803 1.941 1.941 0 0 1 0 2.29 1.939 1.939 0 0 1-1.48.803c-.095.316-.215.622-.357.9a1.94 1.94 0 0 1-.094 2.59 1.94 1.94 0 0 1-2.776.22 7.96 7.96 0 0 1-.82.4 1.94 1.94 0 0 1-2.006 1.98A8.2 8.2 0 0 1 8 16a8.2 8.2 0 0 1-.701-.031 1.938 1.938 0 0 1-2.005-1.98 7.96 7.96 0 0 1-.82-.4 1.94 1.94 0 0 1-2.776-.22 1.94 1.94 0 0 1-.094-2.59 8.02 8.02 0 0 1-.357-.9A1.939 1.939 0 0 1 0 8.945a1.941 1.941 0 0 1 0-2.29 1.939 1.939 0 0 1 1.247-.803c.095-.316.215-.622.357-.9a1.94 1.94 0 0 1 .094-2.59 1.94 1.94 0 0 1 2.776-.22c.258-.157.532-.293.82-.4A1.934 1.934 0 0 1 6.834.665 1.934 1.934 0 0 1 8.3.03 8.2 8.2 0 0 1 8 0ZM8 5a3 3 0 1 0 0 6 3 3 0 0 0 0-6Z"/></svg>
<span class="flex-1">Settings</span>
</button>
<div class="border-t border-[#30363d] my-1" />
@ -50,138 +58,6 @@
</button>
</div>
</div>
<!-- Tools menu -->
<div class="relative">
<button
class="text-xs text-[var(--wraith-text-secondary)] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer px-2 py-1 rounded hover:bg-[var(--wraith-bg-tertiary)]"
@click="showToolsMenu = !showToolsMenu"
@blur="closeToolsMenuDeferred"
>
Tools
</button>
<div
v-if="showToolsMenu"
class="absolute top-full left-0 mt-0.5 w-56 bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl overflow-hidden z-50 py-1"
>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('network-scanner')"
>
<span class="flex-1">Network Scanner</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('port-scanner')"
>
<span class="flex-1">Port Scanner</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('ping')"
>
<span class="flex-1">Ping</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('traceroute')"
>
<span class="flex-1">Traceroute</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('dns-lookup')"
>
<span class="flex-1">DNS Lookup</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('whois')"
>
<span class="flex-1">Whois</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('bandwidth')"
>
<span class="flex-1">Bandwidth Test</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('subnet-calc')"
>
<span class="flex-1">Subnet Calculator</span>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('docker')"
>
<span class="flex-1">Docker Manager</span>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('wake-on-lan')"
>
<span class="flex-1">Wake on LAN</span>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('ssh-keygen')"
>
<span class="flex-1">SSH Key Generator</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleToolAction('password-gen')"
>
<span class="flex-1">Password Generator</span>
</button>
</div>
</div>
<!-- Help menu -->
<div class="relative">
<button
class="text-xs text-[var(--wraith-text-secondary)] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer px-2 py-1 rounded hover:bg-[var(--wraith-bg-tertiary)]"
@click="showHelpMenu = !showHelpMenu"
@blur="closeHelpMenuDeferred"
>
Help
</button>
<div
v-if="showHelpMenu"
class="absolute top-full left-0 mt-0.5 w-56 bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl overflow-hidden z-50 py-1"
>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('guide')"
>
<span class="flex-1">Getting Started</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('shortcuts')"
>
<span class="flex-1">Keyboard Shortcuts</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('mcp')"
>
<span class="flex-1">MCP Integration</span>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('about')"
>
<span class="flex-1">About Wraith</span>
</button>
</div>
</div>
</div>
<!-- Quick Connect -->
@ -197,16 +73,6 @@
<div class="flex items-center gap-3 text-xs text-[var(--wraith-text-secondary)]">
<span>{{ sessionStore.sessionCount }} session{{ sessionStore.sessionCount !== 1 ? "s" : "" }}</span>
<button
class="hover:text-[var(--wraith-accent-blue)] transition-colors cursor-pointer"
:class="{ 'text-[var(--wraith-accent-blue)]': copilotVisible }"
title="AI Copilot (Ctrl+Shift+G)"
@click="copilotVisible = !copilotVisible"
>
AI
</button>
<button
class="hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
title="Command palette (Ctrl+K)"
@ -283,32 +149,77 @@
<!-- Tab bar -->
<TabBar />
<!-- Inline file editor shown above the terminal when a file is open -->
<EditorWindow
v-if="editorFile"
:content="editorFile.content"
:file-path="editorFile.path"
:session-id="editorFile.sessionId"
@close="editorFile = null"
/>
<!-- Session area -->
<SessionContainer ref="sessionContainer" />
</div>
<!-- AI Copilot Panel -->
<CopilotPanel v-if="copilotVisible" />
</div>
<!-- Status bar -->
<StatusBar ref="statusBar" @open-theme-picker="themePicker?.open()" />
<!-- Command Palette (Ctrl+K) stub, full implementation Phase N -->
<CommandPalette
ref="commandPalette"
@open-import="importDialog?.open()"
@open-settings="settingsModal?.open()"
@open-new-connection="connectionEditDialog?.openNew()"
/>
<!-- Theme Picker -->
<ThemePicker ref="themePicker" @select="handleThemeSelect" />
<!-- Import Dialog -->
<ImportDialog ref="importDialog" />
<!-- Settings Modal -->
<SettingsModal ref="settingsModal" />
<!-- Connection Edit Dialog (for File menu / Command Palette new connection) -->
<ConnectionEditDialog ref="connectionEditDialog" />
<!-- First-run: MobaXTerm import prompt -->
<Teleport to="body">
<div
v-if="showMobaPrompt"
class="fixed inset-0 z-50 flex items-center justify-center"
>
<div class="absolute inset-0 bg-black/50" @click="showMobaPrompt = false" />
<div class="relative w-full max-w-sm bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl p-6 space-y-4">
<h3 class="text-sm font-semibold text-[var(--wraith-text-primary)]">No connections found</h3>
<p class="text-xs text-[var(--wraith-text-secondary)]">
It looks like this is your first time running Wraith. Would you like to import connections from MobaXTerm?
</p>
<div class="flex gap-2 justify-end">
<button
class="px-3 py-1.5 text-xs rounded bg-[var(--wraith-bg-tertiary)] text-[var(--wraith-text-secondary)] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@click="showMobaPrompt = false"
>
Skip
</button>
<button
class="px-3 py-1.5 text-xs rounded bg-[#1f6feb] text-white hover:bg-[#388bfd] transition-colors cursor-pointer"
@click="() => { showMobaPrompt = false; importDialog?.open(); }"
>
Import from MobaXTerm
</button>
</div>
</div>
</div>
</Teleport>
</div>
</template>
<script setup lang="ts">
import { ref, computed, onMounted, onUnmounted } from "vue";
import { useKeyboardShortcuts } from "@/composables/useKeyboardShortcuts";
import { invoke } from "@tauri-apps/api/core";
import { getCurrentWindow } from "@tauri-apps/api/window";
import { useAppStore } from "@/stores/app.store";
@ -321,11 +232,12 @@ import SessionContainer from "@/components/session/SessionContainer.vue";
import StatusBar from "@/components/common/StatusBar.vue";
import CommandPalette from "@/components/common/CommandPalette.vue";
import ThemePicker from "@/components/common/ThemePicker.vue";
import ImportDialog from "@/components/common/ImportDialog.vue";
import SettingsModal from "@/components/common/SettingsModal.vue";
import ConnectionEditDialog from "@/components/connections/ConnectionEditDialog.vue";
import FileTree from "@/components/sftp/FileTree.vue";
import TransferProgress from "@/components/sftp/TransferProgress.vue";
import CopilotPanel from "@/components/ai/CopilotPanel.vue";
import EditorWindow from "@/components/editor/EditorWindow.vue";
import type { FileEntry } from "@/composables/useSftp";
import type { ThemeDefinition } from "@/components/common/ThemePicker.vue";
@ -335,215 +247,264 @@ const appStore = useAppStore();
const connectionStore = useConnectionStore();
const sessionStore = useSessionStore();
/** Active SSH session ID, exposed to the SFTP sidebar. */
const activeSessionId = computed(() => sessionStore.activeSessionId);
const sidebarWidth = ref(240);
const sidebarVisible = ref(true);
const sidebarTab = ref<SidebarTab>("connections");
const copilotVisible = ref(false);
const quickConnectInput = ref("");
/** Whether to show the MobaXTerm import prompt (first run, no connections). */
const showMobaPrompt = ref(false);
const commandPalette = ref<InstanceType<typeof CommandPalette> | null>(null);
const themePicker = ref<InstanceType<typeof ThemePicker> | null>(null);
const importDialog = ref<InstanceType<typeof ImportDialog> | null>(null);
const settingsModal = ref<InstanceType<typeof SettingsModal> | null>(null);
const connectionEditDialog = ref<InstanceType<typeof ConnectionEditDialog> | null>(null);
const statusBar = ref<InstanceType<typeof StatusBar> | null>(null);
const sessionContainer = ref<InstanceType<typeof SessionContainer> | null>(null);
const showFileMenu = ref(false);
const showToolsMenu = ref(false);
const showHelpMenu = ref(false);
/** Currently open file in the inline editor. Null when the editor is closed. */
interface EditorFile {
path: string;
content: string;
sessionId: string;
}
const editorFile = ref<EditorFile | null>(null);
/** File menu dropdown state. */
const showFileMenu = ref(false);
/** Close the file menu after a short delay (allows click events to fire first). */
function closeFileMenuDeferred(): void {
setTimeout(() => { showFileMenu.value = false; }, 150);
}
function closeToolsMenuDeferred(): void {
setTimeout(() => { showToolsMenu.value = false; }, 150);
}
function closeHelpMenuDeferred(): void {
setTimeout(() => { showHelpMenu.value = false; }, 150);
}
async function handleHelpAction(page: string): Promise<void> {
showHelpMenu.value = false;
try {
await invoke("open_child_window", {
label: `help-${page}-${Date.now()}`,
title: "Wraith — Help",
url: `index.html#/tool/help?page=${page}`,
width: 750, height: 600,
});
} catch (err) { console.error("Help window error:", err); alert("Window error: " + String(err)); }
}
async function handleToolAction(tool: string): Promise<void> {
showToolsMenu.value = false;
// Tools that don't need a session
const localTools = ["ssh-keygen", "password-gen", "subnet-calc"];
if (!localTools.includes(tool) && !activeSessionId.value) {
alert("Connect to a server first — network tools run through SSH sessions.");
return;
}
const toolConfig: Record<string, { title: string; width: number; height: number }> = {
"network-scanner": { title: "Network Scanner", width: 800, height: 600 },
"port-scanner": { title: "Port Scanner", width: 700, height: 500 },
"ping": { title: "Ping", width: 600, height: 400 },
"traceroute": { title: "Traceroute", width: 600, height: 500 },
"dns-lookup": { title: "DNS Lookup", width: 600, height: 400 },
"whois": { title: "Whois", width: 700, height: 500 },
"bandwidth": { title: "Bandwidth Test", width: 700, height: 450 },
"subnet-calc": { title: "Subnet Calculator", width: 650, height: 350 },
"docker": { title: "Docker Manager", width: 900, height: 600 },
"wake-on-lan": { title: "Wake on LAN", width: 500, height: 300 },
"ssh-keygen": { title: "SSH Key Generator", width: 700, height: 500 },
"password-gen": { title: "Password Generator", width: 500, height: 400 },
};
const config = toolConfig[tool];
if (!config) return;
const sessionId = activeSessionId.value || "";
try {
await invoke("open_child_window", {
label: `tool-${tool}-${Date.now()}`,
title: `Wraith — ${config.title}`,
url: `index.html#/tool/${tool}?sessionId=${sessionId}`,
width: config.width, height: config.height,
});
} catch (err) { console.error("Tool window error:", err); alert("Tool window error: " + String(err)); }
}
/** Handle file menu item clicks. */
async function handleFileMenuAction(action: string): Promise<void> {
showFileMenu.value = false;
switch (action) {
case "new-connection": connectionEditDialog.value?.openNew(); break;
case "settings": settingsModal.value?.open(); break;
case "exit": try { await getCurrentWindow().close(); } catch { window.close(); } break;
case "new-connection":
connectionEditDialog.value?.openNew();
break;
case "import":
importDialog.value?.open();
break;
case "settings":
settingsModal.value?.open();
break;
case "exit":
try {
await getCurrentWindow().close();
} catch {
window.close();
}
break;
}
}
/** Handle theme selection from the ThemePicker. */
function handleThemeSelect(theme: ThemeDefinition): void {
statusBar.value?.setThemeName(theme.name);
// Propagate theme to all active terminal instances via the session store
sessionStore.setTheme(theme);
}
/**
* Called when the user double-clicks a file in the SFTP FileTree.
* Reads the file content via Tauri SFTP and opens it in the inline editor.
*/
async function handleOpenFile(entry: FileEntry): Promise<void> {
if (!activeSessionId.value) return;
try {
const fileName = entry.path.split("/").pop() || entry.path;
const sessionId = activeSessionId.value;
await invoke("open_child_window", {
label: `editor-${Date.now()}`,
title: `${fileName} — Wraith Editor`,
url: `index.html#/tool/editor?sessionId=${sessionId}&path=${encodeURIComponent(entry.path)}`,
width: 800, height: 600,
const content = await invoke<string>("sftp_read_file", {
sessionId: activeSessionId.value,
path: entry.path,
});
} catch (err) { console.error("Failed to open editor:", err); }
editorFile.value = {
path: entry.path,
content,
sessionId: activeSessionId.value,
};
} catch (err) {
console.error("Failed to open SFTP file:", err);
}
}
/**
* Quick Connect: parse user@host:port and open a session.
* Default protocol: SSH, default port: 22.
* If port is 3389, use RDP.
*/
async function handleQuickConnect(): Promise<void> {
const raw = quickConnectInput.value.trim();
if (!raw) return;
let username = "", hostname = "", port = 22, protocol: "ssh" | "rdp" = "ssh", hostPart = raw;
let username = "";
let hostname = "";
let port = 22;
let protocol: "ssh" | "rdp" = "ssh";
let hostPart = raw;
// Extract username if present (user@...)
const atIdx = raw.indexOf("@");
if (atIdx > 0) { username = raw.substring(0, atIdx); hostPart = raw.substring(atIdx + 1); }
if (atIdx > 0) {
username = raw.substring(0, atIdx);
hostPart = raw.substring(atIdx + 1);
}
// Extract port if present (...:port)
const colonIdx = hostPart.lastIndexOf(":");
if (colonIdx > 0) {
const portStr = hostPart.substring(colonIdx + 1);
const parsedPort = parseInt(portStr, 10);
if (!isNaN(parsedPort) && parsedPort > 0 && parsedPort <= 65535) { port = parsedPort; hostPart = hostPart.substring(0, colonIdx); }
if (!isNaN(parsedPort) && parsedPort > 0 && parsedPort <= 65535) {
port = parsedPort;
hostPart = hostPart.substring(0, colonIdx);
}
hostname = hostPart; if (!hostname) return;
if (port === 3389) protocol = "rdp";
const name = username ? `${username}@${hostname}` : hostname;
try {
const conn = await invoke<{ id: number }>("create_connection", { name, hostname, port, protocol, groupId: null, credentialId: null, color: "", tags: username ? [username] : [], notes: "", options: username ? JSON.stringify({ username }) : "{}" });
connectionStore.connections.push({ id: conn.id, name, hostname, port, protocol, groupId: null, tags: username ? [username] : [], options: username ? JSON.stringify({ username }) : "{}" });
await sessionStore.connect(conn.id);
quickConnectInput.value = "";
} catch (err) { console.error("Quick connect failed:", err); }
}
useKeyboardShortcuts({
sessionStore,
sidebarVisible,
copilotVisible,
openCommandPalette: () => commandPalette.value?.toggle(),
openActiveSearch: () => sessionContainer.value?.openActiveSearch(),
hostname = hostPart;
if (!hostname) return;
// Auto-detect RDP by port
if (port === 3389) {
protocol = "rdp";
}
const name = username ? `${username}@${hostname}` : hostname;
try {
// Create a persistent connection record then connect to it
const conn = await invoke<{ id: number }>("create_connection", {
name,
hostname,
port,
protocol,
groupId: null,
credentialId: null,
color: "",
tags: username ? [username] : [],
notes: "",
options: username ? JSON.stringify({ username }) : "{}",
});
let workspaceSaveInterval: ReturnType<typeof setInterval> | null = null;
// Add to local store so sessionStore.connect can find it
connectionStore.connections.push({
id: conn.id,
name,
hostname,
port,
protocol,
groupId: null,
tags: username ? [username] : [],
options: username ? JSON.stringify({ username }) : "{}",
});
function handleBeforeUnload(e: BeforeUnloadEvent): void {
if (sessionStore.sessions.length > 0) {
e.preventDefault();
await sessionStore.connect(conn.id);
quickConnectInput.value = "";
} catch (err) {
console.error("Quick connect failed:", err);
}
}
/** Global keyboard shortcut handler. */
function handleKeydown(event: KeyboardEvent): void {
// Skip shortcuts when the user is typing in an input, textarea, or select
const target = event.target as HTMLElement;
const isInputFocused = target.tagName === "INPUT" || target.tagName === "TEXTAREA" || target.tagName === "SELECT";
const ctrl = event.ctrlKey || event.metaKey;
// Ctrl+K open command palette (fires even in inputs to match VS Code behavior)
if (ctrl && event.key === "k") {
event.preventDefault();
commandPalette.value?.toggle();
return;
}
// All remaining shortcuts skip when typing in input fields
if (isInputFocused) return;
// Ctrl+W close active tab
if (ctrl && event.key === "w") {
event.preventDefault();
const active = sessionStore.activeSession;
if (active) {
sessionStore.closeSession(active.id);
}
return;
}
// Ctrl+Tab next tab
if (ctrl && event.key === "Tab" && !event.shiftKey) {
event.preventDefault();
const sessions = sessionStore.sessions;
if (sessions.length < 2) return;
const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId);
const next = sessions[(idx + 1) % sessions.length];
sessionStore.activateSession(next.id);
return;
}
// Ctrl+Shift+Tab previous tab
if (ctrl && event.key === "Tab" && event.shiftKey) {
event.preventDefault();
const sessions = sessionStore.sessions;
if (sessions.length < 2) return;
const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId);
const prev = sessions[(idx - 1 + sessions.length) % sessions.length];
sessionStore.activateSession(prev.id);
return;
}
// Ctrl+1 through Ctrl+9 switch to tab by index
if (ctrl && event.key >= "1" && event.key <= "9") {
const tabIndex = parseInt(event.key, 10) - 1;
const sessions = sessionStore.sessions;
if (tabIndex < sessions.length) {
event.preventDefault();
sessionStore.activateSession(sessions[tabIndex].id);
}
return;
}
// Ctrl+B toggle sidebar
if (ctrl && event.key === "b") {
event.preventDefault();
sidebarVisible.value = !sidebarVisible.value;
return;
}
// Ctrl+F open terminal scrollback search (SSH sessions only)
if (ctrl && event.key === "f") {
const active = sessionStore.activeSession;
if (active?.protocol === "ssh") {
event.preventDefault();
sessionContainer.value?.openActiveSearch();
}
return;
}
}
onMounted(async () => {
// Confirm before closing if sessions are active (synchronous won't hang)
window.addEventListener("beforeunload", handleBeforeUnload);
document.addEventListener("keydown", handleKeydown);
// Load connections and groups from the Rust backend after vault unlock
await connectionStore.loadAll();
// Restore saved theme so every terminal opens with the user's preferred colors
try {
const savedThemeName = await invoke<string | null>("get_setting", { key: "active_theme" });
if (savedThemeName) {
const themes = await invoke<Array<{ name: string; foreground: string; background: string; cursor: string; black: string; red: string; green: string; yellow: string; blue: string; magenta: string; cyan: string; white: string; brightBlack: string; brightRed: string; brightGreen: string; brightYellow: string; brightBlue: string; brightMagenta: string; brightCyan: string; brightWhite: string }>>("list_themes");
const theme = themes?.find(t => t.name === savedThemeName);
if (theme) {
sessionStore.setTheme(theme);
statusBar.value?.setThemeName(theme.name);
// First-run: if no connections found, offer to import from MobaXTerm
if (connectionStore.connections.length === 0) {
showMobaPrompt.value = true;
}
}
} catch {}
// Restore workspace reconnect saved tabs (non-blocking, non-fatal)
setTimeout(async () => {
try {
const workspace = await invoke<{ tabs: { connectionId: number; protocol: string; position: number }[] } | null>("load_workspace");
if (workspace?.tabs?.length) {
for (const tab of workspace.tabs.sort((a, b) => a.position - b.position)) {
try { await sessionStore.connect(tab.connectionId); } catch {}
}
}
} catch {}
}, 500);
// Auto-save workspace every 30 seconds instead of on close
// (onCloseRequested was hanging the window close on Windows)
workspaceSaveInterval = setInterval(() => {
const tabs = sessionStore.sessions
.filter(s => s.protocol === "ssh" || s.protocol === "rdp")
.map((s, i) => ({ connectionId: s.connectionId, protocol: s.protocol, position: i }));
if (tabs.length > 0) {
invoke("save_workspace", { tabs }).catch(() => {});
}
}, 30000);
// Check for updates on startup via Tauri updater plugin (non-blocking)
invoke<{ currentVersion: string; latestVersion: string; updateAvailable: boolean; downloadUrl: string }>("check_for_updates")
.then((info) => {
if (info.updateAvailable) {
if (confirm(`Wraith v${info.latestVersion} is available (you have v${info.currentVersion}). Open download page?`)) {
import("@tauri-apps/plugin-shell").then(({ open }) => open(info.downloadUrl)).catch(() => window.open(info.downloadUrl, "_blank"));
}
}
})
.catch(() => {});
});
onUnmounted(() => {
window.removeEventListener("beforeunload", handleBeforeUnload);
if (workspaceSaveInterval !== null) {
clearInterval(workspaceSaveInterval);
workspaceSaveInterval = null;
}
document.removeEventListener("keydown", handleKeydown);
});
</script>
<style scoped>
</style>

139
src/layouts/UnlockLayout.vue
View File

@ -50,25 +50,68 @@ const displayError = computed(() => localError.value ?? app.error);
</script>
<template>
<div class="h-full flex items-center justify-center bg-[var(--wraith-bg-primary)]">
<div class="w-full max-w-[400px] p-10 bg-[var(--wraith-bg-secondary)] border border-[var(--wraith-border)] rounded-xl shadow-[0_8px_32px_rgba(0,0,0,0.5)]">
<div
class="unlock-root"
style="
height: 100%;
display: flex;
align-items: center;
justify-content: center;
background-color: var(--wraith-bg-primary);
"
>
<div
class="unlock-card"
style="
width: 100%;
max-width: 400px;
padding: 2.5rem;
background-color: var(--wraith-bg-secondary);
border: 1px solid var(--wraith-border);
border-radius: 12px;
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.5);
"
>
<!-- Logo -->
<div class="text-center mb-8">
<span class="text-[2rem] font-extrabold tracking-[0.3em] text-[var(--wraith-accent-blue)] uppercase font-['Inter',monospace]">
<div style="text-align: center; margin-bottom: 2rem">
<span
style="
font-size: 2rem;
font-weight: 800;
letter-spacing: 0.3em;
color: var(--wraith-accent-blue);
text-transform: uppercase;
font-family: 'Inter', monospace;
"
>
WRAITH
</span>
<p class="mt-2 text-[0.8rem] text-[var(--wraith-text-muted)] tracking-[0.15em] uppercase">
<p
style="
margin: 0.5rem 0 0;
font-size: 0.8rem;
color: var(--wraith-text-muted);
letter-spacing: 0.15em;
text-transform: uppercase;
"
>
{{ isFirstRun ? "Initialize Secure Vault" : "Secure Desktop" }}
</p>
</div>
<!-- Form -->
<form @submit.prevent="handleSubmit" class="flex flex-col gap-4">
<form @submit.prevent="handleSubmit" style="display: flex; flex-direction: column; gap: 1rem">
<!-- Master password -->
<div>
<label
for="master-password"
class="block mb-[0.4rem] text-[0.8rem] text-[var(--wraith-text-secondary)] tracking-[0.05em]"
style="
display: block;
margin-bottom: 0.4rem;
font-size: 0.8rem;
color: var(--wraith-text-secondary);
letter-spacing: 0.05em;
"
>
MASTER PASSWORD
</label>
@ -79,7 +122,20 @@ const displayError = computed(() => localError.value ?? app.error);
autocomplete="current-password"
placeholder="Enter master password"
:disabled="loading"
class="w-full px-[0.9rem] py-[0.65rem] bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] rounded-[6px] text-[var(--wraith-text-primary)] text-[0.95rem] outline-none transition-colors duration-150 box-border focus:border-[var(--wraith-accent-blue)]"
style="
width: 100%;
padding: 0.65rem 0.9rem;
background-color: var(--wraith-bg-tertiary);
border: 1px solid var(--wraith-border);
border-radius: 6px;
color: var(--wraith-text-primary);
font-size: 0.95rem;
outline: none;
transition: border-color 0.15s ease;
box-sizing: border-box;
"
@focus="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-accent-blue)'"
@blur="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-border)'"
/>
</div>
@ -87,7 +143,13 @@ const displayError = computed(() => localError.value ?? app.error);
<div v-if="isFirstRun">
<label
for="confirm-password"
class="block mb-[0.4rem] text-[0.8rem] text-[var(--wraith-text-secondary)] tracking-[0.05em]"
style="
display: block;
margin-bottom: 0.4rem;
font-size: 0.8rem;
color: var(--wraith-text-secondary);
letter-spacing: 0.05em;
"
>
CONFIRM PASSWORD
</label>
@ -98,9 +160,28 @@ const displayError = computed(() => localError.value ?? app.error);
autocomplete="new-password"
placeholder="Confirm master password"
:disabled="loading"
class="w-full px-[0.9rem] py-[0.65rem] bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] rounded-[6px] text-[var(--wraith-text-primary)] text-[0.95rem] outline-none transition-colors duration-150 box-border focus:border-[var(--wraith-accent-blue)]"
style="
width: 100%;
padding: 0.65rem 0.9rem;
background-color: var(--wraith-bg-tertiary);
border: 1px solid var(--wraith-border);
border-radius: 6px;
color: var(--wraith-text-primary);
font-size: 0.95rem;
outline: none;
transition: border-color 0.15s ease;
box-sizing: border-box;
"
@focus="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-accent-blue)'"
@blur="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-border)'"
/>
<p class="mt-[0.4rem] text-[0.75rem] text-[var(--wraith-text-muted)]">
<p
style="
margin: 0.4rem 0 0;
font-size: 0.75rem;
color: var(--wraith-text-muted);
"
>
Minimum 12 characters. This password cannot be recovered.
</p>
</div>
@ -108,7 +189,14 @@ const displayError = computed(() => localError.value ?? app.error);
<!-- Error message -->
<div
v-if="displayError"
class="px-[0.9rem] py-[0.6rem] bg-[rgba(248,81,73,0.1)] border border-[rgba(248,81,73,0.3)] rounded-[6px] text-[var(--wraith-accent-red)] text-[0.85rem]"
style="
padding: 0.6rem 0.9rem;
background-color: rgba(248, 81, 73, 0.1);
border: 1px solid rgba(248, 81, 73, 0.3);
border-radius: 6px;
color: var(--wraith-accent-red);
font-size: 0.85rem;
"
>
{{ displayError }}
</div>
@ -117,8 +205,22 @@ const displayError = computed(() => localError.value ?? app.error);
<button
type="submit"
:disabled="loading"
class="w-full py-[0.7rem] mt-2 bg-[var(--wraith-accent-blue)] text-[#0d1117] font-bold text-[0.9rem] tracking-[0.08em] uppercase border-none rounded-[6px] transition-[opacity,background-color] duration-150"
:class="loading ? 'opacity-60 cursor-not-allowed' : 'cursor-pointer'"
style="
width: 100%;
padding: 0.7rem;
margin-top: 0.5rem;
background-color: var(--wraith-accent-blue);
color: #0d1117;
font-weight: 700;
font-size: 0.9rem;
letter-spacing: 0.08em;
text-transform: uppercase;
border: none;
border-radius: 6px;
cursor: pointer;
transition: opacity 0.15s ease, background-color 0.15s ease;
"
:style="{ opacity: loading ? '0.6' : '1', cursor: loading ? 'not-allowed' : 'pointer' }"
>
<span v-if="loading">
{{ isFirstRun ? "Creating vault..." : "Unlocking..." }}
@ -130,7 +232,14 @@ const displayError = computed(() => localError.value ?? app.error);
</form>
<!-- Footer hint -->
<p class="mt-6 text-center text-[0.75rem] text-[var(--wraith-text-muted)]">
<p
style="
margin: 1.5rem 0 0;
text-align: center;
font-size: 0.75rem;
color: var(--wraith-text-muted);
"
>
<template v-if="isFirstRun">
Your vault will be encrypted with AES-256-GCM.
</template>

32
src/stores/connection.store.ts
View File

@ -51,33 +51,22 @@ export const useConnectionStore = defineStore("connection", () => {
);
});
/** Memoized map of groupId → filtered connections. Recomputes only when connections or searchQuery change. */
const connectionsByGroupMap = computed<Record<number, Connection[]>>(() => {
const q = searchQuery.value.toLowerCase().trim();
const map: Record<number, Connection[]> = {};
for (const c of connections.value) {
if (c.groupId === null) continue;
if (q) {
const match =
c.name.toLowerCase().includes(q) ||
c.hostname.toLowerCase().includes(q) ||
c.tags?.some((t) => t.toLowerCase().includes(q));
if (!match) continue;
}
if (!map[c.groupId]) map[c.groupId] = [];
map[c.groupId].push(c);
}
return map;
});
/** Get connections belonging to a specific group. */
function connectionsByGroup(groupId: number): Connection[] {
return connectionsByGroupMap.value[groupId] ?? [];
const q = searchQuery.value.toLowerCase().trim();
const groupConns = connections.value.filter((c) => c.groupId === groupId);
if (!q) return groupConns;
return groupConns.filter(
(c) =>
c.name.toLowerCase().includes(q) ||
c.hostname.toLowerCase().includes(q) ||
c.tags?.some((t) => t.toLowerCase().includes(q)),
);
}
/** Check if a group has any matching connections (for search filtering). */
function groupHasResults(groupId: number): boolean {
return (connectionsByGroupMap.value[groupId]?.length ?? 0) > 0;
return connectionsByGroup(groupId).length > 0;
}
/** Load connections from the Rust backend. */
@ -112,7 +101,6 @@ export const useConnectionStore = defineStore("connection", () => {
groups,
searchQuery,
filteredConnections,
connectionsByGroupMap,
connectionsByGroup,
groupHasResults,
loadConnections,

Some files were not shown because too many files have changed in this diff Show More