vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity

Compare commits

base: vstockwell:main
Branches Tags
vstockwell:main
vstockwell:v1.13.2
vstockwell:v1.13.1
vstockwell:v1.13.0
vstockwell:v1.12.9
vstockwell:v1.12.8
vstockwell:v1.12.7
vstockwell:v1.12.6
vstockwell:v1.12.5
vstockwell:v1.12.4
vstockwell:v1.12.3
vstockwell:v1.12.2
vstockwell:v1.12.1
vstockwell:v1.12.0
vstockwell:v1.11.7
vstockwell:v1.11.6
vstockwell:v1.11.5
vstockwell:v1.11.4
vstockwell:v1.11.3
vstockwell:v1.11.2
vstockwell:v1.11.1
vstockwell:v1.11.0
vstockwell:v1.10.4
vstockwell:v1.2.10
vstockwell:v1.10.3
vstockwell:v1.10.2
vstockwell:v1.10.1
vstockwell:v1.10.0
vstockwell:v1.9.6
vstockwell:v1.9.5
vstockwell:v1.9.4
vstockwell:v1.9.3
vstockwell:v1.9.2
vstockwell:v1.9.1
vstockwell:v1.9.0
vstockwell:v1.8.9
vstockwell:v1.8.8
vstockwell:v1.8.7
vstockwell:v1.8.6
vstockwell:v1.8.5
vstockwell:v1.8.4
vstockwell:v1.8.3
vstockwell:v1.8.2
vstockwell:v1.8.1
vstockwell:v1.8.0
vstockwell:v1.7.6
vstockwell:v1.7.5
vstockwell:v1.7.4
vstockwell:v1.7.3
vstockwell:v1.7.2
vstockwell:v1.7.1
vstockwell:v1.7.0
vstockwell:v1.6.4
vstockwell:v1.6.3
vstockwell:v1.6.2
vstockwell:v1.6.1
vstockwell:v1.6.0
vstockwell:v1.5.9
vstockwell:v1.5.8
vstockwell:v1.5.7
vstockwell:v1.5.6
vstockwell:v1.5.5
vstockwell:v1.5.4
vstockwell:v1.5.3
vstockwell:v1.5.2
vstockwell:v1.5.1
vstockwell:v1.5.0
vstockwell:v1.4.9
vstockwell:v1.4.8
vstockwell:v1.4.7
vstockwell:v1.4.6
vstockwell:v1.4.5
vstockwell:v1.4.4
vstockwell:v1.4.3
vstockwell:v1.4.2
vstockwell:v1.4.1
vstockwell:v1.4.0
vstockwell:v1.3.9
vstockwell:v1.3.8
vstockwell:v1.3.7
vstockwell:v1.3.6
vstockwell:v1.3.5
vstockwell:v1.3.4
vstockwell:v1.3.3
vstockwell:v1.3.2
vstockwell:v1.3.1
vstockwell:v1.3.0
vstockwell:v1.2.9
vstockwell:v1.2.8
vstockwell:v1.2.7
vstockwell:v1.2.6
vstockwell:v1.2.5
vstockwell:v1.2.4
vstockwell:v1.2.3
vstockwell:v1.2.2
vstockwell:v1.2.1
vstockwell:v1.2.0
vstockwell:v1.1.9
vstockwell:v1.1.8
vstockwell:v1.1.7
vstockwell:v1.1.6
vstockwell:v1.1.5
vstockwell:v1.1.4
vstockwell:v1.1.3
vstockwell:v1.1.2
vstockwell:v1.1.1
vstockwell:v1.1.0
vstockwell:v1.0.9
vstockwell:v1.0.8
vstockwell:v1.0.5
vstockwell:v1.0.7
vstockwell:v1.0.6
vstockwell:v1.0.4
vstockwell:v1.0.3
vstockwell:v1.0.2
vstockwell:v1.0.1
vstockwell:v1.0.0
vstockwell:v0.8.4
vstockwell:v0.8.3
vstockwell:v0.8.2
vstockwell:0.8.1
vstockwell:v0.8.1
vstockwell:0.8.0
vstockwell:v0.8.0
vstockwell:0.7.3
vstockwell:v0.7.3
vstockwell:0.7.2
vstockwell:v0.7.2
vstockwell:0.7.1
vstockwell:v0.7.1
vstockwell:0.7.0
vstockwell:v0.7.0
vstockwell:0.6.5
vstockwell:v0.6.5
vstockwell:0.6.4
vstockwell:v0.6.4
vstockwell:0.6.3
vstockwell:v0.6.3
vstockwell:0.6.2
vstockwell:v0.6.2
vstockwell:v0.6.1
vstockwell:v0.6.0
vstockwell:v0.5.9
vstockwell:v0.5.8
vstockwell:v0.5.7
vstockwell:v0.5.6
vstockwell:v0.5.5
vstockwell:v0.5.4
vstockwell:v0.5.3
vstockwell:v0.5.2
vstockwell:v0.5.1
vstockwell:v0.5.0
vstockwell:v0.4.2
vstockwell:v0.4.1
vstockwell:v0.4.0
vstockwell:v0.3.3
vstockwell:v0.3.2
vstockwell:v0.3.1
vstockwell:v0.3.0
vstockwell:v0.2.2
vstockwell:v0.2.1
vstockwell:v0.2.0
vstockwell:v0.1.0
..
compare: vstockwell:v1.8.0
Branches Tags
vstockwell:main
vstockwell:v1.13.2
vstockwell:v1.13.1
vstockwell:v1.13.0
vstockwell:v1.12.9
vstockwell:v1.12.8
vstockwell:v1.12.7
vstockwell:v1.12.6
vstockwell:v1.12.5
vstockwell:v1.12.4
vstockwell:v1.12.3
vstockwell:v1.12.2
vstockwell:v1.12.1
vstockwell:v1.12.0
vstockwell:v1.11.7
vstockwell:v1.11.6
vstockwell:v1.11.5
vstockwell:v1.11.4
vstockwell:v1.11.3
vstockwell:v1.11.2
vstockwell:v1.11.1
vstockwell:v1.11.0
vstockwell:v1.10.4
vstockwell:v1.2.10
vstockwell:v1.10.3
vstockwell:v1.10.2
vstockwell:v1.10.1
vstockwell:v1.10.0
vstockwell:v1.9.6
vstockwell:v1.9.5
vstockwell:v1.9.4
vstockwell:v1.9.3
vstockwell:v1.9.2
vstockwell:v1.9.1
vstockwell:v1.9.0
vstockwell:v1.8.9
vstockwell:v1.8.8
vstockwell:v1.8.7
vstockwell:v1.8.6
vstockwell:v1.8.5
vstockwell:v1.8.4
vstockwell:v1.8.3
vstockwell:v1.8.2
vstockwell:v1.8.1
vstockwell:v1.8.0
vstockwell:v1.7.6
vstockwell:v1.7.5
vstockwell:v1.7.4
vstockwell:v1.7.3
vstockwell:v1.7.2
vstockwell:v1.7.1
vstockwell:v1.7.0
vstockwell:v1.6.4
vstockwell:v1.6.3
vstockwell:v1.6.2
vstockwell:v1.6.1
vstockwell:v1.6.0
vstockwell:v1.5.9
vstockwell:v1.5.8
vstockwell:v1.5.7
vstockwell:v1.5.6
vstockwell:v1.5.5
vstockwell:v1.5.4
vstockwell:v1.5.3
vstockwell:v1.5.2
vstockwell:v1.5.1
vstockwell:v1.5.0
vstockwell:v1.4.9
vstockwell:v1.4.8
vstockwell:v1.4.7
vstockwell:v1.4.6
vstockwell:v1.4.5
vstockwell:v1.4.4
vstockwell:v1.4.3
vstockwell:v1.4.2
vstockwell:v1.4.1
vstockwell:v1.4.0
vstockwell:v1.3.9
vstockwell:v1.3.8
vstockwell:v1.3.7
vstockwell:v1.3.6
vstockwell:v1.3.5
vstockwell:v1.3.4
vstockwell:v1.3.3
vstockwell:v1.3.2
vstockwell:v1.3.1
vstockwell:v1.3.0
vstockwell:v1.2.9
vstockwell:v1.2.8
vstockwell:v1.2.7
vstockwell:v1.2.6
vstockwell:v1.2.5
vstockwell:v1.2.4
vstockwell:v1.2.3
vstockwell:v1.2.2
vstockwell:v1.2.1
vstockwell:v1.2.0
vstockwell:v1.1.9
vstockwell:v1.1.8
vstockwell:v1.1.7
vstockwell:v1.1.6
vstockwell:v1.1.5
vstockwell:v1.1.4
vstockwell:v1.1.3
vstockwell:v1.1.2
vstockwell:v1.1.1
vstockwell:v1.1.0
vstockwell:v1.0.9
vstockwell:v1.0.8
vstockwell:v1.0.5
vstockwell:v1.0.7
vstockwell:v1.0.6
vstockwell:v1.0.4
vstockwell:v1.0.3
vstockwell:v1.0.2
vstockwell:v1.0.1
vstockwell:v1.0.0
vstockwell:v0.8.4
vstockwell:v0.8.3
vstockwell:v0.8.2
vstockwell:0.8.1
vstockwell:v0.8.1
vstockwell:0.8.0
vstockwell:v0.8.0
vstockwell:0.7.3
vstockwell:v0.7.3
vstockwell:0.7.2
vstockwell:v0.7.2
vstockwell:0.7.1
vstockwell:v0.7.1
vstockwell:0.7.0
vstockwell:v0.7.0
vstockwell:0.6.5
vstockwell:v0.6.5
vstockwell:0.6.4
vstockwell:v0.6.4
vstockwell:0.6.3
vstockwell:v0.6.3
vstockwell:0.6.2
vstockwell:v0.6.2
vstockwell:v0.6.1
vstockwell:v0.6.0
vstockwell:v0.5.9
vstockwell:v0.5.8
vstockwell:v0.5.7
vstockwell:v0.5.6
vstockwell:v0.5.5
vstockwell:v0.5.4
vstockwell:v0.5.3
vstockwell:v0.5.2
vstockwell:v0.5.1
vstockwell:v0.5.0
vstockwell:v0.4.2
vstockwell:v0.4.1
vstockwell:v0.4.0
vstockwell:v0.3.3
vstockwell:v0.3.2
vstockwell:v0.3.1
vstockwell:v0.3.0
vstockwell:v0.2.2
vstockwell:v0.2.1
vstockwell:v0.2.0
vstockwell:v0.1.0

No commits in common. "main" and "v1.8.0" have entirely different histories.
main ... v1.8.0

77 changed files with 1136 additions and 2588 deletions
Show Stats Expand all files Collapse all files

93
.gitea/workflows/build-release.yml
View File

@ -115,60 +115,54 @@ jobs:
}
Remove-Item "$env:TEMP\aztoken.txt" -ErrorAction SilentlyContinue
- name: Upload all artifacts to SeaweedFS
- name: Upload to Gitea
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$s3 = "https://files.command.vigilcyber.com/wraith"
# Upload installer
$installers = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
foreach ($file in $installers) {
Write-Host "Uploading: $($file.Name)"
Invoke-RestMethod -Uri "$s3/$ver/$($file.Name)" -Method PUT -ContentType "application/octet-stream" -InFile $file.FullName
# Also upload as 'latest' for direct download links
Invoke-RestMethod -Uri "$s3/latest/$($file.Name)" -Method PUT -ContentType "application/octet-stream" -InFile $file.FullName
}
$giteaUrl = "https://git.command.vigilcyber.com"
$headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}" }
# Upload MCP bridge binary
$bridge = "src-tauri\target\release\wraith-mcp-bridge.exe"
if (Test-Path $bridge) {
Write-Host "Uploading: wraith-mcp-bridge.exe"
Invoke-RestMethod -Uri "$s3/$ver/wraith-mcp-bridge.exe" -Method PUT -ContentType "application/octet-stream" -InFile $bridge
Invoke-RestMethod -Uri "$s3/latest/wraith-mcp-bridge.exe" -Method PUT -ContentType "application/octet-stream" -InFile $bridge
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/wraith-mcp-bridge.exe" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $bridge
}
# Upload .nsis.zip for Tauri auto-updater
$zipFile = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.nsis.zip | Select-Object -First 1
if ($zipFile) {
Write-Host "Uploading: $($zipFile.Name)"
Invoke-RestMethod -Uri "$s3/$ver/$($zipFile.Name)" -Method PUT -ContentType "application/octet-stream" -InFile $zipFile.FullName
$installers = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
foreach ($file in $installers) {
$hash = (Get-FileHash $file.FullName -Algorithm SHA256).Hash.ToLower()
@{ version = $ver; filename = $file.Name; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8
Write-Host "Uploading: $($file.Name)"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$($file.Name)" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $file.FullName
Write-Host "Uploading: version.json"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/version.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile version.json
}
# Upload version.json metadata
$installer = $installers | Select-Object -First 1
if ($installer) {
$hash = (Get-FileHash $installer.FullName -Algorithm SHA256).Hash.ToLower()
@{ version = $ver; filename = $installer.Name; sha256 = $hash; platform = "windows"; architecture = "amd64"; released = (Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"); signed = $true } | ConvertTo-Json | Out-File version.json -Encoding utf8
Invoke-RestMethod -Uri "$s3/$ver/version.json" -Method PUT -ContentType "application/json" -InFile version.json
Invoke-RestMethod -Uri "$s3/latest/version.json" -Method PUT -ContentType "application/json" -InFile version.json
}
Write-Host "=== SeaweedFS upload complete ==="
Write-Host "=== Upload complete ==="
- name: Generate and upload update.json for Tauri updater
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$s3 = "https://files.command.vigilcyber.com/wraith"
$giteaUrl = "https://git.command.vigilcyber.com"
$headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}" }
# Find the .sig file produced by Tauri signing
$sigFile = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.nsis.zip.sig | Select-Object -First 1
$zipFile = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.nsis.zip | Select-Object -First 1
if ($sigFile -and $zipFile) {
$signature = Get-Content $sigFile.FullName -Raw
$downloadUrl = "$s3/$ver/$($zipFile.Name)"
$downloadUrl = "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$($zipFile.Name)"
# Upload the .nsis.zip to packages
Write-Host "Uploading: $($zipFile.Name)"
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/$($zipFile.Name)" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile $zipFile.FullName
# Build update.json
$updateJson = @{
version = "v$ver"
notes = "Wraith Desktop v$ver"
@ -185,13 +179,44 @@ jobs:
Write-Host "update.json content:"
Get-Content update.json
# Upload to root (Tauri updater endpoint)
Invoke-RestMethod -Uri "$s3/update.json" -Method PUT -ContentType "application/json" -InFile update.json
# Also versioned copy
Invoke-RestMethod -Uri "$s3/$ver/update.json" -Method PUT -ContentType "application/json" -InFile update.json
# Upload to latest/ so the updater endpoint always points to the newest
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/latest/update.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile update.json
# Also upload to versioned path
Invoke-RestMethod -Uri "$giteaUrl/api/packages/vstockwell/generic/wraith/$ver/update.json" -Method PUT -Headers $headers -ContentType "application/octet-stream" -InFile update.json
Write-Host "=== Update manifest uploaded ==="
} else {
Write-Host 'WARNING - No .sig file found, update signing may have failed'
Write-Host 'Sig files found'
Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.sig
}
- name: Create Release and attach installers
shell: powershell
run: |
$ver = ("${{ github.ref_name }}" -replace '^v','')
$giteaUrl = "https://git.command.vigilcyber.com"
$headers = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}"; "Content-Type" = "application/json" }
$body = @{ tag_name = "v$ver"; name = "Wraith v$ver"; body = "Wraith Desktop v$ver - Tauri v2 / Rust build." } | ConvertTo-Json
$release = Invoke-RestMethod -Uri "$giteaUrl/api/v1/repos/vstockwell/wraith/releases" -Method POST -Headers $headers -Body $body
$releaseId = $release.id
Write-Host "Release v$ver created (id: $releaseId)"
$uploadHeaders = @{ Authorization = "token ${{ secrets.GIT_TOKEN }}" }
# Attach installer(s)
$installers = Get-ChildItem -Recurse src-tauri\target\release\bundle\nsis\*.exe
foreach ($file in $installers) {
Write-Host "Attaching $($file.Name) to release..."
Invoke-RestMethod -Uri "$giteaUrl/api/v1/repos/vstockwell/wraith/releases/$releaseId/assets?name=$($file.Name)" -Method POST -Headers $uploadHeaders -ContentType "application/octet-stream" -InFile $file.FullName
Write-Host "Attached: $($file.Name)"
}
# Attach MCP bridge binary
$bridge = "src-tauri\target\release\wraith-mcp-bridge.exe"
if (Test-Path $bridge) {
Write-Host "Attaching wraith-mcp-bridge.exe to release..."
Invoke-RestMethod -Uri "$giteaUrl/api/v1/repos/vstockwell/wraith/releases/$releaseId/assets?name=wraith-mcp-bridge.exe" -Method POST -Headers $uploadHeaders -ContentType "application/octet-stream" -InFile $bridge
Write-Host "Attached: wraith-mcp-bridge.exe"
}

1
.gitignore vendored
View File

@ -4,4 +4,3 @@ src-tauri/target/
src-tauri/binaries/
*.log
.DS_Store
.claude/worktrees/

BIN
docs/screenshots/stats-and-status-bars.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

3
src-tauri/Cargo.lock generated
View File

@ -2991,7 +2991,6 @@ checksum = "47c225751e8fbfaaaac5572a80e25d0a0921e9cf408c55509526161b5609157c"
dependencies = [
"ironrdp-connector",
"ironrdp-core",
"ironrdp-displaycontrol",
"ironrdp-graphics",
"ironrdp-input",
"ironrdp-pdu",
@ -8914,11 +8913,9 @@ dependencies = [
"thiserror 2.0.18",
"tokio",
"tokio-rustls",
"tokio-util",
"ureq",
"uuid",
"x509-cert",
"zeroize",
]
[[package]]

10
src-tauri/Cargo.toml
View File

@ -12,15 +12,11 @@ crate-type = ["lib", "cdylib", "staticlib"]
name = "wraith-mcp-bridge"
path = "src/bin/wraith_mcp_bridge.rs"
[features]
default = []
devtools = ["tauri/devtools"]
[build-dependencies]
tauri-build = { version = "2", features = [] }
[dependencies]
tauri = { version = "2", features = [] }
tauri = { version = "2", features = ["devtools"] }
tauri-plugin-shell = "2"
tauri-plugin-updater = "2"
anyhow = "1"
@ -37,8 +33,6 @@ uuid = { version = "1", features = ["v4"] }
base64 = "0.22"
dashmap = "6"
tokio = { version = "1", features = ["full"] }
tokio-util = "0.7"
zeroize = { version = "1", features = ["derive"] }
async-trait = "0.1"
log = "0.4"
env_logger = "0.11"
@ -65,7 +59,7 @@ ureq = "3"
png = "0.17"
# RDP (IronRDP)
ironrdp = { version = "0.14", features = ["connector", "session", "graphics", "input", "displaycontrol"] }
ironrdp = { version = "0.14", features = ["connector", "session", "graphics", "input"] }
ironrdp-tokio = { version = "0.8", features = ["reqwest-rustls-ring"] }
ironrdp-tls = { version = "0.2", features = ["rustls"] }
tokio-rustls = "0.26"

2
src-tauri/capabilities/default.json
View File

@ -1,7 +1,7 @@
{
"identifier": "default",
"description": "Default capabilities for the main Wraith window",
"windows": ["main", "tool-*", "detached-*", "editor-*", "help-*"],
"windows": ["main", "tool-*"],
"permissions": [
"core:default",
"core:event:default",

2
src-tauri/gen/schemas/capabilities.json
View File

@ -1 +1 @@
{"default":{"identifier":"default","description":"Default capabilities for the main Wraith window","local":true,"windows":["main","tool-*","detached-*","editor-*","help-*"],"permissions":["core:default","core:event:default","core:window:default","core:window:allow-create","core:webview:default","core:webview:allow-create-webview-window","shell:allow-open","updater:default"]}}
{"default":{"identifier":"default","description":"Default capabilities for the main Wraith window","local":true,"windows":["main","tool-*"],"permissions":["core:default","core:event:default","core:window:default","core:window:allow-create","core:webview:default","core:webview:allow-create-webview-window","shell:allow-open","updater:default"]}}

171
src-tauri/src/bin/wraith_mcp_bridge.rs
View File

@ -38,22 +38,19 @@ struct JsonRpcError {
message: String,
}
fn get_data_dir() -> Result<std::path::PathBuf, String> {
if let Ok(appdata) = std::env::var("APPDATA") {
Ok(std::path::PathBuf::from(appdata).join("Wraith"))
fn get_mcp_port() -> Result<u16, String> {
// Check standard locations for the port file
let port_file = if let Ok(appdata) = std::env::var("APPDATA") {
std::path::PathBuf::from(appdata).join("Wraith").join("mcp-port")
} else if let Ok(home) = std::env::var("HOME") {
if cfg!(target_os = "macos") {
Ok(std::path::PathBuf::from(home).join("Library").join("Application Support").join("Wraith"))
std::path::PathBuf::from(home).join("Library").join("Application Support").join("Wraith").join("mcp-port")
} else {
Ok(std::path::PathBuf::from(home).join(".local").join("share").join("wraith"))
std::path::PathBuf::from(home).join(".local").join("share").join("wraith").join("mcp-port")
}
} else {
Err("Cannot determine data directory".to_string())
}
}
fn get_mcp_port() -> Result<u16, String> {
let port_file = get_data_dir()?.join("mcp-port");
return Err("Cannot determine data directory".to_string());
};
let port_str = std::fs::read_to_string(&port_file)
.map_err(|e| format!("Cannot read MCP port file at {}: {} — is Wraith running?", port_file.display(), e))?;
@ -62,15 +59,6 @@ fn get_mcp_port() -> Result<u16, String> {
.map_err(|e| format!("Invalid port in MCP port file: {}", e))
}
fn get_mcp_token() -> Result<String, String> {
let token_file = get_data_dir()?.join("mcp-token");
let token = std::fs::read_to_string(&token_file)
.map_err(|e| format!("Cannot read MCP token file at {}: {} — is Wraith running?", token_file.display(), e))?;
Ok(token.trim().to_string())
}
fn handle_initialize(id: Value) -> JsonRpcResponse {
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
@ -95,19 +83,6 @@ fn handle_tools_list(id: Value) -> JsonRpcResponse {
id,
result: Some(serde_json::json!({
"tools": [
{
"name": "terminal_type",
"description": "Type text into a terminal session (like a human typing). Optionally presses Enter after. Use this to send messages or commands without output capture.",
"inputSchema": {
"type": "object",
"properties": {
"session_id": { "type": "string", "description": "The session ID to type into" },
"text": { "type": "string", "description": "The text to type" },
"press_enter": { "type": "boolean", "description": "Whether to press Enter after typing (default: true)" }
},
"required": ["session_id", "text"]
}
},
{
"name": "terminal_read",
"description": "Read recent terminal output from an active SSH or PTY session (ANSI codes stripped)",
@ -236,72 +211,6 @@ fn handle_tools_list(id: Value) -> JsonRpcResponse {
"description": "Generate a cryptographically secure random password",
"inputSchema": { "type": "object", "properties": { "length": { "type": "number" }, "uppercase": { "type": "boolean" }, "lowercase": { "type": "boolean" }, "digits": { "type": "boolean" }, "symbols": { "type": "boolean" } } }
},
{
"name": "docker_ps",
"description": "List all Docker containers with status, image, and ports",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" } }, "required": ["session_id"] }
},
{
"name": "docker_action",
"description": "Perform a Docker action: start, stop, restart, remove, logs, builder-prune, system-prune",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "action": { "type": "string", "description": "start|stop|restart|remove|logs|builder-prune|system-prune" }, "target": { "type": "string", "description": "Container name (not needed for prune actions)" } }, "required": ["session_id", "action", "target"] }
},
{
"name": "docker_exec",
"description": "Execute a command inside a running Docker container",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "container": { "type": "string" }, "command": { "type": "string" } }, "required": ["session_id", "container", "command"] }
},
{
"name": "service_status",
"description": "Check systemd service status on a remote host",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string", "description": "Service name" } }, "required": ["session_id", "target"] }
},
{
"name": "process_list",
"description": "List processes on a remote host (top CPU by default, or filter by name)",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "target": { "type": "string", "description": "Process name filter (empty for top 30 by CPU)" } }, "required": ["session_id", "target"] }
},
{
"name": "git_status",
"description": "Get git status of a remote repository",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "path": { "type": "string", "description": "Path to the git repo on the remote host" } }, "required": ["session_id", "path"] }
},
{
"name": "git_pull",
"description": "Pull latest changes on a remote repository",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "path": { "type": "string" } }, "required": ["session_id", "path"] }
},
{
"name": "git_log",
"description": "Show recent commits on a remote repository",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "path": { "type": "string" } }, "required": ["session_id", "path"] }
},
{
"name": "rdp_click",
"description": "Click at a position in an RDP session (use terminal_screenshot first to see coordinates)",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "x": { "type": "number" }, "y": { "type": "number" }, "button": { "type": "string", "description": "left (default), right, or middle" } }, "required": ["session_id", "x", "y"] }
},
{
"name": "rdp_type",
"description": "Type text into an RDP session via clipboard paste",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "text": { "type": "string" } }, "required": ["session_id", "text"] }
},
{
"name": "rdp_clipboard",
"description": "Set the clipboard content on a remote RDP session",
"inputSchema": { "type": "object", "properties": { "session_id": { "type": "string" }, "text": { "type": "string" } }, "required": ["session_id", "text"] }
},
{
"name": "ssh_connect",
"description": "Open a new SSH connection through Wraith. Returns the session ID for use with other tools.",
"inputSchema": { "type": "object", "properties": {
"hostname": { "type": "string" },
"port": { "type": "number", "description": "Default: 22" },
"username": { "type": "string" },
"password": { "type": "string", "description": "Password (for password auth)" },
"private_key_path": { "type": "string", "description": "Path to SSH private key file on the local machine" }
}, "required": ["hostname", "username"] }
},
{
"name": "list_sessions",
"description": "List all active Wraith sessions (SSH, RDP, PTY) with connection details",
@ -316,13 +225,12 @@ fn handle_tools_list(id: Value) -> JsonRpcResponse {
}
}
fn call_wraith(port: u16, token: &str, endpoint: &str, body: Value) -> Result<Value, String> {
fn call_wraith(port: u16, endpoint: &str, body: Value) -> Result<Value, String> {
let url = format!("http://127.0.0.1:{}{}", port, endpoint);
let body_str = serde_json::to_string(&body).unwrap_or_default();
let mut resp = ureq::post(url)
.header("Content-Type", "application/json")
.header("Authorization", &format!("Bearer {}", token))
.send(body_str.as_bytes())
.map_err(|e| format!("HTTP request to Wraith failed: {}", e))?;
@ -340,40 +248,27 @@ fn call_wraith(port: u16, token: &str, endpoint: &str, body: Value) -> Result<Va
}
}
fn handle_tool_call(id: Value, port: u16, token: &str, tool_name: &str, args: &Value) -> JsonRpcResponse {
fn handle_tool_call(id: Value, port: u16, tool_name: &str, args: &Value) -> JsonRpcResponse {
let result = match tool_name {
"list_sessions" => call_wraith(port, token, "/mcp/sessions", serde_json::json!({})),
"terminal_type" => call_wraith(port, token, "/mcp/terminal/type", args.clone()),
"terminal_read" => call_wraith(port, token, "/mcp/terminal/read", args.clone()),
"terminal_execute" => call_wraith(port, token, "/mcp/terminal/execute", args.clone()),
"sftp_list" => call_wraith(port, token, "/mcp/sftp/list", args.clone()),
"sftp_read" => call_wraith(port, token, "/mcp/sftp/read", args.clone()),
"sftp_write" => call_wraith(port, token, "/mcp/sftp/write", args.clone()),
"network_scan" => call_wraith(port, token, "/mcp/tool/scan-network", args.clone()),
"port_scan" => call_wraith(port, token, "/mcp/tool/scan-ports", args.clone()),
"ping" => call_wraith(port, token, "/mcp/tool/ping", args.clone()),
"traceroute" => call_wraith(port, token, "/mcp/tool/traceroute", args.clone()),
"dns_lookup" => call_wraith(port, token, "/mcp/tool/dns", args.clone()),
"whois" => call_wraith(port, token, "/mcp/tool/whois", args.clone()),
"wake_on_lan" => call_wraith(port, token, "/mcp/tool/wol", args.clone()),
"bandwidth_test" => call_wraith(port, token, "/mcp/tool/bandwidth", args.clone()),
"subnet_calc" => call_wraith(port, token, "/mcp/tool/subnet", args.clone()),
"generate_ssh_key" => call_wraith(port, token, "/mcp/tool/keygen", args.clone()),
"generate_password" => call_wraith(port, token, "/mcp/tool/passgen", args.clone()),
"docker_ps" => call_wraith(port, token, "/mcp/docker/ps", args.clone()),
"docker_action" => call_wraith(port, token, "/mcp/docker/action", args.clone()),
"docker_exec" => call_wraith(port, token, "/mcp/docker/exec", args.clone()),
"service_status" => call_wraith(port, token, "/mcp/service/status", args.clone()),
"process_list" => call_wraith(port, token, "/mcp/process/list", args.clone()),
"git_status" => call_wraith(port, token, "/mcp/git/status", args.clone()),
"git_pull" => call_wraith(port, token, "/mcp/git/pull", args.clone()),
"git_log" => call_wraith(port, token, "/mcp/git/log", args.clone()),
"rdp_click" => call_wraith(port, token, "/mcp/rdp/click", args.clone()),
"rdp_type" => call_wraith(port, token, "/mcp/rdp/type", args.clone()),
"rdp_clipboard" => call_wraith(port, token, "/mcp/rdp/clipboard", args.clone()),
"ssh_connect" => call_wraith(port, token, "/mcp/ssh/connect", args.clone()),
"list_sessions" => call_wraith(port, "/mcp/sessions", serde_json::json!({})),
"terminal_read" => call_wraith(port, "/mcp/terminal/read", args.clone()),
"terminal_execute" => call_wraith(port, "/mcp/terminal/execute", args.clone()),
"sftp_list" => call_wraith(port, "/mcp/sftp/list", args.clone()),
"sftp_read" => call_wraith(port, "/mcp/sftp/read", args.clone()),
"sftp_write" => call_wraith(port, "/mcp/sftp/write", args.clone()),
"network_scan" => call_wraith(port, "/mcp/tool/scan-network", args.clone()),
"port_scan" => call_wraith(port, "/mcp/tool/scan-ports", args.clone()),
"ping" => call_wraith(port, "/mcp/tool/ping", args.clone()),
"traceroute" => call_wraith(port, "/mcp/tool/traceroute", args.clone()),
"dns_lookup" => call_wraith(port, "/mcp/tool/dns", args.clone()),
"whois" => call_wraith(port, "/mcp/tool/whois", args.clone()),
"wake_on_lan" => call_wraith(port, "/mcp/tool/wol", args.clone()),
"bandwidth_test" => call_wraith(port, "/mcp/tool/bandwidth", args.clone()),
"subnet_calc" => call_wraith(port, "/mcp/tool/subnet", args.clone()),
"generate_ssh_key" => call_wraith(port, "/mcp/tool/keygen", args.clone()),
"generate_password" => call_wraith(port, "/mcp/tool/passgen", args.clone()),
"terminal_screenshot" => {
let result = call_wraith(port, token, "/mcp/screenshot", args.clone());
let result = call_wraith(port, "/mcp/screenshot", args.clone());
// Screenshot returns base64 PNG — wrap as image content for multimodal AI
return match result {
Ok(b64) => JsonRpcResponse {
@ -433,14 +328,6 @@ fn main() {
}
};
let token = match get_mcp_token() {
Ok(t) => t,
Err(e) => {
eprintln!("wraith-mcp-bridge: {}", e);
std::process::exit(1);
}
};
let stdin = io::stdin();
let mut stdout = io::stdout();
@ -479,7 +366,7 @@ fn main() {
let args = request.params.get("arguments")
.cloned()
.unwrap_or(Value::Object(serde_json::Map::new()));
handle_tool_call(request.id, port, &token, tool_name, &args)
handle_tool_call(request.id, port, tool_name, &args)
}
"notifications/initialized" | "notifications/cancelled" => {
// Notifications don't get responses

77
src-tauri/src/commands/credentials.rs
View File

@ -3,16 +3,34 @@ use tauri::State;
use crate::credentials::Credential;
use crate::AppState;
/// Guard helper: lock the credentials mutex and return a ref to the inner
/// `CredentialService`, or a "Vault is locked" error if the vault has not
/// been unlocked for this session.
///
/// This is a macro rather than a function because returning a `MutexGuard`
/// from a helper function would require lifetime annotations that complicate
/// the tauri command signatures unnecessarily.
macro_rules! require_unlocked {
($state:expr) => {{
let guard = $state
.credentials
.lock()
.map_err(|_| "Credentials mutex was poisoned".to_string())?;
if guard.is_none() {
return Err("Vault is locked — call unlock before accessing credentials".into());
}
// SAFETY: we just checked `is_none` above, so `unwrap` cannot panic.
guard
}};
}
/// Return all credentials ordered by name.
///
/// Secret values (passwords, private keys) are never included — only metadata.
#[tauri::command]
pub async fn list_credentials(state: State<'_, AppState>) -> Result<Vec<Credential>, String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.list()
pub fn list_credentials(state: State<'_, AppState>) -> Result<Vec<Credential>, String> {
let guard = require_unlocked!(state);
guard.as_ref().unwrap().list()
}
/// Store a new username/password credential.
@ -21,18 +39,18 @@ pub async fn list_credentials(state: State<'_, AppState>) -> Result<Vec<Credenti
/// Returns the created credential record (without the plaintext password).
/// `domain` is `None` for non-domain credentials; `Some("")` is treated as NULL.
#[tauri::command]
pub async fn create_password(
pub fn create_password(
name: String,
username: String,
password: String,
domain: Option<String>,
state: State<'_, AppState>,
) -> Result<Credential, String> {
let guard = state.credentials.lock().await;
let svc = guard
let guard = require_unlocked!(state);
guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.create_password(name, username, password, domain)
.unwrap()
.create_password(name, username, password, domain)
}
/// Store a new SSH private key credential.
@ -41,18 +59,18 @@ pub async fn create_password(
/// Pass `None` for `passphrase` when the key has no passphrase.
/// Returns the created credential record without any secret material.
#[tauri::command]
pub async fn create_ssh_key(
pub fn create_ssh_key(
name: String,
username: String,
private_key_pem: String,
passphrase: Option<String>,
state: State<'_, AppState>,
) -> Result<Credential, String> {
let guard = state.credentials.lock().await;
let svc = guard
let guard = require_unlocked!(state);
guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.create_ssh_key(name, username, private_key_pem, passphrase)
.unwrap()
.create_ssh_key(name, username, private_key_pem, passphrase)
}
/// Delete a credential by id.
@ -60,30 +78,21 @@ pub async fn create_ssh_key(
/// For SSH key credentials, the associated `ssh_keys` row is also deleted.
/// Returns `Err` if the vault is locked or the id does not exist.
#[tauri::command]
pub async fn delete_credential(id: i64, state: State<'_, AppState>) -> Result<(), String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.delete(id)
pub fn delete_credential(id: i64, state: State<'_, AppState>) -> Result<(), String> {
let guard = require_unlocked!(state);
guard.as_ref().unwrap().delete(id)
}
/// Decrypt and return the password for a credential.
#[tauri::command]
pub async fn decrypt_password(credential_id: i64, state: State<'_, AppState>) -> Result<String, String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.decrypt_password(credential_id)
pub fn decrypt_password(credential_id: i64, state: State<'_, AppState>) -> Result<String, String> {
let guard = require_unlocked!(state);
guard.as_ref().unwrap().decrypt_password(credential_id)
}
/// Decrypt and return the SSH private key and passphrase.
#[tauri::command]
pub async fn decrypt_ssh_key(ssh_key_id: i64, state: State<'_, AppState>) -> Result<(String, String), String> {
let guard = state.credentials.lock().await;
let svc = guard
.as_ref()
.ok_or_else(|| "Vault is locked — call unlock before accessing credentials".to_string())?;
svc.decrypt_ssh_key(ssh_key_id)
pub fn decrypt_ssh_key(ssh_key_id: i64, state: State<'_, AppState>) -> Result<(String, String), String> {
let guard = require_unlocked!(state);
guard.as_ref().unwrap().decrypt_ssh_key(ssh_key_id)
}

38
src-tauri/src/commands/docker_commands.rs
View File

@ -3,8 +3,6 @@
use tauri::State;
use serde::Serialize;
use crate::AppState;
use crate::ssh::exec::exec_on_session;
use crate::utils::shell_escape;
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
@ -39,7 +37,7 @@ pub struct DockerVolume {
pub async fn docker_list_containers(session_id: String, all: Option<bool>, state: State<'_, AppState>) -> Result<Vec<DockerContainer>, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let flag = if all.unwrap_or(true) { "-a" } else { "" };
let output = exec_on_session(&session.handle, &format!("docker ps {} --format '{{{{.ID}}}}|{{{{.Names}}}}|{{{{.Image}}}}|{{{{.Status}}}}|{{{{.Ports}}}}|{{{{.CreatedAt}}}}' 2>&1", flag)).await?;
let output = exec(&session.handle, &format!("docker ps {} --format '{{{{.ID}}}}|{{{{.Names}}}}|{{{{.Image}}}}|{{{{.Status}}}}|{{{{.Ports}}}}|{{{{.CreatedAt}}}}' 2>&1", flag)).await?;
Ok(output.lines().filter(|l| !l.is_empty() && !l.starts_with("CONTAINER")).map(|line| {
let p: Vec<&str> = line.splitn(6, '|').collect();
DockerContainer {
@ -56,7 +54,7 @@ pub async fn docker_list_containers(session_id: String, all: Option<bool>, state
#[tauri::command]
pub async fn docker_list_images(session_id: String, state: State<'_, AppState>) -> Result<Vec<DockerImage>, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let output = exec_on_session(&session.handle, "docker images --format '{{.ID}}|{{.Repository}}|{{.Tag}}|{{.Size}}|{{.CreatedAt}}' 2>&1").await?;
let output = exec(&session.handle, "docker images --format '{{.ID}}|{{.Repository}}|{{.Tag}}|{{.Size}}|{{.CreatedAt}}' 2>&1").await?;
Ok(output.lines().filter(|l| !l.is_empty()).map(|line| {
let p: Vec<&str> = line.splitn(5, '|').collect();
DockerImage {
@ -72,7 +70,7 @@ pub async fn docker_list_images(session_id: String, state: State<'_, AppState>)
#[tauri::command]
pub async fn docker_list_volumes(session_id: String, state: State<'_, AppState>) -> Result<Vec<DockerVolume>, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let output = exec_on_session(&session.handle, "docker volume ls --format '{{.Name}}|{{.Driver}}|{{.Mountpoint}}' 2>&1").await?;
let output = exec(&session.handle, "docker volume ls --format '{{.Name}}|{{.Driver}}|{{.Mountpoint}}' 2>&1").await?;
Ok(output.lines().filter(|l| !l.is_empty()).map(|line| {
let p: Vec<&str> = line.splitn(3, '|').collect();
DockerVolume {
@ -86,20 +84,32 @@ pub async fn docker_list_volumes(session_id: String, state: State<'_, AppState>)
#[tauri::command]
pub async fn docker_action(session_id: String, action: String, target: String, state: State<'_, AppState>) -> Result<String, String> {
let session = state.ssh.get_session(&session_id).ok_or("Session not found")?;
let t = shell_escape(&target);
let cmd = match action.as_str() {
"start" => format!("docker start {} 2>&1", t),
"stop" => format!("docker stop {} 2>&1", t),
"restart" => format!("docker restart {} 2>&1", t),
"remove" => format!("docker rm -f {} 2>&1", t),
"logs" => format!("docker logs --tail 100 {} 2>&1", t),
"remove-image" => format!("docker rmi {} 2>&1", t),
"remove-volume" => format!("docker volume rm {} 2>&1", t),
"start" => format!("docker start {} 2>&1", target),
"stop" => format!("docker stop {} 2>&1", target),
"restart" => format!("docker restart {} 2>&1", target),
"remove" => format!("docker rm -f {} 2>&1", target),
"logs" => format!("docker logs --tail 100 {} 2>&1", target),
"remove-image" => format!("docker rmi {} 2>&1", target),
"remove-volume" => format!("docker volume rm {} 2>&1", target),
"builder-prune" => "docker builder prune -f 2>&1".to_string(),
"system-prune" => "docker system prune -f 2>&1".to_string(),
"system-prune-all" => "docker system prune -a -f 2>&1".to_string(),
_ => return Err(format!("Unknown docker action: {}", action)),
};
exec_on_session(&session.handle, &cmd).await
exec(&session.handle, &cmd).await
}
async fn exec(handle: &std::sync::Arc<tokio::sync::Mutex<russh::client::Handle<crate::ssh::session::SshClient>>>, cmd: &str) -> Result<String, String> {
let mut channel = { let h = handle.lock().await; h.channel_open_session().await.map_err(|e| format!("Exec failed: {}", e))? };
channel.exec(true, cmd).await.map_err(|e| format!("Exec failed: {}", e))?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(russh::ChannelMsg::Data { ref data }) => { if let Ok(t) = std::str::from_utf8(data.as_ref()) { output.push_str(t); } }
Some(russh::ChannelMsg::Eof) | Some(russh::ChannelMsg::Close) | None => break,
_ => {}
}
}
Ok(output)
}

13
src-tauri/src/commands/mcp_commands.rs
View File

@ -70,7 +70,7 @@ pub async fn mcp_terminal_execute(
let before = buf.total_written();
// Send command + marker echo
let full_cmd = format!("{}\recho {}\r", command, marker);
let full_cmd = format!("{}\necho {}\n", command, marker);
state.ssh.write(&session_id, full_cmd.as_bytes()).await?;
// Poll scrollback until marker appears or timeout
@ -116,19 +116,10 @@ pub async fn mcp_terminal_execute(
return Ok(clean.trim().to_string());
}
// Yield the executor before sleeping so other tasks aren't starved,
// then wait 200 ms — much cheaper than the original 50 ms busy-poll.
tokio::task::yield_now().await;
tokio::time::sleep(std::time::Duration::from_millis(200)).await;
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
}
}
/// Get the path where the MCP bridge binary is installed.
#[tauri::command]
pub fn mcp_bridge_path() -> String {
crate::mcp::bridge_manager::bridge_path().to_string_lossy().to_string()
}
/// Get the active session context — last 20 lines of scrollback for a session.
/// Called by the frontend when the user switches tabs, emitted to the copilot.
#[tauri::command]

1
src-tauri/src/commands/mod.rs
View File

@ -14,4 +14,3 @@ pub mod updater;
pub mod tools_commands_r2;
pub mod workspace_commands;
pub mod docker_commands;
pub mod window_commands;

77
src-tauri/src/commands/rdp_commands.rs
View File

@ -3,53 +3,35 @@
//! Mirrors the pattern used by `ssh_commands.rs` — thin command wrappers that
//! delegate to the `RdpService` via `State<AppState>`.
use tauri::{AppHandle, State};
use tauri::ipc::Response;
use tauri::State;
use crate::rdp::{RdpConfig, RdpSessionInfo};
use crate::AppState;
/// Connect to an RDP server.
///
/// Performs the full connection handshake (TCP -> TLS -> CredSSP -> RDP) and
/// starts streaming frame updates in the background.
///
/// Returns the session UUID.
#[tauri::command]
pub fn connect_rdp(
config: RdpConfig,
app_handle: AppHandle,
state: State<'_, AppState>,
) -> Result<String, String> {
state.rdp.connect(config, app_handle)
state.rdp.connect(config)
}
/// Get the dirty region since last call as raw RGBA bytes via binary IPC.
/// Get the current frame buffer as a base64-encoded RGBA string.
///
/// Binary format: 8-byte header + pixel data
/// Header: [x: u16, y: u16, width: u16, height: u16] (little-endian)
/// If header is all zeros, the payload is a full frame (width*height*4 bytes).
/// If header is non-zero, payload contains only the dirty rectangle pixels.
/// Returns empty payload if nothing changed.
/// The frontend decodes this and draws it onto a `<canvas>` element.
/// Pixel format: RGBA, 4 bytes per pixel, row-major, top-left origin.
#[tauri::command]
pub fn rdp_get_frame(
pub async fn rdp_get_frame(
session_id: String,
state: State<'_, AppState>,
) -> Result<Response, String> {
let (region, pixels) = state.rdp.get_frame(&session_id)?;
if pixels.is_empty() {
return Ok(Response::new(Vec::new()));
}
// Prepend 8-byte dirty rect header
let mut out = Vec::with_capacity(8 + pixels.len());
match region {
Some(rect) => {
out.extend_from_slice(&rect.x.to_le_bytes());
out.extend_from_slice(&rect.y.to_le_bytes());
out.extend_from_slice(&rect.width.to_le_bytes());
out.extend_from_slice(&rect.height.to_le_bytes());
}
None => {
out.extend_from_slice(&[0u8; 8]); // full frame marker
}
}
out.extend_from_slice(&pixels);
Ok(Response::new(out))
) -> Result<String, String> {
state.rdp.get_frame(&session_id).await
}
/// Send a mouse event to an RDP session.
@ -64,7 +46,7 @@ pub fn rdp_get_frame(
/// - 0x0100 = negative wheel direction
/// - 0x0400 = horizontal wheel
#[tauri::command]
pub fn rdp_send_mouse(
pub async fn rdp_send_mouse(
session_id: String,
x: u16,
y: u16,
@ -82,7 +64,7 @@ pub fn rdp_send_mouse(
///
/// `pressed` is `true` for key-down, `false` for key-up.
#[tauri::command]
pub fn rdp_send_key(
pub async fn rdp_send_key(
session_id: String,
scancode: u16,
pressed: bool,
@ -93,7 +75,7 @@ pub fn rdp_send_key(
/// Send clipboard text to an RDP session by simulating keystrokes.
#[tauri::command]
pub fn rdp_send_clipboard(
pub async fn rdp_send_clipboard(
session_id: String,
text: String,
state: State<'_, AppState>,
@ -101,34 +83,11 @@ pub fn rdp_send_clipboard(
state.rdp.send_clipboard(&session_id, &text)
}
/// Force the next get_frame to return a full frame regardless of dirty state.
/// Used when switching tabs or after resize to ensure the canvas is fully repainted.
#[tauri::command]
pub fn rdp_force_refresh(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
state.rdp.force_refresh(&session_id)
}
/// Resize the RDP session's desktop resolution.
/// Sends a Display Control Virtual Channel request to the server.
/// The server will re-render at the new resolution and send updated frames.
#[tauri::command]
pub fn rdp_resize(
session_id: String,
width: u16,
height: u16,
state: State<'_, AppState>,
) -> Result<(), String> {
state.rdp.resize(&session_id, width, height)
}
/// Disconnect an RDP session.
///
/// Sends a graceful shutdown to the RDP server and removes the session.
#[tauri::command]
pub fn disconnect_rdp(
pub async fn disconnect_rdp(
session_id: String,
state: State<'_, AppState>,
) -> Result<(), String> {
@ -137,7 +96,7 @@ pub fn disconnect_rdp(
/// List all active RDP sessions (metadata only).
#[tauri::command]
pub fn list_rdp_sessions(
pub async fn list_rdp_sessions(
state: State<'_, AppState>,
) -> Result<Vec<RdpSessionInfo>, String> {
Ok(state.rdp.list_sessions())

44
src-tauri/src/commands/tools_commands.rs
View File

@ -4,8 +4,6 @@ use tauri::State;
use serde::Serialize;
use crate::AppState;
use crate::ssh::exec::exec_on_session;
use crate::utils::shell_escape;
// ── Ping ─────────────────────────────────────────────────────────────────────
@ -27,7 +25,7 @@ pub async fn tool_ping(
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let n = count.unwrap_or(4);
let cmd = format!("ping -c {} {} 2>&1", n, shell_escape(&target));
let cmd = format!("ping -c {} {} 2>&1", n, target);
let output = exec_on_session(&session.handle, &cmd).await?;
Ok(PingResult { target, output })
}
@ -41,8 +39,7 @@ pub async fn tool_traceroute(
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let t = shell_escape(&target);
let cmd = format!("traceroute {} 2>&1 || tracert {} 2>&1", t, t);
let cmd = format!("traceroute {} 2>&1 || tracert {} 2>&1", target, target);
exec_on_session(&session.handle, &cmd).await
}
@ -68,16 +65,14 @@ pub async fn tool_wake_on_lan(
let cmd = format!(
r#"python3 -c "
import socket, struct
mac = bytes.fromhex({mac_clean_escaped})
mac = bytes.fromhex('{mac_clean}')
pkt = b'\xff'*6 + mac*16
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
s.sendto(pkt, ('255.255.255.255', 9))
s.close()
print('WoL packet sent to {mac_display_escaped}')
" 2>&1 || echo "python3 not available install python3 on remote host for WoL""#,
mac_clean_escaped = shell_escape(&mac_clean),
mac_display_escaped = shell_escape(&mac_address),
print('WoL packet sent to {mac_address}')
" 2>&1 || echo "python3 not available install python3 on remote host for WoL""#
);
exec_on_session(&session.handle, &cmd).await
@ -186,3 +181,32 @@ pub fn tool_generate_password_inner(
Ok(password)
}
// ── Helper ───────────────────────────────────────────────────────────────────
async fn exec_on_session(
handle: &std::sync::Arc<tokio::sync::Mutex<russh::client::Handle<crate::ssh::session::SshClient>>>,
cmd: &str,
) -> Result<String, String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session().await.map_err(|e| format!("Exec channel failed: {}", e))?
};
channel.exec(true, cmd).await.map_err(|e| format!("Exec failed: {}", e))?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(russh::ChannelMsg::Data { ref data }) => {
if let Ok(text) = std::str::from_utf8(data.as_ref()) {
output.push_str(text);
}
}
Some(russh::ChannelMsg::Eof) | Some(russh::ChannelMsg::Close) | None => break,
Some(russh::ChannelMsg::ExitStatus { .. }) => {}
_ => {}
}
}
Ok(output)
}

36
src-tauri/src/commands/tools_commands_r2.rs
View File

@ -4,8 +4,6 @@ use tauri::State;
use serde::Serialize;
use crate::AppState;
use crate::ssh::exec::exec_on_session;
use crate::utils::shell_escape;
// ── DNS Lookup ───────────────────────────────────────────────────────────────
@ -18,11 +16,10 @@ pub async fn tool_dns_lookup(
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let d = shell_escape(&domain);
let rt = shell_escape(&record_type.unwrap_or_else(|| "A".to_string()));
let rtype = record_type.unwrap_or_else(|| "A".to_string());
let cmd = format!(
r#"dig {} {} +short 2>/dev/null || nslookup -type={} {} 2>/dev/null || host -t {} {} 2>/dev/null"#,
d, rt, rt, d, rt, d
domain, rtype, rtype, domain, rtype, domain
);
exec_on_session(&session.handle, &cmd).await
}
@ -37,7 +34,7 @@ pub async fn tool_whois(
) -> Result<String, String> {
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let cmd = format!("whois {} 2>&1 | head -80", shell_escape(&target));
let cmd = format!("whois {} 2>&1 | head -80", target);
exec_on_session(&session.handle, &cmd).await
}
@ -53,10 +50,9 @@ pub async fn tool_bandwidth_iperf(
let session = state.ssh.get_session(&session_id)
.ok_or_else(|| format!("SSH session {} not found", session_id))?;
let dur = duration.unwrap_or(5);
let s = shell_escape(&server);
let cmd = format!(
"iperf3 -c {} -t {} --json 2>/dev/null || iperf3 -c {} -t {} 2>&1 || echo 'iperf3 not installed — run: apt install iperf3 / brew install iperf3'",
s, dur, s, dur
server, dur, server, dur
);
exec_on_session(&session.handle, &cmd).await
}
@ -182,3 +178,27 @@ fn to_ip(val: u32) -> String {
format!("{}.{}.{}.{}", val >> 24, (val >> 16) & 0xFF, (val >> 8) & 0xFF, val & 0xFF)
}
// ── Helper ───────────────────────────────────────────────────────────────────
async fn exec_on_session(
handle: &std::sync::Arc<tokio::sync::Mutex<russh::client::Handle<crate::ssh::session::SshClient>>>,
cmd: &str,
) -> Result<String, String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session().await.map_err(|e| format!("Exec channel failed: {}", e))?
};
channel.exec(true, cmd).await.map_err(|e| format!("Exec failed: {}", e))?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(russh::ChannelMsg::Data { ref data }) => {
if let Ok(text) = std::str::from_utf8(data.as_ref()) { output.push_str(text); }
}
Some(russh::ChannelMsg::Eof) | Some(russh::ChannelMsg::Close) | None => break,
Some(russh::ChannelMsg::ExitStatus { .. }) => {}
_ => {}
}
}
Ok(output)
}

6
src-tauri/src/commands/updater.rs
View File

@ -48,8 +48,10 @@ pub async fn check_for_updates(app_handle: tauri::AppHandle) -> Result<UpdateInf
.unwrap_or("")
.to_string();
// Direct download from SeaweedFS
let html_url = format!("https://files.command.vigilcyber.com/wraith/{}/", tag);
let html_url = latest.get("html_url")
.and_then(|v| v.as_str())
.unwrap_or("https://git.command.vigilcyber.com/vstockwell/wraith/releases")
.to_string();
let update_available = version_is_newer(&tag, &current);

31
src-tauri/src/commands/vault.rs
View File

@ -1,5 +1,4 @@
use tauri::State;
use zeroize::Zeroize;
use crate::vault::{self, VaultService};
use crate::credentials::CredentialService;
@ -22,15 +21,14 @@ pub fn is_first_run(state: State<'_, AppState>) -> bool {
/// Returns `Err` if the vault has already been set up or if any storage
/// operation fails.
#[tauri::command]
pub async fn create_vault(mut password: String, state: State<'_, AppState>) -> Result<(), String> {
let result = async {
pub fn create_vault(password: String, state: State<'_, AppState>) -> Result<(), String> {
if !state.is_first_run() {
return Err("Vault already exists — use unlock instead of create".into());
}
let salt = vault::generate_salt();
let key = vault::derive_key(&password, &salt);
let vs = VaultService::new(key.clone());
let vs = VaultService::new(key);
// Persist the salt so we can re-derive the key on future unlocks.
state.settings.set("vault_salt", &hex::encode(salt))?;
@ -41,14 +39,10 @@ pub async fn create_vault(mut password: String, state: State<'_, AppState>) -> R
// Activate the vault and credentials service for this session.
let cred_svc = CredentialService::new(state.db.clone(), VaultService::new(key));
*state.credentials.lock().await = Some(cred_svc);
*state.vault.lock().await = Some(vs);
*state.credentials.lock().unwrap() = Some(cred_svc);
*state.vault.lock().unwrap() = Some(vs);
Ok(())
}.await;
password.zeroize();
result
}
/// Unlock an existing vault using the master password.
@ -58,8 +52,7 @@ pub async fn create_vault(mut password: String, state: State<'_, AppState>) -> R
///
/// Returns `Err("Incorrect master password")` if the password is wrong.
#[tauri::command]
pub async fn unlock(mut password: String, state: State<'_, AppState>) -> Result<(), String> {
let result = async {
pub fn unlock(password: String, state: State<'_, AppState>) -> Result<(), String> {
let salt_hex = state
.settings
.get("vault_salt")
@ -69,7 +62,7 @@ pub async fn unlock(mut password: String, state: State<'_, AppState>) -> Result<
.map_err(|e| format!("Stored vault salt is corrupt: {e}"))?;
let key = vault::derive_key(&password, &salt);
let vs = VaultService::new(key.clone());
let vs = VaultService::new(key);
// Verify the password by decrypting the check value.
let check_blob = state
@ -87,18 +80,14 @@ pub async fn unlock(mut password: String, state: State<'_, AppState>) -> Result<
// Activate the vault and credentials service for this session.
let cred_svc = CredentialService::new(state.db.clone(), VaultService::new(key));
*state.credentials.lock().await = Some(cred_svc);
*state.vault.lock().await = Some(vs);
*state.credentials.lock().unwrap() = Some(cred_svc);
*state.vault.lock().unwrap() = Some(vs);
Ok(())
}.await;
password.zeroize();
result
}
/// Returns `true` if the vault is currently unlocked for this session.
#[tauri::command]
pub async fn is_unlocked(state: State<'_, AppState>) -> Result<bool, String> {
Ok(state.is_unlocked().await)
pub fn is_unlocked(state: State<'_, AppState>) -> bool {
state.is_unlocked()
}

40
src-tauri/src/commands/window_commands.rs
View File

@ -1,40 +0,0 @@
use tauri::AppHandle;
use tauri::WebviewWindowBuilder;
/// Open a child window from the Rust side using WebviewWindowBuilder.
///
/// The `url` parameter supports hash fragments (e.g. "index.html#/tool/ping?sessionId=abc").
/// WebviewUrl::App takes a PathBuf and cannot handle hash/query — so we load plain
/// index.html and set the hash via JS after the window is created.
#[tauri::command]
pub fn open_child_window(
app_handle: AppHandle,
label: String,
title: String,
url: String,
width: f64,
height: f64,
) -> Result<(), String> {
// Split "index.html#/tool/ping?sessionId=abc" into path and fragment
let (path, hash) = match url.split_once('#') {
Some((p, h)) => (p.to_string(), Some(format!("#{}", h))),
None => (url.clone(), None),
};
let webview_url = tauri::WebviewUrl::App(path.into());
let window = WebviewWindowBuilder::new(&app_handle, &label, webview_url)
.title(&title)
.inner_size(width, height)
.resizable(true)
.center()
.build()
.map_err(|e| format!("Failed to create window '{}': {}", label, e))?;
// Set the hash fragment after the window loads — this triggers App.vue's
// onMounted hash detection to render the correct tool/detached component.
if let Some(hash) = hash {
let _ = window.eval(&format!("window.location.hash = '{}';", hash));
}
Ok(())
}

23
src-tauri/src/connections/mod.rs
View File

@ -19,7 +19,6 @@ use crate::db::Database;
// ── domain types ──────────────────────────────────────────────────────────────
#[derive(Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct ConnectionGroup {
pub id: i64,
pub name: String,
@ -434,9 +433,6 @@ impl ConnectionService {
/// Batch-update sort_order for a list of connection IDs.
pub fn reorder_connections(&self, ids: &[i64]) -> Result<(), String> {
let conn = self.db.conn();
conn.execute_batch("BEGIN")
.map_err(|e| format!("Failed to begin reorder transaction: {e}"))?;
let result = (|| {
for (i, id) in ids.iter().enumerate() {
conn.execute(
"UPDATE connections SET sort_order = ?1 WHERE id = ?2",
@ -445,22 +441,11 @@ impl ConnectionService {
.map_err(|e| format!("Failed to reorder connection {id}: {e}"))?;
}
Ok(())
})();
if result.is_err() {
let _ = conn.execute_batch("ROLLBACK");
} else {
conn.execute_batch("COMMIT")
.map_err(|e| format!("Failed to commit reorder transaction: {e}"))?;
}
result
}
/// Batch-update sort_order for a list of group IDs.
pub fn reorder_groups(&self, ids: &[i64]) -> Result<(), String> {
let conn = self.db.conn();
conn.execute_batch("BEGIN")
.map_err(|e| format!("Failed to begin reorder transaction: {e}"))?;
let result = (|| {
for (i, id) in ids.iter().enumerate() {
conn.execute(
"UPDATE groups SET sort_order = ?1 WHERE id = ?2",
@ -469,14 +454,6 @@ impl ConnectionService {
.map_err(|e| format!("Failed to reorder group {id}: {e}"))?;
}
Ok(())
})();
if result.is_err() {
let _ = conn.execute_batch("ROLLBACK");
} else {
conn.execute_batch("COMMIT")
.map_err(|e| format!("Failed to commit reorder transaction: {e}"))?;
}
result
}
}

7
src-tauri/src/db/mod.rs
View File

@ -31,11 +31,10 @@ impl Database {
/// Acquire a lock on the underlying connection.
///
/// Recovers gracefully from a poisoned mutex by taking the inner value.
/// A poisoned mutex means a thread panicked while holding the lock; the
/// connection itself is still valid, so we can continue operating.
/// Panics if the mutex was poisoned (which only happens if a thread
/// panicked while holding the lock — a non-recoverable situation anyway).
pub fn conn(&self) -> std::sync::MutexGuard<'_, Connection> {
self.conn.lock().unwrap_or_else(|e| e.into_inner())
self.conn.lock().unwrap()
}
/// Run all embedded SQL migrations.

57
src-tauri/src/lib.rs
View File

@ -21,9 +21,9 @@ pub mod pty;
pub mod mcp;
pub mod scanner;
pub mod commands;
pub mod utils;
use std::path::PathBuf;
use std::sync::Mutex;
use db::Database;
use vault::VaultService;
@ -41,10 +41,10 @@ use mcp::error_watcher::ErrorWatcher;
pub struct AppState {
pub db: Database,
pub vault: tokio::sync::Mutex<Option<VaultService>>,
pub vault: Mutex<Option<VaultService>>,
pub settings: SettingsService,
pub connections: ConnectionService,
pub credentials: tokio::sync::Mutex<Option<CredentialService>>,
pub credentials: Mutex<Option<CredentialService>>,
pub ssh: SshService,
pub sftp: SftpService,
pub rdp: RdpService,
@ -60,18 +60,17 @@ impl AppState {
std::fs::create_dir_all(&data_dir)?;
let database = Database::open(&data_dir.join("wraith.db"))?;
database.migrate()?;
let settings = SettingsService::new(database.clone());
Ok(Self {
db: database.clone(),
vault: tokio::sync::Mutex::new(None),
vault: Mutex::new(None),
settings: SettingsService::new(database.clone()),
connections: ConnectionService::new(database.clone()),
credentials: tokio::sync::Mutex::new(None),
credentials: Mutex::new(None),
ssh: SshService::new(database.clone()),
sftp: SftpService::new(),
rdp: RdpService::new(),
theme: ThemeService::new(database),
workspace: WorkspaceService::new(settings.clone()),
settings,
theme: ThemeService::new(database.clone()),
workspace: WorkspaceService::new(SettingsService::new(database.clone())),
pty: PtyService::new(),
scrollback: ScrollbackRegistry::new(),
error_watcher: std::sync::Arc::new(ErrorWatcher::new()),
@ -86,8 +85,8 @@ impl AppState {
self.settings.get("vault_salt").unwrap_or_default().is_empty()
}
pub async fn is_unlocked(&self) -> bool {
self.vault.lock().await.is_some()
pub fn is_unlocked(&self) -> bool {
self.vault.lock().unwrap().is_some()
}
}
@ -101,24 +100,9 @@ pub fn data_directory() -> PathBuf {
PathBuf::from(".")
}
/// Cached log file handle — opened once on first use, reused for all subsequent
/// writes. Avoids the open/close syscall pair that the original implementation
/// paid on every `wraith_log!` invocation.
static LOG_FILE: std::sync::OnceLock<std::sync::Mutex<std::fs::File>> = std::sync::OnceLock::new();
fn write_log(path: &std::path::Path, msg: &str) -> std::io::Result<()> {
use std::io::Write;
let handle = LOG_FILE.get_or_init(|| {
let file = std::fs::OpenOptions::new()
.create(true)
.append(true)
.open(path)
.expect("failed to open wraith.log");
std::sync::Mutex::new(file)
});
let mut f = handle.lock().unwrap_or_else(|e| e.into_inner());
let mut f = std::fs::OpenOptions::new().create(true).append(true).open(path)?;
let elapsed = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap_or_default()
@ -171,9 +155,7 @@ pub fn run() {
let _ = write_log(&log_file, "Setup: cloned services OK");
// Error watcher — std::thread, no tokio needed
let watcher_for_mcp = watcher.clone();
let app_handle = app.handle().clone();
let app_handle_for_mcp = app.handle().clone();
let _ = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
mcp::error_watcher::start_error_watcher(watcher, scrollback.clone(), app_handle);
}));
@ -183,23 +165,13 @@ pub fn run() {
let log_file2 = log_file.clone();
let _ = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
tauri::async_runtime::spawn(async move {
match mcp::server::start_mcp_server(ssh, rdp, sftp, scrollback, app_handle_for_mcp, watcher_for_mcp).await {
match mcp::server::start_mcp_server(ssh, rdp, sftp, scrollback).await {
Ok(port) => { let _ = write_log(&log_file2, &format!("MCP server started on localhost:{}", port)); }
Err(e) => { let _ = write_log(&log_file2, &format!("MCP server FAILED: {}", e)); }
}
});
}));
let _ = write_log(&log_file, "Setup: MCP spawn dispatched");
// Download/update MCP bridge binary if needed
let app_ver = app.config().version.clone().unwrap_or_else(|| "0.0.0".to_string());
let log_file3 = log_file.clone();
tauri::async_runtime::spawn(async move {
match mcp::bridge_manager::ensure_bridge(&app_ver).await {
Ok(()) => { let _ = write_log(&log_file3, "Setup: MCP bridge binary OK"); }
Err(e) => { let _ = write_log(&log_file3, &format!("Setup: MCP bridge download failed: {}", e)); }
}
});
}
Err(panic) => {
let msg = if let Some(s) = panic.downcast_ref::<String>() {
@ -224,17 +196,16 @@ pub fn run() {
commands::credentials::list_credentials, commands::credentials::create_password, commands::credentials::create_ssh_key, commands::credentials::delete_credential, commands::credentials::decrypt_password, commands::credentials::decrypt_ssh_key,
commands::ssh_commands::connect_ssh, commands::ssh_commands::connect_ssh_with_key, commands::ssh_commands::ssh_write, commands::ssh_commands::ssh_resize, commands::ssh_commands::disconnect_ssh, commands::ssh_commands::disconnect_session, commands::ssh_commands::list_ssh_sessions,
commands::sftp_commands::sftp_list, commands::sftp_commands::sftp_read_file, commands::sftp_commands::sftp_write_file, commands::sftp_commands::sftp_mkdir, commands::sftp_commands::sftp_delete, commands::sftp_commands::sftp_rename,
commands::rdp_commands::connect_rdp, commands::rdp_commands::rdp_get_frame, commands::rdp_commands::rdp_force_refresh, commands::rdp_commands::rdp_send_mouse, commands::rdp_commands::rdp_send_key, commands::rdp_commands::rdp_send_clipboard, commands::rdp_commands::rdp_resize, commands::rdp_commands::disconnect_rdp, commands::rdp_commands::list_rdp_sessions,
commands::rdp_commands::connect_rdp, commands::rdp_commands::rdp_get_frame, commands::rdp_commands::rdp_send_mouse, commands::rdp_commands::rdp_send_key, commands::rdp_commands::rdp_send_clipboard, commands::rdp_commands::disconnect_rdp, commands::rdp_commands::list_rdp_sessions,
commands::theme_commands::list_themes, commands::theme_commands::get_theme,
commands::pty_commands::list_available_shells, commands::pty_commands::spawn_local_shell, commands::pty_commands::pty_write, commands::pty_commands::pty_resize, commands::pty_commands::disconnect_pty,
commands::mcp_commands::mcp_list_sessions, commands::mcp_commands::mcp_terminal_read, commands::mcp_commands::mcp_terminal_execute, commands::mcp_commands::mcp_get_session_context, commands::mcp_commands::mcp_bridge_path,
commands::mcp_commands::mcp_list_sessions, commands::mcp_commands::mcp_terminal_read, commands::mcp_commands::mcp_terminal_execute, commands::mcp_commands::mcp_get_session_context,
commands::scanner_commands::scan_network, commands::scanner_commands::scan_ports, commands::scanner_commands::quick_scan,
commands::tools_commands::tool_ping, commands::tools_commands::tool_traceroute, commands::tools_commands::tool_wake_on_lan, commands::tools_commands::tool_generate_ssh_key, commands::tools_commands::tool_generate_password,
commands::tools_commands_r2::tool_dns_lookup, commands::tools_commands_r2::tool_whois, commands::tools_commands_r2::tool_bandwidth_iperf, commands::tools_commands_r2::tool_bandwidth_speedtest, commands::tools_commands_r2::tool_subnet_calc,
commands::updater::check_for_updates,
commands::workspace_commands::save_workspace, commands::workspace_commands::load_workspace,
commands::docker_commands::docker_list_containers, commands::docker_commands::docker_list_images, commands::docker_commands::docker_list_volumes, commands::docker_commands::docker_action,
commands::window_commands::open_child_window,
])
.run(tauri::generate_context!())
.expect("error while running tauri application");

85
src-tauri/src/mcp/bridge_manager.rs
View File

@ -1,85 +0,0 @@
//! MCP bridge binary self-management.
//!
//! On startup, checks if wraith-mcp-bridge exists in the data directory.
//! If missing or outdated, downloads the correct version from Gitea packages.
use std::path::PathBuf;
/// Get the expected path for the bridge binary.
pub fn bridge_path() -> PathBuf {
let dir = crate::data_directory();
if cfg!(windows) {
dir.join("wraith-mcp-bridge.exe")
} else {
dir.join("wraith-mcp-bridge")
}
}
/// Check if the bridge binary exists and is the correct version.
/// If not, download it from Gitea packages.
pub async fn ensure_bridge(app_version: &str) -> Result<(), String> {
let path = bridge_path();
let version_file = crate::data_directory().join("mcp-bridge-version");
// Check if bridge exists and version matches
if path.exists() {
if let Ok(installed_ver) = std::fs::read_to_string(&version_file) {
if installed_ver.trim() == app_version {
wraith_log!("[MCP Bridge] v{} already installed at {}", app_version, path.display());
return Ok(());
}
}
}
wraith_log!("[MCP Bridge] Downloading v{} to {}", app_version, path.display());
let binary_name = if cfg!(windows) {
"wraith-mcp-bridge.exe"
} else {
"wraith-mcp-bridge"
};
let url = format!(
"https://files.command.vigilcyber.com/wraith/{}/{}",
app_version, binary_name
);
let client = reqwest::Client::builder()
.timeout(std::time::Duration::from_secs(30))
.build()
.map_err(|e| format!("HTTP client error: {}", e))?;
let resp = client.get(&url).send().await
.map_err(|e| format!("Failed to download MCP bridge: {}", e))?;
if !resp.status().is_success() {
return Err(format!("MCP bridge download failed: HTTP {}", resp.status()));
}
let bytes = resp.bytes().await
.map_err(|e| format!("Failed to read MCP bridge response: {}", e))?;
// Write the binary
std::fs::write(&path, &bytes)
.map_err(|e| format!("Failed to write MCP bridge to {}: {}", path.display(), e))?;
// Make executable on Unix
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let mut perms = std::fs::metadata(&path)
.map_err(|e| format!("Failed to read permissions: {}", e))?
.permissions();
perms.set_mode(0o755);
std::fs::set_permissions(&path, perms)
.map_err(|e| format!("Failed to set execute permission: {}", e))?;
}
// Write version marker
std::fs::write(&version_file, app_version)
.map_err(|e| format!("Failed to write version file: {}", e))?;
wraith_log!("[MCP Bridge] v{} installed successfully ({} bytes)", app_version, bytes.len());
Ok(())
}

6
src-tauri/src/mcp/error_watcher.rs
View File

@ -62,9 +62,9 @@ impl ErrorWatcher {
continue;
}
// Only scan bytes written since the last check — avoids
// reading the entire 64 KB ring buffer on every 2-second tick.
let new_content = buf.read_since(last_pos);
let raw = buf.read_raw();
let new_start = raw.len().saturating_sub(total - last_pos);
let new_content = &raw[new_start..];
for line in new_content.lines() {
for pattern in ERROR_PATTERNS {

7
src-tauri/src/mcp/mod.rs
View File

@ -7,7 +7,6 @@
pub mod scrollback;
pub mod server;
pub mod error_watcher;
pub mod bridge_manager;
use std::sync::Arc;
@ -19,12 +18,12 @@ use crate::mcp::scrollback::ScrollbackBuffer;
/// Shared between SSH/PTY output loops (writers) and MCP tools (readers).
#[derive(Clone)]
pub struct ScrollbackRegistry {
buffers: Arc<DashMap<String, Arc<ScrollbackBuffer>>>,
buffers: DashMap<String, Arc<ScrollbackBuffer>>,
}
impl ScrollbackRegistry {
pub fn new() -> Self {
Self { buffers: Arc::new(DashMap::new()) }
Self { buffers: DashMap::new() }
}
/// Create and register a new scrollback buffer for a session.
@ -36,7 +35,7 @@ impl ScrollbackRegistry {
/// Get the scrollback buffer for a session.
pub fn get(&self, session_id: &str) -> Option<Arc<ScrollbackBuffer>> {
self.buffers.get(session_id).map(|r| r.value().clone())
self.buffers.get(session_id).map(|entry| entry.clone())
}
/// Remove a session's scrollback buffer.

106
src-tauri/src/mcp/scrollback.rs
View File

@ -40,25 +40,13 @@ impl ScrollbackBuffer {
/// Append bytes to the buffer. Old data is overwritten when full.
pub fn push(&self, bytes: &[u8]) {
if bytes.is_empty() {
return;
let mut buf = self.inner.lock().unwrap();
for &b in bytes {
let pos = buf.write_pos;
buf.data[pos] = b;
buf.write_pos = (pos + 1) % buf.capacity;
buf.total_written += 1;
}
let mut buf = self.inner.lock().unwrap_or_else(|e| e.into_inner());
let cap = buf.capacity;
// If input exceeds capacity, only keep the last `cap` bytes
let data = if bytes.len() > cap {
&bytes[bytes.len() - cap..]
} else {
bytes
};
let write_pos = buf.write_pos;
let first_len = (cap - write_pos).min(data.len());
buf.data[write_pos..write_pos + first_len].copy_from_slice(&data[..first_len]);
if first_len < data.len() {
buf.data[..data.len() - first_len].copy_from_slice(&data[first_len..]);
}
buf.write_pos = (write_pos + data.len()) % cap;
buf.total_written += bytes.len();
}
/// Read the last `n` lines from the buffer, with ANSI escape codes stripped.
@ -72,7 +60,7 @@ impl ScrollbackBuffer {
/// Read all buffered content as raw bytes (ordered oldest→newest).
pub fn read_raw(&self) -> String {
let buf = self.inner.lock().unwrap_or_else(|e| e.into_inner());
let buf = self.inner.lock().unwrap();
let bytes = if buf.total_written >= buf.capacity {
// Buffer has wrapped — read from write_pos to end, then start to write_pos
let mut out = Vec::with_capacity(buf.capacity);
@ -88,47 +76,7 @@ impl ScrollbackBuffer {
/// Total bytes written since creation.
pub fn total_written(&self) -> usize {
self.inner.lock().unwrap_or_else(|e| e.into_inner()).total_written
}
/// Read only the bytes written after `position` (total_written offset),
/// ordered oldest→newest, with ANSI codes stripped.
///
/// Returns an empty string when there is nothing new since `position`.
/// This is more efficient than `read_raw()` for incremental scanning because
/// it avoids copying the full 64 KB ring buffer when only a small delta exists.
pub fn read_since(&self, position: usize) -> String {
let buf = self.inner.lock().unwrap_or_else(|e| e.into_inner());
let total = buf.total_written;
if total <= position {
return String::new();
}
let new_bytes = total - position;
let cap = buf.capacity;
// How many bytes are actually stored in the ring (max = capacity)
let stored = total.min(cap);
// Clamp new_bytes to what's actually in the buffer
let readable = new_bytes.min(stored);
// Write position is where the *next* byte would go; reading backwards
// from write_pos gives us the most recent `readable` bytes.
let write_pos = buf.write_pos;
let bytes = if readable <= write_pos {
// Contiguous slice ending at write_pos
buf.data[write_pos - readable..write_pos].to_vec()
} else {
// Wraps around: tail of buffer + head up to write_pos
let tail_len = readable - write_pos;
let tail_start = cap - tail_len;
let mut out = Vec::with_capacity(readable);
out.extend_from_slice(&buf.data[tail_start..]);
out.extend_from_slice(&buf.data[..write_pos]);
out
};
let raw = String::from_utf8_lossy(&bytes).to_string();
strip_ansi(&raw)
self.inner.lock().unwrap().total_written
}
}
@ -244,42 +192,4 @@ mod tests {
buf.push(b"ABCD"); // 4 more, wraps
assert_eq!(buf.total_written(), 12);
}
#[test]
fn push_empty_is_noop() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"hello");
buf.push(b"");
assert_eq!(buf.total_written(), 5);
assert!(buf.read_raw().contains("hello"));
}
#[test]
fn push_larger_than_capacity() {
let buf = ScrollbackBuffer::with_capacity(4);
buf.push(b"ABCDEFGH"); // 8 bytes into 4-byte buffer
let raw = buf.read_raw();
assert_eq!(raw, "EFGH"); // only last 4 bytes kept
assert_eq!(buf.total_written(), 8);
}
#[test]
fn push_exact_capacity() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"12345678");
let raw = buf.read_raw();
assert_eq!(raw, "12345678");
assert_eq!(buf.total_written(), 8);
}
#[test]
fn push_wrap_around_boundary() {
let buf = ScrollbackBuffer::with_capacity(8);
buf.push(b"123456"); // write_pos = 6
buf.push(b"ABCD"); // wraps: 2 at end, 2 at start
let raw = buf.read_raw();
// Buffer: [C, D, 3, 4, 5, 6, A, B], write_pos=2
// Read from pos 2: "3456AB" + wrap: no, read from write_pos to end then start
assert_eq!(raw, "3456ABCD");
}
}

288
src-tauri/src/mcp/server.rs
View File

@ -5,23 +5,14 @@
use std::sync::Arc;
use axum::{
extract::State as AxumState,
http::{Request, StatusCode},
middleware::{self, Next},
response::Response,
routing::post,
Json, Router,
};
use axum::{extract::State as AxumState, routing::post, Json, Router};
use serde::{Deserialize, Serialize};
use tokio::net::TcpListener;
use crate::mcp::ScrollbackRegistry;
use crate::rdp::RdpService;
use crate::sftp::SftpService;
use crate::ssh::exec::exec_on_session;
use crate::ssh::session::SshService;
use crate::utils::shell_escape;
/// Shared state passed to axum handlers.
pub struct McpServerState {
@ -29,29 +20,6 @@ pub struct McpServerState {
pub rdp: RdpService,
pub sftp: SftpService,
pub scrollback: ScrollbackRegistry,
pub app_handle: tauri::AppHandle,
pub error_watcher: std::sync::Arc<crate::mcp::error_watcher::ErrorWatcher>,
pub bearer_token: String,
}
/// Middleware that validates the `Authorization: Bearer <token>` header.
async fn auth_middleware(
AxumState(state): AxumState<Arc<McpServerState>>,
req: Request<axum::body::Body>,
next: Next,
) -> Result<Response, StatusCode> {
let auth_header = req
.headers()
.get("authorization")
.and_then(|v| v.to_str().ok())
.unwrap_or("");
let expected = format!("Bearer {}", state.bearer_token);
if auth_header != expected {
return Err(StatusCode::UNAUTHORIZED);
}
Ok(next.run(req).await)
}
#[derive(Deserialize)]
@ -84,13 +52,6 @@ struct SftpWriteRequest {
content: String,
}
#[derive(Deserialize)]
struct TerminalTypeRequest {
session_id: String,
text: String,
press_enter: Option<bool>,
}
#[derive(Deserialize)]
struct TerminalExecuteRequest {
session_id: String,
@ -187,28 +148,12 @@ async fn handle_screenshot(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<ScreenshotRequest>,
) -> Json<McpResponse<String>> {
match state.rdp.screenshot_png_base64(&req.session_id) {
match state.rdp.screenshot_png_base64(&req.session_id).await {
Ok(b64) => ok_response(b64),
Err(e) => err_response(e),
}
}
async fn handle_terminal_type(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<TerminalTypeRequest>,
) -> Json<McpResponse<String>> {
let text = if req.press_enter.unwrap_or(true) {
format!("{}\r", req.text)
} else {
req.text.clone()
};
match state.ssh.write(&req.session_id, text.as_bytes()).await {
Ok(()) => ok_response("sent".to_string()),
Err(e) => err_response(e),
}
}
async fn handle_terminal_read(
AxumState(state): AxumState<Arc<McpServerState>>,
Json(req): Json<TerminalReadRequest>,
@ -233,7 +178,7 @@ async fn handle_terminal_execute(
};
let before = buf.total_written();
let full_cmd = format!("{}\recho {}\r", req.command, marker);
let full_cmd = format!("{}\necho {}\n", req.command, marker);
if let Err(e) = state.ssh.write(&req.session_id, full_cmd.as_bytes()).await {
return err_response(e);
@ -309,32 +254,30 @@ struct ToolPassgenRequest { length: Option<usize>, uppercase: Option<bool>, lowe
async fn handle_tool_ping(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("ping -c 4 {} 2>&1", shell_escape(&req.target))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
match tool_exec(&session.handle, &format!("ping -c 4 {} 2>&1", req.target)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_traceroute(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let t = shell_escape(&req.target);
match exec_on_session(&session.handle, &format!("traceroute {} 2>&1 || tracert {} 2>&1", t, t)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
match tool_exec(&session.handle, &format!("traceroute {} 2>&1 || tracert {} 2>&1", req.target, req.target)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_dns(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolDnsRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let rt = shell_escape(&req.record_type.unwrap_or_else(|| "A".to_string()));
let d = shell_escape(&req.domain);
match exec_on_session(&session.handle, &format!("dig {} {} +short 2>/dev/null || nslookup -type={} {} 2>/dev/null || host -t {} {} 2>/dev/null", d, rt, rt, d, rt, d)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
let rt = req.record_type.unwrap_or_else(|| "A".to_string());
match tool_exec(&session.handle, &format!("dig {} {} +short 2>/dev/null || nslookup -type={} {} 2>/dev/null || host -t {} {} 2>/dev/null", req.domain, rt, rt, req.domain, rt, req.domain)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_whois(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("whois {} 2>&1 | head -80", shell_escape(&req.target))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
match tool_exec(&session.handle, &format!("whois {} 2>&1 | head -80", req.target)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_wol(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolWolRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let mac_clean = req.mac_address.replace([':', '-'], "");
let cmd = format!(r#"python3 -c "import socket;mac=bytes.fromhex({});pkt=b'\xff'*6+mac*16;s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM);s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST,1);s.sendto(pkt,('255.255.255.255',9));s.close();print('WoL sent to {}')" 2>&1"#, shell_escape(&mac_clean), shell_escape(&req.mac_address));
match exec_on_session(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
let cmd = format!(r#"python3 -c "import socket;mac=bytes.fromhex('{}');pkt=b'\xff'*6+mac*16;s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM);s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST,1);s.sendto(pkt,('255.255.255.255',9));s.close();print('WoL sent to {}')" 2>&1"#, mac_clean, req.mac_address);
match tool_exec(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_scan_network(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolScanNetworkRequest>) -> Json<McpResponse<serde_json::Value>> {
@ -365,7 +308,7 @@ async fn handle_tool_subnet(_state: AxumState<Arc<McpServerState>>, Json(req): J
async fn handle_tool_bandwidth(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionOnly>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let cmd = r#"if command -v speedtest-cli >/dev/null 2>&1; then speedtest-cli --simple 2>&1; elif command -v curl >/dev/null 2>&1; then curl -o /dev/null -w "Download: %{speed_download} bytes/sec\n" https://speed.cloudflare.com/__down?bytes=25000000 2>/dev/null; else echo "No speedtest tool found"; fi"#;
match exec_on_session(&session.handle, cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
match tool_exec(&session.handle, cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_tool_keygen(_state: AxumState<Arc<McpServerState>>, Json(req): Json<ToolKeygenRequest>) -> Json<McpResponse<serde_json::Value>> {
@ -382,166 +325,18 @@ async fn handle_tool_passgen(_state: AxumState<Arc<McpServerState>>, Json(req):
}
}
// ── Docker handlers ──────────────────────────────────────────────────────────
#[derive(Deserialize)]
struct DockerActionRequest { session_id: String, action: String, target: String }
#[derive(Deserialize)]
struct DockerListRequest { session_id: String }
#[derive(Deserialize)]
struct DockerExecRequest { session_id: String, container: String, command: String }
async fn handle_docker_ps(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<DockerListRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, "docker ps -a --format '{{.Names}}|{{.Image}}|{{.Status}}|{{.Ports}}' 2>&1").await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_docker_action(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<DockerActionRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let t = shell_escape(&req.target);
let cmd = match req.action.as_str() {
"start" => format!("docker start {} 2>&1", t),
"stop" => format!("docker stop {} 2>&1", t),
"restart" => format!("docker restart {} 2>&1", t),
"remove" => format!("docker rm -f {} 2>&1", t),
"logs" => format!("docker logs --tail 100 {} 2>&1", t),
"builder-prune" => "docker builder prune -f 2>&1".to_string(),
"system-prune" => "docker system prune -f 2>&1".to_string(),
_ => return err_response(format!("Unknown action: {}", req.action)),
};
match exec_on_session(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_docker_exec(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<DockerExecRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let cmd = format!("docker exec {} {} 2>&1", shell_escape(&req.container), shell_escape(&req.command));
match exec_on_session(&session.handle, &cmd).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
// ── Service/process handlers ─────────────────────────────────────────────────
async fn handle_service_status(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let t = shell_escape(&req.target);
match exec_on_session(&session.handle, &format!("systemctl status {} --no-pager 2>&1 || service {} status 2>&1", t, t)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_process_list(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<ToolSessionTarget>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
let filter = if req.target.is_empty() { "aux --sort=-%cpu | head -30".to_string() } else { format!("aux | grep -i {} | grep -v grep", shell_escape(&req.target)) };
match exec_on_session(&session.handle, &format!("ps {}", filter)).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
// ── Git handlers ─────────────────────────────────────────────────────────────
#[derive(Deserialize)]
struct GitRequest { session_id: String, path: String }
async fn handle_git_status(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<GitRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("cd {} && git status --short --branch 2>&1", shell_escape(&req.path))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_git_pull(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<GitRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("cd {} && git pull 2>&1", shell_escape(&req.path))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
async fn handle_git_log(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<GitRequest>) -> Json<McpResponse<String>> {
let session = match state.ssh.get_session(&req.session_id) { Some(s) => s, None => return err_response(format!("Session {} not found", req.session_id)) };
match exec_on_session(&session.handle, &format!("cd {} && git log --oneline -20 2>&1", shell_escape(&req.path))).await { Ok(o) => ok_response(o), Err(e) => err_response(e) }
}
// ── Session creation handlers ────────────────────────────────────────────────
#[derive(Deserialize)]
struct SshConnectRequest {
hostname: String,
port: Option<u16>,
username: String,
password: Option<String>,
private_key_path: Option<String>,
}
async fn handle_ssh_connect(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<SshConnectRequest>) -> Json<McpResponse<String>> {
use crate::ssh::session::AuthMethod;
let port = req.port.unwrap_or(22);
let auth = if let Some(key_path) = req.private_key_path {
// Read key file
let pem = match std::fs::read_to_string(&key_path) {
Ok(p) => p,
Err(e) => return err_response(format!("Failed to read key file {}: {}", key_path, e)),
};
AuthMethod::Key { private_key_pem: pem, passphrase: req.password }
} else {
AuthMethod::Password(req.password.unwrap_or_default())
};
match state.ssh.connect(
state.app_handle.clone(),
&req.hostname,
port,
&req.username,
auth,
120, 40,
&state.sftp,
&state.scrollback,
&state.error_watcher,
).await {
Ok(session_id) => ok_response(session_id),
Err(e) => err_response(e),
async fn tool_exec(handle: &std::sync::Arc<tokio::sync::Mutex<russh::client::Handle<crate::ssh::session::SshClient>>>, cmd: &str) -> Result<String, String> {
let mut channel = { let h = handle.lock().await; h.channel_open_session().await.map_err(|e| format!("Exec failed: {}", e))? };
channel.exec(true, cmd).await.map_err(|e| format!("Exec failed: {}", e))?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(russh::ChannelMsg::Data { ref data }) => { if let Ok(t) = std::str::from_utf8(data.as_ref()) { output.push_str(t); } }
Some(russh::ChannelMsg::Eof) | Some(russh::ChannelMsg::Close) | None => break,
_ => {}
}
}
// ── RDP interaction handlers ─────────────────────────────────────────────────
#[derive(Deserialize)]
struct RdpClickRequest { session_id: String, x: u16, y: u16, button: Option<String> }
#[derive(Deserialize)]
struct RdpTypeRequest { session_id: String, text: String }
#[derive(Deserialize)]
struct RdpClipboardRequest { session_id: String, text: String }
async fn handle_rdp_click(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<RdpClickRequest>) -> Json<McpResponse<String>> {
use crate::rdp::input::mouse_flags;
let button_flag = match req.button.as_deref().unwrap_or("left") {
"right" => mouse_flags::BUTTON2,
"middle" => mouse_flags::BUTTON3,
_ => mouse_flags::BUTTON1,
};
// Move to position
if let Err(e) = state.rdp.send_mouse(&req.session_id, req.x, req.y, mouse_flags::MOVE) { return err_response(e); }
// Click down
if let Err(e) = state.rdp.send_mouse(&req.session_id, req.x, req.y, button_flag | mouse_flags::DOWN) { return err_response(e); }
// Click up
if let Err(e) = state.rdp.send_mouse(&req.session_id, req.x, req.y, button_flag) { return err_response(e); }
ok_response(format!("clicked ({}, {})", req.x, req.y))
}
async fn handle_rdp_type(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<RdpTypeRequest>) -> Json<McpResponse<String>> {
// Set clipboard then simulate Ctrl+V to paste (most reliable for arbitrary text)
if let Err(e) = state.rdp.send_clipboard(&req.session_id, &req.text) { return err_response(e); }
// Small delay for clipboard to propagate, then Ctrl+V
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
// Ctrl down
let _ = state.rdp.send_key(&req.session_id, 0x001D, true);
// V down
let _ = state.rdp.send_key(&req.session_id, 0x002F, true);
// V up
let _ = state.rdp.send_key(&req.session_id, 0x002F, false);
// Ctrl up
let _ = state.rdp.send_key(&req.session_id, 0x001D, false);
ok_response(format!("typed {} chars via clipboard paste", req.text.len()))
}
async fn handle_rdp_clipboard(AxumState(state): AxumState<Arc<McpServerState>>, Json(req): Json<RdpClipboardRequest>) -> Json<McpResponse<String>> {
if let Err(e) = state.rdp.send_clipboard(&req.session_id, &req.text) { return err_response(e); }
ok_response("clipboard set".to_string())
Ok(output)
}
/// Start the MCP HTTP server and write the port to disk.
@ -550,22 +345,11 @@ pub async fn start_mcp_server(
rdp: RdpService,
sftp: SftpService,
scrollback: ScrollbackRegistry,
app_handle: tauri::AppHandle,
error_watcher: std::sync::Arc<crate::mcp::error_watcher::ErrorWatcher>,
) -> Result<u16, String> {
// Generate a cryptographically random bearer token for authentication
use rand::Rng;
let bearer_token: String = rand::rng()
.sample_iter(&rand::distr::Alphanumeric)
.take(64)
.map(char::from)
.collect();
let state = Arc::new(McpServerState { ssh, rdp, sftp, scrollback, app_handle, error_watcher, bearer_token: bearer_token.clone() });
let state = Arc::new(McpServerState { ssh, rdp, sftp, scrollback });
let app = Router::new()
.route("/mcp/sessions", post(handle_list_sessions))
.route("/mcp/terminal/type", post(handle_terminal_type))
.route("/mcp/terminal/read", post(handle_terminal_read))
.route("/mcp/terminal/execute", post(handle_terminal_execute))
.route("/mcp/screenshot", post(handle_screenshot))
@ -583,19 +367,6 @@ pub async fn start_mcp_server(
.route("/mcp/tool/bandwidth", post(handle_tool_bandwidth))
.route("/mcp/tool/keygen", post(handle_tool_keygen))
.route("/mcp/tool/passgen", post(handle_tool_passgen))
.route("/mcp/docker/ps", post(handle_docker_ps))
.route("/mcp/docker/action", post(handle_docker_action))
.route("/mcp/docker/exec", post(handle_docker_exec))
.route("/mcp/service/status", post(handle_service_status))
.route("/mcp/process/list", post(handle_process_list))
.route("/mcp/git/status", post(handle_git_status))
.route("/mcp/git/pull", post(handle_git_pull))
.route("/mcp/git/log", post(handle_git_log))
.route("/mcp/rdp/click", post(handle_rdp_click))
.route("/mcp/rdp/type", post(handle_rdp_type))
.route("/mcp/rdp/clipboard", post(handle_rdp_clipboard))
.route("/mcp/ssh/connect", post(handle_ssh_connect))
.layer(middleware::from_fn_with_state(state.clone(), auth_middleware))
.with_state(state);
let listener = TcpListener::bind("127.0.0.1:0").await
@ -606,23 +377,10 @@ pub async fn start_mcp_server(
.port();
// Write port to well-known location
let data_dir = crate::data_directory();
let port_file = data_dir.join("mcp-port");
let port_file = crate::data_directory().join("mcp-port");
std::fs::write(&port_file, port.to_string())
.map_err(|e| format!("Failed to write MCP port file: {}", e))?;
// Write bearer token to a separate file with restrictive permissions
let token_file = data_dir.join("mcp-token");
std::fs::write(&token_file, &bearer_token)
.map_err(|e| format!("Failed to write MCP token file: {}", e))?;
// Set owner-only read/write permissions (Unix)
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let _ = std::fs::set_permissions(&token_file, std::fs::Permissions::from_mode(0o600));
}
tokio::spawn(async move {
axum::serve(listener, app).await.ok();
});

170
src-tauri/src/rdp/mod.rs
View File

@ -8,12 +8,11 @@ use std::sync::atomic::{AtomicBool, Ordering};
use base64::Engine;
use dashmap::DashMap;
use log::{error, info, warn};
use tauri::Emitter;
use serde::{Deserialize, Serialize};
use tokio::io::{AsyncRead, AsyncWrite};
use tokio::net::TcpStream;
use tokio::sync::mpsc;
use tokio::sync::Mutex as TokioMutex;
use ironrdp::connector::{self, ClientConnector, ConnectionResult, Credentials, DesktopSize};
use ironrdp::graphics::image_processing::PixelFormat;
@ -63,45 +62,31 @@ enum InputEvent {
pressed: bool,
},
Clipboard(String),
Resize { width: u16, height: u16 },
Disconnect,
}
/// Dirty rectangle from the last GraphicsUpdate — used for partial frame transfer.
#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DirtyRect {
pub x: u16,
pub y: u16,
pub width: u16,
pub height: u16,
}
struct RdpSessionHandle {
id: String,
hostname: String,
width: u16,
height: u16,
/// Frame buffer: RDP thread writes via RwLock write, IPC reads via RwLock read.
front_buffer: Arc<std::sync::RwLock<Vec<u8>>>,
/// Accumulated dirty region since last get_frame — union of all GraphicsUpdate rects.
dirty_region: Arc<std::sync::Mutex<Option<DirtyRect>>>,
frame_buffer: Arc<TokioMutex<Vec<u8>>>,
frame_dirty: Arc<AtomicBool>,
input_tx: mpsc::UnboundedSender<InputEvent>,
}
pub struct RdpService {
sessions: Arc<DashMap<String, Arc<RdpSessionHandle>>>,
sessions: DashMap<String, Arc<RdpSessionHandle>>,
}
impl RdpService {
pub fn new() -> Self {
Self {
sessions: Arc::new(DashMap::new()),
sessions: DashMap::new(),
}
}
pub fn connect(&self, config: RdpConfig, app_handle: tauri::AppHandle) -> Result<String, String> {
pub fn connect(&self, config: RdpConfig) -> Result<String, String> {
let session_id = uuid::Uuid::new_v4().to_string();
wraith_log!("[RDP] Connecting to {}:{} as {} (session {})", config.hostname, config.port, config.username, session_id);
let width = config.width;
@ -113,8 +98,7 @@ impl RdpService {
for pixel in initial_buf.chunks_exact_mut(4) {
pixel[3] = 255;
}
let front_buffer = Arc::new(std::sync::RwLock::new(initial_buf));
let dirty_region = Arc::new(std::sync::Mutex::new(None));
let frame_buffer = Arc::new(TokioMutex::new(initial_buf));
let frame_dirty = Arc::new(AtomicBool::new(false));
let (input_tx, input_rx) = mpsc::unbounded_channel();
@ -124,8 +108,7 @@ impl RdpService {
hostname: hostname.clone(),
width,
height,
front_buffer: front_buffer.clone(),
dirty_region: dirty_region.clone(),
frame_buffer: frame_buffer.clone(),
frame_dirty: frame_dirty.clone(),
input_tx,
});
@ -172,14 +155,11 @@ impl RdpService {
if let Err(e) = run_active_session(
connection_result,
framed,
front_buffer,
dirty_region,
frame_buffer,
frame_dirty,
input_rx,
width as u16,
height as u16,
app_handle,
sid.clone(),
)
.await
{
@ -217,65 +197,35 @@ impl RdpService {
Ok(session_id)
}
/// Get the dirty region since the last call. Returns (region_metadata, pixel_bytes).
/// The pixel bytes contain only the dirty rectangle in row-major RGBA order.
/// If nothing changed, returns empty bytes. If the dirty region covers >50% of the
/// frame, falls back to full frame for efficiency (avoids row-by-row extraction).
pub fn get_frame(&self, session_id: &str) -> Result<(Option<DirtyRect>, Vec<u8>), String> {
pub async fn get_frame(&self, session_id: &str) -> Result<String, String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
if !handle.frame_dirty.swap(false, Ordering::Acquire) {
return Ok((None, Vec::new()));
if !handle.frame_dirty.swap(false, Ordering::Relaxed) {
return Ok(String::new());
}
let buf = handle.frame_buffer.lock().await;
let encoded = base64::engine::general_purpose::STANDARD.encode(&*buf);
Ok(encoded)
}
let region = handle.dirty_region.lock().unwrap_or_else(|e| e.into_inner()).take();
let buf = handle.front_buffer.read().unwrap_or_else(|e| e.into_inner());
let stride = handle.width as usize * 4;
let total_pixels = handle.width as usize * handle.height as usize;
match region {
Some(rect) if (rect.width as usize * rect.height as usize) < total_pixels / 2 => {
// Partial: extract only the dirty rectangle
let rw = rect.width as usize;
let rh = rect.height as usize;
let rx = rect.x as usize;
let ry = rect.y as usize;
let mut out = Vec::with_capacity(rw * rh * 4);
for row in ry..ry + rh {
let start = row * stride + rx * 4;
let end = start + rw * 4;
if end <= buf.len() {
out.extend_from_slice(&buf[start..end]);
}
}
Ok((Some(rect), out))
}
_ => {
// Full frame: dirty region covers most of the screen or is missing
Ok((None, buf.clone()))
}
}
}
pub fn get_frame_raw(&self, session_id: &str) -> Result<Vec<u8>, String> {
pub async fn get_frame_raw(&self, session_id: &str) -> Result<Vec<u8>, String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
let buf = handle.front_buffer.read().unwrap_or_else(|e| e.into_inner());
let buf = handle.frame_buffer.lock().await;
Ok(buf.clone())
}
/// Capture the current RDP frame as a base64-encoded PNG.
pub fn screenshot_png_base64(&self, session_id: &str) -> Result<String, String> {
pub async fn screenshot_png_base64(&self, session_id: &str) -> Result<String, String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
let width = handle.width as u32;
let height = handle.height as u32;
let buf = handle.front_buffer.read().unwrap_or_else(|e| e.into_inner());
let buf = handle.frame_buffer.lock().await;
// Encode RGBA raw bytes to PNG (fast compression for speed)
// Encode RGBA raw bytes to PNG
let mut png_data = Vec::new();
{
let mut encoder = png::Encoder::new(&mut png_data, width, height);
encoder.set_color(png::ColorType::Rgba);
encoder.set_depth(png::BitDepth::Eight);
encoder.set_compression(png::Compression::Fast);
let mut writer = encoder.write_header()
.map_err(|e| format!("PNG header error: {}", e))?;
writer.write_image_data(&buf)
@ -300,19 +250,6 @@ impl RdpService {
handle.input_tx.send(InputEvent::Key { scancode, pressed }).map_err(|_| format!("RDP session {} input channel closed", session_id))
}
pub fn force_refresh(&self, session_id: &str) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
// Clear any accumulated dirty region so get_frame returns the full buffer
*handle.dirty_region.lock().unwrap_or_else(|e| e.into_inner()) = None;
handle.frame_dirty.store(true, Ordering::Release);
Ok(())
}
pub fn resize(&self, session_id: &str, width: u16, height: u16) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
handle.input_tx.send(InputEvent::Resize { width, height }).map_err(|_| format!("RDP session {} input channel closed", session_id))
}
pub fn disconnect(&self, session_id: &str) -> Result<(), String> {
let handle = self.sessions.get(session_id).ok_or_else(|| format!("RDP session {} not found", session_id))?;
let _ = handle.input_tx.send(InputEvent::Disconnect);
@ -366,11 +303,7 @@ fn build_connector_config(config: &RdpConfig) -> Result<connector::Config, Strin
request_data: None,
autologon: false,
enable_audio_playback: false,
performance_flags: PerformanceFlags::DISABLE_WALLPAPER
| PerformanceFlags::DISABLE_MENUANIMATIONS
| PerformanceFlags::DISABLE_CURSOR_SHADOW
| PerformanceFlags::ENABLE_FONT_SMOOTHING
| PerformanceFlags::ENABLE_DESKTOP_COMPOSITION,
performance_flags: PerformanceFlags::default(),
desktop_scale_factor: 0,
hardware_id: None,
license_cache: None,
@ -400,7 +333,7 @@ async fn establish_connection(config: connector::Config, hostname: &str, port: u
Ok((connection_result, upgraded_framed))
}
async fn run_active_session(connection_result: ConnectionResult, framed: UpgradedFramed, front_buffer: Arc<std::sync::RwLock<Vec<u8>>>, dirty_region: Arc<std::sync::Mutex<Option<DirtyRect>>>, frame_dirty: Arc<AtomicBool>, mut input_rx: mpsc::UnboundedReceiver<InputEvent>, mut width: u16, mut height: u16, app_handle: tauri::AppHandle, session_id: String) -> Result<(), String> {
async fn run_active_session(connection_result: ConnectionResult, framed: UpgradedFramed, frame_buffer: Arc<TokioMutex<Vec<u8>>>, frame_dirty: Arc<AtomicBool>, mut input_rx: mpsc::UnboundedReceiver<InputEvent>, width: u16, height: u16) -> Result<(), String> {
let (mut reader, mut writer) = split_tokio_framed(framed);
let mut image = DecodedImage::new(PixelFormat::RgbA32, width, height);
let mut active_stage = ActiveStage::new(connection_result);
@ -452,68 +385,17 @@ async fn run_active_session(connection_result: ConnectionResult, framed: Upgrade
}
all_outputs
}
Some(InputEvent::Resize { width: new_w, height: new_h }) => {
// Ensure dimensions are within RDP spec (200-8192, even width)
let w = (new_w.max(200).min(8192) & !1) as u32;
let h = new_h.max(200).min(8192) as u32;
if let Some(Ok(resize_frame)) = active_stage.encode_resize(w, h, None, None) {
writer.write_all(&resize_frame).await.map_err(|e| format!("Failed to send resize: {}", e))?;
// Reallocate image and front buffer for new dimensions
image = DecodedImage::new(PixelFormat::RgbA32, w as u16, h as u16);
let buf_size = w as usize * h as usize * 4;
let mut new_buf = vec![0u8; buf_size];
for pixel in new_buf.chunks_exact_mut(4) { pixel[3] = 255; }
*front_buffer.write().unwrap_or_else(|e| e.into_inner()) = new_buf;
width = w as u16;
height = h as u16;
info!("RDP session {} resized to {}x{}", session_id, width, height);
}
Vec::new()
}
}
}
};
for out in outputs {
match out {
ActiveStageOutput::ResponseFrame(frame) => { writer.write_all(&frame).await.map_err(|e| format!("Failed to write RDP response frame: {}", e))?; }
ActiveStageOutput::GraphicsUpdate(region) => {
let rx = region.left as usize;
let ry = region.top as usize;
let rr = (region.right as usize).saturating_add(1).min(width as usize);
let rb = (region.bottom as usize).saturating_add(1).min(height as usize);
let stride = width as usize * 4;
// Copy only the dirty rectangle rows from decoded image → front buffer
{
ActiveStageOutput::GraphicsUpdate(_region) => {
let mut buf = frame_buffer.lock().await;
let src = image.data();
let mut front = front_buffer.write().unwrap_or_else(|e| e.into_inner());
for row in ry..rb {
let src_start = row * stride + rx * 4;
let src_end = row * stride + rr * 4;
if src_end <= src.len() && src_end <= front.len() {
front[src_start..src_end].copy_from_slice(&src[src_start..src_end]);
}
}
}
// Accumulate dirty region (union of all rects since last get_frame)
{
let new_rect = DirtyRect { x: rx as u16, y: ry as u16, width: (rr - rx) as u16, height: (rb - ry) as u16 };
let mut dr = dirty_region.lock().unwrap_or_else(|e| e.into_inner());
*dr = Some(match dr.take() {
None => new_rect,
Some(prev) => {
let x = prev.x.min(new_rect.x);
let y = prev.y.min(new_rect.y);
let r = (prev.x + prev.width).max(new_rect.x + new_rect.width);
let b = (prev.y + prev.height).max(new_rect.y + new_rect.height);
DirtyRect { x, y, width: r - x, height: b - y }
}
});
}
frame_dirty.store(true, Ordering::Release);
let _ = app_handle.emit(&format!("rdp:frame:{}", session_id), ());
if src.len() == buf.len() { buf.copy_from_slice(src); } else { *buf = src.to_vec(); }
frame_dirty.store(true, Ordering::Relaxed);
}
ActiveStageOutput::Terminate(reason) => { info!("RDP session terminated: {:?}", reason); return Ok(()); }
ActiveStageOutput::DeactivateAll(_) => { warn!("RDP server sent DeactivateAll — reconnection not yet implemented"); return Ok(()); }

35
src-tauri/src/scanner/mod.rs
View File

@ -12,7 +12,6 @@ use serde::Serialize;
use tokio::sync::Mutex as TokioMutex;
use crate::ssh::session::SshClient;
use crate::utils::shell_escape;
#[derive(Debug, Serialize, Clone)]
#[serde(rename_all = "camelCase")]
@ -64,44 +63,18 @@ fn service_name(port: u16) -> &'static str {
}
}
/// Validate that `subnet` contains exactly three dot-separated octet groups,
/// each consisting only of 13 ASCII digits (e.g. "192.168.1").
/// Returns an error string if the format is invalid.
fn validate_subnet(subnet: &str) -> Result<(), String> {
let parts: Vec<&str> = subnet.split('.').collect();
if parts.len() != 3 {
return Err(format!(
"Invalid subnet '{}': expected three octets (e.g. 192.168.1)",
subnet
));
}
for part in &parts {
if part.is_empty() || part.len() > 3 || !part.chars().all(|c| c.is_ascii_digit()) {
return Err(format!(
"Invalid subnet '{}': each octet must be 13 decimal digits",
subnet
));
}
}
Ok(())
}
/// Discover hosts on the remote network using ARP table and ping sweep.
pub async fn scan_network(
handle: &Arc<TokioMutex<Handle<SshClient>>>,
subnet: &str,
) -> Result<Vec<DiscoveredHost>, String> {
// Validate subnet format before using it in remote shell commands.
validate_subnet(subnet)?;
// Script that works on Linux and macOS:
// 1. Ping sweep the subnet to populate ARP cache
// 2. Read ARP table for IP/MAC pairs
// 3. Try reverse DNS for hostnames
let escaped_subnet = shell_escape(subnet);
let script = format!(r#"
OS=$(uname -s 2>/dev/null)
SUBNET={escaped_subnet}
SUBNET="{subnet}"
# Ping sweep (background, fast)
if [ "$OS" = "Linux" ]; then
@ -178,12 +151,6 @@ pub async fn scan_ports(
target: &str,
ports: &[u16],
) -> Result<Vec<PortResult>, String> {
// Validate target — /dev/tcp requires a bare hostname/IP, not a shell-quoted value.
// Only allow alphanumeric, dots, hyphens, and colons (for IPv6).
if !target.chars().all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == ':') {
return Err(format!("Invalid target for port scan: {}", target));
}
// Use bash /dev/tcp for port scanning — no nmap required
let port_checks: Vec<String> = ports.iter()
.map(|p| format!(

1
src-tauri/src/settings/mod.rs
View File

@ -8,7 +8,6 @@ use crate::db::Database;
///
/// All operations acquire the shared DB mutex for their duration and
/// return immediately — no async needed for a local SQLite store.
#[derive(Clone)]
pub struct SettingsService {
db: Database,
}

15
src-tauri/src/sftp/mod.rs
View File

@ -5,6 +5,7 @@
//! provides all file operations needed by the frontend.
use std::sync::Arc;
use std::time::{Duration, UNIX_EPOCH};
use dashmap::DashMap;
use log::{debug, info};
@ -34,6 +35,9 @@ pub struct FileEntry {
/// Format a Unix timestamp (seconds since epoch) as "Mon DD HH:MM".
fn format_mtime(unix_secs: u32) -> String {
// Build a SystemTime from the raw epoch value.
let st = UNIX_EPOCH + Duration::from_secs(unix_secs as u64);
// Convert to seconds-since-epoch for manual formatting. We avoid pulling
// in chrono just for this; a simple manual decomposition is sufficient for
// the "Mar 17 14:30" display format expected by the frontend.
@ -50,10 +54,12 @@ fn format_mtime(unix_secs: u32) -> String {
let era = if z >= 0 { z } else { z - 146_096 } / 146_097;
let doe = z - era * 146_097;
let yoe = (doe - doe / 1_460 + doe / 36_524 - doe / 146_096) / 365;
let y = yoe + era * 400;
let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
let mp = (5 * doy + 2) / 153;
let d = doy - (153 * mp + 2) / 5 + 1;
let m = if mp < 10 { mp + 3 } else { mp - 9 };
let _y = if m <= 2 { y + 1 } else { y };
let month = match m {
1 => "Jan",
@ -71,6 +77,9 @@ fn format_mtime(unix_secs: u32) -> String {
_ => "???",
};
// Suppress unused variable warning — st is only used as a sanity anchor.
let _ = st;
format!("{} {:2} {:02}:{:02}", month, d, hours, minutes)
}
@ -90,13 +99,13 @@ pub struct SftpService {
/// One `SftpSession` per SSH session, behind a mutex so async commands can
/// take a shared reference to the `SftpService` and still mutably borrow
/// individual sessions.
clients: Arc<DashMap<String, Arc<TokioMutex<SftpSession>>>>,
clients: DashMap<String, Arc<TokioMutex<SftpSession>>>,
}
impl SftpService {
pub fn new() -> Self {
Self {
clients: Arc::new(DashMap::new()),
clients: DashMap::new(),
}
}
@ -310,7 +319,7 @@ impl SftpService {
) -> Result<Arc<TokioMutex<SftpSession>>, String> {
self.clients
.get(session_id)
.map(|r| r.value().clone())
.map(|r| r.clone())
.ok_or_else(|| format!("No SFTP client for session {}", session_id))
}
}

18
src-tauri/src/ssh/cwd.rs
View File

@ -16,7 +16,6 @@ use russh::ChannelMsg;
use tauri::{AppHandle, Emitter};
use tokio::sync::watch;
use tokio::sync::Mutex as TokioMutex;
use tokio_util::sync::CancellationToken;
use crate::ssh::session::SshClient;
@ -40,15 +39,13 @@ impl CwdTracker {
/// Spawn a background tokio task that polls `pwd` every 2 seconds on a
/// separate exec channel.
///
/// The task runs until cancelled via the `CancellationToken`, or until the
/// SSH connection is closed or the channel cannot be opened.
/// CWD changes are emitted as `ssh:cwd:{session_id}` events.
/// The task runs until the SSH connection is closed or the channel cannot
/// be opened. CWD changes are emitted as `ssh:cwd:{session_id}` events.
pub fn start(
&self,
handle: Arc<TokioMutex<Handle<SshClient>>>,
app_handle: AppHandle,
session_id: String,
cancel: CancellationToken,
) {
let sender = self._sender.clone();
@ -59,10 +56,6 @@ impl CwdTracker {
let mut previous_cwd = String::new();
loop {
if cancel.is_cancelled() {
break;
}
// Open a fresh exec channel for each `pwd` invocation.
// Some SSH servers do not allow multiple exec requests on a
// single channel, so we open a new one each time.
@ -126,11 +119,8 @@ impl CwdTracker {
}
}
// Wait 2 seconds before the next poll, or cancel.
tokio::select! {
_ = tokio::time::sleep(tokio::time::Duration::from_secs(2)) => {}
_ = cancel.cancelled() => { break; }
}
// Wait 2 seconds before the next poll.
tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
}
debug!("CWD tracker for session {} stopped", session_id);

51
src-tauri/src/ssh/exec.rs
View File

@ -1,51 +0,0 @@
//! Shared SSH exec-channel helper used by commands, MCP handlers, and tools.
//!
//! Opens a one-shot exec channel on an existing SSH handle, runs `cmd`, collects
//! all stdout/stderr, and returns it as a `String`. The caller is responsible
//! for ensuring the session is still alive.
use std::sync::Arc;
use tokio::sync::Mutex as TokioMutex;
use crate::ssh::session::SshClient;
/// Execute `cmd` on a separate exec channel and return all output as a `String`.
///
/// Locks the handle for only as long as it takes to open the channel, then
/// releases it before reading — this avoids holding the lock while waiting on
/// remote I/O.
pub async fn exec_on_session(
handle: &Arc<TokioMutex<russh::client::Handle<SshClient>>>,
cmd: &str,
) -> Result<String, String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session()
.await
.map_err(|e| format!("Exec channel failed: {}", e))?
};
channel
.exec(true, cmd)
.await
.map_err(|e| format!("Exec failed: {}", e))?;
let mut output = String::new();
loop {
match channel.wait().await {
Some(russh::ChannelMsg::Data { ref data }) => {
if let Ok(text) = std::str::from_utf8(data.as_ref()) {
output.push_str(text);
}
}
Some(russh::ChannelMsg::Eof)
| Some(russh::ChannelMsg::Close)
| None => break,
Some(russh::ChannelMsg::ExitStatus { .. }) => {}
_ => {}
}
}
Ok(output)
}

1
src-tauri/src/ssh/mod.rs
View File

@ -2,4 +2,3 @@ pub mod session;
pub mod host_key;
pub mod cwd;
pub mod monitor;
pub mod exec;

50
src-tauri/src/ssh/monitor.rs
View File

@ -6,13 +6,11 @@
use std::sync::Arc;
use log::warn;
use russh::client::Handle;
use russh::ChannelMsg;
use serde::Serialize;
use tauri::{AppHandle, Emitter};
use tokio::sync::Mutex as TokioMutex;
use tokio_util::sync::CancellationToken;
use crate::ssh::session::SshClient;
@ -32,53 +30,26 @@ pub struct SystemStats {
}
/// Spawn a background task that polls system stats every 5 seconds.
///
/// The task runs until cancelled via the `CancellationToken`, or until the
/// SSH connection is closed.
pub fn start_monitor(
handle: Arc<TokioMutex<Handle<SshClient>>>,
app_handle: AppHandle,
session_id: String,
cancel: CancellationToken,
) {
tokio::spawn(async move {
// Brief delay to let the shell start up
tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
let mut consecutive_timeouts: u32 = 0;
loop {
if cancel.is_cancelled() {
break;
}
let stats = collect_stats(&handle).await;
match stats {
Some(stats) => {
consecutive_timeouts = 0;
if let Some(stats) = stats {
let _ = app_handle.emit(
&format!("ssh:monitor:{}", session_id),
&stats,
);
}
None => {
consecutive_timeouts += 1;
if consecutive_timeouts >= 3 {
warn!(
"SSH monitor for session {}: 3 consecutive failures, stopping",
session_id
);
break;
}
}
}
// Wait 5 seconds before the next poll, or cancel.
tokio::select! {
_ = tokio::time::sleep(tokio::time::Duration::from_secs(5)) => {}
_ = cancel.cancelled() => { break; }
}
tokio::time::sleep(tokio::time::Duration::from_secs(5)).await;
}
});
}
@ -154,24 +125,7 @@ fn parse_stats(raw: &str) -> Option<SystemStats> {
})
}
/// Execute a command on a separate exec channel with a 10-second timeout.
async fn exec_command(handle: &Arc<TokioMutex<Handle<SshClient>>>, cmd: &str) -> Option<String> {
let result = tokio::time::timeout(
std::time::Duration::from_secs(10),
exec_command_inner(handle, cmd),
)
.await;
match result {
Ok(output) => output,
Err(_) => {
warn!("SSH monitor exec_command timed out after 10s");
None
}
}
}
async fn exec_command_inner(handle: &Arc<TokioMutex<Handle<SshClient>>>, cmd: &str) -> Option<String> {
let mut channel = {
let h = handle.lock().await;
h.channel_open_session().await.ok()?

30
src-tauri/src/ssh/session.rs
View File

@ -17,7 +17,6 @@ use crate::mcp::error_watcher::ErrorWatcher;
use crate::sftp::SftpService;
use crate::ssh::cwd::CwdTracker;
use crate::ssh::host_key::{HostKeyResult, HostKeyStore};
use tokio_util::sync::CancellationToken;
pub enum AuthMethod {
Password(String),
@ -48,7 +47,6 @@ pub struct SshSession {
pub handle: Arc<TokioMutex<Handle<SshClient>>>,
pub command_tx: mpsc::UnboundedSender<ChannelCommand>,
pub cwd_tracker: Option<CwdTracker>,
pub cancel_token: CancellationToken,
}
pub struct SshClient {
@ -78,13 +76,13 @@ impl client::Handler for SshClient {
#[derive(Clone)]
pub struct SshService {
sessions: Arc<DashMap<String, Arc<SshSession>>>,
sessions: DashMap<String, Arc<SshSession>>,
db: Database,
}
impl SshService {
pub fn new(db: Database) -> Self {
Self { sessions: Arc::new(DashMap::new()), db }
Self { sessions: DashMap::new(), db }
}
pub async fn connect(&self, app_handle: AppHandle, hostname: &str, port: u16, username: &str, auth: AuthMethod, cols: u32, rows: u32, sftp_service: &SftpService, scrollback: &ScrollbackRegistry, error_watcher: &ErrorWatcher) -> Result<String, String> {
@ -137,11 +135,10 @@ impl SshService {
let channel_id = channel.id();
let handle = Arc::new(TokioMutex::new(handle));
let (command_tx, mut command_rx) = mpsc::unbounded_channel::<ChannelCommand>();
let cancel_token = CancellationToken::new();
let cwd_tracker = CwdTracker::new();
cwd_tracker.start(handle.clone(), app_handle.clone(), session_id.clone(), cancel_token.clone());
cwd_tracker.start(handle.clone(), app_handle.clone(), session_id.clone());
let session = Arc::new(SshSession { id: session_id.clone(), hostname: hostname.to_string(), port, username: username.to_string(), channel_id, handle: handle.clone(), command_tx: command_tx.clone(), cwd_tracker: Some(cwd_tracker), cancel_token: cancel_token.clone() });
let session = Arc::new(SshSession { id: session_id.clone(), hostname: hostname.to_string(), port, username: username.to_string(), channel_id, handle: handle.clone(), command_tx: command_tx.clone(), cwd_tracker: Some(cwd_tracker) });
self.sessions.insert(session_id.clone(), session);
{ let h = handle.lock().await;
@ -161,7 +158,7 @@ impl SshService {
error_watcher.watch(&session_id);
// Start remote monitoring if enabled (runs on a separate exec channel)
crate::ssh::monitor::start_monitor(handle.clone(), app_handle.clone(), session_id.clone(), cancel_token.clone());
crate::ssh::monitor::start_monitor(handle.clone(), app_handle.clone(), session_id.clone());
// Inject OSC 7 CWD reporting hook into the user's shell.
// This enables SFTP CWD following on all platforms (Linux, macOS, FreeBSD).
@ -249,8 +246,6 @@ impl SshService {
pub async fn disconnect(&self, session_id: &str, sftp_service: &SftpService) -> Result<(), String> {
let (_, session) = self.sessions.remove(session_id).ok_or_else(|| format!("Session {} not found", session_id))?;
// Cancel background tasks (CWD tracker, monitor) before tearing down the connection.
session.cancel_token.cancel();
let _ = session.command_tx.send(ChannelCommand::Shutdown);
{ let handle = session.handle.lock().await; let _ = handle.disconnect(Disconnect::ByApplication, "", "en").await; }
sftp_service.remove_client(session_id);
@ -258,7 +253,7 @@ impl SshService {
}
pub fn get_session(&self, session_id: &str) -> Option<Arc<SshSession>> {
self.sessions.get(session_id).map(|r| r.value().clone())
self.sessions.get(session_id).map(|entry| entry.clone())
}
pub fn list_sessions(&self) -> Vec<SessionInfo> {
@ -405,23 +400,22 @@ fn extract_osc7_cwd(data: &[u8]) -> Option<String> {
}
fn percent_decode(input: &str) -> String {
let mut bytes: Vec<u8> = Vec::with_capacity(input.len());
let mut output = String::with_capacity(input.len());
let mut chars = input.chars();
while let Some(ch) = chars.next() {
if ch == '%' {
let hex: String = chars.by_ref().take(2).collect();
if let Ok(byte) = u8::from_str_radix(&hex, 16) {
bytes.push(byte);
output.push(byte as char);
} else {
bytes.extend_from_slice(b"%");
bytes.extend_from_slice(hex.as_bytes());
output.push('%');
output.push_str(&hex);
}
} else {
let mut buf = [0u8; 4];
bytes.extend_from_slice(ch.encode_utf8(&mut buf).as_bytes());
output.push(ch);
}
}
String::from_utf8_lossy(&bytes).into_owned()
output
}
/// Resolve a private key string — if it looks like PEM content, return as-is.

9
src-tauri/src/theme/mod.rs
View File

@ -59,7 +59,6 @@ struct BuiltinTheme {
// ── service ───────────────────────────────────────────────────────────────────
#[derive(Clone)]
pub struct ThemeService {
db: Database,
}
@ -254,7 +253,7 @@ impl ThemeService {
t.bright_blue, t.bright_magenta, t.bright_cyan, t.bright_white,
],
) {
wraith_log!("theme::seed_builtins: failed to seed '{}': {}", t.name, e);
eprintln!("theme::seed_builtins: failed to seed '{}': {}", t.name, e);
}
}
}
@ -273,7 +272,7 @@ impl ThemeService {
) {
Ok(s) => s,
Err(e) => {
wraith_log!("theme::list: failed to prepare query: {}", e);
eprintln!("theme::list: failed to prepare query: {}", e);
return vec![];
}
};
@ -281,12 +280,12 @@ impl ThemeService {
match stmt.query_map([], map_theme_row) {
Ok(rows) => rows
.filter_map(|r| {
r.map_err(|e| wraith_log!("theme::list: row error: {}", e))
r.map_err(|e| eprintln!("theme::list: row error: {}", e))
.ok()
})
.collect(),
Err(e) => {
wraith_log!("theme::list: query failed: {}", e);
eprintln!("theme::list: query failed: {}", e);
vec![]
}
}

19
src-tauri/src/utils.rs
View File

@ -1,19 +0,0 @@
//! Shared utility functions.
/// Escape a string for safe interpolation into a POSIX shell command.
///
/// Wraps the input in single quotes and escapes any embedded single quotes
/// using the `'\''` technique. This prevents command injection when building
/// shell commands from user-supplied values.
///
/// # Examples
///
/// ```
/// # use wraith_lib::utils::shell_escape;
/// assert_eq!(shell_escape("hello"), "'hello'");
/// assert_eq!(shell_escape("it's"), "'it'\\''s'");
/// assert_eq!(shell_escape(";rm -rf /"), "';rm -rf /'");
/// ```
pub fn shell_escape(input: &str) -> String {
format!("'{}'", input.replace('\'', "'\\''"))
}

15
src-tauri/src/vault/mod.rs
View File

@ -4,7 +4,6 @@ use aes_gcm::{
Aes256Gcm, Key, Nonce,
};
use argon2::{Algorithm, Argon2, Params, Version};
use zeroize::Zeroizing;
// ---------------------------------------------------------------------------
// VaultService
@ -22,18 +21,18 @@ use zeroize::Zeroizing;
/// The version prefix allows a future migration to a different algorithm
/// without breaking existing stored blobs.
pub struct VaultService {
key: Zeroizing<[u8; 32]>,
key: [u8; 32],
}
impl VaultService {
pub fn new(key: Zeroizing<[u8; 32]>) -> Self {
pub fn new(key: [u8; 32]) -> Self {
Self { key }
}
/// Encrypt `plaintext` and return a `v1:{iv_hex}:{sealed_hex}` blob.
pub fn encrypt(&self, plaintext: &str) -> Result<String, String> {
// Build the AES-256-GCM cipher from our key.
let key = Key::<Aes256Gcm>::from_slice(&*self.key);
let key = Key::<Aes256Gcm>::from_slice(&self.key);
let cipher = Aes256Gcm::new(key);
// Generate a random 12-byte nonce (96-bit is the GCM standard).
@ -72,7 +71,7 @@ impl VaultService {
));
}
let key = Key::<Aes256Gcm>::from_slice(&*self.key);
let key = Key::<Aes256Gcm>::from_slice(&self.key);
let cipher = Aes256Gcm::new(key);
let nonce = Nonce::from_slice(&iv_bytes);
@ -96,7 +95,7 @@ impl VaultService {
/// t = 3 iterations
/// m = 65536 KiB (64 MiB) memory
/// p = 4 parallelism lanes
pub fn derive_key(password: &str, salt: &[u8]) -> Zeroizing<[u8; 32]> {
pub fn derive_key(password: &str, salt: &[u8]) -> [u8; 32] {
let params = Params::new(
65536, // m_cost: 64 MiB
3, // t_cost: iterations
@ -107,9 +106,9 @@ pub fn derive_key(password: &str, salt: &[u8]) -> Zeroizing<[u8; 32]> {
let argon2 = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
let mut output_key = Zeroizing::new([0u8; 32]);
let mut output_key = [0u8; 32];
argon2
.hash_password_into(password.as_bytes(), salt, &mut *output_key)
.hash_password_into(password.as_bytes(), salt, &mut output_key)
.expect("Argon2id key derivation failed");
output_key

3
src-tauri/src/workspace/mod.rs
View File

@ -24,7 +24,6 @@ pub struct WorkspaceSnapshot {
const SNAPSHOT_KEY: &str = "workspace_snapshot";
const CLEAN_SHUTDOWN_KEY: &str = "clean_shutdown";
#[derive(Clone)]
pub struct WorkspaceService {
settings: SettingsService,
}
@ -48,7 +47,7 @@ impl WorkspaceService {
pub fn load(&self) -> Option<WorkspaceSnapshot> {
let json = self.settings.get(SNAPSHOT_KEY)?;
serde_json::from_str(&json)
.map_err(|e| wraith_log!("workspace::load: failed to deserialize snapshot: {e}"))
.map_err(|e| eprintln!("workspace::load: failed to deserialize snapshot: {e}"))
.ok()
}

7
src-tauri/tauri.conf.json
View File

@ -18,14 +18,13 @@
"minHeight": 600,
"decorations": true,
"resizable": true,
"dragDropEnabled": false,
"additionalBrowserArgs": "--enable-gpu-rasterization --enable-zero-copy --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection"
"dragDropEnabled": false
}
],
"security": {
"csp": null
},
"withGlobalTauri": false
"withGlobalTauri": true
},
"bundle": {
"active": true,
@ -53,7 +52,7 @@
"updater": {
"pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDNCRkQ2OUY2OEY0Q0ZFQkYKUldTLy9reVA5bW45T3dUQ1R5OFNCenVhL2srTXlLcHR4cFNaeCtJSmJUSTZKSUNHVTRIbWZwanEK",
"endpoints": [
"https://files.command.vigilcyber.com/wraith/update.json"
"https://git.command.vigilcyber.com/api/packages/vstockwell/generic/wraith/latest/update.json"
]
}
}

55
src/App.vue
View File

@ -1,65 +1,48 @@
<script setup lang="ts">
import { ref, onMounted, onErrorCaptured, defineAsyncComponent } from "vue";
import { ref, onMounted, defineAsyncComponent } from "vue";
import { useAppStore } from "@/stores/app.store";
import UnlockLayout from "@/layouts/UnlockLayout.vue";
import ToolWindow from "@/components/tools/ToolWindow.vue";
const MainLayout = defineAsyncComponent({
loader: () => import("@/layouts/MainLayout.vue"),
onError(error) { console.error("[App] MainLayout load failed:", error); },
});
const DetachedSession = defineAsyncComponent({
loader: () => import("@/components/session/DetachedSession.vue"),
onError(error) { console.error("[App] DetachedSession load failed:", error); },
});
const MainLayout = defineAsyncComponent(
() => import("@/layouts/MainLayout.vue")
);
const ToolWindow = defineAsyncComponent(
() => import("@/components/tools/ToolWindow.vue")
);
const DetachedSession = defineAsyncComponent(
() => import("@/components/session/DetachedSession.vue")
);
const app = useAppStore();
const appError = ref<string | null>(null);
// Tool window mode detected from URL hash: #/tool/network-scanner?sessionId=abc
const isToolMode = ref(false);
const isDetachedMode = ref(false);
const toolName = ref("");
const toolSessionId = ref("");
onErrorCaptured((err) => {
appError.value = err instanceof Error ? err.message : String(err);
console.error("[App] Uncaught error:", err);
return false;
});
/** Parse hash and set mode flags. Called on mount and on hashchange. */
function applyHash(hash: string): void {
onMounted(async () => {
const hash = window.location.hash;
if (hash.startsWith("#/tool/")) {
isToolMode.value = true;
const rest = hash.substring(7);
const rest = hash.substring(7); // after "#/tool/"
const [name, query] = rest.split("?");
toolName.value = name;
toolSessionId.value = new URLSearchParams(query || "").get("sessionId") || "";
} else if (hash.startsWith("#/detached-session")) {
isDetachedMode.value = true;
}
}
onMounted(async () => {
// Check hash at load time (present if JS-side WebviewWindow set it in the URL)
applyHash(window.location.hash);
// Also listen for hash changes (Rust-side window sets hash via eval after load)
window.addEventListener("hashchange", () => applyHash(window.location.hash));
// Only init vault for the main app window (no hash)
if (!isToolMode.value && !isDetachedMode.value) {
} else {
await app.checkVaultState();
}
});
</script>
<template>
<div v-if="appError" class="fixed inset-0 z-50 flex items-center justify-center bg-[#0d1117] text-red-400 p-8 text-sm font-mono whitespace-pre-wrap">
{{ appError }}
</div>
<DetachedSession v-else-if="isDetachedMode" />
<!-- Detached session window mode -->
<DetachedSession v-if="isDetachedMode" />
<!-- Tool popup window mode -->
<ToolWindow v-else-if="isToolMode" :tool="toolName" :session-id="toolSessionId" />
<!-- Normal app mode -->
<div v-else class="app-root">
<UnlockLayout v-if="!app.isUnlocked" />
<MainLayout v-else />

20
src/assets/css/terminal.css
View File

@ -2,7 +2,7 @@
.terminal-container {
width: 100%;
min-height: 0;
height: 100%;
position: relative;
overflow: hidden;
background: var(--wraith-bg-primary);
@ -20,16 +20,14 @@
height: 100%;
}
/* WKWebView focus fix: xterm.js hides its helper textarea with opacity: 0,
width/height: 0, left: -9999em. macOS WKWebView doesn't reliably focus
elements with zero dimensions positioned off-screen. Override to keep it
within the viewport with non-zero dimensions so focus events fire. */
.terminal-container .xterm .xterm-helper-textarea {
left: 0 !important;
top: 0 !important;
width: 1px !important;
height: 1px !important;
opacity: 0.01 !important;
/* Selection styling */
.terminal-container .xterm-selection div {
background-color: rgba(88, 166, 255, 0.3) !important;
}
/* Cursor styling */
.terminal-container .xterm-cursor-layer {
z-index: 4;
}
/* Scrollbar inside terminal */

9
src/components/ai/CopilotPanel.vue
View File

@ -203,12 +203,10 @@ async function launch(): Promise<void> {
});
connected.value = true;
// Instantiate terminal synchronously (before any further awaits) now that
// sessionId is known. Cleanup is owned by this component's onBeforeUnmount.
terminalInstance = useTerminal(sessionId, "pty");
await nextTick();
nextTick(() => {
if (containerRef.value && terminalInstance) {
if (containerRef.value) {
terminalInstance = useTerminal(sessionId, "pty");
terminalInstance.mount(containerRef.value);
// Fit after mount to get real dimensions, then resize the PTY
@ -224,7 +222,6 @@ async function launch(): Promise<void> {
}
}, 50);
}
});
// Listen for shell exit
closeUnlisten = await listen(`pty:close:${sessionId}`, () => {

6
src/components/common/CommandPalette.vue
View File

@ -116,9 +116,9 @@ const connectionStore = useConnectionStore();
const sessionStore = useSessionStore();
const emit = defineEmits<{
"open-import": [];
"open-settings": [];
"open-new-connection": [protocol?: "ssh" | "rdp"];
(e: "open-import"): void;
(e: "open-settings"): void;
(e: "open-new-connection", protocol?: "ssh" | "rdp"): void;
}>();
const actions: PaletteAction[] = [

42
src/components/common/SettingsModal.vue
View File

@ -320,7 +320,25 @@ async function checkUpdates(): Promise<void> {
updateChecking.value = true;
updateInfo.value = null;
try {
updateInfo.value = await invoke<UpdateCheckInfo>("check_for_updates");
const { check } = await import("@tauri-apps/plugin-updater");
const update = await check();
if (update?.available) {
updateInfo.value = {
currentVersion: await getVersion(),
latestVersion: update.version || "unknown",
updateAvailable: true,
downloadUrl: "",
releaseNotes: update.body || "",
};
} else {
updateInfo.value = {
currentVersion: await getVersion(),
latestVersion: await getVersion(),
updateAvailable: false,
downloadUrl: "",
releaseNotes: "",
};
}
} catch (err) {
alert(`Update check failed: ${err}`);
}
@ -328,11 +346,16 @@ async function checkUpdates(): Promise<void> {
}
async function downloadUpdate(): Promise<void> {
if (!updateInfo.value?.downloadUrl) return;
try {
await shellOpen(updateInfo.value.downloadUrl);
} catch {
window.open(updateInfo.value.downloadUrl, "_blank");
const { check } = await import("@tauri-apps/plugin-updater");
const update = await check();
if (update?.available) {
await update.downloadAndInstall();
const { relaunch } = await import("@tauri-apps/plugin-process");
await relaunch();
}
} catch (err) {
alert(`Update failed: ${err}`);
}
}
const currentVersion = ref("loading...");
@ -422,16 +445,9 @@ watch(
() => settings.value.defaultProtocol,
(val) => invoke("set_setting", { key: "default_protocol", value: val }).catch(console.error),
);
let sidebarWidthDebounce: ReturnType<typeof setTimeout>;
watch(
() => settings.value.sidebarWidth,
(val) => {
clearTimeout(sidebarWidthDebounce);
sidebarWidthDebounce = setTimeout(
() => invoke("set_setting", { key: "sidebar_width", value: String(val) }).catch(console.error),
300,
);
},
(val) => invoke("set_setting", { key: "sidebar_width", value: String(val) }).catch(console.error),
);
watch(
() => settings.value.terminalTheme,

4
src/components/common/StatusBar.vue
View File

@ -1,5 +1,5 @@
<template>
<div class="h-[48px] flex items-center justify-between px-6 bg-[var(--wraith-bg-secondary)] border-t border-[var(--wraith-border)] text-base text-[var(--wraith-text-muted)] shrink-0">
<div class="h-6 flex items-center justify-between px-4 bg-[var(--wraith-bg-secondary)] border-t border-[var(--wraith-border)] text-[10px] text-[var(--wraith-text-muted)] shrink-0">
<!-- Left: connection info -->
<div class="flex items-center gap-3">
<template v-if="sessionStore.activeSession">
@ -47,7 +47,7 @@ const connectionStore = useConnectionStore();
const activeThemeName = ref("Default");
const emit = defineEmits<{
"open-theme-picker": [];
(e: "open-theme-picker"): void;
}>();
const connectionInfo = computed(() => {

2
src/components/common/ThemePicker.vue
View File

@ -112,8 +112,6 @@ export interface ThemeDefinition {
brightMagenta: string;
brightCyan: string;
brightWhite: string;
selectionBackground?: string;
selectionForeground?: string;
isBuiltin?: boolean;
}

96
src/components/rdp/RdpView.vue
View File

@ -28,8 +28,7 @@
</template>
<script setup lang="ts">
import { ref, computed, onMounted, onBeforeUnmount, watch } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { ref, onMounted, onBeforeUnmount, watch } from "vue";
import { useRdp, MouseFlag } from "@/composables/useRdp";
const props = defineProps<{
@ -43,8 +42,8 @@ const containerRef = ref<HTMLElement | null>(null);
const canvasWrapper = ref<HTMLElement | null>(null);
const canvasRef = ref<HTMLCanvasElement | null>(null);
const rdpWidth = computed(() => props.width ?? 1920);
const rdpHeight = computed(() => props.height ?? 1080);
const rdpWidth = props.width ?? 1920;
const rdpHeight = props.height ?? 1080;
const {
connected,
@ -77,8 +76,8 @@ function toRdpCoords(e: MouseEvent): { x: number; y: number } | null {
if (!canvas) return null;
const rect = canvas.getBoundingClientRect();
const scaleX = canvas.width / rect.width;
const scaleY = canvas.height / rect.height;
const scaleX = rdpWidth / rect.width;
const scaleY = rdpHeight / rect.height;
return {
x: Math.floor((e.clientX - rect.left) * scaleX),
@ -154,95 +153,25 @@ function handleKeyUp(e: KeyboardEvent): void {
sendKey(props.sessionId, e.code, false);
}
let resizeObserver: ResizeObserver | null = null;
let resizeTimeout: ReturnType<typeof setTimeout> | null = null;
onMounted(() => {
if (canvasRef.value) {
startFrameLoop(props.sessionId, canvasRef.value, rdpWidth.value, rdpHeight.value);
}
// Watch container size and request server-side RDP resize (debounced 500ms)
if (canvasWrapper.value) {
resizeObserver = new ResizeObserver((entries) => {
const entry = entries[0];
if (!entry || !connected.value) return;
const { width: cw, height: ch } = entry.contentRect;
if (cw < 200 || ch < 200) return;
// Round to even width (RDP spec requirement)
const newW = Math.round(cw) & ~1;
const newH = Math.round(ch);
if (resizeTimeout) clearTimeout(resizeTimeout);
resizeTimeout = setTimeout(() => {
invoke("rdp_resize", {
sessionId: props.sessionId,
width: newW,
height: newH,
}).then(() => {
if (canvasRef.value) {
canvasRef.value.width = newW;
canvasRef.value.height = newH;
}
// Force full frame after resize so canvas gets a clean repaint
setTimeout(() => {
invoke("rdp_force_refresh", { sessionId: props.sessionId }).catch(() => {});
}, 200);
}).catch((err: unknown) => {
console.warn("[RdpView] resize failed:", err);
});
}, 500);
});
resizeObserver.observe(canvasWrapper.value);
startFrameLoop(props.sessionId, canvasRef.value, rdpWidth, rdpHeight);
}
});
onBeforeUnmount(() => {
stopFrameLoop();
if (resizeObserver) { resizeObserver.disconnect(); resizeObserver = null; }
if (resizeTimeout) { clearTimeout(resizeTimeout); resizeTimeout = null; }
});
// Focus canvas, re-check dimensions, and force full frame on tab switch.
// Uses 300ms delay to let the flex layout fully settle (copilot panel toggle, etc.)
// Focus canvas when this tab becomes active and keyboard is grabbed
watch(
() => props.isActive,
(active) => {
if (!active || !canvasRef.value) return;
// Immediate focus so keyboard works right away
if (keyboardGrabbed.value) canvasRef.value.focus();
// Immediate force refresh to show SOMETHING while we check dimensions
invoke("rdp_force_refresh", { sessionId: props.sessionId }).catch(() => {});
// Delayed dimension check layout needs time to settle
if (active && keyboardGrabbed.value && canvasRef.value) {
setTimeout(() => {
const wrapper = canvasWrapper.value;
const canvas = canvasRef.value;
if (!wrapper || !canvas) return;
const { width: cw, height: ch } = wrapper.getBoundingClientRect();
const newW = Math.round(cw) & ~1;
const newH = Math.round(ch);
if (newW >= 200 && newH >= 200 && (newW !== canvas.width || newH !== canvas.height)) {
invoke("rdp_resize", {
sessionId: props.sessionId,
width: newW,
height: newH,
}).then(() => {
if (canvas) {
canvas.width = newW;
canvas.height = newH;
canvasRef.value?.focus();
}, 0);
}
setTimeout(() => {
invoke("rdp_force_refresh", { sessionId: props.sessionId }).catch(() => {});
}, 500);
}).catch(() => {});
}
}, 300);
},
);
</script>
@ -267,8 +196,9 @@ watch(
}
.rdp-canvas {
width: 100%;
height: 100%;
max-width: 100%;
max-height: 100%;
object-fit: contain;
cursor: default;
outline: none;
image-rendering: auto;

27
src/components/session/DetachedSession.vue
View File

@ -26,34 +26,36 @@ const sessionName = ref("Detached Session");
const protocol = ref("ssh");
const containerRef = ref<HTMLElement | null>(null);
// Parse session info from URL hash synchronously so backend type is known at setup time
const hash = window.location.hash;
const params = new URLSearchParams(hash.split("?")[1] || "");
const _initialSessionId = params.get("sessionId") || "";
const _initialProtocol = params.get("protocol") || "ssh";
const _backend = (_initialProtocol === "local" ? "pty" : "ssh") as 'ssh' | 'pty';
const terminalInstance = useTerminal(_initialSessionId, _backend);
let terminalInstance: ReturnType<typeof useTerminal> | null = null;
onMounted(async () => {
sessionId.value = _initialSessionId;
// Parse session info from URL hash
const hash = window.location.hash;
const params = new URLSearchParams(hash.split("?")[1] || "");
sessionId.value = params.get("sessionId") || "";
sessionName.value = decodeURIComponent(params.get("name") || "Detached Session");
protocol.value = _initialProtocol;
protocol.value = params.get("protocol") || "ssh";
if (!sessionId.value || !containerRef.value) return;
// Determine backend type
const backend = protocol.value === "local" ? "pty" : "ssh";
terminalInstance = useTerminal(sessionId.value, backend as 'ssh' | 'pty');
terminalInstance.mount(containerRef.value);
setTimeout(() => {
if (terminalInstance) {
terminalInstance.fit();
terminalInstance.terminal.focus();
const resizeCmd = _backend === "ssh" ? "ssh_resize" : "pty_resize";
// Resize the backend
const resizeCmd = backend === "ssh" ? "ssh_resize" : "pty_resize";
invoke(resizeCmd, {
sessionId: sessionId.value,
cols: terminalInstance.terminal.cols,
rows: terminalInstance.terminal.rows,
}).catch(() => {});
}
}, 50);
// On window close, emit event so main window reattaches the tab
@ -70,6 +72,9 @@ onMounted(async () => {
});
onBeforeUnmount(() => {
if (terminalInstance) {
terminalInstance.destroy();
terminalInstance = null;
}
});
</script>

7
src/components/session/SessionContainer.vue
View File

@ -91,17 +91,16 @@ function setTerminalRef(sessionId: string, el: unknown): void {
const sessionStore = useSessionStore();
// Only render sessions that are active (not detached to separate windows)
const sshSessions = computed(() =>
sessionStore.sessions.filter((s) => s.protocol === "ssh" && s.active),
sessionStore.sessions.filter((s) => s.protocol === "ssh"),
);
const localSessions = computed(() =>
sessionStore.sessions.filter((s) => s.protocol === "local" && s.active),
sessionStore.sessions.filter((s) => s.protocol === "local"),
);
const rdpSessions = computed(() =>
sessionStore.sessions.filter((s) => s.protocol === "rdp" && s.active),
sessionStore.sessions.filter((s) => s.protocol === "rdp"),
);
/**

37
src/components/session/TabBar.vue
View File

@ -88,7 +88,7 @@
</template>
<script setup lang="ts">
import { ref, onMounted, onBeforeUnmount } from "vue";
import { ref, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useSessionStore, type Session } from "@/stores/session.store";
import { useConnectionStore } from "@/stores/connection.store";
@ -133,14 +133,16 @@ async function detachTab(): Promise<void> {
session.active = false;
// Open a new Tauri window for this session
try {
await invoke("open_child_window", {
label: `detached-${session.id.substring(0, 8)}-${Date.now()}`,
const { WebviewWindow } = await import("@tauri-apps/api/webviewWindow");
const label = `detached-${session.id.substring(0, 8)}-${Date.now()}`;
new WebviewWindow(label, {
title: `${session.name} — Wraith`,
width: 900,
height: 600,
resizable: true,
center: true,
url: `index.html#/detached-session?sessionId=${session.id}&name=${encodeURIComponent(session.name)}&protocol=${session.protocol}`,
width: 900, height: 600,
});
} catch (err) { console.error("Detach window error:", err); }
}
function closeMenuTab(): void {
@ -149,19 +151,9 @@ function closeMenuTab(): void {
if (session) sessionStore.closeSession(session.id);
}
// Listen for reattach events from detached windows
import { listen } from "@tauri-apps/api/event";
import type { UnlistenFn } from "@tauri-apps/api/event";
let unlistenReattach: UnlistenFn | null = null;
onMounted(async () => {
try {
availableShells.value = await invoke<ShellInfo[]>("list_available_shells");
} catch {
availableShells.value = [];
}
unlistenReattach = await listen<{ sessionId: string; name: string; protocol: string }>("session:reattach", (event) => {
listen<{ sessionId: string; name: string; protocol: string }>("session:reattach", (event) => {
const { sessionId } = event.payload;
const session = sessionStore.sessions.find(s => s.id === sessionId);
if (session) {
@ -169,10 +161,13 @@ onMounted(async () => {
sessionStore.activateSession(sessionId);
}
});
});
onBeforeUnmount(() => {
unlistenReattach?.();
onMounted(async () => {
try {
availableShells.value = await invoke<ShellInfo[]>("list_available_shells");
} catch {
availableShells.value = [];
}
});
// Drag-and-drop tab reordering

25
src/components/sftp/FileTree.vue
View File

@ -371,31 +371,6 @@ function handleFileSelected(event: Event): void {
failTransfer(transferId);
};
// Guard: the backend sftp_write_file command accepts a UTF-8 string only.
// Binary files (images, archives, executables, etc.) will be corrupted if
// sent as text. Warn and abort for known binary extensions or large files.
const BINARY_EXTENSIONS = new Set([
"png", "jpg", "jpeg", "gif", "webp", "bmp", "ico", "tiff", "svg",
"zip", "tar", "gz", "bz2", "xz", "7z", "rar", "zst",
"exe", "dll", "so", "dylib", "bin", "elf",
"pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx",
"mp3", "mp4", "avi", "mkv", "mov", "flac", "wav", "ogg",
"ttf", "otf", "woff", "woff2",
"db", "sqlite", "sqlite3",
]);
const ext = file.name.split(".").pop()?.toLowerCase() ?? "";
const isBinary = BINARY_EXTENSIONS.has(ext);
const isLarge = file.size > 1 * 1024 * 1024; // 1 MB
if (isBinary || isLarge) {
const reason = isBinary
? `"${ext}" files are binary and cannot be safely uploaded as text`
: `file is ${(file.size / (1024 * 1024)).toFixed(1)} MB — only text files under 1 MB are supported`;
alert(`Upload blocked: ${reason}.\n\nBinary file upload support will be added in a future release.`);
failTransfer(transferId);
return;
}
reader.readAsText(file);
}

8
src/components/sftp/TransferProgress.vue
View File

@ -52,15 +52,11 @@
</template>
<script setup lang="ts">
import { ref, watch } from "vue";
import { ref } from "vue";
import { useTransfers } from "@/composables/useTransfers";
const expanded = ref(false);
const { transfers } = useTransfers();
// Auto-expand when transfers become active, collapse when all are gone
watch(() => transfers.value.length, (newLen, oldLen) => {
if (newLen > 0 && oldLen === 0) expanded.value = true;
if (newLen === 0) expanded.value = false;
});
const { transfers } = useTransfers();
</script>

11
src/components/sidebar/ConnectionTree.vue
View File

@ -110,7 +110,7 @@
</template>
<script setup lang="ts">
import { ref, watch } from "vue";
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useConnectionStore, type Connection, type Group } from "@/stores/connection.store";
import { useSessionStore } from "@/stores/session.store";
@ -224,15 +224,6 @@ const expandedGroups = ref<Set<number>>(
new Set(connectionStore.groups.map((g) => g.id)),
);
// Auto-expand groups added after initial load
watch(() => connectionStore.groups, (newGroups) => {
for (const group of newGroups) {
if (!expandedGroups.value.has(group.id)) {
expandedGroups.value.add(group.id);
}
}
}, { deep: true });
function toggleGroup(groupId: number): void {
if (expandedGroups.value.has(groupId)) {
expandedGroups.value.delete(groupId);

12
src/components/sidebar/SidebarToggle.vue
View File

@ -5,11 +5,11 @@
:key="tab.id"
class="flex-1 py-2 text-xs font-medium text-center transition-colors cursor-pointer"
:class="
model === tab.id
modelValue === tab.id
? 'text-[var(--wraith-accent-blue)] border-b-2 border-[var(--wraith-accent-blue)]'
: 'text-[var(--wraith-text-muted)] hover:text-[var(--wraith-text-secondary)]'
"
@click="model = tab.id"
@click="emit('update:modelValue', tab.id)"
>
{{ tab.label }}
</button>
@ -24,5 +24,11 @@ const tabs = [
{ id: "sftp" as const, label: "SFTP" },
];
const model = defineModel<SidebarTab>();
defineProps<{
modelValue: SidebarTab;
}>();
const emit = defineEmits<{
"update:modelValue": [tab: SidebarTab];
}>();
</script>

69
src/components/terminal/LocalTerminalView.vue
View File

@ -9,10 +9,9 @@
</template>
<script setup lang="ts">
import { ref, onMounted, onBeforeUnmount, watch } from "vue";
import { ref, onMounted, watch } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { useTerminal } from "@/composables/useTerminal";
import { useSessionStore } from "@/stores/session.store";
import "@/assets/css/terminal.css";
const props = defineProps<{
@ -20,57 +19,13 @@ const props = defineProps<{
isActive: boolean;
}>();
const sessionStore = useSessionStore();
const containerRef = ref<HTMLElement | null>(null);
const { terminal, mount, fit, destroy } = useTerminal(props.sessionId, "pty");
/** Apply the session store's active theme to this local terminal instance. */
function applyTheme(): void {
const theme = sessionStore.activeTheme;
if (!theme) return;
terminal.options.theme = {
background: theme.background,
foreground: theme.foreground,
cursor: theme.cursor,
cursorAccent: theme.background,
selectionBackground: theme.selectionBackground ?? "#264f78",
selectionForeground: theme.selectionForeground ?? "#ffffff",
selectionInactiveBackground: theme.selectionBackground ?? "#264f78",
black: theme.black,
red: theme.red,
green: theme.green,
yellow: theme.yellow,
blue: theme.blue,
magenta: theme.magenta,
cyan: theme.cyan,
white: theme.white,
brightBlack: theme.brightBlack,
brightRed: theme.brightRed,
brightGreen: theme.brightGreen,
brightYellow: theme.brightYellow,
brightBlue: theme.brightBlue,
brightMagenta: theme.brightMagenta,
brightCyan: theme.brightCyan,
brightWhite: theme.brightWhite,
};
if (containerRef.value) {
containerRef.value.style.backgroundColor = theme.background;
}
terminal.refresh(0, terminal.rows - 1);
}
const { terminal, mount, fit } = useTerminal(props.sessionId, "pty");
onMounted(() => {
if (containerRef.value) {
mount(containerRef.value);
}
// Apply current theme immediately if one is already active
if (sessionStore.activeTheme) {
applyTheme();
}
setTimeout(() => {
fit();
terminal.focus();
@ -86,27 +41,11 @@ watch(
() => props.isActive,
(active) => {
if (active) {
requestAnimationFrame(() => {
requestAnimationFrame(() => {
setTimeout(() => {
fit();
terminal.focus();
invoke("pty_resize", {
sessionId: props.sessionId,
cols: terminal.cols,
rows: terminal.rows,
}).catch(() => {});
});
});
}, 0);
}
},
);
// Watch for theme changes and apply to this local terminal
watch(() => sessionStore.activeTheme, (newTheme) => {
if (newTheme) applyTheme();
}, { deep: true });
onBeforeUnmount(() => {
destroy();
});
</script>

12
src/components/terminal/MonitorBar.vue
View File

@ -1,7 +1,7 @@
<template>
<div
v-if="stats"
class="flex items-center gap-4 px-6 h-[48px] bg-[var(--wraith-bg-tertiary)] border-t border-[var(--wraith-border)] text-base font-mono shrink-0 select-none"
class="flex items-center gap-4 px-3 h-6 bg-[var(--wraith-bg-tertiary)] border-t border-[var(--wraith-border)] text-[10px] font-mono shrink-0 select-none"
>
<!-- CPU -->
<span class="flex items-center gap-1">
@ -55,7 +55,6 @@ interface SystemStats {
const stats = ref<SystemStats | null>(null);
let unlistenFn: UnlistenFn | null = null;
let subscribeGeneration = 0;
function colorClass(value: number, warnThreshold: number, critThreshold: number): string {
if (value >= critThreshold) return "text-[#f85149]"; // red
@ -71,17 +70,10 @@ function formatBytes(bytes: number): string {
}
async function subscribe(): Promise<void> {
const gen = ++subscribeGeneration;
if (unlistenFn) unlistenFn();
const fn = await listen<SystemStats>(`ssh:monitor:${props.sessionId}`, (event) => {
unlistenFn = await listen<SystemStats>(`ssh:monitor:${props.sessionId}`, (event) => {
stats.value = event.payload;
});
if (gen !== subscribeGeneration) {
// A newer subscribe() call has already taken over discard this listener
fn();
return;
}
unlistenFn = fn;
}
onMounted(subscribe);

56
src/components/terminal/TerminalView.vue
View File

@ -59,12 +59,10 @@
</template>
<script setup lang="ts">
import { ref, nextTick, onMounted, onBeforeUnmount, watch } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { ref, nextTick, onMounted, watch } from "vue";
import { useTerminal } from "@/composables/useTerminal";
import { useSessionStore } from "@/stores/session.store";
import MonitorBar from "@/components/terminal/MonitorBar.vue";
import type { IDisposable } from "@xterm/xterm";
import "@/assets/css/terminal.css";
const props = defineProps<{
@ -75,11 +73,6 @@ const props = defineProps<{
const sessionStore = useSessionStore();
const containerRef = ref<HTMLElement | null>(null);
const { terminal, searchAddon, mount, fit } = useTerminal(props.sessionId);
let resizeDisposable: IDisposable | null = null;
function handleFocus(): void {
terminal.focus();
}
// --- Search state ---
const searchVisible = ref(false);
@ -145,7 +138,7 @@ onMounted(() => {
}
// Track terminal dimensions in the session store
resizeDisposable = terminal.onResize(({ cols, rows }) => {
terminal.onResize(({ cols, rows }) => {
sessionStore.setTerminalDimensions(props.sessionId, cols, rows);
});
@ -156,27 +149,15 @@ onMounted(() => {
}, 50);
});
// Re-fit and focus terminal when switching back to this tab.
// Must wait for the container to have real dimensions after becoming visible.
// Re-fit and focus terminal when switching back to this tab
watch(
() => props.isActive,
(active) => {
if (active) {
// Double rAF ensures the container has been laid out by the browser
requestAnimationFrame(() => {
requestAnimationFrame(() => {
setTimeout(() => {
fit();
terminal.focus();
// Also notify the backend of the correct size
const session = sessionStore.sessions.find(s => s.id === props.sessionId);
const resizeCmd = session?.protocol === "local" ? "pty_resize" : "ssh_resize";
invoke(resizeCmd, {
sessionId: props.sessionId,
cols: terminal.cols,
rows: terminal.rows,
}).catch(() => {});
});
});
}, 0);
}
},
);
@ -189,10 +170,6 @@ function applyTheme(): void {
background: theme.background,
foreground: theme.foreground,
cursor: theme.cursor,
cursorAccent: theme.background,
selectionBackground: theme.selectionBackground ?? "#264f78",
selectionForeground: theme.selectionForeground ?? "#ffffff",
selectionInactiveBackground: theme.selectionBackground ?? "#264f78",
black: theme.black,
red: theme.red,
green: theme.green,
@ -210,27 +187,14 @@ function applyTheme(): void {
brightCyan: theme.brightCyan,
brightWhite: theme.brightWhite,
};
// Sync the container background so areas outside the canvas match the theme
if (containerRef.value) {
containerRef.value.style.backgroundColor = theme.background;
}
// Force xterm.js to repaint all visible rows with the new theme colors
terminal.refresh(0, terminal.rows - 1);
}
// Watch for theme changes in the session store and apply to this terminal.
// Uses deep comparison because the theme is an object a shallow watch may miss
// updates if Pinia returns the same reactive proxy wrapper after reassignment.
// Watch for theme changes in the session store and apply to this terminal
watch(() => sessionStore.activeTheme, (newTheme) => {
if (newTheme) applyTheme();
}, { deep: true });
onBeforeUnmount(() => {
if (resizeDisposable) {
resizeDisposable.dispose();
resizeDisposable = null;
}
});
function handleFocus(): void {
terminal.focus();
}
</script>

31
src/components/tools/BandwidthTest.vue
View File

@ -1,6 +1,6 @@
<template>
<ToolShell ref="shell" placeholder="Select a mode and click Run Test">
<template #default="{ running }">
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<select v-model="mode" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none cursor-pointer">
<option value="speedtest">Internet Speed Test</option>
<option value="iperf">iperf3 (LAN)</option>
@ -13,31 +13,32 @@
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="run">
{{ running ? "Testing..." : "Run Test" }}
</button>
</template>
</ToolShell>
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || "Select a mode and click Run Test" }}</pre>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const mode = ref("speedtest");
const server = ref("");
const duration = ref(5);
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
const output = ref("");
const running = ref(false);
async function run(): Promise<void> {
if (mode.value === "iperf" && !server.value) {
shell.value?.setOutput("Enter an iperf3 server IP");
return;
}
shell.value?.execute(() => {
running.value = true;
output.value = mode.value === "iperf" ? `Running iperf3 to ${server.value}...\n` : "Running speed test...\n";
try {
if (mode.value === "iperf") {
return invoke<string>("tool_bandwidth_iperf", { sessionId: props.sessionId, server: server.value, duration: duration.value });
if (!server.value) { output.value = "Enter an iperf3 server IP"; running.value = false; return; }
output.value = await invoke<string>("tool_bandwidth_iperf", { sessionId: props.sessionId, server: server.value, duration: duration.value });
} else {
output.value = await invoke<string>("tool_bandwidth_speedtest", { sessionId: props.sessionId });
}
return invoke<string>("tool_bandwidth_speedtest", { sessionId: props.sessionId });
});
} catch (err) { output.value = String(err); }
running.value = false;
}
</script>

22
src/components/tools/DnsLookup.vue
View File

@ -1,29 +1,31 @@
<template>
<ToolShell ref="shell" placeholder="Enter a domain and click Lookup">
<template #default="{ running }">
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<input v-model="domain" type="text" placeholder="Domain name" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="lookup" />
<select v-model="recordType" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none cursor-pointer">
<option v-for="t in ['A','AAAA','MX','NS','TXT','CNAME','SOA','SRV','PTR']" :key="t" :value="t">{{ t }}</option>
</select>
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="lookup">Lookup</button>
</template>
</ToolShell>
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || "Enter a domain and click Lookup" }}</pre>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const domain = ref("");
const recordType = ref("A");
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
const output = ref("");
const running = ref(false);
async function lookup(): Promise<void> {
if (!domain.value) return;
shell.value?.execute(() =>
invoke<string>("tool_dns_lookup", { sessionId: props.sessionId, domain: domain.value, recordType: recordType.value })
);
running.value = true;
try {
output.value = await invoke<string>("tool_dns_lookup", { sessionId: props.sessionId, domain: domain.value, recordType: recordType.value });
} catch (err) { output.value = String(err); }
running.value = false;
}
</script>

10
src/components/tools/DockerPanel.vue
View File

@ -81,16 +81,12 @@
import { ref, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
interface DockerContainer { id: string; name: string; image: string; status: string; ports: string; }
interface DockerImage { repository: string; tag: string; id: string; size: string; }
interface DockerVolume { name: string; driver: string; mountpoint: string; }
const props = defineProps<{ sessionId: string }>();
const tab = ref("containers");
const containers = ref<DockerContainer[]>([]);
const images = ref<DockerImage[]>([]);
const volumes = ref<DockerVolume[]>([]);
const containers = ref<any[]>([]);
const images = ref<any[]>([]);
const volumes = ref<any[]>([]);
const output = ref("");
async function refresh(): Promise<void> {

219
src/components/tools/HelpWindow.vue
View File

@ -1,219 +0,0 @@
<template>
<div class="flex flex-col h-full">
<!-- Tabs -->
<div class="flex items-center gap-1 px-4 py-2 bg-[#161b22] border-b border-[#30363d] shrink-0">
<button v-for="t in tabs" :key="t.id"
class="px-3 py-1 text-xs rounded cursor-pointer transition-colors"
:class="activeTab === t.id ? 'bg-[#58a6ff] text-black font-bold' : 'text-[#8b949e] hover:text-white'"
@click="activeTab = t.id"
>{{ t.label }}</button>
</div>
<div class="flex-1 overflow-auto p-6">
<!-- Getting Started -->
<div v-if="activeTab === 'guide'" class="prose-wraith">
<h2>Getting Started with Wraith</h2>
<p>Wraith is a native desktop SSH/SFTP/RDP client with an integrated AI copilot.</p>
<h3>Creating a Connection</h3>
<ol>
<li>Click <strong>File &rarr; New Connection</strong> or the <strong>+ Host</strong> button in the sidebar</li>
<li>Enter hostname, port, and protocol (SSH or RDP)</li>
<li>Optionally link a credential from the vault</li>
<li>Double-click the connection to connect</li>
</ol>
<h3>Quick Connect</h3>
<p>Type <code>user@host:port</code> in the Quick Connect bar and press Enter.</p>
<h3>AI Copilot</h3>
<p>Press <strong>Ctrl+Shift+G</strong> to open the AI copilot panel. Select a shell, click Launch, and run your AI CLI (Claude Code, Gemini, Codex).</p>
<p>Configure one-click launch presets in <strong>Settings &rarr; AI Copilot</strong>.</p>
<h3>Local Terminals</h3>
<p>Click the <strong>+</strong> button in the tab bar to open a local shell (PowerShell, CMD, Git Bash, WSL, bash, zsh).</p>
<h3>SFTP Browser</h3>
<p>Switch to the <strong>SFTP</strong> tab in the sidebar. It follows the active SSH session and tracks the current working directory.</p>
<p>Right-click files for Edit, Download, Rename, Delete.</p>
<h3>Tab Management</h3>
<ul>
<li><strong>Drag tabs</strong> to reorder</li>
<li><strong>Right-click tab</strong> &rarr; Detach to Window (pop out to separate window)</li>
<li>Close the detached window to reattach</li>
<li>Tabs pulse blue when there's new activity in the background</li>
</ul>
<h3>Remote Monitoring</h3>
<p>Every SSH session shows a monitoring bar at the bottom with CPU, RAM, disk, and network stats polled every 5 seconds. No agent needed.</p>
</div>
<!-- Keyboard Shortcuts -->
<div v-if="activeTab === 'shortcuts'" class="prose-wraith">
<h2>Keyboard Shortcuts</h2>
<table>
<thead><tr><th>Shortcut</th><th>Action</th></tr></thead>
<tbody>
<tr><td><kbd>Ctrl+K</kbd></td><td>Command Palette</td></tr>
<tr><td><kbd>Ctrl+Shift+G</kbd></td><td>Toggle AI Copilot</td></tr>
<tr><td><kbd>Ctrl+B</kbd></td><td>Toggle Sidebar</td></tr>
<tr><td><kbd>Ctrl+W</kbd></td><td>Close Active Tab</td></tr>
<tr><td><kbd>Ctrl+Tab</kbd></td><td>Next Tab</td></tr>
<tr><td><kbd>Ctrl+Shift+Tab</kbd></td><td>Previous Tab</td></tr>
<tr><td><kbd>Ctrl+1-9</kbd></td><td>Switch to Tab N</td></tr>
<tr><td><kbd>Ctrl+F</kbd></td><td>Find in Terminal</td></tr>
<tr><td><kbd>Ctrl+S</kbd></td><td>Save (in editor windows)</td></tr>
</tbody>
</table>
<h3>Terminal</h3>
<table>
<thead><tr><th>Action</th><th>How</th></tr></thead>
<tbody>
<tr><td>Copy</td><td>Select text (auto-copies)</td></tr>
<tr><td>Paste</td><td>Right-click</td></tr>
</tbody>
</table>
</div>
<!-- MCP Integration -->
<div v-if="activeTab === 'mcp'" class="prose-wraith">
<h2>MCP Integration (AI Tool Access)</h2>
<p>Wraith includes an MCP (Model Context Protocol) server that gives AI CLI tools programmatic access to your active sessions.</p>
<h3>Setup</h3>
<p>The MCP bridge binary is automatically downloaded to:</p>
<pre>{{ bridgePath }}</pre>
<p>Register with Claude Code:</p>
<pre>claude mcp add wraith -- "{{ bridgePath }}"</pre>
<h3>Available MCP Tools (18)</h3>
<h4>Session Management</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>list_sessions</code></td><td>List all active SSH/RDP/PTY sessions</td></tr>
</tbody>
</table>
<h4>Terminal</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>terminal_read</code></td><td>Read recent terminal output (ANSI stripped)</td></tr>
<tr><td><code>terminal_execute</code></td><td>Run a command and capture output</td></tr>
<tr><td><code>terminal_screenshot</code></td><td>Capture RDP frame as PNG</td></tr>
</tbody>
</table>
<h4>SFTP</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>sftp_list</code></td><td>List remote directory</td></tr>
<tr><td><code>sftp_read</code></td><td>Read remote file</td></tr>
<tr><td><code>sftp_write</code></td><td>Write remote file</td></tr>
</tbody>
</table>
<h4>Network</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>network_scan</code></td><td>ARP + ping sweep subnet discovery</td></tr>
<tr><td><code>port_scan</code></td><td>TCP port scan</td></tr>
<tr><td><code>ping</code></td><td>Ping a host</td></tr>
<tr><td><code>traceroute</code></td><td>Traceroute to host</td></tr>
<tr><td><code>dns_lookup</code></td><td>DNS query (A, MX, TXT, etc.)</td></tr>
<tr><td><code>whois</code></td><td>Whois lookup</td></tr>
<tr><td><code>wake_on_lan</code></td><td>Send WoL magic packet</td></tr>
<tr><td><code>bandwidth_test</code></td><td>Internet speed test</td></tr>
</tbody>
</table>
<h4>Utilities (no session needed)</h4>
<table>
<thead><tr><th>Tool</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>subnet_calc</code></td><td>Subnet calculator</td></tr>
<tr><td><code>generate_ssh_key</code></td><td>Generate SSH key pair</td></tr>
<tr><td><code>generate_password</code></td><td>Generate secure password</td></tr>
</tbody>
</table>
<h3>How It Works</h3>
<ol>
<li>Wraith starts an HTTP server on <code>localhost</code> (random port)</li>
<li>Port written to <code>mcp-port</code> in data directory</li>
<li>Bridge binary reads the port and proxies JSON-RPC over stdio</li>
<li>AI CLI spawns the bridge as an MCP server</li>
</ol>
</div>
<!-- About -->
<div v-if="activeTab === 'about'" class="prose-wraith">
<h2>About Wraith</h2>
<p class="text-2xl font-bold tracking-widest text-[#58a6ff]">WRAITH</p>
<p>Exists everywhere, all at once.</p>
<table>
<tbody>
<tr><td>Version</td><td>{{ version }}</td></tr>
<tr><td>Runtime</td><td>Tauri v2 + Rust</td></tr>
<tr><td>Frontend</td><td>Vue 3 + TypeScript</td></tr>
<tr><td>Terminal</td><td>xterm.js 6</td></tr>
<tr><td>SSH</td><td>russh 0.48</td></tr>
<tr><td>RDP</td><td>ironrdp 0.14</td></tr>
<tr><td>License</td><td>Proprietary</td></tr>
<tr><td>Publisher</td><td>Vigilance Cyber / Vigilsynth</td></tr>
</tbody>
</table>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { getVersion } from "@tauri-apps/api/app";
const tabs = [
{ id: "guide", label: "Getting Started" },
{ id: "shortcuts", label: "Shortcuts" },
{ id: "mcp", label: "MCP Integration" },
{ id: "about", label: "About" },
];
const activeTab = ref("guide");
const bridgePath = ref("loading...");
const version = ref("loading...");
onMounted(async () => {
// Read initial tab from URL
const params = new URLSearchParams(window.location.hash.split("?")[1] || "");
const page = params.get("page");
if (page && tabs.some(t => t.id === page)) activeTab.value = page;
try { version.value = await getVersion(); } catch { version.value = "unknown"; }
try { bridgePath.value = await invoke<string>("mcp_bridge_path"); } catch { bridgePath.value = "unknown"; }
});
</script>
<style scoped>
.prose-wraith h2 { font-size: 16px; font-weight: 700; color: #e0e0e0; margin-bottom: 12px; }
.prose-wraith h3 { font-size: 13px; font-weight: 600; color: #8b949e; margin-top: 20px; margin-bottom: 8px; text-transform: uppercase; letter-spacing: 0.05em; }
.prose-wraith h4 { font-size: 12px; font-weight: 600; color: #58a6ff; margin-top: 16px; margin-bottom: 6px; }
.prose-wraith p { font-size: 12px; color: #8b949e; margin-bottom: 8px; line-height: 1.6; }
.prose-wraith ol, .prose-wraith ul { font-size: 12px; color: #8b949e; margin-bottom: 8px; padding-left: 20px; }
.prose-wraith li { margin-bottom: 4px; line-height: 1.5; }
.prose-wraith code { background: #161b22; border: 1px solid #30363d; border-radius: 4px; padding: 1px 5px; font-size: 11px; color: #e0e0e0; }
.prose-wraith pre { background: #161b22; border: 1px solid #30363d; border-radius: 6px; padding: 10px 14px; font-size: 11px; color: #e0e0e0; overflow-x: auto; margin-bottom: 8px; font-family: 'Cascadia Mono', monospace; }
.prose-wraith kbd { background: #21262d; border: 1px solid #484f58; border-radius: 3px; padding: 1px 5px; font-size: 10px; color: #e0e0e0; }
.prose-wraith table { width: 100%; font-size: 12px; border-collapse: collapse; margin-bottom: 12px; }
.prose-wraith th { text-align: left; padding: 6px 10px; background: #161b22; color: #8b949e; font-weight: 500; border-bottom: 1px solid #30363d; }
.prose-wraith td { padding: 5px 10px; color: #e0e0e0; border-bottom: 1px solid #21262d; }
.prose-wraith strong { color: #e0e0e0; }
</style>

1
src/components/tools/NetworkScanner.vue
View File

@ -85,6 +85,5 @@ function exportCsv(): void {
a.href = URL.createObjectURL(blob);
a.download = `wraith-scan-${subnet.value}-${Date.now()}.csv`;
a.click();
setTimeout(() => URL.revokeObjectURL(a.href), 1000);
}
</script>

22
src/components/tools/PingTool.vue
View File

@ -1,28 +1,32 @@
<template>
<ToolShell ref="shell" placeholder="Enter a host and click Ping">
<template #default="{ running }">
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<input v-model="target" type="text" placeholder="Host to ping" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="ping" />
<input v-model.number="count" type="number" min="1" max="100" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] w-16" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="ping">Ping</button>
</template>
</ToolShell>
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || "Enter a host and click Ping" }}</pre>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const count = ref(4);
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
const output = ref("");
const running = ref(false);
async function ping(): Promise<void> {
if (!target.value) return;
shell.value?.execute(async () => {
running.value = true;
output.value = `Pinging ${target.value}...\n`;
try {
const result = await invoke<{ target: string; output: string }>("tool_ping", { sessionId: props.sessionId, target: target.value, count: count.value });
return result.output;
});
output.value = result.output;
} catch (err) { output.value = String(err); }
running.value = false;
}
</script>

37
src/components/tools/ToolShell.vue
View File

@ -1,37 +0,0 @@
<script setup lang="ts">
import { ref } from "vue";
defineProps<{
placeholder?: string;
}>();
const output = ref("");
const running = ref(false);
async function execute(fn: () => Promise<string>): Promise<void> {
running.value = true;
output.value = "";
try {
output.value = await fn();
} catch (err: unknown) {
output.value = `Error: ${err instanceof Error ? err.message : String(err)}`;
} finally {
running.value = false;
}
}
function setOutput(value: string): void {
output.value = value;
}
defineExpose({ execute, setOutput, output, running });
</script>
<template>
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<slot :running="running" />
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || placeholder || "Ready." }}</pre>
</div>
</template>

2
src/components/tools/ToolWindow.vue
View File

@ -13,7 +13,6 @@
<FileEditor v-else-if="tool === 'editor'" :session-id="sessionId" />
<SshKeyGen v-else-if="tool === 'ssh-keygen'" />
<PasswordGen v-else-if="tool === 'password-gen'" />
<HelpWindow v-else-if="tool === 'help'" />
<div v-else class="flex-1 flex items-center justify-center text-sm text-[#484f58]">
Unknown tool: {{ tool }}
</div>
@ -34,7 +33,6 @@ import DockerPanel from "./DockerPanel.vue";
import FileEditor from "./FileEditor.vue";
import SshKeyGen from "./SshKeyGen.vue";
import PasswordGen from "./PasswordGen.vue";
import HelpWindow from "./HelpWindow.vue";
defineProps<{
tool: string;

22
src/components/tools/TracerouteTool.vue
View File

@ -1,25 +1,29 @@
<template>
<ToolShell ref="shell" placeholder="Enter a host and click Trace">
<template #default="{ running }">
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<input v-model="target" type="text" placeholder="Host to trace" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="trace" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="trace">Trace</button>
</template>
</ToolShell>
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || "Enter a host and click Trace" }}</pre>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
const output = ref("");
const running = ref(false);
async function trace(): Promise<void> {
if (!target.value) return;
shell.value?.execute(() =>
invoke<string>("tool_traceroute", { sessionId: props.sessionId, target: target.value })
);
running.value = true;
output.value = `Tracing route to ${target.value}...\n`;
try {
output.value = await invoke<string>("tool_traceroute", { sessionId: props.sessionId, target: target.value });
} catch (err) { output.value = String(err); }
running.value = false;
}
</script>

21
src/components/tools/WhoisTool.vue
View File

@ -1,25 +1,26 @@
<template>
<ToolShell ref="shell" placeholder="Enter a domain or IP and click Whois">
<template #default="{ running }">
<div class="flex flex-col h-full p-4 gap-3">
<div class="flex items-center gap-2">
<input v-model="target" type="text" placeholder="Domain or IP" class="px-3 py-1.5 text-sm rounded bg-[#161b22] border border-[#30363d] text-[#e0e0e0] outline-none focus:border-[#58a6ff] flex-1" @keydown.enter="lookup" />
<button class="px-4 py-1.5 text-sm font-bold rounded bg-[#58a6ff] text-black cursor-pointer disabled:opacity-40" :disabled="running" @click="lookup">Whois</button>
</template>
</ToolShell>
</div>
<pre class="flex-1 overflow-auto bg-[#161b22] border border-[#30363d] rounded p-3 text-xs font-mono whitespace-pre-wrap text-[#e0e0e0]">{{ output || "Enter a domain or IP and click Whois" }}</pre>
</div>
</template>
<script setup lang="ts">
import { ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
import ToolShell from "./ToolShell.vue";
const props = defineProps<{ sessionId: string }>();
const target = ref("");
const shell = ref<InstanceType<typeof ToolShell> | null>(null);
const output = ref("");
const running = ref(false);
async function lookup(): Promise<void> {
if (!target.value) return;
shell.value?.execute(() =>
invoke<string>("tool_whois", { sessionId: props.sessionId, target: target.value })
);
running.value = true;
try { output.value = await invoke<string>("tool_whois", { sessionId: props.sessionId, target: target.value }); }
catch (err) { output.value = String(err); }
running.value = false;
}
</script>

106
src/composables/useKeyboardShortcuts.ts
View File

@ -1,106 +0,0 @@
import { onMounted, onBeforeUnmount } from "vue";
import type { Ref } from "vue";
import type { useSessionStore } from "@/stores/session.store";
interface KeyboardShortcutActions {
sessionStore: ReturnType<typeof useSessionStore>;
sidebarVisible: Ref<boolean>;
copilotVisible: Ref<boolean>;
openCommandPalette: () => void;
openActiveSearch: () => void;
}
export function useKeyboardShortcuts(actions: KeyboardShortcutActions): void {
const { sessionStore, sidebarVisible, copilotVisible, openCommandPalette, openActiveSearch } = actions;
function handleKeydown(event: KeyboardEvent): void {
const target = event.target as HTMLElement;
const isInputFocused =
target.tagName === "INPUT" ||
target.tagName === "TEXTAREA" ||
target.tagName === "SELECT";
const ctrl = event.ctrlKey || event.metaKey;
// Ctrl+K — command palette (fires even when input is focused)
if (ctrl && event.key === "k") {
event.preventDefault();
openCommandPalette();
return;
}
if (isInputFocused) return;
// Ctrl+W — close active tab
if (ctrl && event.key === "w") {
event.preventDefault();
const active = sessionStore.activeSession;
if (active) sessionStore.closeSession(active.id);
return;
}
// Ctrl+Tab — next tab
if (ctrl && event.key === "Tab" && !event.shiftKey) {
event.preventDefault();
const sessions = sessionStore.sessions;
if (sessions.length < 2) return;
const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId);
const next = sessions[(idx + 1) % sessions.length];
sessionStore.activateSession(next.id);
return;
}
// Ctrl+Shift+Tab — previous tab
if (ctrl && event.key === "Tab" && event.shiftKey) {
event.preventDefault();
const sessions = sessionStore.sessions;
if (sessions.length < 2) return;
const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId);
const prev = sessions[(idx - 1 + sessions.length) % sessions.length];
sessionStore.activateSession(prev.id);
return;
}
// Ctrl+1-9 — jump to tab by index
if (ctrl && event.key >= "1" && event.key <= "9") {
const tabIndex = parseInt(event.key, 10) - 1;
const sessions = sessionStore.sessions;
if (tabIndex < sessions.length) {
event.preventDefault();
sessionStore.activateSession(sessions[tabIndex].id);
}
return;
}
// Ctrl+B — toggle sidebar
if (ctrl && event.key === "b") {
event.preventDefault();
sidebarVisible.value = !sidebarVisible.value;
return;
}
// Ctrl+Shift+G — toggle AI copilot
if (ctrl && event.shiftKey && event.key.toLowerCase() === "g") {
event.preventDefault();
copilotVisible.value = !copilotVisible.value;
return;
}
// Ctrl+F — terminal search (SSH sessions only)
if (ctrl && event.key === "f") {
const active = sessionStore.activeSession;
if (active?.protocol === "ssh") {
event.preventDefault();
openActiveSearch();
}
return;
}
}
onMounted(() => {
document.addEventListener("keydown", handleKeydown);
});
onBeforeUnmount(() => {
document.removeEventListener("keydown", handleKeydown);
});
}

116
src/composables/useRdp.ts
View File

@ -1,5 +1,4 @@
import { ref, onBeforeUnmount } from "vue";
import type { Ref } from "vue";
import { invoke } from "@tauri-apps/api/core";
/**
@ -153,13 +152,13 @@ export function jsKeyToScancode(code: string): number | null {
export interface UseRdpReturn {
/** Whether the RDP session is connected (first frame received) */
connected: Ref<boolean>;
connected: ReturnType<typeof ref<boolean>>;
/** Whether keyboard capture is enabled */
keyboardGrabbed: Ref<boolean>;
keyboardGrabbed: ReturnType<typeof ref<boolean>>;
/** Whether clipboard sync is enabled */
clipboardSync: Ref<boolean>;
/** Fetch and render the dirty region directly to a canvas context */
fetchAndRender: (sessionId: string, width: number, height: number, ctx: CanvasRenderingContext2D) => Promise<boolean>;
clipboardSync: ReturnType<typeof ref<boolean>>;
/** Fetch the current frame as RGBA ImageData */
fetchFrame: (sessionId: string, width: number, height: number) => Promise<ImageData | null>;
/** Send a mouse event to the backend */
sendMouse: (sessionId: string, x: number, y: number, flags: number) => void;
/** Send a key event to the backend */
@ -185,7 +184,7 @@ export interface UseRdpReturn {
* Composable that manages an RDP session's rendering and input.
*
* Uses Tauri's invoke() to call Rust commands:
* rdp_get_frame raw RGBA ArrayBuffer (binary IPC)
* rdp_get_frame base64 RGBA string
* rdp_send_mouse fire-and-forget
* rdp_send_key fire-and-forget
* rdp_send_clipboard fire-and-forget
@ -196,53 +195,47 @@ export function useRdp(): UseRdpReturn {
const clipboardSync = ref(false);
let animFrameId: number | null = null;
let unlistenFrame: (() => void) | null = null;
let frameCount = 0;
/**
* Fetch the dirty region from the Rust RDP backend and apply it to the canvas.
* Fetch the current frame from the Rust RDP backend.
*
* Binary format from backend: 8-byte header + pixel data
* Header: [x: u16, y: u16, w: u16, h: u16] (little-endian)
* If header is all zeros full frame (width*height*4 bytes)
* If header is non-zero dirty rectangle (w*h*4 bytes)
*
* Returns true if a frame was rendered, false if nothing changed.
* rdp_get_frame returns raw RGBA bytes (width*height*4) serialised as a
* base64 string over Tauri's IPC bridge. We decode it to Uint8ClampedArray
* and wrap in an ImageData for putImageData().
*/
async function fetchAndRender(
async function fetchFrame(
sessionId: string,
width: number,
height: number,
ctx: CanvasRenderingContext2D,
): Promise<boolean> {
let raw: ArrayBuffer;
): Promise<ImageData | null> {
let raw: string;
try {
raw = await invoke<ArrayBuffer>("rdp_get_frame", { sessionId });
raw = await invoke<string>("rdp_get_frame", { sessionId });
} catch {
return false;
// Session may not be connected yet or backend returned an error — skip frame
return null;
}
if (!raw || raw.byteLength <= 8) return false;
if (!raw || raw.length === 0) return null;
const view = new DataView(raw);
const rx = view.getUint16(0, true);
const ry = view.getUint16(2, true);
const rw = view.getUint16(4, true);
const rh = view.getUint16(6, true);
const pixelData = new Uint8ClampedArray(raw, 8);
// Decode base64 → binary string → Uint8ClampedArray
const binaryStr = atob(raw);
const bytes = new Uint8ClampedArray(binaryStr.length);
for (let i = 0; i < binaryStr.length; i++) {
bytes[i] = binaryStr.charCodeAt(i);
}
if (rx === 0 && ry === 0 && rw === 0 && rh === 0) {
// Full frame
// Validate: RGBA requires exactly width * height * 4 bytes
const expected = width * height * 4;
if (pixelData.length !== expected) return false;
ctx.putImageData(new ImageData(pixelData, width, height), 0, 0);
} else {
// Dirty rectangle — apply at offset
const expected = rw * rh * 4;
if (pixelData.length !== expected) return false;
ctx.putImageData(new ImageData(pixelData, rw, rh), rx, ry);
if (bytes.length !== expected) {
console.warn(
`[useRdp] Frame size mismatch: got ${bytes.length}, expected ${expected}`,
);
return null;
}
return true;
return new ImageData(bytes, width, height);
}
/**
@ -310,36 +303,26 @@ export function useRdp(): UseRdpReturn {
canvas.width = width;
canvas.height = height;
let fetchPending = false;
let rafScheduled = false;
function renderLoop(): void {
frameCount++;
// Fetch and render dirty region when backend signals new frame data.
// Uses rAF to coalesce rapid events into one fetch per display frame.
function scheduleFrameFetch(): void {
if (rafScheduled) return;
rafScheduled = true;
animFrameId = requestAnimationFrame(async () => {
rafScheduled = false;
if (fetchPending) return;
fetchPending = true;
if (!ctx) return;
const rendered = await fetchAndRender(sessionId, width, height, ctx);
fetchPending = false;
if (rendered && !connected.value) connected.value = true;
// Throttle to ~30fps by skipping odd-numbered rAF ticks
if (frameCount % 2 === 0) {
fetchFrame(sessionId, width, height).then((imageData) => {
if (imageData && ctx) {
ctx.putImageData(imageData, 0, 0);
// Mark connected on first successful frame
if (!connected.value) {
connected.value = true;
}
}
});
}
// Listen for frame events from the backend (push model)
import("@tauri-apps/api/event").then(({ listen }) => {
listen(`rdp:frame:${sessionId}`, () => {
scheduleFrameFetch();
}).then((unlisten) => {
unlistenFrame = unlisten;
});
});
animFrameId = requestAnimationFrame(renderLoop);
}
// Initial poll in case frames arrived before listener was set up
scheduleFrameFetch();
animFrameId = requestAnimationFrame(renderLoop);
}
/**
@ -350,11 +333,8 @@ export function useRdp(): UseRdpReturn {
cancelAnimationFrame(animFrameId);
animFrameId = null;
}
if (unlistenFrame !== null) {
unlistenFrame();
unlistenFrame = null;
}
connected.value = false;
frameCount = 0;
}
function toggleKeyboardGrab(): void {
@ -373,7 +353,7 @@ export function useRdp(): UseRdpReturn {
connected,
keyboardGrabbed,
clipboardSync,
fetchAndRender,
fetchFrame,
sendMouse,
sendKey,
sendClipboard,

5
src/composables/useSftp.ts
View File

@ -24,11 +24,6 @@ export interface UseSftpReturn {
// Persist the last browsed path per session so switching tabs restores position
const sessionPaths: Record<string, string> = {};
/** Remove a session's saved path from the module-level cache. Call on session close. */
export function cleanupSession(sessionId: string): void {
delete sessionPaths[sessionId];
}
/**
* Composable that manages SFTP file browsing state.
* Accepts a reactive session ID ref so it reinitializes on tab switch

24
src/composables/useTerminal.ts
View File

@ -14,9 +14,8 @@ const defaultTheme = {
foreground: "#e0e0e0",
cursor: "#58a6ff",
cursorAccent: "#0d1117",
selectionBackground: "#264f78",
selectionBackground: "rgba(88, 166, 255, 0.3)",
selectionForeground: "#ffffff",
selectionInactiveBackground: "#264f78",
black: "#0d1117",
red: "#f85149",
green: "#3fb950",
@ -71,9 +70,7 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
cursorStyle: "block",
scrollback: 10000,
allowProposedApi: true,
// SSH always needs EOL conversion. PTY needs it on Windows (ConPTY sends bare \n)
// but not on Unix (PTY driver handles LF→CRLF). navigator.platform is the simplest check.
convertEol: backend === 'ssh' || navigator.platform.startsWith('Win'),
convertEol: backend === 'ssh',
rightClickSelectsWord: false,
});
@ -156,7 +153,6 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
// cell widths — producing tiny dashes and 200+ column terminals.
document.fonts.ready.then(() => {
fitAddon.fit();
terminal.focus();
});
// Right-click paste on the terminal's DOM element
@ -165,16 +161,9 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
// Subscribe to SSH output events for this session.
// Tauri v2 listen() callback receives { payload: T } — the base64 string
// is in event.payload (not event.data as in Wails).
// Throttle activity marking to avoid Vue reactivity storms
let lastActivityMark = 0;
unlistenPromise = listen<string>(dataEvent, (event) => {
// Mark tab activity at most once per second
const now = Date.now();
if (now - lastActivityMark > 1000) {
lastActivityMark = now;
// Mark tab activity for background sessions
try { useSessionStore().markActivity(sessionId); } catch {}
}
const b64data = event.payload;
@ -202,12 +191,9 @@ export function useTerminal(sessionId: string, backend: 'ssh' | 'pty' = 'ssh'):
unlistenFn = fn;
});
// Auto-fit when the container resizes — but only if visible
resizeObserver = new ResizeObserver((entries) => {
const entry = entries[0];
if (entry && entry.contentRect.width > 50 && entry.contentRect.height > 50) {
// Auto-fit when the container resizes
resizeObserver = new ResizeObserver(() => {
fitAddon.fit();
}
});
resizeObserver.observe(container);
}

166
src/layouts/MainLayout.vue
View File

@ -141,47 +141,6 @@
</button>
</div>
</div>
<!-- Help menu -->
<div class="relative">
<button
class="text-xs text-[var(--wraith-text-secondary)] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer px-2 py-1 rounded hover:bg-[var(--wraith-bg-tertiary)]"
@click="showHelpMenu = !showHelpMenu"
@blur="closeHelpMenuDeferred"
>
Help
</button>
<div
v-if="showHelpMenu"
class="absolute top-full left-0 mt-0.5 w-56 bg-[#161b22] border border-[#30363d] rounded-lg shadow-2xl overflow-hidden z-50 py-1"
>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('guide')"
>
<span class="flex-1">Getting Started</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('shortcuts')"
>
<span class="flex-1">Keyboard Shortcuts</span>
</button>
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('mcp')"
>
<span class="flex-1">MCP Integration</span>
</button>
<div class="border-t border-[#30363d] my-1" />
<button
class="w-full flex items-center gap-3 px-4 py-2 text-xs text-left text-[var(--wraith-text-secondary)] hover:bg-[#30363d] hover:text-[var(--wraith-text-primary)] transition-colors cursor-pointer"
@mousedown.prevent="handleHelpAction('about')"
>
<span class="flex-1">About Wraith</span>
</button>
</div>
</div>
</div>
<!-- Quick Connect -->
@ -308,7 +267,6 @@
<script setup lang="ts">
import { ref, computed, onMounted, onUnmounted } from "vue";
import { useKeyboardShortcuts } from "@/composables/useKeyboardShortcuts";
import { invoke } from "@tauri-apps/api/core";
import { getCurrentWindow } from "@tauri-apps/api/window";
import { useAppStore } from "@/stores/app.store";
@ -351,7 +309,6 @@ const sessionContainer = ref<InstanceType<typeof SessionContainer> | null>(null)
const showFileMenu = ref(false);
const showToolsMenu = ref(false);
const showHelpMenu = ref(false);
function closeFileMenuDeferred(): void {
setTimeout(() => { showFileMenu.value = false; }, 150);
@ -361,22 +318,6 @@ function closeToolsMenuDeferred(): void {
setTimeout(() => { showToolsMenu.value = false; }, 150);
}
function closeHelpMenuDeferred(): void {
setTimeout(() => { showHelpMenu.value = false; }, 150);
}
async function handleHelpAction(page: string): Promise<void> {
showHelpMenu.value = false;
try {
await invoke("open_child_window", {
label: `help-${page}-${Date.now()}`,
title: "Wraith — Help",
url: `index.html#/tool/help?page=${page}`,
width: 750, height: 600,
});
} catch (err) { console.error("Help window error:", err); alert("Window error: " + String(err)); }
}
async function handleToolAction(tool: string): Promise<void> {
showToolsMenu.value = false;
@ -388,6 +329,8 @@ async function handleToolAction(tool: string): Promise<void> {
return;
}
const { WebviewWindow } = await import("@tauri-apps/api/webviewWindow");
const toolConfig: Record<string, { title: string; width: number; height: number }> = {
"network-scanner": { title: "Network Scanner", width: 800, height: 600 },
"port-scanner": { title: "Port Scanner", width: 700, height: 500 },
@ -408,14 +351,16 @@ async function handleToolAction(tool: string): Promise<void> {
const sessionId = activeSessionId.value || "";
try {
await invoke("open_child_window", {
label: `tool-${tool}-${Date.now()}`,
// Open tool in a new Tauri window
const label = `tool-${tool}-${Date.now()}`;
new WebviewWindow(label, {
title: `Wraith — ${config.title}`,
width: config.width,
height: config.height,
resizable: true,
center: true,
url: `index.html#/tool/${tool}?sessionId=${sessionId}`,
width: config.width, height: config.height,
});
} catch (err) { console.error("Tool window error:", err); alert("Tool window error: " + String(err)); }
}
async function handleFileMenuAction(action: string): Promise<void> {
@ -435,13 +380,18 @@ function handleThemeSelect(theme: ThemeDefinition): void {
async function handleOpenFile(entry: FileEntry): Promise<void> {
if (!activeSessionId.value) return;
try {
const { WebviewWindow } = await import("@tauri-apps/api/webviewWindow");
const fileName = entry.path.split("/").pop() || entry.path;
const label = `editor-${Date.now()}`;
const sessionId = activeSessionId.value;
await invoke("open_child_window", {
label: `editor-${Date.now()}`,
new WebviewWindow(label, {
title: `${fileName} — Wraith Editor`,
width: 800,
height: 600,
resizable: true,
center: true,
url: `index.html#/tool/editor?sessionId=${sessionId}&path=${encodeURIComponent(entry.path)}`,
width: 800, height: 600,
});
} catch (err) { console.error("Failed to open editor:", err); }
}
@ -469,41 +419,25 @@ async function handleQuickConnect(): Promise<void> {
} catch (err) { console.error("Quick connect failed:", err); }
}
useKeyboardShortcuts({
sessionStore,
sidebarVisible,
copilotVisible,
openCommandPalette: () => commandPalette.value?.toggle(),
openActiveSearch: () => sessionContainer.value?.openActiveSearch(),
});
let workspaceSaveInterval: ReturnType<typeof setInterval> | null = null;
function handleBeforeUnload(e: BeforeUnloadEvent): void {
if (sessionStore.sessions.length > 0) {
e.preventDefault();
}
function handleKeydown(event: KeyboardEvent): void {
const target = event.target as HTMLElement;
const isInputFocused = target.tagName === "INPUT" || target.tagName === "TEXTAREA" || target.tagName === "SELECT";
const ctrl = event.ctrlKey || event.metaKey;
if (ctrl && event.key === "k") { event.preventDefault(); commandPalette.value?.toggle(); return; }
if (isInputFocused) return;
if (ctrl && event.key === "w") { event.preventDefault(); const active = sessionStore.activeSession; if (active) sessionStore.closeSession(active.id); return; }
if (ctrl && event.key === "Tab" && !event.shiftKey) { event.preventDefault(); const sessions = sessionStore.sessions; if (sessions.length < 2) return; const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId); const next = sessions[(idx + 1) % sessions.length]; sessionStore.activateSession(next.id); return; }
if (ctrl && event.key === "Tab" && event.shiftKey) { event.preventDefault(); const sessions = sessionStore.sessions; if (sessions.length < 2) return; const idx = sessions.findIndex((s) => s.id === sessionStore.activeSessionId); const prev = sessions[(idx - 1 + sessions.length) % sessions.length]; sessionStore.activateSession(prev.id); return; }
if (ctrl && event.key >= "1" && event.key <= "9") { const tabIndex = parseInt(event.key, 10) - 1; const sessions = sessionStore.sessions; if (tabIndex < sessions.length) { event.preventDefault(); sessionStore.activateSession(sessions[tabIndex].id); } return; }
if (ctrl && event.key === "b") { event.preventDefault(); sidebarVisible.value = !sidebarVisible.value; return; }
if (ctrl && event.shiftKey && event.key.toLowerCase() === "g") { event.preventDefault(); copilotVisible.value = !copilotVisible.value; return; }
if (ctrl && event.key === "f") { const active = sessionStore.activeSession; if (active?.protocol === "ssh") { event.preventDefault(); sessionContainer.value?.openActiveSearch(); } return; }
}
onMounted(async () => {
// Confirm before closing if sessions are active (synchronous won't hang)
window.addEventListener("beforeunload", handleBeforeUnload);
document.addEventListener("keydown", handleKeydown);
await connectionStore.loadAll();
// Restore saved theme so every terminal opens with the user's preferred colors
try {
const savedThemeName = await invoke<string | null>("get_setting", { key: "active_theme" });
if (savedThemeName) {
const themes = await invoke<Array<{ name: string; foreground: string; background: string; cursor: string; black: string; red: string; green: string; yellow: string; blue: string; magenta: string; cyan: string; white: string; brightBlack: string; brightRed: string; brightGreen: string; brightYellow: string; brightBlue: string; brightMagenta: string; brightCyan: string; brightWhite: string }>>("list_themes");
const theme = themes?.find(t => t.name === savedThemeName);
if (theme) {
sessionStore.setTheme(theme);
statusBar.value?.setThemeName(theme.name);
}
}
} catch {}
// Restore workspace reconnect saved tabs (non-blocking, non-fatal)
setTimeout(async () => {
try {
@ -516,34 +450,34 @@ onMounted(async () => {
} catch {}
}, 500);
// Auto-save workspace every 30 seconds instead of on close
// (onCloseRequested was hanging the window close on Windows)
workspaceSaveInterval = setInterval(() => {
// Save workspace on window close (non-fatal)
try {
const { getCurrentWindow } = await import("@tauri-apps/api/window");
const appWindow = getCurrentWindow();
appWindow.onCloseRequested(async () => {
const tabs = sessionStore.sessions
.filter(s => s.protocol === "ssh" || s.protocol === "rdp")
.map((s, i) => ({ connectionId: s.connectionId, protocol: s.protocol, position: i }));
if (tabs.length > 0) {
invoke("save_workspace", { tabs }).catch(() => {});
}
}, 30000);
await invoke("save_workspace", { tabs }).catch(() => {});
});
} catch {}
// Check for updates on startup via Tauri updater plugin (non-blocking)
invoke<{ currentVersion: string; latestVersion: string; updateAvailable: boolean; downloadUrl: string }>("check_for_updates")
.then((info) => {
if (info.updateAvailable) {
if (confirm(`Wraith v${info.latestVersion} is available (you have v${info.currentVersion}). Open download page?`)) {
import("@tauri-apps/plugin-shell").then(({ open }) => open(info.downloadUrl)).catch(() => window.open(info.downloadUrl, "_blank"));
import("@tauri-apps/plugin-updater").then(async ({ check }) => {
try {
const update = await check();
if (update?.available) {
if (confirm(`Wraith v${update.version} is available. Download and install?`)) {
await update.downloadAndInstall();
const { relaunch } = await import("@tauri-apps/plugin-process");
await relaunch();
}
}
})
.catch(() => {});
} catch {}
}).catch(() => {});
});
onUnmounted(() => {
window.removeEventListener("beforeunload", handleBeforeUnload);
if (workspaceSaveInterval !== null) {
clearInterval(workspaceSaveInterval);
workspaceSaveInterval = null;
}
document.removeEventListener("keydown", handleKeydown);
});
</script>

139
src/layouts/UnlockLayout.vue
View File

@ -50,25 +50,68 @@ const displayError = computed(() => localError.value ?? app.error);
</script>
<template>
<div class="h-full flex items-center justify-center bg-[var(--wraith-bg-primary)]">
<div class="w-full max-w-[400px] p-10 bg-[var(--wraith-bg-secondary)] border border-[var(--wraith-border)] rounded-xl shadow-[0_8px_32px_rgba(0,0,0,0.5)]">
<div
class="unlock-root"
style="
height: 100%;
display: flex;
align-items: center;
justify-content: center;
background-color: var(--wraith-bg-primary);
"
>
<div
class="unlock-card"
style="
width: 100%;
max-width: 400px;
padding: 2.5rem;
background-color: var(--wraith-bg-secondary);
border: 1px solid var(--wraith-border);
border-radius: 12px;
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.5);
"
>
<!-- Logo -->
<div class="text-center mb-8">
<span class="text-[2rem] font-extrabold tracking-[0.3em] text-[var(--wraith-accent-blue)] uppercase font-['Inter',monospace]">
<div style="text-align: center; margin-bottom: 2rem">
<span
style="
font-size: 2rem;
font-weight: 800;
letter-spacing: 0.3em;
color: var(--wraith-accent-blue);
text-transform: uppercase;
font-family: 'Inter', monospace;
"
>
WRAITH
</span>
<p class="mt-2 text-[0.8rem] text-[var(--wraith-text-muted)] tracking-[0.15em] uppercase">
<p
style="
margin: 0.5rem 0 0;
font-size: 0.8rem;
color: var(--wraith-text-muted);
letter-spacing: 0.15em;
text-transform: uppercase;
"
>
{{ isFirstRun ? "Initialize Secure Vault" : "Secure Desktop" }}
</p>
</div>
<!-- Form -->
<form @submit.prevent="handleSubmit" class="flex flex-col gap-4">
<form @submit.prevent="handleSubmit" style="display: flex; flex-direction: column; gap: 1rem">
<!-- Master password -->
<div>
<label
for="master-password"
class="block mb-[0.4rem] text-[0.8rem] text-[var(--wraith-text-secondary)] tracking-[0.05em]"
style="
display: block;
margin-bottom: 0.4rem;
font-size: 0.8rem;
color: var(--wraith-text-secondary);
letter-spacing: 0.05em;
"
>
MASTER PASSWORD
</label>
@ -79,7 +122,20 @@ const displayError = computed(() => localError.value ?? app.error);
autocomplete="current-password"
placeholder="Enter master password"
:disabled="loading"
class="w-full px-[0.9rem] py-[0.65rem] bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] rounded-[6px] text-[var(--wraith-text-primary)] text-[0.95rem] outline-none transition-colors duration-150 box-border focus:border-[var(--wraith-accent-blue)]"
style="
width: 100%;
padding: 0.65rem 0.9rem;
background-color: var(--wraith-bg-tertiary);
border: 1px solid var(--wraith-border);
border-radius: 6px;
color: var(--wraith-text-primary);
font-size: 0.95rem;
outline: none;
transition: border-color 0.15s ease;
box-sizing: border-box;
"
@focus="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-accent-blue)'"
@blur="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-border)'"
/>
</div>
@ -87,7 +143,13 @@ const displayError = computed(() => localError.value ?? app.error);
<div v-if="isFirstRun">
<label
for="confirm-password"
class="block mb-[0.4rem] text-[0.8rem] text-[var(--wraith-text-secondary)] tracking-[0.05em]"
style="
display: block;
margin-bottom: 0.4rem;
font-size: 0.8rem;
color: var(--wraith-text-secondary);
letter-spacing: 0.05em;
"
>
CONFIRM PASSWORD
</label>
@ -98,9 +160,28 @@ const displayError = computed(() => localError.value ?? app.error);
autocomplete="new-password"
placeholder="Confirm master password"
:disabled="loading"
class="w-full px-[0.9rem] py-[0.65rem] bg-[var(--wraith-bg-tertiary)] border border-[var(--wraith-border)] rounded-[6px] text-[var(--wraith-text-primary)] text-[0.95rem] outline-none transition-colors duration-150 box-border focus:border-[var(--wraith-accent-blue)]"
style="
width: 100%;
padding: 0.65rem 0.9rem;
background-color: var(--wraith-bg-tertiary);
border: 1px solid var(--wraith-border);
border-radius: 6px;
color: var(--wraith-text-primary);
font-size: 0.95rem;
outline: none;
transition: border-color 0.15s ease;
box-sizing: border-box;
"
@focus="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-accent-blue)'"
@blur="($event.target as HTMLInputElement).style.borderColor = 'var(--wraith-border)'"
/>
<p class="mt-[0.4rem] text-[0.75rem] text-[var(--wraith-text-muted)]">
<p
style="
margin: 0.4rem 0 0;
font-size: 0.75rem;
color: var(--wraith-text-muted);
"
>
Minimum 12 characters. This password cannot be recovered.
</p>
</div>
@ -108,7 +189,14 @@ const displayError = computed(() => localError.value ?? app.error);
<!-- Error message -->
<div
v-if="displayError"
class="px-[0.9rem] py-[0.6rem] bg-[rgba(248,81,73,0.1)] border border-[rgba(248,81,73,0.3)] rounded-[6px] text-[var(--wraith-accent-red)] text-[0.85rem]"
style="
padding: 0.6rem 0.9rem;
background-color: rgba(248, 81, 73, 0.1);
border: 1px solid rgba(248, 81, 73, 0.3);
border-radius: 6px;
color: var(--wraith-accent-red);
font-size: 0.85rem;
"
>
{{ displayError }}
</div>
@ -117,8 +205,22 @@ const displayError = computed(() => localError.value ?? app.error);
<button
type="submit"
:disabled="loading"
class="w-full py-[0.7rem] mt-2 bg-[var(--wraith-accent-blue)] text-[#0d1117] font-bold text-[0.9rem] tracking-[0.08em] uppercase border-none rounded-[6px] transition-[opacity,background-color] duration-150"
:class="loading ? 'opacity-60 cursor-not-allowed' : 'cursor-pointer'"
style="
width: 100%;
padding: 0.7rem;
margin-top: 0.5rem;
background-color: var(--wraith-accent-blue);
color: #0d1117;
font-weight: 700;
font-size: 0.9rem;
letter-spacing: 0.08em;
text-transform: uppercase;
border: none;
border-radius: 6px;
cursor: pointer;
transition: opacity 0.15s ease, background-color 0.15s ease;
"
:style="{ opacity: loading ? '0.6' : '1', cursor: loading ? 'not-allowed' : 'pointer' }"
>
<span v-if="loading">
{{ isFirstRun ? "Creating vault..." : "Unlocking..." }}
@ -130,7 +232,14 @@ const displayError = computed(() => localError.value ?? app.error);
</form>
<!-- Footer hint -->
<p class="mt-6 text-center text-[0.75rem] text-[var(--wraith-text-muted)]">
<p
style="
margin: 1.5rem 0 0;
text-align: center;
font-size: 0.75rem;
color: var(--wraith-text-muted);
"
>
<template v-if="isFirstRun">
Your vault will be encrypted with AES-256-GCM.
</template>

32
src/stores/connection.store.ts
View File

@ -51,33 +51,22 @@ export const useConnectionStore = defineStore("connection", () => {
);
});
/** Memoized map of groupId → filtered connections. Recomputes only when connections or searchQuery change. */
const connectionsByGroupMap = computed<Record<number, Connection[]>>(() => {
const q = searchQuery.value.toLowerCase().trim();
const map: Record<number, Connection[]> = {};
for (const c of connections.value) {
if (c.groupId === null) continue;
if (q) {
const match =
c.name.toLowerCase().includes(q) ||
c.hostname.toLowerCase().includes(q) ||
c.tags?.some((t) => t.toLowerCase().includes(q));
if (!match) continue;
}
if (!map[c.groupId]) map[c.groupId] = [];
map[c.groupId].push(c);
}
return map;
});
/** Get connections belonging to a specific group. */
function connectionsByGroup(groupId: number): Connection[] {
return connectionsByGroupMap.value[groupId] ?? [];
const q = searchQuery.value.toLowerCase().trim();
const groupConns = connections.value.filter((c) => c.groupId === groupId);
if (!q) return groupConns;
return groupConns.filter(
(c) =>
c.name.toLowerCase().includes(q) ||
c.hostname.toLowerCase().includes(q) ||
c.tags?.some((t) => t.toLowerCase().includes(q)),
);
}
/** Check if a group has any matching connections (for search filtering). */
function groupHasResults(groupId: number): boolean {
return (connectionsByGroupMap.value[groupId]?.length ?? 0) > 0;
return connectionsByGroup(groupId).length > 0;
}
/** Load connections from the Rust backend. */
@ -112,7 +101,6 @@ export const useConnectionStore = defineStore("connection", () => {
groups,
searchQuery,
filteredConnections,
connectionsByGroupMap,
connectionsByGroup,
groupHasResults,
loadConnections,

159
src/stores/session.store.ts
View File

@ -2,7 +2,6 @@ import { defineStore } from "pinia";
import { ref, computed } from "vue";
import { invoke } from "@tauri-apps/api/core";
import { listen } from "@tauri-apps/api/event";
import type { UnlistenFn } from "@tauri-apps/api/event";
import { useConnectionStore } from "@/stores/connection.store";
import type { ThemeDefinition } from "@/components/common/ThemePicker.vue";
@ -40,14 +39,10 @@ export const useSessionStore = defineStore("session", () => {
const sessionCount = computed(() => sessions.value.length);
const sessionUnlisteners = new Map<string, Array<UnlistenFn>>();
// Listen for backend close/exit events to update session status
async function setupStatusListeners(sessionId: string): Promise<void> {
const unlisteners: UnlistenFn[] = [];
unlisteners.push(await listen(`ssh:close:${sessionId}`, () => markDisconnected(sessionId)));
unlisteners.push(await listen(`ssh:exit:${sessionId}`, () => markDisconnected(sessionId)));
sessionUnlisteners.set(sessionId, unlisteners);
function setupStatusListeners(sessionId: string): void {
listen(`ssh:close:${sessionId}`, () => markDisconnected(sessionId));
listen(`ssh:exit:${sessionId}`, () => markDisconnected(sessionId));
}
function markDisconnected(sessionId: string): void {
@ -97,12 +92,6 @@ export const useSessionStore = defineStore("session", () => {
console.error("Failed to disconnect session:", err);
}
const unlisteners = sessionUnlisteners.get(id);
if (unlisteners) {
unlisteners.forEach((fn) => fn());
sessionUnlisteners.delete(id);
}
sessions.value.splice(idx, 1);
if (activeSessionId.value === id) {
@ -126,31 +115,38 @@ export const useSessionStore = defineStore("session", () => {
return count === 0 ? baseName : `${baseName} (${count + 1})`;
}
type CredentialRow = { id: number; name: string; username: string | null; domain?: string | null; credentialType: string; sshKeyId: number | null };
/**
* Connect to a server by connection ID.
* Multiple sessions to the same host are allowed (MobaXTerm-style).
* Each gets its own tab with a disambiguated name like "Asgard (2)".
*
* For Tauri: we must resolve the connection details ourselves and pass
* hostname/port/username/password directly to connect_ssh, because the
* Rust side has no knowledge of connection IDs the vault owns credentials.
*/
async function connect(connectionId: number): Promise<void> {
const connectionStore = useConnectionStore();
const conn = connectionStore.connections.find((c) => c.id === connectionId);
if (!conn) return;
async function resolveCredentials(credentialId: number): Promise<CredentialRow | null> {
connecting.value = true;
try {
const allCreds = await invoke<CredentialRow[]>("list_credentials");
return allCreds.find((c) => c.id === credentialId) ?? null;
} catch (credErr) {
console.warn("Failed to resolve credential:", credErr);
return null;
}
}
async function connectSsh(
conn: { id: number; name: string; hostname: string; port: number; credentialId?: number | null },
connectionId: number,
): Promise<void> {
if (conn.protocol === "ssh") {
let sessionId: string;
let resolvedUsername = "";
let resolvedPassword = "";
// If connection has a linked credential, decrypt it from the vault
if (conn.credentialId) {
const cred = await resolveCredentials(conn.credentialId);
try {
const allCreds = await invoke<{ id: number; name: string; username: string | null; credentialType: string; sshKeyId: number | null }[]>("list_credentials");
const cred = allCreds.find((c) => c.id === conn.credentialId);
if (cred) {
resolvedUsername = cred.username ?? "";
if (cred.credentialType === "ssh_key" && cred.sshKeyId) {
// SSH key auth — decrypt key from vault
const [privateKey, passphrase] = await invoke<[string, string]>("decrypt_ssh_key", { sshKeyId: cred.sshKeyId });
sessionId = await invoke<string>("connect_ssh_with_key", {
hostname: conn.hostname,
@ -161,6 +157,7 @@ export const useSessionStore = defineStore("session", () => {
cols: 120,
rows: 40,
});
sessions.value.push({
id: sessionId,
connectionId,
@ -173,15 +170,22 @@ export const useSessionStore = defineStore("session", () => {
});
setupStatusListeners(sessionId);
activeSessionId.value = sessionId;
return;
return; // early return — key auth handled
} else {
// Password auth — decrypt password from vault
resolvedPassword = await invoke<string>("decrypt_password", { credentialId: cred.id });
}
}
} catch (credErr) {
console.warn("Failed to resolve credential, will prompt:", credErr);
}
}
try {
if (!resolvedUsername) throw new Error("NO_CREDENTIALS");
if (!resolvedUsername) {
// No credential linked — prompt immediately
throw new Error("NO_CREDENTIALS");
}
sessionId = await invoke<string>("connect_ssh", {
hostname: conn.hostname,
port: conn.port,
@ -191,13 +195,20 @@ export const useSessionStore = defineStore("session", () => {
rows: 40,
});
} catch (sshErr: unknown) {
const errMsg = sshErr instanceof Error ? sshErr.message : typeof sshErr === "string" ? sshErr : String(sshErr);
const errMsg = sshErr instanceof Error
? sshErr.message
: typeof sshErr === "string"
? sshErr
: String(sshErr);
// If no credentials or auth failed, prompt for username/password
const errLower = errMsg.toLowerCase();
if (errLower.includes("no_credentials") || errLower.includes("unable to authenticate") || errLower.includes("authentication") || errLower.includes("rejected")) {
const username = window.prompt(`Username for ${conn.hostname}:`, resolvedUsername || "root");
if (!username) throw new Error("Connection cancelled");
const password = window.prompt(`Password for ${username}@${conn.hostname}:`);
if (password === null) throw new Error("Connection cancelled");
resolvedUsername = username;
sessionId = await invoke<string>("connect_ssh", {
hostname: conn.hostname,
@ -224,25 +235,27 @@ export const useSessionStore = defineStore("session", () => {
});
setupStatusListeners(sessionId);
activeSessionId.value = sessionId;
}
async function connectRdp(
conn: { id: number; name: string; hostname: string; port: number; credentialId?: number | null; options?: string },
connectionId: number,
): Promise<void> {
} else if (conn.protocol === "rdp") {
let username = "";
let password = "";
let domain = "";
// Try vault credentials first (same as SSH path)
if (conn.credentialId) {
const cred = await resolveCredentials(conn.credentialId);
try {
const allCreds = await invoke<{ id: number; name: string; username: string | null; domain: string | null; credentialType: string; sshKeyId: number | null }[]>("list_credentials");
const cred = allCreds.find((c) => c.id === conn.credentialId);
if (cred && cred.credentialType === "password") {
username = cred.username ?? "";
domain = cred.domain ?? "";
password = await invoke<string>("decrypt_password", { credentialId: cred.id });
}
} catch (credErr) {
console.warn("Failed to resolve RDP credential from vault:", credErr);
}
}
// Fall back to connection options JSON if vault didn't provide creds
if (!username && conn.options) {
try {
const opts = JSON.parse(conn.options);
@ -257,19 +270,53 @@ export const useSessionStore = defineStore("session", () => {
let sessionId: string;
try {
sessionId = await invoke<string>("connect_rdp", {
config: { hostname: conn.hostname, port: conn.port, username, password, domain, width: 1920, height: 1080 },
config: {
hostname: conn.hostname,
port: conn.port,
username,
password,
domain,
width: 1920,
height: 1080,
},
});
} catch (rdpErr: unknown) {
const errMsg = rdpErr instanceof Error ? rdpErr.message : typeof rdpErr === "string" ? rdpErr : String(rdpErr);
if (errMsg.includes("NO_CREDENTIALS") || errMsg.includes("authentication") || errMsg.includes("logon failure")) {
const promptedUsername = prompt(`Username for ${conn.hostname}:`, "Administrator");
const errMsg =
rdpErr instanceof Error
? rdpErr.message
: typeof rdpErr === "string"
? rdpErr
: String(rdpErr);
// If credentials are missing or rejected, prompt the operator
if (
errMsg.includes("NO_CREDENTIALS") ||
errMsg.includes("authentication") ||
errMsg.includes("logon failure")
) {
const promptedUsername = prompt(
`Username for ${conn.hostname}:`,
"Administrator",
);
if (!promptedUsername) throw new Error("Connection cancelled");
const promptedPassword = prompt(`Password for ${promptedUsername}@${conn.hostname}:`);
const promptedPassword = prompt(
`Password for ${promptedUsername}@${conn.hostname}:`,
);
if (promptedPassword === null) throw new Error("Connection cancelled");
const promptedDomain = prompt(`Domain (leave blank if none):`, "") ?? "";
username = promptedUsername;
sessionId = await invoke<string>("connect_rdp", {
config: { hostname: conn.hostname, port: conn.port, username: promptedUsername, password: promptedPassword, domain: promptedDomain, width: 1920, height: 1080 },
config: {
hostname: conn.hostname,
port: conn.port,
username: promptedUsername,
password: promptedPassword,
domain: promptedDomain,
width: 1920,
height: 1080,
},
});
} else {
throw rdpErr;
@ -288,28 +335,11 @@ export const useSessionStore = defineStore("session", () => {
});
activeSessionId.value = sessionId;
}
/**
* Connect to a server by connection ID.
* Multiple sessions to the same host are allowed (MobaXTerm-style).
* Each gets its own tab with a disambiguated name like "Asgard (2)".
*/
async function connect(connectionId: number): Promise<void> {
const connectionStore = useConnectionStore();
const conn = connectionStore.connections.find((c) => c.id === connectionId);
if (!conn) return;
connecting.value = true;
try {
if (conn.protocol === "ssh") {
await connectSsh(conn, connectionId);
} else if (conn.protocol === "rdp") {
await connectRdp(conn, connectionId);
}
} catch (err: unknown) {
const msg = err instanceof Error ? err.message : typeof err === "string" ? err : String(err);
console.error("Connection failed:", msg);
lastError.value = msg;
// Show error as native alert so it's visible without DevTools
alert(`Connection failed: ${msg}`);
} finally {
connecting.value = false;
@ -336,8 +366,7 @@ export const useSessionStore = defineStore("session", () => {
});
// Listen for PTY close
const unlistenPty = await listen(`pty:close:${sessionId}`, () => markDisconnected(sessionId));
sessionUnlisteners.set(sessionId, [unlistenPty]);
listen(`pty:close:${sessionId}`, () => markDisconnected(sessionId));
activeSessionId.value = sessionId;
} catch (err: unknown) {

18
vite.config.ts
View File

@ -1,20 +1,10 @@
import { defineConfig, type Plugin } from "vite";
import { defineConfig } from "vite";
import vue from "@vitejs/plugin-vue";
import tailwindcss from "@tailwindcss/vite";
import { resolve } from "path";
/** Strip crossorigin attribute from HTML — WKWebView + Tauri custom protocol compatibility. */
function stripCrossOrigin(): Plugin {
return {
name: "strip-crossorigin",
transformIndexHtml(html) {
return html.replace(/ crossorigin/g, "");
},
};
}
export default defineConfig({
plugins: [vue(), tailwindcss(), stripCrossOrigin()],
plugins: [vue(), tailwindcss()],
resolve: {
alias: {
"@": resolve(__dirname, "src"),
@ -33,9 +23,5 @@ export default defineConfig({
target: ["es2021", "chrome100", "safari13"],
minify: !process.env.TAURI_DEBUG ? "esbuild" : false,
sourcemap: !!process.env.TAURI_DEBUG,
// Disable crossorigin attribute on script/link tags — WKWebView on
// macOS may reject CORS-mode requests for Tauri's custom tauri://
// protocol in dynamically created child WebviewWindows.
crossOriginLoading: false,
},
});