vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity
587b5396fd
wraith/docs/FUTURE-FEATURES.md
Vantz Stockwell b11efce6ed feat(security): Argon2id key derivation for vault encryption 
BREAKING CHANGE (forward-only): New credentials/keys encrypted with v2
(Argon2id-derived AES-256-GCM). Existing v1 records decrypt transparently.

- Argon2id params: 64 MiB memory, 3 iterations, 4 parallelism (OWASP)
- Per-record 16-byte salt stored in ciphertext format
- v2 format: v2:<salt>:<iv>:<authTag>:<ciphertext>
- Backwards compatible: v1 records still decrypt with raw key
- Admin endpoint POST /api/credentials/migrate-v2 upgrades all v1→v2
- Added docs/FUTURE-FEATURES.md with remaining spec gaps

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 13:40:41 -04:00

55 lines
2.6 KiB
Markdown
Raw Blame History

# Vigilance Remote — Future Features
Remaining spec items not yet built. Foundation is solid — all items below are additive, no rearchitecting required.
---
## Priority 1 — Power User
1. **Split panes** — Horizontal and vertical splits within a single tab (xterm.js instances in a flex grid)
2. **Session recording/playback** — asciinema-compatible casts for SSH, Guacamole native for RDP. Replay in browser. Audit trail for MSP compliance.
3. **Saved snippets/macros** — Quick-execute saved commands/scripts. Click to paste into active terminal.
## Priority 2 — MSP / Enterprise
4. **Jump hosts / bastion** — Configure SSH proxy/jump hosts for reaching targets behind firewalls (ProxyJump chain support)
5. **Port forwarding manager** — Graphical SSH tunnel manager: local, remote, and dynamic forwarding
6. **Entra ID SSO** — One-click Microsoft Entra ID integration (same pattern as Vigilance HQ)
7. **Client-scoped access** — MSP multi-tenancy: technicians see only the hosts for clients they're assigned to
8. **Shared connections** — Admins define connection templates. Technicians connect without seeing credentials.
## Priority 3 — Audit & Compliance
9. **Command-level audit logging** — Every command, file transfer logged with user, timestamp, duration (currently connection-level only)
10. **Session sharing** — Share a live terminal session with a colleague (read-only or collaborative)
## Priority 4 — File Transfer
11. **Dual-pane SFTP** — Optional second SFTP panel for server-to-server file operations (drag between panels)
12. **Transfer queue** — Background upload/download queue with progress bars, pause/resume, retry
## Priority 5 — RDP Enhancements
13. **Multi-monitor RDP** — Support for multiple virtual displays
14. **RDP file transfer** — Upload/download via Guacamole's built-in drive redirection
## Priority 6 — Auth Hardening
15. **FIDO2 / hardware key auth** — WebAuthn support for login and SSH
16. **SSH agent forwarding** — Forward local SSH agent to remote host
---
## Already Built (exceeds spec)
- SSH terminal (xterm.js + ssh2 + WebSocket proxy + WebGL)
- RDP (guacd + guacamole-common-js + display.scale())
- SFTP sidebar (auto-open, CWD following via OSC 7, drag-and-drop upload)
- Monaco file editor (fullscreen overlay with syntax highlighting)
- Connection manager (hosts, groups, quick connect, search, tags, colors)
- Credential vault (AES-256-GCM + **Argon2id key derivation**)
- Multi-tab sessions + Home navigation
- Terminal theming (6+ themes with visual picker)
- Multi-user with admin/user roles + per-user data isolation
- User management admin UI
Reference in New Issue View Git Blame Copy Permalink