vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity
d05639ef4c
wraith/docs/FUTURE-FEATURES.md
Vantz Stockwell b11efce6ed feat(security): Argon2id key derivation for vault encryption 
BREAKING CHANGE (forward-only): New credentials/keys encrypted with v2
(Argon2id-derived AES-256-GCM). Existing v1 records decrypt transparently.

- Argon2id params: 64 MiB memory, 3 iterations, 4 parallelism (OWASP)
- Per-record 16-byte salt stored in ciphertext format
- v2 format: v2:<salt>:<iv>:<authTag>:<ciphertext>
- Backwards compatible: v1 records still decrypt with raw key
- Admin endpoint POST /api/credentials/migrate-v2 upgrades all v1→v2
- Added docs/FUTURE-FEATURES.md with remaining spec gaps

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 13:40:41 -04:00

2.6 KiB
Raw Blame History

Vigilance Remote — Future Features

Remaining spec items not yet built. Foundation is solid — all items below are additive, no rearchitecting required.

Priority 1 — Power User

  1. Split panes — Horizontal and vertical splits within a single tab (xterm.js instances in a flex grid)
  2. Session recording/playback — asciinema-compatible casts for SSH, Guacamole native for RDP. Replay in browser. Audit trail for MSP compliance.
  3. Saved snippets/macros — Quick-execute saved commands/scripts. Click to paste into active terminal.

Priority 2 — MSP / Enterprise

  1. Jump hosts / bastion — Configure SSH proxy/jump hosts for reaching targets behind firewalls (ProxyJump chain support)
  2. Port forwarding manager — Graphical SSH tunnel manager: local, remote, and dynamic forwarding
  3. Entra ID SSO — One-click Microsoft Entra ID integration (same pattern as Vigilance HQ)
  4. Client-scoped access — MSP multi-tenancy: technicians see only the hosts for clients they're assigned to
  5. Shared connections — Admins define connection templates. Technicians connect without seeing credentials.

Priority 3 — Audit & Compliance

  1. Command-level audit logging — Every command, file transfer logged with user, timestamp, duration (currently connection-level only)
  2. Session sharing — Share a live terminal session with a colleague (read-only or collaborative)

Priority 4 — File Transfer

  1. Dual-pane SFTP — Optional second SFTP panel for server-to-server file operations (drag between panels)
  2. Transfer queue — Background upload/download queue with progress bars, pause/resume, retry

Priority 5 — RDP Enhancements

  1. Multi-monitor RDP — Support for multiple virtual displays
  2. RDP file transfer — Upload/download via Guacamole's built-in drive redirection

Priority 6 — Auth Hardening

  1. FIDO2 / hardware key auth — WebAuthn support for login and SSH
  2. SSH agent forwarding — Forward local SSH agent to remote host

Already Built (exceeds spec)

  • SSH terminal (xterm.js + ssh2 + WebSocket proxy + WebGL)
  • RDP (guacd + guacamole-common-js + display.scale())
  • SFTP sidebar (auto-open, CWD following via OSC 7, drag-and-drop upload)
  • Monaco file editor (fullscreen overlay with syntax highlighting)
  • Connection manager (hosts, groups, quick connect, search, tags, colors)
  • Credential vault (AES-256-GCM + Argon2id key derivation)
  • Multi-tab sessions + Home navigation
  • Terminal theming (6+ themes with visual picker)
  • Multi-user with admin/user roles + per-user data isolation
  • User management admin UI