sam/dev_arc_aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dev_arc_aws/src/App.tsx

126 lines
4.8 KiB
TypeScript
Raw Normal View History

update
2026-06-18 08:14:00 -04:00
import { useState } from 'react'
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
import { Routes, Route, useLocation } from 'react-router-dom'
update
2026-06-18 08:14:00 -04:00
import Sidebar from './components/Sidebar'
import TopBar from './components/TopBar'
Add client-side routing and build Infrastructure page Wires up react-router-dom so the sidebar nav actually navigates between pages, with route-aware active highlighting and dynamic page titles. Extracts Glance content into its own page component and adds a new Infrastructure page matching the mockup: status cards, resource distribution/cost breakdown donuts, infra map, top resources by utilization, resource trend chart, recent activity, and footer stats.
2026-06-18 16:15:34 +00:00
import Glance from './pages/Glance'
import Infrastructure from './pages/Infrastructure'
Fix lucide-react icon export errors in BookNest page
2026-06-18 18:10:16 +00:00
import BookNest from './pages/BookNest'
Add Phase 1a: core SSH terminal (Termix migration) Implements the minimal-viable terminal described in TERMIX_MIGRATION.md Phase 1a: a real interactive SSH session in the browser over a WebSocket, using xterm.js on the frontend and ssh2 on the backend. Reuses ArchNest's existing SSH integrations (host/port/username/ password/privateKey/passphrase) instead of introducing a second, duplicate host-management system the way Termix has one. Backend: new /api/terminal WebSocket route (registered via @fastify/websocket) handling connect/input/resize/disconnect messages, authenticated via a JWT passed as a query param (browsers can't set custom headers on the WS handshake). Extracted the integration secret loader out of routes/integrations.ts into db/secrets.ts so the new terminal route can reuse it without duplicating the decrypt logic. Frontend: new Terminal.tsx page listing configured SSH hosts and rendering an xterm.js terminal wired to the WebSocket; wired into App.tsx at /terminal. vite.config.ts's dev proxy now forwards WebSocket upgrades (ws: true) so this works under `npm run dev`. Verified end-to-end against a real (test) ssh2-based SSH server: connect, shell banner, keystroke echo, and prompt redraw all worked correctly over the actual WebSocket protocol. Deliberately deferred to Phase 1b/1c per the migration doc: jump-host chaining, tab/split-pane UI, terminal theme/font settings, OPKSSH cert auth, tmux session monitor, session recording. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 10:52:04 +00:00
import Terminal from './pages/Terminal'
Phase 2: SSH tunnels (local/remote/dynamic SOCKS5 port forwarding) - backend/src/ssh/connect.ts: extracted shared SSH-connect logic (jump-host chaining, TOFU host-key verification) out of terminal.ts so tunnels can reuse it. - backend/src/tunnels/manager.ts + socks5.ts: in-memory tunnel runtime manager supporting local forward (forwardOut), remote forward (forwardIn), and dynamic SOCKS5 proxying, with automatic reconnect/retry and an auto-start-on-boot option. New `tunnels` table persists configs as the saved presets. - backend/src/routes/tunnels.ts: REST CRUD + connect/disconnect. - src/pages/Tunnels.tsx: new /tunnels page (sidebar entry added) to create, start/stop, and delete tunnels with live status polling. - Verified end-to-end against a real ssh2 test server handling real forwardOut/forwardIn requests and a real upstream TCP echo server - all three tunnel modes moved real data, and disconnect correctly tore down the local listener. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 11:40:59 +00:00
import Tunnels from './pages/Tunnels'
Phase 3: remote file manager (SFTP list/edit/upload/download/rename/delete/chmod) Ephemeral per-request SFTP connections, whole-file-in-memory view/edit with a 50MB cap and binary detection, streaming download for files of any size, multipart upload. No sudo/permission-elevation or server-to-server transfer in this pass (documented gaps, matching Termix's own scope for the latter). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 11:56:04 +00:00
import Files from './pages/Files'
Phase 4: Docker container management (REST CRUD/actions/stats/logs + exec terminal) Extends the existing Engine-API-based docker integration adapter rather than porting Termix's SSH+CLI approach, since ArchNest's docker integrations only ever configure a baseUrl. Adds backend/src/docker/{client,exec}.ts and backend/src/routes/docker.ts (REST + websocket exec-terminal via raw socket hijack), and a new Containers page wired into the sidebar/router. Verified end-to-end against a real dockerd instance and a real container in this sandbox, which caught and fixed a genuine bug: calling /exec/{id}/resize before starting the exec hangs the daemon indefinitely; fixed by setting the initial size via ConsoleSize at exec-create time instead.
2026-06-19 12:28:30 +00:00
import Containers from './pages/Containers'
Phase 5: RDP/VNC/Telnet remote desktop via guacamole-lite + guacd Adds a remote_desktop integration type and a /api/guacamole websocket route that drives guacamole-lite's ClientConnection directly (bypassing its Server class, which would otherwise attach an unfiltered upgrade listener that conflicts with the existing @fastify/websocket routes). The frontend RemoteDesktop page renders the Guacamole protocol stream via guacamole-common-js. Verified end-to-end against a real guacd and VNC server, including in an actual browser session. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 15:25:10 +00:00
import RemoteDesktop from './pages/RemoteDesktop'
Add host metrics widgets (Phase 6): CPU/mem/disk/network/processes/ports/firewall/login dashboard Ports Termix's per-host metrics collector logic onto ArchNest's own SSH connection helpers (not its multi-user/cache/session scaffolding), exposed via a new authenticated REST endpoint and a dedicated /host-metrics page with client-side polling. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 15:38:30 +00:00
import HostMetrics from './pages/HostMetrics'
Add Settings page with Profile, Appearance, Integrations, Notifications, Data & Backup, About sections
2026-06-18 18:44:26 +00:00
import Settings from './pages/Settings'
Fix favicon, dark select dropdowns, add brand bookmark icons and Help page - Replace mislabeled Vite-logo favicon.svg with proper ArchNest mark extracted from the logo, generated at 32/48/256px PNGs - Force native <select>/<option> elements to render with the dark theme (color-scheme + explicit colors) so options are readable - Auto-detect real brand/service icons for bookmarks (AWS, Proxmox, Azure, Docker, etc.) via the dashboard-icons CDN, with manual override and graceful fallback to lucide icons - Add a Help page with a guided tour of every page, linked from the sidebar, top-bar search, and the user dropdown menu
2026-06-19 21:13:32 +00:00
import Help from './pages/Help'
Add enrollment, login, and auth-gated routing to the frontend - New AuthContext drives app state (loading/needs-setup/enrolling/ logged-out/logged-in) by checking GET /api/system/setup-status and GET /api/auth/me on load; JWT stored in localStorage - Enrollment page: step 1 creates the admin account via POST /api/setup, step 2 lets you connect integrations (or skip) before entering the app - Login page for returning sessions; TopBar's Sign Out now calls logout() instead of being a dead link - Verified end-to-end in a browser: fresh setup -> connect/skip -> dashboard, reload persists the session, sign out -> login -> back in Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-18 19:13:27 +00:00
import Login from './pages/Login'
import Enrollment from './pages/Enrollment'
Add mesh prerequisite gate (#33) * Add mesh prerequisite gate (NetBird verification before app config) Implements the design in docs/mesh-prerequisite-gate.md per the user's DECIDE A-D answers: a permanent admin override, B1 (reachable) verification with host mesh IP shown informationally, members allowed in with a notice instead of being blocked, and mesh.required defaulting off so the live production instance is unaffected. - system_config kv table + getConfig/setConfig helpers - /api/system/mesh-status, /mesh/verify, /mesh/override, /mesh/required - AuthContext gains a 'needs-mesh' status (admins only) and exposes meshStatus for a member-facing banner - MeshGate page reuses the integration create+test flow to connect NetBird * Make mesh verification universal (CIDR check, not NetBird-specific) Replace the NetBird-adapter-based "reachable" check with a vendor-agnostic one: the admin supplies the mesh's IP range (CIDR), and verification just confirms this host has an address inside it. Works identically for NetBird, WireGuard, ZeroTier, Tailscale, or any other mesh tech, with no integration record or vendor API call required. * Add reachability fallback for routed meshes (VPC peering, etc.) A host can be on the mesh's "side" of a routed network (e.g. a VPC peered into a NetBird/WireGuard mesh) without holding a local IP in the mesh's own CIDR. Local-IP-in-CIDR stays the primary check; if it fails, the admin can supply a known peer/gateway IP on the mesh and we verify by pinging it instead. Adds iputils to the backend image for the ping binary. --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-06-20 17:30:46 -04:00
import MeshGate from './pages/MeshGate'
Add enrollment, login, and auth-gated routing to the frontend - New AuthContext drives app state (loading/needs-setup/enrolling/ logged-out/logged-in) by checking GET /api/system/setup-status and GET /api/auth/me on load; JWT stored in localStorage - Enrollment page: step 1 creates the admin account via POST /api/setup, step 2 lets you connect integrations (or skip) before entering the app - Login page for returning sessions; TopBar's Sign Out now calls logout() instead of being a dead link - Verified end-to-end in a browser: fresh setup -> connect/skip -> dashboard, reload persists the session, sign out -> login -> back in Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-18 19:13:27 +00:00
import { useAuth } from './lib/AuthContext'
update
2026-06-18 08:14:00 -04:00
function App() {
Add enrollment, login, and auth-gated routing to the frontend - New AuthContext drives app state (loading/needs-setup/enrolling/ logged-out/logged-in) by checking GET /api/system/setup-status and GET /api/auth/me on load; JWT stored in localStorage - Enrollment page: step 1 creates the admin account via POST /api/setup, step 2 lets you connect integrations (or skip) before entering the app - Login page for returning sessions; TopBar's Sign Out now calls logout() instead of being a dead link - Verified end-to-end in a browser: fresh setup -> connect/skip -> dashboard, reload persists the session, sign out -> login -> back in Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-18 19:13:27 +00:00
const { status } = useAuth()
if (status === 'loading') {
return (
<div className="flex h-screen w-screen items-center justify-center bg-page">
<p style={{ color: '#7A7D85', fontSize: '13px' }}>Loading</p>
</div>
)
}
if (status === 'needs-setup' || status === 'enrolling') return <Enrollment />
if (status === 'logged-out') return <Login />
Add mesh prerequisite gate (#33) * Add mesh prerequisite gate (NetBird verification before app config) Implements the design in docs/mesh-prerequisite-gate.md per the user's DECIDE A-D answers: a permanent admin override, B1 (reachable) verification with host mesh IP shown informationally, members allowed in with a notice instead of being blocked, and mesh.required defaulting off so the live production instance is unaffected. - system_config kv table + getConfig/setConfig helpers - /api/system/mesh-status, /mesh/verify, /mesh/override, /mesh/required - AuthContext gains a 'needs-mesh' status (admins only) and exposes meshStatus for a member-facing banner - MeshGate page reuses the integration create+test flow to connect NetBird * Make mesh verification universal (CIDR check, not NetBird-specific) Replace the NetBird-adapter-based "reachable" check with a vendor-agnostic one: the admin supplies the mesh's IP range (CIDR), and verification just confirms this host has an address inside it. Works identically for NetBird, WireGuard, ZeroTier, Tailscale, or any other mesh tech, with no integration record or vendor API call required. * Add reachability fallback for routed meshes (VPC peering, etc.) A host can be on the mesh's "side" of a routed network (e.g. a VPC peered into a NetBird/WireGuard mesh) without holding a local IP in the mesh's own CIDR. Local-IP-in-CIDR stays the primary check; if it fails, the admin can supply a known peer/gateway IP on the mesh and we verify by pinging it instead. Adds iputils to the backend image for the ping binary. --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-06-20 17:30:46 -04:00
if (status === 'needs-mesh') return <MeshGate />
Add enrollment, login, and auth-gated routing to the frontend - New AuthContext drives app state (loading/needs-setup/enrolling/ logged-out/logged-in) by checking GET /api/system/setup-status and GET /api/auth/me on load; JWT stored in localStorage - Enrollment page: step 1 creates the admin account via POST /api/setup, step 2 lets you connect integrations (or skip) before entering the app - Login page for returning sessions; TopBar's Sign Out now calls logout() instead of being a dead link - Verified end-to-end in a browser: fresh setup -> connect/skip -> dashboard, reload persists the session, sign out -> login -> back in Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-18 19:13:27 +00:00
return <Dashboard />
}
function Dashboard() {
Add mesh prerequisite gate (#33) * Add mesh prerequisite gate (NetBird verification before app config) Implements the design in docs/mesh-prerequisite-gate.md per the user's DECIDE A-D answers: a permanent admin override, B1 (reachable) verification with host mesh IP shown informationally, members allowed in with a notice instead of being blocked, and mesh.required defaulting off so the live production instance is unaffected. - system_config kv table + getConfig/setConfig helpers - /api/system/mesh-status, /mesh/verify, /mesh/override, /mesh/required - AuthContext gains a 'needs-mesh' status (admins only) and exposes meshStatus for a member-facing banner - MeshGate page reuses the integration create+test flow to connect NetBird * Make mesh verification universal (CIDR check, not NetBird-specific) Replace the NetBird-adapter-based "reachable" check with a vendor-agnostic one: the admin supplies the mesh's IP range (CIDR), and verification just confirms this host has an address inside it. Works identically for NetBird, WireGuard, ZeroTier, Tailscale, or any other mesh tech, with no integration record or vendor API call required. * Add reachability fallback for routed meshes (VPC peering, etc.) A host can be on the mesh's "side" of a routed network (e.g. a VPC peered into a NetBird/WireGuard mesh) without holding a local IP in the mesh's own CIDR. Local-IP-in-CIDR stays the primary check; if it fails, the admin can supply a known peer/gateway IP on the mesh and we verify by pinging it instead. Adds iputils to the backend image for the ping binary. --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-06-20 17:30:46 -04:00
const { user, meshStatus } = useAuth()
const showMeshNotice = !!meshStatus && meshStatus.required && !meshStatus.verified && !meshStatus.overridden && user?.role !== 'admin'
update
2026-06-18 08:14:00 -04:00
const [sidebarCollapsed, setSidebarCollapsed] = useState(false)
Widen sidebar and seamlessly blend hero banner into background Sidebar expanded width 140px -> 200px and collapsed 60px -> 64px to match mockup proportions. Hero banner now uses a fixed shorter height with object-fit cover, a bottom mask fade, and a radial vignette so its edges blend into the page background instead of sitting in a bordered box. KPI cards are now semi-transparent so the hero image bleeds through behind them. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-18 14:45:00 +00:00
const sidebarWidth = sidebarCollapsed ? 64 : 200
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
const location = useLocation()
Add hero banner blend and subtitle to BookNest page
2026-06-18 18:13:26 +00:00
const showHero = location.pathname === '/infrastructure' || location.pathname === '/booknest'
Align BookNest header layout closer to blueprint: stats under title, Quick Access label
2026-06-18 18:27:37 +00:00
const heroPaddingTop = location.pathname === '/booknest' ? '70px' : '72px'
Restructure BookNest hero header: bigger title, taller Favorites card, Add Bookmark button
2026-06-18 18:25:19 +00:00
const heroObjectPosition = location.pathname === '/booknest' ? '54% 8%' : 'center 5%'
const topBarHeight = location.pathname === '/booknest' ? 72 : 56
update
2026-06-18 08:14:00 -04:00
return (
<div className="min-h-screen w-screen overflow-hidden bg-page">
<Sidebar
collapsed={sidebarCollapsed}
onToggle={() => setSidebarCollapsed(!sidebarCollapsed)}
/>
<main
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
className="relative h-screen overflow-hidden"
update
2026-06-18 08:14:00 -04:00
style={{ marginLeft: `${sidebarWidth}px`, width: `calc(100vw - ${sidebarWidth}px)` }}
>
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
{showHero && (
<div className="pointer-events-none absolute left-0 right-0 top-0" style={{ height: '300px', zIndex: 0 }}>
<img
src="/archnest-hero-banner.png"
alt=""
className="absolute inset-0 h-full w-full"
style={{
objectFit: 'cover',
Restructure BookNest hero header: bigger title, taller Favorites card, Add Bookmark button
2026-06-18 18:25:19 +00:00
objectPosition: heroObjectPosition,
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
maskImage: 'linear-gradient(to bottom, black 0%, black 55%, transparent 100%)',
WebkitMaskImage: 'linear-gradient(to bottom, black 0%, black 55%, transparent 100%)',
}}
/>
<div
className="absolute inset-0"
style={{
background: 'radial-gradient(ellipse 70% 100% at center, transparent 40%, var(--color-page) 100%)',
}}
/>
</div>
)}
Fix page titles, dropdown stacking, bookmark editing, and button/select polish - Add missing pageTitles entries so Tunnels, Files, Containers, Remote Desktop, and Host Metrics no longer show "Glance" in the top bar - Raise the TopBar's stacking context above the page-content section so the user-menu dropdown no longer renders behind the hero banner - Support editing and deleting bookmarks (not just adding), via a shared BookmarkModal and per-row edit/delete actions in BookNest - Standardize <select> styling globally (gold-tinted border, hover/ focus glow) instead of three inconsistent inline style definitions - Widen cramped button padding/borders in Files and Containers
2026-06-19 21:34:04 +00:00
<div className="relative" style={{ zIndex: 20 }}>
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
<TopBar />
</div>
update
2026-06-18 08:14:00 -04:00
Add mesh prerequisite gate (#33) * Add mesh prerequisite gate (NetBird verification before app config) Implements the design in docs/mesh-prerequisite-gate.md per the user's DECIDE A-D answers: a permanent admin override, B1 (reachable) verification with host mesh IP shown informationally, members allowed in with a notice instead of being blocked, and mesh.required defaulting off so the live production instance is unaffected. - system_config kv table + getConfig/setConfig helpers - /api/system/mesh-status, /mesh/verify, /mesh/override, /mesh/required - AuthContext gains a 'needs-mesh' status (admins only) and exposes meshStatus for a member-facing banner - MeshGate page reuses the integration create+test flow to connect NetBird * Make mesh verification universal (CIDR check, not NetBird-specific) Replace the NetBird-adapter-based "reachable" check with a vendor-agnostic one: the admin supplies the mesh's IP range (CIDR), and verification just confirms this host has an address inside it. Works identically for NetBird, WireGuard, ZeroTier, Tailscale, or any other mesh tech, with no integration record or vendor API call required. * Add reachability fallback for routed meshes (VPC peering, etc.) A host can be on the mesh's "side" of a routed network (e.g. a VPC peered into a NetBird/WireGuard mesh) without holding a local IP in the mesh's own CIDR. Local-IP-in-CIDR stays the primary check; if it fails, the admin can supply a known peer/gateway IP on the mesh and we verify by pinging it instead. Adds iputils to the backend image for the ping binary. --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-06-20 17:30:46 -04:00
{showMeshNotice && (
<div
className="relative flex items-center justify-center"
style={{
zIndex: 20,
padding: '6px 16px',
backgroundColor: 'rgba(230,126,34,0.1)',
borderBottom: '1px solid rgba(230,126,34,0.2)',
fontSize: '11px',
color: '#E67E22',
}}
>
Mesh setup is still in progress an admin needs to finish verifying the network. Some features may be limited.
</div>
)}
update
2026-06-18 08:14:00 -04:00
<section
Extend Infrastructure hero banner to the top, overlapping the top bar Moves the hero rendering to the layout level so the banner shows the full golden arch and sky behind the page title, search bar, and sub-tabs row. TopBar and the search input backgrounds are now transparent so the banner reads through cleanly.
2026-06-18 16:50:06 +00:00
className="relative flex w-full flex-col overflow-hidden"
Restructure BookNest hero header: bigger title, taller Favorites card, Add Bookmark button
2026-06-18 18:25:19 +00:00
style={{ height: `calc(100vh - ${topBarHeight}px)`, scrollbarWidth: 'none', padding: showHero ? `${heroPaddingTop} 24px 24px 24px` : '16px 24px 24px 24px', gap: '20px', zIndex: 1 }}
update
2026-06-18 08:14:00 -04:00
>
Add client-side routing and build Infrastructure page Wires up react-router-dom so the sidebar nav actually navigates between pages, with route-aware active highlighting and dynamic page titles. Extracts Glance content into its own page component and adds a new Infrastructure page matching the mockup: status cards, resource distribution/cost breakdown donuts, infra map, top resources by utilization, resource trend chart, recent activity, and footer stats.
2026-06-18 16:15:34 +00:00
<Routes>
<Route path="/" element={<Glance />} />
<Route path="/infrastructure" element={<Infrastructure />} />
Fix lucide-react icon export errors in BookNest page
2026-06-18 18:10:16 +00:00
<Route path="/booknest" element={<BookNest />} />
Add Phase 1a: core SSH terminal (Termix migration) Implements the minimal-viable terminal described in TERMIX_MIGRATION.md Phase 1a: a real interactive SSH session in the browser over a WebSocket, using xterm.js on the frontend and ssh2 on the backend. Reuses ArchNest's existing SSH integrations (host/port/username/ password/privateKey/passphrase) instead of introducing a second, duplicate host-management system the way Termix has one. Backend: new /api/terminal WebSocket route (registered via @fastify/websocket) handling connect/input/resize/disconnect messages, authenticated via a JWT passed as a query param (browsers can't set custom headers on the WS handshake). Extracted the integration secret loader out of routes/integrations.ts into db/secrets.ts so the new terminal route can reuse it without duplicating the decrypt logic. Frontend: new Terminal.tsx page listing configured SSH hosts and rendering an xterm.js terminal wired to the WebSocket; wired into App.tsx at /terminal. vite.config.ts's dev proxy now forwards WebSocket upgrades (ws: true) so this works under `npm run dev`. Verified end-to-end against a real (test) ssh2-based SSH server: connect, shell banner, keystroke echo, and prompt redraw all worked correctly over the actual WebSocket protocol. Deliberately deferred to Phase 1b/1c per the migration doc: jump-host chaining, tab/split-pane UI, terminal theme/font settings, OPKSSH cert auth, tmux session monitor, session recording. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 10:52:04 +00:00
<Route path="/terminal" element={<Terminal />} />
Phase 2: SSH tunnels (local/remote/dynamic SOCKS5 port forwarding) - backend/src/ssh/connect.ts: extracted shared SSH-connect logic (jump-host chaining, TOFU host-key verification) out of terminal.ts so tunnels can reuse it. - backend/src/tunnels/manager.ts + socks5.ts: in-memory tunnel runtime manager supporting local forward (forwardOut), remote forward (forwardIn), and dynamic SOCKS5 proxying, with automatic reconnect/retry and an auto-start-on-boot option. New `tunnels` table persists configs as the saved presets. - backend/src/routes/tunnels.ts: REST CRUD + connect/disconnect. - src/pages/Tunnels.tsx: new /tunnels page (sidebar entry added) to create, start/stop, and delete tunnels with live status polling. - Verified end-to-end against a real ssh2 test server handling real forwardOut/forwardIn requests and a real upstream TCP echo server - all three tunnel modes moved real data, and disconnect correctly tore down the local listener. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 11:40:59 +00:00
<Route path="/tunnels" element={<Tunnels />} />
Phase 3: remote file manager (SFTP list/edit/upload/download/rename/delete/chmod) Ephemeral per-request SFTP connections, whole-file-in-memory view/edit with a 50MB cap and binary detection, streaming download for files of any size, multipart upload. No sudo/permission-elevation or server-to-server transfer in this pass (documented gaps, matching Termix's own scope for the latter). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 11:56:04 +00:00
<Route path="/files" element={<Files />} />
Phase 4: Docker container management (REST CRUD/actions/stats/logs + exec terminal) Extends the existing Engine-API-based docker integration adapter rather than porting Termix's SSH+CLI approach, since ArchNest's docker integrations only ever configure a baseUrl. Adds backend/src/docker/{client,exec}.ts and backend/src/routes/docker.ts (REST + websocket exec-terminal via raw socket hijack), and a new Containers page wired into the sidebar/router. Verified end-to-end against a real dockerd instance and a real container in this sandbox, which caught and fixed a genuine bug: calling /exec/{id}/resize before starting the exec hangs the daemon indefinitely; fixed by setting the initial size via ConsoleSize at exec-create time instead.
2026-06-19 12:28:30 +00:00
<Route path="/containers" element={<Containers />} />
Phase 5: RDP/VNC/Telnet remote desktop via guacamole-lite + guacd Adds a remote_desktop integration type and a /api/guacamole websocket route that drives guacamole-lite's ClientConnection directly (bypassing its Server class, which would otherwise attach an unfiltered upgrade listener that conflicts with the existing @fastify/websocket routes). The frontend RemoteDesktop page renders the Guacamole protocol stream via guacamole-common-js. Verified end-to-end against a real guacd and VNC server, including in an actual browser session. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 15:25:10 +00:00
<Route path="/remote-desktop" element={<RemoteDesktop />} />
Add host metrics widgets (Phase 6): CPU/mem/disk/network/processes/ports/firewall/login dashboard Ports Termix's per-host metrics collector logic onto ArchNest's own SSH connection helpers (not its multi-user/cache/session scaffolding), exposed via a new authenticated REST endpoint and a dedicated /host-metrics page with client-side polling. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
2026-06-19 15:38:30 +00:00
<Route path="/host-metrics" element={<HostMetrics />} />
Add Settings page with Profile, Appearance, Integrations, Notifications, Data & Backup, About sections
2026-06-18 18:44:26 +00:00
<Route path="/settings" element={<Settings />} />
Fix favicon, dark select dropdowns, add brand bookmark icons and Help page - Replace mislabeled Vite-logo favicon.svg with proper ArchNest mark extracted from the logo, generated at 32/48/256px PNGs - Force native <select>/<option> elements to render with the dark theme (color-scheme + explicit colors) so options are readable - Auto-detect real brand/service icons for bookmarks (AWS, Proxmox, Azure, Docker, etc.) via the dashboard-icons CDN, with manual override and graceful fallback to lucide icons - Add a Help page with a guided tour of every page, linked from the sidebar, top-bar search, and the user dropdown menu
2026-06-19 21:13:32 +00:00
<Route path="/help" element={<Help />} />
Add client-side routing and build Infrastructure page Wires up react-router-dom so the sidebar nav actually navigates between pages, with route-aware active highlighting and dynamic page titles. Extracts Glance content into its own page component and adds a new Infrastructure page matching the mockup: status cards, resource distribution/cost breakdown donuts, infra map, top resources by utilization, resource trend chart, recent activity, and footer stats.
2026-06-18 16:15:34 +00:00
</Routes>
update
2026-06-18 08:14:00 -04:00
</section>
</main>
</div>
)
}
export default App
Reference in a new issue Copy permalink