SYSTEM OVERVIEW

Client -> Proxy (custom protocol)
Proxy -> RDP servers (FreeRDP)

CORE FEATURES
- Persistent sessions
- Reconnect / takeover
- No direct client-server access
- Multi-session
- Clipboard + file transfer
- Quality profiles

SESSION RULES
- Session lives on server
- Client disconnect does NOT terminate session
- Reattach allowed from any trusted device
- Single active controller per session

COMPONENTS
- API Gateway (Go)
- Auth Service
- Resource Service
- Session Broker
- Session Gateway (WebSocket)
- RDP Worker (C++ + FreeRDP)

DATABASE ENTITIES
- users
- devices
- resources
- sessions
- secrets
- audit logs

PROTOCOL
- REST for control
- WebSocket for session stream

SECURITY
- MFA
- encrypted secrets
- no direct RDP exposure
- trusted devices

RENDERING
- region updates (NOT full screenshots)
- adaptive quality
- bandwidth profiles

GOAL
User works as if sitting at remote machine.