m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fea5174e9ecdad214fd99fb343a401214ebc1bce
rdp-proxy/README.md
T
m 8ba0561f4f Initial project snapshot
2026-04-28 22:29:50 +03:00

4.5 KiB
Raw Blame History

Remote Access Platform

Production-oriented Secure Access Fabric platform.

The project started as an RDP proxy, but the target architecture is broader:

  • multi-tenant control plane
  • direct realtime data plane
  • service adapters for RDP now and VNC/SSH/VPN/file/video later
  • native Access Clients
  • future secure mesh / node-agent / updater / connector model

RDP is the first proven service baseline. RDP work is currently paused by product decision while the project moves to the Secure Access Fabric platform-core foundation: clusters, node enrollment, node-agent identity, role assignments, and platform administration.

Current Baseline

  • Backend: Go control plane with PostgreSQL as source of truth and Redis for live coordination/routing only.
  • Worker: active C++ RDP Adapter worker based on FreeRDP.
  • Windows client: C# / WPF native Access Client.
  • Data plane: direct worker WSS for realtime RDP when available, backend WebSocket gateway retained as fallback/debug.
  • Current test Docker host: docker-test / 192.168.200.61.
  • Current test Docker deployment for Stage 5.2 proof: rap-backend-smoke:stage5-2-download and rap-rdp-worker:stage5-2-download.

See the current audit and baseline matrix before starting new work:

  • docs/audits/PROJECT_AUDIT_2026-04-26.md
  • docs/audits/CURRENT_BASELINE_MATRIX.md

Proven RDP Capabilities

  • real RDP connect through worker
  • active/detach/reattach/takeover/terminate lifecycle
  • takeover without remote session recreation
  • worker-death/orphan-active-session recovery
  • direct worker WSS data plane
  • binary direct render frames
  • backend gateway JSON/base64 fallback
  • Windows client rendering and input
  • text clipboard with policy enforcement
  • client-to-server file upload into controlled worker storage
  • restricted transfer-drive visibility through RAP_Transfers, runtime-proven
  • server-to-client file download implementation through RAP_Transfers\ToClient; core direct/fallback data path is runtime-proven, lifecycle blocking is runtime-proven, and manual desktop UI acceptance remains pending

Repository Structure

  • backend/ - Go control plane
  • workers/rdp-worker/ - active C++ RDP Adapter worker
  • workers/rdp-service-csharp/ - inactive research scaffold, not current runtime
  • clients/windows/ - Windows native Access Client
  • docs/architecture/ - target and staged architecture documents
  • docs/codex/ - current Codex status and next-step prompts
  • docs/audits/ - current audits and baseline matrices
  • scripts/ - smoke and helper scripts
  • deploy/ - deployment assets
  • web-admin/ - future/admin UI area

Read Order

  1. CODEX_CONTEXT.md
  2. docs/audits/PROJECT_AUDIT_2026-04-26.md
  3. docs/audits/CURRENT_BASELINE_MATRIX.md
  4. docs/codex/CURRENT_STATUS.md
  5. docs/codex/ARCHITECTURE_GUARDRAILS.md
  6. docs/architecture/RDP_ADAPTER_RUNTIME.md
  7. docs/architecture/DATA_PLANE_V1.md
  8. docs/architecture/CLUSTER_NODE_ADMIN_FOUNDATION.md
  9. docs/codex/NEXT_STEP_PROMPT.md

Do not use docs/_legacy_v1 for implementation decisions. Legacy files are historical reference only.

Current Next Step

RDP work is paused. Platform-core stages C1-C9 are implemented and verified: cluster/node model foundation, node enrollment hardening, native rap-node-agent MVP, Platform Admin Console MVP, service workload supervision contract, mesh control-plane preparation, Mesh MVP skeleton, multi-cluster hardening, and organization admin foundation.

Planning baseline:

  • docs/architecture/CLUSTER_NODE_ADMIN_FOUNDATION.md
  • artifacts/c1-cluster-node-foundation-report.md
  • artifacts/c2-node-enrollment-hardening-report.md
  • artifacts/c3-rap-node-agent-mvp-report.md
  • artifacts/c4-platform-admin-console-report.md
  • artifacts/c5-service-workload-supervision-contract-report.md
  • artifacts/c6-mesh-control-plane-preparation-report.md
  • artifacts/c7-mesh-mvp-skeleton-report.md
  • artifacts/c8-multi-cluster-hardening-report.md
  • artifacts/c9-organization-admin-foundation-report.md

Stage C1 implemented the backend foundation for:

  • explicit clusters
  • cluster memberships
  • node join tokens with hashed tokens only
  • node join requests
  • node identity/certificate metadata
  • node role assignments
  • node heartbeat/latest health
  • cluster audit events
  • safe migration/backfill of existing node data into a default cluster

Recommended next step is a decision between platform auth hardening for web-admin, node PKI hardening, node-agent runtime hardening, mesh runtime DP-0, or returning to paused RDP work.

Do not start all continuation paths at once.

Reference in New Issue View Git Blame Copy Permalink