v1.10.0 (#471)

* fix select edit host but not update view (#438) * fix: Checksum issue with chocolatey * fix: Remove homebrew old stuff * Add Korean translation (#439) Co-authored-by: 송준우 <2484@coreit.co.kr> * feat: Automate flatpak * fix: Add imagemagik to electron builder to resolve build error * fix: Build error with runtime repo flag * fix: Flatpak runtime error and install freedesktop ver warning * fix: Flatpak runtime error and install freedesktop ver warning * feat: Re-add homebrew cask and move scripts to backend * fix: No sandbox flag issue * fix: Change name for electron macos cask output * fix: Sandbox error with Linux * fix: Remove comming soon for app stores in readme * Adding Comment at the end of the public_key on the host on deploy (#440) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * -Add New Interface for Credential DB -Add Credential Name as a comment into the server authorized_key file --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Sudo auto fill password (#441) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Feature Sudo password auto-fill; * Fix locale json shema; --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Added Italian Language; (#445) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Added Italian Language; --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Auto collapse snippet folders (#448) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * feat: Add collapsable snippets (customizable in user profile) * Translations (#447) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Added Italian Language; * Fix translations; Removed duplicate keys, synchronised other languages using English as the source, translated added keys, fixed inaccurate translations. --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Remove PTY-level keepalive (#449) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Remove PTY-level keepalive to prevent unwanted terminal output; use SSH-level keepalive instead --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * feat: Seperate server stats and tunnel management (improved both UI's) then started initial docker implementation * fix: finalize adding docker to db * feat: Add docker management support (local squash) * Fix RBAC role system bugs and improve UX (#446) * Fix RBAC role system bugs and improve UX - Fix user list dropdown selection in host sharing - Fix role sharing permissions to include role-based access - Fix translation template interpolation for success messages - Standardize system roles to admin and user only - Auto-assign user role to new registrations - Remove blocking confirmation dialogs in modal contexts - Add missing i18n keys for common actions - Fix button type to prevent unintended form submissions * Enhance RBAC system with UI improvements and security fixes - Move role assignment to Users tab with per-user role management - Protect system roles (admin/user) from editing and manual assignment - Simplify permission system: remove Use level, keep View and Manage - Hide Update button and Sharing tab for view-only/shared hosts - Prevent users from sharing hosts with themselves - Unify table and modal styling across admin panels - Auto-assign system roles on user registration - Add permission metadata to host interface * Add empty state message for role assignment - Display helpful message when no custom roles available - Clarify that system roles are auto-assigned - Add noCustomRolesToAssign translation in English and Chinese * fix: Prevent credential sharing errors for shared hosts - Skip credential resolution for shared hosts with credential authentication to prevent decryption errors (credentials are encrypted per-user) - Add warning alert in sharing tab when host uses credential authentication - Inform users that shared users cannot connect to credential-based hosts - Add translations for credential sharing warning (EN/ZH) This prevents authentication failures when sharing hosts configured with credential authentication while maintaining security by keeping credentials isolated per user. * feat: Improve rbac UI and fixes some bugs --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com> * SOCKS5 support (#452) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * SOCKS5 support Adding single and chain socks5 proxy support * fix: cleanup files --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com> * Notes and Expiry fields add (#453) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Notes and Expiry add * fix: cleanup files --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com> * fix: ssh host types * fix: sudo incorrect styling and remove expiration date * feat: add sudo password and add diagonal bg's * fix: snippet running on enter key * fix: base64 decoding * fix: improve server stats / rbac * fix: wrap ssh host json export in hosts array * feat: auto trim host inputs, fix file manager jump hosts, dashboard prevent duplicates, file manager terminal not size updating, improve left sidebar sorting, hide/show tags, add apperance user profile tab, add new host manager tabs. * feat: improve terminal connection speed * fix: sqlite constriant errors and support non-root user (nginx perm issue) * feat: add beta syntax highlighing to terminal * feat: update imports and improve admin settings user management * chore: update translations * chore: update translations * feat: Complete light mode implementation with semantic theme system (#450) - Add comprehensive light/dark mode CSS variables with semantic naming - Implement theme-aware scrollbars using CSS variables - Add light mode backgrounds: --bg-base, --bg-elevated, --bg-surface, etc. - Add theme-aware borders: --border-base, --border-panel, --border-subtle - Add semantic text colors: --foreground-secondary, --foreground-subtle - Convert oklch colors to hex for better compatibility - Add theme awareness to CodeMirror editors - Update dark mode colors for consistency (background, sidebar, card, muted, input) - Add Tailwind color mappings for semantic classes Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * fix: syntax errors * chore: updating/match themes and split admin settings * feat: add translation workflow and remove old translation.json * fix: translation workflow error * fix: translation workflow error * feat: improve translation system and update workflow * fix: wrong path for translations * fix: change translation to flat files * fix: gh rule error * chore: auto-translate to multiple languages (#458) * chore: improve organization and made a few styling changes in host manager * feat: improve terminal stability and split out the host manager * fix: add unnversiioned files * chore: migrate all to use the new theme system * fix: wrong animation line colors * fix: rbac implementation general issues (local squash) * fix: remove unneeded files * feat: add 10 new langs * chore: update gitnore * chore: auto-translate to multiple languages (#459) * fix: improve tunnel system * fix: properly split tabs, still need to fix up the host manager * chore: cleanup files (possible RC) * feat: add norwegian * chore: auto-translate to multiple languages (#461) * fix: small qol fixes and began readme update * fix: run cleanup script * feat: add docker docs button * feat: general bug fixes and readme updates * fix: translations * chore: auto-translate to multiple languages (#462) * fix: cleanup files * fix: test new translation issue and add better server-stats support * fix: fix translate error * chore: auto-translate to multiple languages (#463) * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#465) * fix: fix translate mismatching text * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#466) * fix: fix translate mismatching text * fix: fix translate mismatching text * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#467) * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#468) * feat: add to readme, a few qol changes, and improve server stats in general * chore: auto-translate to multiple languages (#469) * feat: turned disk uage into graph and fixed issue with termina console * fix: electron build error and hide icons when shared * chore: run clean * fix: general server stats issues, file manager decoding, ui qol * fix: add dashboard line breaks * fix: docker console error * fix: docker console not loading and mismatched stripped background for electron * fix: docker console not loading * chore: docker console not loading in docker * chore: translate readme to chinese * chore: match package lock to package json * chore: nginx config issue for dokcer console * chore: auto-translate to multiple languages (#470) --------- Co-authored-by: Tran Trung Kien <kientt13.7@gmail.com> Co-authored-by: junu <bigdwarf_@naver.com> Co-authored-by: 송준우 <2484@coreit.co.kr> Co-authored-by: SlimGary <trash.slim@gmail.com> Co-authored-by: Nunzio Marfè <nunzio.marfe@protonmail.com> Co-authored-by: Wesley Reid <starhound@lostsouls.org> Co-authored-by: ZacharyZcR <zacharyzcr1984@gmail.com> Co-authored-by: Denis <38875137+Medvedinca@users.noreply.github.com> Co-authored-by: Peet McKinney <68706879+PeetMcK@users.noreply.github.com>
2025-12-31 22:20:12 -06:00
parent 7139290d14
commit ad86c2040b
225 changed files with 87356 additions and 17706 deletions
--- a/src/ui/main-axios.ts
+++ b/src/ui/main-axios.ts
@@ -7,7 +7,51 @@ import type {
  TunnelStatus,
  FileManagerFile,
  FileManagerShortcut,
+  DockerContainer,
+  DockerStats,
+  DockerLogOptions,
+  DockerValidation,
 } from "../types/index.js";
+
+// ============================================================================
+// RBAC TYPE DEFINITIONS
+// ============================================================================
+
+export interface Role {
+  id: number;
+  name: string;
+  displayName: string;
+  description: string | null;
+  isSystem: boolean;
+  permissions: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface UserRole {
+  userId: string;
+  roleId: number;
+  roleName: string;
+  roleDisplayName: string;
+  grantedBy: string;
+  grantedByUsername: string;
+  grantedAt: string;
+}
+
+export interface AccessRecord {
+  id: number;
+  targetType: "user" | "role";
+  userId: string | null;
+  roleId: number | null;
+  username: string | null;
+  roleName: string | null;
+  roleDisplayName: string | null;
+  grantedBy: string;
+  grantedByUsername: string;
+  permissionLevel: "view"; // Only view permission is supported
+  expiresAt: string | null;
+  createdAt: string;
+}
 import {
  apiLogger,
  authLogger,
@@ -594,6 +638,12 @@ function initializeApiInstances() {

  // Homepage API (port 30006)
  homepageApi = createApiInstance(getApiUrl("", 30006), "HOMEPAGE");
+
+  // RBAC API (port 30001)
+  rbacApi = createApiInstance(getApiUrl("", 30001), "RBAC");
+
+  // Docker Management API (port 30007)
+  dockerApi = createApiInstance(getApiUrl("/docker", 30007), "DOCKER");
 }

 // SSH Host Management API (port 30001)
@@ -614,6 +664,12 @@ export let authApi: AxiosInstance;
 // Homepage API (port 30006)
 export let homepageApi: AxiosInstance;

+// RBAC API (port 30001)
+export let rbacApi: AxiosInstance;
+
+// Docker Management API (port 30007)
+export let dockerApi: AxiosInstance;
+
 function initializeApp() {
  if (isElectron()) {
    getServerConfig()
@@ -856,6 +912,7 @@ export async function createSSHHost(hostData: SSHHostData): Promise<SSHHost> {
      enableTerminal: Boolean(hostData.enableTerminal),
      enableTunnel: Boolean(hostData.enableTunnel),
      enableFileManager: Boolean(hostData.enableFileManager),
+      enableDocker: Boolean(hostData.enableDocker),
      defaultPath: hostData.defaultPath || "/",
      tunnelConnections: hostData.tunnelConnections || [],
      jumpHosts: hostData.jumpHosts || [],
@@ -867,6 +924,13 @@ export async function createSSHHost(hostData: SSHHostData): Promise<SSHHost> {
        : null,
      terminalConfig: hostData.terminalConfig || null,
      forceKeyboardInteractive: Boolean(hostData.forceKeyboardInteractive),
+      notes: hostData.notes || "",
+      useSocks5: Boolean(hostData.useSocks5),
+      socks5Host: hostData.socks5Host || null,
+      socks5Port: hostData.socks5Port || null,
+      socks5Username: hostData.socks5Username || null,
+      socks5Password: hostData.socks5Password || null,
+      socks5ProxyChain: hostData.socks5ProxyChain || null,
    };

    if (!submitData.enableTunnel) {
@@ -922,6 +986,7 @@ export async function updateSSHHost(
      enableTerminal: Boolean(hostData.enableTerminal),
      enableTunnel: Boolean(hostData.enableTunnel),
      enableFileManager: Boolean(hostData.enableFileManager),
+      enableDocker: Boolean(hostData.enableDocker),
      defaultPath: hostData.defaultPath || "/",
      tunnelConnections: hostData.tunnelConnections || [],
      jumpHosts: hostData.jumpHosts || [],
@@ -933,6 +998,13 @@ export async function updateSSHHost(
        : null,
      terminalConfig: hostData.terminalConfig || null,
      forceKeyboardInteractive: Boolean(hostData.forceKeyboardInteractive),
+      notes: hostData.notes || "",
+      useSocks5: Boolean(hostData.useSocks5),
+      socks5Host: hostData.socks5Host || null,
+      socks5Port: hostData.socks5Port || null,
+      socks5Username: hostData.socks5Username || null,
+      socks5Password: hostData.socks5Password || null,
+      socks5ProxyChain: hostData.socks5ProxyChain || null,
    };

    if (!submitData.enableTunnel) {
@@ -1244,6 +1316,12 @@ export async function connectSSH(
    credentialId?: number;
    userId?: string;
    forceKeyboardInteractive?: boolean;
+    useSocks5?: boolean;
+    socks5Host?: string;
+    socks5Port?: number;
+    socks5Username?: string;
+    socks5Password?: string;
+    socks5ProxyChain?: unknown;
  },
 ): Promise<Record<string, unknown>> {
  try {
@@ -1886,6 +1964,7 @@ export async function getServerStatusById(id: number): Promise<ServerStatus> {
    return response.data;
  } catch (error) {
    handleApiError(error, "fetch server status");
+    throw error;
  }
 }

@@ -1895,6 +1974,94 @@ export async function getServerMetricsById(id: number): Promise<ServerMetrics> {
    return response.data;
  } catch (error) {
    handleApiError(error, "fetch server metrics");
+    throw error;
+  }
+}
+
+export async function startMetricsPolling(hostId: number): Promise<{
+  success: boolean;
+  requires_totp?: boolean;
+  sessionId?: string;
+  prompt?: string;
+  viewerSessionId?: string;
+}> {
+  try {
+    const response = await statsApi.post(`/metrics/start/${hostId}`);
+    return response.data;
+  } catch (error) {
+    handleApiError(error, "start metrics polling");
+    throw error;
+  }
+}
+
+export async function stopMetricsPolling(
+  hostId: number,
+  viewerSessionId?: string,
+): Promise<void> {
+  try {
+    await statsApi.post(`/metrics/stop/${hostId}`, { viewerSessionId });
+  } catch (error) {
+    handleApiError(error, "stop metrics polling");
+    throw error;
+  }
+}
+
+export async function sendMetricsHeartbeat(
+  viewerSessionId: string,
+): Promise<void> {
+  try {
+    await statsApi.post("/metrics/heartbeat", { viewerSessionId });
+  } catch (error) {
+    handleApiError(error, "send metrics heartbeat");
+    throw error;
+  }
+}
+
+export async function registerMetricsViewer(
+  hostId: number,
+): Promise<{ success: boolean; viewerSessionId: string }> {
+  try {
+    const response = await statsApi.post("/metrics/register-viewer", {
+      hostId,
+    });
+    return response.data;
+  } catch (error) {
+    handleApiError(error, "register metrics viewer");
+    throw error;
+  }
+}
+
+export async function unregisterMetricsViewer(
+  hostId: number,
+  viewerSessionId: string,
+): Promise<void> {
+  try {
+    await statsApi.post("/metrics/unregister-viewer", {
+      hostId,
+      viewerSessionId,
+    });
+  } catch (error) {
+    handleApiError(error, "unregister metrics viewer");
+    throw error;
+  }
+}
+
+export async function submitMetricsTOTP(
+  sessionId: string,
+  totpCode: string,
+): Promise<{
+  success: boolean;
+  viewerSessionId?: string;
+}> {
+  try {
+    const response = await statsApi.post("/metrics/connect-totp", {
+      sessionId,
+      totpCode,
+    });
+    return response.data;
+  } catch (error) {
+    handleApiError(error, "submit metrics TOTP");
+    throw error;
  }
 }

@@ -2963,7 +3130,7 @@ export interface UptimeInfo {
 export interface RecentActivityItem {
  id: number;
  userId: string;
-  type: "terminal" | "file_manager";
+  type: "terminal" | "file_manager" | "server_stats" | "tunnel" | "docker";
  hostId: number;
  hostName: string;
  timestamp: string;
@@ -2992,7 +3159,7 @@ export async function getRecentActivity(
 }

 export async function logActivity(
-  type: "terminal" | "file_manager",
+  type: "terminal" | "file_manager" | "server_stats" | "tunnel" | "docker",
  hostId: number,
  hostName: string,
 ): Promise<{ message: string; id: number | string }> {
@@ -3109,3 +3276,421 @@ export async function unlinkOIDCFromPasswordAccount(
    throw handleApiError(error, "unlink OIDC from password account");
  }
 }
+
+// ============================================================================
+// RBAC MANAGEMENT
+// ============================================================================
+
+// Role Management
+export async function getRoles(): Promise<{ roles: Role[] }> {
+  try {
+    const response = await rbacApi.get("/rbac/roles");
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "fetch roles");
+  }
+}
+
+export async function createRole(roleData: {
+  name: string;
+  displayName: string;
+  description?: string | null;
+}): Promise<{ role: Role }> {
+  try {
+    const response = await rbacApi.post("/rbac/roles", roleData);
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "create role");
+  }
+}
+
+export async function updateRole(
+  roleId: number,
+  roleData: {
+    displayName?: string;
+    description?: string | null;
+  },
+): Promise<{ role: Role }> {
+  try {
+    const response = await rbacApi.put(`/rbac/roles/${roleId}`, roleData);
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "update role");
+  }
+}
+
+export async function deleteRole(
+  roleId: number,
+): Promise<{ success: boolean }> {
+  try {
+    const response = await rbacApi.delete(`/rbac/roles/${roleId}`);
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "delete role");
+  }
+}
+
+// User-Role Management
+export async function getUserRoles(
+  userId: string,
+): Promise<{ roles: UserRole[] }> {
+  try {
+    const response = await rbacApi.get(`/rbac/users/${userId}/roles`);
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "fetch user roles");
+  }
+}
+
+export async function assignRoleToUser(
+  userId: string,
+  roleId: number,
+): Promise<{ success: boolean }> {
+  try {
+    const response = await rbacApi.post(`/rbac/users/${userId}/roles`, {
+      roleId,
+    });
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "assign role to user");
+  }
+}
+
+export async function removeRoleFromUser(
+  userId: string,
+  roleId: number,
+): Promise<{ success: boolean }> {
+  try {
+    const response = await rbacApi.delete(
+      `/rbac/users/${userId}/roles/${roleId}`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "remove role from user");
+  }
+}
+
+// Host Sharing Management
+export async function shareHost(
+  hostId: number,
+  shareData: {
+    targetType: "user" | "role";
+    targetUserId?: string;
+    targetRoleId?: number;
+    permissionLevel: "view"; // Only view permission is supported
+    durationHours?: number;
+  },
+): Promise<{ success: boolean }> {
+  try {
+    const response = await rbacApi.post(
+      `/rbac/host/${hostId}/share`,
+      shareData,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "share host");
+  }
+}
+
+export async function getHostAccess(
+  hostId: number,
+): Promise<{ accessList: AccessRecord[] }> {
+  try {
+    const response = await rbacApi.get(`/rbac/host/${hostId}/access`);
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "fetch host access");
+  }
+}
+
+export async function revokeHostAccess(
+  hostId: number,
+  accessId: number,
+): Promise<{ success: boolean }> {
+  try {
+    const response = await rbacApi.delete(
+      `/rbac/host/${hostId}/access/${accessId}`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "revoke host access");
+  }
+}
+
+// ============================================================================
+// DOCKER MANAGEMENT API
+// ============================================================================
+
+export async function connectDockerSession(
+  sessionId: string,
+  hostId: number,
+  config?: {
+    userProvidedPassword?: string;
+    userProvidedSshKey?: string;
+    userProvidedKeyPassword?: string;
+    forceKeyboardInteractive?: boolean;
+    useSocks5?: boolean;
+    socks5Host?: string;
+    socks5Port?: number;
+    socks5Username?: string;
+    socks5Password?: string;
+    socks5ProxyChain?: unknown;
+  },
+): Promise<{
+  success?: boolean;
+  message?: string;
+  requires_totp?: boolean;
+  prompt?: string;
+  isPassword?: boolean;
+  status?: string;
+  reason?: string;
+}> {
+  try {
+    const response = await dockerApi.post("/ssh/connect", {
+      sessionId,
+      hostId,
+      ...config,
+    });
+    return response.data;
+  } catch (error: any) {
+    if (error.response?.data?.status === "auth_required") {
+      return error.response.data;
+    }
+    if (error.response?.data?.requires_totp) {
+      return error.response.data;
+    }
+    throw handleApiError(error, "connect to Docker SSH session");
+  }
+}
+
+export async function verifyDockerTOTP(
+  sessionId: string,
+  totpCode: string,
+): Promise<{ status: string; message: string }> {
+  try {
+    const response = await dockerApi.post("/ssh/connect-totp", {
+      sessionId,
+      totpCode,
+    });
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "verify Docker TOTP");
+  }
+}
+
+export async function disconnectDockerSession(
+  sessionId: string,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.post("/ssh/disconnect", {
+      sessionId,
+    });
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "disconnect from Docker SSH session");
+  }
+}
+
+export async function keepaliveDockerSession(
+  sessionId: string,
+): Promise<{ success: boolean }> {
+  try {
+    const response = await dockerApi.post("/ssh/keepalive", {
+      sessionId,
+    });
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "keepalive Docker SSH session");
+  }
+}
+
+export async function getDockerSessionStatus(
+  sessionId: string,
+): Promise<{ success: boolean; connected: boolean }> {
+  try {
+    const response = await dockerApi.get("/ssh/status", {
+      params: { sessionId },
+    });
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "get Docker session status");
+  }
+}
+
+export async function validateDockerAvailability(
+  sessionId: string,
+): Promise<DockerValidation> {
+  try {
+    const response = await dockerApi.get(`/validate/${sessionId}`);
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "validate Docker availability");
+  }
+}
+
+export async function listDockerContainers(
+  sessionId: string,
+  all: boolean = true,
+): Promise<DockerContainer[]> {
+  try {
+    const response = await dockerApi.get(`/containers/${sessionId}`, {
+      params: { all },
+    });
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "list Docker containers");
+  }
+}
+
+export async function getDockerContainerDetails(
+  sessionId: string,
+  containerId: string,
+): Promise<DockerContainer> {
+  try {
+    const response = await dockerApi.get(
+      `/containers/${sessionId}/${containerId}`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "get Docker container details");
+  }
+}
+
+export async function startDockerContainer(
+  sessionId: string,
+  containerId: string,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.post(
+      `/containers/${sessionId}/${containerId}/start`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "start Docker container");
+  }
+}
+
+export async function stopDockerContainer(
+  sessionId: string,
+  containerId: string,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.post(
+      `/containers/${sessionId}/${containerId}/stop`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "stop Docker container");
+  }
+}
+
+export async function restartDockerContainer(
+  sessionId: string,
+  containerId: string,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.post(
+      `/containers/${sessionId}/${containerId}/restart`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "restart Docker container");
+  }
+}
+
+export async function pauseDockerContainer(
+  sessionId: string,
+  containerId: string,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.post(
+      `/containers/${sessionId}/${containerId}/pause`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "pause Docker container");
+  }
+}
+
+export async function unpauseDockerContainer(
+  sessionId: string,
+  containerId: string,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.post(
+      `/containers/${sessionId}/${containerId}/unpause`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "unpause Docker container");
+  }
+}
+
+export async function removeDockerContainer(
+  sessionId: string,
+  containerId: string,
+  force: boolean = false,
+): Promise<{ success: boolean; message: string }> {
+  try {
+    const response = await dockerApi.delete(
+      `/containers/${sessionId}/${containerId}/remove`,
+      {
+        params: { force },
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "remove Docker container");
+  }
+}
+
+export async function getContainerLogs(
+  sessionId: string,
+  containerId: string,
+  options?: DockerLogOptions,
+): Promise<{ logs: string }> {
+  try {
+    const response = await dockerApi.get(
+      `/containers/${sessionId}/${containerId}/logs`,
+      {
+        params: options,
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "get container logs");
+  }
+}
+
+export async function downloadContainerLogs(
+  sessionId: string,
+  containerId: string,
+  options?: DockerLogOptions,
+): Promise<Blob> {
+  try {
+    const response = await dockerApi.get(
+      `/containers/${sessionId}/${containerId}/logs`,
+      {
+        params: { ...options, download: true },
+        responseType: "blob",
+      },
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "download container logs");
+  }
+}
+
+export async function getContainerStats(
+  sessionId: string,
+  containerId: string,
+): Promise<DockerStats> {
+  try {
+    const response = await dockerApi.get(
+      `/containers/${sessionId}/${containerId}/stats`,
+    );
+    return response.data;
+  } catch (error) {
+    throw handleApiError(error, "get container stats");
+  }
+}