feat: snippets, proxy settings, tab colors, connection sorting/filtering

- Snippets library: save, organize, and quick-send commands to terminal
- Proxy/Firewall per connection: SOCKS5, SOCKS4, HTTP CONNECT support
- Tab color coding based on connection group color
- Connection sorting (name, recent, protocol) in sidebar and HomeScreen
- Connection filtering by protocol and status (connected/disconnected)
- Hide Group field in ConnectionDialog when no groups exist
- Improved bulk move popover with backdrop dismiss

Author: AnasProgrammer2

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "netcopilot",
-  "version": "0.11.6",
+  "version": "0.11.7",
   "description": "NetCopilot – AI-powered SSH/Telnet terminal for network engineers",
   "main": "./out/main/index.js",
   "author": {

package.json

@@ -2,7 +2,7 @@ import Database from 'better-sqlite3-multiple-ciphers'
 import { app, safeStorage } from 'electron'
 import path from 'path'
 import { existsSync, readFileSync } from 'fs'
-import { Connection, ConnectionGroup, SSHKey } from '../types/shared'
+import { Connection, ConnectionGroup, SSHKey, Snippet, SnippetFolder } from '../types/shared'
 import { getDbKey } from './dbKey'
 import { DEFAULT_AI_BLACKLIST } from './aiDefaults'
 
@@ -61,6 +61,7 @@ function initSchema(db: Database.Database): void {
       serial_config   TEXT,
       auto_reconnect  INTEGER NOT NULL DEFAULT 1,
       reconnect_delay INTEGER NOT NULL DEFAULT 10,
+      proxy_config    TEXT,
       created_at      INTEGER NOT NULL,
       updated_at      INTEGER NOT NULL,
       last_connected_at INTEGER
@@ -92,9 +93,32 @@ function initSchema(db: Database.Database): void {
       last_used   INTEGER NOT NULL,
       PRIMARY KEY (device_type, command)
     );
+
+    CREATE TABLE IF NOT EXISTS snippets (
+      id          TEXT PRIMARY KEY,
+      name        TEXT NOT NULL,
+      command     TEXT NOT NULL,
+      description TEXT,
+      folder_id   TEXT,
+      created_at  INTEGER NOT NULL,
+      updated_at  INTEGER NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS snippet_folders (
+      id   TEXT PRIMARY KEY,
+      name TEXT NOT NULL
+    );
   `)
 
   // Seed default AI blacklist if missing or empty (handles both fresh installs and empty migrations)
+
+  // ── Schema migrations (add columns if missing) ──
+  const cols = db.prepare("PRAGMA table_info(connections)").all() as { name: string }[]
+  const colNames = new Set(cols.map(c => c.name))
+  if (!colNames.has('proxy_config')) {
+    db.exec("ALTER TABLE connections ADD COLUMN proxy_config TEXT")
+  }
+
   const blRow = db
     .prepare("SELECT value FROM settings WHERE key = 'ai.blacklist'")
     .get() as { value: string } | undefined
@@ -148,12 +172,12 @@ function migrateFromJson(db: Database.Database): void {
           INSERT OR IGNORE INTO connections
           (id, name, host, port, protocol, username, auth_type, ssh_key_id, group_id,
            tags, notes, device_type, color, jump_host_id, startup_commands,
-           enable_password, serial_config, auto_reconnect, reconnect_delay,
+           enable_password, serial_config, auto_reconnect, reconnect_delay, proxy_config,
            created_at, updated_at, last_connected_at)
           VALUES
           (@id, @name, @host, @port, @protocol, @username, @auth_type, @ssh_key_id, @group_id,
            @tags, @notes, @device_type, @color, @jump_host_id, @startup_commands,
-           @enable_password, @serial_config, @auto_reconnect, @reconnect_delay,
+           @enable_password, @serial_config, @auto_reconnect, @reconnect_delay, @proxy_config,
            @created_at, @updated_at, @last_connected_at)
         `)
         for (const c of data.connections ?? []) {
@@ -236,6 +260,7 @@ export function rowToConnection(row: Row): Connection {
     serialConfig:     row.serial_config ? safeJsonParse(row.serial_config as string, undefined) : undefined,
     autoReconnect:    Boolean(row.auto_reconnect),
     reconnectDelay:   row.reconnect_delay as number,
+    proxyConfig:      row.proxy_config ? safeJsonParse(row.proxy_config as string, undefined) : undefined,
     createdAt:        row.created_at as number,
     updatedAt:        row.updated_at as number,
     lastConnectedAt:  (row.last_connected_at as number) || undefined,
@@ -263,6 +288,7 @@ export function connToRow(c: Connection): Row {
     serial_config:    c.serialConfig    ? JSON.stringify(c.serialConfig) : null,
     auto_reconnect:   c.autoReconnect   ? 1 : 0,
     reconnect_delay:  c.reconnectDelay  ?? 10,
+    proxy_config:     c.proxyConfig     ? JSON.stringify(c.proxyConfig) : null,
     created_at:       c.createdAt,
     updated_at:       c.updatedAt,
     last_connected_at: c.lastConnectedAt ?? null,
@@ -286,3 +312,22 @@ export function rowToSshKey(row: Row): SSHKey {
     createdAt: row.created_at as number,
   }
 }
+
+export function rowToSnippet(row: Row): Snippet {
+  return {
+    id:          row.id as string,
+    name:        row.name as string,
+    command:     row.command as string,
+    description: (row.description as string) || undefined,
+    folderId:    (row.folder_id as string) || undefined,
+    createdAt:   row.created_at as number,
+    updatedAt:   row.updated_at as number,
+  }
+}
+
+export function rowToSnippetFolder(row: Row): SnippetFolder {
+  return {
+    id:   row.id as string,
+    name: row.name as string,
+  }
+}

src/main/db.ts

@@ -152,6 +152,77 @@ function handleSocks4(sock: net.Socket, sshClient: Client, buf: Buffer): void {
   })
 }
 
+function connectViaProxy(
+  proxy: { type: 'socks5' | 'socks4' | 'http'; host: string; port: number; username?: string; password?: string },
+  targetHost: string, targetPort: number
+): Promise<net.Socket> {
+  return new Promise((resolve, reject) => {
+    const sock = net.connect(proxy.port, proxy.host, () => {
+      if (proxy.type === 'http') {
+        const auth = proxy.username && proxy.password
+          ? `\r\nProxy-Authorization: Basic ${Buffer.from(`${proxy.username}:${proxy.password}`).toString('base64')}`
+          : ''
+        sock.write(`CONNECT ${targetHost}:${targetPort} HTTP/1.1\r\nHost: ${targetHost}:${targetPort}${auth}\r\n\r\n`)
+        sock.once('data', (chunk) => {
+          const resp = chunk.toString()
+          if (resp.includes('200')) resolve(sock)
+          else { sock.destroy(); reject(new Error(`HTTP proxy rejected: ${resp.split('\r\n')[0]}`)) }
+        })
+      } else {
+        // SOCKS4/5
+        if (proxy.type === 'socks5') {
+          const hasAuth = proxy.username && proxy.password
+          const authMethods = hasAuth ? Buffer.from([0x05, 0x02, 0x00, 0x02]) : Buffer.from([0x05, 0x01, 0x00])
+          sock.write(authMethods)
+          sock.once('data', (greeting) => {
+            if (greeting[1] === 0x02 && hasAuth) {
+              const uBuf = Buffer.from(proxy.username!)
+              const pBuf = Buffer.from(proxy.password!)
+              const authBuf = Buffer.concat([Buffer.from([0x01, uBuf.length]), uBuf, Buffer.from([pBuf.length]), pBuf])
+              sock.write(authBuf)
+              sock.once('data', (authResp) => {
+                if (authResp[1] !== 0x00) { sock.destroy(); return reject(new Error('SOCKS5 auth failed')) }
+                sendSocks5Connect(sock, targetHost, targetPort, resolve, reject)
+              })
+            } else if (greeting[1] === 0x00) {
+              sendSocks5Connect(sock, targetHost, targetPort, resolve, reject)
+            } else {
+              sock.destroy(); reject(new Error('SOCKS5 no acceptable auth method'))
+            }
+          })
+        } else {
+          // SOCKS4
+          const portBuf = Buffer.alloc(2)
+          portBuf.writeUInt16BE(targetPort, 0)
+          const ipBuf = Buffer.from([0, 0, 0, 1]) // SOCKS4a: invalid IP
+          const userBuf = Buffer.from(proxy.username ?? '')
+          const hostBuf = Buffer.from(targetHost)
+          const req = Buffer.concat([Buffer.from([0x04, 0x01]), portBuf, ipBuf, userBuf, Buffer.from([0x00]), hostBuf, Buffer.from([0x00])])
+          sock.write(req)
+          sock.once('data', (resp) => {
+            if (resp[1] === 0x5a) resolve(sock)
+            else { sock.destroy(); reject(new Error(`SOCKS4 rejected: code ${resp[1]}`)) }
+          })
+        }
+      }
+    })
+    sock.on('error', (err) => reject(new Error(`Proxy connection failed: ${err.message}`)))
+    sock.setTimeout(15000, () => { sock.destroy(); reject(new Error('Proxy connection timeout')) })
+  })
+}
+
+function sendSocks5Connect(sock: net.Socket, host: string, port: number, resolve: (s: net.Socket) => void, reject: (e: Error) => void) {
+  const hostBuf = Buffer.from(host)
+  const portBuf = Buffer.alloc(2)
+  portBuf.writeUInt16BE(port, 0)
+  const req = Buffer.concat([Buffer.from([0x05, 0x01, 0x00, 0x03, hostBuf.length]), hostBuf, portBuf])
+  sock.write(req)
+  sock.once('data', (resp) => {
+    if (resp[1] === 0x00) { sock.setTimeout(0); resolve(sock) }
+    else { sock.destroy(); reject(new Error(`SOCKS5 connect failed: code ${resp[1]}`)) }
+  })
+}
+
 export function setupSshHandlers(
   ipcMain: IpcMain,
   getWindow: () => BrowserWindow | null
@@ -180,6 +251,13 @@ export function setupSshHandlers(
           privateKey?: string
           passphrase?: string
         }
+        proxy?: {
+          type: 'socks5' | 'socks4' | 'http'
+          host: string
+          port: number
+          username?: string
+          password?: string
+        }
       }
     ) => {
       return new Promise((resolve, reject) => {
@@ -299,15 +377,26 @@ export function setupSshHandlers(
           ))
 
         } else {
-          // ── Direct connection ─────────────────────────────────────────────────
-          const client = new Client()
-          client.on('error', (err) => settle({ success: false, error: err.message }))
-          client.on('ready', () => openShell(client, null))
-          client.connect(buildConnectConfig(
-            payload.host, payload.port, payload.username,
-            payload.password, payload.privateKey, payload.passphrase,
-            payload.readyTimeout ?? 30000, payload.keepaliveInterval ?? 30000
-          ))
+          // ── Direct connection (possibly through proxy) ─────────────────────
+          const connectDirect = (sock?: net.Socket) => {
+            const client = new Client()
+            client.on('error', (err) => settle({ success: false, error: err.message }))
+            client.on('ready', () => openShell(client, null))
+            client.connect(buildConnectConfig(
+              payload.host, payload.port, payload.username,
+              payload.password, payload.privateKey, payload.passphrase,
+              payload.readyTimeout ?? 30000, payload.keepaliveInterval ?? 30000,
+              sock
+            ))
+          }
+
+          if (payload.proxy) {
+            connectViaProxy(payload.proxy, payload.host, payload.port)
+              .then((proxySock) => connectDirect(proxySock))
+              .catch((err) => settle({ success: false, error: `Proxy: ${err.message}` }))
+          } else {
+            connectDirect()
+          }
         }
       })
     }

src/main/ssh.ts

@@ -1,7 +1,7 @@
 import { IpcMain } from 'electron'
 import * as net from 'net'
-import { Connection, ConnectionGroup, SSHKey } from '../types/shared'
-import { getDb, rowToConnection, connToRow, rowToGroup, rowToSshKey } from './db'
+import { Connection, ConnectionGroup, SSHKey, Snippet, SnippetFolder } from '../types/shared'
+import { getDb, rowToConnection, connToRow, rowToGroup, rowToSshKey, rowToSnippet, rowToSnippetFolder } from './db'
 
 type Row = Record<string, unknown>
 
@@ -116,6 +116,59 @@ export function setupStoreHandlers(ipcMain: IpcMain): void {
     return true
   })
 
+  // ── Snippets ────────────────────────────────────────────────────────────────
+
+  ipcMain.handle('store:get-snippets', () => {
+    const rows = getDb().prepare('SELECT * FROM snippets ORDER BY name ASC').all() as Row[]
+    return rows.map(rowToSnippet)
+  })
+
+  ipcMain.handle('store:save-snippet', (_, s: Snippet) => {
+    getDb().prepare(`
+      INSERT INTO snippets (id, name, command, description, folder_id, created_at, updated_at)
+      VALUES (@id, @name, @command, @description, @folder_id, @created_at, @updated_at)
+      ON CONFLICT(id) DO UPDATE SET
+        name = excluded.name,
+        command = excluded.command,
+        description = excluded.description,
+        folder_id = excluded.folder_id,
+        updated_at = excluded.updated_at
+    `).run({
+      id:          s.id,
+      name:        s.name,
+      command:     s.command,
+      description: s.description ?? null,
+      folder_id:   s.folderId ?? null,
+      created_at:  s.createdAt,
+      updated_at:  s.updatedAt,
+    })
+    return s
+  })
+
+  ipcMain.handle('store:delete-snippet', (_, id: string) => {
+    getDb().prepare('DELETE FROM snippets WHERE id = ?').run(id)
+    return true
+  })
+
+  ipcMain.handle('store:get-snippet-folders', () => {
+    const rows = getDb().prepare('SELECT * FROM snippet_folders ORDER BY name ASC').all() as Row[]
+    return rows.map(rowToSnippetFolder)
+  })
+
+  ipcMain.handle('store:save-snippet-folder', (_, f: SnippetFolder) => {
+    getDb().prepare(`
+      INSERT INTO snippet_folders (id, name) VALUES (@id, @name)
+      ON CONFLICT(id) DO UPDATE SET name = excluded.name
+    `).run({ id: f.id, name: f.name })
+    return f
+  })
+
+  ipcMain.handle('store:delete-snippet-folder', (_, id: string) => {
+    getDb().prepare('DELETE FROM snippet_folders WHERE id = ?').run(id)
+    getDb().prepare('UPDATE snippets SET folder_id = NULL WHERE folder_id = ?').run(id)
+    return true
+  })
+
   // ── Settings ────────────────────────────────────────────────────────────────
 
   ipcMain.handle('store:get-setting', (_, key: string) => {

src/main/store.ts

@@ -12,6 +12,12 @@ const api = {
     getSshKeys: () => ipcRenderer.invoke('store:get-ssh-keys'),
     saveSshKey: (key: unknown) => ipcRenderer.invoke('store:save-ssh-key', key),
     deleteSshKey: (id: string) => ipcRenderer.invoke('store:delete-ssh-key', id),
+    getSnippets: () => ipcRenderer.invoke('store:get-snippets'),
+    saveSnippet: (snippet: unknown) => ipcRenderer.invoke('store:save-snippet', snippet),
+    deleteSnippet: (id: string) => ipcRenderer.invoke('store:delete-snippet', id),
+    getSnippetFolders: () => ipcRenderer.invoke('store:get-snippet-folders'),
+    saveSnippetFolder: (folder: unknown) => ipcRenderer.invoke('store:save-snippet-folder', folder),
+    deleteSnippetFolder: (id: string) => ipcRenderer.invoke('store:delete-snippet-folder', id),
     getSetting: (key: string) => ipcRenderer.invoke('store:get-setting', key),
     setSetting: (key: string, value: unknown) => ipcRenderer.invoke('store:set-setting', key, value)
   },

src/preload/index.ts

@@ -16,7 +16,7 @@ import { cn, getInstallerUrl } from './lib/utils'
 
 export default function App(): JSX.Element {
   const {
-    loadConnections, loadGroups, loadSshKeys, loadSettings,
+    loadConnections, loadGroups, loadSshKeys, loadSettings, loadSnippets, loadSnippetFolders,
     connections, sessions, activeSessionId,
     setQuickConnectOpen, setSettingsOpen, setAiPanelOpen, aiPanelOpen,
     setActiveSession, closeSession, setSplitSession, splitSessionId,
@@ -54,6 +54,8 @@ export default function App(): JSX.Element {
       loadGroups()
       loadSshKeys()
       loadSettings()
+      loadSnippets()
+      loadSnippetFolders()
     }
   }, [masterLocked])
 
@@ -203,7 +205,7 @@ export default function App(): JSX.Element {
   if (masterLocked) {
     return <MasterPasswordLock onUnlocked={() => {
       setMasterLocked(false)
-      loadConnections(); loadGroups(); loadSshKeys(); loadSettings()
+      loadConnections(); loadGroups(); loadSshKeys(); loadSettings(); loadSnippets(); loadSnippetFolders()
     }} />
   }