Skip to content

PROTOCOL-FEATURES.md

Latest commit

 

History

History
653 lines (544 loc) · 43.6 KB

PROTOCOL-FEATURES.md

File metadata and controls

653 lines (544 loc) · 43.6 KB

AeroFTP Protocol Features Matrix

Last Updated: 2 May 2026 Version: v3.7.0

Note: AeroFTP organizes integrations on three tiers:

  1. 7 transport protocols (FTP, FTPS, SFTP, WebDAV, S3, Azure Blob, OpenStack Swift) - native wire-level support;
  2. 20+ native provider integrations with dedicated OAuth2 / API key / SDK code paths (Google Drive, Dropbox, OneDrive, MEGA, Box, pCloud, Filen, Zoho WorkDrive, Internxt, kDrive, Koofr, Jottacloud, FileLu, Yandex Disk, OpenDrive, 4shared, Drime, Google Photos, GitHub, GitLab, Immich);
  3. 40+ pre-configured presets in the Discover catalog (S3-compatible endpoints, WebDAV-compatible servers, SourceForge, etc.).

The feature matrix tables below cover the core production set. GitHub, GitLab, and Immich have repository / media-specific semantics and are documented inline in their dedicated sections.

Protocol Security Matrix

Connection Security by Protocol

Protocol Encryption Auth Method Credential Storage Host Verification
FTP None Password Universal Vault N/A
FTPS TLS/SSL (Explicit/Implicit) Password Universal Vault TLS Certificate
SFTP SSH (hybrid: russh + ssh2/SCP) Password / SSH Key Universal Vault TOFU + known_hosts
WebDAV HTTPS Password (Basic + Digest RFC 2617) Universal Vault TLS Certificate
S3 HTTPS Access Key + Secret Universal Vault TLS Certificate
Google Drive HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
Dropbox HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
OneDrive HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
MEGA.nz Client-side AES Password (Native API or MEGAcmd) secrecy (zero-on-drop) E2E Encrypted
Box HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
pCloud HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
Azure Blob HTTPS Shared Key HMAC / SAS Universal Vault TLS Certificate
4shared HTTPS OAuth 1.0 (HMAC-SHA1) Universal Vault TLS Certificate
Filen Client-side AES-256-GCM Password (PBKDF2) secrecy (zero-on-drop) E2E Encrypted
Zoho WorkDrive HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
Internxt Drive Client-side AES-256-CTR Password (PBKDF2 + BIP39) secrecy (zero-on-drop) E2E Encrypted
kDrive HTTPS API Token (Bearer) Universal Vault TLS Certificate
Koofr HTTPS OAuth2 PKCE Universal Vault TLS + CSRF State
FileLu HTTPS API Key Universal Vault TLS Certificate
Yandex Disk HTTPS OAuth2 Token Universal Vault TLS Certificate
OpenDrive HTTPS Session (Username/Password) Universal Vault TLS Certificate
Jottacloud HTTPS Bearer Token (auto-refresh 60s pre-expiry) Universal Vault TLS Certificate
GitHub HTTPS PAT / Device Flow (PEM keys vaulted, AES-256-GCM) Universal Vault TLS Certificate
Immich HTTPS API Key (x-api-key header) Universal Vault TLS Certificate

Security Features by Protocol

Tables below group OAuth providers (Google Drive · Dropbox · OneDrive · Box · pCloud · Zoho WorkDrive · Koofr · Jottacloud · Yandex Disk) under a single "OAuth Providers" column when the security semantics are identical. Protocols with distinctive semantics (E2E encryption, OAuth 1.0, etc.) keep dedicated columns.

Feature FTP FTPS SFTP WebDAV S3 OAuth Providers MEGA Box pCloud Azure 4shared Filen Internxt kDrive FileLu Yandex OpenDrive
Insecure Warning Yes - - - - - - - - - - - - - - - -
TLS/SSL No Yes - Yes Yes Yes - Yes Yes Yes Yes - - Yes Yes Yes Yes
SSH Tunnel - - Yes - - - - - - - - - - - - - -
Host Key Check - - TOFU - - - - - - - - - - - - - -
PKCE Flow - - - - - Yes - Yes Yes - - - - - - - -
Digest Auth (RFC 2617) - - - Yes - - - - - - - - - - - - -
Ephemeral Port - - - - - Yes - Yes Yes - Yes - - - - Yes -
OAuth 1.0 Flow - - - - - - - - - - Yes - - - - - -
E2E Encryption - - - - - - Yes - - - - Yes Yes - - - -
Memory Zeroize Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

File Operations Matrix

Core Operations

Operation FTP FTPS SFTP WebDAV S3 Google Drive Dropbox OneDrive MEGA Box pCloud Azure 4shared Filen Zoho WD Internxt kDrive FileLu Yandex OpenDrive
List Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Upload Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Download Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Delete Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Rename Yes Yes Yes Yes Yes* Yes Yes Yes Yes Yes Yes Yes** Yes Yes Yes Yes Yes*** Yes Yes Yes
Mkdir Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Chmod Yes Yes Yes No No No No No No No No No No No No No No No No No
Stat Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Share Link AeroCloud AeroCloud AeroCloud AeroCloud Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes No Yes Yes Yes

*S3 rename = copy+delete **Azure rename = copy+delete ***kDrive rename = move to same parent with new name

Advanced Operations (v1.4.0)

Operation FTP FTPS SFTP WebDAV S3 GDrive Dropbox OneDrive MEGA Box pCloud Azure 4shared Filen Zoho WD Internxt kDrive FileLu Yandex OpenDrive
Server Copy - - - Yes Yes Yes Yes Yes Yes Yes Yes - - - Yes - Yes Yes† Yes -
Remote Search Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Storage Quota - - Yes Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
File Versions - - - - - Yes Yes Yes - Yes Yes - - - Yes - - - - -
Thumbnails - - - - - Yes Yes Yes - Yes Yes - - - - - - - - -
Permissions - - - - - Yes - Yes - - - - - - - - - - - -
Locking - - - - - - - - - Yes‡ - - - - - - - - - -
Resume Transfer Yes Yes - - - - - Yes - - - - - - - - - - - -
Resumable Upload - - - - Yes Yes - Yes - - - - - - - - - - - -
Workspace Export - - - - - Yes - - - - - - - - - - - - - -
Change Tracking - - - - - Yes - - - - - - - - - - - - - -
MLSD/MLST Yes Yes - - - - - - - - - - - - - - - - - -
Speed Limit - - - - - - - - Yes - - - - - - - - - - -
Import Link - - - - - - - - Yes - - - - - - - - - - -
Multipart Upload - - - - Yes - - - - - - - - - - - - - - -
Remote URL Fetch - - - - - - - - - - - - - - - - - Yes - -
File Password - - - - - - - - - - - - - - - - - Yes - -
Privacy Toggle - - - - - - - - - - - - - - - - - Yes - -
Tags - - - - - - - - - Yes - - - - - - - - - -
Watermark - - - - - - - - - Yes‡ - - - - - - - - - -
Comments - - - - - - - - - Yes - - - - - - - - - -
Collaborations - - - - - - - - - Yes - - - - - - - - - -

†FileLu Server Copy = server-side clone (filelu_clone_file) ‡Box Enterprise only (Business/Enterprise plan required)

Share Link Support

Protocol Link Password Expiry Permissions Notes
FTP/FTPS/SFTP AeroCloud - - - Requires public_url_base config
WebDAV/Nextcloud Native Auto-gen Days - OCS API, password auto-generated if server enforces it
S3 Presigned - Yes (default 1h, max 7d) - AWS Signature V4
Google Drive Native - - view/comment/edit Permanent "anyone with link"
Dropbox Native Pro+ Pro+ view/edit Password and expiry require Professional plan or higher
OneDrive Native Personal Yes view/edit Password only on Personal accounts, not Business
MEGA.nz Native - - - Native API (recommended) or MEGAcmd bridge
Box Native Paid Paid view/edit Password and expiry require paid Box plan
pCloud Native Premium Premium - Password and expiry require pCloud Premium
Filen Native Yes (Argon2id) Presets (1h-30d) - E2E encrypted, password hashed client-side
Zoho WorkDrive Native Yes Yes view/edit Full advanced options on all plans
kDrive Native Paid Paid view/edit Password and expiry require paid Infomaniak plan
Jottacloud Native - - - Basic share only (API limitation)
Drime Cloud Native Yes Yes view/edit Full advanced options
Koofr Native - - - Basic share link
FileLu Native - - - Makes file public, returns share URL
Yandex Disk Native - - - Publish/unpublish via REST API
OpenDrive Native - Yes (default 1 year) - Expiring share links
MEGA S4 Presigned - Yes (max 7d) - S3-compatible presigned URLs, 4 regions (EU/CA)
Azure Blob SAS - Yes (default 7d) - Service SAS with HMAC-SHA256
GitHub URL - - - Permanent blob/release URL

CLI: aeroftp-cli link --profile "name" /path [--password pw] [--expires 7d] [--permissions edit]

FileLu Special Features (v2.7.0)

FileLu exposes privacy and management features beyond generic file operations:

Feature API Endpoint Tauri Command Notes
File Password /file/set_password filelu_set_file_password Set or remove password on any file
Privacy Toggle /file/only_me filelu_set_file_privacy Toggle private (only-me) or public visibility
Server Clone /file/clone filelu_clone_file Duplicate file server-side; returns share URL
Folder Password /folder/set_password filelu_set_folder_password Requires fld_token from folder listing
Folder Settings /folder/setting filelu_set_folder_settings FileDrop (anonymous uploads) + Public Folder
List Trash /files/deleted filelu_list_deleted Returns deleted files with timestamps
Restore File /file/restore filelu_restore_file Restore by file_code
Restore Folder /folder/restore filelu_restore_folder Restore by fld_id
Permanent Delete /file/remove filelu_permanent_delete Bypass trash, irrecoverable
Remote URL Upload /upload/url filelu_remote_url_upload FileLu fetches file from URL server-side

Box Special Features (v2.7.4)

Box exposes management and collaboration features beyond generic file operations:

Feature API Endpoint Tauri Command Notes
Trash Management /folders/trash/items box_list_trash Paginated listing with trashed_at timestamps
Soft Delete DELETE /files/{id} box_trash_files Moves to trash (recoverable)
Restore from Trash POST /files/{id} box_restore_from_trash Supports file and folder types
Permanent Delete DELETE /files/{id}/trash box_permanent_delete Irrecoverable deletion
Move Item PUT /files/{id} box_move_file Server-side move between folders
Tags PUT /files/{id} box_set_tags Free-text tags, shown as inline chips
Comments /files/{id}/comments box_add_comment / box_delete_comment File-level comments
Collaborations /collaborations box_add_collaboration / box_remove_collaboration Role-based sharing
Watermark /files/{id}/watermark box_set_watermark / box_remove_watermark Enterprise: viewer email overlay
Folder Lock /folder_locks box_lock_folder / box_unlock_folder Enterprise: prevent move/delete

‡ Requires Box Business or Enterprise plan

Archive Support Matrix (v1.7.0)

Format Compress Extract Browse Selective Extract Encryption Levels Backend
ZIP Yes Yes Yes Yes AES-256 (read+write) Store/Fast/Normal/Max zip v7.2
7z Yes Yes Yes Yes AES-256 (read+write) Fast/Normal/Max sevenz-rust v0.6
TAR Yes Yes Yes Yes No - tar v0.4
TAR.GZ Yes Yes Yes Yes No Fast/Normal/Max tar + flate2 v1.0
TAR.XZ Yes Yes Yes Yes No Fast/Normal/Max tar + xz2 v0.1
TAR.BZ2 Yes Yes Yes Yes No Fast/Normal/Max tar + bzip2 v0.6
RAR No Yes Yes Yes Password support - unrar v0.5

Archive Browser (v1.7.0): Browse archive contents in-app without extracting. Password dialog for encrypted ZIP/7z/RAR. Selective extraction of individual files.

CompressDialog (v1.7.0): Unified compression UI with format selection, compression levels, editable archive name, password protection (ZIP/7z), and file info display.

Client-Side Encryption (v1.8.0)

AeroVault v2 - Military-Grade Containers

Component Algorithm RFC/Standard Notes
Content encryption AES-256-GCM-SIV RFC 8452 Nonce misuse-resistant AEAD
Key wrapping AES-256-KW RFC 3394 Integrity-protected key encapsulation
Filename encryption AES-256-SIV RFC 5297 Deterministic, hides file names
Key derivation Argon2id IETF draft 128 MiB / 4 iterations / 4 parallelism
Header integrity HMAC-SHA512 RFC 2104 512-bit MAC, detects tampering
Cascade mode ChaCha20-Poly1305 RFC 8439 Optional double encryption
Chunk size 64 KB - Per-chunk nonce + auth tag

AeroVault v2 vs Cryptomator

Feature AeroVault v2 Cryptomator
Nonce misuse resistance Yes (GCM-SIV) No (GCM)
KDF memory 128 MiB 64-128 MiB
KDF algorithm Argon2id scrypt
Header integrity SHA-512 SHA-256
Cascade encryption Optional No
Chunk size 64 KB 32 KB

Cryptomator (Format 8)

Create and browse Cryptomator vaults via context menu:

Component Algorithm
Master key derivation scrypt (N=2^15, r=8, p=1)
Key wrapping AES-256-KW (RFC 3394)
Filename encryption AES-SIV
Content encryption AES-256-GCM (32KB chunks)

FTP Protocol Enhancements (v1.4.0)

MLSD/MLST (RFC 3659)

  • FEAT detection: Server capabilities checked on connect
  • MLSD listings: Machine-readable format preferred over LIST
  • MLST stat: Single-file info without listing parent directory
  • Automatic fallback: Falls back to LIST when MLSD not supported
  • Fact parsing: type, size, modify, unix.mode, unix.owner/group, perm

Resume Transfers (REST)

  • resume_download: REST offset + RETR for partial downloads
  • resume_upload: APPE (append) for partial uploads

FTPS TLS Encryption (v1.4.0)

  • Explicit TLS (AUTH TLS): Upgrades plain connection on port 21 via into_secure()
  • Implicit TLS: Direct TLS connection on port 990
  • Explicit if available: Attempts AUTH TLS, falls back to plain FTP if unsupported
  • Certificate verification: Configurable per-connection. When verification is enabled, invalid, self-signed, or hostname-mismatched certificates are rejected. Disabling verification explicitly accepts those certificates and weakens MITM protection.
  • Backend: suppaftp v8 with tokio-async-native-tls feature

Default changed in v1.5.0: FTP now defaults to 'explicit_if_available' (TLS opportunistic) instead of plain FTP

Directory Sync (v1.5.2)

Bidirectional directory synchronization compares local and remote files by timestamp and size, then uploads/downloads as needed.

Sync Support by Protocol

Protocol Compare Upload Download Progress Notes
FTP Yes Yes Yes Yes Via provider/session pipeline
FTPS Yes Yes Yes Yes Via provider/session pipeline
SFTP Yes Yes (ssh2/SCP) Yes Yes Uploads via ssh2/SCP fallback (russh write bug)
WebDAV Yes Yes Yes Yes Via StorageProvider trait
S3 Yes Yes Yes Yes Via StorageProvider trait
Google Drive Yes Yes Yes Yes Via StorageProvider trait
Dropbox Yes Yes Yes Yes Via StorageProvider trait
OneDrive Yes Yes Yes Yes Via StorageProvider trait
MEGA Yes Yes Yes Yes Via StorageProvider trait
Box Yes Yes Yes Yes Via StorageProvider trait
pCloud Yes Yes Yes Yes Via StorageProvider trait
Azure Blob Yes Yes Yes Yes Via StorageProvider trait
4shared Yes Yes Yes Yes Via StorageProvider trait
Filen Yes Yes Yes Yes Via StorageProvider trait
Zoho WorkDrive Yes Yes Yes Yes Via StorageProvider trait
Internxt Drive Yes Yes Yes Yes Via StorageProvider trait
kDrive Yes Yes Yes Yes Via StorageProvider trait
Koofr Yes Yes Yes Yes Via StorageProvider trait
FileLu Yes Yes Yes Yes Via StorageProvider trait

Sync Modes

  • Remote → Local: Download newer remote files
  • Local → Remote: Upload newer local files
  • Bidirectional: Sync in both directions (default)

Comparison Options

  • Timestamp comparison (2-second tolerance for filesystem differences)
  • File size comparison
  • Configurable exclude patterns (node_modules, .git, .DS_Store, etc.)

Sync Index Cache (v1.5.3)

Persistent JSON index stored at ~/.config/aeroftp/sync-index/ enables:

  • True conflict detection: Both sides changed since last sync → Conflict status
  • Faster re-scans: Unchanged files detected via cached size/mtime without full comparison
  • Per-path-pair storage: Stable filename generated from hash of local+remote path pair
  • Auto-save after sync: Index updated with final file states after successful sync

FTP Transfer Retry (v1.5.3)

  • Automatic retry with exponential backoff (3 attempts, 500ms base delay)
  • Targets "Data connection" errors specifically
  • FTP-only (cloud providers handle retries internally)
  • Inter-transfer delay increased to 350ms for server stability

Provider Keep-Alive (v1.5.1)

All non-FTP providers receive periodic keep-alive pings to prevent connection timeouts during idle sessions. This applies to WebDAV, S3, Google Drive, Dropbox, OneDrive, MEGA, Box, pCloud, Azure Blob, 4shared, Filen, Zoho WorkDrive, Internxt Drive, kDrive, Koofr, and FileLu.

WebDAV Presets (v1.5.1)

Preset Status Notes
Koofr Stable EU-based, 10 GB free
Jianguoyun Stable China-based WebDAV
InfiniCLOUD Stable Japan-based, 25 GB free. Native REST API v2 integration: auto-discovery, real-time quota
CloudMe Stable Swedish, 3 GB free, Digest auth (auto-detected)
Nextcloud Beta Self-hosted WebDAV
Seafile Stable Self-hosted or cloud, WebDAV via seafdav endpoint

New Cloud Providers (v1.5.0)

Box (Beta)

  • OAuth2 PKCE via OAuth2Manager
  • API: https://api.box.com/2.0/, upload: https://upload.box.com/api/2.0/
  • ID-based file system (root folder = "0"), path→ID cache
  • Share links, storage quota, file versions

pCloud (Beta)

  • OAuth2 via OAuth2Manager
  • API: https://api.pcloud.com/ (US) or https://eapi.pcloud.com/ (EU)
  • Path-based REST API (simplest of all providers)
  • Share links, storage quota

Azure Blob Storage (Beta)

  • Shared Key HMAC-SHA256 or SAS token authentication
  • API: https://{account}.blob.core.windows.net/{container}/
  • Flat namespace with / delimiter (like S3)
  • XML response parsing via quick-xml

4shared (v2.0.5)

  • Native REST API v1.2 with OAuth 1.0 (HMAC-SHA1) authentication
  • ID-based file system with folder/file caching
  • API: https://api.4shared.com/v1_2/
  • Upload: https://upload.4shared.com/v1_2/files
  • 15 GB free storage, storage quota support

Filen (Beta)

  • Zero-knowledge E2E encryption: PBKDF2(SHA512, 200k iterations) + AES-256-GCM
  • All metadata and file content encrypted client-side
  • Chunk-based upload/download (1MB chunks)
  • API: https://gateway.filen.io/

Zoho WorkDrive (v2.4.0, labels/versioning v2.7.4)

  • OAuth2 PKCE with 8 regional endpoints (US/EU/IN/AU/JP/UK/CA/SA)
  • Team-based storage with team ID auto-detection
  • Share links, trash management, storage quota
  • Labels: team-level color labels, add/remove from files (v2.7.4)
  • Versioning: list/download/restore file versions (v2.7.4)
  • API: https://www.zohoapis.{region}/workdrive/api/v1/

Internxt Drive (v2.6.0)

  • Zero-knowledge E2E encryption: AES-256-CTR with BIP39 mnemonic key derivation
  • Auth: PBKDF2-SHA1 + AES-CBC encrypted password + JWT
  • Client-side file encryption/decryption, plainName metadata
  • API: https://drive.internxt.com/

Infomaniak kDrive (v2.6.0)

  • Swiss-hosted cloud storage (GDPR + FADP compliant)
  • Auth: Bearer API Token (generated from Infomaniak dashboard)
  • ID-based file system, cursor-based pagination, server-side copy
  • API: https://api.infomaniak.com/

Koofr (v2.8.0)

  • EU-based cloud storage (Slovenia) with 10 GB free
  • Auth: OAuth2 PKCE (authorization code flow)
  • Native REST API with full StorageProvider trait implementation
  • Trash management: list, restore, empty trash
  • Also available as WebDAV preset for standard protocol access
  • API: https://app.koofr.net/api/v2/

FileLu (v2.7.0)

  • Privacy-focused cloud storage with 20 GB free
  • Auth: API Key (generated from Account Settings → Developer API Key)
  • Native REST API with full StorageProvider trait implementation
  • FTP/FTPS/WebDAV/S3-compatible access also available as separate presets
  • Special features: file/folder password, private/public toggle, server-side clone, trash management, remote URL upload
  • API: https://api.filelu.com/

AeroAgent AI (v1.6.0)

AI Provider Support

Provider Native Tools Streaming Token Counting Auth
Google Gemini Yes (functionDeclarations) Yes (SSE) Yes (usageMetadata) API Key
OpenAI Yes (tools[]) Yes (SSE) Yes (usage) API Key
Anthropic Yes (tool_use) Yes (content_block_delta) Yes (usage) API Key
xAI (Grok) Yes (OpenAI-compat) Yes (SSE) Yes API Key
OpenRouter Yes (OpenAI-compat) Yes (SSE) Yes API Key
Ollama No (text fallback) Yes (NDJSON) Yes (eval_count) None
Kimi (Moonshot) Yes (OpenAI-compat) Yes (SSE) Yes API Key
Qwen (Alibaba) Yes (OpenAI-compat) Yes (SSE) Yes API Key
DeepSeek Yes (OpenAI-compat) Yes (SSE) Yes API Key
Mistral Yes (OpenAI-compat) Yes (SSE) Yes API Key
Groq Yes (OpenAI-compat) Yes (SSE) Yes API Key
Perplexity No (text fallback) Yes (SSE) Yes API Key
Cohere Yes (OpenAI-compat) Yes (SSE) Yes API Key
Together AI Yes (OpenAI-compat) Yes (SSE) Yes API Key
AI21 Labs Yes (OpenAI-compat) Yes (SSE) Yes API Key
Cerebras Yes (OpenAI-compat) Yes (SSE) Yes API Key
SambaNova Yes (OpenAI-compat) Yes (SSE) Yes API Key
Fireworks AI Yes (OpenAI-compat) Yes (SSE) Yes API Key
Custom No (text fallback) Yes (SSE) Varies API Key

AI Tool Support by Protocol

All 43 tools work identically across the 7 transport protocols and 20+ native provider integrations via the StorageProvider trait:

Tool Danger Description
remote_list Safe List directory contents
remote_read Safe Read file content (5KB limit)
remote_info Safe Get file metadata
remote_search Safe Search files by pattern
local_list Safe List local directory
local_read Safe Read local file (5KB limit)
local_search Safe Search local files by pattern
local_mkdir Medium Create local directory
local_write Medium Write local text file
local_rename Medium Rename/move local file
local_edit Medium Find & replace in local file
remote_edit Medium Find & replace in remote file
remote_download Medium Download file to local
remote_upload Medium Upload file to remote
upload_files Medium Upload multiple files
download_files Medium Download multiple files
remote_mkdir Medium Create remote directory
remote_rename Medium Rename remote file
sync_preview Medium Preview directory sync
archive_create Medium Create archive
archive_extract Medium Extract archive
rag_index Medium Index directory for RAG search
rag_search Medium Full-text search over indexed files
agent_memory_write Medium Write to persistent agent memory
remote_delete High Delete remote file
terminal_exec High Execute terminal command
local_delete High Delete local file/directory
server_list_saved Safe List all saved server profiles
server_exec High Execute operation on any saved server

AI Features

Feature Status Notes
Native function calling Done (v1.6.0) OpenAI, Anthropic, Gemini; text fallback for Ollama
Streaming responses Done (v1.6.0) Incremental rendering via Tauri events
Chat history Done (v1.6.0) 50 conversations, 200 msgs each, persisted to disk
Cost tracking Done (v1.6.0) Per-message token count + cost estimate
Context awareness Done (v1.7.0) Provider, server host/port/user, path, selected files
Protocol expertise Done (v1.7.0) System prompt with all 14 provider configs, ports, auth
Styled tool display Done (v1.7.0) Inline chips with wrench icon replace raw TOOL/ARGS
Auto-routing Done (v1.4.0) Task-type detection routes to optimal model
Rate limiting Done (v1.4.0) 20 RPM per provider, frontend token bucket
Speech input Done (v1.4.0) Web Speech API
Multi-step autonomous tools Done (v1.9.0) Agent chains multiple tool calls without repeated prompts
Ollama auto-detection Done (v1.9.0) Discovers local Ollama instances and available models
Conversation export Done (v1.9.0) Export as Markdown or JSON
Monaco bidirectional sync Done (v1.9.0) Live two-way sync between editor and AI agent
Terminal command execution Done (v1.9.0) AI executes terminal commands with user approval
Streaming markdown renderer Done (v2.0.0) Incremental rendering with finalized segments (React.memo)
Code block actions Done (v2.0.0) Copy/Apply/Diff/Run buttons on AI code blocks
Thought visualization Done (v2.0.0) ThinkingBlock for Anthropic/OpenAI/Gemini reasoning
Prompt templates Done (v2.0.0) 15 built-in templates via / prefix, vault-persisted custom
Multi-file diff Done (v2.0.0) PR-style diff with per-file checkboxes
Cost budget tracking Done (v2.0.0) Per-provider monthly limits, vault-persisted
Chat search Done (v2.0.0) Ctrl+F with role filter and keyboard navigation
Anthropic prompt caching Done (v2.0.0) cache_control ephemeral, 90% read discount
OpenAI structured outputs Done (v2.0.0) strict: true for OpenAI/xAI/OpenRouter
Ollama model templates Done (v2.0.0) 8 family profiles with tailored prompts
Ollama pull from UI Done (v2.0.0) NDJSON streaming progress in AI Settings
Gemini code execution Done (v2.0.0) executableCode/codeExecutionResult parsing
Kimi web search Done (v2.0.1) $web_search builtin_function tool injection
Kimi context caching Done (v2.0.1) /v1/caching endpoint, cache_id passthrough
Kimi file analysis Done (v2.0.1) /v1/files upload, fileid:// references
Qwen thinking mode Done (v2.0.1) enable_thinking + thinking_budget parameters
Qwen web search Done (v2.0.1) enable_search + search_options.search_strategy
DeepSeek thinking mode Done (v2.0.1) reasoning_content streaming (shared with o3)
DeepSeek FIM completion Done (v2.0.1) /beta/completions with prompt + suffix
DeepSeek prefix completion Done (v2.0.1) prefix: true on last assistant message

AeroAgent Pro (v2.0.0)

AI Provider Feature Matrix

Feature OpenAI Anthropic Google Gemini xAI OpenRouter Ollama Kimi Qwen DeepSeek Custom
Native Tool Calling Yes Yes Yes Yes Yes Text format Yes Yes Yes Yes
Streaming SSE SSE SSE SSE SSE NDJSON SSE SSE SSE SSE
Vision/Multimodal Yes Yes Yes Yes Via model Yes Yes Yes N/A Via model
Structured Outputs strict: true N/A N/A strict: true strict: true N/A N/A N/A N/A N/A
Prompt Caching N/A Ephemeral cachedContent N/A N/A N/A Context cache N/A N/A N/A
Extended Thinking o3/o3-mini Claude 3.5+ Gemini 2.0+ N/A Via model deepseek-r1 N/A enable_thinking reasoning_content N/A
Web Search N/A N/A N/A N/A N/A N/A $web_search enable_search N/A N/A
Code Execution N/A N/A Python sandbox N/A N/A N/A N/A N/A N/A N/A
FIM Completion N/A N/A N/A N/A N/A N/A N/A N/A beta/completions N/A
File Analysis N/A N/A N/A N/A N/A N/A v1/files N/A N/A N/A
Prefix Completion N/A N/A N/A N/A N/A N/A N/A N/A prefix: true N/A
Model Pull from UI N/A N/A N/A N/A N/A Yes N/A N/A N/A N/A
GPU Monitoring N/A N/A N/A N/A N/A Yes N/A N/A N/A N/A
Model Family Templates N/A N/A N/A N/A N/A 8 families N/A N/A N/A N/A

AeroAgent Tool Categories (43 tools)

Category Tools Danger Level
Remote File Ops remote_list, remote_read, remote_download, remote_upload, remote_delete, remote_rename, remote_mkdir, remote_edit, remote_info, remote_search medium-high
Local File Ops local_list, local_read, local_write, local_delete, local_rename, local_mkdir, local_search, local_edit, local_move_files, local_copy_files, local_trash, local_file_info, local_disk_usage, local_find_duplicates, local_batch_rename medium
Batch Operations upload_files, download_files medium
Archives archive_compress, archive_decompress medium
Power Tools local_grep, local_head, local_tail, local_stat_batch, local_diff, local_tree safe-medium
Clipboard clipboard_read, clipboard_write, clipboard_read_image safe
Shell shell_execute high
Sync & Compare sync_preview medium
RAG rag_index, rag_search medium
Memory agent_memory_write medium
Server Exec server_list_saved, server_exec safe-high

Credential Storage Architecture (v1.9.0)

Unified Keystore

Since v1.9.0, all sensitive data is stored in the Universal Vault (vault.db). The previous layered approach (OS Keyring primary, vault fallback) has been replaced by a single encrypted backend.

Data Type Storage Notes
Server passwords vault.db (AES-256-GCM) Per-entry encryption with random nonce
Server profiles vault.db (AES-256-GCM) Host, port, username, protocol config (v1.9.0)
OAuth tokens vault.db (AES-256-GCM) Access + refresh tokens for all 5 OAuth providers
AI API keys vault.db (AES-256-GCM) All 7 AI provider keys
AI settings vault.db (AES-256-GCM) Model selection, provider config (v1.9.0)
App config vault.db (AES-256-GCM) Sensitive application settings (v1.9.0)
MEGA credentials secrecy crate (zero-on-drop) In-memory only during session

Keystore Backup/Restore (v1.9.0)

Parameter Value
Format .aeroftp-keystore binary
KDF Argon2id (64 MB, t=3, p=4)
Encryption AES-256-GCM
Integrity HMAC-SHA256
Merge modes Skip existing, Overwrite all

Key Derivation (Vault)

Parameter Value
Algorithm HKDF-SHA256 (RFC 5869)
Input 512-bit CSPRNG passphrase
Output 256-bit vault key
Per-entry AES-256-GCM with random 12-byte nonce

Release History

Version Feature Status
v1.2.8 Properties Dialog, Compress/Archive, Checksum, Overwrite, Drag & Drop Done
v1.3.0 SFTP Integration, 7z Archives, Analytics Done
v1.3.1 Multi-format TAR, Keyboard Shortcuts, Context Submenus Done
v1.3.2 Secure Credential Storage, Argon2id Vault, Permission Hardening Done
v1.3.3 OS Keyring Fix (Linux), Migration Removal, Session Tabs Fix Done
v1.3.4 SFTP Host Key Verification, Ephemeral OAuth Port, FTP Warning Done
v1.4.0 Cross-provider search/quota/versions/thumbnails/permissions/locking, S3 multipart, FTP resume + MLSD, dep upgrades Done
v1.4.1 AI API keys → OS Keyring, ZIP/7z password dialog, ErrorBoundary, hook extractions, dead code cleanup Done
v1.5.0 4 new providers (Box, pCloud, Azure, Filen), FTP TLS default, S3/WebDAV stable badges Done
v1.5.1 WebDAV directory fix, provider keep-alive, drag-to-reorder tabs/servers, 4 new presets (30 total), provider logos Done
v1.5.2 Multi-protocol sync, codebase audit, credential fix, SEC-001/SEC-004 fixes Done
v1.5.3 Sync index cache, storage quota display, OAuth session switching fix, FTP retry with backoff Done
v1.5.4 In-app auto-updater, download progress, AppImage auto-install, terminal empty-start Done
v1.6.0 AeroAgent Pro: native function calling (SEC-002), streaming, provider-agnostic tools, chat history, cost tracking, context awareness, 122 i18n keys Done
v1.7.0 Encryption Block: AeroVault v1, archive browser + selective extraction, Cryptomator format 8, CompressDialog, AeroFile mode, preview panel, Type column, 7z password fix Done
v1.8.0 Smart Sync (3 intelligent modes), Batch Rename (4 modes), Inline Rename, AeroVault v2 (AES-256-GCM-SIV + AES-KW + AES-SIV + Argon2id 128MiB + HMAC-SHA512 + ChaCha20 cascade) Done

| v1.8.6 | Universal Credential Vault (AES-256-GCM + Argon2id + HKDF-SHA256), smart folder transfers, folder conflict resolution | Done | | v1.8.7 | File clipboard (cut/copy/paste), cross-panel paste, Ubuntu/macOS audits | Done | | v1.8.8 | Vision/multimodal AI, auto panel refresh, XSS hardening, security audit | Done | | v1.9.0 | Unified Keystore (localStorage to vault migration), keystore backup/restore (.aeroftp-keystore), migration wizard, AI multi-step tools, Ollama auto-detection, conversation export, Monaco bidirectional sync, terminal command execution | Done | | v2.0.0 | AeroAgent Pro - Provider Intelligence (7 provider profiles, model registry, parameter presets), Advanced Tool Execution (DAG pipeline, diff preview, intelligent retry, tool validation, composite macros, progress indicators), Context Intelligence (project detection, file dependency graph, persistent agent memory, conversation branching, smart context injection, token budget optimizer), Professional UX (streaming markdown, code block actions, thought visualization, prompt templates, multi-file diff, cost budget, chat search), Provider Features (Anthropic caching/thinking, OpenAI strict outputs, Ollama templates/pull/GPU, Gemini code execution) | Done | | v2.0.1 | 3 Asian AI Providers (Kimi, Qwen, DeepSeek) with thinking modes, web search, FIM, context caching, file analysis. AeroFile Pro Places Sidebar, BreadcrumbBar, Large Icons, drive detection, custom sidebar locations. Official SVG provider logos for all 10 providers | Done | | v2.0.5 | 4shared native REST API (OAuth 1.0, 14th protocol), CloudMe WebDAV preset, Places Sidebar GVFS/unmounted partitions, Autostart, Windows Explorer badges, OwnCloud removal | Done | | v2.5.0 | AeroFile Pro - LocalFilePanel extraction, local path tabs (12 max, drag-to-reorder), file tags SQLite (7 Finder-style labels), FileTagBadge, tags context menu, sidebar filter, macOS FinderSync, event-driven volume detection, keyboard navigation, ARIA accessibility | Done | | v2.5.2 | AeroImage - Built-in image editor (crop, resize, rotate, flip, color adjustments, effects, 6 output formats) | Done | | v2.6.0 | AeroAgent Ecosystem - 4 new AI providers (AI21, Cerebras, SambaNova, Fireworks), Command Palette, Plugin Registry with GitHub-based browser, plugin hooks, context menu AI, AI status widget, drag & drop to agent | Done | | v2.7.0 | FileLu native REST API - 19th protocol, file/folder passwords, privacy toggle, server-side clone, trash manager, remote URL upload | Done | | v2.7.4 | Complete Provider Integration - Box (trash, move, comments, collaborations, watermark, folder locks, tags), Google Drive (starring, comments, properties), Dropbox (tags, trash UI), OneDrive (trash lifecycle). 33 new commands, PRO badge system | Done | | v2.8.0 | Koofr Native API (20th protocol), Production CLI (13 commands, 20 protocols), AeroAgent Server Exec (2 new tools, vault-secured), Ed25519 license foundation | Done | | v2.9.2 | CLI Expansion - Batch scripting engine (17 commands), glob transfers, tree command, exit codes, path traversal protection, BFS caps, NO_COLOR, SIGPIPE | Done | | v2.9.4 | Server Health Check - DNS/TCP/TLS/HTTP probes, latency gauge, batch diagnostics. Download mtime preservation. AeroVault Pro modular refactor, recent vaults, folder encryption | Done | | v2.9.5 | Dual-Engine Security Audit - Claude Opus 4.6 + GPT-5.4 (117 findings), DOMPurify, vault write safety, shell denylist expansion, TOTP-before-cache. Yandex Object Storage S3 preset | Done | | v2.9.6 | Remote Timestamp Timezone Fix - MLSD/SFTP/cloud UTC→local conversion, sync comparison fix, 11 provider backends updated | Done | | v2.9.7 | Share Links for FTP/SFTP/WebDAV - Per-server Public URL Base mapping, folder scan progress toast, update install overlay, security audit remediation | Done | | v2.9.8 | OpenDrive Native API (22nd protocol), Settings OAuth for Yandex/Zoho | Done | | v3.0.5 | SFTP upload 0-byte fix (russh→ssh2/SCP backend on embedded SFTP servers), atomic downloads (.aerotmp rename) on all 22 providers, GitHub PEM vault (AES-256-GCM encrypted in vault on import), GitHub token expiry badges, 0 B file alert badge | Done | | v3.1.x | Filen Encrypted Notes (Beta), CSP Phase 2 prep, biometric unlock investigation | Done | | v3.3.4 | serve http + serve webdav local servers (axum-based, Range requests, PROPFIND, atomic PUT) | Done | | v3.5.2 | CLI determinism: 12-code exit map covering all ProviderError variants, mkdir --parents, rm --force, put --no-clobber, --chunk-size/--buffer-size overrides, Azure server-side copy, parallel S3 multipart, threat model + LLM Integration Guide | Done | | v3.5.3 | CLI sync --watch continuous bidirectional sync (filesystem watcher native, anti-loop cooldown, NDJSON output), MCP Server dialog + VS Code extension axpdev-lab.aeroftp-mcp, --files-from/--immutable/--no-check-dest/--max-depth/--inplace/--fast-list, cleanup orphan .aerotmp scanner, dedupe 7 modes, bisync --conflict-mode rename, FTP/WebDAV listing path fixes | Done | | v3.5.4 | MCP hardening: top-level aeroftp mcp subcommand, shared profile_loader for CLI+MCP, S3 bucket fix from vault, vault auto-init in MCP, per-profile serialization mutex, shutdown drain, schema validation, FTP/SFTP/WebDAV/Filen/FileLu/Drime/Immich error message + retry hardening, CLI hashsum --algorithm, speed --size aliases | Done | | v3.5.8 / v3.5.9 | MCP pool auto-reset, delete_many, list_servers filter, read_file preview_kb, upload_file create_parents, sync_tree plan[], two-sided checksum, CLI parent explainer, scan reconnect, ssh2 OpenSSL Windows CI quirks | Done | | v3.6.0 | MCP read_file soft-truncate, check_tree compare_method, cluster doc reorg | Done | | v3.6.1 | Windows first-class delta sync - native rsync protocol 31 in pure Rust, no rsync.exe bundle, no WSL requirement (aerorsync cross-OS, #![cfg(unix)] removed surgically) | Done | | v3.6.6 | Community wishlist quick wins, Server Speed Test dialog (speed-compare), aeroftp_agent_connect, AeroRsync wired into Cross-Profile Transfer + AeroTools Code Editor save | Done | | v3.6.7 / v3.6.8 / v3.6.10 | Share-link reliability + link --verify, suppaftp 8.0.3 with 14 upstream FTP fixes, MEGA Native canonical key layout interop fix, MEGA/Filen 2FA modal hookup, TOTP QR | Done | | v3.7.0 | AeroRsync session-cached batch transport (AerorsyncBatch trait, delta_files[], bytes_on_wire), AeroVault overlay session model (transparent encrypted browse), rclone crypt full read/write (provider session + filename obfuscation), Server Health Check engine (DNS/TCP/TLS/HTTP probes, IntroHub Pro), MCP wave-5 cross-profile transfer + wave-6 ops tools (touch / cleanup / speed / sync_doctor / dedupe / reconcile), MCP tool count 27 → 39, aerovault crate 0.3.4 with rename_entry / move_entry / copy_entry | Done |

Planned

Version Feature
v3.7.x P3-T01 streaming multi-file + session reuse (rimuove cap 256 MiB native rsync, batch SSH session per N file). 4 onde, ~24 gg netti
v3.x Advanced Share Links (expiration, password, permissions), Full Activity Logging, Blomp provider, AeroVault biometric unlock

This document is maintained as part of AeroFTP protocol documentation.