Policy CRUD with draft / released / archived lifecycle
gRPC streaming — delta sync and snapshot fallback
Compliance reporting with per-item results
Node status dashboard and fleet overview
Policies: Firefox, Chrome, KDE/KConfig, dconf, polkit
LDAP / AD with group-to-role mapping
Kerberos (SPNEGO) — primary agent authentication, alternative to enrollment tokens
WebAuthn / Passkey — web UI login
PKCS#11 / HSM support for CA private keys
Prometheus metrics endpoint
Audit log with configurable retention
RBAC — predefined roles, scope-aware
Packages: .deb .rpm .apk .pkg.tar.zst, multi-arch
Tamper protection — managed file modifications trigger audit log alerts
mTLS connectivity between the server and the agents