Current Status

Summary

Traversio already has a working SSH client core with encrypted transport, explicit host-key trust, password and public-key authentication, command execution, PTY-backed shells, SFTP, and forwarding APIs.

It supports evaluation and targeted integration work. Production-readiness work centers on compatibility breadth, lifecycle hardening, and repeatable release validation.

What Has Been Validated

Deterministic coverage exists across:

• wire codecs and packet framing
• key exchange and encrypted transport behavior
• OpenSSH UMAC packet protection
• OpenSSH AES-GCM and Chacha20-Poly1305 packet protection
• OpenSSH strict-kex sequencing and NEWKEYS sequence-number reset handling
• rekey behavior on the supported transport profiles
• host trust logic and authentication flows
• exec, shell, SFTP, and public wrapper APIs

Live validation against OpenSSH has already confirmed:

• shell and exec workflows
• SFTP metadata, path and handle attribute mutation, path and handle OpenSSH filesystem queries, public file handles, listing, reads, sequential writes with optional OpenSSH fsync, rename, symlink, and readlink
• password-authenticated authorized_keys management plus RSA and ECDSA public-key re-login
• RSA and ECDSA host-key verification
• forwarding raw-listener, fixed local forwarding, dynamic SOCKS forwarding on the SOCKS5 path in both no-auth and username/password modes, and fixed-endpoint remote-bridge data paths
• outer connection-proxy paths through real SOCKS5 and HTTP CONNECT daemons, including one combined connectionProxy + proxyJumpHosts path
• ProxyJump hop chaining through a real jump-host connection and nested SSH handshake
• successful exec true against a local UMAC-only OpenSSH matrix target
• explicit client-initiated local rekey on baseline, AEAD-only, ETM-only, and Chacha20-Poly1305-only matrix targets

Temporary local AsyncSSH validation has also confirmed:

• keyboard-interactive authentication
• remote-initiated rekey

Main Gaps

1. Compatibility Breadth

Traversio supports a useful modern OpenSSH-oriented transport profile:

• curve25519-sha256, [email protected], and ecdh-sha2-nistp256
• aes128-ctr / aes256-ctr plus HMAC-SHA-2, including OpenSSH HMAC-SHA-2 ETM MACs and OpenSSH UMAC-64 / UMAC-128 MACs in both classic and ETM forms
• OpenSSH [email protected] and [email protected]
• OpenSSH [email protected]
• RFC 4253 zlib
• OpenSSH delayed [email protected] compression after successful authentication when the client explicitly opts in
• OpenSSH [email protected] negotiation plus strict-kex ordering and sequence-reset rules
• remote-initiated and automatic local rekey on the supported compression profiles, including packet-threshold triggers plus an optional post-auth idle timer

That profile remains focused. Production maturity depends on broader algorithm coverage, a wider server matrix, and a clear supported compression story around none, RFC 4253 zlib, and delayed OpenSSH zlib.

2. Trust And Credential Handling

Host trust and key loading already cover:

• exact raw-key pinning
• trusted key sets
• trust-on-first-use with caller-owned persistence and compare-and-set store context
• protocol-backed trust-on-first-use through app-owned SSHHostKeyTrustStore types with the same compare-and-set store context
• explicit changed-key resolution on top of that same caller-owned store boundary
• async trust callbacks
• known_hosts support for exact, wildcard, negated, hashed, CIDR, @revoked, and @cert-authority entries, plus optional additional host/IP lookup names
• Ed25519 and ECDSA P-256 host-certificate trust with principal and validity checks before policy-specific trust evaluation
• raw Ed25519 and ECDSA private keys
• PKCS#1 DER RSA private keys
• OpenSSH Ed25519, RSA, and ECDSA private keys, including the current bcrypt + AES encrypted-key path
• OpenSSH Ed25519, RSA, and ECDSA key-pair generation, including matching authorized-key output and the current bcrypt + AES encrypted-key export path

Still missing:

• broader host-certificate algorithm coverage beyond today's Ed25519 and ECDSA P-256 paths
• agent-backed authentication

3. Public API Semantics

Traversio exposes explicit long-lived ownership through SSHClient.connect(configuration:) and keeps withConnection(...) as the convenience wrapper. It also exposes packet-threshold plus optional idle-time automatic rekey configuration through SSHClientConfiguration.automaticRekeyPolicy, explicit post-auth idle keepalive through SSHClientConfiguration.keepalivePolicy, and explicit setup/reply timeout policy through SSHClientConfiguration.timeoutPolicy. Structured connection and wrapped-operation logging are public through the logHandler: overloads, SSHClientLogHandler, and the bounded SSHClientLogRecorder support-export helper.

Several API areas still need final release guidance:

• a stable graceful-cancellation contract
• broader long-running retention/redaction guidance for diagnostics and logging
• whether the current packet-threshold plus idle-time trigger set is enough for the first release
• whether delayed OpenSSH zlib should stay opt-in or later become part of the default transport profile
• whether streamed exec should continue to reuse SSHSession or later gain a more specialized wrapper
• more refactoring around SSHTransportProtocolClient, which still owns a large amount of post-auth coordination

4. Forwarding And Higher-Level Workflows

Forwarding is part of the implemented public surface:

• a public raw direct-tcpip channel wrapper
• an Apple 26+ closure-scoped local-forwarding helper
• an Apple 26+ closure-scoped local dynamic SOCKS helper with SOCKS5 username/password auth and no-auth SOCKS4 / SOCKS4a fallback
• a closure-scoped remote-forward listener
• an Apple 26+ closure-scoped remote-forwarding bridge helper
• outermost-hop SOCKS5 and HTTP CONNECT support through SSHClientConfiguration.connectionProxy
• explicit proxyJumpHosts hop chaining in SSHClientConfiguration

Remaining release work:

• stronger finalized lifecycle contracts for the local and remote helpers
• broader interoperability coverage for the newer forwarding paths
• broader live validation beyond the current local Dante/Tinyproxy proxy matrix and OpenSSH-heavy forwarding matrix
• clearer long-term rules around outermost-hop-only connectionProxy semantics when it is combined with ProxyJump

Current forwarding failure boundary:

• one accepted local-forward, dynamic-forward, or fixed remote-forward bridge connection failing no longer poisons the forwarding scope for later connections
• the fixed remote-forward bridge helper can also keep multiple accepted remote connections active at the same time while the scope stays open

Lifetime Rules

The key runtime rule is simple:

• SSHClient.connect(configuration:) gives you an SSHConnection that stays valid until you call SSHConnection.close()
• SSHClient.withConnection(configuration:_:) closes that connection automatically when the closure exits
• any SSHSession, SFTPClient, or forwarding wrapper created from that connection becomes invalid once the connection closes

Long-running operations observe task cancellation and generally surface CancellationError. Session transcript-style waits plus session or raw-channel events iteration also attempt a best-effort channel-close on cancellation, and the broader graceful-shutdown contract is still being refined.

Maturity By Area

What To Watch Next

The likely next steps are:

1. widen compatibility coverage beyond the current OpenSSH-heavy matrix
2. decide whether the new public rekey thresholds plus idle trigger behavior are enough
3. make a clear v1 call on the current compression floor and broader transport compatibility
4. harden the newer forwarding surfaces, especially lifecycle semantics and broader interoperability coverage
5. keep simplifying post-auth coordination inside SSHTransportProtocolClient