Traversio
Project

Current Status

A public snapshot of the implemented surface, validation state, and remaining limits.

Summary

Traversio 1.0.x is a usable Apple-first SSH client library with a documented feature set.

It includes encrypted SSH transport, explicit host-key trust, password and public-key authentication, exec, streamed exec, PTY shells, SFTP, single-file SCP helpers, local and remote forwarding, dynamic SOCKS forwarding, streamlocal forwarding, connection proxies, ProxyJump, structured logging, and support diagnostics.

The current release line is strong enough for targeted application integration and deployment validation. It is not a claim that every SSH server, proxy, network condition, long-running workload, or enterprise credential policy is already covered.

The public platform floor is documented in Quickstart and declared directly in Package.swift.

On Apple platform release 26 and later, Traversio automatically prefers the newer transport and listener backends. Older supported releases use compatibility backends behind the same public API surface.

What Is Implemented

Transport And Algorithms

Implemented:

  • SSH identification exchange, binary framing, strict-kex handling, encrypted packet flow, remote rekey, and automatic local rekey.
  • KEX: Curve25519 plus ECDH P-256/P-384/P-521.
  • Host keys: Ed25519, Ed25519 host certificates, ECDSA P-256, ECDSA P-256 host certificates, RSA SHA-2, and explicit opt-in legacy ssh-rsa.
  • User public-key signatures: Ed25519, ECDSA P-256/P-384/P-521, RSA SHA-2, and explicit opt-in legacy ssh-rsa.
  • Ciphers and integrity: AES-128/256 CTR, AES-128/256 GCM, Chacha20-Poly1305, HMAC-SHA-2, and OpenSSH UMAC.
  • Compression: none by default, caller-opt-in RFC 4253 zlib, and caller-opt-in OpenSSH delayed [email protected].

Not currently supported:

  • MODP DH, group exchange, ML-KEM hybrids, AES-192, CBC and older symmetric ciphers, DSS, SHA-1-class MACs, and broader certificate variants.

Authentication And Host Trust

Implemented:

  • Password auth, password-change callback auth, keyboard-interactive auth, callback-backed public-key auth, built-in public-key auth, and SSH agent-backed public-key auth.
  • Auth-method discovery through SSH none userauth after transport setup and host-key trust.
  • OpenSSH private-key metadata inspection, loading, and key generation for supported Ed25519, ECDSA, and RSA paths.
  • Broad private-key PEM loading for OpenSSH keys plus unencrypted PKCS#8 Ed25519/RSA/ECDSA, traditional RSA, encrypted traditional RSA, and traditional EC containers.
  • Host-key verification for Ed25519, ECDSA, and RSA/SHA-2.
  • Exact key pinning, trusted key sets, app-owned first-seen trust, changed-key handling, async trust callbacks, and OpenSSH known_hosts.
  • Host-certificate trust for the documented Ed25519 and ECDSA P-256 certificate paths.

Not currently supported:

  • Mandatory built-in trust-store persistence.
  • Keychain-backed credential loading.
  • Hostbased auth and security-key auth.
  • Broader host-certificate algorithm coverage.

Sessions

Implemented:

  • Long-lived SSHConnection ownership, explicit close, connection snapshots, and state event streams.
  • Collected exec, streamed exec, named subsystem startup, PTY shell startup, pre-start environment requests, PTY resize, outbound signals, standard-error writes, exit status, and exit-signal reporting.
  • Session event streams, best-effort channel close on cancellation or early event-iterator exit, channel-window snapshots, manual receive-window adjustment, receive-window replenishment, and remote-window-aware writes.

Not currently supported:

  • Automatic reconnect and session restoration.
  • Application-specific transcript retention policy.
  • Broader terminal-control conveniences.

SFTP And SCP

Implemented:

  • SFTP v3 version exchange and extension advertisement parsing.
  • Metadata, listing, path operations, handle operations, filesystem queries, reads, writes, mutations, symlink/readlink, and selected OpenSSH extensions such as [email protected], [email protected], and [email protected].
  • Request-id routing so multiple SFTP operations can overlap on one subsystem channel.
  • Whole-file reads/writes, local file URL upload/download, recursive directory upload/download, resumable whole-file helpers, progress callbacks, and caller-owned continuation checks.
  • Single-file SCP receive/send plus local file URL wrappers.

Not currently supported:

  • Automatic transfer-window tuning.
  • Segmented multi-session transfer helpers for very large files.
  • Recursive SCP and timestamp-preservation helpers.

Forwarding, Routing, And Proxying

Implemented:

  • Raw direct-tcpip and [email protected] channel wrappers.
  • Local TCP forwarding.
  • Dynamic SOCKS forwarding.
  • Raw remote TCP listeners and fixed remote TCP bridge helpers.
  • Remote streamlocal listeners for OpenSSH streamlocal servers.
  • SOCKS5 and HTTP CONNECT connection proxies before the first SSH handshake.
  • API-level ProxyJump hop chains.
  • Per-accepted-connection failure isolation for the documented forwarding helpers.

Not currently supported:

  • X11 forwarding and auth-agent forwarding.
  • Enterprise proxy auth families beyond the documented SOCKS5 and HTTP CONNECT support.
  • Broader non-OpenSSH streamlocal evidence.

Validation Summary

Traversio has deterministic Swift Testing coverage across wire codecs, transport behavior, algorithms, host trust, authentication, sessions, SFTP, SCP, forwarding, diagnostics, and cancellation-sensitive paths.

The current live validation covers:

  • OpenSSH, Dropbear, and AsyncSSH server families.
  • Restricted algorithm profiles, including Curve25519, NIST ECDH, AEAD, CTR plus HMAC-SHA-2, CTR plus UMAC, delayed zlib, RSA/SHA-2 host keys, opt-in legacy RSA userauth, and documented host-certificate paths.
  • Actual OpenSSH login targets for OpenSSL-generated PKCS#8 Ed25519/RSA/ECDSA keys, traditional RSA/EC PEM keys, encrypted traditional RSA PEM, and traditional RSA PEM with opt-in legacy ssh-rsa userauth.
  • Exec, shell, SFTP, SCP, local forwarding, dynamic forwarding, remote forwarding, streamlocal forwarding, connection proxies, ProxyJump, callback-backed public-key auth, and SSH agent-backed public-key auth.
  • Rekey and compression behavior, including remote rekey, packet-threshold local rekey, idle-time local rekey, RFC zlib, and delayed OpenSSH zlib.
  • Adverse paths such as auth rejection, refused routes, wrong host or port, proxy failure, timeout, server disconnect, mid-operation transport loss, and interrupted forwarding.
  • Repeated long-running workloads covering shared connections, shell, SFTP, forwarding, rekey pressure, transport-failure teardown, close-path memory behavior, and performance/resource health checks.
  • Host-built runtime checks on an older supported macOS release through the compatibility backend.

That validation is meant to make the release line credible for application trials. Applications should still validate against their own SSH servers, proxy infrastructure, credential stores, recovery policy, and long-running workload shape.

Status By Area

AreaCurrent status
Transport and handshakeFunctional and validated across the documented modern profile; broader legacy algorithm support is future compatibility work
AuthenticationStrong coverage for password, keyboard-interactive, auth discovery, public-key, callback-backed, SSH-agent, OpenSSH key-file, OpenSSL-style PEM, and encrypted traditional RSA PEM workflows
Host trustExplicit and fail-closed; app-owned persistence remains the default design
SessionsExec and shell are usable today; reconnect, transcript retention, and broader terminal convenience remain application-owned or not currently included
SFTPBroad client surface with concurrent in-session request routing, local-file helpers, recursive helpers, resumable helpers, and progress callbacks
SCPSingle-file compatibility helpers exist; SFTP remains the preferred transfer API for richer workflows
ForwardingRaw, local, dynamic, remote, streamlocal, connection-proxy, and ProxyJump paths exist; wider interoperability evidence remains useful
DiagnosticsPublic errors, log events, OSLog adapters, support-report helpers, SFTP status details, live connection latency snapshots, and route-latency diagnostic reports are available with default redaction

What Applications Should Own

Applications adopting Traversio should still own:

  • reconnect timing and retry policy
  • session, shell, SFTP, and forwarding restoration after reconnect
  • credential storage and rotation
  • trust-store persistence and user approval policy
  • large-output retention limits
  • deployment-specific proxy policy
  • rollout criteria for critical workflows

Areas To Watch

Areas that may expand in later releases:

  1. additional server-family and proxy-environment compatibility evidence
  2. longer workload-shaped validation after real app adoption feedback
  3. segmented large-file SFTP transfer design
  4. more polished cancellation and lifecycle wording for long-running workflows
  5. broader algorithm, auth, host-certificate, and proxy-auth coverage when deployment evidence justifies it

Architecture

How Traversio is layered, which boundaries are stable, and where the implementation still needs refinement.

Release Scope

What Traversio 1.0.x covers, what applications should own, and what is not currently included.

On this page

SummaryWhat Is ImplementedTransport And AlgorithmsAuthentication And Host TrustSessionsSFTP And SCPForwarding, Routing, And ProxyingValidation SummaryStatus By AreaWhat Applications Should OwnAreas To Watch