Traversio
Project

Release Scope

What Traversio aims to cover in its first stable release, and what remains out of scope.

Summary

Traversio is being shaped as a high-level, Apple-first SSH client library with a small, readable, modern Swift API.

Core Release Goals

The first stable release is expected to include:

  • a long-lived connection model
  • same-connection multi-channel concurrency
  • exec
  • interactive shell and PTY support
  • SFTP
  • local forwarding
  • remote forwarding
  • dynamic forwarding / SOCKS
  • API-level multi-hop ProxyJump

The first stable release also keeps these design choices:

  • implicit reconnect inside the library
  • local ssh_config parsing
  • a mandatory built-in trust database

First Shippable Integration Floor

The first release that higher-level apps can integrate against keeps a focused feature set.

The first-launch bar includes:

  • the current modern transport profile is locked, documented, and live-validated on its supported matrix
  • long-lived connection ownership, concurrent channel use, exec, PTY shell, SFTP, local forwarding, remote forwarding, dynamic forwarding, ProxyJump, and the current outer connection-proxy paths are stable on their documented paths
  • password, keyboard-interactive, and Ed25519/RSA/ECDSA public-key auth are stable, with practical host-trust guidance, encrypted key-file support, and an explicit opt-in legacy ssh-rsa compatibility path for older endpoints
  • the SFTP surface includes a broader transfer engine for the first release: streaming reads/writes, resumable transfer helpers, progress reporting, and bounded transfer-window control above the current whole-file convenience layer
  • diagnostics, logging, timeout, and cancellation behavior are predictable enough for an application to surface failures cleanly
  • compatibility evidence includes the OpenSSH matrix plus at least one Dropbear-family target
  • release decisions are backed by repeatable compatibility and performance evidence rather than spot checks

Deferred areas for later releases:

  • library-owned automatic reconnect
  • local ssh_config parsing
  • the full OpenSSH trust envelope
  • agent-backed authentication
  • hostbased authentication
  • enterprise proxy auth families beyond the currently documented SOCKS5 and HTTP CONNECT support

Connection Model

SSHClient.withConnection(...) remains useful as a convenience API, and explicit connection ownership is the core model:

  • one SSHConnection should carry multiple channels concurrently
  • the convenience closure form should stay as a wrapper over that lower-level core
  • normal application workflows use one transport connection for many commands, shells, or SFTP operations

That includes workloads such as:

  • multiple interactive shells at the same time
  • multiple SFTP subsystem channels at the same time
  • periodic exec calls for monitoring
  • simultaneous forwarding activity

Streaming API Direction

For long-lived shell and forwarding surfaces, the preferred direction is:

  • long-lived handles own lifetime and write methods
  • inbound data or events are exposed as AsyncSequence

That fits modern Swift APIs well and matches the library's current direction for shells, streamed exec, and raw forwarding channels.

Collected-result helpers such as execute(...) can remain as convenience layers on top.

SFTP follows a request/response model. The immediate requirement is clean support for multiple SFTP subsystem channels on one SSH connection.

Host Trust

Host-trust decisions belong to the calling application.

Traversio should provide:

  • host-key and fingerprint models
  • trust evaluation logic
  • helper APIs for first-seen and changed-key decisions
  • OpenSSH-compatible known_hosts helpers

Traversio keeps these boundaries outside the library:

  • a mandatory built-in persistence backend
  • a mandatory Keychain-backed trust store

The trust baseline stays close to a client-library surface.

Authentication And Keys

The library already has password auth, keyboard-interactive callbacks, and Ed25519, RSA, and ECDSA public-key authentication.

The current v1 auth surface now also includes SSHLegacyAlgorithmOptions on both SSHClientConfiguration and SSHProxyJumpHost, so one connection or one jump-host hop can explicitly opt into legacy ssh-rsa host-key and RSA auth compatibility for older servers.

Still required before a stable release:

  • more live validation and hardening across the auth matrix
  • a clear documented compatibility statement for the current host-trust floor rather than continued host-trust expansion

The library keeps a modern security baseline by making the legacy SHA-1-based ssh-rsa path explicit and caller-controlled.

Forwarding

Forwarding breadth is part of the release scope.

Required categories:

  • local forwarding
  • remote forwarding
  • dynamic forwarding / SOCKS

The API should include both:

  • expert/raw surfaces
  • convenience helpers for common application workflows

Failure isolation should default to the forwarding scope. Unrelated shells, SFTP clients, and monitoring exec channels should remain available on the same connection.

ProxyJump

API-level multi-hop ProxyJump is also part of the intended scope.

Each hop should carry its own:

  • host
  • port
  • username
  • authentication method
  • host-trust policy
  • compression preference
  • automatic rekey policy

The library uses an explicit API for describing the hop chain.

Compatibility And Performance Validation

Before a stable release, Traversio also needs repeatable interoperability coverage on:

  • the current OpenSSH matrix
  • at least one Dropbear-family target

That coverage should exercise connection setup, auth, shell, SFTP transfer paths, and the documented forwarding helpers on the supported matrix.

Before a stable release, Traversio also needs repeatable benchmark coverage for:

Before a stable release, Traversio also needs repeatable benchmark coverage for:

  • connection setup and authentication cost
  • many small exec requests on one connection
  • concurrent multi-connection workloads
  • SFTP transfer paths
  • forwarding round trips on the supported helper paths
  • wall-clock time, CPU cost, and memory usage with versioned result sets that can later be published as developer-facing comparisons

Explicit Deferrals

These items remain out of scope unless later requirements change:

  • local ssh_config parsing
  • library-owned automatic reconnect
  • a mandatory Keychain-backed trust store
  • the full OpenSSH trust envelope unless a concrete need justifies it

Current Status

A project-level snapshot of the implemented surface, validation state, and release gaps.

On this page

Summary
Core Release Goals
First Shippable Integration Floor
Connection Model
Streaming API Direction
Host Trust
Authentication And Keys
Forwarding
ProxyJump
Compatibility And Performance Validation
Explicit Deferrals