Traversio

1.0

Release notes for the Traversio 1.0 release line.

Current Patch

Use the newest 1.0.x patch unless your application has a reason to stay pinned to an older patch:

.package(
    url: "https://github.com/GitSwiftHQ/Traversio.git",
    from: "1.0.8"
)

Patch releases in this line are source-compatible unless a note below says otherwise.

1.0.8

Released: 2026-07-15

Traversio 1.0.8 is a source-compatible SFTP receive-flow performance update for the current 1.0 line.

Behavior updates:

  • SFTP subsystem sessions now advertise a 2 MiB receive window instead of 1 MiB, matching the common OpenSSH session-channel default.
  • Managed channels return application-consumed receive credit after slightly more than three maximum-size packets have depleted the advertised window, instead of waiting for half-window consumption.
  • The larger initial window applies only to SFTP. Terminal, exec, and forwarding initial windows remain unchanged, and receive backpressure remains consumption-driven and bounded.

Validation:

  • Tools/check-release-metadata.sh 1.0.8
  • Tools/check-public-api.sh check
  • swift test with 728 tests
  • swift build -Xswiftc -warnings-as-errors
  • swift build -Xswiftc -strict-concurrency=complete -Xswiftc -warn-concurrency
  • Same-route high-latency SFTP A/B at approximately 270 ms RTT improved from 1.82–1.89 MB/s to 5.60–5.63 MB/s, while a repeated 512 MiB loopback A/B showed no low-latency regression.

1.0.7

Released: 2026-07-08

Traversio 1.0.7 is a source-compatible reliability and hardening update for the current 1.0 line.

Behavior updates:

  • A conservative background keepalive is now enabled by default. Silent or half-dead peers are detected out of band, and keepalive plus idle-rekey timers survive transport rekey paths.
  • close() and remote-forward graceful drain paths are bounded so dead peers do not keep teardown open-ended.
  • Per-channel receive buffering now applies backpressure by consumption, and consumed window credit is protected from caller cancellation.
  • Wire and SFTP parsers bound attacker-controlled allocations against remaining payload bytes. SFTP concurrent-read failure cleanup and request-id wrap behavior are also hardened.
  • Chacha20-Poly1305 transport epochs force rekey before the packet sequence number nonce could wrap.
  • Local and dynamic forwarding honor fixed requested ports when callers bind localHost: "localhost".
  • Proxy transports now forward network path and transport observations through the same public connection state path as direct transports.

Validation:

  • Tools/check-release-metadata.sh 1.0.7
  • Tools/check-public-api.sh check
  • swift test
  • swift build -Xswiftc -warnings-as-errors
  • swift build -Xswiftc -strict-concurrency=complete -Xswiftc -warn-concurrency
  • full release-candidate live gates including static preflight, function, algorithm, close-leak, network-lifecycle, rekey/compression, focused probes, combined soak, and failure-cleanup soak

1.0.6

Released: 2026-06-11

Traversio 1.0.6 is a source-compatible route and transport lifecycle hardening update.

Behavior updates:

  • Traversio now models route-root TCP backend ownership, scoped route roots, listener lifetimes, and forwarding bridge resources through explicit internal flow policies.
  • The automatic backend keeps long-lived handle-owned route roots on the conservative legacy NWConnection backend. Callers that explicitly choose the modern backend get a library-owned structured NetworkConnection<TCP> route-root scope.
  • Shared global-request and channel-request receives no longer let caller cancellation cancel the underlying transport receive after the request is on the wire.
  • Initial Network.framework path, viability, and better-path callbacks establish the connection's observation baseline without starting a proactive liveness probe.
  • Explicit modern route-root abort releases the structured scope without also cancelling the already-published owner task.

Boundary:

  • This release does not switch automatic handle-owned route roots to the modern backend. That remains a separate default-policy decision for a broader compatibility and soak pass.
  • Explicit modern route roots are functional in the focused OrbStack OpenSSH gates, but Network.framework may still emit benign already cancelled debug lines under Xcode OS activity logging. The release validation showed no SO_ERROR, SO_LINGER, handler-after-cancel, progress-after-cancel, or queue-after-start lifecycle logs in the explicit-modern smoke.

Validation:

  • Tools/check-release-metadata.sh 1.0.6
  • Tools/check-public-api.sh check
  • swift test
  • swift build -Xswiftc -warnings-as-errors
  • swift build -Xswiftc -strict-concurrency=complete -Xswiftc -warn-concurrency
  • Tools/TraversioValidation/run-network-lifecycle-gate.sh against the OrbStack Ubuntu 24 direct and ProxyJump targets

1.0.5

Released: 2026-06-11

Traversio 1.0.5 is a source-compatible network path observation update.

API additions:

  • Added SSHConnection.networkPath for reading the latest transport-provided path snapshot from an established connection.
  • Added optional SSHConnectionNetworkPath.isUltraConstrained and SSHConnectionNetworkPath.linkQuality.
  • Added SSHConnectionNetworkPathLinkQuality with unknown, minimal, moderate, and good cases.

Behavior updates:

  • The modern Apple 26.0+ NetworkConnection<TCP> backend now emits path, viability, and better-path observations into SSHConnection.stateEvents.
  • Initial transport path is captured after connection setup without starting an extra liveness probe.
  • Later satisfied path and better-path events still use Traversio's existing bounded liveness probe to classify whether the SSH connection remains usable.
  • Connection-state logs now include ultra-constrained path and link-quality metadata when available.

Boundary:

  • These values are diagnostics and recovery-policy inputs. Traversio does not transparently migrate a server-owned SSH shell, PTY, SFTP handle, or forwarding channel across a dead transport; applications still own reconnect and session recreation.

Validation:

  • Tools/check-release-metadata.sh 1.0.5
  • Tools/check-public-api.sh check
  • swift test --filter 'SSHConnectionStateTests|SSHClientLogRecorderTests|NetworkTCPByteStreamTransportTests'
  • swift test --filter 'SSHIdentificationTests|SSHTransportProtocolClientTests'
  • swift test
  • strict-concurrency swift build

1.0.4

Released: 2026-06-10

Traversio 1.0.4 is a source-compatible network-transition fix.

Behavior fixes:

  • Cancelled proactive liveness probes after rapid Network.framework path-change events are no longer recorded as background transport failures.
  • Ready connections stay alive when a newer satisfied path observation supersedes an in-flight network-transition probe.
  • Real liveness probe send/receive failures and timeouts still close the connection fail-closed.

Validation:

  • Tools/check-release-metadata.sh 1.0.4
  • Tools/check-public-api.sh check
  • swift test --filter 'connectionStatePathFlapDoesNotTreatCancelledProbeAsBackgroundFailure|connectionStateEventsReportLostWhenNetworkTransitionProbeFails|SSHTransportProtocolClientKeepaliveTests'
  • swift test
  • strict-concurrency swift build

1.0.3

Released: 2026-05-29

Traversio 1.0.3 is a source-compatible cancellation diagnostics fix.

Behavior fixes:

  • Swift task cancellation now passes through connection setup and operation failure mapping without being logged as an unwrapped SSH connection or operation failure.
  • Caller-owned session shutdown, including terminal view close, keeps CancellationError as the thrown result without producing error-level Traversio log events.

Validation:

  • Tools/check-release-metadata.sh 1.0.3
  • Tools/check-public-api.sh check
  • swift test --filter sshClientSessionEventSequenceCancellationBestEffortClosesExecChannel
  • swift test --filter sshClientConnectionSetupCancellationDoesNotLogUnwrappedConnectionFailure
  • swift test

1.0.2

Released: 2026-05-28

Traversio 1.0.2 is a source-compatible update for connection lifecycle and timeout behavior. It tightens teardown after background transport failure and gives host-key trust confirmation its own timeout budget.

API changes:

  • Added SSHTimeoutPolicy.hostKeyTrustTimeInterval.
  • The default timeout profile now uses a 30-second connection setup timeout, a 120-second host-key trust timeout, and unbounded reply waits unless configured.
  • Host-key trust confirmation no longer consumes the connection setup timeout.

Lifecycle fixes:

  • Background transport-failure teardown now clears lifecycle handlers and cancels keepalive/rekey scheduling even when Traversio skips the normal SSH disconnect packet.
  • This prevents old connection coordinators and transport clients from being retained after network loss.

Documentation:

  • The README and public docs now describe the current release scope directly, including unsupported capabilities and application-owned responsibilities.

Validation:

  • Tools/check-release-metadata.sh 1.0.2
  • Tools/check-public-api.sh check
  • swift test --filter sshClientHostKeyTrustWaitDoesNotConsumeConnectionSetupTimeout
  • swift test

1.0.1

Released: 2026-05-27

Traversio 1.0.1 is a source-compatible update for applications that need to accept migrated or user-imported private keys. It keeps the strict OpenSSH-specific helpers and adds a broader privateKeyPEM(...) import path.

API changes:

  • Added SSHAuthenticationMethod.privateKeyPEM(_:passphrase:).
  • Added SSHAuthenticationMethod.privateKeyPEM(contentsOfFile:passphrase:).
  • Added readable localized descriptions for SSHAuthenticationMethodError.

The PEM helpers accept:

  • OpenSSH openssh-key-v1 private keys.
  • Unencrypted PKCS#8 PRIVATE KEY PEM containers for Ed25519, RSA, and ECDSA.
  • Unencrypted traditional EC PRIVATE KEY PEM containers.
  • Traditional RSA PRIVATE KEY PEM containers.
  • Passphrase-encrypted traditional RSA PEM when it uses supported OpenSSL legacy AES-CBC or DES-EDE3-CBC headers.

Validation:

  • The OpenSSH matrix includes real login targets for OpenSSL Ed25519, RSA, and ECDSA PKCS#8 keys.
  • The same matrix covers traditional RSA and EC PEM keys, encrypted traditional RSA PEM, and traditional RSA PEM with explicit legacy ssh-rsa userauth.

Not included:

  • Encrypted PKCS#8 ENCRYPTED PRIVATE KEY loading.
  • Encrypted traditional EC PEM loading.

1.0.0

Released: 2026-05-25

Traversio 1.0.0 establishes the first public Swift package API for Apple apps that need native Swift SSH, SFTP, SCP, forwarding, proxy routing, host-key trust, and diagnostics.

Initial public API surface:

  • Encrypted SSH transport with the documented algorithm profile.
  • Explicit host-key trust.
  • Password, keyboard-interactive, public-key, callback-backed, and SSH-agent authentication.
  • OpenSSH private-key loading and OpenSSH-compatible key generation.
  • Command execution, streamed exec, named subsystem startup, and PTY shells.
  • SFTP metadata, file handles, reads, writes, mutations, recursive helpers, resumable helpers, and selected OpenSSH extensions.
  • Single-file SCP receive/send helpers.
  • Raw direct TCP/IP and streamlocal channels.
  • Local forwarding, dynamic SOCKS forwarding, remote TCP forwarding, and remote streamlocal forwarding.
  • SOCKS5 and HTTP CONNECT connection proxies.
  • ProxyJump.
  • Structured errors, log handlers, OSLog helpers, support reports, and route-aware SSH port latency diagnostics.

Release hardening:

  • Public OpenSSH private-key metadata inspection with SSHOpenSSHPrivateKeyInfo.
  • A public API baseline check through Tools/check-public-api.sh.
  • Release metadata checks for TraversioRelease.version, source package tags, and SSH client identification.
  • Public documentation for connection lifecycle, cancellation behavior, forwarding shutdown, and support diagnostics.

Not included:

  • Library-owned automatic reconnect.
  • Local ssh_config parsing.
  • Mandatory built-in trust-store persistence.
  • Mandatory Keychain-backed credential or trust storage.
  • Hostbased authentication.
  • Security-key authentication.
  • X11 forwarding.
  • Auth-agent forwarding.
  • Recursive SCP.
  • Broad legacy algorithm compatibility beyond explicit ssh-rsa.
  • Release-quality benchmark comparisons.

On this page