⚡ OxideTerm

Zero Electron. Zero OpenSSL. Pure Rust SSH.
One native binary — local shells, SSH, SFTP, remote IDE, AI, port forwarding, plugins, 30+ themes, 11 languages.

🌐 oxideterm.app — Documentation & website

https://github.com/user-attachments/assets/4ba033aa-94b5-4ed4-980c-5c3f9f21db7e

🤖 OxideSens AI — "Open a local terminal and run echo hello, world!"

Why OxideTerm?

Pain Point	OxideTerm's Answer
SSH clients that can't do local shells	Hybrid engine: local PTY (zsh/bash/fish/pwsh/WSL2) + remote SSH in one window
Reconnect = lose everything	Grace Period reconnect: probes old connection 30s before killing it — your vim/htop/yazi survive
Remote file editing needs VS Code Remote	Built-in IDE: CodeMirror 6 over SFTP with 30+ languages, optional ~1 MB remote agent on Linux
No SSH connection reuse	Multiplexing: terminal, SFTP, forwards, IDE share one SSH connection via reference-counted pool
SSH libraries depend on OpenSSL	russh 0.54: pure Rust SSH compiled against `ring` — zero C dependencies
100+ MB Electron apps	Tauri 2.0: native Rust backend, 25–40 MB binary
AI locked to one provider	OxideSens: 40+ tools, MCP protocol, RAG knowledge base — works with OpenAI/Ollama/DeepSeek/any compatible API

Screenshots

SSH Terminal + OxideSens AI	SFTP File Manager
Built-in IDE (CodeMirror 6)	Smart Port Forwarding

Feature Overview

Category	Features
Terminal	Local PTY (zsh/bash/fish/pwsh/WSL2), SSH remote, split panes, broadcast input, session recording/playback (asciicast v2), WebGL rendering, 30+ themes + custom editor, command palette (`⌘K`), zen mode
SSH & Auth	Connection pooling & multiplexing, ProxyJump (unlimited hops) with topology graph, auto-reconnect with Grace Period. Auth: password, SSH key (RSA/Ed25519/ECDSA), SSH Agent, certificates, keyboard-interactive 2FA, Known Hosts TOFU
SFTP	Dual-pane browser, drag-and-drop, smart preview (images/video/audio/code/PDF/hex/fonts), transfer queue with progress & ETA, bookmarks, archive extraction
IDE Mode	CodeMirror 6 with 30+ languages, file tree + Git status, multi-tab, conflict resolution, integrated terminal. Optional remote agent for Linux (10+ architectures)
Port Forwarding	Local (-L), Remote (-R), Dynamic SOCKS5 (-D), lock-free message-passing I/O, auto-restore on reconnect, death reporting, idle timeout
AI (OxideSens)	Inline panel (`⌘I`) + sidebar chat, terminal buffer capture (single/all panes), multi-source context (IDE/SFTP/Git), 40+ autonomous tools, MCP server integration, RAG knowledge base (BM25 + vector hybrid search), streaming SSE
Plugins	Runtime ESM loading, 8 API namespaces, 24 UI Kit components, frozen API + Proxy ACL, circuit breaker, auto-disable on errors
CLI	`oxt` companion: JSON-RPC 2.0 over Unix Socket / Named Pipe, `status`/`list`/`ping`, human + JSON output
Security	.oxide encrypted export (ChaCha20-Poly1305 + Argon2id 256 MB), OS keychain, Touch ID (macOS), host key TOFU, `zeroize` memory clearing
i18n	11 languages: EN, 简体中文, 繁體中文, 日本語, 한국어, FR, DE, ES, IT, PT-BR, VI

Under the Hood

Architecture — Dual-Plane Communication

OxideTerm separates terminal data from control commands into two independent planes:

┌─────────────────────────────────────┐
│        Frontend (React 19)          │
│  xterm.js 6 (WebGL) + 18 stores    │
└──────────┬──────────────┬───────────┘
           │ Tauri IPC    │ WebSocket (binary)
           │ (JSON)       │ per-session port
┌──────────▼──────────────▼───────────┐
│         Backend (Rust)              │
│  NodeRouter → SshConnectionRegistry │
│  Wire Protocol v1                   │
│  [Type:1][Length:4][Payload:n]       │
└─────────────────────────────────────┘

Data plane (WebSocket): each SSH session gets its own WebSocket port. Terminal bytes flow as binary frames with a Type-Length-Payload header — no JSON serialization, no Base64 encoding, zero overhead in the hot path.
Control plane (Tauri IPC): connection management, SFTP ops, forwarding, config — structured JSON, but off the critical path.
Node-first addressing: the frontend never touches sessionId or connectionId. Everything is addressed by nodeId, resolved atomically server-side by the NodeRouter. SSH reconnect changes the underlying connectionId — but SFTP, IDE, and forwards are completely unaffected.

🔩 Pure Rust SSH — russh 0.54

The entire SSH stack is russh 0.54 compiled against the ring crypto backend:

Zero C/OpenSSL dependencies — the full crypto stack is Rust. No more "which OpenSSL version?" debugging.
Full SSH2 protocol: key exchange, channels, SFTP subsystem, port forwarding
ChaCha20-Poly1305 and AES-GCM cipher suites, Ed25519/RSA/ECDSA keys
Custom AgentSigner: wraps system SSH Agent and satisfies russh's Signer trait, solving RPITIT Send bound issues in russh 0.54 by cloning &PublicKey to an owned value before crossing .await

pub struct AgentSigner { /* wraps system SSH Agent */ }
impl Signer for AgentSigner { /* challenge-response via Agent IPC */ }

Platform support: Unix (SSH_AUTH_SOCK), Windows (\\.\pipe\openssh-ssh-agent)
Proxy chains: each hop independently uses Agent auth
Reconnect: AuthMethod::Agent replayed automatically

🔄 Smart Reconnect with Grace Period

Most SSH clients kill everything on disconnect and start fresh. OxideTerm's reconnect orchestrator takes a fundamentally different approach:

Detect WebSocket heartbeat timeout (300s, tuned for macOS App Nap and JS timer throttling)
Snapshot full state: terminal panes, in-flight SFTP transfers, active port forwards, open IDE files
Intelligent probing: visibilitychange + online events trigger proactive SSH keepalive (~2s detection vs 15-30s passive timeout)
Grace Period (30s): probe the old SSH connection via keepalive — if it recovers (e.g., WiFi AP switch), your TUI apps (vim, htop, yazi) survive completely untouched
If recovery fails → new SSH connection → auto-restore forwards → resume SFTP transfers → reopen IDE files

Pipeline: queued → snapshot → grace-period → ssh-connect → await-terminal → restore-forwards → resume-transfers → restore-ide → verify → done

All logic runs through a dedicated ReconnectOrchestratorStore — zero reconnect code scattered in hooks or components.

🛡️ SSH Connection Pool

Reference-counted SshConnectionRegistry backed by DashMap for lock-free concurrent access:

One connection, many consumers: terminal, SFTP, port forwards, and IDE share a single physical SSH connection — no redundant TCP handshakes
State machine per connection: connecting → active → idle → link_down → reconnecting
Lifecycle management: configurable idle timeout (5m / 15m / 30m / 1h / never), 15s keepalive interval, heartbeat failure detection
WsBridge heartbeat: 30s interval, 5 min timeout — tolerates macOS App Nap and browser JS throttling
Cascade propagation: jump host failure → all downstream nodes automatically marked link_down with status sync
Idle disconnect: emits connection_status_changed to frontend (not just internal node:state), preventing UI desync

🤖 OxideSens AI

Privacy-first AI assistant with dual interaction modes:

Inline panel (⌘I): quick terminal commands, output injected via bracketed paste
Sidebar chat: persistent conversations with full history
Context capture: Terminal Registry gathers buffer from active pane or all split panes simultaneously; auto-injects IDE files, SFTP paths, and Git status
40+ autonomous tools: file operations, process management, network diagnostics, TUI app interaction, text processing — the AI invokes these without manual triggering
MCP support: connect external Model Context Protocol servers (stdio & SSE) for third-party tool integration
RAG Knowledge Base (v0.20): import Markdown/TXT documents into scoped collections (global or per-connection). Hybrid search fuses BM25 keyword index + vector cosine similarity via Reciprocal Rank Fusion. Markdown-aware chunking preserves heading hierarchy. CJK bigram tokenizer for Chinese/Japanese/Korean.
Providers: OpenAI, Ollama, DeepSeek, OneAPI, or any /v1/chat/completions endpoint
Security: API keys stored in OS keychain; on macOS, key reads gated behind Touch ID via LAContext — no entitlements or code-signing required, cached after first auth per session

💻 IDE Mode — Remote Editing

CodeMirror 6 editor operating over SFTP — no server-side installation required by default:

File tree: lazy-loaded directories with Git status indicators (modified/untracked/added)
30+ language modes: 16 native CodeMirror + legacy modes via @codemirror/legacy-modes
Conflict resolution: optimistic mtime locking — detects remote changes before overwriting
Event-driven Git: auto-refresh on save, create, delete, rename, and terminal Enter keypress
State Gating: all IO blocked when readiness !== 'ready', Key-Driven Reset forces full remount on reconnect
Remote agent (optional): ~1 MB Rust binary, auto-deployed on x86_64/aarch64 Linux. 10+ extra architectures (ARMv7, RISC-V64, LoongArch64, s390x, mips64, Power64LE…) in agents/extra/ for manual upload. Enables enhanced file tree, symbol search, and file watching.

🔀 Port Forwarding — Lock-Free I/O

Full local (-L), remote (-R), and dynamic SOCKS5 (-D) forwarding:

Message-passing architecture: SSH Channel owned by a single ssh_io task — no Arc<Mutex<Channel>>, eliminating mutex contention entirely
Death reporting: forward tasks actively report exit reason (SSH disconnect, remote port close, timeout) for clear diagnostics
Auto-restore: Suspended forwards automatically resume on reconnect without user intervention
Idle timeout: FORWARD_IDLE_TIMEOUT (300s) prevents zombie connections from accumulating

🔌 Runtime Plugin System

Dynamic ESM loading with a security-hardened, frozen API surface:

PluginContext API: 8 namespaces — terminal, ui, commands, settings, lifecycle, events, storage, system
24 UI Kit components: pre-built React components (buttons, inputs, dialogs, tables…) injected into plugin sandboxes via window.__OXIDE__
Security membrane: Object.freeze on all context objects, Proxy-based ACL, IPC whitelist, circuit breaker with auto-disable after repeated errors
Shared modules: React, ReactDOM, zustand, lucide-react exposed for plugin use without bundling duplicates

⚡ Adaptive Rendering

Three-tier render scheduler that replaces fixed requestAnimationFrame batching:

Tier	Trigger	Rate	Benefit
Boost	Frame data ≥ 4 KB	120 Hz+ (ProMotion native)	Eliminates scroll lag on `cat largefile.log`
Normal	Standard typing	60 Hz (RAF)	Smooth baseline
Idle	3s no I/O / tab hidden	1–15 Hz (exponential backoff)	Near-zero GPU load, battery savings

Transitions are fully automatic — driven by data volume, user input, and Page Visibility API. Background tabs continue flushing data via idle timer without waking RAF.

🔐 .oxide Encrypted Export

Portable, tamper-proof connection backup:

ChaCha20-Poly1305 AEAD authenticated encryption
Argon2id KDF: 256 MB memory cost, 4 iterations — GPU brute-force resistant
SHA-256 integrity checksum
Optional key embedding: private keys base64-encoded into the encrypted payload
Pre-flight analysis: auth type breakdown, missing key detection before export

📡 ProxyJump — Topology-Aware Multi-Hop

Unlimited chain depth: Client → Jump A → Jump B → … → Target
Auto-parse ~/.ssh/config, build topology graph, Dijkstra pathfinding for optimal route
Jump nodes reusable as independent sessions
Cascade failure propagation: jump host down → all downstream nodes auto-marked link_down

⚙️ Local Terminal — Thread-Safe PTY

Cross-platform local shell via portable-pty 0.8, feature-gated behind local-terminal:

MasterPty wrapped in std::sync::Mutex — dedicated I/O threads keep blocking PTY reads off the Tokio event loop
Shell auto-detection: zsh, bash, fish, pwsh, Git Bash, WSL2
cargo build --no-default-features strips PTY for mobile/lightweight builds

🪟 Windows Optimization

Native ConPTY: directly invokes Windows Pseudo Console API — full TrueColor and ANSI support, no legacy WinPTY
Shell scanner: auto-detects PowerShell 7, Git Bash, WSL2, CMD via Registry and PATH

And More

Resource profiler: live CPU/memory/network via persistent SSH channel reading /proc/stat, delta-based calculation, auto-degrades to RTT-only on non-Linux
Custom theme engine: 30+ built-in themes, visual editor with live preview, 22 xterm.js fields + 19 CSS variables, auto-derive UI colors from terminal palette
Session recording: asciicast v2 format, full record and playback
Broadcast input: type once, send to all split panes — batch server operations
Background gallery: per-tab background images, 13 tab types, opacity/blur/fit control
CLI companion (oxt): ~1 MB binary, JSON-RPC 2.0 over Unix Socket / Named Pipe, status/list/ping with human or --json output
WSL Graphics ⚠️ experimental: built-in VNC viewer — 9 desktop environments + single-app mode, WSLg detection, Xtigervnc + noVNC

📸 11 languages in action

English	简体中文	繁體中文
日本語	한국어	Français
Deutsch	Español	Italiano
Português	Tiếng Việt

Quick Start

Prerequisites

Rust 1.75+
Node.js 18+ (pnpm recommended)
Platform tools:
- macOS: Xcode Command Line Tools
- Windows: Visual Studio C++ Build Tools
- Linux: build-essential, libwebkit2gtk-4.1-dev, libssl-dev

Development

git clone https://github.com/AnalyseDeCircuit/oxideterm.git
cd oxideterm && pnpm install

# Full app (frontend + Rust backend with hot reload)
pnpm tauri dev

# Frontend only (Vite on port 1420)
pnpm dev

# Production build
pnpm tauri build

# Lightweight build — strip local PTY for mobile
cd src-tauri && cargo build --no-default-features --release

Tech Stack

Layer	Technology	Details
Framework	Tauri 2.0	Native binary, 25–40 MB
Runtime	Tokio + DashMap 6	Full async, lock-free concurrent maps
SSH	russh 0.54 (`ring`)	Pure Rust, zero C deps, SSH Agent
Local PTY	portable-pty 0.8	Feature-gated, ConPTY on Windows
Frontend	React 19.1 + TypeScript 5.8	Vite 7, Tailwind CSS 4
State	Zustand 5	18 specialized stores
Terminal	xterm.js 6 + WebGL	GPU-accelerated, 60fps+
Editor	CodeMirror 6	30+ language modes
Encryption	ChaCha20-Poly1305 + Argon2id	AEAD + memory-hard KDF (256 MB)
Storage	redb 2.1	Embedded KV store
i18n	i18next 25	11 languages × 21 namespaces
Plugins	ESM Runtime	Frozen PluginContext + 24 UI Kit
CLI	JSON-RPC 2.0	Unix Socket / Named Pipe

Security

Concern	Implementation
Passwords	OS keychain (macOS Keychain / Windows Credential Manager / libsecret)
AI API Keys	OS keychain + Touch ID biometric gate on macOS
Export	.oxide: ChaCha20-Poly1305 + Argon2id (256 MB memory, 4 iterations)
Memory	Rust memory safety + `zeroize` for sensitive data clearing
Host keys	TOFU with `~/.ssh/known_hosts`, rejects changes (MITM prevention)
Plugins	Object.freeze + Proxy ACL, circuit breaker, IPC whitelist
WebSocket	Single-use tokens with time limits

Roadmap

SSH Agent forwarding
Plugin marketplace
Session search & quick-switch

License

PolyForm Noncommercial 1.0.0 — this software is licensed for noncommercial use only.

The license explicitly permits:

Personal use — research, experiment, testing for public knowledge, personal study, private entertainment, hobby projects, amateur pursuits — provided there is no anticipated commercial application
Noncommercial organizations — charitable organizations, educational institutions, public research organizations, public safety/health organizations, environmental protection organizations, and government institutions — regardless of funding source
Fair use — your fair use rights under applicable law are not limited

Any other use requires a separate commercial license from the licensor. This includes but is not limited to: use within a for-profit company (including internal evaluation or testing), use by freelancers or contractors for paid work, and any distribution in a commercial context.

If you're unsure whether your use qualifies, please open an issue.

Full text: polyformproject.org/licenses/noncommercial/1.0.0

Acknowledgments

russh · portable-pty · Tauri · xterm.js · CodeMirror · Radix UI

_{134,000+ lines of Rust & TypeScript — built with ⚡ and ☕}