v1.0.0 macOS · Windows · Linux

OxideTerm

Zero Electron. Zero OpenSSL. Pure Rust SSH.

One native binary — local shells, SSH, SFTP, remote IDE, AI, port forwarding, plugins, 30+ themes, 11 languages.

Download Documentation GitHub (7)

Open Source · GPL-3.0

$ ssh prod-server

✓ Connected (Ed25519 · ChaCha20-Poly1305)

Multiplexing: terminal + SFTP + 2 forwards

Grace Period: enabled (30s)

root@prod-server:~$ uptime

14:23:01 up 127 days, 3:42, 1 user, load average: 0.12, 0.08, 0.05

root@prod-server:~$ █

25–40 MB

Binary Size

31+

Themes

Languages

40+

AI Tools

State Stores

Zero

C Dependencies

THE DIFFERENCE

Why OxideTerm?

Real problems, real solutions.

The Problem	OxideTerm's Answer
SSH clients that can't do local shells	Hybrid engine — local PTY (zsh/bash/fish/pwsh/WSL2) + remote SSH in one window
Reconnect = lose everything	Grace Period reconnect — probes old connection for 30s before killing it. Your vim, htop, yazi survive
Remote file editing needs VS Code Remote	Built-in IDE — CodeMirror 6 over SFTP with 30+ languages, optional ~1 MB remote agent
No SSH connection reuse	Multiplexing — one SSH connection shared across terminal, SFTP, forwarding, and IDE
SSH libraries depend on OpenSSL	russh 0.54 — pure Rust SSH compiled against ring. Zero C dependencies
100+ MB Electron apps	Tauri 2.0 — 25–40 MB binary. Not a wrapper — genuine native app with Rust backend
AI locked to one provider	OxideSens — 40+ autonomous tools, MCP protocol, RAG knowledge base. Works with any API

LIVE DEMO

Watch It in Action

OxideSens AI opens a local terminal and runs a command — fully autonomous, fully integrated.

DEEP DIVE

Everything You Need, Nothing You Don't

Terminal

Split panes with broadcast input to all sessions
WebGL rendering at 60fps+ with 120Hz burst mode
Session recording & playback (asciicast v2)
31+ themes with a full CSS variable custom theme editor
Command palette (⌘K) and zen mode
Configurable keyboard shortcuts with vi-mode support
Auto-complete for SSH hostnames and saved sessions

SFTP File Manager

Dual-pane browser with drag-and-drop
Smart preview: images, video, audio, code, PDF, hex, fonts
Transfer queue with real-time progress & ETA
Bookmarks and archive extraction
Rename, chmod, chown with batch operations
Watch mode with auto-upload on local changes

Built-in IDE

CodeMirror 6 with 30+ language modes
File tree with Git status indicators
Multi-tab editing with conflict resolution
Optional ~1 MB remote agent (Linux, 10+ architectures)
Search & replace with regex across remote files
Syntax highlighting for 30+ languages: Rust, Python, JS/TS, Go, C/C++, Java, YAML, JSON, TOML, Markdown, Shell, and more

OxideSens AI

Inline panel (⌘I) + sidebar chat
40+ autonomous tools with MCP protocol
RAG knowledge base (BM25 + vector hybrid search)
Multi-source context capture: terminal, IDE, SFTP, Git
Bring your own key — OpenAI, Anthropic, Google, or any compatible endpoint

Port Forwarding

Local (-L), Remote (-R), Dynamic SOCKS5 (-D)
Lock-free message-passing I/O
Auto-restore all forwards on reconnect
Death reporting and idle timeout
Real-time bandwidth and latency monitoring

ZERO TRUST

Security First

Enterprise-grade protection without enterprise complexity.

High-Strength Encryption

ChaCha20-Poly1305 AEAD with Argon2id KDF (256 MB memory, 4 iterations) for .oxide encrypted exports.

OS Keychain Integration

Passwords and API keys stored in macOS Keychain, Windows Credential Manager, or Linux Secret Service. Never in config files.

Pure Rust Cryptography

russh 0.54 with ring crypto backend. Ed25519, RSA, ECDSA keys. ChaCha20-Poly1305 and AES-GCM cipher suites.

Biometric & TOFU

Touch ID gates keychain access on macOS. Host key verification with Trust-On-First-Use (TOFU). Sensitive memory zeroized on drop.

Memory Zeroization

All sensitive data — passwords, keys, decrypted payloads — is securely erased from memory via the zeroize crate. Drop handlers guarantee no lingering secrets.

Single-Use WS Tokens

Each WebSocket bridge receives a unique, single-use token with a time limit. Prevents replay attacks and unauthorized session hijacking.

ARCHITECTURE

Under the Hood

Dual-Plane Architecture

WebSocket binary frames for terminal I/O, Tauri IPC for control commands. Each session gets dedicated bandwidth.

WebGL Rendering

GPU-accelerated terminal via xterm.js 6. Adaptive scheduler: 120Hz+ burst, 60Hz normal, 1–15Hz idle backoff.

Connection Multiplexing

One SSH connection shared across terminal, SFTP, forwarding, and IDE. Reference-counted pool with automatic cleanup.

High-Strength Encryption

ChaCha20-Poly1305 AEAD with Argon2id KDF (256 MB memory, 4 iterations). OS keychain for passwords, Touch ID gate on macOS.

11 Languages

Full UI translation across 22 namespaces: English, 简体中文, 繁體中文, 日本語, 한국어, Français, Deutsch, Español, Italiano, Português, Tiếng Việt.

Plugin Ecosystem

Runtime ESM loading with 18 API namespaces, 24 pre-built UI components, frozen API contract, and circuit breaker auto-disable.

FROM THE CREATOR

OxideTerm wasn't built to fill a market gap — it was built to challenge the boundary between terminal performance and capability. Pure-Rust SSH with zero C dependencies. A custom binary wire protocol with no JSON serialization in the hot path. ChaCha20-Poly1305 encryption backed by Argon2id at 256 MB memory cost. Every architectural decision reflects one obsession: never trade correctness for convenience.

AnalyseDeCircuit
Creator of OxideTerm

COMPARE

How Does OxideTerm Compare?

A factual look at what different approaches to terminal tooling offer.

Capability	OxideTerm	Electron-based	Traditional
Binary Size	25–40 MB	100+ MB	Varies
SSH Implementation	Pure Rust (ring crypto, zero C deps)	Typically OpenSSL / libssh2	System SSL or built-in
Local Terminal	✓	Partial	—
Built-in SFTP	✓	Partial	Partial
Remote Code Editing	✓	—	—
AI with Terminal Context	✓	—	—
Graceful Reconnect (Session Preservation)	✓	—	—
Connection Multiplexing	✓	—	Partial
Plugin System	✓	—	Partial
Multi-language UI	✓	Partial	Partial
Open Source	✓	Varies	—
Free to Use	✓	Varies	Varies

Comparison reflects general category trends, not any specific product. Individual tools within each category may differ.

COMMAND LINE

CLI Companion

Meet oxt — your terminal wingman.

JSON-RPC 2.0 over Unix Socket (macOS/Linux) or Named Pipe (Windows). Human-friendly and machine-parseable output.

$ oxt status

OxideTerm v0.21.0 ● running ● pid 42187

$ oxt list

prod-server ● active 2h 15m 3 channels

staging-db ● active 45m 1 channel

jump-host ● idle 12m 0 channels

$ oxt ping prod-server

pong: 23ms (via jump-host → prod-server)

FAQ

Frequently Asked Questions

Is OxideTerm free?

OxideTerm is open source under the GPL-3.0 license. Free for everyone — personal, educational, and commercial use. Derivative works must also be open sourced under GPL-3.0.

Which SSH authentication methods are supported?

Password, private key (Ed25519, RSA, ECDSA), keyboard-interactive, agent forwarding, and FIDO2/U2F hardware security keys.

Where is my data stored?

Everything stays on your device. Credentials are stored in your OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service). Exported configs use ChaCha20-Poly1305 encryption. Nothing is uploaded to any server.

Can I use OxideTerm offline?

Yes. OxideTerm is a local-first application with zero cloud dependency. All features work offline except AI chat, which requires an internet connection to reach your configured API provider.

What do I need for AI features?

Bring your own API key (BYOK). OxideTerm supports OpenAI, Anthropic, Google, and any OpenAI-compatible endpoint. Keys are stored securely in your OS keychain.

Why doesn't OxideTerm use libssh2 or OpenSSL?

Three reasons. First, memory safety: OpenSSL's C codebase has produced critical CVEs like Heartbleed — Rust's ownership model eliminates that entire class of bug. Second, zero deployment friction: libssh2 requires each target platform to have C dev headers and the system OpenSSL matching in version (1.0 vs 1.1 vs 3.0 have incompatible ABIs); russh ships as pure Rust source and Cargo handles everything. Third, async-native performance: libssh2 is a blocking C API that needs wrapper glue for Tokio; russh is async-first with zero FFI boundary in the hot path. The result: a single Rust binary that compiles to 10+ Linux architectures without a C toolchain — and a crypto stack you can actually audit.

COMPLIANCE

Compliance & Legal

OxideTerm is designed for legitimate system administration, development, and research. We take compliance seriously.

Network Compliance

OxideTerm is a professional remote server management and terminal emulation tool. This software is intended solely for compliant system administration, network management, software development, and academic research. Users must strictly comply with all applicable laws and regulations when using SSH tunneling or port forwarding features. Any use of this software for unauthorized access to restricted resources or violation of cybersecurity regulations is strictly prohibited.

AI Service Disclaimer

The AI-assisted features provided by OxideTerm (such as command completion and log analysis) function as technical integration tools. AI conversation history is stored locally on the user's device using encrypted storage and is never uploaded to any server. The software does not distribute AI-generated content to third parties. Users are responsible for configuring their own third-party AI service API credentials and bear ultimate legal responsibility for the resulting interactions. We recommend using these features in compliance with all applicable AI governance regulations in your jurisdiction.

Data Security & Privacy

We understand the sensitivity of operational data. OxideTerm adopts a Local-First architecture. All server credentials, keys, and configuration files are encrypted and stored exclusively on the user's local device using high-strength encryption algorithms. This software does not collect, upload, or disclose any sensitive connection data to third parties.

License

This software is distributed under the GNU General Public License v3.0 (GPL-3.0). Users may freely use, modify, and distribute the source code. Any derivative work must also be distributed under the same license.

This page is provided for informational purposes only and does not constitute legal advice. Users are responsible for ensuring their use of OxideTerm complies with all applicable local and international laws.

GET STARTED

Download OxideTerm

Available for macOS, Windows, and Linux

Requires macOS 10.15+, Windows 10+, or Linux (glibc 2.31+)