AeroFTP is a multi-protocol file manager designed for secure and efficient file transfer and management across multiple cloud platforms. Built with Tauri 2 using Rust, React 18, and TypeScript, AeroFTP supports 16 protocols, including FTP, SFTP, WebDAV, Google Drive, Dropbox, OneDrive, and more.
Key Features:
AI assistant with 45 tools and support for 15 LLM providers
Built-in code editor, SSH terminal, and media player with visualizers
Support for 47 languages and 4 themes
Audience & Benefit:
Ideal for developers, IT professionals, and security-conscious users who need a versatile tool for managing files securely across various platforms. AeroFTP provides seamless integration, encryption, and AI-powered assistance to streamline file management tasks.
Available as an open-source application, AeroFTP can be installed via winget.
README
AeroFTP
> Last updated: 2026-06-22
The modern FTP client that grew into a complete file management platform. Multi-protocol, 6 integrated product modules, 47 languages, one app.
GNOME, KDE Plasma, XFCE, Hyprland, Sway, i3 (X11 & Wayland)
Windows
Stable
.msi, .exe, .zip portable, winget
Fully tested, not Microsoft Store signed
macOS (Intel & Apple Silicon)
Beta
.dmg (aarch64), .dmg (x64)
Not code-signed, requires xattr workaround
> macOS note: The .dmg is not yet signed with an Apple Developer ID certificate. macOS Gatekeeper will block it. After installing, run: sudo xattr -rd com.apple.quarantine /Applications/AeroFTP.app
FTP-First Design
AeroFTP is an FTP client first. Full encryption support with configurable TLS modes (Explicit AUTH TLS, Implicit TLS, opportunistic TLS), certificate verification control, MLSD/MLST machine-readable listings (RFC 3659), and resume transfers (REST/APPE). It then extends this foundation into a broad multi-protocol file management platform through six integrated product modules - the Aero Family.
Integrations
AeroFTP organizes integrations on three tiers, so what you see in the catalog is precise rather than vague:
Transport protocols (7): native wire-level support for FTP, FTPS, SFTP, WebDAV, S3, Azure Blob, OpenStack Swift.
Native provider integrations (25+): dedicated OAuth2 / API key / SDK code paths per provider, so each one's specific features (sharing, native delta sync, server-side copy, large-file chunking, media-CDN transformations) are first-class instead of best-effort. Includes the dedicated media services tier (ImageKit, Uploadcare, Cloudinary, Immich, PixelUnion).
Pre-configured presets (45+): server URL, port, base path, password-generation deep-link filled in automatically for compatible services on top of the protocols above (S3-compatible endpoints from MEGA S4 to Filen S5 to MinIO, WebDAV-compatible servers including Nextcloud, Tab.digital, Felicloud, Seafile, InfiniCLOUD, etc.).
Google Drive
OneDrive
Dropbox
MEGA
Box
pCloud
Filen
Internxt
Zoho
Koofr
kDrive
Jottacloud
Drime
FileLu
OpenDrive
Yandex Disk
4shared
Backblaze
AWS S3
Google Cloud
Azure
Wasabi
Cloudflare R2
DigitalOcean
Tencent COS
Alibaba OSS
Oracle
+ FTP, FTPS, SFTP, WebDAV, Swift protocols
We reached out directly to providers to ensure quality integration.
Special thanks to MEGA, Koofr, FileLu, Felicloud, Storj, pCloud, IDrive, Jottacloud, InfiniCLOUD, and SourceForge for their responsive technical support.
Full provider matrix (generated from the catalog, always in sync)
Provider
HQ
Free tier
Connection methods
4shared
VG
15 GB
OAuth, WebDAV
Alibaba OSS
CN
5 GB (overseas only, card req.)
S3*
Amazon S3
US
5 GB (always-free, card req.)
S3*
Azure Blob
US
5 GB (always-free, card req.)
Blob*
Backblaze B2
US
10 GB
API, S3
Box
US
10 GB
OAuth
Cloudflare R2
US
10 GB (egress-free, card req.)
S3*
Cloudinary
US
credit-based
API
CloudMe
SE
3 GB
WebDAV
DigitalOcean Spaces
US
paid plan
S3*
Drime
FR
20 GB
API
DriveHQ
US
1 GB
WebDAV
Dropbox
US
2 GB
OAuth
Felicloud
-
10 GB (Nextcloud host)
WebDAV
FileLu
US
10 GB
API, WebDAV, S3
Filen
DE
10 GB (E2E)
API, S3, WebDAV
GitHub
US
repo storage
API
GitLab
US
repo storage
API
Google Cloud Storage
US
5 GB (always-free, card req.)
S3*
Google Drive
US
15 GB
OAuth
Hetzner Storage Box
DE
paid plan
SFTP*
IDrive e2
US
7-day trial
S3*
ImageKit
IN
20 GB (media CDN)
API
Immich
-
self-hosted
API
InfiniCloud
JP
20 GB
WebDAV
Internxt
ES
1 GB (E2E)
API
Jianguoyun
CN
1 GB (monthly traffic cap)
WebDAV
Jottacloud
NO
5 GB
API
kDrive
CH
15 GB
API
Koofr
SI
10 GB
API, WebDAV
MEGA
NZ
20 GB (E2E)
API, MEGAcmd
MEGA S4 Object Storage
EU
Pro plan
S3*
MinIO
-
self-hosted
S3
Nextcloud
-
self-hosted
WebDAV
OneDrive
US
5 GB
OAuth
OpenDrive
US
5 GB
API, WebDAV
Oracle Cloud
US
20 GB (always-free, card req.)
S3*
pCloud
CH
10 GB
OAuth, WebDAV*
PixelUnion
EU
16 GB (managed Immich)
API
Seafile
-
self-hosted
WebDAV
SourceForge
US
OSS hosting
SFTP
Storj
US
30-day trial
S3*
Tab.digital
IN
8 GB (managed Nextcloud)
WebDAV
Tencent COS
CN
6-month trial
S3*
Uploadcare
US
3 GB (media CDN)
API
Wasabi
US
30-day trial
S3*
Yandex Disk
RU
5 GB
OAuth, WebDAV
Yandex Object Storage
RU
1 GB (always-free, card req.)
S3*
Zoho WorkDrive
IN
5 GB
OAuth
49 providers, 60 connection methods. * marks a paid / credit-card-gated plan. HQ is the ISO 3166-1 alpha-2 of the company HQ (EU = pan-European). Free-tier sizes are approximate: verify with the provider.
AeroFTP bridges server profiles with 15 third-party tools, bidirectionally (import and export), from a unified interface in the GUI (Settings > Export/Import > Bridge) and the CLI (aeroftp import / aeroftp export ). Recovered credentials are upgraded into the AES-256-GCM encrypted vault on import and re-encoded into each tool's native format on export. Duplicate detection shows which servers already exist, with the option to update credentials on re-import.
File-transfer & SSH clients
Tool
Config / file
Protocols
Credentials
rclone
rclone.conf (INI)
17 backend types
Full (AES-256-CTR, published key)
WinSCP
WinSCP.ini (INI)
SFTP, SCP, FTP, FTPS, WebDAV, S3
Full (XOR obfuscation)
FileZilla
sitemanager.xml (XML)
FTP, FTPS, SFTP, S3
Full (Base64)
lftp
rc / bookmarks
FTP, FTPS, SFTP, WebDAV
Limited
Cyberduck
.duck bookmark (plist/XML)
FTP, FTPS, SFTP, WebDAV, S3
Metadata only (keychain)
MobaXterm
MobaXterm.ini
FTP, FTPS, SFTP, WebDAV, S3
Limited (host-bound)
PuTTY
registry .reg export
SFTP
Metadata only
OpenSSH
ssh config
SFTP
Metadata only (key / agent)
Dreamweaver
.ste site export (XML)
FTP, FTPS, SFTP, WebDAV, S3
Full
S3 / object-storage tools
Tool
Config / file
Protocols
Credentials
AWS CLI
credentials / config (INI)
S3
Full
MinIO Client (mc)
config.json (JSON)
S3
Full
s3cmd
.s3cfg (INI)
S3, SFTP, WebDAV
Full
Backup tools
Tool
Config / file
Protocols
Credentials
Kopia
repository.config (JSON)
S3, SFTP, WebDAV
Full
restic
env script (RESTIC_REPOSITORY + AWS env)
S3, SFTP, WebDAV
Full
Duplicacy
preferences (JSON)
S3, SFTP, WebDAV
Limited
> Credentials:Full = the secret is recovered and upgraded into the vault; Limited = only part of the secret material (host-bound or optional); Metadata only = connection metadata is imported but the secret stays in the OS keychain / SSH agent / an interactive prompt. The three original tools keep dedicated bridge pages: rclone, WinSCP, FileZilla.
> Full compatibility matrix: for the per-protocol and per-provider breakdown of every bridge (including which native cloud providers travel only through rclone), see the Bridge compatibility matrix.
> rclone crypt interop (full read/write): in addition to profile import/export, AeroFTP can browse, decrypt and re-encrypt existing rclone crypt remotes natively. Upload, download, rename, and delete all stream through a transparent crypto overlay session: the underlying provider sees only encrypted blobs and obfuscated filenames, while the UI shows plaintext paths. See the rclone crypt page.
> rclone filter conversion:aeroftp-cli import rclone-filter converts an rclone --filter-from file (with +/- rules and # comments) into an .aeroignore file. Rule order is reversed automatically to preserve rclone's first-match-wins semantics under gitignore last-match-wins. Brace alternation {a,b} and ! reset directives are reported as warnings since they have no direct gitignore equivalent.
Hosting Provider Integration
Web hosting providers can generate encrypted .aeroftp connection profiles from their control panels, so customers can import pre-configured FTP/SFTP connections with a single click - no manual setup, no credentials in plaintext emails.
> See the Hosting Integration Guide for the file format specification, encryption details, and ready-to-use code examples in Python and Node.js.
File Formats
AeroFTP defines five user-facing file formats. Each has a single purpose and a distinct extension; desktop file associations are registered on Windows, macOS, and Linux, with .aerozip shipping CLI create/list/extract first.
Extension
Purpose
Encryption
Carries
.aerovault
Encrypted container (alternative to Cryptomator / .zip / .rar)
AES-256-GCM-SIV + Argon2id
Arbitrary files and folders inside a single sealed archive
.aeroftp
Server-profile export and cross-tool exchange format (bridge with rclone / WinSCP / FileZilla)
AES-256-GCM + Argon2id
Selected saved profiles (host, user, protocol, paths). With include credentials on, also per-profile passwords and per-profile OAuth / Jottacloud tokens
.aeroftp-keystore
Full vault backup
AES-256-GCM + Argon2id
Everything in the vault: every profile, every credential, AI provider keys, app settings, theme and background preferences, AI chats
None - integrity + Reed-Solomon recovery, not confidentiality
Arbitrary files and folders inside a compressed, self-healing archive readable by anyone with the file
.aeroftp-script
Portable batch script for aeroftp-cli batch (safer alternative to .sh / .ps1, runs on every OS where AeroFTP is supported)
None (no secrets)
AeroFTP CLI command lines; references saved profiles by name, never inline credentials
The first three are encrypted with a user-chosen password at export time. .aerozip is plaintext on purpose: it provides integrity and recovery (Reed-Solomon parity is on by default and opt-out, --recovery-level 0 for a smaller parity-free archive), not secrecy. .aeroftp-script is also plaintext on purpose: it never carries secrets, so it can be checked into a repository, scheduled by cron / Task Scheduler, or shared with a teammate without any vault round-trip.
The Aero Family
AeroFTP
├── AeroCloud - Personal cloud (7 transport protocols + 25+ native providers + 6 media services, sync, share)
├── AeroFile - Professional file manager (multi-file Properties, recursive search, default-app routing)
├── AeroMount - Persistent FUSE / WebDAV mounts with cross-platform autostart (the Mount Manager)
├── AeroSync - Bidirectional sync engine
│ └── AeroRsync - Native Rust delta sync (clean-room rsync protocol 31)
├── AeroVault - Military-grade encryption
├── AeroTools - Code editor + Terminal + AI chat
│ └── AeroAgent - AI-powered assistant (50+ tools, 24 providers)
├── AeroFTP CLI - Production command-line client (vault profiles, JSON output, batch scripting, daemon, FUSE mount, crypt, ncdu, agent discovery)
└── AeroPlayer - Media player with visualizers
Turn any server into a private personal cloud. Connect through 7 transport protocols and 25+ native provider integrations with bidirectional sync, selective sync, file versioning, .aeroignore, share links, and per-project folders. Background tray sync with native OS file manager badges (Nautilus, Nemo, Windows Explorer). See the protocol features matrix for full per-provider capabilities.
A full-featured local file manager built into AeroFTP. Toggle between remote and local modes, or use both side-by-side. Three view modes (list, grid, large icons), Places sidebar with drives and network shares, Quick Look preview (Space), drag-and-drop transfers, batch rename, duplicate finder, disk usage treemap, trash browser, properties dialog with checksums, and 20+ keyboard shortcuts.
v3.7.1 polish: aggregate multi-file Properties dialog (Windows-style mixed-state indicators across the selection), recursive * flatten search that lists every descendant under the current directory in one shot, smart "Open with default app" routing in the right-click menu (vault containers open in AeroFTP, scripts drop into the AeroTools Terminal with the right shell prefix, anything else goes through the OS), and a PathBar with empty-area edit mode plus a trailing chevron dropdown over first-generation subdirectories.
Dual panel (v3.7.9, Slice A): two local panels side by side in AeroFile mode, toggled via the Columns icon in the toolbar or Ctrl+Shift+D. Full keyboard parity on the second panel (F2 / Delete / Enter / Backspace / clipboard / Quick Look / properties / arrows / Shift+arrow / Home / End all route to the focused pane; Tab cycles between local and local2). Total-Commander shortcuts: F5 copies the selection to the other panel, F6 moves it, F7 creates a folder in the focused panel. Drag-and-drop between the two panes uses the existing rename_local_file / copy_local_file backend; Ctrl+drag switches from move (default) to copy. The separator is resizable from mouse and from keyboard (Arrow Left/Right ±10%, Home/End to extremes, Enter/Space to reset to 50/50). Unified tab strip with L / R markers and per-panel persistence. Slice B (each pane configurable as a local path or as a saved remote profile) and Slice C (FreeFileSync-style compare / mirror / backup / bisync workflows on top) follow in their own release windows. Tracked in issue #162 section 2.
AeroMount is the Mount Manager of AeroFTP, reachable from File > AeroMount, the My Servers toolbar, and the connected remote address bar. Save multiple FUSE / WebDAV mount configs (profile, remote path, mountpoint, read-only, cache TTL, allow-other, auto-start) in either a plaintext sidecar JSON (default, daemon-friendly) or in the encrypted vault, toggleable from the dialog header. Per-row Mount / Unmount / Open in file manager / Edit / Delete actions, with a "Pick free drive letter" helper on Windows.
Cross-platform autostart: installs ~/.config/systemd/user/aeroftp-mount-.service units on Linux (Type=simple, Restart=on-failure) and Task Scheduler ONLOGON entries on Windows. Master-password vault mode blocks autostart with a clear UI explanation since the daemon cannot prompt for a password.
Open mount in file manager: a one-click action on the My Servers context menu that auto-creates a sensible default mount for the selected profile when none exists yet, waits 800 ms for the FUSE / WebDAV layer to settle, then opens the OS file manager at the mountpoint.
No secrets in mount configs: credentials are always resolved by the spawned aeroftp-cli through --profile against the same vault the GUI uses, mount configs only carry the profile id.
Read-only vault mount + Save-All (v4.0.9, Linux first): mount an unlocked Cryptomator vault, .aerovault or .aerozip as a read-only filesystem to browse its decrypted contents in your OS file manager, or run Save-All to export the whole decrypted tree in one shot to a folder, a .zip or a .aerozip. The password is passed to the mount process over stdin and never stored, and the mount auto-unmounts when you lock the vault or quit. macOS and Windows are a later step.
Enterprise-grade file synchronization built for real-world reliability. Three sync profiles (Mirror, Two-way, Backup), conflict resolution center with per-file strategies, SHA-256 checksum verification, transfer journal with checkpoint/resume, configurable retry with exponential backoff, bandwidth control, post-transfer verification (4 policies), and structured error taxonomy with 10 categories. Integrates with AeroCloud for background tray sync.
Independent clean-room Rust implementation of the rsync wire protocol 31. AeroRsync ships byte-level delta sync without bundling or replacing the rsync binary, so cross-platform deployments (Windows first-class) get the same wire-compatible delta transport as Unix.
The delta path is wired into:
AeroSync delta transfers (the original entry point).
Cross-Profile Transfer SFTP to SFTP with key-based auth, so only the bytes that differ from the destination travel on the wire.
AeroTools Code Editor save against a remote SFTP file, so a one-line change to a 5 MB file ships only the diff.
Session-cached batch transport (v3.7.0): a single SSH session amortizes many consecutive delta transfers via the new AerorsyncBatch trait: open the session once, transfer N files, close once. SyncReport surfaces delta_files (per-file delta breakdown) and bytes_on_wire so the UI shows exactly which files used the optimized path and the cumulative wire savings. Current scope is SFTP destinations with key-based auth; other providers and the classic rsync binary path on Unix coexist on the same DeltaTransport trait surface. The Cargo feature aerorsync is compiled by default, and the runtime toggle (Settings → Advanced) is ON by default (Auto mode) since v3.8.0, after the cross-platform host-key negotiation asymmetry was resolved. Soft fallbacks (file too small, no key on disk, missing remote helper) silently route back to the classic upload path.
Since v4.0.0, every transfer (single file, batch, sync, cross-profile copy) runs through one shared, provider-agnostic DAG engine. Each transfer is scheduled as a directed acyclic graph of typed nodes (discover, acquire, move bytes, verify, commit, emit progress); concurrency comes from a small set of resource classes (file, chunk, http, disk, api) governed by an AIMD backpressure controller.
The engine picks the right shape per call from each provider's capability snapshot:
Native multipart fan-out on S3, Backblaze B2, Google Drive, Dropbox, OneDrive, and Box: one graph node per chunk, orchestrated end-to-end.
Server-side copy on every backend that advertises it (S3 x-amz-copy-source, B2 b2_copy_file, WebDAV RFC 4918 COPY, ImageKit copyFile, and 14 more): the bytes never touch the local host. S3 sources above the 5 GiB CopyObject limit fan out into parallel UploadPartCopy requests.
Intra-file segmented downloads when a provider honours HTTP Range.
Backends that advertise none of these degrade honestly to the classic single-stream path, byte-identical with pre-v4.0.0. The GUI, the CLI, and the MCP server schedule through the same runners, so wire-level behavior is identical across all three by construction. The CLI exposes 25+ runtime knobs (--checkers, --s3-upload-concurrency, --aimd-min/--aimd-max, and more) over the same engine.
Create, manage, and browse encrypted containers that protect your files with a security stack that exceeds industry standards. The encryption engine is published as the standalone aerovault crate (crates.io · docs.rs) for use in any Rust project.
AeroVault v2 (.aerovault containers)
Component
Algorithm
Details
Content encryption
AES-256-GCM-SIV (RFC 8452)
Nonce misuse-resistant - even nonce reuse doesn't compromise security
Key wrapping
AES-256-KW (RFC 3394)
Built-in integrity check on unwrap
Filename encryption
AES-256-SIV
Deterministic - file names are hidden, not just content
Optional double encryption layer for defense-in-depth
Chunk size
64 KB
Per-chunk random nonce + authentication tag
> Open format: The .aerovault binary format is fully documented in the AeroVault v2 Specification with implementation guides for Rust, Java, Python, Go, C, and JavaScript.
AeroVault v3 (content-addressed, Archive tier)
A content-addressed, deduplicating container that ships alongside v2 and is selectable as the Archive security level in the create dialog. v2 remains the default in the GUI and there is no automatic v2 → v3 migration; the full lifecycle is scriptable from the CLI for every format (aeroftp-cli vault create/add/info/extract, --vault-version v1|v2|v3 with header auto-detect, --cascade for the v2 paranoid mode, --receipt for the technical telemetry). The reader/writer is shared with the standalone aerovault crate (crates.io).
Component
Algorithm
Details
Chunking
Gear-CDC (content-defined)
Variable-size boundaries; same plaintext bytes always produce the same chunk so dedup is stable across edits
Compression
zstd, per chunk
Three profiles: fast (-3), balanced (-9), archive (-19)
Content encryption
AES-256-GCM-SIV (RFC 8452)
96-bit random nonce per chunk + per-chunk AAD bound to block index and chunk id
Chunk addressing
BLAKE3 keyed, 128-bit
Content-addressed chunk id, also the dedup key
Cipher integrity
BLAKE3-256
Pre-decryption check on cipher blocks; load-bearing for the v4 Error Correction layer
Key derivation
Argon2id
128 MiB / t=4 / p=4, identical to v2; derives two independent KEKs via HKDF (encryption + MAC)
Key wrapping
AES-256-KW (RFC 3394)
Two independent random 256-bit working keys, one per KEK
Header integrity
HMAC-SHA512
1024-byte header, MAC verified before any key unwrap
Extension area
Reserved
Extension directory + payload region used by the v4 Error Correction layer; v3 readers skip non-critical unknown entries, reject critical unknown entries
The wire layout, the wrapper IDs, and the forward-compat contract (v3 + Error Correction = v4, the v3 vault is byte-equivalent to "v4 with Error Correction turned off") are pinned in the AeroVault v3 Specification. Tracked in issue #162 section 4 / T-AEROVAULT-ECC.
AeroVault v4 (v3 + Error Correction)
v4 is not a new container format, it is v3 plus a Reed-Solomon Error Correction layer, so a v3 reader still opens a v4 vault (it ignores the parity). Recovery data can be embedded in the container, kept in a detached sibling sidecar that leaves the encrypted container byte-identical, or both.
Component
Algorithm
Details
Recovery codec
Reed-Solomon (fixed grid)
Per-shard 16-byte truncated BLAKE3 localizes rot so only damaged shards are erased and rebuilt; a bad parity shard is detected and routed around
Detached sidecar
.aerocorrect (magic AEROCORR, format v2)
One unified, content-SHA-bound recovery format shared by the vault and AeroSync; protects any byte stream, par2-style
Self-healing
Triplicated locator + per-copy checksums
A lightly-corrupted sidecar still recovers; the bulk parity has no wholesale checksum because each shard self-checks
Overhead levels
Low ~7% / Medium ~15% / Quartile ~25% / High ~30% (or 5-50%)
Selectable target; the exact grid is stored in the payload so reconstruction is level-agnostic
Repair contract
Fail-closed, all-or-nothing
Rebuilt bytes are re-verified against the authenticated header MAC / manifest cipher_hash before the vault is persisted, so a foreign or corrupt sidecar can only make repair fail, never overwrite good data
Exposed in the AeroVault GUI (create with Error Correction, scrub, repair) and the CLI (vault create --error-correction, vault scrub, vault repair, export-parity, strip-parity; the standalone correct gen/verify/repair; sync --error-correction). The .aerocorrect format is documented in AeroVault v3 Specification section 11 and is byte-identical with the standalone aerovault crate.
Additional encryption features:
Overlay session model (v3.7.0): open an .aerovault once, then route every list/upload/download/rename through the encrypted overlay transparently. The provider sees only opaque vault chunks; the UI shows plaintext entries and folders. A status badge in the header marks when the overlay is active.
Directory support: Create nested folders inside vaults with encrypted directory entries, hierarchical navigation, and recursive delete
Cryptomator: Create and browse Cryptomator format 8 vaults (scrypt + AES-SIV + AES-GCM) via context menu
Integrated development panel with three tools in a tabbed interface: Monaco Editor (VS Code engine, 50+ languages, remote file editing), SSH Terminal (8 themes, multiple tabs), and AeroAgent AI Chat with bidirectional editor sync.
AeroAgent - AI-Powered Assistant
An AI assistant with 50+ tools that work across local files and remote providers. Supports 24 AI providers (OpenAI, Anthropic, Gemini, xAI, Ollama, DeepSeek, Mistral, Cerebras, SambaNova, Fireworks, Nvidia, and 13 more). Vision/multimodal, RAG indexing, plugin ecosystem, streaming responses, multi-step autonomous execution, native MCP server mode (35+ MCP tools), and Command Palette (Ctrl+Shift+P).
AeroFTP is built for both humans and AI agents. As agentic AI, computer use, and autonomous coding assistants become the standard way to interact with computers, AeroFTP provides native interfaces for both use cases.
For AI Agents (CLI): Tools like Claude Code, Open Interpreter, Cline, Aider, Devin, Codex, Cursor Agent, Windsurf, and other agentic frameworks can call aeroftp-cli directly. Structured --json output, vault-based --profile credentials (agents never see passwords), semantic exit codes, and .aeroftp-script batch files make AeroFTP a first-class tool in any agent's toolkit. External agents can also invoke aeroftp-cli agent to orchestrate AeroAgent as a credential-isolating proxy for multi-server operations. See Agent Orchestration for the full orchestration guide, CLI reference, and a verified field test report.
For Humans (GUI + AeroAgent): The desktop app provides drag-and-drop file management with AeroAgent, the integrated AI assistant offering 50+ tools across local files and remote providers. AeroAgent supports multi-step autonomous execution, tool approval workflows with backend-enforced grants, and 24 AI providers.
Production CLI sharing the same Rust backend as the GUI. 83 top-level commands (several grouping their own subcommands: daemon, jobs, vault, archive, crypt, import/export, serve, users, groups) across 7 transport protocols and 25+ native provider integrations, encrypted vault profiles, JSON output, batch scripting, daemon mode with job queue, FUSE filesystem mounting, ncdu TUI explorer, zero-knowledge crypt overlay, single-file AeroVault containers (vault, all formats v1/v2/v3), plaintext .aerozip archives (archive create/list/extract), recursive used-storage scan (df --scan) with a manual total-cap override, and native MCP server mode for AI integration.
> Short invocation: every package ships a native dispatcher, so aeroftp and the built-in 4-character name aftp both route to the CLI; aeroftp-cli is kept for back-compat. An opt-in aero alias can be enabled with aeroftp-cli alias-toggle aero (idempotent, the same command turns it off). See the Short Invocation section of the CLI Guide.
aeroftp-cli ls --profile "My Server" /var/www/ -l # Vault profile (no credentials exposed)
aeroftp-cli get sftp://user@host "/data/*.csv" # Glob download
aeroftp-cli check --profile "My Server" /local /remote --checksum # Verify local matches remote
aeroftp-cli archive create backup.aerozip ./docs # Plaintext archive: recovery, not secrecy
aeroftp-cli sync --profile "My Server" /local /remote --watch # Continuous bidirectional sync
aeroftp-cli serve http sftp://user@host /data # Serve remote as local HTTP
aeroftp-cli serve webdav s3://key:secret@s3.aws.com # Serve remote as local WebDAV
aeroftp-cli agent --mcp # MCP server for Claude/Cursor/VS Code
aeroftp-cli mount sftp://user@host /mnt/remote # FUSE filesystem
aeroftp-cli ncdu sftp://user@host /data # Interactive disk usage
aeroftp-cli daemon start # Background job queue
Key features: --profile credential isolation for AI agents, --json structured output, semantic exit codes (0-11), .aeroftp-script batch files, archive create/list/extract for plaintext .aerozip recovery archives, check / cryptcheck for local-vs-remote verification (size/checksum against cleartext or encrypted remotes), dedupe / cleanup for orphan management, hashsum for remote file hashing (sha256/md5/blake3), link for shareable URLs, --bwlimit "08:00,512k 18:00,off" time-based bandwidth schedule (local time), serve http/webdav/ftp/sftp, MCP server mode, --immutable append-only mode, --files-from selective transfers, --fast-list S3 optimization, bisync with --conflict-mode rename, NO_COLOR compliant. See the CLI Guide and Credential Isolation docs.
MCP server (35+ tools): curated tools for agents covering safe / medium / destructive operation tiers: file ops (aeroftp_list_files, aeroftp_read_file, aeroftp_upload_file), batch (aeroftp_delete_many, aeroftp_upload_many), tree sync (aeroftp_sync_tree with per-file delta_files[] + plan[]), tree diff (aeroftp_check_tree with two-sided checksum + per-group caps + omit_match), preflight (aeroftp_sync_doctor, aeroftp_reconcile, aeroftp_dedupe), cross-profile copy (aeroftp_transfer, aeroftp_transfer_tree between two saved profiles in one batch), agent ergonomics (aeroftp_agent_connect, aeroftp_speed, aeroftp_touch, aeroftp_cleanup), and pool introspection (aeroftp://connections resource + aeroftp_close_connection). Real-time notifications/progress during uploads, downloads, and sync. The pool auto-recovers from transport-level failures (stale FTP data channels, broken pipes) without manual intervention. Pool reuse gives roughly 14x speedup vs CLI cold-start on warm calls (measured 13-14 ms vs ~194 ms on Docker SFTP). Run aeroftp-cli mcp and plug it into Claude Desktop, Cursor, Windsurf, or VS Code via the axpdev-lab.aeroftp-mcp extension.
Built-in media player with 14 GPU-accelerated visualizer modes (Canvas 2D + WebGL 2 shaders), 10-band graphic EQ with presets, beat detection, and post-processing effects. Zero dependencies - native HTML5 Audio + Web Audio API.
Privacy-Enhanced
AeroFTP incorporates privacy protections that go beyond what traditional file managers offer.
Feature
Details
Master Password
Optional Argon2id vault encryption - all credentials locked behind a single password
Multi-User Account Partition
Optional per-user vault partitions (Argon2id-derived keys, AES partition encryption) with a boot-time Account Lock Screen, per-user profiles and AeroSync settings, an opt-in admin role with a last-admin guard, and a CLI --user flag. Single-user installs are unchanged; migration from an older keystore is automatic and idempotent. New in v4.0.0
Encrypted Vault
All sensitive data in AES-256-GCM encrypted storage - zero plaintext on disk
Zero Telemetry
No analytics, no phone-home, no network requests beyond user-initiated connections
Memory Zeroization
Passwords and keys cleared from RAM immediately after use
Clearable History
One-click clear for recent locations. No persistent browsing traces
Portable Deployment
AppImage runs without installation. Remove it and the config directory - no traces remain
See SECURITY.md for the security policy and architecture summary, and docs.aeroftp.app/security for the complete security documentation with encryption specs, AI security model, supply chain details, and audit history.
Self-Hosted Continuous Audit
AeroFTP runs its own vulnerability audit pipeline that does not depend on any vendor SaaS. The pipeline aggregates three independent advisory databases (RustSec, npm registry, Google OSV) and cross-references findings against a documented suppression list with written rationales for every accepted advisory.
npm run security:report # generate HTML report
npm run security:report -- --json # machine-readable output
> Note: Windows builds are not currently published on the Microsoft Store. The installer is not code-signed (no EV certificate), so Windows SmartScreen may show a warning on first run - this is safe to dismiss.
.dmg - Apple Silicon (aarch64) and Intel (x64) disk images (separate per-architecture builds)
> Note: The macOS build is not notarized (no Apple Developer certificate). macOS Gatekeeper will block the app on first launch - right-click the app and select "Open" to bypass. See #47 for known issues on Apple Silicon.
Verifying Release Integrity
All release artifacts are signed with Sigstore using keyless signing via GitHub OIDC. Each release includes .sigstore.json verification bundles.
Install cosign, then verify any downloaded artifact:
<a href="https://openinventionnetwork.com/"><img src="icons/oin-2-0-stacked_80x80.png" height="80" /></a>
<a href="https://opensource.org"><img src="icons/Open_Source_Initiative_64x64.png" height="64" /></a>
<a href="https://sigstore.dev"><img src="icons/sigstore-signed.png" height="60" /></a>
OIN 2.0 Community Member
OSI Individual Member
Sigstore Signed Releases
<a href="https://aikido.dev"><img src="icons/aikido_security.png" height="48" /></a>
<a href="https://snyk.io"><img src="icons/snyk.png" height="48" /></a>
<a href="https://socket.dev"><img src="icons/socket.png" height="48" /></a>
<a href="https://www.coderabbit.ai"><img src="icons/coderabbit.png" height="48" /></a>
Aikido Security
Snyk
Socket.dev
CodeRabbit
Built with Rust (Tauri 2) + React 18 + TypeScript
Designed, architected and maintained by <a href="https://github.com/axpnet">axpnet</a>.
AI tools (Claude Code, Codex, Gemini) were used extensively for translations, code review,
implementation and documentation, always under strict human-defined specifications and patterns.
Every feature, design decision and architectural choice is human-driven.
AI accelerated development; it did not direct it.
<a href="AI-TRANSPARENCY.md">Full AI Transparency Statement</a>
