DebugSwift logoDebugSwift

Why DebugSwift is open source and in-app

A debugging toolkit that reads network traffic, keychain entries, and sandbox files runs inside the same process as your app. Software with that level of access should be auditable, gated at compile time, and free to fork.

Context

The trust problem in mobile debugging

External network debuggers sit between your device and the internet. They install root certificates, terminate TLS, and forward decrypted traffic to a desktop app or cloud workspace. That model works well for backend and cross-platform teams, but it also asks you to trust a chain you cannot fully inspect.

DebugSwift takes a different path. Instrumentation runs inside your app, only in DEBUG builds, using method swizzling on URLSession and WebSocket APIs you already depend on. There is no man-in-the-middle certificate, no second machine in the data path, and no vendor account between you and your own traffic.

Lawrence Lessig argued that code is law: technical architecture constrains what users and developers can do as surely as statutes do (Lessig, 1999). An in-app debugger encodes different rules than a proxy. Data stays in the process boundary you control, and release builds can exclude the instrumentation entirely at compile time.

Framework

A trust ladder for in-app debuggers

Each layer supports the ones above. Failure at any layer weakens the rest.

Source transparency

The full toolkit, including network swizzling, Keychain browser, performance hooks, and the UI overlay, is published on GitHub under MIT. You can read exactly how URLSession interception works and what happens to captured traffic.

Build boundary

DebugSwift is designed for DEBUG builds. Wrap setup in #if DEBUG and the linker strips the debugger from release binaries. The line between debuggable and shippable code is explicit, not implied.

Runtime locality

Instrumentation runs in-process on the device or simulator. Captured requests, sandbox files, and keychain entries never leave your app unless you export them. There is no telemetry backend to work around.

Continuity

MIT licensing guarantees the right to fork, modify, and redistribute. If maintainers step away, teams can carry the project forward. Proprietary debug bridges do not offer the same guarantee.

Closed-source debug bridges fail at the first layer by definition. For tooling that touches session tokens, API keys, and keychain entries, trusting the vendor alone is not enough.

Architecture

External proxy vs in-app instrumentation

Both approaches have a place. DebugSwift exists because iOS teams often need the in-app model.

DimensionExternal proxyIn-app (DebugSwift)
SetupSystem proxy, root CA, desktop bridgeSPM/CocoaPods + one setup() call
TLS handlingMan-in-the-middle with generated certificatesIn-process hooks; no certificate trust dance
Data pathTraffic routed through another machine or appStays on device/simulator memory
Production riskMisconfigured proxy can leak to prod buildsCompile-time stripping via #if DEBUG
Audit surfaceProxy binary + helper daemons + cloud syncSingle Swift package in your dependency graph
OfflineOften needs host machine or license serverWorks in airplane mode on a simulator
Platforms

Generative tooling on a tethered platform

Jonathan Zittrain distinguishes generative systems, which are open to unanticipated contributions from their users, from tethered appliances controlled by a single vendor (Zittrain, 2008). Modern iOS development sits between these poles. Apple's platform is tethered, but the apps developers ship can still be generative inside their own boundaries.

An in-app debugger is generative infrastructure for a tethered platform. You can read the swizzling code, add custom debug actions, disable features you do not want, and fork the package if priorities diverge. A closed desktop bridge with a proprietary sync service pulls debugging back toward the tethered model. Features arrive on the vendor's schedule and disappear when the vendor does.

“Generative technologies invite disruption, along with the good and bad that comes with it.”

Zittrain (2008), on generative systems

Licensing

Open source as a verifiability requirement

DebugSwift is MIT licensed. Bruce Perens' Open Source Definition names the freedoms that make independent audit possible.

Free redistribution

Share DebugSwift across your team, in CI, and in client projects without per-seat negotiation.

Source availability

Study how network capture, encryption helpers, and Keychain browsers are implemented before you add them to your dependency graph.

Derived works

Fork, patch, or wrap features behind your own internal flags. Ship modifications under the same MIT terms.

Steven Weber's analysis of open-source communities shows that transparency does not automatically produce security, but it removes security through obscurity as an option (Weber, 2004). For a debugger that can read OAuth tokens and database rows, obscurity is not a feature. Inspectability is.

Data ownership

Local-first debugging

Ink & Switch coined local-first to describe software where your copy of the data is primary, not a cache of someone else's server.

Fast

Network capture hooks URLSession in-process. No round-trips through a desktop proxy or sync service.

Offline

Debug on a plane, in a Faraday bag, or behind a corporate firewall. No activation server required.

Longevity

Sessions and exports use open formats. Your HAR files and screenshots outlive any single vendor.

Privacy

Sandbox data, tokens, and request bodies stay on the device. Nothing is uploaded by default.

User control

Export, redact, share, or delete on your terms. Toggle features via setup flags without asking a vendor.

Local-first is not anti-cloud. It means debugging data defaults to your device, and you should not need a network connection just to inspect a failing request.

Lead users build better debug tools

Eric von Hippel's research on democratizing innovation shows that the people closest to a problem, called lead users, often develop solutions before vendors do (von Hippel, 2005). Mobile engineers debugging certificate pinning, SwiftUI re-renders, or Realm migrations hit edge cases no external roadmap anticipated.

In a closed tool, those engineers file tickets and wait. In an open one, they read the source, open a pull request, and ship the fix for everyone. DebugSwift's issue tracker is the roadmap. Architecture discussions happen in public. The toolkit improves because the people who depend on it can change it.

No silver bullet, but fewer tools

Fred Brooks argued that no single technique eliminates essential complexity in software (Brooks, 1987). Debugging an iOS app is inherently hard. What we can remove is accidental complexity: juggling a proxy, a crash reporter, a view debugger, and a database browser as separate products with separate accounts. One native overlay, one dependency graph, one audit surface.

Implementation

Native by conviction

DebugSwift is UIKit and SwiftUI all the way down, not a web view hosting someone else's debugger.

Why native matters here

UIKit rendering

View hierarchy and grid overlays integrate with UIKit's rendering pipeline.

URLSession hooks

Swizzling hooks the same APIs your app already uses — no parallel network stack.

Platform APIs

Keychain and sandbox browsers use platform APIs directly — no bridge layer.

Lean footprint

No Electron shell competing with Xcode and simulators for RAM.

A cross-platform debugger in a web stack would ship faster and port more easily.

We accept the single-platform cost because a debugger that runs inside your app should feel like part of iOS: light enough to leave on during a long profiling session, and familiar enough that any Swift developer can use it on day one.

Practice

Our commitments

Principles without practice are marketing copy. These are the concrete promises that follow.

Source stays public

The complete DebugSwift codebase is on GitHub under MIT. That will not change.

No cloud for core debugging

Network inspection, performance monitoring, and resource browsers run entirely inside your app.

No account, no license key

Every feature is available without signup, seat limits, or paid tiers.

Community-shaped roadmap

Priorities follow public GitHub issues and pull requests, not a closed product backlog.

Reproducible from source

Clone the repo, build the Example app, and verify behavior matches what you ship via SPM or CocoaPods.

References

  1. Brooks, F.P. (1987) 'No silver bullet: essence and accidents of software engineering', Computer, 20(4), pp. 10–19.

    Integrated tooling reduces accidental complexity in the debugging workflow.

  2. Ink & Switch (2019) 'Local-first software: you own your data, in spite of the cloud', Onward! 2019. Available at: https://www.inkandswitch.com/essay/local-first/

    Seven ideals for software that treats local data as primary.

  3. Lessig, L. (1999) Code and Other Laws of Cyberspace. New York: Basic Books.

    Architecture shapes behavior. Compile-time DEBUG gates are a design choice, not an afterthought.

  4. Perens, B. (1999) 'The open source definition', Open Source Initiative. Available at: https://opensource.org/osd

    Criteria for software that can be freely studied, modified, and redistributed.

  5. von Hippel, E. (2005) Democratizing Innovation. Cambridge, MA: MIT Press.

    Lead users, the engineers closest to the problem, are often the best source of tool improvements.

  6. Weber, S. (2004) The Success of Open Source. Cambridge, MA: Harvard University Press.

    How open development models sustain complex infrastructure software.

  7. Zittrain, J.L. (2008) The Future of the Internet and How to Stop It. New Haven, CT: Yale University Press.

    Generative platforms invite unanticipated change; tethered appliances close that path.

Debug inside your app. Ship with confidence.

Open-source in-app debugging toolkit for iOS. Inspect network traffic, monitor performance, browse resources, and debug UI, all from a floating overlay inside your app.