Sessyn
Securely sync your full developer workspace between trusted machines.
Sessyn syncs everything Git can't — .env files, certificates, local configs, API keys, database files, SSH keys, notes, and anything else in your workspace.
All files are encrypted client-side with AES-256-GCM before leaving your machine. The server is a temporary encrypted relay that never sees your plaintext data.
Why Sessyn?
You work across multiple machines. Git handles your code — but what about everything else?
- Your
.env files with API keys and database URLs
- SSL certificates and private keys
- Local configuration that's different per-project
- Notes, scratch files, and work-in-progress that isn't committed yet
Sessyn fills that gap. One command, fully encrypted, workspace-to-workspace.
Features
🔐 End-to-End Encryption
AES-256-GCM with HKDF-derived subkeys. Argon2id key derivation. HMAC-SHA256 manifest integrity. The server never sees your data.
🔄 Real-Time Sync
WebSocket connection shows machine status (online/offline/syncing). Trigger sync manually or watch it happen in real time.
📁 Selective Sync
Use .syncignore (gitignore syntax) to control exactly what syncs. By default, everything syncs — add exclusions as needed.
🔀 Git-Aware
Detects when machines have diverged on Git history and prompts you to resolve gaps before syncing workspace files.
📤 File Transfers
Right-click any file → Send to Machine to push individual files to a specific machine without a full sync.
⚡ Conflict Resolution
Automatic detection of conflicting changes between machines with guided resolution.
🔑 Multi-Account Auth
Sign in with GitHub or Microsoft — accounts are unified across providers.
🛡️ Zero-Trust Architecture
- Server is untrusted — never sees passphrases, keys, or plaintext
- Secrets stored in VS Code SecretStorage only — never in files or logs
- Encrypted blobs auto-deleted within 2 hours
- AAD binds ciphertext to workspace, machine, file path, and version
Getting Started
- Open the command palette (
Cmd+Shift+P / Ctrl+Shift+P)
- Run Sessyn: Setup Wizard
- Sign in with GitHub or Microsoft
- Name your machine and choose a workspace folder
- Set an encryption passphrase (use the same one on all machines)
- Sync!
Commands
| Command |
Description |
Sessyn: Setup Wizard |
First-time setup — auth, machine, workspace, passphrase |
Sessyn: Sync Now |
Trigger a manual sync |
Sessyn: View Machines |
Refresh the machine list |
Sessyn: Open Settings |
Open extension settings panel |
Sessyn: Manage Ignore List |
Edit .syncignore |
Sessyn: Send File to Machine |
Send a file to a specific machine |
Sessyn: Review Changes |
Review incoming changes before applying |
Sessyn: Show Sync Journal |
View sync history |
Sessyn: Export Diagnostics |
Export redacted diagnostics for support |
Sessyn: Reconnect |
Force reconnect to server |
Sessyn: Check for Updates |
Check for new extension versions |
Sessyn: Fresh Start |
Reset all local state and re-run setup |
Sessyn: Forget Local Secrets |
Wipe all locally stored secrets |
Sessyn: Reload Extension |
Reload without restarting VS Code |
.syncignore
Sessyn syncs everything by default. Use .syncignore with gitignore syntax to exclude files:
# Always excluded automatically:
.git/
.DS_Store
node_modules/
# Add your own:
*.log
build/
dist/
.cache/
Security Model
| Layer |
Implementation |
| Encryption |
AES-256-GCM with HKDF-derived subkeys |
| Key Derivation |
Argon2id (PBKDF2-SHA256 fallback) |
| Integrity |
HMAC-SHA256 with replay protection |
| Anti-Tampering |
AAD binds ciphertext to workspace + machine + path + version |
| Secret Storage |
VS Code SecretStorage API only |
| Server Trust |
Zero — server never sees plaintext |
| Data Retention |
Encrypted blobs auto-deleted within 2 hours |
Links
License
MIT — Harry Caskey
