Sessyn
Securely sync your full developer workspace between trusted machines.
Sessyn syncs everything Git can't — .env files, certificates, local configs, API keys, database files, SSH keys, notes, and anything else in your workspace.
All files are encrypted client-side with AES-256-GCM before leaving your machine. The server is a temporary encrypted relay that never sees your plaintext data.
Works on all VS Code platforms — macOS, Linux, Windows (including ARM64), and vscode.dev / github.dev.
Why Sessyn?
You work across multiple machines. Git handles your code — but what about everything else?
- Your
.env files with API keys and database URLs
- SSL certificates and private keys
- Local configuration that's different per-project
- Notes, scratch files, and work-in-progress that isn't committed yet
Sessyn fills that gap. One command, fully encrypted, workspace-to-workspace.
Features
🔐 End-to-End Encryption
AES-256-GCM with HKDF-derived subkeys. Argon2id key derivation. HMAC-SHA256 manifest integrity. The server never sees your data.
🔄 Real-Time Sync
WebSocket connection shows machine status (online/offline/syncing). Trigger sync manually or watch it happen in real time.
📁 Selective Sync
Use .syncignore (gitignore syntax) to control exactly what syncs. By default, everything syncs — add exclusions as needed.
Run a local smoke test, inspect the recovery dashboard, repair stuck local sync state, or apply reusable sync profiles without leaving VS Code.
🔀 Git-Aware
Detects when machines have diverged on Git history and prompts you to resolve gaps before syncing workspace files.
📤 File Transfers
Right-click any file → Send to Machine to push individual files to a specific machine without a full sync.
⚡ Conflict Resolution
Automatic detection of conflicting changes between machines with guided resolution.
🔑 Multi-Account Auth
Sign in with GitHub or Microsoft — accounts are unified across providers.
🛡️ Zero-Trust Architecture
- Server is untrusted — never sees passphrases, keys, or plaintext
- Secrets stored in VS Code SecretStorage only — never in files or logs
- Encrypted blobs auto-deleted within 2 hours
- AAD binds ciphertext to workspace, machine, file path, and version
Getting Started
- Open the command palette (
Cmd+Shift+P / Ctrl+Shift+P)
- Run Sessyn: Setup Wizard
- Sign in with GitHub or Microsoft
- Name your machine and choose a workspace folder
- Set an encryption passphrase (use the same one on all machines)
- Sync!
Commands
| Command |
Description |
Sessyn: Setup Wizard |
First-time setup — auth, machine, workspace, passphrase |
Sessyn: Sync Now |
Trigger a manual sync |
Sessyn: View Machines |
Refresh the machine list |
Sessyn: Review Changes |
Review incoming changes before applying |
Sessyn: Sync Untracked Files |
Review and sync only gitignored or untracked files |
Sessyn: Open Settings |
Open extension settings panel |
Sessyn: Manage Ignore List |
Edit .syncignore |
Sessyn: Apply Sync Profile |
Apply a managed .syncignore profile |
Sessyn: Show Status |
Open the recovery dashboard |
Sessyn: Run Smoke Test |
Verify auth, connection, encryption, and workspace readiness |
Sessyn: Repair Sync State |
Clear resumable sync state and cached file index |
Sessyn: Send to Machine... |
Send a file to a specific machine |
Update Extension Remotely |
Ask another connected machine to update and reload |
Update, Reload & Sync Remotely |
Remotely update a machine, reload it, run a smoke test, and start syncing |
Run Smoke Test Remotely |
Ask another connected machine to run its smoke test |
Sessyn: Export Diagnostics |
Export redacted diagnostics for support |
Sessyn: Reconnect |
Force reconnect to server |
Sessyn: Sign In Again |
Re-authenticate if your session expired |
Sessyn: Check for Updates |
Check for new extension versions |
Sessyn: Forget Local Secrets |
Wipe all locally stored secrets |
.syncignore
Sessyn syncs everything by default. Use .syncignore with gitignore syntax to exclude files:
# Always excluded automatically:
.git/
.DS_Store
node_modules/
# Add your own:
*.log
build/
dist/
.cache/
You can also apply built-in sync profiles from the command palette to manage the generated section of .syncignore for common cases like build-output-heavy workspaces, dotfiles-only sync, or secrets-only sync.
Security Model
| Layer |
Implementation |
| Encryption |
AES-256-GCM with HKDF-derived subkeys |
| Key Derivation |
Argon2id (PBKDF2-SHA256 fallback on web) |
| Integrity |
HMAC-SHA256 with replay protection |
| Request Signing |
Ed25519 (desktop) / ECDSA P-256 (web) — per-machine keypairs |
| Anti-Tampering |
AAD binds ciphertext to workspace + machine + path + version |
| Secret Storage |
VS Code SecretStorage API only |
| Server Trust |
Zero — server never sees plaintext |
| Data Retention |
Encrypted blobs auto-deleted within 2 hours |
| PQ Readiness |
All symmetric crypto quantum-safe; ML-DSA-87 ready when available |
Links
License
MIT — © Aegyrix LLC. See LICENSE.
