Sessyn is a VS Code extension that securely syncs your full developer workspace — including .env, certificates, and configs — between trusted machines with client-side AES-256-GCM encryption. Works on desktop, vscode.dev, and github.dev.
How It Works
Install, authenticate, and your workspace syncs across all your machines.
Install the VS Code extension and sign in with GitHub or Microsoft. Your identity is verified, never stored.
Create a workspace passphrase. All encryption happens on your machine, the server never sees your keys or files, and there is no forced 30-day passphrase rotation.
Your workspace stays in sync across all trusted machines. Add a new machine in seconds.
Features
Every feature designed with zero-trust principles.
AES-256-GCM with Argon2id KDF and HKDF subkeys. Files are encrypted before they leave your machine.
Syncs everything — .env files, SSH keys, certificates, configs. Use .syncignore to exclude anything.
Per-machine keypairs sign every sync request. Ed25519 on desktop, ECDSA P-256 on web. Approve or revoke machines anytime.
WebSocket-based sync with automatic conflict detection, mass-delete protection, and quarantine auto-cleanup.
When the same file changes on two machines, choose per file: Keep Local, Keep Remote, Keep Both, or open a side-by-side diff to decide.
Send encrypted files directly to a specific machine. Right-click any file and choose "Send to Machine" — or copy a remote file locally.
Preview what will sync before committing. See which files are new, modified, or deleted across machines.
The server stores only encrypted blobs. No plaintext filenames, no content inspection, no backdoors.
Expired sessions are silently refreshed. If the token can't be renewed, Sessyn re-authenticates via OAuth — no manual steps needed.
Sessyn checks GitHub for new releases and supports one-click local updates plus remote update, reload, smoke test, and sync orchestration on connected machines, including ARM64.
Chunked encrypted transfers, journaled recovery, and a cached file index let large syncs resume from the last completed chunk after reloads and reconnects.
Desktop (macOS, Linux, Windows, ARM64), vscode.dev, and github.dev. One extension, every platform.
Authenticated encryption with associated data
Memory-hard key derivation from your passphrase
Unique encryption key per file, per version
Authenticated file listings prevent tampering
Per-machine keypairs sign every sync request
All symmetric crypto quantum-safe; ML-DSA-87 upgrade path built in
Security Architecture
Sessyn uses a layered encryption architecture. Your passphrase is never transmitted — it's stretched locally using Argon2id, then HKDF derives unique subkeys for each file. Even if the server is compromised, your data remains unreadable.
.syncignore
Fine-grained control with .gitignore-style patterns.
Get Started
One click from the VS Code Marketplace. Available on all platforms — including vscode.dev and github.dev.
macOS, Linux, and Windows — including ARM64
Documentation
Everything you need to get up and running with Sessyn.
Install Sessyn directly from the VS Code Marketplace:
Or install from the command line:
code --install-extension aegyrix.sessyn
You can also install from the VS Code Marketplace website, or download a .vsix file from GitHub Releases for offline installation.
When you first open VS Code after installing Sessyn, you'll see a welcome notification prompting you to set up workspace sync.
The setup wizard walks you through three steps:
Sessyn: Unlock Workspace Encryption. If you lose the passphrase, there is no recovery — that's the point of zero-knowledge encryption.
After setup, Sessyn connects to the sync server via WebSocket for real-time updates.
To sync manually, click the Sync Now button in the Machines sidebar, or run Sessyn: Sync Now from the command palette (Cmd+Shift+P).
What happens during a sync:
Real-time updates: When another machine pushes changes, you'll get a notification:
Safety features:
When the same file is modified on two machines before syncing, Sessyn detects the conflict and gives you full control over how to resolve it.
Resolution options (prompted per file):
| Option | What It Does |
|---|---|
| Keep Local | Your version wins — overwrites the remote copy |
| Keep Remote | The other machine's version wins — overwrites your local copy |
| Keep Both | Saves the remote version as filename.remote.ext alongside your local file |
| Diff & Decide | Opens VS Code's native side-by-side diff editor so you can visually compare both versions, then choose |
Pre-write safety: Before overwriting a local file, Sessyn re-hashes it to verify you haven't made edits since the compare step. If the file changed, it's skipped instead of silently overwritten.
Quarantine: When a remote sync would delete a local file, the file is quarantined (backed up) instead of removed. Quarantine backups older than 30 days are automatically pruned at the start of each sync.
Every machine that syncs your workspace must be explicitly trusted. Each generates a unique keypair at setup time (Ed25519 on desktop, ECDSA P-256 on web) and signs every sync request. The server verifies signatures against the registered public key.
Trust states:
| State | Meaning |
|---|---|
| Trusted | Machine is approved and can sync this workspace |
| Pending | Machine registered but awaiting approval from a trusted machine |
| Revoked | Machine was removed — can no longer sync |
Sessyn creates a .syncignore file in your workspace root. It uses standard .gitignore syntax to control which files are synced.
To edit your ignore list, run Sessyn: Manage Ignore List from the command palette, or just open .syncignore directly.
.gitignore, Sessyn intentionally syncs sensitive files like .env, .pem, and .key — because they're encrypted client-side before upload. Only add files to .syncignore if you don't need them on other machines (build artifacts, caches, etc.).
All commands are accessible via the VS Code command palette (Cmd+Shift+P / Ctrl+Shift+P):
| Command | Description |
|---|---|
Sessyn: Setup Wizard | Open the first-time setup wizard |
Sessyn: Sync Now | Manually trigger a workspace sync |
Sessyn: Sync Untracked Files | Include untracked files in the next sync |
Sessyn: Review Changes | Preview pending changes before syncing |
Sessyn: Send to Machine... | Send the current file to a specific machine (encrypted) |
Sessyn: Copy Local | Download a remote file from the sidebar to your machine |
Sessyn: View Machines | Open the Machines sidebar |
Sessyn: Approve Machine | Trust a pending machine |
Sessyn: Revoke Machine | Revoke trust from a machine |
Sessyn: Delete Machine | Remove a machine entirely |
Sessyn: Open Settings | Open the Sessyn settings panel |
Sessyn: Manage Ignore List | Open .syncignore for editing |
Sessyn: Unlock Workspace Encryption | Unlock a workspace after restart without permanently remembering the derived key |
Sessyn: Apply Sync Profile | Apply a managed sync profile to .syncignore |
Sessyn: Show Status | Open the recovery dashboard with journal, smoke test, and last sync details |
Sessyn: Run Smoke Test | Check auth, encryption, workspace access, and API reachability |
Sessyn: Repair Sync State | Clear cached resumable sync state and rebuild from a clean local baseline |
Sessyn: Reconnect | Manually reconnect to the sync server |
Sessyn: Sign In Again | Re-authenticate if your session expired |
Sessyn: Check for Updates | Check GitHub releases for a newer version |
Update Extension Remotely | Ask a connected machine to install the newest Sessyn release and reload automatically |
Update, Reload & Sync Remotely | Update a connected machine, reload it, run a smoke test, and start syncing automatically |
Run Smoke Test Remotely | Ask a connected machine to run its own smoke test and report back |
Sessyn: Refresh File List | Refresh the file tree in the sidebar |
Sessyn: Export Diagnostics | Generate a redacted JSON report for troubleshooting |
Sessyn: Forget Secrets | Clear all stored credentials and disconnect |
Sessyn shows its current state in the bottom-left of VS Code's status bar. Click it to open the Machines sidebar.
| Status | Indicator | Meaning |
|---|---|---|
| Connected | Green dot | WebSocket active, ready to sync |
| Syncing | Spinner | File transfer in progress |
| Conflicts | Yellow background | Same file changed on multiple machines |
| Offline | Gray dot | No server connection |
| Error | Red background | Auth expired, machine revoked, or server error |
"Sessyn: Offline" and won't connect
Sessyn: Reconnect from the command paletteSessyn: Show Status for detailed diagnostics"Auth Expired" in status bar
Sessyn: Reconnect to manually trigger re-authenticationMachine stuck in "Pending"
File conflicts
filename.remote.extGenerate a diagnostic report
Sessyn: Export Diagnostics
This generates a JSON file with connection state, auth info, and sync history. All secrets are automatically redacted.
Stop emailing yourself .env files. Stop losing configs when you switch machines. Start syncing with confidence.
Install Sessyn