State exchange

Sync

Sync moves signed encrypted events between your local files and one primary server. It also refreshes enabled local projections: SSH config, Talos config, and Kube config.

What sync does

$ fd0 sync
-> push local events
-> pull remote events
-> verify signatures, hash links, STHs, and witness policy
-> discover new scopes
-> refresh enabled SSH/Talos/Kube projections

One primary

A client reads and writes exactly one primary. That keeps each scope in one ordered history. Redundancy is handled by server-side disaster recovery, not by writing to multiple primaries.

Automatic sync

[sync]
server = "https://api.fd0.sh"
interval = "1h"
on_unlock = true

interval enables background sync from the agent. on_unlock runs sync after a successful unlock.

Scope discovery

When someone adds you to a scope, your next sync discovers the scope, pulls its full event chain, decrypts your key delivery, and stores the scope locally.