State exchange
Sync
Sync moves signed encrypted events between your local files and one primary server. It also refreshes enabled local projections: SSH config, Talos config, and Kube config.
What sync does
$ fd0 sync -> push local events -> pull remote events -> verify signatures, hash links, STHs, and witness policy -> discover new scopes -> refresh enabled SSH/Talos/Kube projections
One primary
A client reads and writes exactly one primary. That keeps each scope in one ordered history. Redundancy is handled by server-side disaster recovery, not by writing to multiple primaries.
Automatic sync
[sync] server = "https://api.fd0.sh" interval = "1h" on_unlock = true
interval enables background sync from the agent. on_unlock runs sync after a successful unlock.
Scope discovery
When someone adds you to a scope, your next sync discovers the scope, pulls its full event chain, decrypts your key delivery, and stores the scope locally.