Integrate · Chapter 2 of 5

The Six Elements

User, Device, Group, Vault, Container, Platform Service — and which side of the boundary each lives on.

Six elements

The integration model is built from six distinct concepts. Understanding what each one is — and what it deliberately is not — is the foundation for everything else.

Ecosystem

User

An identity in the external ecosystem (Scribe account, org member). TinySync does not know users exist.

TinySync

Device

A logged-in session of a user on a physical machine. TinySync's atomic identity unit. One device token per session.

TinySync

Group

An opaque set of devices in TinySync. No user semantics. Authorization is granted to groups, not to devices directly.

TinySync

Vault

A storage namespace — a root of the synced file tree. Access is granted at the group level. One vault per "shared drive".

TinySync

Container

A tagged view inside a vault. Carries product namespace and access policies. Orthogonal to groups and authorization.

Platform Layer

Platform Service

The translation layer between ecosystem events and TinySync operations. Owns the user → devices mapping.

Element boundaries

graph LR subgraph Ecosystem["Ecosystem (e.g. Scribe)"] U[User] end subgraph PlatformSvc["Platform Service"] PS[Platform Service\nuser → devices mapping] end subgraph TinySync["TinySync"] D[Device] G[Group] V[Vault] C[Container] end U -- "login / logout" --> PS PS -- "register / revoke device" --> D PS -- "add / remove from group" --> G D -- "member of" --> G G -- "access to" --> V V -- "contains" --> C

The key boundary: everything left of TinySync is the ecosystem's responsibility. TinySync never reads ecosystem user records, session tokens, or role assignments. It only sees device IDs and group memberships — both of which are managed for it by the Platform Service.

The identity model

TinySync's identity unit is the device. A device is not a machine — it is a logged-in session of a specific user on a specific machine. The same laptop has two different device identities if two different users log in on it.

Device token format

Device tokens are custom bearer tokens, not JWTs. Each token encodes its device ID and a random secret:

tsdev_{device_id}_{secret}

device_id  — opaque identifier, assigned at registration
secret     — 32 random bytes, base64url-encoded

The server stores only the SHA-256 hash of the secret (with a domain separator). The raw token never persists on the server side. This means a device token cannot be recovered after issuance — only revoked.

One token per session

There is exactly one device token per (user × physical device) pair. If Alice logs in on her MacBook, the Platform Service registers a device and issues one token. That token lives on Alice's MacBook. It is not shared with Bob's MacBook, even if both are in the same group.

Why this matters

A single compromised token can be revoked (by revoking that device) without affecting any other device in the group. Revocation is surgical, not sweeping.

Who knows about users?

TinySync does not. The Platform Service maintains the user_id → [device_ids] mapping. When an ecosystem event arrives (user added to workspace, user promoted to admin), the Platform Service translates it into device operations and calls the TinySync API.

Concern	Lives in	TinySync knows?
User identity	Ecosystem + Platform Service	No
User → Devices mapping	Platform Service	No
Device identity	TinySync	Yes (it's the primary key)
Device → Groups	TinySync	Yes
Group → Vaults	TinySync	Yes