Deja Vu Coding Agent Memory Adds SSH Sync Without a Cloud Service
- Aisha Washington
- 22 hours ago
- 14 min read
Deja Vu coding agent memory has added SSH synchronization, turning existing local session logs into portable context without sending them through a hosted memory platform. The open-source project indexes conversations already written by Claude Code, Codex, and opencode. Its latest release arrived on July 14, 2026.
That combination creates a direct challenge to the dominant model for agent memory. Many systems capture new information through a dedicated database, embedding pipeline, or cloud account. Deja Vu instead searches the history developers already possess, then moves sanitized records through folders or SSH when requested.
The distinction matters because coding agents lose useful reasoning at session boundaries. A fixed bug might remain in Git, but the rejected approaches, environment details, and architectural tradeoffs often remain trapped inside an old conversation. Deja Vu attempts to recover those details without asking developers to adopt another hosted repository.
Its pitch is appealing, but narrower than the word “memory” suggests. The project provides fast lexical retrieval and automatic context injection. It does not claim to understand changing facts, reconcile contradictions, or decide which old conclusion remains correct.
That tradeoff defines the news. Deja Vu offers control, portability, and low infrastructure overhead. In exchange, developers receive a search-oriented memory layer rather than an autonomous knowledge system.
Deja Vu Coding Agent Memory Now Travels Over SSH
The release turns local coding transcripts into a transferable memory archive while keeping synchronization under the developer’s control.
Claude Code, Codex, and opencode already record conversations and tool activity on disk. Deja Vu discovers those stores, parses their contents, removes recognized credentials, and builds a local inverted index. An inverted index maps terms to matching records, allowing fast text retrieval without a language model.
The project’s source repository describes one binary with no required database, background service, or downloaded model. Claude Code histories come from JSONL files, while Codex sessions and opencode’s local SQLite database receive separate parsers.
That approach makes installation retroactive. A developer does not need to run Deja Vu before a useful conversation occurs. Once installed, it can index compatible logs that have accumulated over earlier sessions.
The command-line interface searches those histories across supported agents. A developer might search for a connection pool failure, an authentication regression, or an abandoned database migration. Deja Vu returns matching excerpts and identifies their original harness and project.
Its Model Context Protocol server exposes the same archive to an agent. MCP is a standard interface through which AI applications can invoke external tools and retrieve data. Deja Vu supplies a recall tool for short snippets and a second tool for a compact session digest.
Automatic recall goes one step further. For Claude Code, the optional installation hook places recent project memory into a new session’s context. The project says this material is read-only, capped at 2 KB, and designed not to block startup.
The new synchronization path moves this memory between machines. Developers can export append-only JSONL batches into a shared folder, then import unseen batches elsewhere. The folder can sit inside Syncthing, iCloud, or another file transport selected by the user.
SSH memory sync removes that shared-folder requirement. A push command exports new records, copies them to a configured SSH host, and imports them on the destination. A pull option performs the corresponding retrieval from the remote machine.
Deja Vu uses the operating system’s existing SSH and SCP programs. The remote machine must also have the Deja Vu binary available. This design avoids a proprietary relay, new account, or continuously running synchronization server.
Exports use watermarks to track progress. A watermark records how far a synchronization operation has advanced, allowing later runs to transfer only newer batches. Imports are idempotent, meaning repeating the same import should not duplicate its records.
Records also retain their origin, so an imported session does not bounce back endlessly during later synchronization. A full-export option handles cases where a new machine needs older history after earlier transfer batches have disappeared.
This is more than a convenience feature. Synchronization changes Deja Vu from a search utility on one computer into a portable memory layer spanning a workstation, laptop, and remote development host.
Why Existing Session Logs Are Becoming Valuable
Deja Vu treats coding transcripts as accumulated engineering evidence, not disposable chat history.
A repository preserves the final code, but it rarely preserves every reason behind that code. Commit messages might document a decision, although many only summarize the resulting change. Issue trackers capture planned work, but debugging experiments frequently remain outside them.
Agent transcripts contain another layer of evidence. They can include failed commands, test results, competing implementations, user corrections, and explanations of unfamiliar modules. They may also record why a seemingly obvious solution was rejected.
This material becomes useful when a later task resembles an earlier one. A new agent could rediscover that a migration failed under a particular deployment setting. It might retrieve the reason a cache invalidation step exists instead of deleting it as unnecessary.
The need grows as developers use multiple coding assistants. A solution discovered through Claude Code does not automatically appear in a later Codex session. Tool-specific histories create separate islands even when every session concerns the same repository.
Deja Vu coding agent memory searches across three such islands. Its current support covers Claude Code, Codex CLI, and opencode. Aider and Gemini CLI appear on the project’s planned integration list rather than its supported list.
Recent research gives this problem wider context. Anthropic analyzed roughly 400,000 Claude Code sessions recorded between October 2025 and April 2026. Its coding agent research found that users typically made most planning decisions while Claude handled more execution decisions.
That division makes session history especially interesting. The transcript can preserve how human intent interacted with machine execution. Neither the final patch nor an isolated prompt necessarily captures that full path.
Academic work also frames persistent memory as a system requirement for long-running agents. A June 2026 memory systems study describes a two-tier structure containing persisted memory and the working context assembled for a current task.
Deja Vu fits that structure in a deliberately simple way. Existing transcripts form the persistent tier. Search results or automatic recall become the smaller working set placed inside the current context window.
The project reports warm searches taking 7 to 9 milliseconds on the maintainer’s corpus. That corpus reportedly contains more than 1,250 sessions and about 3.3 GB of source logs. The reported index occupies roughly 2.4 percent of the original corpus.
Those figures are project measurements, not an independent benchmark. Performance will vary with storage hardware, transcript structure, query patterns, and corpus size. The reported test nevertheless shows the workload Deja Vu intends to address.
The value proposition also depends on retrieval timing. Remembering everything is not useful if the agent receives irrelevant logs and loses attention for the current task. Deja Vu therefore emphasizes compact results rather than replaying entire sessions.
Its recall tool limits returned snippets to 4 KB. Automatic startup context is smaller still. Developers can also request a digest of one well-matched session instead of injecting a broad collection of raw conversations.
This restrained model resembles good personal knowledge management. Useful memory requires capture, retrieval, and context selection, not merely storage. A searchable knowledge base follows the same principle for technical documents outside agent transcripts.
The important shift is ownership. Session files that once looked like application residue can become a reusable engineering archive. Deja Vu makes that archive accessible without first converting every conversation into a curated document.
Local Search Challenges the Hosted Memory Route
The central contest is local, transcript-based retrieval against managed memory services that capture and process information through their own infrastructure.
Many agent-memory products begin with a write path. They observe a conversation, extract candidate facts, create embeddings, and store results in a database. Later, semantic retrieval selects information related to a new request.
That design can support paraphrase matching and structured memory updates. It can also create new operational dependencies, including a model provider, vector database, background processor, or cloud synchronization service.
Deja Vu starts somewhere else. It considers the harness transcript the source of truth and builds a derived local index. No separate capture integration needs to observe future sessions before they become searchable.
This is the project’s strongest reversal. Developers may already own a substantial memory archive without recognizing it as one. Deja Vu’s job is to expose that archive, not persuade every agent to write into a new platform.
The local approach also reduces switching friction. A developer can query Claude Code and Codex records through one interface. The original applications continue writing their normal files, so Deja Vu does not need to control the conversation runtime.
Its architecture notes describe parsers feeding normalized records into a local binary index. A manifest tracks the state of each source file, letting subsequent indexing runs process changed material incrementally.
This design carries practical benefits. Search can continue offline. There is no hosted service whose availability determines whether old reasoning remains accessible. Developers can delete the derived cache and rebuild it from original transcripts.
SSH memory sync follows the same philosophy. Deja Vu creates redacted append-only batches, while the user chooses how those batches travel. The application invokes established system tools instead of operating a hidden network service.
That difference matters for teams with remote development machines. A developer might use a laptop for planning, a workstation for local builds, and an SSH host for heavier tests. Each machine can accumulate a different slice of the project’s history.
A push or pull command can combine those slices into searchable local indexes. The remote connection remains visible through normal SSH configuration and access controls. Organizations can apply existing host policies instead of approving another synchronization vendor.
The route has limits. SSH solves machine-to-machine transport, but it does not provide collaborative administration. It lacks a hosted console for managing users, revoking project access, reviewing organization-wide retention, or applying granular sharing policies.
Manual synchronization can also produce uneven freshness. If users forget to run the command, one machine’s recall results will lag another. Cron can automate transfers, but scheduled jobs add their own maintenance and failure modes.
Semantic retrieval is another dividing line. Deja Vu uses lexical matching, so queries depend heavily on words appearing in the source. A search for “credential renewal” might miss a session that only discusses “token rotation,” unless another shared term connects them.
Vector-based systems attempt to bridge such wording differences. They encode text into numerical representations that can match related meanings. Those systems introduce additional models and infrastructure, but semantic recall can outperform literal search when vocabulary changes.
Deja Vu explicitly chooses the smaller mechanism. It compares itself with broader tools by emphasizing three harnesses, pure lexical search, and minimal setup. This keeps the binary understandable, but it narrows what “recall” can accomplish.
The comparison is therefore not local good versus cloud bad. It is a choice between operational control and richer memory processing. Some developers will prefer a transparent search index. Others need semantic consolidation, team controls, or automatic conflict handling.
Deja Vu pressures hosted memory providers by proving that a useful baseline can be assembled from files developers already have. Those providers must show that their added intelligence and administration justify the additional data path.
Secret Redaction Helps, but Memory Still Expands the Attack Surface
A searchable, synchronized transcript archive concentrates sensitive engineering context, even when recognized credentials are removed.
Coding conversations are unusually sensitive. They can contain source code, local file paths, customer identifiers, internal hostnames, stack traces, deployment details, and instructions for privileged systems. Some sessions also include credentials copied during debugging.
Deja Vu scans content for several credential patterns before placing records into its index. Its documented filters cover AWS keys, bearer tokens, raw JSON Web Tokens, private-key blocks, provider tokens, and URLs containing embedded usernames and passwords.
Matched values become typed redaction markers while surrounding text remains searchable. The sharing and export commands repeat redaction before producing material that can leave the current machine.
Defense in depth is sensible because original logs can predate Deja Vu. A credential that entered a transcript months earlier might otherwise move into the new index and every synchronized copy.
Still, pattern matching cannot guarantee that every secret disappears. An organization can use proprietary token formats, unusual connection strings, session cookies, recovery codes, or sensitive values that resemble ordinary text. Redaction rules will miss patterns they do not recognize.
The project correctly avoids claiming that original logs become sanitized. Credentials remain inside the harness files that recorded them. Deja Vu removes recognized values from its derived index, digests, shares, and exports.
That distinction should shape deployment decisions. Deleting the Deja Vu cache does not erase the underlying Claude Code, Codex, or opencode history. Teams need separate retention and deletion policies for each original store.
SSH also protects transport, not every endpoint. A correctly configured encrypted connection prevents casual interception. It cannot protect exported records after a destination account, remote host, backup, or administrator becomes compromised.
Append-only synchronization increases the number of durable copies. That is useful for continuity, but it complicates deletion. A developer who removes a sensitive local record must still consider earlier export batches and machines that already imported them.
The current project also lacks project exclusion through a simple command-line flag. Its documentation suggests using custom source roots pointed at filtered copies until exclusion support arrives. That workaround demands deliberate configuration from users handling mixed-sensitivity projects.
Automatic recall adds another risk. Context from an earlier session can influence a new agent before the user reviews it. An old transcript might contain incorrect assumptions, obsolete instructions, or malicious content introduced through an untrusted source.
Persistent-memory attacks are becoming an active research topic. A July 2026 paper on memory injection studies how adversarial instructions can survive inside an agent’s memory and affect later behavior. Its setting differs from Deja Vu, but the core warning transfers.
Deja Vu does not generate new semantic memories from arbitrary content. That reduces one route for silent transformation. However, it can retrieve and inject past transcript text, so provenance and user review still matter.
The project’s automatic context is read-only and size-limited. Those constraints reduce exposure but do not determine whether retrieved content is accurate or safe. A short malicious instruction can still be harmful if an agent treats it as trusted guidance.
Teams should therefore treat recalled text as evidence, not authority. An agent can use an old session to locate a test, decision, or failed approach. It should verify that conclusion against the current repository and operating environment.
The same rule applies to shared digests. Redaction removes selected secret formats, but it does not classify business sensitivity. A sanitized record can still reveal architecture, customer problems, or unreleased product decisions.
Before adopting SSH memory sync, organizations need answers about scope, retention, deletion, remote access, and incident response. Local ownership removes a vendor from the trust chain. It does not remove the need for governance.
Searchable History Is Not the Same as Reliable Memory
Deja Vu can retrieve what an agent previously said, but it cannot determine whether that statement remains true.
A coding transcript is a record of a process, not a verified knowledge base. Agents make mistakes, users change direction, dependencies evolve, and temporary workarounds outlive their assumptions. Search can surface any of these states.
Consider a session that recommends disabling a failing integration test. A later session might retrieve that recommendation after the underlying service has been fixed. The old answer is relevant to the wording of the query, yet wrong for the current repository.
Contradictions create a similar problem. One transcript might describe PostgreSQL as the chosen deployment database. Another might record a later migration to a different system. Lexical retrieval can return both without identifying which decision superseded the other.
Research increasingly treats memory maintenance as separate from storage and retrieval. A May 2026 paper asking whether memory is a database highlights revision, forgetting, and evolving state as distinct requirements for long-term agent memory.
Deja Vu does not attempt those functions. Its append-only model preserves history, and its search layer finds matching material. It leaves interpretation to the current agent and developer.
That limitation is defensible for a small utility. Automatic fact extraction could introduce subtler errors by converting speculative conversation into confident memory. Keeping original excerpts visible preserves more provenance and makes uncertainty easier to inspect.
However, users should not confuse transparency with correctness. A retrieved session can show when something was discussed and which harness produced it. It cannot prove that the conclusion was tested, merged, deployed, or still applicable.
The project’s performance numbers also measure search speed rather than answer quality. A 7-millisecond result is useful only when the correct evidence appears near the top. No published independent evaluation currently establishes Deja Vu’s recall accuracy across real development tasks.
Lexical search works best when developers remember distinctive terms. Error messages, function names, issue identifiers, and configuration keys provide strong anchors. Broad conceptual queries are harder because earlier sessions may use different vocabulary.
Cross-harness normalization introduces another challenge. Claude Code, Codex, and opencode represent messages and tool activity differently. A common index must remove noise without discarding the details that later make a result useful.
Deja Vu strips tool noise from shared digests, but developers will need to judge whether its default presentation preserves enough diagnostic context. A command failure without its environment, working directory, or preceding change can mislead.
Automatic startup recall also depends on project identification. Remote copies appear under imported project labels. Repositories cloned into different paths or renamed over time can fragment related history unless the tool maps them consistently.
None of these concerns makes the project unhelpful. They clarify its actual role. Deja Vu is closer to searchable institutional memory than a self-updating model of project truth.
Teams can improve reliability by pairing recall with verification. Agents should cite the retrieved session, inspect current code, rerun relevant tests, and state when an earlier result conflicts with present evidence.
Important decisions should still enter durable project documentation. An architecture record, issue, or reviewed technical note remains easier to govern than an informal conversation. Transcript recall works best as a route back to evidence, not the final destination for knowledge.
Developers building broader context systems can apply the same distinction. A personal knowledge system becomes more dependable when captured material remains traceable and users can refine what deserves long-term authority.
Deja Vu’s restraint is both weakness and strength. It will not resolve ambiguity for the developer. It also avoids pretending that an old model response automatically became a fact.
Three Signals Will Decide Whether SSH Memory Sync Matters
The next test is not whether Deja Vu can move records, but whether developers trust those records enough to use them during real coding work.
The first signal is independent retrieval testing. The maintainer has published measurements for latency, index size, and indexing time. Users still need evidence about relevance across varied repositories, naming conventions, and multi-agent histories.
Useful field reports would compare lexical results with semantic alternatives on concrete tasks. They should track whether recalled context prevents repeated debugging, reduces repository exploration, or introduces stale assumptions. Speed alone cannot answer those questions.
If independent tests show high relevance for error messages, architectural decisions, and recurring incidents, Deja Vu’s narrow design gains credibility. Frequent missed paraphrases or noisy results would strengthen the case for embeddings and richer ranking.
The second signal is security and scope control. Project exclusion is already an acknowledged gap, while synchronized deletion remains a broader append-only challenge. Organizations will watch for filters, retention tools, audit information, and clearer handling of remote copies.
Improved scope controls would reinforce the local-first argument. Developers could index ordinary projects while excluding regulated repositories, customer environments, or confidential experiments. Without those controls, many teams will restrict adoption to personal machines.
Security review should also examine redaction coverage. The documented patterns provide a useful baseline, but custom detectors and validation reports would make the feature more suitable for diverse engineering environments.
The third signal is integration breadth. Claude Code, Codex, and opencode represent an important starting set, but developers often switch among more tools. Planned Aider and Gemini CLI support will test whether the parser architecture can expand without becoming fragile.
More integrations would make Deja Vu coding agent memory a neutral layer above individual assistants. That position is strategically important because agent vendors increasingly add their own local or hosted memory features.
Microsoft’s recent agent memory documentation illustrates the competitive pressure. VS Code now distinguishes local user, repository, and session memory from GitHub-hosted Copilot Memory. Vendor-native systems can integrate deeply with their own interfaces.
Deja Vu must offer a different advantage. It cannot out-integrate every vendor inside each product. It can remain portable across products, expose existing histories, and let developers control synchronization.
The open-source license also invites integrations that the original maintainer does not prioritize. Each new parser is still a maintenance commitment, however. Harness storage formats can change without guaranteeing compatibility for third-party tools.
Adoption will therefore depend on resilience. Developers need predictable upgrades, visible parsing errors, and a recovery path when a source format changes. A memory tool that silently omits recent sessions creates false confidence.
The project’s best near-term audience is likely an individual developer or small team already comfortable with terminals and SSH. These users often work across local and remote machines, understand file permissions, and can inspect unexpected search results.
Larger organizations face a different calculation. They need identity management, retention enforcement, legal holds, offboarding, and access reviews. Deja Vu does not currently present itself as that administrative layer.
That does not make the release minor. It establishes a credible lower bound for coding agent memory. Existing logs, a compact local index, MCP recall, redaction, and ordinary SSH can deliver cross-session continuity without a new hosted service.
The harder question is whether continuity becomes dependable practice. Will agents check memory before repeating an investigation? Will developers verify recalled conclusions? Will teams keep sensitive projects outside the index and remove obsolete exports?
Over the next three months, watch retrieval evaluations, security controls, and new harness integrations. Together, those signals will show whether SSH memory sync remains a useful personal utility or becomes infrastructure that coding teams can rely upon.
Developers considering Deja Vu should begin with a limited, non-sensitive project and inspect what the index contains. Test push and pull behavior across two controlled machines, then compare recalled sessions with the current repository. If the results save repeated work without introducing stale guidance, this open-source coding agent memory approach has earned a larger trial.