Entity: TazPod (Operator Environment)

This page is the repository hub for the TazPod CLI and its containerized execution model.

Overview

tazpod/ is the operator continuity layer of TazLab. It combines a disposable container runtime, an encrypted vault (vault.tar.aes), a RAM-only secret lifecycle, and persistent project-local state under .tazpod/.

Repository Structure

tazpod/
├── cmd/tazpod/               # CLI command dispatch and lifecycle
│   ├── main.go               # Entrypoint, command dispatcher
│   ├── lifecycle.go          # up/down/enter/smartEntry/ensureContainerUp
│   ├── vault_cmd.go          # unlock/lock/save/login/loadConfigs
│   ├── sync.go               # syncDaemon/pull/push
│   ├── config.go             # Config struct definitions
│   ├── init.go               # initProject()
│   ├── vpn.go                # vpn command (legacy/untrusted)
│   └── help.go               # help/usage
├── internal/
│   ├── crypto/crypto.go      # AES-256-GCM + PBKDF2
│   ├── vault/vault.go        # Unlock/Save/TarDir/Untar, path constants
│   └── utils/
│       ├── utils.go          # RunCmd/RunOutput/IsMounted/FileExists
│       └── s3.go             # S3 client, UploadFile/DownloadFile
├── .tazpod/
│   ├── Dockerfile.base       # Ubuntu 24.04 + dev tools + shell tools
│   ├── Dockerfile.aws        # + AWS CLI v2
│   ├── Dockerfile.k8s        # + kubectl, helm, flux, talosctl, terraform
│   ├── Dockerfile.ai         # + AI agents (pi, gemini-cli, opencode)
│   └── config.yaml           # Project-local configuration
├── dotfiles/
│   ├── .bashrc               # Shell init, symlinks, OpenCode seeding
│   ├── .tmux.conf            # Mouse, vi-mode, OSC 52 clipboard
│   └── .config/              # Starship, Zellij, OpenCode TUI, nvim
├── .github/workflows/
│   └── build-push.yml        # CI: conditional build per layer
├── Taskfile.yml              # Build tasks
└── VERSION                   # Current version

Quick Facts

PropertyValue
Repositorytazpod/
LanguageGo 1.24
Default branchmaster
Current version0.3.35
Vault path.tazpod/vault/vault.tar.aes
Default imagetazzo/tazpod-ai:latest
Default containertazpod-lab
S3 buckettazlab-storage (eu-central-1)

Canonical Starting Pages for Agents

Architecture & Concepts

Secrets & Vault

CLI & Container Lifecycle

Tooling & Automation

Known Issues / Technical Debt

TDAreaSummary
TD-017smartEntry()containerUnlocked check unreliable — prompts unlock when vault already open
TD-018Container lifecycleDefault bridge MTU (1500) causes TLS blackouts on hotspot/Tailscale
TD-022save() UXSuccess message even when RAM vault not mounted; push vault cwd-sensitive
TD-021Vault recoveryBootstrap anchor gap: operator files absent even when S3 lineage is coherent
TD-006Local networkHotspot IPv6 unverified/unreliable for validation runs
TD-027Vault auto-lockFixed v0.3.22 — marker files in /tmp/.tazpod-shells/ lock vault only when the last interactive shell exits

Relationships

See Also