TazPod CLI Reference
This page maps the real command surface of tazpod from cmd/tazpod/main.go and the command implementations in cmd/tazpod/.
Primary Dispatch Table
| Command | Real Target | Notes |
|---|---|---|
tazpod | smartEntry() | default no-args path |
tazpod init | initProject() | creates .tazpod/, .tazpod/vault/, and config |
tazpod up | up() | ensures container is running and starts sync daemon |
tazpod down | down() | stops and removes container |
tazpod ssh | enter() | alias of enter |
tazpod enter | enter() | interactive shell path |
tazpod unlock | unlock() | decrypt vault into RAM and bridge AWS |
tazpod lock | lock() | unmount RAM enclave and AWS bind mount |
tazpod save | save() | re-encrypt RAM vault back to disk |
tazpod pull vault | pullVault() | S3 -> local encrypted vault |
tazpod push vault | pushVault() | local encrypted vault -> S3 |
tazpod sync | pull() dispatcher | currently handled by the same dispatcher family as pull; operationally worth remembering |
tazpod login | login() | runs aws sso login --profile <profile> |
tazpod vpn | vpnCommand() | legacy / untrusted path |
tazpod setup-storage | setupStorage() | bucket creation helper for tazlab-storage |
tazpod __internal_sync_daemon | syncDaemon() | internal background daemon |
tazpod __internal_env | printExportEnv() | internal shell helper; currently placeholder |
tazpod update | updateImage() | pull latest Docker image (docker pull) |
tazpod setup-storage | setupStorage() | create S3 bucket tazlab-storage |
tazpod --version / tazpod -v | fmt.Println(Version) | print current version from VERSION file |
Operational Paths
tazpod enter
Use this as the normal path. It already includes smart recovery logic:
- init if missing
- ensure container exists
- unlock if local vault exists
- login -> pull vault -> unlock if local vault is missing
- auto-lock on shell exit
tazpod up
Use this if you want the container and sync daemon running without immediately entering an interactive shell.
tazpod pull vault
Use this on a fresh machine or when .tazpod/vault/vault.tar.aes is missing locally.
tazpod push vault
Use this when you want an explicit S3 sync instead of waiting for the daemon cycle.
Config Fields That Affect Behavior
From .tazpod/config.yaml and cmd/tazpod/config.go:
imagecontainer_nameuseraws_sso.profileproviders.<name>.db_hostfeatures.debugghost_mode
Docker Run Flags (used by ensureContainerUp)
| Flag | Value | Purpose |
|---|---|---|
--cap-add | SYS_ADMIN | Required for mount operations |
--security-opt | apparmor=unconfined | Prevent AppArmor blocking mount |
--dns | 1.1.1.1, 1.0.0.1 | Cloudflare DNS |
-v <cwd>:/workspace | — | Mount project directory |
-v ~/.ssh:/home/tazpod/.ssh:ro | — | Share SSH keys read-only |
-e HOST_CWD=<cwd> | — | Host working directory |
Vault Commands Detail
| Command | What It Does | Failure Mode |
|---|---|---|
unlock | Decrypt vault.tar.aes → tmpfs at /home/tazpod/secrets | 3 attempts, then exit |
lock | Unmount AWS bridge + tmpfs | — |
save | Re-encrypt RAM → vault.tar.aes | Silent success even if vault not mounted (TD-022) |
pull vault | Download from S3 to .tazpod/vault/vault.tar.aes | cwd-sensitive (TD-022) |
push vault | Upload to S3 from .tazpod/vault/vault.tar.aes | cwd-sensitive (TD-022) |
Exit Codes
0: success1: error (config missing, Docker failure, vault error)1: unknown command
See Also
- Detail: Smart Entry Detail
- Detail: Vault Lifecycle Detail
- Detail: Container Lifecycle Detail
- Detail: Sync Daemon Detail
- Detail: Config Detail
- Hub: TazPod Entity