TazPod CLI Reference

This page maps the real command surface of tazpod from cmd/tazpod/main.go and the command implementations in cmd/tazpod/.

Primary Dispatch Table

CommandReal TargetNotes
tazpodsmartEntry()default no-args path
tazpod initinitProject()creates .tazpod/, .tazpod/vault/, and config
tazpod upup()ensures container is running and starts sync daemon
tazpod downdown()stops and removes container
tazpod sshenter()alias of enter
tazpod enterenter()interactive shell path
tazpod unlockunlock()decrypt vault into RAM and bridge AWS
tazpod locklock()unmount RAM enclave and AWS bind mount
tazpod savesave()re-encrypt RAM vault back to disk
tazpod pull vaultpullVault()S3 -> local encrypted vault
tazpod push vaultpushVault()local encrypted vault -> S3
tazpod syncpull() dispatchercurrently handled by the same dispatcher family as pull; operationally worth remembering
tazpod loginlogin()runs aws sso login --profile <profile>
tazpod vpnvpnCommand()legacy / untrusted path
tazpod setup-storagesetupStorage()bucket creation helper for tazlab-storage
tazpod __internal_sync_daemonsyncDaemon()internal background daemon
tazpod __internal_envprintExportEnv()internal shell helper; currently placeholder

Operational Paths

tazpod enter

Use this as the normal path. It already includes smart recovery logic:

  • init if missing
  • ensure container exists
  • unlock if local vault exists
  • login -> pull vault -> unlock if local vault is missing
  • auto-lock on shell exit

tazpod up

Use this if you want the container and sync daemon running without immediately entering an interactive shell.

tazpod pull vault

Use this on a fresh machine or when .tazpod/vault/vault.tar.aes is missing locally.

tazpod push vault

Use this when you want an explicit S3 sync instead of waiting for the daemon cycle.

Config Fields That Affect Behavior

From .tazpod/config.yaml and cmd/tazpod/config.go:

  • image
  • container_name
  • user
  • aws_sso.profile
  • providers.<name>.db_host
  • features.debug
  • ghost_mode

See Also