@rigxyz/tapd 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,542 @@
+import { Ignore } from 'ignore';
+import { GetBindingResponse, PrepareUploadRequest, PrepareUploadResponse, CompleteUploadRequest, CompleteUploadResponse, DownloadUrlResponse, SubmitChangeEvent, SubmitChangesResponse, ChangesSinceResponse, CreateInviteRequest, CreateInviteResponse, BindingInvite, ManifestSnapshotResponse, CreateBindingRequest, CreateBindingResponse, BindingDevice, CapabilityOp, Role, ChangeEvent } from '@tap/core';
+
+/**
+ * .tapignore loader.
+ *
+ * Layers:
+ *   1. Built-in defaults — common secrets, dependencies, OS noise, and
+ *      bulky generated artifacts (per design doc § "Large File Policy").
+ *      A user CAN override these via `!pattern` in their .tapignore.
+ *   2. Project .tapignore.
+ *   3. Always-excluded paths — Tap's own local metadata. These cannot be
+ *      re-enabled by `!pattern`; the relay would reject the upload anyway
+ *      (validateRigPath rejects reserved paths).
+ */
+
+declare const BUILTIN_IGNORE_LINES: ReadonlyArray<string>;
+declare function loadIgnore(rootDir: string): Ignore;
+/**
+ * Hard-exclude check that runs in addition to .tapignore. Tap's own
+ * local metadata is invisible to sync no matter what the user puts in
+ * their .tapignore — including `!pattern` overrides.
+ */
+declare function isAlwaysExcluded(posixPath: string): boolean;
+
+/**
+ * Recursive directory walker for a rig. Yields:
+ *   - `files`: candidates for upload (size + posix path relative to root)
+ *   - `emptyDirs`: paths to mkdir markers (dirs with no tracked children)
+ *   - `warnings`: paths that won't sync (oversized, symlink, invalid path)
+ *
+ * Rules enforced:
+ *   - `.tapignore` (loadIgnore)
+ *   - Tap's own reserved metadata (isAlwaysExcluded)
+ *   - MAX_FILE_BYTES (100 MB) — daemon refuses upload above this
+ *   - Symlinks (lstat-detected) — rejected; warning emitted
+ *   - validateRigPath — defends against control chars / weird segments
+ *     before the relay sees them
+ *
+ * Path strings are POSIX (forward slashes) even on Windows so they
+ * match what the relay stores and what the manifest returns.
+ */
+
+type WalkFile = {
+    path: string;
+    size: number;
+};
+type WalkWarning = {
+    path: string;
+    reason: "too_large" | "symlink" | "invalid_path" | "unreadable";
+};
+type WalkResult = {
+    files: WalkFile[];
+    emptyDirs: string[];
+    /**
+     * Every directory visited during the walk, including non-empty ones.
+     * Used by `scanAndPush` to detect "previously-tracked dir no longer
+     * on disk" cases that emptyDirs alone wouldn't catch — e.g. a
+     * directory that was empty-and-tracked, then gained files (now
+     * non-empty and on disk: should NOT be deleted) vs one that was
+     * `rm -rf`d (gone from disk: should be rmdir'd).
+     */
+    directoriesScanned: string[];
+    warnings: WalkWarning[];
+};
+declare function walk(rootDir: string, opts: {
+    ignore: Ignore;
+}): WalkResult;
+
+/**
+ * Thin fetch wrapper around the Phase 1 relay routes.
+ *
+ * Module-level `createBinding` is unauthenticated (Phase 3 will Clerk-gate
+ * it). Everything else binds to a (baseUrl, bindingId, token) triple via
+ * the `RelayClient` class, since every binding-scoped route needs the
+ * same three values on every call.
+ *
+ * `RelayError` carries the route + status + parsed body so caller logic
+ * can map specific 400s ("object_not_uploaded", "case_collision_with",
+ * etc.) to user-facing warnings instead of "something went wrong".
+ */
+
+type FetchLike$1 = typeof fetch;
+declare class RelayError extends Error {
+    readonly route: string;
+    readonly status: number;
+    readonly body: unknown;
+    constructor(route: string, status: number, body: unknown);
+}
+/**
+ * Create a new binding. User-authenticated via the X-Tap-User-Id header
+ * (Phase 3 placeholder; Clerk JWT later). The response carries the
+ * owner's first capability token, returned exactly once.
+ */
+declare function createBinding(opts: {
+    baseUrl: string;
+    request: CreateBindingRequest;
+    userId: string;
+    email?: string;
+    fetch?: FetchLike$1;
+}): Promise<CreateBindingResponse>;
+type RelayClientOptions = {
+    baseUrl: string;
+    bindingId: string;
+    token: string;
+    fetch?: FetchLike$1;
+};
+/**
+ * Binding-scoped relay client. One instance per active binding; cheap to
+ * construct, holds no resources beyond the closed-over fetch impl.
+ */
+declare class RelayClient {
+    private readonly baseUrl;
+    private readonly bindingId;
+    private readonly token;
+    private readonly fetch;
+    constructor(opts: RelayClientOptions);
+    private authHeaders;
+    private bindingPath;
+    getBinding(): Promise<GetBindingResponse>;
+    prepareUpload(body: PrepareUploadRequest): Promise<PrepareUploadResponse>;
+    completeUpload(body: CompleteUploadRequest): Promise<CompleteUploadResponse>;
+    downloadUrl(hash: string): Promise<DownloadUrlResponse>;
+    /** PUT bytes to a presigned URL. Throws on non-2xx. */
+    putObjectBytes(uploadUrl: string, bytes: Uint8Array | Buffer): Promise<void>;
+    /** GET bytes from a presigned URL. Throws on non-2xx. */
+    getObjectBytes(downloadUrl: string): Promise<Buffer>;
+    submitChanges(events: ReadonlyArray<SubmitChangeEvent>): Promise<SubmitChangesResponse>;
+    listChanges(opts?: {
+        after?: string;
+        limit?: number;
+    }): Promise<ChangesSinceResponse>;
+    /**
+     * Mint a new invite (owner-only). Returns the secret + a ready-to-share
+     * accept URL, exactly once. Caller must surface to the user immediately
+     * and rely on `listInvites()` later if they want to refer back without
+     * the secret.
+     */
+    mintInvite(body: CreateInviteRequest): Promise<CreateInviteResponse>;
+    listInvites(): Promise<{
+        invites: BindingInvite[];
+    }>;
+    revokeInvite(inviteId: string): Promise<{
+        revoked: boolean;
+        alreadyRevoked: boolean;
+    }>;
+    getManifest(opts?: {
+        after?: string;
+        limit?: number;
+    }): Promise<ManifestSnapshotResponse>;
+}
+
+/**
+ * Local sync metadata — one SQLite file per binding, at
+ * `<rig>/.rig/tap/state.local.db`. Machine-local; never synced.
+ *
+ * Tracks:
+ *   - per-path: last_applied_change_id, last_seen_hash, local_dirty,
+ *     last_scan_at
+ *   - cursor: the change_event id we've consumed up to (so a daemon
+ *     restart resumes from the right place)
+ *
+ * Schema is small and applied inline on open — no migrations file.
+ */
+type LocalPathState = {
+    path: string;
+    lastAppliedChangeId: string | null;
+    lastSeenHash: string | null;
+    localDirty: boolean;
+    lastScanAt: string | null;
+};
+type StateDb = {
+    /** Cursor we've applied up to, or "chg_0" if nothing yet. */
+    getCursor(): string;
+    setCursor(cursor: string): void;
+    upsertPath(state: LocalPathState): void;
+    getPath(path: string): LocalPathState | null;
+    deletePath(path: string): void;
+    /** Enumerate every tracked path. Cheap — state DBs are small. */
+    listPaths(): string[];
+    setMeta(key: string, value: string): void;
+    getMeta(key: string): string | null;
+    close(): void;
+};
+declare function openStateDb(dbPath: string): StateDb;
+
+/**
+ * .rig/tap-binding.local.json — machine-local per-binding pointer.
+ *
+ * Holds the bindingId, the device's capability token, and where to find
+ * the relay. NEVER synced (validated by isAlwaysExcluded in tapignore.ts;
+ * the relay also rejects the path via validateRigPath).
+ *
+ * Tokens live here in plaintext for now. A future revision can move
+ * them to the OS keychain; the file structure is designed to make that
+ * swap localized.
+ */
+declare const BINDING_CONFIG_PATH = ".rig/tap-binding.local.json";
+type BindingConfig = {
+    bindingId: string;
+    relayUrl: string;
+    deviceId: string;
+    /** Capability-token secret. Returned once by the relay, never re-derivable. */
+    token: string;
+};
+declare function bindingConfigFile(rootDir: string): string;
+declare function readBindingConfig(rootDir: string): BindingConfig | null;
+declare function writeBindingConfig(rootDir: string, config: BindingConfig): void;
+/**
+ * Thrown when an operation requires a bound workspace but
+ * `.rig/tap-binding.local.json` is missing. All three callers (`invite`,
+ * `status`, `uninit`) raise the same class so bin.ts maps it to a
+ * single `not_initialized` JSON error code for rig.
+ */
+declare class NotInitializedError extends Error {
+    readonly rootDir: string;
+    constructor(rootDir: string);
+}
+
+/**
+ * Streaming sha256 of a file path, returned in the relay's wire format
+ * ("sha256:" + 64 hex). Used by walker → uploader and by watcher → uploader.
+ */
+declare function hashFile(absPath: string): Promise<string>;
+
+/**
+ * `tapd init` — bootstrap a fresh binding from the current working
+ * directory.
+ *
+ * Steps (mapped to design doc § "Init Flow"):
+ *   1. Refuse if .rig/tap-binding.local.json already exists.
+ *   2. Walk the rig, applying .tapignore + reserved-path rules.
+ *   3. Hash every tracked file (de-duplicated by hash so identical
+ *      content uploads once).
+ *   4. For each unique hash: prepare-upload → PUT bytes → complete-upload.
+ *   5. Submit one batched POST /changes with one event per file +
+ *      one mkdir per empty-dir marker.
+ *   6. Write .rig/tap-binding.local.json (mode 0600).
+ *   7. Populate .rig/tap/state.local.db with last_applied_change_id
+ *      per path, and the resulting cursor.
+ *
+ * Returns a summary with the binding, the owner token (so the caller
+ * CLI can print it once), upload + change counts, and any walker
+ * warnings (oversized files / symlinks / invalid paths). Caller is
+ * responsible for surfacing the warnings to the user.
+ */
+
+type InitOptions = {
+    rootDir: string;
+    relayUrl: string;
+    ownerUserId: string;
+    bindingName: string;
+    deviceLabel?: string;
+    /** Test seam: override fetch (used to drive the in-process relay). */
+    fetch?: typeof fetch;
+};
+type InitResult = {
+    binding: CreateBindingResponse["binding"];
+    device: CreateBindingResponse["device"];
+    /** Owner secret. Returned exactly once. The caller should display it. */
+    ownerSecret: string;
+    uploadedHashes: number;
+    reusedHashes: number;
+    submittedEvents: number;
+    warnings: WalkResult["warnings"];
+    /** Cursor written to state.local.db after the initial submit. */
+    cursor: string;
+};
+declare class AlreadyInitializedError extends Error {
+    readonly path: string;
+    constructor(path: string);
+}
+declare function init(opts: InitOptions): Promise<InitResult>;
+
+/**
+ * `tapd join` — accept an invite URL and set up a fresh local binding.
+ *
+ * Unlike `tapd init`, join does NOT touch the rig contents:
+ *   1. Refuse if .rig/tap-binding.local.json already exists.
+ *   2. Parse the invite URL → (baseUrl, secret).
+ *   3. POST /v1/invites/:secret/accept with the user's identity header,
+ *      receive {bindingId, device, token}.
+ *   4. Write .rig/tap-binding.local.json (mode 0600) IMMEDIATELY — same
+ *      "secret-returned-once survives downstream failure" discipline as
+ *      `tapd init`.
+ *   5. Open .rig/tap/state.local.db with cursor `chg_0`.
+ *
+ * After join, `tapd start` will:
+ *   - applyOnce: pull the remote manifest + change log
+ *   - scanAndPush: push any pre-existing local divergence
+ *
+ * That covers both the bootstrap-from-empty-dir case and the
+ * "user already has some files locally" merge case.
+ */
+
+type JoinOptions = {
+    rootDir: string;
+    inviteUrl: string;
+    userId: string;
+    email?: string;
+    deviceLabel?: string;
+    /** Test seam: override fetch. */
+    fetch?: typeof fetch;
+};
+type JoinResult = {
+    bindingId: string;
+    device: BindingDevice;
+    /** Capability secret. Returned exactly once. */
+    tokenSecret: string;
+    /** Whether the invite granted a member role (vs pure-capability). */
+    becameMember: boolean;
+};
+declare class AlreadyJoinedError extends Error {
+    readonly path: string;
+    constructor(path: string);
+}
+declare class InvalidInviteUrlError extends Error {
+    readonly url: string;
+    constructor(url: string);
+}
+/**
+ * Parse `https://relay.example/v1/invites/<secret>/accept` into
+ * (baseUrl, secret). Trailing slash + missing /accept both accepted.
+ */
+declare function parseInviteUrl(url: string): {
+    baseUrl: string;
+    secret: string;
+};
+declare function join(opts: JoinOptions): Promise<JoinResult>;
+
+/**
+ * `tapd invite` — owner-side helpers for the invite lifecycle.
+ *
+ * Reads .rig/tap-binding.local.json for the relay URL + token, builds
+ * a RelayClient, and calls the matching endpoint. Designed to be a
+ * thin wrapper that the CLI dispatcher (bin.ts) can call without
+ * thinking about plumbing.
+ */
+
+type MintInviteOptions = {
+    rootDir: string;
+    ops: ReadonlyArray<CapabilityOp>;
+    role?: Role | null;
+    pathGlobs?: ReadonlyArray<string>;
+    ttlSeconds?: number;
+    maxUses?: number;
+    emailConstraint?: string;
+    label?: string;
+    fetch?: typeof fetch;
+};
+declare function mint(opts: MintInviteOptions): Promise<CreateInviteResponse>;
+declare function list(opts: {
+    rootDir: string;
+    fetch?: typeof fetch;
+}): Promise<BindingInvite[]>;
+declare function revoke(opts: {
+    rootDir: string;
+    inviteId: string;
+    fetch?: typeof fetch;
+}): Promise<{
+    revoked: boolean;
+    alreadyRevoked: boolean;
+}>;
+
+/**
+ * Apply remote change events to the local filesystem.
+ *
+ * Phase 2 keeps this simple: last-write-wins, no conflict materialization
+ * (Phase 4 adds it). Echo suppression is handled via the state DB:
+ * if the remote event's hash matches our last_seen_hash for the path,
+ * we know it's our own write coming back through the poll loop and skip
+ * the download.
+ *
+ * Materialization is atomic: download to `<file>.tap-tmp.<rand>` then
+ * `rename` into place. Atomic on POSIX; on Windows, `fs.rename` falls
+ * back to MoveFileEx-style replace.
+ */
+
+/** State-DB meta key — running count of conflicts surfaced by `tapd status`. */
+declare const STATE_KEY_CONFLICT_COUNT = "conflict_count";
+/**
+ * Sidecar path for a conflict materialization. Original extension is
+ * preserved at the end so editor highlighting still works.
+ *
+ *   decisions/pricing.md  →  decisions/pricing.conflict-from.dev_xyz.chg_456.md
+ *
+ * Device label resolution lands when GET /v1/bindings/:id/devices does
+ * (Phase 5); until then we use the raw deviceId, which is at least an
+ * audit-stable reference.
+ */
+declare function conflictSidecarPath(path: string, ev: {
+    id: string;
+    actorDeviceId: string | null;
+}): string;
+type ApplyEventError = {
+    eventId: string;
+    path: string;
+    op: string;
+    reason: string;
+};
+type ApplyResult = {
+    applied: number;
+    echoSkipped: number;
+    errored: number;
+    events: ReadonlyArray<ChangeEvent>;
+    errors: ReadonlyArray<ApplyEventError>;
+};
+/**
+ * One iteration of the apply loop: poll `GET /changes?after=<cursor>`,
+ * materialize each event, update the cursor.
+ *
+ * Per-event errors (hash mismatch, file/directory collision, disk full,
+ * etc.) are caught, logged, and recorded to the state DB — the cursor
+ * still advances past the failed event so the daemon doesn't loop
+ * forever on the same broken row. Phase 4 conflict materialization
+ * will replace the "skip + log" behavior for the file/dir collision
+ * case; for now it's the safe default.
+ */
+declare function applyOnce(opts: {
+    rootDir: string;
+    client: RelayClient;
+    stateDb: StateDb;
+    limit?: number;
+}): Promise<ApplyResult>;
+
+/**
+ * Local → remote sync direction: compute the diff between the file
+ * system and the state DB, upload any new bytes, submit one batched
+ * `POST /changes`.
+ *
+ * Phase 2 calls this on startup (initial reconcile) and on each
+ * watcher event (debounced).
+ */
+
+type ScanAndPushResult = {
+    /** Bytes uploaded this cycle. */
+    uploaded: number;
+    /** Hashes that were already on the relay (no PUT needed). */
+    reused: number;
+    /** Change events submitted (writes + deletes + mkdir + rmdir). */
+    submitted: ReadonlyArray<ChangeEvent>;
+    /** Warnings from the walker (symlinks / oversize / invalid) +
+     * mid-scan mutations detected before upload. */
+    warnings: ReadonlyArray<{
+        path: string;
+        reason: string;
+    }>;
+};
+declare function scanAndPush(opts: {
+    rootDir: string;
+    client: RelayClient;
+    stateDb: StateDb;
+    ignore: Ignore;
+}): Promise<ScanAndPushResult>;
+
+/**
+ * SSE consumer for the relay's /stream endpoint.
+ *
+ * Phase 4c — push delivery so applyOnce fires within milliseconds of a
+ * remote change instead of waiting on the poll interval. The poll loop
+ * remains the source of truth and keeps running underneath as a
+ * fallback (slower cadence is fine when SSE is healthy).
+ *
+ * Reconnect semantics:
+ *   - Server-side disconnect (stream end) or client-side fetch error
+ *     → backoff 1s, 2s, 4s, 8s, 16s, capped at 30s; reset on success.
+ *   - Heartbeat watchdog: if no event/heartbeat lands within
+ *     `heartbeatTimeoutMs` (default 45s), abort + reconnect.
+ *   - `stop()` aborts the in-flight fetch + cancels pending reconnects.
+ *
+ * The subscriber NEVER advances the cursor — it just nudges applyOnce.
+ * Cursor management stays in the apply loop, which reads /changes as
+ * the durable source of truth.
+ */
+
+type FetchLike = typeof fetch;
+type SseSubscriberOptions = {
+    baseUrl: string;
+    bindingId: string;
+    token: string;
+    onChange: (change: ChangeEvent) => void | Promise<void>;
+    onSubscribed?: (info: {
+        bindingId: string;
+        pathGlobs: string[];
+    }) => void;
+    onError?: (err: Error) => void;
+    fetch?: FetchLike;
+    /** Watchdog window. Default 45s — matches a server heartbeat of 15s × 3. */
+    heartbeatTimeoutMs?: number;
+    /** Backoff for the Nth reconnect attempt (0-indexed). */
+    reconnectDelayMs?: (attempt: number) => number;
+};
+type SseSubscriber = {
+    stop(): Promise<void>;
+};
+declare function subscribe(opts: SseSubscriberOptions): SseSubscriber;
+
+/**
+ * `tapd start` — the daemon main loop.
+ *
+ * Three concurrent jobs (Phase 4):
+ *   - SSE subscriber: opens /v1/bindings/:id/stream and triggers
+ *     applyOnce on every push. Fast path — latency is network +
+ *     download time, not pollSeconds.
+ *   - poll loop: every `pollSeconds`, runs applyOnce as a fallback
+ *     for SSE outages (and for multi-relay deployments where the SSE
+ *     bus is single-process; see relay's event-bus.ts).
+ *   - watcher: chokidar emits add / change / unlink / addDir / unlinkDir.
+ *     Debounced rescan calls `scanAndPush` so file diffs flow upstream.
+ *
+ * All three share the state DB and the same RelayClient. Echo
+ * suppression in `applyEvent` prevents a self-write from being applied
+ * back over the same bytes.
+ */
+
+type StartOptions = {
+    rootDir: string;
+    pollSeconds?: number;
+    /** Quiescence window before the watcher triggers a rescan. */
+    debounceMs?: number;
+    /** Test seam — override fetch (passed to RelayClient + SSE subscriber). */
+    fetch?: typeof fetch;
+    /** Test seam — disable the chokidar watcher (poll loop only). */
+    noWatch?: boolean;
+    /** Test seam — disable SSE (poll-only mode). */
+    noSse?: boolean;
+    /** SSE watchdog window in ms. Default 45s. */
+    sseHeartbeatTimeoutMs?: number;
+};
+type DaemonHandle = {
+    /** Cleanly shut down the watcher + poll loop + close the state DB. */
+    stop(): Promise<void>;
+    /** Force one apply cycle now. Useful for tests + `tapd status`. */
+    applyNow(): Promise<ApplyResult>;
+    /** Force one upstream scan+push now. Useful for tests + `tapd status`. */
+    scanNow(): Promise<ScanAndPushResult>;
+    /** Underlying state DB. Caller MUST NOT close it — stop() does that. */
+    stateDb: StateDb;
+};
+declare function start(opts: StartOptions): Promise<DaemonHandle>;
+
+export { AlreadyInitializedError, AlreadyJoinedError, type ApplyResult, BINDING_CONFIG_PATH, BUILTIN_IGNORE_LINES, type BindingConfig, type DaemonHandle, type InitOptions, type InitResult, InvalidInviteUrlError, type JoinOptions, type JoinResult, type LocalPathState, type MintInviteOptions, NotInitializedError, RelayClient, type RelayClientOptions, RelayError, STATE_KEY_CONFLICT_COUNT, type ScanAndPushResult, type SseSubscriber, type SseSubscriberOptions, type StartOptions, type StateDb, type WalkFile, type WalkResult, type WalkWarning, applyOnce, bindingConfigFile, conflictSidecarPath, createBinding, hashFile, init, isAlwaysExcluded, join, list as listInvites, loadIgnore, mint as mintInvite, openStateDb, parseInviteUrl, readBindingConfig, revoke as revokeInvite, scanAndPush, subscribe as sseSubscribe, start, walk, writeBindingConfig };

package/dist/index.js

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+import {
+  AlreadyInitializedError,
+  AlreadyJoinedError,
+  BINDING_CONFIG_PATH,
+  BUILTIN_IGNORE_LINES,
+  InvalidInviteUrlError,
+  NotInitializedError,
+  RelayClient,
+  RelayError,
+  STATE_KEY_CONFLICT_COUNT,
+  applyOnce,
+  bindingConfigFile,
+  conflictSidecarPath,
+  createBinding,
+  hashFile,
+  init,
+  isAlwaysExcluded,
+  join,
+  list,
+  loadIgnore,
+  mint,
+  openStateDb,
+  parseInviteUrl,
+  readBindingConfig,
+  revoke,
+  scanAndPush,
+  start,
+  subscribe,
+  walk,
+  writeBindingConfig
+} from "./chunk-RQC73B5Y.js";
+export {
+  AlreadyInitializedError,
+  AlreadyJoinedError,
+  BINDING_CONFIG_PATH,
+  BUILTIN_IGNORE_LINES,
+  InvalidInviteUrlError,
+  NotInitializedError,
+  RelayClient,
+  RelayError,
+  STATE_KEY_CONFLICT_COUNT,
+  applyOnce,
+  bindingConfigFile,
+  conflictSidecarPath,
+  createBinding,
+  hashFile,
+  init,
+  isAlwaysExcluded,
+  join,
+  list as listInvites,
+  loadIgnore,
+  mint as mintInvite,
+  openStateDb,
+  parseInviteUrl,
+  readBindingConfig,
+  revoke as revokeInvite,
+  scanAndPush,
+  subscribe as sseSubscribe,
+  start,
+  walk,
+  writeBindingConfig
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@rigxyz/tapd",
+  "version": "0.1.0",
+  "description": "Local daemon for the hosted Tap relay — watches files, hashes content, uploads/downloads objects, applies remote changes. Pairs with @rigxyz/cli for shared-rig sync.",
+  "license": "MIT",
+  "author": "Dylan Bourgeois <dtsbourg@gmail.com>",
+  "homepage": "https://github.com/dtsbourg/tap#readme",
+  "bugs": "https://github.com/dtsbourg/tap/issues",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dtsbourg/tap.git",
+    "directory": "packages/tapd"
+  },
+  "keywords": ["tap", "tapd", "rig", "sync", "daemon"],
+  "type": "module",
+  "bin": {
+    "tapd": "./dist/bin.js"
+  },
+  "files": ["dist", "README.md"],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "dependencies": {
+    "better-sqlite3": "^11.5.0",
+    "chokidar": "^4.0.1",
+    "ignore": "^5.3.0",
+    "kleur": "^4.1.5"
+  },
+  "devDependencies": {
+    "@tap/core": "workspace:*",
+    "@tap/relay": "workspace:*",
+    "@types/better-sqlite3": "^7.6.12",
+    "@types/pg": "^8.20.0",
+    "pg": "^8.21.0",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.2",
+    "vitest": "^2.1.9"
+  }
+}