npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@gemmapod/pack

v0.2.1

Published

gemmapod CLI: turn a pod.toml + owner Ed25519 key into a single signed, self-mounting .html agent capsule. Same Rust/WASM core as the browser verifier.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gemmapodgemmapod

Keywords

gemmapodcliai-agented25519cborsigningpodmanifest

Readme

@gemmapod/pack (CLI)

gemmapod — turn a pod.toml manifest and an owner key into a single self-contained .html blob.

Signs through the same Rust core the browser verifies with (packages/core/pkg-node), so encoder/decoder mismatch is impossible by construction. The build step does a round-trip verify before emitting the artifact.

Commands

# New project: pod.toml, .gitignore, embed-example.html
gemmapod init --dir ./my-agent

# generate a fresh Ed25519 keypair (0600 JSON file)
gemmapod keygen --out owner.key

# validate pod.toml before building
gemmapod doctor path/to/pod.toml

# package a pod
gemmapod build path/to/pod.toml \
  --key  path/to/owner.key \
  --out  dist/my-pod.html

See also ../../docs/EMBEDDING.md for script-tag embeds and @gemmapod/browser.

Output is ~650 KB:

  • ~350 KB inlined shim IIFE
  • ~305 KB base64-inlined WASM (228 KB raw)
  • ~3 KB CBOR signed manifest
  • HTML chrome

The resulting pod speaks DARTC v0.2 over its WebRTC data channel. At runtime it sends signed dartc.hello and gemmapod.chat.request envelopes, receives signed streaming responses, and exchanges A2A-shaped Agent Cards on a2a.discovery. Packed pods boot via GemmaPod.boot() into a full GemmaPodRuntime (typed event bus, state store, chat API, A2A discovery, capability registry) and mount the default Preact widget; embedders can subscribe to runtime.events instead of the default UI. Future CLI / server / worker adapters reuse the same runtime contract — see ../../runtime.md.

pod.toml schema

name = "my-pod"                  # required; also the default id
persona = "AI business card"
model = "gemma4:e4b"

system_prompt = """
You are…
"""

[transport]
preferred = ["webrtc", "fallback"]    # informational today (see note)

[transport.webrtc]
signal_url = "https://…/signal"
pod_id = "my-pod"

[transport.fallback]
tier = "e2b"

[[tools]]
name = "share_contact"
description = "…"

Note: owner_pubkey is not written in pod.toml. The CLI fills it in from the --key file's publicKey, so the manifest can't drift from the signing identity.

[transport].preferred is currently advisory. The browser shim's selector uses a fixed order — webrtc → fallback → direct — and uses whichever transport blocks are present in the manifest. Wire-up to a real preference order is tracked under the runtime roadmap (see ../../runtime.md §13).

The signed manifest is also the authority DARTC sessions carry back to the origin daemon. The origin re-verifies it before using the signed system prompt or exposing signed tools.

Run locally

# build the shim first (one-time / on shim change)
pnpm --filter @gemmapod/shim build

# from anywhere (the bin is wired through pnpm)
pnpm --filter @gemmapod/pack exec tsx src/cli.ts keygen \
  --out /absolute/path/owner.key

pnpm --filter @gemmapod/pack exec tsx src/cli.ts build \
  /absolute/path/pod.toml \
  --key /absolute/path/owner.key \
  --out /absolute/path/out.html

(Absolute paths because pnpm --filter changes cwd to the package.)

For convenience, an example pod lives at examples/raj-card/pod.toml.

No deploy

CLI. Run wherever you build pods.