LILYLILYDOCS
HomepageLogin
Docs/CLI/bundle

lly bundle

Inspect, verify and unpack .brick bundles.

A .brick is the portable unit of LILY: one or more WASM modules, a manifest, and any static assets the program needs at runtime. The lly bundle command group is the local toolkit for opening bricks, checking their signatures, and pulling them apart on disk.

Under the hood a brick is a zip-like container with a deterministic layout and a content-addressed hash. Two builds of the same source on the same toolchain produce byte-identical bricks, which is what makes reproducible deployment possible.

Subcommands

  • inspect — pretty-print the manifest, list modules and assets, print the sha256.
  • verify — check the embedded .sig signature against the public key bundled with lly.
  • unpack — extract a brick into a directory so you can read the modules and assets directly.

inspect

lly bundle inspect <path> reads the manifest and prints a structured summary. It does not execute any code from the brick and does not require network access. Use it as a first sanity check after a build or after downloading a brick from a registry.

bundle inspect
$ lly bundle inspect ./void.brick brick · format v1 · zip container name casino-demo version 0.4.2 target wasm32-wasi-preview1 mode single-brick hash sha256:a91f3c…e4d8 built 2026-06-04T14:21:07Z toolchain lly 0.9.1 · frontend-nextjs 0.6.0 modules (1) main.wasm 4.81 MB · 312 fn · entry _start assets (7) public/favicon.ico 1.1 KB public/og.png 48 KB static/chunk-9a2f.css 12 KB static/hydrate-7c1b.js 1.46 MB … 3 more signature present (ed25519)

Pass --json to emit the same data as structured JSON, suitable for piping into jq or CI scripts. --full expands every asset rather than truncating the list.

verify

Bricks published through the plugin pipeline or deployed via lly void deploy carry an ed25519 signature over the manifest and module hashes. lly bundle verifychecks that signature against the public key embedded in your local lly binary.

bundle verify
$ lly bundle verify ./void.brick → verifying signature against pubkey rc.lilylabs.io/keys/2026 ✓ signature valid · sha256:a91f3c…e4d8

Unsigned bricks (the default for local builds) return a non-zero exit code and a clear message. That is expected and not an error — only artifacts crossing a trust boundary need to be signed.

unpack

lly bundle unpack <path> -o <dir> extracts the brick into a directory. The manifest is written as manifest.json, modules land in modules/, and anything else goes to assets/. Use this when you want to diff two builds, hand a module to wasm-objdump, or rehydrate a brick that has been damaged in transit.

bundle unpack
$ lly bundle unpack ./void.brick -o ./void-unpacked → writing 1 module · 7 assets · manifest.json ✓ unpacked to ./void-unpacked (4.86 MB) $ tree -L 2 ./void-unpacked void-unpacked/ manifest.json modules/ main.wasm assets/ public/ static/

Exit codes

  • 0 — success.
  • 1 — malformed brick (truncated zip, missing manifest, bad magic).
  • 2 — signature invalid or missing when required.
  • 3 — IO error (path not writable, disk full).

See also

lly compile produces bricks. lly run executes them locally. lly void deploy ships them to the fleet. For the on-disk layout and reproducibility guarantees, read the brick format reference.