skill: flash-cluster-iso-consumer-path + flash-cluster-iso-dev-path — sibling router-keyed procedures for both ISO flash paths (Aaron 2026-05-25)#5008
Conversation
… sibling router-keyed procedures for both flash paths (Aaron 2026-05-25)
Aaron 2026-05-25: 'we can save both as skills too' — re the dev vs
consumer paths for formatting the cluster ISO USB stick.
Two router-keyed skills land:
1. flash-cluster-iso-consumer-path:
- When: operator wants minimal-toolchain dependency; OK with latest
CI-built ISO; no local Nix install needed
- Prerequisites: macOS + bun + gh + zflash + zflash-setup
- Procedure: gh run list → gh run download → zflash
- ~5 chars + ~8 chars + 1 fingerprint
2. flash-cluster-iso-dev-path:
- When: operator iterating on cluster substrate; wants WIP-tested
local-built ISO; OR validating determinism vs CI build
- Prerequisites: macOS + bun + zflash + zflash-setup + DeterminateSystems
Nix installed locally (per B-0740 Gap 1 anchor)
- Procedure: nix build .#installer-iso → shasum → copy to ~/Downloads/
→ zflash → optional cross-check SHA vs CI artifact
- Same operator effort as consumer-path at flash time; adds local
build step + optional determinism PoC step
Both skills cross-reference:
- B-0737 (zflash Mac variant — the tool both invoke)
- B-0742 (reference k8s stack as Ace PoC — the ISO IS the reference stack)
- B-0728 (destructive-tool authoring contract — flash-usb safety)
- B-0743 (desktop admin consent pattern — Touch ID gate)
- Sibling skill cross-link in both directions
Per .claude/rules/default-to-both.md: consumer AND dev paths both
first-class. Per .claude/rules/skill-router-as-substrate-inventory.md:
skills are router-keyed; future agents (Otto / Alexa / Riven / Vera /
Lior / future) find these procedures without needing to derive them
from scratch.
Together the two skills establish the empirical-anchor surface for
B-0742's 'reliable AI control + determinism' claim — consumer-path
proves CI substrate works for downstream operators; dev-path proves
local reproducibility + determinism floor.
Co-Authored-By: Claude <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ac137ccc27
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| zflash | ||
| ``` | ||
|
|
||
| (Or, if shell alias not installed: `bun full-ai-cluster/tools/zflash.ts`) |
There was a problem hiding this comment.
The fallback command here points to full-ai-cluster/tools/zflash.ts, but that file (and zflash-setup.ts referenced in prerequisites) is not present in the repository; the only committed flasher entrypoint is full-ai-cluster/tools/flash-usb.ts (see its usage docs/comments). On a fresh checkout, following this skill fails with “No such file or directory,” so the new consumer/dev flash procedures are not executable unless these commands are aligned to real tooling.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Adds two new router-keyed operator skills intended to document the two supported paths for flashing the AI-cluster installer ISO to a USB stick (CI artifact “consumer” path vs local Nix build “dev” path), so operators/agents can follow a repeatable procedure without re-deriving steps.
Changes:
- Introduces
flash-cluster-iso-consumer-pathskill documenting how to locate and download the latest successful CI-built ISO artifact. - Introduces
flash-cluster-iso-dev-pathskill documenting how to locally build.#installer-iso, hash it, and flash it (plus an optional determinism SHA comparison flow).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 11 comments.
| File | Description |
|---|---|
| .claude/skills/flash-cluster-iso-consumer-path/SKILL.md | New skill describing CI artifact download + flash procedure for the installer ISO. |
| .claude/skills/flash-cluster-iso-dev-path/SKILL.md | New skill describing local Nix build + hash + flash procedure for the installer ISO. |
| load_datetime: "2026-05-25" | ||
| last_updated: "2026-05-25" | ||
| status: active | ||
| bp_rules_cited: [BP-NN — see .claude/rules/desktop-admin-consent-via-biometric-plus-small-challenge-i-execute-you-fingerprint.md] |
| - `zflash` + `zflash-setup` substrate from B-0737 merged on origin/main | ||
| - One-time setup already done: `bun full-ai-cluster/tools/zflash-setup.ts | ||
| --install-alias` ran successfully + Touch ID PAM is installed |
| ### Step 4 — Flash via zflash | ||
|
|
||
| Plug in the USB stick. Then: | ||
|
|
||
| ```bash | ||
| zflash | ||
| ``` | ||
|
|
||
| (Or, if shell alias not installed: `bun full-ai-cluster/tools/zflash.ts`) | ||
|
|
||
| zflash auto-discovers the newest `~/Downloads/zeta-installer-*.iso` | ||
| (your just-downloaded one wins by mtime), runs all hardware sanity | ||
| rails, prints a per-run nonce, waits for `yes <4-hex>` consent token, | ||
| then unmounts + `sudo dd` triggers Touch ID PAM prompt + flashes. | ||
|
|
| - Operator is on Linux or Windows → B-0738 (Linux variant scope) or | ||
| B-0739 (Windows variant scope) — not yet shipped |
| - Move USB to the target machine + boot from it (BIOS/firmware | ||
| setting: boot from USB first) | ||
| - On boot: drops to NixOS installer shell; run `zeta-install <hostname>` | ||
| per the disko + bootstrap order in Addison's STARTING-POINT.md |
| load_datetime: "2026-05-25" | ||
| last_updated: "2026-05-25" | ||
| status: active | ||
| bp_rules_cited: [BP-NN — see .claude/rules/desktop-admin-consent-via-biometric-plus-small-challenge-i-execute-you-fingerprint.md] |
| - `zflash` + `zflash-setup` substrate from B-0737 merged on origin/main | ||
| - One-time zflash setup already done: `bun full-ai-cluster/tools/zflash-setup.ts | ||
| --install-alias` ran successfully + Touch ID PAM installed |
| - Operator does NOT have local Nix toolchain installed → install via | ||
| the DeterminateSystems installer first (see B-0740 Gap 1 anchor), | ||
| OR fall back to consumer-path | ||
| - Operator is on Linux/Windows → B-0738 / B-0739 (variant scopes; not | ||
| yet shipped) |
| ### Step 4 — Flash via zflash | ||
|
|
||
| Plug in the USB stick. Then: | ||
|
|
||
| ```bash | ||
| zflash | ||
| ``` | ||
|
|
||
| (Or, if shell alias not installed: `bun full-ai-cluster/tools/zflash.ts`) | ||
|
|
||
| zflash auto-discovers the newest `~/Downloads/zeta-installer-*.iso` | ||
| — your local-build wins by mtime over any older CI download. All | ||
| hardware sanity rails fire; per-run nonce printed; `yes <4-hex>` | ||
| consent token + Touch ID PAM prompt; flash proceeds. | ||
|
|
| - B-0737 (zflash Mac variant — the flash tool this skill invokes) | ||
| - B-0740 (Determinate Systems Nix anchor — the build-time-deps Gap 1 entry) | ||
| - B-0742 (reference k8s stack as Ace PoC — the ISO IS the reference stack; | ||
| this skill enables the local-build leg of the determinism PoC) | ||
| - B-0728 (destructive-tool authoring contract — flash-usb safety substrate) | ||
| - B-0743 (desktop admin consent pattern — Touch ID gate is the consent floor) | ||
| - `.claude/skills/flash-cluster-iso-consumer-path/SKILL.md` — sibling skill for CI-artifact path |
…ading '+ 1 fingerprint' isn't misparsed as a list item markdownlint flagged the line continuation 'Operator effort: ~5 chars + ~8 chars\n+ 1 fingerprint' because the '+' at column 0 looks like a list marker. Joining into one line + using 'plus' instead of '+' for the continuation; same semantic information. Co-Authored-By: Claude <noreply@anthropic.com>
|
Closing — under-recon on dependency PRs. The skills as-written reference zflash + B-0737/B-0738/B-0739/B-0740/B-0743 substrate that's on in-flight PRs (#5010 / #5001 / #5006 / #5011), not on main yet. Copilot's 12 findings are correctly time-local at merge time. Substrate-honest fix: re-land skills after the dependency cluster merges; skills will then accurately describe operational state. Lesson: skills are forward-looking router-keyed procedures; their cross-references must be to substrate already on main, not in-flight. Same recon-first discipline as B-0740 (closed for under-recon) + .claude/rules/honor-those-that-came-before.md. Skills will return in a fresh PR once the dependency cluster lands. |
Pull request was closed
Summary
Aaron 2026-05-25: "we can save both as skills too" — re the dev-vs-consumer paths for formatting the cluster ISO USB stick.
Two router-keyed sibling skills land:
flash-cluster-iso-consumer-pathgh run list→gh run download→zflashzflash) + ~8 chars (yes <4-hex>) + 1 fingerprintflash-cluster-iso-dev-pathnix build .#installer-iso→ shasum → copy to~/Downloads/→zflash→ optional cross-check SHA vs CI artifactCross-references both skills carry
Empirical-anchor surface for B-0742
Together the two skills establish the empirical-anchor surface for B-0742's "reliable AI control + determinism" claim:
Per
.claude/rules/default-to-both.md: consumer AND dev paths both first-class; not either-or; operator picks per scope.Per
.claude/rules/skill-router-as-substrate-inventory.md: skills are router-keyed; future agents (Otto / Alexa / Riven / Vera / Lior / future) find these procedures without needing to derive them from scratch.Test plan
.claude/skills/<name>/SKILL.mddirectory convention🤖 Generated with Claude Code