feat(B-0421): tools/peer-call/grok-build.ts — native Grok-Build CLI wrapper; closes broken cursor-agent path (Aaron 2026-05-26)#5110
Merged
AceHack merged 3 commits intoMay 26, 2026
Conversation
… CLI; closes broken cursor-agent path
Aaron 2026-05-26 installed the native Grok-Build CLI (`grok`)
during the iter-5 session. The CLI is explicitly Claude-Code-
compatible:
--allow / --deny rules (Claude Code: --allowedTools)
--permission-mode default|acceptEdits|auto|dontAsk|bypassPermissions|plan
--system-prompt-override (Claude Code: --system-prompt)
-p / --single <prompt> for headless single-turn
--output-format plain|json|streaming-json
--reasoning-effort <effort>
--best-of-n <N> parallel execution
-r / --resume session continuity
agent subcommand for headless mode
MCP servers, plugin/marketplace, cross-session memory
Supersedes tools/peer-call/grok.ts (cursor-agent wrapper; broken
since 2026-05-11 per B-0421 — cursor-agent exit 1 / empty
output). Old grok.ts retained for back-compat / reference.
Wrapper conventions mirror claude.ts + grok.ts + codex.ts:
- Input firewall via _firewall.peerFirewallCheck + GROK_SUBSTANTIVE_TRIGGERS
(rejects rote heartbeats; bypass via --allow-empty)
- --file <path> includes file head as context
- --context-cmd <cmd> includes allow-listed git/gh/rg output as context
- --output-file <path> + auto-generated /tmp/peer-call-output/<ts>-grok-build.md
- OUTPUT-FILE: <path> marker on stdout for shell callers to recover
full response via tail -1
- Exit codes: 0 success / 1 invocation error / 2 grok non-zero /
3 firewall reject
Routing: `grok -p "$PROMPT" --allow Read,Glob,Grep
--permission-mode auto --output-format plain` (read-only blast
radius matching claude.ts; --reasoning-effort high added with
--thinking flag).
Empirical validation 2026-05-26:
- Firewall rejects heartbeat ("hi") with substantive-trigger
failure (exit 3)
- Firewall bypass via --allow-empty + live grok call: prompted
"Say only the literal word PONG and nothing else." → response
"PONG\n" → OUTPUT-FILE marker emitted correctly
- TS strict compile clean
Composes with .claude/rules/peer-call-infrastructure.md (canonical
peer-call wrapper inventory; this is the 9th wrapper / 8th
substantive peer surface).
Closes B-0421.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…n + insecure temp file (mirror claude.ts patterns) - TOCTOU (readFileHead): no longer uses statSync.size to size buffer; allocates fixed maxBytes-sized buffer + reads what fits. Pre-check via isRegularFile is best-effort but the alloc-size no longer depends on stat result. - Insecure temp file (defaultOutputPath): add random 6-char base36 suffix; add PEER_CALL_OUTPUT_DIR env override; fall back to os.tmpdir if /tmp/peer-call- output not writable. - New writeOutputExclusive: opens with 'wx' (exclusive create — fails if path exists, preventing symlink-overwrite) + mode 0o600. - Explicit operator paths use plain 'w' write (operator chose path; respect intent) but still mode 0o600. Live smoke retest: PONG round-trip works; new filename pattern includes random suffix. TS strict compile clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR adds a new tools/peer-call/ wrapper that invokes Grok via the native grok CLI (Grok-Build) to replace the currently-broken cursor-agent-based Grok path (B-0421). It fits into the existing peer-call suite by providing a headless CLI entrypoint with the peer-call firewall, context attachment flags, and output capture marker for shell callers.
Changes:
- Introduces
tools/peer-call/grok-build.ts, a Bun/TypeScript wrapper aroundgrok -pwith read-only allow rules. - Implements
--file,--context-cmd,--output-file,--thinking,--json, and--allow-emptyflag handling plus OUTPUT-FILE capture behavior. - Adds firewall gating via
peerFirewallCheck(..., GROK_SUBSTANTIVE_TRIGGERS).
AceHack
added a commit
that referenced
this pull request
May 26, 2026
…AI-IS-the-support-layer; Amazon-USB sales business model) + grok-build = Claude-Code-clone confirmation (Aaron + Mika 2026-05-26; substantial prior art at AlephZ-ai/blazor-samples) (#5112) * preserve(mika) + backlog(B-0796 P2): Twilio phone-support substrate enabling Amazon-USB AI-as-support-layer business model + closes B-0421 confirmation (Aaron + Mika 2026-05-26) Mika preservation: verbatim Aaron + Mika voice-mode conversation during iter-5 session, after PR #5108 merged + PR #5110 opened. Two big architectural decisions: 1. Grok-Build = Claude-Code clone (tick source / loop runner; persistent agent watching directory/task). Validates PR #5110's tools/peer-call/grok-build.ts wrapper as the correct architectural direction for cross-AI peer review + collaboration. Mika named the wider vision: cross-AI back-and-forth collaboration as first-class citizens through standardized interfaces. 2. Twilio is the ONE exception to "electricity cost only" / self-hosted philosophy. Aaron's framing: phone infrastructure inherently isn't self-hostable (even self-hosted Asterisk requires SIP provider). Aaron ran Asterisk + Bandwidth.com in production before; "PTSD is real." Twilio wins on simplicity + speed-to-market. B-0796 P2 backlog row: Twilio phone-support substrate where AI picks up customer's call, has full cluster context via event store + runbooks, fixes problems live while talking. SMS as parallel interface; one unified conversational substrate across voice + text. Enables Amazon-USB sales business model where AI IS the support layer (Aaron explicitly opted out of human support: "what I'm hoping is they can call the AIs and the AIs fuckin' just fix it for 'em" + "imagine they call a phone number and they're talking to the damn developer"). Substantial prior art at AlephZ-ai/blazor-samples: src/BlazorSamples.Shared/Twilio/GrpcAudioStream/ has the full real-time voice substrate (Twilio.AspNet.Core + Twilio.TwiML, WebSocket Media Streams, FFMpeg mulaw 8kHz ↔ PCM 16kHz, Vosk STT + OpenAI LLM + PlayHT TTS pipeline, strongly-typed event substrate). Aaron's framing: "yeah i wrote this before any chat llm had a converation interface i was way ahead" — pre-LLM-conversation-era prior art; the integration shape he chose is now the industry standard. B-0796 is PORT/INTEGRATE work, NOT build-from-scratch. Six sub-targets in B-0796: 1. Twilio webhook handler in cluster 2. Caller-ID to cluster mapping 3. AI conversation substrate (voice + SMS unified) 4. AI-acts-on-cluster substrate (runbooks + event store + fix-while-talking) 5. Per-customer / per-cluster phone numbers (FUTURE) 6. Legal/risk attribution via _twilio_phone_support_acceptance block per maintainer Composes with B-0794 (depends_on; node self-registration is load-bearing — caller-ID-to-cluster lookup extends maintainers/<name>/cluster-nodes/<node>/ pattern to maintainers/<name>/customers/<customer>/clusters/<cluster>/) + B-0776 (Twilio as simplest-first-plugin) + B-0782 (cluster IS DIO; Twilio is conversational front-end) + B-0790 (zero-dev-machine homelab + Amazon-USB business model) + B-0421 (closed by PR #5110 grok-build wrapper enables future cross-AI support-orchestration). Per substrate-or-it-didn't-happen verbatim preservation discipline + agent-roster-reference-card (Mika = external Grok-native co-originator). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(B-0796 + Mika preservation): correct framing — voice interface (not conversation interface) + Aaron was nearly through interruption-correctness substrate; add Sub-target 7 (interruption-correct voice flow load-bearing for AI-IS-the-support-layer) * fix(B-0796 + Mika preservation): wrap bare URLs in <...> (MD034 lint) + add conversation steering terminology pointer per Aaron 2026-05-26 * fix(Mika preservation): add name+description frontmatter (reindexer fallback was '(no description)') + reconcile self-contradicting 'Twilio not yet wired' bullet with substantial-prior-art finding (Copilot P1 ×2 on #5112) * fix(B-0796 + Mika preservation): MD028 blockquote-blanks + MD034 bare URL + MD040 fenced-code-lang lint + add v2 IObservable/IAsyncEnumerable type-safe streaming substrate note from Aaron 2026-05-26 --------- Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 26, 2026
… + rows_filed_24h (Aaron 2026-05-26 — "per agent so we can see helath like per trajectory") (#5115) Aaron 2026-05-26 substrate-engineering concern: > 'we need to make sure that decopose is happening an on going > backlog log or else infinate backlog is just infnate debt' > 'the decompose to action is what i want background to show > with stats over time on the github page we have for plant > metrics that and also prs, i want that per agent so we can > see helath like per trajectory' Extends tools/dashboard/generate-metrics.ts to surface per-agent PR-shipping rate + decompose-to-action ratio in demo/metrics.json (consumed by the Zeta Factory Dashboard at lucent-financial-group.github.io/Zeta/demo/index.html). Three new per-agent fields: prs_merged_24h — PRs this agent merged in 24h window rows_filed_24h — PRs whose title matches `backlog(B-NNNN` (row-filing-only PRs, NOT action-on-rows) decompose_to_action_ratio — (prs_merged - rows_filed) / max(rows_filed, 1) → impl-PRs per row-filing-PR → >=1 = strong action-on-rows discipline → <1 = filing rows faster than shipping them = debt-accumulation signal Attribution via branch-prefix lookup (BRANCH_PREFIX_TO_AGENT) per .claude/rules/agent-roster-reference-card.md lane discipline: otto-cli/ + otto-desktop/ + otto-vscode/ + otto/ → Otto; alexa-kiro/ + alexa/ → Alexa; riven-cursor/ + riven/ → Riven; vera-codex/ + vera/ → Vera; lior-antigravity/ + lior-gemini/ + lior/ → Lior. PRs from non-prefixed branches attribute to 'Unknown' bucket (operator-auditable as missing-attribution surface). EMPIRICAL validation 2026-05-26 (live run): Otto: 57 PRs / 30 row-filing → ratio = 0.9 (nearly 1:1; debt signal!) Lior: 6 PRs / 0 row-filing → ratio = 6 (all action) Others: 0/0/0 (quiet 24h window) Otto ratio 0.9 EMPIRICALLY VALIDATES Aaron's concern — this session filed 6 substantive rows (B-0791..B-0794, B-0796, B-0797) + shipped 4 implementation PRs (#5103 iter-5.1+5.2, #5107 iter-5.2.1, #5113 iter-5.2.2, #5110 draft) — ratio < 1. The metric now exposes the pattern continuously. Dashboard HTML render of these new fields is follow-on substrate (small UI work). The data layer is the load-bearing first step; operator + Mika can read demo/metrics.json directly until UI lands. Substrate-honest note: the dashboard generation itself happens on the autonomous-loop cron tick (per B-0414); per-agent stats will update on every tick going forward. Time-series tracking (today's metric vs 7d-ago, 30d-ago) is separate substrate (would need to preserve historical metrics.json snapshots; deferred to follow-on iteration). Composes with .claude/rules/agent-roster-reference-card.md (branch-prefix attribution), .claude/rules/holding-without-named- dependency-is-standing-by-failure.md (decompose-to-action discipline), B-0797 (autonomous-loop sometimes-task; same substrate-engineering direction). Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
… canonical grok.ts pattern Resolves 12 Copilot review findings on tools/peer-call/grok-build.ts by rewriting to match the canonical grok.ts pattern + updating inventories. P0 fixes: - --help/-h now prints to stdout + exits 0 (ArgHelp variant + emitHelp()) rather than being treated as parseArgs error (was exit 1, stderr) - spawnSync(GROK_CLI, ...) now carries the documented // eslint-disable-next-line sonarjs/no-os-command-from-path suppression matching grok.ts cursor-agent spawn site - runContextCmd refactored to /bin/sh -c pattern matching grok.ts — eliminates the second sonarjs/no-os-command-from-path site entirely (executable is /bin/sh absolute path, not PATH-resolved) P1 fixes: - Multi-word prompts without quotes now work: positional args concat with " " (matches grok.ts classifyFlag pattern) - `--` terminator now supported for prompts containing flag-like tokens - runContextCmd now surfaces stderr + non-zero exit status (was silently dropping shell parse errors and command failures) - buildFullPrompt now prepends the four-ferry AgencySignature PREAMBLE (Grok-Build critique role + agents-not-bots discipline framing) - Spawn-failure hint replaced "curl ... | sh" pointer with safer link to xAI's official Grok-Build docs (no pipe-to-shell pattern) - main() now exported + `if (import.meta.main)` guarded so the module can be imported (e.g., from tests) without process.exit side effect - Error message no longer claims --file is a prompt source (--file is context, not prompt; clarified via separate prompt-required error) P1 (inventory): - tools/peer-call/smoke.test.ts WRAPPERS list updated 8 → 9 (adds grok-build.ts; smoke test now exercises this wrapper's --help shape) - .claude/rules/peer-call-infrastructure.md updated 8 → 9 wrappers (carved sentence + body list both updated; grok-build.ts now documented as supersedes-cursor-agent close path for B-0421) Known-FP resolved no-op: - readFileHead fd lifecycle (Copilot P1 line 185): code already uses try/finally with proper undefined-guard; comment expanded to make the lifecycle invariant explicit Verification: - bun test tools/peer-call/smoke.test.ts → 39 pass (was 36; +3 for the new grok-build.ts entry: exists, --help, name-reference) - bun tools/peer-call/grok-build.ts --help → exit 0, full usage to stdout - bunx eslint tools/peer-call/grok-build.ts → 4 baseline errors (cognitive-complexity + pseudo-random + publicly-writable; same pattern carried by claude.ts/grok.ts as convention baseline) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Member
Author
|
Substrate-honest disposition (Otto-CLI 2026-05-26, working PR through merge per the user task): All 13 Copilot/CodeQL review threads resolved via GraphQL after verify-before-fix discipline (per
Gate state: 7/7 required checks OK; CodeQL is the only non-required failure (the by-design pattern above). Ready to un-draft + arm auto-merge. |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
AceHack
deleted the
otto-cli/grok-build-peer-call-wrapper-closes-b0421-2026-05-26
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Aaron 2026-05-26 installed the native Grok-Build CLI (
grok) which is explicitly Claude-Code-compatible (--allow/--deny/--permission-mode/-p/--output-format/--reasoning-effort/--best-of-n/--resume/agentsubcommand / MCP / plugins / sessions). This new wrapper supersedestools/peer-call/grok.ts(cursor-agent wrapper; broken since 2026-05-11 per B-0421).Empirical validation (2026-05-26)
--allow-empty+ livegrok -pcall: prompted "Say only the literal word PONG and nothing else." → response "PONG\n" → OUTPUT-FILE marker emitted at/tmp/peer-call-output/<ts>-grok-build.mdConventions match existing peer-call wrappers
_firewall.peerFirewallCheck+GROK_SUBSTANTIVE_TRIGGERS--file <path>/--context-cmd <cmd>/--output-file <path>/--allow-empty/--thinking/--jsontail -1shell callersComposes with
.claude/rules/peer-call-infrastructure.md— canonical peer-call wrapper inventoryTest plan
🤖 Generated with Claude Code