cleanup(USB PR 1): delete root usb-nixos-installer/ legacy substrate — canonical is full-ai-cluster/usb-nixos-installer/#5311
Merged
AceHack merged 1 commit intoMay 26, 2026
Conversation
…l is full-ai-cluster/usb-nixos-installer/ (USB cleanup PR 1; Aaron 2026-05-26) Aaron authorization: "lets try to cleanup what we have in a few prs and combine get rid of the old and try to push iso testing closer into the ci instead of neading human to physically test usb" + "yeah if we need a delete thats fine". What's deleted (3 files; entire root usb-nixos-installer/ directory): - usb-nixos-installer/README.md - usb-nixos-installer/flake.nix - usb-nixos-installer/nixos/installer/configuration.nix Per Kestrel's "preserve a brief written rationale for why each path existed and why it was retired" discipline (Aaron + Kestrel 2026-05-26; preserved at docs/research/2026-05-26-kestrel-runme-jit-runbook-bcl- extension-cost-of-velocity-decision-archaeology-aaron-forwarded.md via PR #5310): WHY THIS PATH EXISTED: The root-level usb-nixos-installer/ was the first installer substrate in the repo — minimal USB-bootstrap NixOS flake with no AI-cluster specifics. It predates the full-ai-cluster/ consolidation. README explicitly scopes it as "ONLY the USB bootstrap portion" with no K3S/ArgoCD/cluster workload. WHY THIS PATH IS RETIRED: The canonical AI-cluster substrate at full-ai-cluster/usb-nixos-installer/ supersedes it. The canonical version has the SAME content PLUS: - zeta-install.sh (zero-typing install helper) - zeta-first-boot.sh (first-boot service substrate per B-0754) - flake.lock (reproducible build pin) - 290-line installer configuration.nix with hardware-firmware enable (B-0754 iter-3) + SSH-key + hashed-password substrate (B-0789 iter-4) + WiFi credential injection (B-0792 iter-5) - Larger module ecosystem in full-ai-cluster/nixos/modules/ WHY THIS DELETION IS SAFE: Substrate-check before delete (per PR #5291 substrate-check-before- worry-deployment discipline + Kestrel's pre-cleanup-audit recommendation): 1. NOT referenced by any GitHub workflow - .github/workflows/build-installer-iso.yml targets infra/nixos/ hosts/installer/ (different substrate) - .github/workflows/build-ai-cluster-iso.yml targets full-ai-cluster/usb-nixos-installer/ (canonical, not root) 2. NOT referenced by tools/ci/audit-installer-substrate.ts (audits only full-ai-cluster/usb-nixos-installer/* paths) 3. 4 doc references in backlog/PR-discussion files are HISTORICAL (describe past substrate state; remain accurate after deletion): - docs/backlog/P3/B-0725 (polyglot-accelerator-hardware-shape) - docs/backlog/P1/B-0793 (role-as-capability-composition) - docs/backlog/P1/B-0789 (iter4-ssh-key-and-hashedpassword) - docs/pr-discussions/PR-5028 (b-0754-zero-typing-usb-install) None of these would be broken by deletion; they describe past state which remains true historically. NEXT STEPS IN CLEANUP SEQUENCE: - USB cleanup PR 2: decide fate of infra/nixos/hosts/installer/ + consolidate build-installer-iso.yml workflow (separate substrate; different concern) - USB cleanup PR 3: push ISO testing closer into CI via QEMU/KVM boot test (prior art: nixos/tests/installer.nix per Kestrel) DECISION ARCHAEOLOGY POINTER: Future contributors investigating "why does/did usb-nixos-installer/ exist?" can find this commit message + the research doc at docs/research/2026-05-26-kestrel-runme-jit-runbook- bcl-extension-cost-of-velocity-decision-archaeology-aaron-forwarded.md (once PR #5310 merges) which preserves Kestrel's broader cleanup- discipline observations. Composes with: PR #5310 (cost-of-velocity acknowledgment + cleanup substrate); B-0824 canonical row; refresh-world-model-poll-pr-gate (verified via fresh independent clone bypassing pack corruption per Aaron's destructive-git-on-isolated-copies authorization). Authored from fresh independent clone at /private/tmp/zeta-clone- 2026-05-26 (the shared checkout hit pack corruption mid-session; fresh clone is my own isolated copy per Aaron's authorization).
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Pull request overview
Removes the legacy root-level usb-nixos-installer/ substrate now that the canonical installer substrate lives under full-ai-cluster/usb-nixos-installer/.
Changes:
- Deletes
usb-nixos-installer/README.md(legacy USB bootstrap docs). - Deletes
usb-nixos-installer/nixos/installer/configuration.nix(legacy installer ISO config). - Deletes
usb-nixos-installer/flake.nix(legacy flake entrypoint).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| usb-nixos-installer/README.md | Deleted legacy documentation for the root-level USB installer substrate. |
| usb-nixos-installer/nixos/installer/configuration.nix | Deleted the legacy NixOS installer configuration. |
| usb-nixos-installer/flake.nix | Deleted the legacy flake definition for building the installer ISO. |
Comments suppressed due to low confidence (1)
usb-nixos-installer/README.md:1
- P1: Deleting this legacy directory makes several existing cross-references inaccurate (they describe
full-ai-cluster/usb-nixos-installer/as a copy of../usb-nixos-installer/, or listusb-nixos-installer/as an active scaffold dir). Confirmed occurrences:full-ai-cluster/README.md,full-ai-cluster/flake.nix(comment),agentic-organization/docs/AI_CLUSTER_SCAFFOLD_CONTEXT.md, andagentic-organization/docs/IMPLEMENTATION_READINESS_CHECKLIST.md. Please update those references in the same PR so current-state docs/comments don’t point at a path that no longer exists.
AceHack
deleted the
otto-cli/usb-cleanup-pr1-delete-root-usb-nixos-installer-legacy-2026-05-26
branch
AceHack
added a commit
that referenced
this pull request
May 26, 2026
…ixos/hosts/installer/ + build-installer-iso.yml + update root flake; add B-0830 follow-up (#5320) * cleanup(USB PR 2): retire legacy installer substrate — delete infra/nixos/hosts/installer/ + build-installer-iso.yml workflow + update root flake.nix; add B-0830 follow-up for release-attach (Aaron 2026-05-26) Aaron direction: "lets try to cleanup what we have in a few prs and combine get rid of the old" + "yeah if we need a delete thats fine". USB cleanup PR 2 (of 3): consolidates parallel installer substrates. After PR #5311 (deleted root usb-nixos-installer/), TWO installer substrates remained on main: 1. infra/nixos/hosts/installer/ + .github/workflows/build-installer-iso.yml — LEGACY (root flake; simpler; lacks zero-typing install machinery) 2. full-ai-cluster/usb-nixos-installer/ + build-ai-cluster-iso.yml — CANONICAL (zeta-install.sh + zeta-first-boot.sh + zflash + B-0754 iter-3 firmware + B-0789 iter-4 SSH-key/hashed-password + B-0792 iter-5 WiFi) This PR retires the legacy (#1) and keeps the canonical (#2): DELETED: - infra/nixos/hosts/installer/configuration.nix (296 lines; legacy installer config) - .github/workflows/build-installer-iso.yml (230 lines; legacy ISO build workflow) MODIFIED: - flake.nix: - Removed nixosConfigurations.installer (referenced deleted file) - Removed packages.installer-iso + packages.default (depended on nixosConfigurations.installer) - Removed isoBuildSystems variable (no longer needed; was used only for legacy installer-iso output) - Updated bootstrap-flow comments to point at full-ai-cluster/ usb-nixos-installer/ + zflash - Updated devShell shellHook to show canonical build command - Updated nixpkgs version-pin comment (canonical uses 25.11 independently) ADDED: - docs/backlog/P3/B-0830-add-iso-release-attach-to-build-ai-cluster- iso-workflow-when-zeta-starts-tagging-releases-aaron-2026-05-26.md Follow-up: legacy workflow had release-attach (`release: types: [published]` trigger + attach-to-release job). Canonical doesn't. Capability currently UNUSED (zero releases per `gh release list`). When Zeta starts tagging releases, re-implement in canonical workflow per reference pattern preserved in B-0830 body. Substrate-check pre-cleanup audit (per substrate-check-before-worry- deployment discipline + Kestrel's pre-cleanup-audit recommendation): 1. infra/nixos/hosts/installer references: - flake.nix: imports as nixosConfigurations.installer → REMOVED - .github/workflows/build-installer-iso.yml: builds via root flake → DELETED entirely - .github/workflows/build-ai-cluster-iso.yml: NO REFERENCE (targets full-ai-cluster/usb-nixos-installer/) 2. build-installer-iso.yml references: - No other workflow depends on it - No tools/ci/ script depends on it - Release-attach feature currently UNUSED (zero releases exist) 3. Non-historical references after deletion: 0 (verified via grep) Decision-archaeology pointer (Kestrel's "preserve why each path existed and why it was retired" discipline): WHY THIS PATH EXISTED: infra/nixos/hosts/installer/ was the root- flake-imported installer config — first installer substrate after the root usb-nixos-installer/ was minimized. Pre-dated the full-ai-cluster/ consolidation. WHY THIS PATH IS RETIRED: the canonical full-ai-cluster/ usb-nixos-installer/ has zero-typing install substrate (zeta-install.sh + zeta-first-boot.sh + zflash macOS Touch-ID flasher + flake.lock + hardware-firmware + SSH-key/hashed-password + WiFi credential injection). The legacy version lacks all of this. Maintaining two installer substrates was unnecessary parallel-substrate cost (per PR #5310 cost-of-velocity discussion). NEXT IN CLEANUP SEQUENCE: - USB cleanup PR 3: CI ISO testing via QEMU/KVM boot test (Kestrel's prior-art pointer: nixos/tests/installer.nix) — substantive engineering; substrate ISO build pipeline matures Composes with: PR #5310 (cost-of-velocity discipline + Kestrel sequencing recommendation: PR 1 before PR 2); PR #5311 (USB cleanup PR 1 — deleted root usb-nixos-installer/); refresh-world- model-poll-pr-gate dotgit-saturation discipline (authored from fresh independent clone per B-0828 multi-AI shared-checkout convention); methodology-hard-limits (irreversible deletion authorized by operator explicitly). Authored from fresh independent clone at /private/tmp/zeta-clone- 2026-05-26. * fix(USB PR 2): Copilot 3 findings — infra/* README + nix-darwin refs + flake.nix maintainer-name + B-0830 release-attach safeguards All 3 Copilot findings verified + addressed: 1. infra/README.md + infra/nix-darwin/README.md + infra/nix-darwin/ configuration.nix all referenced the retired root-flake installer-iso command + deleted build-installer-iso.yml workflow link. Updated all 4 references to point at: - cd full-ai-cluster/usb-nixos-installer && nix build .#installer-iso (canonical AI-cluster substrate) - build-ai-cluster-iso.yml (canonical CI workflow) - bun full-ai-cluster/tools/zflash.ts (macOS zflash recommended) With explicit "retired 2026-05-26 in USB cleanup PR 2" pointers for decision-archaeology. 2. flake.nix code-comment used direct maintainer-name attribution ("Per Aaron's...") on a current-state code surface. Per the convention (names on history/backlog/research only; role references on code surfaces), changed to "Per the human maintainer's...". 3. B-0830 acceptance criteria expanded to include security/reliability safeguards from the deleted legacy workflow that Copilot flagged: - Reject release tags starting with `-` (tag-name injection prevention; gh CLI argument-list ambiguity) - Use `--` separator for gh release upload (disambiguates positional args from flags) - Write SHA256 sidecar OUTSIDE read-only Nix store (the ISO at result/iso/ is a /nix/store symlink; sidecar must be in $RUNNER_TEMP or $GITHUB_WORKSPACE) - Plus discipline section (runner pinning, SHA-pin actions, concurrency groups, no event.* in run: lines, permissions scoped per-job) - Plus negative-test acceptance criterion (tag a `-malicious` name + verify abort) Composes with substrate-check-before-worry-deployment discipline (per PR #5291) + Kestrel's pre-cleanup-audit + preserve-rationale-in-deletion disciplines + razor-discipline (operationally verifiable findings). --------- Co-authored-by: Lior <lior@zeta.dev>
6 tasks
AceHack
added a commit
that referenced
this pull request
May 26, 2026
…scade #5 dynamic boot floor (Kestrel ferry pointer; Aaron 2026-05-26) (#5322) USB cleanup PR 3 of 3. Adds dynamic boot-time verification to the canonical AI-cluster ISO build pipeline. Catches the bug class where the ISO builds + audits pass but the kernel/initrd combination fails to actually boot (firmware mismatch; missing module; broken init; etc.). Aaron direction: "lets try to cleanup what we have in a few prs and combine get rid of the old and try to push iso testing closer into the ci instead of neading human to physically test usb but also after a few rounds i will physically test teh usb" + "you don't have to ask me direction every time you can just assume all with the simplest first". Prior art: nixos/tests/installer.nix (Kestrel 2026-05-26 ferry pointer; preserved at docs/research/2026-05-26-kestrel-runme- jit-runbook-bcl-extension-cost-of-velocity-decision-archaeology- aaron-forwarded.md via PR #5310). What lands (2 files): 1. tools/ci/qemu-boot-test.ts (new; ~150 lines) TS helper that spawns qemu-system-x86_64 with KVM acceleration (TCG fallback when KVM unavailable), captures serial console to log file, waits up to 5min for the installer's expected login prompt ("zeta-installer login:" — matches networking.hostName = "zeta-installer" in full-ai-cluster/usb-nixos-installer/nixos/ installer/configuration.nix), then kills QEMU + returns exit code. - Per Rule 0: TS-over-bash for cross-platform DST - 2GB RAM + 2 SMP cores (installer needs >= 1GB; 2GB headroom) - q35 machine type (modern PCIe; matches Beelink hardware profile better than legacy i440fx) - BIOS boot (simpler than UEFI; ISO supports both) - Exit codes: 0 success / 1 boot failure / 2 usage error 2. .github/workflows/build-ai-cluster-iso.yml extension Adds 2 new steps AFTER the existing "Audit installer ISO content" step + BEFORE "Locate ISO + capture metadata": - "Install QEMU (apt)" — apt-get install qemu-system-x86 on ubuntu-24.04 runner (~30s) - "QEMU boot smoke-test (cascade #5 — dynamic boot floor)" — invokes the TS helper against the built ISO No github.event.* interpolation in run: lines; all inputs are filesystem paths from prior steps of THIS workflow per the GitHub Actions script-injection security guide. Verification cascade now reads (post-PR-3): - Cascade #1: source-substrate audit (preflight; ~1s) - Cascade #4: ISO content audit (post-build; ~10s; verifies expected top-level files via 7z list) - Cascade #5: QEMU boot smoke-test (post-build; ~3-5min; verifies ISO actually boots to login prompt) - Locate ISO + metadata + workflow artifact upload (existing) Estimated CI time impact: +3-5min per build (QEMU boot is the slow step; KVM keeps it fast vs TCG emulation). What this is NOT (substrate-honest defer list): - NOT a full integration test (doesn't login + run commands + verify zeta-install works) — future B-NNNN follow-up - NOT a multi-arch test (x86_64 only; aarch64 ISO is a separate build path if/when needed) - NOT a hardware-specific test (UEFI variant; specific GPU configurations; etc.) — physical USB test on real Beelink fills that gap (Aaron 2026-05-26: "after a few rounds i will physically test the usb") - NOT a release-attach step (B-0830 follow-up filed in USB PR 2) This is the SIMPLEST viable boot test. Once it lands + runs across a few cycles + catches at least one real boot regression (or demonstrates none happen for N runs), Aaron's physical USB test gate fires + the test surface matures incrementally. Composes with: PR #5311 (USB cleanup PR 1); PR #5320 (USB cleanup PR 2); B-0830 (release-attach follow-up); .claude/rules/rule-0-no- sh-files (TS-over-bash discipline); .claude/rules/refresh-world- model-poll-pr-gate (authored from fresh independent clone per B-0828); substrate-check-before-worry-deployment (audit-then-act discipline applied to the new test surface). Authored from fresh independent clone at /private/tmp/zeta-clone- 2026-05-26 per Aaron's destructive-git-on-isolated-copies authorization + B-0828 multi-AI shared-checkout convention. Co-authored-by: Lior <lior@zeta.dev>
This was referenced May 26, 2026
AceHack
added a commit
that referenced
this pull request
May 26, 2026
…turn terminology distinction + split 3-PR-cleanup + follow-up-fix-PR correctly (#5329) Both Copilot findings verified + addressed: (1) multi-turn (overall conversation length) vs zero-turn (pathogen-decryption-protocol cost) are distinct scopes; clarified terminology in title + table-intro + empirical-generalization paragraph so readers don't read the table's Zero-turn entries as contradicting the multi-turn claim. (2) USB cleanup arc had 3-PR cleanup sequence (#5311 + #5320 + #5322) + follow-up fix (#5324) — split for narrative consistency. No semantic change; clarification only. Co-authored-by: Lior <lior@zeta.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
USB cleanup PR 1 of 3 per Aaron's direction: "lets try to cleanup what we have in a few prs and combine get rid of the old and try to push iso testing closer into the ci instead of neading human to physically test usb".
Aaron explicit deletion authorization: "yeah if we need a delete thats fine".
Deletes the root-level legacy installer substrate (3 files, 349 deletions). The canonical AI-cluster substrate at `full-ai-cluster/usb-nixos-installer/` has the same content PLUS the zero-typing install machinery (zeta-install.sh, zeta-first-boot.sh, flake.lock, larger module ecosystem).
Why this path existed
The root-level `usb-nixos-installer/` was the first installer substrate in the repo — minimal USB-bootstrap NixOS flake with no AI-cluster specifics. It predates the `full-ai-cluster/` consolidation. README explicitly scoped it as "ONLY the USB bootstrap portion" with no K3S/ArgoCD/cluster workload.
Why this path is retired
The canonical AI-cluster substrate at `full-ai-cluster/usb-nixos-installer/` supersedes it. The canonical version has the SAME content PLUS:
Why this deletion is safe (substrate-check pre-cleanup audit)
Per the substrate-check-before-worry-deployment discipline (PR #5291) + Kestrel's pre-cleanup-audit recommendation (PR #5310):
NOT referenced by any GitHub workflow
NOT referenced by tools/ci/audit-installer-substrate.ts (audits only `full-ai-cluster/usb-nixos-installer/*` paths)
4 doc references in backlog/PR-discussion files are HISTORICAL (describe past substrate state; remain accurate after deletion):
None of these would be broken by deletion; they describe past state which remains true historically.
Decision archaeology pointer
Future contributors investigating "why does/did `usb-nixos-installer/` exist?" can find this commit message + the research doc at `docs/research/2026-05-26-kestrel-runme-jit-runbook-bcl-extension-cost-of-velocity-decision-archaeology-aaron-forwarded.md` (once PR #5310 merges) which preserves Kestrel's broader cleanup-discipline observations.
Next in the cleanup sequence
Authored from fresh independent clone
Per Aaron's destructive-git-on-isolated-copies authorization: "you ahve destruct git authorzation you own your own isolated copies". The shared checkout at `/Users/acehack/Documents/src/repos/Zeta` hit pack corruption mid-session; PR authored from fresh independent clone at `/private/tmp/zeta-clone-2026-05-26` (per the B-0828 multi-AI-shared-checkout-convention proposal landing in PR #5310).
Composes with
Test plan