From 76c09a01a7e6ccf1673ce6a447e1aa58ed2f49cf Mon Sep 17 00:00:00 2001
From: Lior <lior@zeta.dev>
Date: Tue, 26 May 2026 17:12:11 -0400
Subject: [PATCH] =?UTF-8?q?feat(USB=20PR=203):=20QEMU=20boot=20smoke-test?=
 =?UTF-8?q?=20for=20canonical=20installer=20ISO=20=E2=80=94=20cascade=20#5?=
 =?UTF-8?q?=20dynamic=20boot=20floor=20(Kestrel=20ferry=20pointer;=20Aaron?=
 =?UTF-8?q?=202026-05-26)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

USB cleanup PR 3 of 3. Adds dynamic boot-time verification to the
canonical AI-cluster ISO build pipeline. Catches the bug class
where the ISO builds + audits pass but the kernel/initrd
combination fails to actually boot (firmware mismatch; missing
module; broken init; etc.).

Aaron direction: "lets try to cleanup what we have in a few prs
and combine get rid of the old and try to push iso testing closer
into the ci instead of neading human to physically test usb but
also after a few rounds i will physically test teh usb" +
"you don't have to ask me direction every time you can just
assume all with the simplest first".

Prior art: nixos/tests/installer.nix (Kestrel 2026-05-26 ferry
pointer; preserved at docs/research/2026-05-26-kestrel-runme-
jit-runbook-bcl-extension-cost-of-velocity-decision-archaeology-
aaron-forwarded.md via PR #5310).

What lands (2 files):

1. tools/ci/qemu-boot-test.ts (new; ~150 lines)
   TS helper that spawns qemu-system-x86_64 with KVM acceleration
   (TCG fallback when KVM unavailable), captures serial console to
   log file, waits up to 5min for the installer's expected login
   prompt ("zeta-installer login:" — matches networking.hostName
   = "zeta-installer" in full-ai-cluster/usb-nixos-installer/nixos/
   installer/configuration.nix), then kills QEMU + returns exit
   code.
   - Per Rule 0: TS-over-bash for cross-platform DST
   - 2GB RAM + 2 SMP cores (installer needs >= 1GB; 2GB headroom)
   - q35 machine type (modern PCIe; matches Beelink hardware
     profile better than legacy i440fx)
   - BIOS boot (simpler than UEFI; ISO supports both)
   - Exit codes: 0 success / 1 boot failure / 2 usage error

2. .github/workflows/build-ai-cluster-iso.yml extension
   Adds 2 new steps AFTER the existing "Audit installer ISO
   content" step + BEFORE "Locate ISO + capture metadata":
   - "Install QEMU (apt)" — apt-get install qemu-system-x86 on
     ubuntu-24.04 runner (~30s)
   - "QEMU boot smoke-test (cascade #5 — dynamic boot floor)" —
     invokes the TS helper against the built ISO
   No github.event.* interpolation in run: lines; all inputs are
   filesystem paths from prior steps of THIS workflow per the
   GitHub Actions script-injection security guide.

Verification cascade now reads (post-PR-3):
- Cascade #1: source-substrate audit (preflight; ~1s)
- Cascade #4: ISO content audit (post-build; ~10s; verifies expected
  top-level files via 7z list)
- Cascade #5: QEMU boot smoke-test (post-build; ~3-5min; verifies
  ISO actually boots to login prompt)
- Locate ISO + metadata + workflow artifact upload (existing)

Estimated CI time impact: +3-5min per build (QEMU boot is the slow
step; KVM keeps it fast vs TCG emulation).

What this is NOT (substrate-honest defer list):
- NOT a full integration test (doesn't login + run commands +
  verify zeta-install works) — future B-NNNN follow-up
- NOT a multi-arch test (x86_64 only; aarch64 ISO is a separate
  build path if/when needed)
- NOT a hardware-specific test (UEFI variant; specific GPU
  configurations; etc.) — physical USB test on real Beelink fills
  that gap (Aaron 2026-05-26: "after a few rounds i will physically
  test the usb")
- NOT a release-attach step (B-0830 follow-up filed in USB PR 2)

This is the SIMPLEST viable boot test. Once it lands + runs across
a few cycles + catches at least one real boot regression (or
demonstrates none happen for N runs), Aaron's physical USB test
gate fires + the test surface matures incrementally.

Composes with: PR #5311 (USB cleanup PR 1); PR #5320 (USB cleanup
PR 2); B-0830 (release-attach follow-up); .claude/rules/rule-0-no-
sh-files (TS-over-bash discipline); .claude/rules/refresh-world-
model-poll-pr-gate (authored from fresh independent clone per
B-0828); substrate-check-before-worry-deployment (audit-then-act
discipline applied to the new test surface).

Authored from fresh independent clone at /private/tmp/zeta-clone-
2026-05-26 per Aaron's destructive-git-on-isolated-copies
authorization + B-0828 multi-AI shared-checkout convention.
---
 .github/workflows/build-ai-cluster-iso.yml |  35 ++++
 tools/ci/qemu-boot-test.ts                 | 185 +++++++++++++++++++++
 2 files changed, 220 insertions(+)
 create mode 100644 tools/ci/qemu-boot-test.ts

diff --git a/.github/workflows/build-ai-cluster-iso.yml b/.github/workflows/build-ai-cluster-iso.yml
index 9018fdbae3..7c2642883f 100644
--- a/.github/workflows/build-ai-cluster-iso.yml
+++ b/.github/workflows/build-ai-cluster-iso.yml
@@ -156,6 +156,41 @@ jobs:
           # workflow run hangs).
           bun tools/ci/audit-installer-iso-content.ts --iso "$iso_abs"
 
+      # QEMU boot smoke-test (USB cleanup PR 3 — 2026-05-26):
+      # Boots the built ISO in QEMU/KVM with serial console capture +
+      # asserts the installer's expected login prompt appears within
+      # 5min. Catches the bug class where the ISO builds + audits pass
+      # but the kernel/initrd combination fails to actually boot
+      # (firmware mismatch; missing module; broken init; etc.). The
+      # source-substrate audit (cascade #1) + ISO-content audit
+      # (cascade #4) catch static issues; this catches dynamic
+      # boot-time issues. Prior art: nixos/tests/installer.nix
+      # (per Kestrel 2026-05-26 ferry pointer).
+      #
+      # ubuntu-24.04 runners support nested KVM (/dev/kvm); helper
+      # falls back to TCG emulation when KVM unavailable.
+      #
+      # Security: this step uses no `github.event.*` interpolation in
+      # `run:` lines; all inputs are filesystem paths from prior steps
+      # of THIS workflow. The TS helper at tools/ci/qemu-boot-test.ts
+      # takes the ISO path as a positional CLI arg (no shell expansion
+      # of attacker-controllable strings).
+      - name: Install QEMU (apt)
+        run: sudo apt-get update -y && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends qemu-system-x86
+
+      - name: QEMU boot smoke-test (cascade #5 — dynamic boot floor)
+        working-directory: full-ai-cluster
+        run: |
+          set -euo pipefail
+          mapfile -t iso_candidates < <(find result/iso -maxdepth 1 -type f \( -name 'zeta-installer-*.iso' -o -name 'nixos-minimal-*.iso' \) | sort)
+          if [ "${#iso_candidates[@]}" -eq 0 ]; then
+            echo "::error::QEMU boot test: No installer ISO under result/iso/" >&2
+            exit 1
+          fi
+          iso_abs=$(readlink -f "${iso_candidates[0]}")
+          echo "Booting ISO: $iso_abs"
+          bun ../tools/ci/qemu-boot-test.ts "$iso_abs"
+
       - name: Locate ISO + capture metadata
         id: iso
         working-directory: full-ai-cluster
diff --git a/tools/ci/qemu-boot-test.ts b/tools/ci/qemu-boot-test.ts
new file mode 100644
index 0000000000..b847287bc4
--- /dev/null
+++ b/tools/ci/qemu-boot-test.ts
@@ -0,0 +1,185 @@
+#!/usr/bin/env bun
+/**
+ * tools/ci/qemu-boot-test.ts
+ *
+ * QEMU boot smoke-test for the canonical Zeta installer ISO.
+ *
+ * Boots the ISO in QEMU/KVM with serial console output captured to a
+ * log file, waits up to TIMEOUT_SECONDS for the expected login prompt
+ * matching the installer's networking.hostName (`zeta-installer`), then
+ * shuts down cleanly.
+ *
+ * Per Rule 0 (TS-over-bash for DST + cross-platform) + Kestrel's
+ * 2026-05-26 ferry pointer to nixos/tests/installer.nix prior art.
+ * Composes with full-ai-cluster/usb-nixos-installer/ canonical
+ * installer + the build-ai-cluster-iso.yml workflow's post-build audit
+ * stack.
+ *
+ * Usage:
+ *   bun tools/ci/qemu-boot-test.ts <iso-path>
+ *
+ * Exit codes:
+ *   0 — boot succeeded (login prompt observed within timeout)
+ *   1 — boot failed (timeout or QEMU error)
+ *   2 — usage error (bad args or missing dependencies)
+ *
+ * GitHub Actions context: ubuntu-24.04 runners have /dev/kvm available
+ * for nested KVM acceleration. Install qemu-system-x86 + ovmf before
+ * invocation. Tested boot time ~60-180s on cold-boot KVM.
+ */
+
+import { spawn } from "node:child_process";
+import { existsSync, mkdtempSync, readFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+const EXPECTED_HOSTNAME = "zeta-installer";
+const EXPECTED_LOGIN_PROMPT = `${EXPECTED_HOSTNAME} login:`;
+const TIMEOUT_SECONDS = 300; // 5 min — generous; typical boot is 60-180s
+const POLL_INTERVAL_MS = 1000;
+const MEMORY_MB = 2048; // installer needs >= 1GB; 2GB gives headroom for nix
+const KVM_PATH = "/dev/kvm";
+
+interface BootResult {
+  exitCode: 0 | 1 | 2;
+  reason: string;
+  serialLogTail?: string;
+}
+
+function usage(): never {
+  console.error("usage: bun tools/ci/qemu-boot-test.ts <iso-path>");
+  process.exit(2);
+}
+
+function checkDependencies(): string | null {
+  // qemu-system-x86_64 must be installed (apt-get install qemu-system-x86)
+  try {
+    const result = Bun.spawnSync(["qemu-system-x86_64", "--version"]);
+    if (result.exitCode !== 0) {
+      return "qemu-system-x86_64 not found or non-zero exit; install via `apt-get install -y qemu-system-x86`";
+    }
+  } catch {
+    return "qemu-system-x86_64 not found in PATH; install via `apt-get install -y qemu-system-x86`";
+  }
+  return null;
+}
+
+function buildQemuArgs(isoPath: string, serialLogPath: string): string[] {
+  const args: string[] = [
+    "-machine", "q35",
+    "-m", String(MEMORY_MB),
+    "-smp", "2",
+    "-cdrom", isoPath,
+    "-boot", "d",
+    "-serial", `file:${serialLogPath}`,
+    "-display", "none",
+    "-no-reboot",
+    // BIOS instead of UEFI — simpler boot path; ISO supports both but
+    // BIOS requires no extra firmware package.
+  ];
+
+  // KVM acceleration when /dev/kvm is available (GitHub Actions
+  // ubuntu-24.04 supports nested KVM). Falls back to TCG (slow but
+  // works) when KVM unavailable (e.g., macOS local testing).
+  if (existsSync(KVM_PATH)) {
+    args.push("-enable-kvm", "-cpu", "host");
+  } else {
+    args.push("-cpu", "qemu64");
+    console.warn(`[qemu-boot-test] ${KVM_PATH} not available; using TCG emulation (will be slow)`);
+  }
+
+  return args;
+}
+
+async function waitForLoginPrompt(serialLogPath: string): Promise<BootResult> {
+  const deadline = Date.now() + TIMEOUT_SECONDS * 1000;
+
+  while (Date.now() < deadline) {
+    if (existsSync(serialLogPath)) {
+      try {
+        const content = readFileSync(serialLogPath, "utf8");
+        if (content.includes(EXPECTED_LOGIN_PROMPT)) {
+          const tail = content.slice(-500);
+          return {
+            exitCode: 0,
+            reason: `Login prompt observed: "${EXPECTED_LOGIN_PROMPT}"`,
+            serialLogTail: tail,
+          };
+        }
+      } catch {
+        // Log file in transit; retry on next poll
+      }
+    }
+    await Bun.sleep(POLL_INTERVAL_MS);
+  }
+
+  const tail = existsSync(serialLogPath)
+    ? readFileSync(serialLogPath, "utf8").slice(-2000)
+    : "(serial log empty or never created)";
+  return {
+    exitCode: 1,
+    reason: `Timeout (${TIMEOUT_SECONDS}s) waiting for "${EXPECTED_LOGIN_PROMPT}"`,
+    serialLogTail: tail,
+  };
+}
+
+async function main(): Promise<never> {
+  const [isoPath] = process.argv.slice(2);
+  if (!isoPath) usage();
+
+  if (!existsSync(isoPath)) {
+    console.error(`[qemu-boot-test] ISO not found: ${isoPath}`);
+    process.exit(2);
+  }
+
+  const depErr = checkDependencies();
+  if (depErr) {
+    console.error(`[qemu-boot-test] ${depErr}`);
+    process.exit(2);
+  }
+
+  const tmpDir = mkdtempSync(join(tmpdir(), "zeta-qemu-boot-test-"));
+  const serialLogPath = join(tmpDir, "serial.log");
+
+  console.log(`[qemu-boot-test] ISO: ${isoPath}`);
+  console.log(`[qemu-boot-test] Serial log: ${serialLogPath}`);
+  console.log(`[qemu-boot-test] Memory: ${MEMORY_MB}MB; timeout: ${TIMEOUT_SECONDS}s`);
+  console.log(`[qemu-boot-test] Expecting login prompt: "${EXPECTED_LOGIN_PROMPT}"`);
+
+  const qemuArgs = buildQemuArgs(isoPath, serialLogPath);
+  console.log(`[qemu-boot-test] Launching: qemu-system-x86_64 ${qemuArgs.join(" ")}`);
+
+  const qemu = spawn("qemu-system-x86_64", qemuArgs, {
+    stdio: ["ignore", "inherit", "inherit"],
+  });
+
+  let qemuExited = false;
+  qemu.on("exit", (code) => {
+    qemuExited = true;
+    console.log(`[qemu-boot-test] QEMU exited with code ${code}`);
+  });
+
+  const result = await waitForLoginPrompt(serialLogPath);
+
+  if (!qemuExited) {
+    console.log(`[qemu-boot-test] Killing QEMU (PID ${qemu.pid})`);
+    qemu.kill("SIGTERM");
+    setTimeout(() => {
+      if (!qemuExited) qemu.kill("SIGKILL");
+    }, 5000);
+  }
+
+  console.log("");
+  console.log("=== Result ===");
+  console.log(`Exit code: ${result.exitCode}`);
+  console.log(`Reason: ${result.reason}`);
+  if (result.serialLogTail) {
+    console.log("");
+    console.log("=== Serial log tail ===");
+    console.log(result.serialLogTail);
+  }
+
+  process.exit(result.exitCode);
+}
+
+main();