Skip to content

feat(B-0844): zflash --agent flag implementation — close docstring-vs-implementation gap#5376

Merged
AceHack merged 1 commit into
mainfrom
feat-b0844-impl-zflash-agent-flag-spawn-piped-auto-type-challenge-otto-cli-2026-05-26
May 27, 2026
Merged

feat(B-0844): zflash --agent flag implementation — close docstring-vs-implementation gap#5376
AceHack merged 1 commit into
mainfrom
feat-b0844-impl-zflash-agent-flag-spawn-piped-auto-type-challenge-otto-cli-2026-05-26

Conversation

@AceHack
Copy link
Copy Markdown
Member

@AceHack AceHack commented May 27, 2026

What

Implements B-0844 `--agent` flag per PR #5374 row spec. Empirical anchor: 2026-05-26 3rd USB re-flash session surfaced docstring-vs-implementation gap (operator: "i got the fingerprint but it didn't format").

Implementation

  • New `--agent` flag in `ALLOWED_FLAGS` + help text
  • When `--agent` passed: `spawn` with `stdio: ["pipe", "pipe", "inherit"]` instead of `execFileSync({stdio: "inherit"})`
  • Pipe stdout: scan for `yes <4hex>` challenge → mirror to operator stdout
  • Pipe stdin: auto-type `yes \n` when challenge detected, close stdin
  • Inherit stderr: Touch ID PAM prompt + errors visible
  • Glass-halo: `[agent-mode: auto-typing yes XXXX — operator visibility per glass-halo-bidirectional rule]` printed BEFORE auto-type
  • Default behavior unchanged (no `--agent` = current execFileSync path)

Preserves all safety rails

  • Touch ID PAM gate fires on operator's Mac for `sudo dd`; cannot be agent-bypassed
  • Nonce randomness preserved (per-run random; agent reads from stdout)
  • Runtime acceptance preserved (typing exact challenge IS acceptance)
  • All flash-usb sanity rails still fire

Verified

  • `bun full-ai-cluster/tools/zflash.ts --help` shows `--agent` entry with full doc text
  • TypeScript compiles cleanly
  • Backward-compatible (default invocation unchanged)

Test path post-merge

Re-run today's 3rd USB-test session with:

```bash
bun full-ai-cluster/tools/zflash.ts --agent 2>&1 | tail -100
```

Should show "Flash complete." + iter-4.2 inject + ejection with the auto-typed challenge visible in glass-halo log line.

Composes with

🤖 Generated with Claude Code

feat(B-0844): zflash --agent flag — native auto-type challenge respon…
82713eb 
…se via spawn with piped stdin closes docstring-vs-implementation gap (empirical 2026-05-26 3rd USB re-flash session)

Implements the --agent flag per B-0844 row. Closes the gap where
zflash.ts docstring promises 'agent auto-types the yes <nonce>
challenge' but the execFileSync({stdio: 'inherit'}) implementation
broke under any non-interactive stdin (e.g., 'bun zflash.ts | tail').

Empirical anchor: 2026-05-26 3rd USB re-flash session. Operator
authorized agent-driven zflash with Touch ID. Agent ran via
'bun zflash.ts | tail -50' which broke stdin → readline returned
empty → bail'd silently → tail swallowed error → iter-4.2 inject
ran on PRE-EXISTING USB ESP → operator saw 'safe to remove USB' +
thought flash succeeded → boot attempt failed: 'i got the
fingerprint but it didn't format'.

Implementation:

- New '--agent' flag added to ALLOWED_FLAGS + help text
- When --agent is passed: spawn flash-usb with stdio
  ['pipe', 'pipe', 'inherit'] instead of execFileSync({inherit})
- Pipe stdout: scan for the 'yes <4hex>' challenge line from
  flash-usb.ts; mirror everything back to operator's stdout
- Pipe stdin: when challenge detected, auto-type 'yes <nonce>\n'
  then close stdin
- Inherit stderr: Touch ID PAM prompt + sudo error messages stay
  directly visible to operator
- Glass-halo visibility: explicit '[agent-mode: auto-typing
  yes XXXX — operator visibility per glass-halo-bidirectional rule]'
  line printed BEFORE the auto-type so operator can see what's
  happening
- Default behavior (no --agent flag) unchanged — execFileSync
  with inherited stdio remains for interactive operator runs

Preserves ALL safety rails:
- Touch ID PAM gate fires on operator's Mac for sudo dd; cannot
  be agent-bypassed (biometric physical-presence proof)
- Nonce randomness preserved (random per-run; agent reads from
  stdout, can't pre-bake)
- Runtime acceptance preserved (typing the EXACT challenge IS the
  acceptance signal; agent typing it from operator-observed-stdout
  IS substrate-honest delegation)
- All flash-usb sanity rails (platform / ISO size / USB protocol /
  internal-disk / boot-disk / size-range checks) still fire

Verified:
- bun full-ai-cluster/tools/zflash.ts --help shows --agent entry
  with full doc text
- TypeScript compiles cleanly (no type errors)
- Backward-compatible (default invocation unchanged)

Closes B-0844 acceptance criteria. Per substrate-or-it-didnt-happen.md:
docstring promise now has backing substrate.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
Copilot AI review requested due to automatic review settings May 27, 2026 01:57
@AceHack AceHack enabled auto-merge (squash) May 27, 2026 01:57
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 27, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@AceHack AceHack merged commit a04f1ee into main May 27, 2026
33 of 34 checks passed
@AceHack AceHack deleted the feat-b0844-impl-zflash-agent-flag-spawn-piped-auto-type-challenge-otto-cli-2026-05-26 branch May 27, 2026 02:00
@AceHack AceHack review requested due to automatic review settings May 27, 2026 02:19
Copilot AI mentioned this pull request May 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AceHack