feat(B-0857 P2 deferred): install.sh becomes universal Unix-like-OS entry — routes by environment; SHORTER path than B-0854 Ace migration (Aaron 2026-05-27)#5423
Merged
AceHack merged 3 commits intoMay 27, 2026
Conversation
…utes by environment; replaces zeta-install.sh on the short-path BEFORE B-0854 Ace migration (Aaron 2026-05-27)
Operator: "when are we moving to install.sh over zeta-install.sh? the
universall install surface for unix like oses?"
Filed immediately per Aaron 2026-05-27 separation-of-concerns discipline
("recording row exists is critical for deferring work to reliably
happen"). Implementation defers until current cred-persistence + cosign
+ self-register stack lands + next USB test validates.
10 sub-rows B-0857.1-10 enumerated. Key insight: this row is SHORTER
than B-0854 (Ace migration) — imperative-bash unification of the
existing entry point doesn't need Ace package work + doesn't block
B-0854's longer-horizon declarative work.
Audit sub-row B-0857.1 verifies PR #5389 commit-message claim that
zeta-install.sh Step 6.95a invokes tools/setup/install.sh (grep of
current file finds NO invocation — either drifted out or integration
at higher abstraction layer; small bounded audit can ship quickly).
Composes with B-0854 (Ace migration; long horizon) + B-0852
(cred-persistence; OS-agnostic) + B-0855 (self-register fix;
OS-agnostic) + B-0853 (cosign verify; OS-agnostic) + B-0833
(installer creds discipline). Per Rule 0: install-graph carve-out
preserved at tools/setup/.
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
… entry (not dev-env); Zeta cluster IS a build-machine cluster (Aaron 2026-05-27 Turn 2 sharpening) Operator caught my Turn 1 framing error: "tools/setup/install.sh has never been universal dev entry it's also unversal build machine and the zeta cluster IS a build machine cluster." The substrate-honest reading: install.sh is the universal BUILD-MACHINE entry — not "dev env" + "node install" as two separate things. The Zeta cluster IS a build-machine cluster (cluster nodes aren't deployment targets; they're build machines participating in the same build infrastructure as dev laptops). Therefore install.sh ALREADY applies operationally to both surfaces; the migration is recognizing that + factoring zeta-install.sh as the bootstrap-from-USB phase that prepares the build machine for install.sh to take over post-boot. Two-turn operator framing preserved in row body. Current-state table + routing table re-labeled as "build machine" surface. Phase distinction sharpened: zeta-install.sh = "turn this hardware into a NixOS-booting build machine"; install.sh = "configure runtime on this build machine" (same on laptop OR cluster node). This is the SAME ROW (B-0857 P2 deferred); no scope change. Just framing correction so future-Otto cold-boots don't inherit the dev-env-vs-cluster-node mental model that doesn't match the substrate-engineering reality.
…es + prod when prod self-updates; install.sh is the universal machine entry (Aaron 2026-05-27 Turn 3) Operator Turn 3 supersedes Turn 2 framing: "there is no distinction between build machies and prod when prod can update itself" The substrate-honest reading: when production can self-update (mise + flake-lock pull + nixos-rebuild / deploy-rs), the build-machine-vs-prod distinction COLLAPSES. Same machine. Same install.sh. The whole cluster + every dev laptop is one self-updating organism running the same install/update entry. install.sh is therefore the universal Unix-like-OS install + self-update entry — the only operational machine-substrate-entry. Build / prod / dev are NOT different categories at the install-substrate scope; they're the SAME category (machines participating in Zeta) under different operational windows (first-install vs steady-state-update). Composes with iter-6.x distro-upgrade substrate (B-0800-B-0805) — those auto-upgrade rows are the SAME entry path; install.sh handles both first-install + stay-current via routing. Same row scope as Turn 2 fix; further framing sharpening. Future-Otto cold-boots inherit the unified-machine-entry model rather than the build-vs-prod mental model.
There was a problem hiding this comment.
Pull request overview
Docs-only PR that files a new P2 backlog row (B-0857) capturing the operator's direction to make tools/setup/install.sh the universal Unix-like-OS install entry, routing by environment (macOS / Linux-non-NixOS / NixOS-live-USB / installed-NixOS), and shrinking zeta-install.sh to a thin wrapper on a shorter path than the broader B-0854 Ace migration. Implementation is deferred; only the row and its index entry land here.
Changes:
- Adds
docs/backlog/P2/B-0857-...mdwith framing, current state, migration target, 10 enumerated sub-rows, composition with adjacent rows (B-0854/0852/0855/0853/0833), and P2 justification. - Adds the corresponding open-row entry to
docs/BACKLOG.mdunder the P2 section.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| docs/backlog/P2/B-0857-...md | New backlog row defining install.sh universal-entry consolidation and 10 sub-rows |
| docs/BACKLOG.md | Index entry pointing at the new B-0857 row |
AceHack
deleted the
backlog/b-0857-install-sh-universal-unix-entry-consolidation-2026-05-27
branch
6 tasks
AceHack
added a commit
that referenced
this pull request
May 27, 2026
…ce entanglement + homelab-to-enterprise spectrum + attack-surface tempered by internal-access prereq (Aaron 2026-05-27 follow-up to #5423) (#5424) Three new operator-framing turns extending B-0857 row body after #5423 merge (Turns 1/2/3 already landed there): **Turn 4 — install.sh ≈ Ace; entangled**: > "yes install.sh is ace basically we've not really seperated it all > out ace and zeta are pretty intertangled" install.sh and Ace are NOT separate things in current substrate — install.sh IS the install-side of what Ace would be at the imperative-bash scope; Ace is the declarative evolution of the SAME substrate at package-manager scope. Implication: B-0857 ↔ B-0854 are the SAME work at different naming scopes, not sibling rows on adjacent tracks. **Turn 5 — homelab-edge to enterprise-restrictive spectrum**: > "basically we are going to push the build is prod conept all the > way to the edge for homelab / open claw like setups and thing > scale it back for enterprise like setup to be more restrictive > but i don't want to start in the more restretive mode until we > see what the new shape feels like where the difference between > build and dev vanish" Build-is-prod unification (Turn 3) operates on a SPECTRUM, not as a single mode. 3-tier table added: homelab (MAXIMALLY UNIFIED) → small-team (UNIFIED with minimal separation) → enterprise (RESTRICTIVE). Operator's explicit sequencing: START in unified mode FIRST; live in it; discover what "build/dev/prod vanish" feels like; THEN scale back for enterprise. DO NOT start restrictive. Substrate-engineering decisions through B-0857 implementation defer enterprise-restrictive considerations until unified mode has empirical operator-experience under it. **Turn 6 — attack-surface tempered by internal-access prereq**: > "the biggest issue i see is larger attack surface becasue more > deps but this one is not as bad as it seems cause it requires > internal access to network and box so you are already kind of > fucked if they are this deep." Operator's named primary concern with unified mode: larger attack surface (more deps on every node = more CVE surface). Bounded by precondition: exploitation requires network access AND shell access. Threat-model scope: post-perimeter-breach, not perimeter-breach. Perimeter defenses (firewall + VPN + mesh + auth + B-0853 cosign signed artifacts) carry the primary security load; expanded build-on-prod surface is downstream. Acceptable reduced posture for homelab/open-claw scope; tightened for enterprise scope per Turn 5 spectrum. 3-row threat-scope table added showing perimeter / node-level / post-intrusion mitigations + ownership. Composes with: B-0854 (Ace migration trajectory; Turn 4 entanglement); B-0852 (declarative cred-persistence; Turn 6 surface substrate); B-0853 (cosign signed artifacts; Turn 6 mitigation); B-0855 (self-register architectural fix; Turn 5 spectrum); \`.claude/rules/edge-defining-work-not-speculation.md\` (Turn 5 sequencing); \`.claude/rules/methodology-hard-limits.md\` (Turn 6 threat-model floor stays operative). Substrate-honest framing: this PR adds framing turns only; no implementation work; the B-0857 row remains P2 deferred per separation-of-concerns discipline (Aaron 2026-05-27: "deferring of working on backlog is a seperate conerns of recording backlog item exist"). Per .claude/rules/non-coercion-invariant.md HC-8: operator authority over substrate-engineering trajectory; Turn 5 sequencing preserved verbatim; Turn 6 threat-model preserved verbatim. Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
6 tasks
AceHack
added a commit
that referenced
this pull request
May 27, 2026
…invocation PRESENT (zeta-install.sh:1097) + corrects B-0857 row body authoring error (#5426) * docs(B-0857.1): audit verifies PR #5389 Step 6.95a invokes tools/setup/install.sh — integration PRESENT at zeta-install.sh:1097-1099; B-0857 row body corrected Sub-row audit per B-0857 implementation order step 1 ("audit current state"). Result: PR #5389's commit-message claim VERIFIED PRESENT on origin/main 0b61405; no drift; no repair needed. **The integration**: zeta-install.sh:1090-1100 Step 6.95a-bootstrap invokes \`tools/setup/install.sh\` via: sudo HOME="$ZETA_HOME" -u "#$ZETA_UID" \\ bash -c "cd $ZETA_HOME/Zeta && tools/setup/install.sh" Dispatch chain: install.sh → linux.sh (detects /etc/NIXOS) → common/mise.sh (reads .mise.toml, installs pinned runtimes). This extends GOVERNANCE §24 three-way-parity (dev + CI + devcontainer) to NixOS cluster nodes via the same canonical entry. **B-0857 row body correction**: The B-0857 row (#5423) body contained "grep of current zeta-install.sh finds NO actual invocation. Either drifted out or the integration is at a higher abstraction layer." This was an authoring error — the grep produces 9 matches; line 1097 is the load-bearing one. The authoring step skipped the verify-by-grep that this sub-row commits to. This is a substrate-drift catch caught at sub-row audit scope rather than at row-authoring scope. The B-0857.1 sub-row IS the corrective mechanism the parent B-0857 row called for; the audit found the row's own framing was the drift, not the integration substrate. Row body now reads: "Audit verified (B-0857.1, 2026-05-27): integration IS present at full-ai-cluster/usb-nixos-installer/zeta-install.sh:1097-1099 inside Step 6.95a-bootstrap; no drift; no repair needed." **Status**: closed at landing (no implementation work needed; substrate is correct). Composes with: B-0857 (parent — this corrects parent's body); PR #5389 (audited substrate); \`.claude/rules/grep-substrate-anchors-before-razor-as-metaphysical.md\` (sibling discipline: verify before asserting); \`.claude/rules/verify-existing-substrate-before-authoring.md\` (the discipline the B-0857 authoring step skipped; this audit catches the result); \`.claude/rules/blocked-green-ci-investigate-threads.md\` verify-before-fix discipline; \`.claude/rules/refresh-before-decide.md\` (underlying invariant at substrate-authoring scope). Per .claude/rules/non-coercion-invariant.md HC-8: substrate-honesty preserved; correction is additive (per retraction-native discipline) not erasing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(B-0857.1 CI): regen BACKLOG.md + MD032 blank-line + tsc strict-mode narrowing fix-fwd for B-0852.2a/2b/10 discriminated unions (3 CI failures resolved) Three CI failures on PR #5426 resolved in single fix-pass: 1. **check docs/BACKLOG.md generated-index drift**: regen via `BACKLOG_WRITE_FORCE=1 bun tools/backlog/generate-index.ts` to include new B-0857.1 sub-row entry. 2. **lint (markdownlint) MD032/blanks-around-lists** at line 60 of B-0857.1 sub-row: blank line inserted before ordered list per markdownlint canonical rule. 3. **lint (tsc tools)** type errors in B-0852.2a/2b/10 substrate from just-merged PRs #5421/#5418/#5425: discriminated-union narrowing pattern `if (!(x instanceof Buffer))` doesn't narrow under tsc strict mode (bun test passed because bun's TS is more lenient). Substrate-honest fix: switch all narrowing to the discriminant-property check `if ("error" in x)` which TS strict mode narrows correctly. Files changed: - `tools/installer/zeta-creds-envelope.ts` (4 occurrences in parseEnvelope: salt/iv/tag/ciphertext) - `tools/installer/zeta-cred-handlers.ts` (1 occurrence in resolveBakeCred) - `tools/installer/zeta-cred-handlers.test.ts` (replaceAll: 4+ occurrences in resolveValueSource test variants) Fix is functionally equivalent — both `instanceof Buffer` and `"error" in x` correctly distinguish the union at runtime; the difference is only in tsc's ability to narrow. All 36 tests still pass under bun test (verified pre-commit). This is fix-fwd to my own substrate (#5421 envelope + #5418 handlers + #5425 CLI rebase) discovered when CI ran on the chained-off #5426 PR. Tsc errors didn't surface on the source PRs because they used the same narrowing pattern that bun tolerates but tsc rejects under strict mode. Composes with: B-0857.1 (this PR's primary scope; sub-row audit); B-0852.2a/2b/10 (the substrate this fixes); PR #5421/#5425/#5418 (the originating PRs); `.claude/rules/blocked-green-ci-investigate-threads.md` (verify-then-fix discipline applied to CI failure investigation); `.claude/rules/refresh-before-decide.md` (raw CI output read before acting); `.claude/rules/holding-without-named-dependency-is-standing-by-failure.md` counter-with-escalation (CI failure IS named-dep + bounded work). Per .claude/rules/agent-worktree-hygiene-never-hold-main-...: isolated worktree at /private/tmp/zeta-b0857-1-audit-0817z; never touched operator's primary checkout. Per .claude/rules/non-coercion-invariant.md HC-8: substrate-honesty preserved — fix-fwd to my own substrate; correction is additive. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This was referenced May 27, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Operator-named direction: "when are we moving to install.sh over zeta-install.sh? the universall install surface for unix like oses?"
Filed immediately per Aaron 2026-05-27 separation-of-concerns discipline. Implementation defers until current cred-persistence + cosign + self-register stack lands + next USB test validates.
Migration target
`tools/setup/install.sh` becomes universal Unix-like-OS entry that ROUTES by environment:
Shorter than B-0854 (Ace migration)
B-0857 ships operator-facing unification at imperative-bash scope. B-0854 builds declarative substrate on top. Both compose; B-0857 doesn't block B-0854 + can ship faster.
10 sub-rows enumerated
B-0857.1 audit PR #5389 integration claim → B-0857.2 env-detection → B-0857.3 factor body → B-0857.4 route → B-0857.5-7 compose with adjacent stacks → B-0857.8 thin-wrapper back-compat → B-0857.9 retire wrapper → B-0857.10 empirical validation.
Composes with
Rule 0 preserved
Install-graph carve-out stays at `tools/setup/`; new `nixos-install-from-usb.sh` joins it as Linux-NixOS-USB-mode sibling.
🤖 Generated with Claude Code