docs(full-ai-cluster): add INJECTION-POINTS.md — canonical catalog of install-time injection points + B-0852/B-0859 cross-reference#5601
Merged
AceHack merged 1 commit intoMay 27, 2026
Conversation
… cluster install-time injection points + cross-reference B-0852 / B-0859 in-flight substrate Operator directive: "we should probably document the injection points and keep a list of what credential types we support we are already listing them declaratively" Lands a canonical catalog at full-ai-cluster/INJECTION-POINTS.md naming: SUPPORTED today (4 injection points; shipped): 1. Operator SSH pubkey (USB ESP, iter-4.2 / B-0789) 2. Cluster node hostname (USB ESP, iter-5.2 / B-0792) 3. zeta user initial password (cluster console, iter-5.3 / B-0835) 4. WiFi credentials (cluster console, zeta-first-boot.sh nmtui) IN-FLIGHT (substrate-engineering targets per B-0852 Phase 1): 5. Encrypted cred-blob on USB ESP — AES-256-GCM, key derived from HKDF(USB-UUID || operator-passphrase, salt, info); declarative manifest covers gh-cli, claude, gemini, codex, ssh-host-keys, ssh-operator-pubkey 6. GitHub-creds-at-flash-time variants — 4-option boot-sequence auth-method picker (restore-from-blob / fresh-device-flow / operator-PAT / skip) matching operator's verbatim "the current ones on my machine OR a token i generate on the website" ARCHITECTURAL PRINCIPLE LAYER (operator 2026-05-27): "this makes the usb move in the self healing instead of full wipe direction on reformat" — DEFAULT post-B-0852 = mode 2 reformat-with- current-keys-and-decisions (preserves identity); mode 3 full-reflash becomes opt-in for fresh-identity case. Composes with B-0859's 3-mode USB-boot recovery substrate (fix / reformat-with-current-keys / full-reflash-with-new-decisions). CONSTITUTIONAL RAIL (preserved verbatim from zeta-install.sh line 392): "secrets shouldn't transit non-operator surfaces (USB ESP, Aaron's Mac keychain, etc.); operator-typed at install time is the safest path." Partitions injection points by content class: - Public identifier (SSH PUBkey, hostname) → USB ESP allowed - Secret material → cluster console at install time OR post-install secrets mgmt OR (post-B-0852) encrypted-at-rest on ESP with operator-passphrase-derived key REMAINING GAPS (no backlog row yet, candidates per constitutional rail): GPG/age/K8s-join/ArgoCD-admin/cosign/TLS-root-CA/Tailscale-WireGuard/ NTP-override/locale-timezone/per-node-disk-role-hints. Post-B-0852, secret-class additions become MANIFEST EDITS (declarative YAML entry) rather than new code per operator: "the keep credentials options we should declare each credential we need and save and restore so it's not so imparative too." CROSS-REFERENCES to in-flight backlog cluster: B-0833 + B-0835 + B-0844 + B-0847 + B-0848 + B-0852 + B-0859 + B-0864. Per .claude/rules/verify-existing-substrate-before-authoring.md: existing substrate (B-0852 + B-0859) covers the GH-creds-at-flash and self-healing-reformat scope; this commit CITES + composes rather than mints parallel substrate. NO new backlog row filed. Co-Authored-By: Claude <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
AceHack
deleted the
docs/full-ai-cluster-injection-points-catalog-credential-types-supported-2026-05-27
branch
There was a problem hiding this comment.
Pull request overview
Adds a new documentation file, full-ai-cluster/INJECTION-POINTS.md, that catalogs every install-time injection point for the full-AI-cluster substrate (operator SSH pubkey, hostname, initial password, WiFi) along with the in-flight B-0852 encrypted cred-blob + boot-sequence auth-method picker and the B-0859 three-mode reformat/recovery layer. The doc anchors a "constitutional rail" partitioning public-identifier vs secret-material content classes, lists current zflash flags, inventories remaining credential-type gaps, and links the related backlog rows. No code changes.
Changes:
- New catalog of 4 shipped + 2 in-flight injection points with NixOS reader modules, ESP filenames, and backlog cross-references.
- Architectural-principle section documenting "preserve-default on reformat" direction post-B-0852, composed with B-0859 three-mode recovery substrate.
- Gaps table (GPG, age, K8s join, ArgoCD, cosign, TLS root CA, Tailscale/WireGuard, NTP, locale, disk hints) framed as future B-0852 manifest edits.
This was referenced May 27, 2026
AceHack
added a commit
that referenced
this pull request
May 27, 2026
…B-boot + DevOps-objectives-as-levels (NOT hand-crafted video-game levels) (#5611) * backlog(B-0865): Zeta instantiation of ARC-AGI-3-style benchmark — USB-boot starting state + DevOps objectives as levels (NOT hand-crafted video-game levels) Operator directive 2026-05-27 verbatim: "search ARC3 AGI internet and substrate we are going to create our own version, boot our USB and have the agents make it through devops objectives instead of hand crafted video game levels." ARC-AGI-3 substrate inventory (per WebSearch 2026-05-27): François Chollet's interactive agentic-intelligence benchmark, launched 2026, $2M prize pool, human 100% / frontier AI <1% (GPT-5.4 + Claude Opus 4.6 Max both 0.3% as of March 2026). First interactive ARC variant where agents must explore novel turn-based environments, infer goals without instructions, build internal models, plan action sequences. B-0865 extends B-0761 (Zeta-as-ARC-AGI-style-benchmark-substrate) into the SPECIFIC operational instantiation: - Starting state: freshly USB-booted Zeta cluster (1/2/3 nodes per tier) - Level catalog: declarative manifest of DevOps objectives organized in 6 tiers (Bootstrap / Multi-node / Resilience / Scale+GitOps / Adversarial / Identity+self-recovery) - Agent runtime: candidate AI agents act via kubectl / SSH / GitOps PRs / hardware-level access - Judge: deterministic acceptance-criteria evaluator + scoring rubric - Recovery / reset: boot-off-USB-again via B-0859 3-mode substrate Composes with the today's substrate-engineering cascade: - PR #5581/#5582/#5586/#5589/#5594/#5599: streams-substrate cascade - PR #5601: INJECTION-POINTS.md catalog - PR #5606: B-0857.2 install.sh universal routing - PR #5608: catalog fix-fwd - B-0852: cred-persistence (cheap reset; identity preservation) - B-0857: install.sh universal entry (USB-boot reset reproducibility) - B-0859: 3-mode USB-boot recovery substrate (the benchmark's reset) - B-0864: streams-substrate (agent-action-protocol scope) Substrate-honest framing per .claude/rules/verify-existing-substrate- before-authoring.md: B-0761 is the parent (general claim); B-0865 mints NEW substrate covering the specific operational instantiation (USB-boot + DevOps-objectives + our-own-ARC3-version). Composition explicit; parent row preserved unchanged. Distinction from canonical ARC-AGI-3: - Canonical: hand-crafted abstract grid puzzles; Core Knowledge priors only; tests fluid intelligence - Zeta B-0865: real DevOps substrate; maximal knowledge dependence (k3s + NixOS + GitOps + Longhorn); tests operational-substrate competence COMPLEMENTARY not competitive — both valid; different scopes; both test efficient exploration + goal inference + planning. P2 + GATED behind cluster-stability per operator's "this is critical we get this usb right not fast fast comes after our self healing usb is stable where we can have a stable 3 node cluster and iterate without worrying about the cluster going down or having to recreate all 3 nodes from scratch constantly." The prerequisite IS the stable substrate the benchmark runs on. 12 sub-rows queued for future decomposition (B-0865.1 through B-0865.12) covering: level-catalog manifest schema; judge runtime; 6 tiers of levels; agent-runtime substrate; scoring + leaderboard; public-surface naming review; B-0761 composition cross-link. Co-Authored-By: Claude <noreply@anthropic.com> * backlog(B-0865): append operator follow-up sharpening — leaderboard substrate + HA-k8s+observability+helm/argocd playing-field scope + AGI-vs-video-games normative positioning Operator 2026-05-27 verbatim follow-up: "This could give us a leaderboard to compete against with Zeta the usb is the playing fields HA k8s cluster with observablity and a bunch of helm/argocd apps, way better test of AGI as compared to video games." Three substantive extensions to B-0865: EXTENSION 1 — Leaderboard substrate Zeta isn't just the test environment — it's the OPPONENT + the platform. 4 competition modes named: cross-agent, vs-human-operator, vs-prior-self, vs-Zeta-autonomy-ceiling. Sharpens sub-row B-0865.10 (scoring + leaderboard) to support explicit competition-against-Zeta mode. EXTENSION 2 — Playing-field substrate-engineering scope Names the three load-bearing components: HA k8s cluster (3-node quorum target per B-0859) + observability (Prometheus/Grafana/logs/ traces) + helm/ArgoCD apps. Sharpens sub-row B-0865.1 (level-catalog manifest schema) to encode these as named substrate-types. EXTENSION 3 — AGI benchmark normative positioning 5-row comparison table: video-game-shaped tests (incl. canonical ARC abstract puzzles) vs DevOps-objectives-on-real-HA-k8s-cluster across real-world transfer / substrate realism / gaming-the-benchmark risk / operational competence measurement / substrate ecosystem alignment. Substrate-engineering claim: AGI tested in this substrate is ACTUAL AGI at operational scope, not narrow-puzzle-intelligence dressed up. Sub-row sharpenings applied: - B-0865.1: manifest encodes HA-shape + observability-state + helm/argocd-state - B-0865.10: leaderboard supports 4 competition modes - New candidate B-0865.13: public positioning + comparison-substrate with canonical ARC-AGI-3 + other agentic benchmarks Composes with .claude/rules/edge-defining-work-not-speculation.md — building this benchmark IS edge-defining work; nothing of this shape exists publicly. Carved sentence (operator 2026-05-27 keeper): "The USB is the playing field, HA k8s cluster with observability and a bunch of helm/argocd apps, way better test of AGI as compared to video games." Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Claude <noreply@anthropic.com>
6 tasks
AceHack
added a commit
that referenced
this pull request
May 27, 2026
…pilot findings addressed (supersedes PR #5606 — clean fresh branch off origin/main, no force-push) (#5620) Supersedes PR #5606 (which had 3 valid Copilot findings + 1 false- positive that I addressed in a fix-fwd commit; that commit would have required force-push to PR #5606's branch which is policy- restricted per the autonomous-loop force-push discipline; opening a fresh PR off origin/main is the policy-respected new-branch path). PR #5606 to be closed with cross-reference to this PR after this opens. Full B-0857.2 substrate-engineering content (originally drafted across 3 commits on PR #5606 branch; squashed here for clean review): ROUTING MATRIX: - macOS (uname -s = Darwin) -> setup/macos.sh - Linux non-NixOS (no /etc/NIXOS) -> setup/linux.sh - NixOS installed (/etc/NIXOS, no docker, no /iso, no /run/initramfs) -> setup/linux.sh - NixOS docker test harness (/etc/NIXOS + /.dockerenv from B-0849 harness) -> setup/linux.sh - NixOS live-USB (/etc/NIXOS + /iso OR /run/initramfs canonical markers) -> exit 2 + message pointing to zeta-install.sh DISCRIMINATOR PRIORITY: 1. /etc/NIXOS marker -> NixOS (else linux-non-nixos) 2. /.dockerenv -> installed (Docker container short-circuit; runs FIRST so subsequent overlay check doesn't false-positive on B-0849 harness) 3. /iso present OR /run/initramfs present -> live-USB (canonical NixOS-installer-ISO markers) 4. Otherwise -> installed (safer default) COPILOT FINDINGS ADDRESSED (from PR #5606 review): Finding 1 (P1, line 16 exit contract): Was: "Exit 0 on success. Any failure is a dev-experience bug" Fixed: expanded exit-code documentation to 3 codes (0 success; 1 error; 2 intentional routing guard for NixOS live-USB — NOT a dev-experience bug). Clarified CI gate.yml asserts exit 0 in its tested environments (none are NixOS live-USB). Finding 2 (P1, line 36 name attribution): Was: "Per B-0857 operator framing (Aaron 2026-05-27):" Fixed: "Per B-0857 operator framing (2026-05-27):" — per name- attribution convention (no first names in non-history-surface source files). Finding 3 (P1, line 111 relative path): Was: "sudo bash full-ai-cluster/usb-nixos-installer/zeta-install.sh" (relative; fails if user not in repo root) Fixed: resolves $REPO_ROOT-rooted absolute path before printing the message; also resolves $INJECTION_POINTS_ABS absolute path; both paths now work regardless of caller cwd. Also references the exit-code documentation in the script header for exit 2 case. Finding 4 (P0, line 114 dead link) — FALSE POSITIVE: Copilot flagged "full-ai-cluster/INJECTION-POINTS.md does not exist in the repo" but the file DID land on origin/main at 976b352 (PR #5601, merged before PR #5606 CI ran). Verified via `git ls-tree origin/main full-ai-cluster/INJECTION-POINTS.md`. Copilot's review-base was earlier than current main. Will resolve PR #5606 thread as no-op confirmed-on-main when closing. LOCAL VALIDATION: - bash -n syntax PASS - bash tools/setup/install.sh on Darwin: routes to setup/macos.sh - bun tools/ci/docker-nixos-install-sh-test.ts: SUCCESS in 108s (B-0849 docker harness validates the /.dockerenv discriminator-2 short-circuit preserves existing harness behavior) PER OPERATOR DIRECTIVE 2026-05-27: "and again dont feel any rush this is critical we get this usb right not fast fast comes after our self healing usb is stable" + "we pay the time now while things are simple to avoid sprawling complexity later" + "we can test nixos install in quick iteration locally with docker" This PR follows all three directives: substrate-engineering-correctness- first; one sub-row scope; docker-harness-validated locally before push. Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per operator directive: "we should probably document the injection points and keep a list of what credential types we support we are already listing them declaratively"
Lands a canonical catalog at `full-ai-cluster/INJECTION-POINTS.md` naming all 4 currently-shipped injection points + 2 in-flight (B-0852) + the constitutional rail + the architectural-principle layer for self-healing-direction-on-reformat.
Catalog contents
Supported today (4 shipped)
In-flight (B-0852 Phase 1)
Architectural-principle layer (operator 2026-05-27)
DEFAULT post-B-0852 = mode 2 (reformat-with-current-keys-and-decisions, preserves identity); mode 3 full-reflash becomes opt-in. Composes with B-0859's 3-mode USB-boot recovery substrate.
Constitutional rail (preserved verbatim from `zeta-install.sh` line 392)
Partitions by content class: public identifier → ESP allowed; secret material → console / post-install / (post-B-0852) encrypted-at-rest on ESP with operator-passphrase-derived key.
Remaining gaps inventory
GPG / age / K8s-join / ArgoCD-admin / cosign / TLS-root-CA / Tailscale-WireGuard / NTP-override / locale-timezone / per-node-disk-role-hints. Post-B-0852, secret-class additions become MANIFEST EDITS (declarative) rather than new code.
Substrate-honest discipline
Per `.claude/rules/verify-existing-substrate-before-authoring.md`: existing substrate (B-0852 + B-0859) already covers GH-creds-at-flash + self-healing-reformat scope. This catalog CITES + composes rather than mints parallel substrate. No new backlog row filed.
Cross-references in-flight cluster: B-0833 + B-0835 + B-0844 + B-0847 + B-0848 + B-0852 + B-0859 + B-0864.
Files changed
Test plan
🤖 Generated with Claude Code