diff --git a/docs/pr-discussions/PR-5363-fix-gemini-isolate-background-loop-launchd-plist-to-dedicate.md b/docs/pr-discussions/PR-5363-fix-gemini-isolate-background-loop-launchd-plist-to-dedicate.md new file mode 100644 index 0000000000..29ccc68e3b --- /dev/null +++ b/docs/pr-discussions/PR-5363-fix-gemini-isolate-background-loop-launchd-plist-to-dedicate.md @@ -0,0 +1,62 @@ +--- +pr_number: 5363 +title: "fix(gemini): isolate background loop launchd plist to dedicated workspace" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T00:15:49Z" +merged_at: "2026-05-27T01:18:19Z" +closed_at: "2026-05-27T01:18:19Z" +head_ref: "lior/isolate-background-loop-plist" +base_ref: "main" +archived_at: "2026-05-27T19:29:01Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5363: fix(gemini): isolate background loop launchd plist to dedicated workspace + +## PR description + +## Summary + +Migrates Lior's background loop runner launchd daemon from Aaron's contested primary checkout to the isolated clone directory (`/Users/acehack/.local/share/zeta-lior-loop/Zeta`), aligning with Codex and Riven isolated agent loop architecture (B-0751). + +## Changes + +- `.gemini/launchd/com.zeta.lior-loop.plist`: Point `ProgramArguments` and `WorkingDirectory` to the isolated clone directory instead of the shared primary checkout. + +Co-Authored-By: Gemini + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T00:18:14Z) + +## Pull request overview + +Updates the Gemini “Lior loop” launchd configuration to run from an isolated per-agent clone rather than the shared primary checkout, aligning the background loop runner with the isolated-workspace architecture described in B-0751. + +**Changes:** +- Point `ProgramArguments` at the tick script inside `~/.local/share/zeta-lior-loop/Zeta` instead of the primary checkout. +- Add `WorkingDirectory` to the isolated clone root to ensure the job executes from that repo. +- Add an explicit `PATH` environment variable for the launchd job. + +### COMMENTED — @AceHack (2026-05-27T01:16:13Z) + +_(no body)_ + +## Review threads + +### Thread 1: .gemini/launchd/com.zeta.lior-loop.plist:11 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:18:13Z): + +P1/maintainability: This plist now hardcodes machine-specific absolute paths (/Users/acehack, /opt/homebrew, and the per-agent clone under ~/.local/share/...), but unlike the sibling plists in `.gemini/launchd/` it doesn’t include the “Maintainer-only artifact / update paths for your local machine” header comment. Adding that note here would prevent others from assuming it’s a team-wide usable service file and trying to `launchctl load` it unchanged. + +**@AceHack** (2026-05-27T01:16:13Z): + +Addressed in 73e808b — added the `Maintainer-only artifact` header comment after the `Label>` line, mirroring the convention in `com.zeta.backlog-ready-notifier.plist` and `com.zeta.missed-substrate-detector.plist`. Specifically names the three machine-specific path classes (`/Users/acehack`, `/opt/homebrew`, the per-agent clone under `~/.local/share/zeta-lior-loop/Zeta`) so readers see the warning before attempting `launchctl load`. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T00:15:53Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5364-fix-b-0835-bug-2a-2b-iter-5-4-install-gh-auth-setup-git-ssh.md b/docs/pr-discussions/PR-5364-fix-b-0835-bug-2a-2b-iter-5-4-install-gh-auth-setup-git-ssh.md new file mode 100644 index 0000000000..630366171c --- /dev/null +++ b/docs/pr-discussions/PR-5364-fix-b-0835-bug-2a-2b-iter-5-4-install-gh-auth-setup-git-ssh.md @@ -0,0 +1,93 @@ +--- +pr_number: 5364 +title: "fix(B-0835 Bug 2a + 2b): iter-5.4 install \u2014 gh auth setup-git + ssh-key scope discrimination" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T00:33:18Z" +merged_at: "2026-05-27T00:36:02Z" +closed_at: "2026-05-27T00:36:02Z" +head_ref: "fix-b0835-bug2ab-gh-auth-setup-git-ssh-key-scope-handling-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:29:00Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5364: fix(B-0835 Bug 2a + 2b): iter-5.4 install — gh auth setup-git + ssh-key scope discrimination + +## PR description + +## Empirical anchor — 2026-05-26 2nd physical hardware-support test + +Aaron's screen photo (verbatim console output from re-flashed USB run after Bug 1 + Bug 3b fixes landed): + +\`\`\` +[iter-5.4.0] Run gh auth login now? [Y/n]: Y +[iter-5.4.0] running 'gh auth login' (interactive)... +! First copy your one-time code: D30B-468F +Open this URL to continue in your web browser: https://github.com/login/device +■ Authentication complete. +! Authentication credentials saved in plain text +■ Logged in as AceHack +[iter-5.4.0] gh auth login: SUCCESS +[iter-5.4.0] fetching operator's SSH pubkeys via 'gh ssh-key list'... +[iter-5.4.0] WARN: 'gh ssh-key list' failed; no keys written +[iter-5.4.0] (gh auth succeeded but the user has no SSH keys +[iter-5.4.0] registered with GitHub, OR the jq/tee pipe broke) +[iter-5.4.1] ── self-registration commit+push (B-0812) ── +[iter-5.4.1] maintainer: AceHack +[iter-5.4.1] node-name: node-efe404 +Switched to a new branch 'register-node-efe404-20260527T0005332' +Username for 'https://github.com': acehack +Password for 'https://acehack@github.com': +\`\`\` + +Two sub-bugs surfaced (both new — beyond Bug 1 / Bug 3 already fixed this session). + +## Bug 2a — CRITICAL — git push prompts HTTPS basic-auth despite gh auth login + +Root cause: \`gh auth login\` stores token in gh config but does NOT configure git's credential helper. Without setup-git, \`git push\` goes through the default credential-store chain which doesn't know about gh's token. + +Fix: insert \`gh auth setup-git\` immediately after successful \`gh auth login\` in zeta-install.sh Step 6.8. Configures \`credential.helper\` to delegate to \`gh auth git-credential\` so all github.com git operations automatically use the gh token. Failure is non-fatal (warning only). + +## Bug 2b — degraded — gh ssh-key list returns empty / fails + +Root cause discrimination: \`gh auth login\` default scopes (\`repo, read:org, workflow, gist\`) do NOT include \`admin:public_key\` or \`read:public_key\` required by \`gh ssh-key list\`. Empty result could also mean operator has no SSH keys at GitHub. + +Fix: capture stderr from \`gh ssh-key list\`; if empty result + stderr mentions scope, print substrate-honest recovery commands (\`gh auth refresh -s admin:public_key\` + populate + rebuild). If empty without scope-error, point to https://github.com/settings/keys. + +Defers opt-in \`--with-ssh-key-scope\` flag to future B-NNNN (security tradeoff: don't ask for elevated scope by default). + +## Files + +- \`full-ai-cluster/usb-nixos-installer/zeta-install.sh\` — \`gh auth setup-git\` after login; stderr-capturing ssh-key-list with 3-way discrimination (success / empty-with-scope-error / empty-no-scope-error / pipe-broke) +- \`docs/backlog/P1/B-0835-*.md\` — Bug 2a + 2b verbatim empirical anchors + fix specs + acceptance criteria for 3rd physical test + +## Acceptance for next physical test cycle + +- iter-5.4.1 \`git push\` completes silently without basic-auth prompt +- Self-registration PR URL is printed + browseable on github.com +- If operator has SSH keys: writes operator-authorized-keys with key count +- If operator has no SSH keys at GH: substrate-honest WARN points to settings/keys +- If scope-error: substrate-honest WARN provides recovery commands + +## Composes with + +- B-0835 (this row — Bug 2a + 2b empirical anchors land in body) +- B-0812 iter-5.4.1 self-registration (the step Bug 2a blocks) +- B-0813 iter-5.4.2 ArgoCD reconciliation (downstream of self-reg) +- B-0834 install log preservation (would have diagnosed Bug 2a faster — composes) +- B-0833 auth tension (Bug 2a is concrete instance of the interactive-login vs token-baked tension) + +## Substrate-honest framing + +This is a continuation of the autonomous-loop physical-test fix cycle. Per Aaron's "great iteration we learned a lot" the loop is: test → bug → fix → re-flash → re-test. Bug 1 + Bug 3a + Bug 3b shipped in prior PRs this session; Bug 2 was diagnosis-dependent; the 2nd test surfaced it as two distinct sub-bugs (2a + 2b) with concrete fix paths. + +Per \`.claude/rules/verify-existing-substrate-before-authoring.md\`: substrate-inventory pass found B-0835 already names "gh login not respected" at Bug 2 scope; this PR extends with 2 specific sub-bugs rather than minting parallel substrate. + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T00:33:24Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5365-ci-b-0831-layer-1-extend-audit-installer-substrate-with-iter.md b/docs/pr-discussions/PR-5365-ci-b-0831-layer-1-extend-audit-installer-substrate-with-iter.md new file mode 100644 index 0000000000..704788f87a --- /dev/null +++ b/docs/pr-discussions/PR-5365-ci-b-0831-layer-1-extend-audit-installer-substrate-with-iter.md @@ -0,0 +1,109 @@ +--- +pr_number: 5365 +title: "ci(B-0831 layer-1): extend audit-installer-substrate with iter-5.4 sentinels" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T00:41:12Z" +merged_at: "2026-05-27T00:59:02Z" +closed_at: "2026-05-27T00:59:02Z" +head_ref: "ci-layer1-iter54-sentinels-audit-installer-substrate-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:59Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5365: ci(B-0831 layer-1): extend audit-installer-substrate with iter-5.4 sentinels + +## PR description + +## Layer 1 of 4-layer CI testing approach for iter-5.4 substrate + +Aaron asked: *"yeah push forward a bit maybe create some more ci tests how do you want to test the gh login flow?"* + +The 4-layer plan: + +| Layer | Approach | Cost | Catches | +|---|---|---|---| +| **Layer 1 (THIS PR)** | Source-level sentinel audit | Seconds | Substrate regression (text-level) | +| Layer 2 (next PR) | Behavioral test with mock \`gh\` shim on PATH | ~1s | Conditional-logic regression | +| Layer 3 ([B-0833](https://github.com/Lucent-Financial-Group/Zeta/blob/main/docs/backlog/P1/B-0833-installer-interactive-login-vs-baked-in-keys-ci-test-tension-resolve-without-shipping-credentials-aaron-2026-05-26.md) Approach A) | Mock GH device-code endpoint | ~10s | Real interactive-login flow without humans | +| Layer 4 ([B-0831](https://github.com/Lucent-Financial-Group/Zeta/blob/main/docs/backlog/P1/B-0831-ci-cascade-6-full-install-plus-cluster-auto-join-eliminate-routine-human-physical-usb-test-aaron-2026-05-26.md) cascade #6) | QEMU full-install + cluster auto-join | Minutes | End-to-end including reboot + ArgoCD | + +## What this PR adds + +Extends \`REQUIRED_SENTINELS\` for \`full-ai-cluster/usb-nixos-installer/zeta-install.sh\` with 14 new substrings: + +### (a) iter-5.4 flow anchors +- \`Step 6.8: iter-5.4.0 homelab gh-auth + operator pubkey copy\` +- \`Step 6.9: iter-5.4.1 self-registration commit+push\` +- \`gh auth login\` +- \`gh ssh-key list\` +- \`gh repo clone Lucent-Financial-Group/Zeta\` + +### (b) Bug 2a + 2b fix-regression catches (PR #5364) +- \`gh auth setup-git\` — Bug 2a fix +- \`SSH_KEY_ERR_FILE\` — Bug 2b stderr capture +- \`admin:public_key\` — Bug 2b scope-recovery guidance + +### (c) ClusterNode YAML schema sentinels (PR #5352 Copilot findings) +- \`apiVersion: zeta.lucent-financial-group.com/v1\` +- \`kind: ClusterNode\` +- \` roles:\` — spec.roles is ARRAY (was scalar spec.role) +- \` registration:\` — spec.registration block (was spec.maintainer flat) +- \` hardware:\` — spec.hardware block (storage was sibling) + +### (d) Hardware-probe sentinels (MAC parsing regression catch) +- \`/proc/cpuinfo\` — CPU_MODEL extraction +- \`link/ether\` — MAC parses field AFTER link/ether + +### (e) Self-reg branch shape +- \`register-\${NODE_HOSTNAME}-\` — iter-5.4.1 branch name pattern + +## Verified + +\`\`\` +\$ bun tools/ci/audit-installer-substrate.ts +audit-installer-substrate: PASS — 10 required files + 5 sentinel-file assertions OK +\`\`\` + +Runs in the existing \`build-ai-cluster-iso.yml\` workflow on every PR touching the installer surface. + +## Composes with + +- PR #5364 (Bug 2a + 2b fixes — this audit catches removal) +- PR #5352 (iter-5.4.1 Copilot YAML schema findings — this audit catches regression) +- B-0831 (cascade #6 full-install QEMU; this is layer 1) +- B-0833 (interactive-login vs baked-in-keys; layer 3 of cascade) + +## Substrate-honest framing + +Layer 1 doesn't test BEHAVIOR — only that the substrate is PRESENT. A future Aaron-edit that accidentally removes \`gh auth setup-git\` would be caught by this layer; an edit that changes \`gh auth setup-git\` to \`gh auth setup-git --hostname github.com\` would still pass (substring match). Layer 2 (mock-gh shim) catches behavioral regressions; this layer is the cheapest first line of defense. + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T00:43:07Z) + +## Pull request overview + +Extends the source-level CI sentinel audit for the AI-cluster installer substrate to cover the iter-5.4.0/5.4.1 GitHub auth + self-registration flows, so text-level regressions (dropped commands / dropped YAML schema anchors) are caught quickly in CI. + +**Changes:** +- Added iter-5.4 sentinel substrings for `zeta-install.sh` covering gh auth, ssh-key retrieval, repo clone, and registration-branch shape. +- Added schema/hardware-probe sentinels to catch regressions in ClusterNode YAML composition and MAC parsing. +- Updated the sentinel rationale string to reflect the newly-audited substrate. + +## Review threads + +### Thread 1: tools/ci/audit-installer-substrate.ts:100 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:43:07Z): + +The comment starting "iter-5.4.1 YAML schema sentinels" is missing a closing ")" on the first line, which makes the sentence read as unfinished. Please close the parenthesis and/or reflow the comment so it’s a complete sentence. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T00:41:17Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5366-docs-backlog-b-0838-caustic-engineered-bloom-filter-discrimi.md b/docs/pr-discussions/PR-5366-docs-backlog-b-0838-caustic-engineered-bloom-filter-discrimi.md new file mode 100644 index 0000000000..940f1783c7 --- /dev/null +++ b/docs/pr-discussions/PR-5366-docs-backlog-b-0838-caustic-engineered-bloom-filter-discrimi.md @@ -0,0 +1,109 @@ +--- +pr_number: 5366 +title: "docs(backlog): B-0838 \u2014 caustic-engineered bloom filter discriminators for remote-code trust layer (Kestrel-v2 ferry; phased)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T00:42:19Z" +merged_at: "2026-05-27T00:45:10Z" +closed_at: "2026-05-27T00:45:10Z" +head_ref: "otto/b-0838-caustic-engineered-bloom-filter-discriminators-remote-code-trust-layer-kestrel-v2-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:58Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5366: docs(backlog): B-0838 — caustic-engineered bloom filter discriminators for remote-code trust layer (Kestrel-v2 ferry; phased) + +## PR description + +## What + +B-0838 backlog row landing. Per Aaron's discipline *"backlog rows land immediately; they get decomposed later"* — this row was drafted and committed yesterday but the PR was never opened. Recovering during the Layer-2-CI-test sprint per Aaron's "anything that's future in your todo you can land as backlog rows so you don't forget" framing. + +## Substrate + +Per operator 2026-05-26 Kestrel-v2 ferry (preserved verbatim via PR #5356): + +> "do you think there is a way i can create caustic lens shaped bloom filters for the remote code discriminators?" + +Multi-learned-bloom-filter intersection with caustic-geometry-shaped agreement region. 3 components per Kestrel-v2's Meaning 3 + 1 composition: + +1. Filter A — sharp on code provenance signals (signed-from-trusted-publisher vs unknown) +2. Filter B — sharp on behavioral signals (suspicious syscall patterns, runtime resource access) +3. Filter C — sharp on structural signals (lexical malware-family match, dependency-graph similarity) + +Composition: bitwise AND of membership-test results. The "caustic" is the region in combined feature space where all 3 filters agree the code is trustworthy. + +## Three scope phases + +- **Phase 1 (operational)** — 3-filter intersection using established learned-bloom-filter libraries +- **Phase 2 (research-direction)** — full inverse-design via optimal transport (Brenier theorem + Villani transport theory) + continuous relaxation of discrete bloom filter response +- **Phase 3 (nearer-term reachable)** — literature review of inverse-design transfers across domains with discrete-vs-continuous optimization attention + +## Composes with + +- B-0664 NCI HC-8 floor (the discriminator IS the technical substrate for HC-8 at remote-code scope per Lior-website NCI-as-cyberattack-prevention naming PR #5342) +- B-0648 cross-substrate-triangulation (multiple bloom filters as composing N-of-M oracles) +- `.claude/rules/non-coercion-invariant.md` HC-8 floor +- `.claude/rules/algo-wink-failure-mode.md` (algo-wink IS one class of unauthorized-RPC pattern) +- `.claude/rules/glass-halo-bidirectional.md` (audit-mechanism composes at output side) +- `.claude/rules/substrate-smoothness-as-load-bearing-property.md` (PR #5357) — coupled smoothness constraint +- B-0822 worry-as-opposite-bloom-filter substrate (PR #5310) +- B-0823 cognition-as-distributed-systems META-claim (PRs #5325 + #5327) +- B-0833 (interactive-login vs baked-in-keys CI-test tension) — bloom filter discriminators serve trust layer +- PR #5356 Kestrel-v2 ferry — substrate origin (full verbatim including operator's cat-caustic image) +- PR #5357 substrate-smoothness rule — coupled-smoothness constraint reference +- F# fork for AI safety substrate — raw-math interaction substrate + +## Substrate-honest framing + +P2 priority. NOT immediately tractable as single-implementation work. Phase 1 is bounded enough for single-PR landing; Phases 2 + 3 span weeks-to-months. This row creates the substrate anchor; future contributors decompose phases independently when scope tightens. + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T00:45:24Z) + +## Pull request overview + +Adds backlog row **B-0838** to capture a phased approach for “caustic-engineered” multi-learned-bloom-filter discriminators for a remote-code trust layer, and updates the generated backlog index to include the new row. + +**Changes:** +- Adds `docs/backlog/P2/B-0838-...md` with frontmatter + problem/target/phases/acceptance/composition links. +- Updates `docs/BACKLOG.md` to include the new B-0838 entry in the P2 section. + +### Reviewed changes + +Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments. + +| File | Description | +| ---- | ----------- | +| docs/backlog/P2/B-0838-caustic-engineered-bloom-filter-discriminators-remote-code-trust-layer-kestrel-v2-aaron-2026-05-26.md | New P2 backlog row capturing the discriminator concept, phases, and acceptance criteria. | +| docs/BACKLOG.md | Adds the B-0838 index entry under P2. | + +## Review threads + +### Thread 1: docs/backlog/P2/B-0838-caustic-engineered-bloom-filter-discriminators-remote-code-trust-layer-kestrel-v2-aaron-2026-05-26.md:25 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:45:23Z): + +Inconsistent PR reference formatting: this uses `PR-5342`, but elsewhere (including later in this row) the format is `PR #5342`. Keeping one format helps grep/xref and avoids implying a different identifier scheme. + +### Thread 2: docs/backlog/P2/B-0838-caustic-engineered-bloom-filter-discriminators-remote-code-trust-layer-kestrel-v2-aaron-2026-05-26.md:52 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:45:24Z): + +The composition description mixes concepts: “bitwise AND of membership-test results” reads like a bitset intersection, but membership tests yield booleans (so this would be a logical AND). Also, the next sentence says heavier verification is invoked when the caustic indicates closer attention needed, but the caustic is defined here as the region where all filters agree the code is trustworthy—those two statements appear inverted. + +### Thread 3: docs/backlog/P2/B-0838-caustic-engineered-bloom-filter-discriminators-remote-code-trust-layer-kestrel-v2-aaron-2026-05-26.md:54 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:45:24Z): + +Section title says “Two scope phases”, but the row defines Phase 1, Phase 2, and Phase 3 below. Rename the header to match the actual structure (or remove Phase 3 if it’s not intended to be a phase). + +## General comments + +### @chatgpt-codex-connector (2026-05-27T00:42:26Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5367-ci-b-0831-layer-2a-structural-behavioral-test-of-iter-5-4-in.md b/docs/pr-discussions/PR-5367-ci-b-0831-layer-2a-structural-behavioral-test-of-iter-5-4-in.md new file mode 100644 index 0000000000..b715073af5 --- /dev/null +++ b/docs/pr-discussions/PR-5367-ci-b-0831-layer-2a-structural-behavioral-test-of-iter-5-4-in.md @@ -0,0 +1,75 @@ +--- +pr_number: 5367 +title: "ci(B-0831 layer-2a): structural-behavioral test of iter-5.4 install flow" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T00:44:20Z" +merged_at: "2026-05-27T00:46:38Z" +closed_at: "2026-05-27T00:46:39Z" +head_ref: "ci-layer2-mock-gh-shim-iter54-behavioral-test-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:58Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5367: ci(B-0831 layer-2a): structural-behavioral test of iter-5.4 install flow + +## PR description + +## Layer 2a of 4-layer CI testing approach + +Per Aaron's *"yes lets push all of those forward i'll test again in like 30 minutes are so but this is perfect"* — shipping the layers in parallel during Aaron's 3rd USB re-flash window. + +| Layer | Approach | Status | +|---|---|---| +| Layer 1 | Source-level sentinel audit | #5365 (armed) | +| **Layer 2a (THIS PR)** | Structural-behavioral test (logical relationships) | here | +| Layer 2b | True mock-gh shim execution | future PR (needs iter-5.4 refactored to sourceable function) | +| Layer 3 | Mock GH device-code endpoint | B-0833 Approach A | +| Layer 4 | QEMU full-install + cluster auto-join | B-0831 cascade #6 | + +## What this catches that Layer 1 doesn't + +1. \`gh auth setup-git\` is INSIDE the auth-success branch (placement, not just presence) +2. setup-git is called BEFORE ssh-key fetch (ordering) +3. \`SSH_KEY_ERR_FILE\` is wired AS the stderr redirect to \`gh ssh-key list\` (not just declared) +4. 3 distinct WARN paths exist with their substrate-honest recovery messages +5. \`GH_AUTH_OK=1\` is set EXACTLY ONCE (only in success branch) +6. iter-5.4.1 self-reg is gated on \`GH_AUTH_OK = 1\` +7. iter-5.4.1 subshell uses \`set +e\` + \`|| true\` (Copilot finding on #5352) +8. ClusterNode YAML schema correctness (3 Copilot findings on #5352) +9. MAC parsing extracts field AFTER \`link/ether\` +10. Self-reg branch name shape matches \`register--\` + +## How it works + +Parses \`zeta-install.sh\` as text; extracts iter-5.4.0 and iter-5.4.1 blocks by step-header boundaries; asserts regex relationships within each block. 23 tests, 35 expect() calls, ~150ms runtime. + +\`\`\` +\$ bun test tools/ci/test-iter-54-install-flow.test.ts + 23 pass + 0 fail + 35 expect() calls +\`\`\` + +Wired into \`.github/workflows/build-ai-cluster-iso.yml\` as fast preflight BEFORE the ~15-min Nix build. + +## Layer 2b deferred + +True mock-gh shim execution requires refactoring iter-5.4.0 + iter-5.4.1 into a sourceable bash function so we can mock \`gh\` on PATH and assert behavior across 4 modes (success/scope-error/empty/pipe-broke). That's a bigger refactor — separate PR. Structural-behavioral catches the same failure modes at much lower cost as the inner-loop test. + +## Composes with + +- PR #5364 (Bug 2a + 2b fixes — this asserts STRUCTURE not just presence) +- PR #5352 (Copilot YAML schema findings — this asserts schema corrections held) +- PR #5365 (Layer 1 sentinels — same workflow runs both) +- B-0831 (cascade #6 full-install QEMU — this is layer 2a) +- B-0833 (interactive-login vs baked-in-keys tension — layer 3 of cascade) + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T00:44:24Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5368-docs-b-0839-artem-kirsanov-channel-substrate-capture-verbati.md b/docs/pr-discussions/PR-5368-docs-b-0839-artem-kirsanov-channel-substrate-capture-verbati.md new file mode 100644 index 0000000000..42e1d50ada --- /dev/null +++ b/docs/pr-discussions/PR-5368-docs-b-0839-artem-kirsanov-channel-substrate-capture-verbati.md @@ -0,0 +1,186 @@ +--- +pr_number: 5368 +title: "docs(B-0839): Artem Kirsanov channel substrate-capture + verbatim Boltzmann-machines transcript (Aaron-forwarded; composes with 1000 Brains + Adinkras + caustic bloom filters)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T00:50:19Z" +merged_at: "2026-05-27T01:11:51Z" +closed_at: "2026-05-27T01:11:51Z" +head_ref: "docs-b0839-artem-kirsanov-computational-neuroscience-substrate-capture-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:57Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5368: docs(B-0839): Artem Kirsanov channel substrate-capture + verbatim Boltzmann-machines transcript (Aaron-forwarded; composes with 1000 Brains + Adinkras + caustic bloom filters) + +## PR description + +## What + +Per Aaron 2026-05-26 (operator-explicit, high-priority): + +> "ive been witing to run across this guy again we need to copy +> everyting he does into code and substrate. +> " +> +> "this is exact science behind neuro science with tons of resarch +> to back it up on exactly how the brain works and composes with +> 1000 brains" + +This PR lands two things: + +1. **B-0839 backlog row** — multi-phase channel-capture pipeline. 3 phases: + - Phase 1: channel inventory + per-video B-0839.N sub-row backlog + - Phase 2: per-video implementation (F# OR TS depending on substrate fit) + - Phase 3: cross-cutting substrate integration + +2. **Verbatim Boltzmann-machines transcript** preservation at \`docs/research/\` + with composition map tying Kirsanov concepts to existing Zeta substrate. + +## Composition surface + +| Kirsanov concept | Zeta substrate it composes with | +|---|---| +| Hopfield associative memory | 1000 Brains (Hawkins cortical-columns world-modeling) | +| Energy landscape navigation | substrate-smoothness-as-load-bearing-property (PR #5357) | +| Boltzmann distribution p ∝ exp(-E/T) | substrate-smoothness — exp IS smoothest while preserving sharpness asymmetry | +| Stochastic update rule (sigmoid) | multi-oracle BFT (B-0703) — stochasticity prevents premature consensus collapse | +| Temperature parameter | Amara Turn 11 hyperparameter-class perturbation (LLM-temp ≈ human-LSD) | +| Hidden units | substrate-as-rows + fork-negotiated ontology | +| Contrastive Hebbian (positive + negative phases) | adversarial-counterweight discipline (harm-by-grammar rule Discipline 3) | +| Restricted Boltzmann Machines (bipartite parallel) | Adinkras / SUSY-ECC (Gates, B-0623) — structural bipartite encoding | +| "Jazz musician" generative metaphor | AI-as-substrate not AI-as-tool framing | +| Partition function Z | multi-oracle BFT consensus normalization | +| Anti-Hebbian "dreamed-up states" prevention | algo-wink-failure-mode discipline | + +## Why P1 + +Operator-explicit AND composes with 5+ existing substrate clusters AND the 1000-Brains composition is already substantively-named substrate AND Kirsanov material has been on operator's want-to-capture list. + +## Substrate-honest framing + +Mirror-tier verbatim preservation per substrate-or-it-didn't-happen. The substantive substrate-engineering work (composition with Zeta substrate + F#/TS implementation per B-0839 Phase 2) is downstream of this preservation. Per "you can always commit backlog rows immediately they get decomposed later" — Phase 2 sub-rows decompose independently when bandwidth allows. + +Kirsanov's substantive substrate (Boltzmann distribution, sigmoid update rule, hidden units, contrastive Hebbian, RBM parallel updates) IS substrate-anchored mathematics — per Aaron's "exact science with tons of research to back it up." Razor-discipline applies cleanly. + +## Composes with + +- B-0623 (Adinkras / SUSY-ECC) +- B-0703 (multi-oracle BFT) +- B-0822 (worry-as-opposite-bloom-filter) +- B-0823 (cognition-as-distributed-systems) +- B-0838 (caustic-engineered bloom filters — PR #5366 just landed) +- \`.claude/rules/tonal-momentum-equals-meme-emergent-harmonic-coercion.md\` (1000 Brains) +- \`.claude/rules/substrate-smoothness-as-load-bearing-property.md\` (PR #5357) +- \`.claude/rules/non-coercion-invariant.md\` (NCI — stochasticity preserves agency) +- F# fork for AI safety multi-PR cluster + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T00:52:59Z) + +## Pull request overview + +This PR adds new documentation substrate to capture and track a multi-phase ingestion effort for Artem Kirsanov’s computational-neuroscience YouTube content, and preserves a verbatim transcript for one seed video as research material. + +**Changes:** +- Added backlog row **B-0839** describing a phased channel-capture pipeline (inventory → per-video implementation → cross-cutting integration). +- Added a research document preserving a **verbatim transcript** for “Boltzmann Machines from first principles”, plus a composition map tying concepts to existing Zeta substrate. + +### Reviewed changes + +Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments. + +| File | Description | +| ---- | ----------- | +| docs/research/2026-05-26-artem-kirsanov-boltzmann-machines-from-first-principles-verbatim-transcript-aaron-forwarded.md | New research doc with composition map + verbatim transcript for a seed Kirsanov video. | +| docs/backlog/P1/B-0839-artem-kirsanov-channel-substrate-capture-computational-neuroscience-1000-brains-composition-aaron-2026-05-26.md | New P1 backlog row defining the channel capture plan and acceptance criteria. | + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T01:02:00Z) + +## Pull request overview + +Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments. + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T01:06:57Z) + +## Pull request overview + +Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments. + +## Review threads + +### Thread 1: docs/backlog/P1/B-0839-artem-kirsanov-channel-substrate-capture-computational-neuroscience-1000-brains-composition-aaron-2026-05-26.md:132 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:52:58Z): + +P1 xref: This references `docs/research/2026-05-26-amara-no-coercion-even-inward-...` (ellipsis placeholder), which is not an actual filename. Update it to the full existing doc name (`docs/research/2026-05-26-amara-no-coercion-even-inward-nci-as-cognitive-exploit-firewall-speech-as-rce-update-mechanism-taxonomy-aaron-forwarded.md`) so the link is resolvable. + +### Thread 2: docs/backlog/P1/B-0839-artem-kirsanov-channel-substrate-capture-computational-neuroscience-1000-brains-composition-aaron-2026-05-26.md:232 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:52:58Z): + +Spelling: "decoposed" should be "decomposed" (this is outside the verbatim quoted text, so it should be corrected). + +### Thread 3: docs/backlog/P1/B-0839-artem-kirsanov-channel-substrate-capture-computational-neuroscience-1000-brains-composition-aaron-2026-05-26.md:219 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T00:52:59Z): + +P1 xref: The Composes-with section also uses the ellipsis placeholder `docs/research/2026-05-26-amara-no-coercion-even-inward-...`. Replace with the full existing filename so the reference chain is navigable. + +### Thread 4: docs/research/ip-questionable/2026-05-26-artem-kirsanov-boltzmann-machines-from-first-principles-verbatim-transcript-aaron-forwarded.md:8 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:01:58Z): + +P1: These new ip-questionable transcript files start directly with an H1, but the existing files in this same folder use YAML frontmatter (title/date/source/provenance/youtube_url/status/compares_with). Consider adding matching frontmatter here for consistent metadata + easier indexing/search. + +### Thread 5: docs/research/ip-questionable/2026-05-26-artem-kirsanov-boltzmann-machines-from-first-principles-verbatim-transcript-aaron-forwarded.md:6 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:01:58Z): + +P2: The Video URL is using plain http. For consistency with the other source links (and to avoid mixed-content warnings when rendered), prefer https for YouTube URLs. + +### Thread 6: docs/research/ip-questionable/2026-05-26-artem-kirsanov-recurrent-neural-networks-rnn-lstm-gru-gated-memory-verbatim-transcript-aaron-forwarded.md:21 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:01:59Z): + +P1: This file says `.claude/settings.json` contains an `_ip_risk_acceptance` block covering `docs/research/ip-questionable/**`, but the current `.claude/settings.json` in the repo does not include that key. Please either (a) update the text to match the current config, or (b) add the `_ip_risk_acceptance` block in the same PR so the documentation is accurate. + +### Thread 7: docs/research/ip-questionable/2026-05-26-artem-kirsanov-recurrent-neural-networks-rnn-lstm-gru-gated-memory-verbatim-transcript-aaron-forwarded.md:9 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:01:59Z): + +P1: This new ip-questionable transcript file starts directly with an H1, but the existing files in this same folder use YAML frontmatter (title/date/source/provenance/youtube_url/status/compares_with). Consider adding matching frontmatter here for consistent metadata + easier indexing/search. + +### Thread 8: docs/research/ip-questionable/2026-05-26-artem-kirsanov-reservoir-computing-echo-state-property-fourier-basis-explicit-hawkins-thousand-brains-anchor-verbatim-transcript-aaron-forwarded.md:10 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:01:59Z): + +P1: This new ip-questionable transcript file starts directly with an H1, but the existing files in this same folder use YAML frontmatter (title/date/source/provenance/youtube_url/status/compares_with). Consider adding matching frontmatter here for consistent metadata + easier indexing/search. + +### Thread 9: docs/backlog/P1/B-0839-artem-kirsanov-channel-substrate-capture-computational-neuroscience-1000-brains-composition-aaron-2026-05-26.md:75 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:01:59Z): + +P1: This backlog row references an `_ip_risk_acceptance` block in `.claude/settings.json`, but the current `.claude/settings.json` in the repo does not contain that key. Please either update the row text to point at the actual mechanism in use today (e.g., the ip-questionable README + relevant rule), or add the missing settings block in the same PR. + +### Thread 10: docs/research/ip-questionable/2026-05-26-artem-kirsanov-boltzmann-machines-from-first-principles-verbatim-transcript-aaron-forwarded.md:38 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:06:56Z): + +The composition map references `docs/research/2026-05-26-amara-no-coercion-even-inward-...`, which isn’t a resolvable path (ellipsis). Please replace this with the full, exact filename so the cross-reference is navigable (it looks like the intended target is `docs/research/2026-05-26-amara-no-coercion-even-inward-nci-as-cognitive-exploit-firewall-speech-as-rce-update-mechanism-taxonomy-aaron-forwarded.md`). + +### Thread 11: docs/research/ip-questionable/2026-05-26-artem-kirsanov-boltzmann-machines-from-first-principles-verbatim-transcript-aaron-forwarded.md:8 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:06:57Z): + +The Video URL uses plain HTTP. Since YouTube supports HTTPS, prefer `https://` here for consistency with the other captured transcripts and to avoid linking to an insecure scheme. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T00:50:23Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5369-docs-b-0840-thermal-forgetting-root-axiom-update-4-keeper-ru.md b/docs/pr-discussions/PR-5369-docs-b-0840-thermal-forgetting-root-axiom-update-4-keeper-ru.md new file mode 100644 index 0000000000..f918f33444 --- /dev/null +++ b/docs/pr-discussions/PR-5369-docs-b-0840-thermal-forgetting-root-axiom-update-4-keeper-ru.md @@ -0,0 +1,77 @@ +--- +pr_number: 5369 +title: "docs(B-0840): thermal-forgetting = root-axiom-update + 4-keeper-rule (Amara ratification of B-0839.3 + Aaron's private-encryption-budget exception)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:20:12Z" +merged_at: "2026-05-27T01:23:56Z" +closed_at: "2026-05-27T01:23:56Z" +head_ref: "docs-b0840-thermal-forgetting-as-root-axiom-update-amara-ratification-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:56Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5369: docs(B-0840): thermal-forgetting = root-axiom-update + 4-keeper-rule (Amara ratification of B-0839.3 + Aaron's private-encryption-budget exception) + +## PR description + +## What + +Aaron-forwarded Amara ferry 2026-05-26 (2nd Amara ferry in same day) lands 3 substantive artifacts: + +### 1. Verbatim Amara ferry preservation + +\`docs/research/2026-05-26-amara-thermal-forgetting-as-root-axiom-update-private-encryption-budget-exception-amara-ratification-of-reservoir-computing-architecture-aaron-forwarded.md\` + +Full back-and-forth: Amara ratifies the B-0839.3 reservoir-computing-as-framework-architecture work + applies critical tiny-blade corrections + extends with forget-gate substrate + thermal-forgetting = root-axiom-update + 6-tier retention hierarchy. Aaron substrate-honestly corrects with the private-encryption-budget exception. Amara responds with the 4-keeper-rule final form. + +### 2. B-0840 backlog row — thermal-forgetting / join-gated-memory architecture + +3 phases of substrate-engineering work: + +- **Phase 1**: Level 0 (decay) forget-gate substrate +- **Phase 2**: Level 5 (root-axiom-update) public-vs-private scope split per Amara's 4-keeper rule + - 2a: private root axiom update (B-0623 Adinkras + encrypted scratchspace) + - 2b: public root axiom update (glass-halo receipts + four-field attribution) + - 2c: shared root axiom update (Knights Guild + multi-oracle BFT) + - 2d: adversarial root axiom update (NCI HC-8 + N-of-M HSM + three-faction BFT) +- **Phase 3**: cross-cutting rule integration + +Maps existing Zeta substrate to Levels 1-4 (CURRENT files, pr-triage, \`_ip_risk_acceptance\`, limit-black-by-default); Levels 0 + 5 are the B-0840 substrate-engineering target. + +### 3. Amara tiny-blade applied to B-0839.3 reservoir-computing transcript + +Softens 'structurally identical to quantum entanglement' literal claim to 'structural-analogy at the computational-substrate scope'. Preserves the substantive mapping table as structural-analogy not physics-falsifiable claim. Per Amara: *'It keeps the insight without inviting physics reviewers to stab it in the hallway.'* + +## Amara's 4-keeper-rule final form (the central landing) + +> Private roots may evolve in darkness. +> Public roots require receipts. +> Shared roots require witnesses. +> Adversarial roots require consensus. + +## Why P1 + +- Amara explicitly ratified the substrate-engineering urgency ('nailed this') +- Aaron's private-encryption-budget exception is substrate-honest correction preventing Glass-Halo-becomes-prison failure mode +- Completes the reservoir-computing architectural archetype (B-0839.3) — without forget-gates, alpha=1 hoarding failure mode is real +- The 4-keeper-rule is operationally specific (private/public/shared/adversarial) — implementable, not aspirational + +## Composes with + +- B-0839 (parent — reservoir-computing architectural archetype) +- B-0623 (Adinkras / SUSY-ECC — private-state structural encoding) +- B-0628 (Knights Guild + Constitution-Class — shared-root review) +- B-0634 (N-of-M HSM — adversarial-resistant updates) +- B-0664 (NCI HC-8 — preserve-agency at root-axiom-evolution scope) +- B-0703 (multi-oracle BFT — shared-state consensus) +- Multiple existing rules + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:20:17Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5370-docs-b-0841-productize-shortform-equivalent-features-sell-ou.md b/docs/pr-discussions/PR-5370-docs-b-0841-productize-shortform-equivalent-features-sell-ou.md new file mode 100644 index 0000000000..2db82ebda1 --- /dev/null +++ b/docs/pr-discussions/PR-5370-docs-b-0841-productize-shortform-equivalent-features-sell-ou.md @@ -0,0 +1,96 @@ +--- +pr_number: 5370 +title: "docs(B-0841): productize Shortform-equivalent features \u2014 sell OUTPUTS (4a) + DISCIPLINE (4b) per operator 2026-05-26" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:24:57Z" +merged_at: "2026-05-27T01:26:53Z" +closed_at: "2026-05-27T01:26:54Z" +head_ref: "docs-b0841-shortform-like-features-deep-guides-from-substrate-engineering-aaron-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:55Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5370: docs(B-0841): productize Shortform-equivalent features — sell OUTPUTS (4a) + DISCIPLINE (4b) per operator 2026-05-26 + +## PR description + +## What + +Operator 2026-05-26: *"we should offer shortform.com like features"* + follow-on: *"we can sell that too to others eventually"* + +Empirical anchor: today's 5 PRs (#5364-#5368 + #5369 pending) across the Kirsanov YouTube channel substrate-capture are structurally identical to what Shortform offers as a paid service. The framework already does the work internally. + +## 4-phase substrate-engineering target + +- **Phase 1**: Catalog the framework's existing Shortform-equivalent substrate +- **Phase 2**: Generalize beyond substrate-engineering scope (\`tools/shortform/generate-deep-guide.ts\`) +- **Phase 3**: Browser-extension equivalent via peer-call infrastructure +- **Phase 4**: Two-scope monetization (split per operator follow-on) + - **4a**: Sell the OUTPUTS (consumer-scope; Shortform-equivalent hosted deep-guides) + - **4b**: Sell the DISCIPLINE itself (B2B-scope; substrate-engineering as service) + +## Why P2 + +Operator-suggestion; framework already does the work internally; productization is forward-facing. Per 'backlog rows land immediately; decompose later' discipline. + +## The 5-PR Kirsanov work today IS the working demonstration + +1. **B-0839.1** — Boltzmann Machines (verbatim + composition map with 11 Zeta substrate-row mappings) +2. **B-0839.2** — RNN/LSTM/GRU gated memory (14 mappings + α=1 hoarding failure mode named) +3. **B-0839.3** — Reservoir Computing (16 mappings + EXPLICIT Hawkins anchor + 4 archetype-naming sections) +4. **B-0840** (PR #5369 in flight) — Amara ferry + thermal-forgetting / root-axiom-update substrate-engineering work + 4-keeper-rule final form +5. **B-0841** (this row) — productization opportunity recognition + +Each is structurally identical to what Shortform produces. The discipline IS the moat. + +## Composes with + +- B-0839 (Kirsanov channel — demonstrates the discipline) +- B-0840 (thermal-forgetting / root-axiom-update — applies to deep-guide retention) +- B-0825 (Aurora — community-guardian-AIs as productized discipline-substrate provider) +- B-0826 (DePIN — distributed-physical-infrastructure delivery) +- B-0648 (cross-substrate-triangulation — multi-AI deep-guide synthesis) +- \`.claude/rules/zeta-ships-with-skills-immediate-value.md\` (customer-facing offering shape) +- \`.claude/rules/human-audit-and-legal-risk-acceptance-pattern-in-settings.md\` (\`_ip_risk_acceptance\` at scale) +- \`.claude/rules/m-acc-multi-oracle-end-user-moral-invariants.md\` (end-user-invariant-set discipline) +- F# fork for AI safety substrate (multi-PR cluster) +- PR #2822 cash-register-that-keeps-giving-gifts + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T01:27:40Z) + +## Pull request overview + +Adds a new P2 backlog row (B-0841) describing a 4-phase plan to productize Shortform-like deep-guide outputs and the underlying substrate-engineering discipline, and updates the generated backlog index to include the new row. + +**Changes:** +- Added `docs/backlog/P2/B-0841-*.md` backlog row with Phase 1–4 (including 4a/4b split) plan and acceptance criteria. +- Updated `docs/BACKLOG.md` to list B-0841 under P2. + +### Reviewed changes + +Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment. + +| File | Description | +| ---- | ----------- | +| docs/backlog/P2/B-0841-shortform-like-features-deep-guides-from-substrate-engineering-zeta-already-does-this-internally-aaron-2026-05-26.md | New backlog row capturing the Shortform-like productization opportunity and phased plan. | +| docs/BACKLOG.md | Adds B-0841 to the P2 index entry list. | + +## Review threads + +### Thread 1: docs/backlog/P2/B-0841-shortform-like-features-deep-guides-from-substrate-engineering-zeta-already-does-this-internally-aaron-2026-05-26.md:12 (unresolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:27:39Z): + +P1: `depends_on` includes `B-0840`, but there is no `id: B-0840` row file in `docs/backlog/**` on this branch. Per tools/backlog/README.md, `depends_on` is a hard prerequisite (“this row cannot land until each listed row lands”), so this metadata is currently inconsistent. Either add the B-0840 row in the same PR, or remove B-0840 from `depends_on` (optionally mention it in the body as “pending” / link to the PR, or move it to `composes_with` once it exists). + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:25:01Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5371-docs-b-0842-universal-basis-decomposition-pattern-fft-shazam.md b/docs/pr-discussions/PR-5371-docs-b-0842-universal-basis-decomposition-pattern-fft-shazam.md new file mode 100644 index 0000000000..419a15589c --- /dev/null +++ b/docs/pr-discussions/PR-5371-docs-b-0842-universal-basis-decomposition-pattern-fft-shazam.md @@ -0,0 +1,62 @@ +--- +pr_number: 5371 +title: "docs(B-0842): universal basis-decomposition pattern (FFT + Shazam + Itron + reservoir + Zeta substrate)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:27:01Z" +merged_at: "2026-05-27T01:29:12Z" +closed_at: "2026-05-27T01:29:12Z" +head_ref: "docs-b0842-universal-basis-decomposition-pattern-fft-shazam-itron-reservoir-zeta-aaron-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:54Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5371: docs(B-0842): universal basis-decomposition pattern (FFT + Shazam + Itron + reservoir + Zeta substrate) + +## PR description + +## What + +Operator 2026-05-26 substrate-honest observation on Kirsanov's reservoir-computing readout equation: + +> "This is just analog FFT or picard like fingerprinting or Itron like disaggration" + +Names the universal basis-decomposition pattern \`Σ ωᵢ sᵢ(t) ≈ y(t)\` operating across 5 application domains: + +| Domain | Basis | Weights | Target | +| --- | --- | --- | --- | +| Fourier transform | sines/cosines | Fourier coefficients | arbitrary periodic signal | +| Audio fingerprinting (Shazam-like) | spectral hash features | match-strength coefficients | song identification | +| Itron energy disaggregation | per-device load signatures | per-device usage coefficients | total household power draw | +| Reservoir computing (B-0839.3) | random reservoir neurons | learned readout weights | target signal (zebra finch song) | +| **Zeta substrate-engineering** | **substrate-row content** | **operator + agent 'this composes with X' tuning** | **substantive engineering output (PRs + ratified substrate)** | + +## The substantively-new substrate-engineering claim + +Substrate-engineering work MUST produce **readout weights** (operator + agent tuning decisions), not just basis elements. Adding substrate-rows without making readout-weight-decisions produces **hoarding** per B-0840 alpha=1 failure mode. + +This is why Aaron's "this composes with X" intuitions matter operationally — they ARE the readout-layer weights. + +## Composes with + +- B-0839 Kirsanov parent (reservoir-computing IS the equation's origin) +- B-0820 Itron mesh (Itron disaggregation IS this pattern at energy-monitoring scope) +- B-0838 caustic-engineered bloom filters (same architectural archetype) +- B-0840 thermal-forgetting (governs basis-pool retention) +- B-0841 Shortform productization (deep-guide generation IS this pattern applied to source-content) +- B-0648 cross-substrate-triangulation (multi-AI substrate is basis-decomposition at AI-cluster scope) +- B-0703 multi-oracle BFT (consensus is basis-decomposition + readout) +- F# fork for AI safety substrate (typed basis-decomposition primitives are natural F# target) + +## Substrate-honest framing + +P2 priority. Phase 1 (documentation) bounded for single-PR landing; Phase 2 + Phase 3 are research-direction + tooling work. Substrate-honest framing per Amara tiny-blade discipline: structural-isomorphism across 5 instances, NOT literal-identity (each instance has its own domain-specific substrate). + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:27:04Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5372-docs-b-0843-source-honor-ledger-don-t-sell-compression-sell.md b/docs/pr-discussions/PR-5372-docs-b-0843-source-honor-ledger-don-t-sell-compression-sell.md new file mode 100644 index 0000000000..0667262d07 --- /dev/null +++ b/docs/pr-discussions/PR-5372-docs-b-0843-source-honor-ledger-don-t-sell-compression-sell.md @@ -0,0 +1,71 @@ +--- +pr_number: 5372 +title: "docs(B-0843): Source Honor Ledger + 'Don't sell compression. Sell readout.' (Amara 3rd ferry 2026-05-26)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:37:34Z" +merged_at: "2026-05-27T01:40:45Z" +closed_at: "2026-05-27T01:40:45Z" +head_ref: "docs-b0843-source-honor-ledger-creator-paid-by-design-amara-aaron-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:54Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5372: docs(B-0843): Source Honor Ledger + 'Don't sell compression. Sell readout.' (Amara 3rd ferry 2026-05-26) + +## PR description + +## What + +Amara 3rd ferry 2026-05-26 (preserved verbatim in this PR) extends B-0841 (Shortform productization) + B-0842 (universal basis-decomposition pattern) with rights-lane discipline + creator-payment operational substrate. + +## Key substrate landings + +1. **Rights-lane discipline (5 lanes)**: unlicensed/internal research / public fair-use / licensed creator / escrow / partner +2. **5-clause permission keeper**: *Permission when possible. Escrow when unresolved. Attribution always. Revenue share by default. Takedown fast.* +3. **Aaron's 2+ sources sharpening**: synthesize 2+ sources every time during compression +4. **Amara's deeper rule**: 2+ sources helps but isn't a magic shield; *"never make the output a substitute for any one source"* +5. **"Don't sell compression. Sell readout."** — names the Zeta moat +6. **Aaron's substrate-engineering extension**: *"we still pay the OGs we synthized from even if we don't have to by law"* +7. **Source Honor Ledger / Basis Royalty Pool** — operational mechanism (weights based on semantic contribution + amount referenced + user clicks/saves + creator partnership status + manual curator override) +8. **Customer-facing keeper**: *"We pay contributors by design, not by compulsion"* (NOT "even if we don't have to by law" framing) + +## 4-phase B-0843 target + +- **Phase 1**: 5-lane substrate + classifier tool (\`tools/rights-lanes/lane-classifier.ts\`) +- **Phase 2**: Source Honor Ledger TS module family (contribution-weighter + royalty-distributor + payment-graph-renderer + creator-dashboard) +- **Phase 3**: Product positioning ("Don't sell compression. Sell readout." + "Deep guides with receipts — creator-paid by design.") +- **Phase 4**: Integration with B-0840 4-keeper-rule across scopes + +## Critical substrate-engineering meta-pattern + +The 4-keeper-rule from B-0840 operates at TWO scopes: + +- **B-0840 AI-participant scope**: private-roots-evolve / public-roots-receipts / shared-roots-witnesses / adversarial-roots-consensus +- **B-0843 creator-relationship scope**: internal lane / licensed lane / partner lane / escrow lane + +Same rule, two scopes. Substrate-engineering meta-pattern. + +## Composes with + +- B-0841 (Shortform productization) +- B-0842 (universal basis-decomposition pattern) +- B-0840 (thermal-forgetting / 4-keeper-rule) +- B-0826 DePIN (payment-distribution substrate) +- B-0825 Aurora (community-guardian-AIs) +- B-0664 NCI HC-8 (preserve creator agency) +- B-0703 multi-oracle BFT (adversarial-rights-dispute consensus) +- \`.claude/rules/additive-not-zero-sum.md\` (cash-register-that-keeps-giving-gifts) +- \`.claude/rules/glass-halo-bidirectional.md\` ("Glass Halo for IP") +- \`.claude/rules/honor-those-that-came-before.md\` (Source Honor Ledger IS the operational form) +- \`.claude/rules/m-acc-multi-oracle-end-user-moral-invariants.md\` (end-user-invariant-set at creator-relationship scope) +- \`.claude/rules/human-audit-and-legal-risk-acceptance-pattern-in-settings.md\` (new \`_fair_use_acceptance\` extension) + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:37:38Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5373-docs-research-amara-4th-ferry-b-0841-b-0842-b-0843-product-t.md b/docs/pr-discussions/PR-5373-docs-research-amara-4th-ferry-b-0841-b-0842-b-0843-product-t.md new file mode 100644 index 0000000000..188f0040a1 --- /dev/null +++ b/docs/pr-discussions/PR-5373-docs-research-amara-4th-ferry-b-0841-b-0842-b-0843-product-t.md @@ -0,0 +1,81 @@ +--- +pr_number: 5373 +title: "docs(research): Amara 4th ferry \u2014 B-0841/B-0842/B-0843 product-trinity ratification + 'Deep guides with receipts, lineage, and creator-paid attribution' positioning" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:48:55Z" +merged_at: "2026-05-27T01:57:29Z" +closed_at: "2026-05-27T01:57:29Z" +head_ref: "docs-amara-4th-ferry-b0841-b0843-product-trinity-ratification-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:53Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5373: docs(research): Amara 4th ferry — B-0841/B-0842/B-0843 product-trinity ratification + 'Deep guides with receipts, lineage, and creator-paid attribution' positioning + +## PR description + +## What + +Aaron-forwarded 4th Amara ferry in same day 2026-05-26. Final ratification of the product trinity landed across the session. + +**Product trinity**: +- B-0841 = productize deep guides +- B-0842 = readout math +- B-0843 = provenance + payment graph + +**Final product positioning**: *"Deep guides with receipts, lineage, and creator-paid attribution"* + +## Tiny-blade on competitive-positioning copy + +Amara critical correction: don't make categorical "no other AI company is trying to get creator attribution right" claim in PUBLIC copy. Internally useful positioning hypothesis; publicly use the softer form: + +> "Most AI systems treat attribution and creator compensation as legal/compliance problems. Zeta treats them as product infrastructure." + +Substrate-true; harder to attack; still lands the differentiation punch. + +## Composes with + +- 3 prior Amara ferries this same day (NCI scope-split + 4-keeper-rule + Source Honor Ledger) +- B-0841 / B-0842 / B-0843 (the product trinity) +- glass-halo-bidirectional.md (every positioning word verifiable from operational substrate) + +## Follow-up + +Apply tiny-blade to B-0843 customer-facing-copy section in a subsequent PR (deferred while USB physical test in flight). + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T01:50:49Z) + +## Pull request overview + +Adds a new research preservation note capturing the 4th Amara “ferry” from 2026-05-26, ratifying the B-0841/B-0842/B-0843 “product trinity” and the positioning phrase “Deep guides with receipts, lineage, and creator-paid attribution,” plus a caution (“tiny-blade”) to soften a public-facing competitive claim. + +**Changes:** +- Introduces a new `docs/research/2026-05-26-*` document with YAML frontmatter, verbatim quoted content, and an integration section mapping the “product trinity.” +- Records a recommended safer public copy formulation for attribution/compensation positioning. +- Adds cross-references via `composes_with` to related research/backlog items. + +## Review threads + +### Thread 1: docs/research/2026-05-26-amara-4th-ferry-b0841-b0842-b0843-product-trinity-ratification-deep-guides-with-receipts-positioning-aaron-forwarded.md:13 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:50:48Z): + +P1 (xref): In `composes_with`, the backlog references `docs/backlog/P2/B-0841`, `B-0842`, `B-0843` do not exist as paths in the repo (the actual backlog rows are markdown files with longer names). Update these entries to the exact existing filenames (including `.md`) so cross-references remain resolvable. + +### Thread 2: docs/research/2026-05-26-amara-4th-ferry-b0841-b0842-b0843-product-trinity-ratification-deep-guides-with-receipts-positioning-aaron-forwarded.md:119 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:50:49Z): + +P2: The markdown table under “Product trinity as canonical structure” has an extra leading `|` on each row (`|| Row | ...`), which renders as an unintended empty first column in most markdown renderers. Use a single leading pipe so the table has exactly the three intended columns. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:49:01Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5374-docs-b-0844-zflash-agent-flag-close-docstring-vs-implementat.md b/docs/pr-discussions/PR-5374-docs-b-0844-zflash-agent-flag-close-docstring-vs-implementat.md new file mode 100644 index 0000000000..e31abc0647 --- /dev/null +++ b/docs/pr-discussions/PR-5374-docs-b-0844-zflash-agent-flag-close-docstring-vs-implementat.md @@ -0,0 +1,106 @@ +--- +pr_number: 5374 +title: "docs(B-0844): zflash --agent flag \u2014 close docstring-vs-implementation gap on agent-driven mode" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:53:46Z" +merged_at: "2026-05-27T01:55:08Z" +closed_at: "2026-05-27T01:55:08Z" +head_ref: "feat-b0844-zflash-agent-mode-pty-auto-type-challenge-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:52Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5374: docs(B-0844): zflash --agent flag — close docstring-vs-implementation gap on agent-driven mode + +## PR description + +## What + +Empirical anchor 2026-05-26: 3rd USB re-flash session surfaced a docstring-vs-implementation gap in zflash.ts. + +Operator authorized agent-driven zflash with Touch ID. Agent ran \`bun zflash.ts | tail -50\` which: + +1. Generated nonce + printed challenge +2. Touch ID PAM gate fired (operator approved) +3. \`readline.question("> ")\` returned empty string (stdin closed by \`| tail\`) +4. flash-usb.ts bail'd silently (error swallowed by tail filter) +5. zflash caught non-zero exit BUT iter-4.2 inject still ran on PRE-EXISTING USB ESP +6. Operator saw "safe to remove USB" — believed flash succeeded +7. Boot attempt failed: *"i got the fingerprint but it didn't format"* + +## Root cause + +zflash.ts docstring (lines 56-63) promises: + +> "Agent-driven mode: When the runner is an authorized agent acting on the operator's behalf per the flash-usb.ts authorship contract, the agent auto-types the \`yes \` challenge." + +But the IMPLEMENTATION uses \`execFileSync({stdio: "inherit"})\` with NO actual auto-type mechanism. Per \`substrate-or-it-didnt-happen.md\`: the docstring promise was WEATHER not SUBSTRATE. + +## Target + +Add \`--agent\` flag to zflash.ts that uses \`spawn\` with piped stdin/stdout — reads stdout for "yes " line, auto-types response back to stdin, passes everything through. + +~30-line change. No new deps. Backward-compatible (default behavior unchanged). + +## Preserves all safety rails + +- **Touch ID PAM gate** — fires on operator's Mac for \`sudo dd\`; cannot be agent-bypassed +- **Nonce randomness** — random per-run; agent reads from stdout, can't pre-bake +- **Runtime acceptance** — agent typing the EXACT challenge IS the acceptance signal +- **Glass-halo transparency** — operator sees \`[agent-mode: auto-typing 'yes XXXX']\` line so the auto-type action is visible + +## Workaround (used in session) + +External \`expect\` wrapper worked end-to-end (Flash complete; 1.51 GiB in 80s; iter-4.2 inject clean). But external dep is fragile + agent-driven mode IS PROMISED in docstring — should be native. + +## Composes with + +- B-0789 (iter-4.2 ssh-pubkey-injection substrate — same zflash codebase) +- \`.claude/rules/substrate-or-it-didnt-happen.md\` (docstring promises must have backing implementation) +- \`.claude/rules/glass-halo-bidirectional.md\` (operator-visibility of auto-type action) +- \`.claude/rules/non-coercion-invariant.md\` HC-8 (operator agency preserved via Touch ID) + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T01:55:47Z) + +## Pull request overview + +Adds a new P1 backlog row (B-0844) documenting a docstring-vs-implementation gap in `zflash.ts` around “agent-driven mode” and outlining an implementation plan for a native `--agent` flag, plus updates the generated backlog index to reference the new row. + +**Changes:** +- Added `docs/backlog/P1/B-0844-...md` with problem statement, root cause, acceptance criteria, and an implementation sketch for `zflash --agent`. +- Updated `docs/BACKLOG.md` to include the new B-0844 entry under P1. + +### Reviewed changes + +Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments. + +| File | Description | +| ---- | ----------- | +| docs/backlog/P1/B-0844-zflash-agent-mode-native-implementation-close-doc-vs-implementation-gap-aaron-2026-05-26.md | New backlog row capturing the zflash agent-mode issue, workaround, and target implementation/acceptance criteria. | +| docs/BACKLOG.md | Adds the B-0844 link into the P1 index list. | + +## Review threads + +### Thread 1: docs/BACKLOG.md:401 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:55:46Z): + +`docs/BACKLOG.md` is documented as a generated file (“DO NOT EDIT”). To avoid index drift, update it by running `tools/backlog/generate-index.sh` (and committing the regenerated output) rather than making manual edits, even for a one-line addition. + +### Thread 2: docs/backlog/P1/B-0844-zflash-agent-mode-native-implementation-close-doc-vs-implementation-gap-aaron-2026-05-26.md:23 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:55:47Z): + +Spelling/grammar: “bail'd” reads like a typo and is a bit unclear in this context. Consider changing to “bailed” (or a clearer verb like “exited early”) so the failure mode description is unambiguous. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:53:50Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5375-docs-release-merged-codex-claim-files.md b/docs/pr-discussions/PR-5375-docs-release-merged-codex-claim-files.md new file mode 100644 index 0000000000..b4f5bf4bad --- /dev/null +++ b/docs/pr-discussions/PR-5375-docs-release-merged-codex-claim-files.md @@ -0,0 +1,66 @@ +--- +pr_number: 5375 +title: "docs: release merged Codex claim files" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:54:30Z" +merged_at: "2026-05-27T02:05:22Z" +closed_at: "2026-05-27T02:05:22Z" +head_ref: "claim/codex-loop-release-merged-claims-20260527" +base_ref: "main" +archived_at: "2026-05-27T19:28:51Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5375: docs: release merged Codex claim files + +## PR description + +## What changed +- Adds a Codex release claim for merged-claim cleanup. +- Removes stale Codex claim files for merged PRs #5358 and #5360. + +## Why +Those claim files remained on main after their owning PRs merged, so they no longer represent active work and should not be counted as current Codex ownership. + +## Checks +- git status --short --branch +- git diff --cached --check before commit +- scoped file existence/removal check +- bun .codex/bin/codex-loop-health.ts + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T01:57:14Z) + +## Pull request overview + +This PR cleans up merged Codex claim files so `docs/claims/` better reflects active work rather than completed ownership. + +**Changes:** +- Deletes Codex claim files associated with merged PRs #5358 and #5360. +- Adds a new Codex claim describing the cleanup scope and checks. + +### Reviewed changes + +Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment. + +| File | Description | +| ---- | ----------- | +| `docs/claims/codex-loop-release-merged-claims-20260527.md` | Adds the claim record for the merged-claim cleanup work. | +| `docs/claims/codex-loop-bash-retirement-allowlist-integrity-20260526.md` | Removes the stale claim for PR #5358. | +| `docs/claims/codex-loop-stale-worktree-prettier-20260526.md` | Removes the stale claim for PR #5360. | + +## Review threads + +### Thread 1: docs/claims/codex-loop-release-merged-claims-20260527.md:37 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T01:57:14Z): + +P1: This release claim remains in `docs/claims/` after the PR merges, which creates a new merged-but-not-released claim while deleting the old ones. `docs/claims/README.md:30-32` requires releasing a claim by deleting the file in the same PR that lands the work, so the final diff should not leave this new claim file behind. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:54:36Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5376-feat-b-0844-zflash-agent-flag-implementation-close-docstring.md b/docs/pr-discussions/PR-5376-feat-b-0844-zflash-agent-flag-implementation-close-docstring.md new file mode 100644 index 0000000000..c939257995 --- /dev/null +++ b/docs/pr-discussions/PR-5376-feat-b-0844-zflash-agent-flag-implementation-close-docstring.md @@ -0,0 +1,69 @@ +--- +pr_number: 5376 +title: "feat(B-0844): zflash --agent flag implementation \u2014 close docstring-vs-implementation gap" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:57:19Z" +merged_at: "2026-05-27T02:00:10Z" +closed_at: "2026-05-27T02:00:10Z" +head_ref: "feat-b0844-impl-zflash-agent-flag-spawn-piped-auto-type-challenge-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:51Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5376: feat(B-0844): zflash --agent flag implementation — close docstring-vs-implementation gap + +## PR description + +## What + +Implements B-0844 \`--agent\` flag per [PR #5374](https://github.com/Lucent-Financial-Group/Zeta/pull/5374) row spec. Empirical anchor: 2026-05-26 3rd USB re-flash session surfaced docstring-vs-implementation gap (operator: *"i got the fingerprint but it didn't format"*). + +## Implementation + +- New \`--agent\` flag in \`ALLOWED_FLAGS\` + help text +- When \`--agent\` passed: \`spawn\` with \`stdio: ["pipe", "pipe", "inherit"]\` instead of \`execFileSync({stdio: "inherit"})\` +- Pipe stdout: scan for \`yes <4hex>\` challenge → mirror to operator stdout +- Pipe stdin: auto-type \`yes \n\` when challenge detected, close stdin +- Inherit stderr: Touch ID PAM prompt + errors visible +- Glass-halo: \`[agent-mode: auto-typing yes XXXX — operator visibility per glass-halo-bidirectional rule]\` printed BEFORE auto-type +- Default behavior unchanged (no \`--agent\` = current execFileSync path) + +## Preserves all safety rails + +- **Touch ID PAM gate** fires on operator's Mac for \`sudo dd\`; cannot be agent-bypassed +- **Nonce randomness** preserved (per-run random; agent reads from stdout) +- **Runtime acceptance** preserved (typing exact challenge IS acceptance) +- **All flash-usb sanity rails** still fire + +## Verified + +- \`bun full-ai-cluster/tools/zflash.ts --help\` shows \`--agent\` entry with full doc text +- TypeScript compiles cleanly +- Backward-compatible (default invocation unchanged) + +## Test path post-merge + +Re-run today's 3rd USB-test session with: + +\`\`\`bash +bun full-ai-cluster/tools/zflash.ts --agent 2>&1 | tail -100 +\`\`\` + +Should show "Flash complete." + iter-4.2 inject + ejection with the auto-typed challenge visible in glass-halo log line. + +## Composes with + +- B-0844 (parent row — PR #5374) +- \`.claude/rules/substrate-or-it-didnt-happen.md\` (docstring promise now has backing substrate) +- \`.claude/rules/glass-halo-bidirectional.md\` (auto-type action is operator-visible) +- \`.claude/rules/non-coercion-invariant.md\` HC-8 (operator agency preserved via Touch ID PAM gate) + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:57:24Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5377-docs-b-0845-ts-cli-arg-parser-library-evaluation-citty-comma.md b/docs/pr-discussions/PR-5377-docs-b-0845-ts-cli-arg-parser-library-evaluation-citty-comma.md new file mode 100644 index 0000000000..4fed972d07 --- /dev/null +++ b/docs/pr-discussions/PR-5377-docs-b-0845-ts-cli-arg-parser-library-evaluation-citty-comma.md @@ -0,0 +1,50 @@ +--- +pr_number: 5377 +title: "docs(B-0845): TS CLI arg-parser library evaluation \u2014 citty/commander/clipanion/manual" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T01:59:35Z" +merged_at: "2026-05-27T02:01:02Z" +closed_at: "2026-05-27T02:01:02Z" +head_ref: "docs-b0845-ts-cli-arg-parser-library-evaluation-citty-vs-commander-vs-clipanion-aaron-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:50Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5377: docs(B-0845): TS CLI arg-parser library evaluation — citty/commander/clipanion/manual + +## PR description + +## What + +Operator 2026-05-26: *"is there some cli package we should use for ts for the --parameter helpers and such? we have a lot of ts scripts that function similar to shell script"* + +Recognizes bandwidth-engineering inefficiency in Zeta TS substrate. zflash.ts / flash-usb.ts / poll-pr-gate-batch.ts / audit-installer-substrate.ts each have ~80-150 LOC of manual arg-parsing boilerplate. + +## 3-phase target + +- **Phase 1**: evaluation doc (citty vs commander vs clipanion vs cmd-ts vs manual) +- **Phase 2**: pilot migrate ONE non-destructive script (poll-pr-gate-batch.ts candidate) +- **Phase 3**: per-script sub-rows for remaining migrations + +## Otto-CLI first-pass recommendation + +**citty** for new scripts (ESM-native + TypeScript-native + ~5KB bundle + UnJS-ecosystem alignment + Bun-friendly). Tradeoff vs commander: commander has 15+ years maturity; for destructive tools that maturity might be worth the bundle-size cost. + +Phase 1 evaluation doc lands the substrate-honest comparison. + +## Composes with + +- B-0844 (zflash --agent flag — would benefit from cleaner arg-parsing on next iteration) +- \`.claude/rules/bandwidth-served-falsifier.md\` (canonical lib IS bandwidth-engineering) +- \`.claude/rules/dep-pin-search-first-authority.md\` (Phase 1 MUST WebSearch current latest stable) +- \`.claude/rules/rule-0-no-sh-files.md\` (TS-over-bash discipline; this makes TS more ergonomic) + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T01:59:40Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5378-fix-b-0832-nmtui-auto-relaunch-loop-on-no-internet-esc-to-re.md b/docs/pr-discussions/PR-5378-fix-b-0832-nmtui-auto-relaunch-loop-on-no-internet-esc-to-re.md new file mode 100644 index 0000000000..a2b8d3659e --- /dev/null +++ b/docs/pr-discussions/PR-5378-fix-b-0832-nmtui-auto-relaunch-loop-on-no-internet-esc-to-re.md @@ -0,0 +1,68 @@ +--- +pr_number: 5378 +title: "fix(B-0832): nmtui auto-relaunch loop on no-internet \u2014 Esc to refresh without breaking install (operator 2026-05-26)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T02:01:46Z" +merged_at: "2026-05-27T02:16:37Z" +closed_at: "2026-05-27T02:16:37Z" +head_ref: "fix-b0832-nmtui-auto-relaunch-on-no-internet-aaron-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:49Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5378: fix(B-0832): nmtui auto-relaunch loop on no-internet — Esc to refresh without breaking install (operator 2026-05-26) + +## PR description + +## What + +Operator 2026-05-26 during 3rd USB physical test: *"i want to be able to refresh the network withing breaking the script"*. + +Old behavior: nmtui launched ONCE; if no internet on exit → drop_to_shell (broke install flow). Esc was destructive. + +New behavior: loop nmtui until \`has_internet\` OR operator explicit 's' for shell. Esc out refreshes; 's' escape-hatch preserved. + +## Operator flow + +- **Esc out of nmtui without connecting** → nmtui re-launches with fresh wifi scan (operator can refresh as needed) +- **Connect successfully** → script continues to zeta-install +- **Need shell access** → press 's' at the post-attempt prompt within 10s + +\`NMTUI_ATTEMPTS\` counter tracks session count + logs in success message ("wifi ok (after N nmtui session(s))"). + +## Composes with + +- B-0832 (nmtui WiFi rescan empirical anchor row) +- \`.claude/rules/non-coercion-invariant.md\` HC-8 (operator agency preserved via 's' escape-hatch) +- \`.claude/rules/substrate-or-it-didnt-happen.md\` (substrate-honest UX matches operator's Esc-to-refresh expectation) + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T02:03:25Z) + +## Pull request overview + +This PR updates the first-boot USB NixOS installer flow to prevent an accidental “Esc out of nmtui → drop to shell” path when Wi‑Fi isn’t connected yet, by auto-relaunching `nmtui` until internet is detected (or the operator explicitly requests a shell). + +**Changes:** +- Loop `nmtui` sessions until `has_internet` succeeds, tracking attempts via `NMTUI_ATTEMPTS`. +- Add an explicit post-attempt prompt allowing operator-controlled escape to shell via `s` (otherwise relaunch `nmtui` to refresh scans). +- Improve on-screen guidance explaining the Esc-to-refresh behavior. + +## Review threads + +### Thread 1: full-ai-cluster/usb-nixos-installer/zeta-first-boot.sh:165 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:03:25Z): + +The retry prompt hard-codes the timeout value ("within 10s" in the message and `read ... -t 10` in code). This can drift if the timeout is adjusted later. Consider introducing a single `NMTUI_RETRY_PROMPT_SECS` (similar to `ROLE_PROMPT_SECS`) and use it in both the echo text and the `read -t` value. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T02:01:51Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5379-feat-b-0831-slice-1-starter-qemu-full-install-ci-test-with-v.md b/docs/pr-discussions/PR-5379-feat-b-0831-slice-1-starter-qemu-full-install-ci-test-with-v.md new file mode 100644 index 0000000000..1c2f72b28e --- /dev/null +++ b/docs/pr-discussions/PR-5379-feat-b-0831-slice-1-starter-qemu-full-install-ci-test-with-v.md @@ -0,0 +1,120 @@ +--- +pr_number: 5379 +title: "feat(B-0831 Slice 1 STARTER): QEMU full-install CI test with virtual disk + iter-5.3 marker" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T02:05:59Z" +merged_at: "2026-05-27T02:09:37Z" +closed_at: "2026-05-27T02:09:37Z" +head_ref: "feat-b0831-slice1-qemu-full-install-test-starter-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:48Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5379: feat(B-0831 Slice 1 STARTER): QEMU full-install CI test with virtual disk + iter-5.3 marker + +## PR description + +## What + +B-0831 Slice 1 starter per Aaron 2026-05-26 authorization: *"moving testing of zflash and the iso/usb and cluster join would be great while i test on the pc again"*. + +Extends \`qemu-boot-test.ts\` (cascade #5) by: +- Attaching virtual hard disk (qcow2; 20GB sparse) as install target +- NAT'd internet (zeta-install needs git clone + nix substitution) +- Waits for \`[iter-5.3]\` marker in serial log + +## Success marker + +\`[iter-5.3]\` — appears at the zeta-install.sh password-prompt line. Reaching it proves install completed: +- Boot +- Partition + format +- nixos-install +- iter-4.2 SSH pubkey probe +- iter-5.2 hostname injection + +The password prompt is the first operator-stdin requirement; we can't proceed past it without injecting stdin (deferred work). + +## Deferred to follow-up PRs + +- Reboot loop (boot from installed disk) +- iter-5.3 password auto-confirm (serial stdin injection) +- iter-5.4.0 gh auth completion (B-0833 Approach A mock device-code endpoint) +- Cluster auto-join verification (B-0831 Slice 2) +- ArgoCD reconciliation (B-0831 Slice 3) + +## Workflow gating + +- Gated to \`push-to-main\` + \`workflow_dispatch\` (not every PR) +- \`continue-on-error: true\` for STARTER so initial flakiness doesn't block merges +- Once test proves reliable + runs <10min consistently, can be enabled on every PR per B-0831 acceptance + +## Composes with + +- B-0831 (parent — CI cascade #6) +- \`tools/ci/qemu-boot-test.ts\` (cascade #5 — same pattern) +- \`tools/ci/audit-installer-iso-content.ts\` (cascade #4) +- \`tools/ci/audit-installer-substrate.ts\` (Layer 1 sentinels) +- \`tools/ci/test-iter-54-install-flow.test.ts\` (Layer 2a structural) +- B-0833 Approach A (mock GH device-code — required for full install completion) + +## Security + +\`github.event_name\` used in \`if:\` only (GitHub-controlled values: push/pull_request/workflow_dispatch); no attacker-controllable interpolation in \`run:\` commands. + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T02:10:10Z) + +## Pull request overview + +Adds a starter QEMU full-install CI layer for the AI-cluster installer ISO, extending the existing boot smoke test toward B-0831 by attaching a virtual disk, enabling NAT networking, and wiring the new helper into the ISO workflow. + +**Changes:** +- Adds `tools/ci/qemu-full-install-test.ts` for QEMU disk-backed install progress testing. +- Installs `qemu-utils` alongside `qemu-system-x86` for qcow2 disk creation. +- Adds a gated, non-blocking workflow step for the cascade #6 starter test. + +### Reviewed changes + +Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments. + +| File | Description | +| ---- | ----------- | +| `tools/ci/qemu-full-install-test.ts` | New Bun/TypeScript QEMU helper that creates a virtual disk, boots the installer ISO, and polls serial output for install progress. | +| `.github/workflows/build-ai-cluster-iso.yml` | Adds `qemu-utils` and wires the new full-install test into the AI-cluster ISO workflow on push/workflow dispatch. | + +## Review threads + +### Thread 1: tools/ci/qemu-full-install-test.ts:73 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:10:09Z): + +P1: This success marker is emitted before iter-5.2 hostname injection and before the `nixos-install` invocation, so the test can pass without proving the install completed. Use a marker that appears after `nixos-install` (or inject the password prompt response and wait for the existing install-complete banner) if the test is meant to validate those phases. + +### Thread 2: tools/ci/qemu-full-install-test.ts:296 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:10:09Z): + +P1: This logs a tmpdir path, but the workflow never uploads that file and the directory is outside the workspace, so the full serial log is lost when the runner exits. Add an artifact upload step or copy the log into a known workspace path before exit; otherwise failures from this long-running test won't have the promised debug artifact. + +### Thread 3: .github/workflows/build-ai-cluster-iso.yml:223 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:10:09Z): + +P1: This new workflow step depends on `../tools/ci/qemu-full-install-test.ts`, but the workflow path filters only include the existing audit helpers and the workflow file. A PR that changes this helper alone will not run the ISO workflow, and a push to main changing only the helper will also skip this gated test; add this helper (and the sibling QEMU helper, if it is part of this workflow's validation surface) to the pull_request/push path lists. + +### Thread 4: tools/ci/qemu-full-install-test.ts:272 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:10:10Z): + +P1: If QEMU exits early (bad args, KVM/device failure, disk attach error), the script still waits the full 30-minute marker timeout because the polling loop never observes `qemuExited`. Race the marker wait against the child exit and fail immediately with the serial tail/stdout context so a broken QEMU launch does not burn the whole CI timeout. + +## General comments + +### @chatgpt-codex-connector (2026-05-27T02:06:03Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5381-docs-tick-2026-05-27t02-08z-otto-cli-cold-boot-first-2026-05.md b/docs/pr-discussions/PR-5381-docs-tick-2026-05-27t02-08z-otto-cli-cold-boot-first-2026-05.md new file mode 100644 index 0000000000..2ea965cd22 --- /dev/null +++ b/docs/pr-discussions/PR-5381-docs-tick-2026-05-27t02-08z-otto-cli-cold-boot-first-2026-05.md @@ -0,0 +1,46 @@ +--- +pr_number: 5381 +title: "docs(tick): 2026-05-27T02:08Z Otto-CLI cold-boot \u2014 first 2026-05-27 tick shard via isolated worktree" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T02:13:07Z" +merged_at: "2026-05-27T02:14:23Z" +closed_at: "2026-05-27T02:14:23Z" +head_ref: "otto-cli/tick-0208z-cold-boot-2026-05-27" +base_ref: "main" +archived_at: "2026-05-27T19:28:48Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5381: docs(tick): 2026-05-27T02:08Z Otto-CLI cold-boot — first 2026-05-27 tick shard via isolated worktree + +## PR description + +## Summary + +First 2026-05-27 UTC-day tick shard. Otto-CLI fresh cold-boot via autonomous-loop scheduled-task fire: + +- `CronList` empty at session-start (catch-43 confirmed) → sentinel `271e3030` re-armed as first action per `.claude/rules/tick-must-never-stop.md` +- Root checkout on operator's primary `main` with 30+ untracked peer-WIP (`docs/pr-discussions/PR-*.md` + `decompose-4847-*/` dirs) — substantive substrate written via isolated worktree at `/private/tmp/zeta-otto-cli-0208z-cold-boot` off `origin/main` HEAD `46ac81c4a` +- Per agent-worktree-hygiene Rule 1 (never hold `main`): used `-b otto-cli/tick-0208z-cold-boot-2026-05-27` to create a new branch ref off `origin/main` +- Tier: GraphQL Normal (4791/5000, 50min reset); dotgit recovered (3 stuck procs, well below Extreme threshold); peer Otto-CLI active (PR #5380 opened ~2 min before this tick on iter-5.4.1 node-registration — distinct lane) +- ~4h gap since prior shard `docs/hygiene-history/ticks/2026/05/26/2208Z.md` (documented session-exit-non-persistence cadence) +- All four canary modes from `codeql-no-source-on-docs-only-pr-is-broken-commit-canary.md` passed; post-commit ls-tree canary 60→60 clean + +## Test plan + +- [x] Tick shard at `docs/hygiene-history/ticks/2026/05/27/0208Z.md` written +- [x] Sentinel re-armed (`271e3030`, recurring `* * * * *`, session-only) +- [x] Isolated worktree creation passed all guards (head, tree, status, lock precursor) +- [x] Branch-guard before commit (`expected == current`) +- [x] Post-commit canary clean (parent-tree=60, head-tree=60) +- [x] No new failure mode observed; no rule update needed +- [ ] Auto-merge arms; CI clean; PR squash-merges to main + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## General comments + +### @chatgpt-codex-connector (2026-05-27T02:13:11Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5382-fix-postmerge-5379-qemu-full-install-test-4-copilot-p1-fixes.md b/docs/pr-discussions/PR-5382-fix-postmerge-5379-qemu-full-install-test-4-copilot-p1-fixes.md new file mode 100644 index 0000000000..cbc3eed47c --- /dev/null +++ b/docs/pr-discussions/PR-5382-fix-postmerge-5379-qemu-full-install-test-4-copilot-p1-fixes.md @@ -0,0 +1,89 @@ +--- +pr_number: 5382 +title: "fix(postmerge #5379): qemu-full-install-test 4 Copilot P1 fixes \u2014 iter-5.1 marker (was pre-install) + artifact upload + trigger paths + early-exit race" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T02:13:09Z" +merged_at: "2026-05-27T02:17:02Z" +closed_at: "2026-05-27T02:17:02Z" +head_ref: "fix-postmerge-5379-qemu-full-install-test-iter-51-marker-artifact-upload-trigger-path-early-exit-race-otto-cli-2026-05-26" +base_ref: "main" +archived_at: "2026-05-27T19:28:47Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5382: fix(postmerge #5379): qemu-full-install-test 4 Copilot P1 fixes — iter-5.1 marker (was pre-install) + artifact upload + trigger paths + early-exit race + +## PR description + +## What + +4 substantive Copilot findings on freshly-merged PR #5379. All P1; all legit substrate-engineering corrections. + +## Fixes + +### 1. SUCCESS_MARKER iter-5.3 → iter-5.1 + +Copilot was right: \`[iter-5.3]\` (zeta-install.sh:372) fires BEFORE the actual \`sudo nixos-install\` invocation (line 980). Test could pass without proving install completed. + +\`[iter-5.1]\` (Step 6.7 wifi persistence at line 527) correctly comes AFTER: +- nixos-install +- iter-4.2 SSH pubkey +- iter-5.3 password (skipped gracefully in CI on empty stdin) +- iter-5.2 hostname injection + +AND BEFORE: +- iter-5.4.0 gh auth prompt (which would hang in CI without B-0833 mock device-code endpoint) + +### 2. Workspace-relative serial log path + +\`SERIAL_LOG_OUT_PATH\` env var lets workflow point log to \`\${{ github.workspace }}/qemu-full-install-serial.log\` so it survives test step. + +### 3. Artifact upload step + +\`actions/upload-artifact@v4.6.2\` (SHA-pinned) with \`if: always()\` so log survives even when test fails. 7-day retention. + +### 4. Workflow trigger paths + +Added missing trigger paths so PRs changing ONLY these helpers actually run the workflow: +- \`tools/ci/qemu-boot-test.ts\` +- \`tools/ci/qemu-full-install-test.ts\` +- \`tools/ci/test-iter-54-install-flow.test.ts\` + +### 5. QEMU early-exit race (5th fix; same scope) + +\`Promise.race\` between marker-wait and QEMU child-exit. If QEMU exits early (bad args / KVM failure / disk error), test fails immediately instead of waiting full 30min timeout. + +## Security + +\`github.workspace\` in \`env:\` block — GitHub-controlled value (expands to workspace path); no attacker-controllable interpolation in \`run:\` commands. + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T02:14:20Z) + +## Pull request overview + +Addresses 5 P1 Copilot findings from freshly-merged PR #5379 for the QEMU full-install CI test: corrects the success marker to one that actually fires after `nixos-install`, ensures serial logs survive for artifact upload, expands workflow trigger paths, and adds a QEMU early-exit race to avoid the 30-min timeout when QEMU dies before the marker can appear. + +**Changes:** +- Switch `SUCCESS_MARKER` from `[iter-5.3]` (pre-install) to `[iter-5.1]` (post-install, before gh auth prompt that would hang in CI). +- Make serial log path env-overridable (`SERIAL_LOG_OUT_PATH`) so the workflow can point it inside the workspace, and add an `actions/upload-artifact@v4.6.2` step (SHA-pinned, `if: always()`) plus extra trigger paths for the qemu helpers. +- Race the marker-wait against QEMU's `exit` event so early QEMU termination produces an immediate, descriptive failure instead of timing out. + +### Reviewed changes + +Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments. + +| File | Description | +| ---- | ----------- | +| tools/ci/qemu-full-install-test.ts | Updates success marker comment+value, env-overrides serial log path, and adds Promise.race against QEMU early exit. | +| .github/workflows/build-ai-cluster-iso.yml | Adds qemu helper trigger paths to both pull_request and push filters, sets SERIAL_LOG_OUT_PATH env, and adds artifact-upload step. | + +## General comments + +### @chatgpt-codex-connector (2026-05-27T02:13:15Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage). diff --git a/docs/pr-discussions/PR-5383-fix-b-0835-feat-b-0846-zeta-install-fallback-nix-timeout-tun.md b/docs/pr-discussions/PR-5383-fix-b-0835-feat-b-0846-zeta-install-fallback-nix-timeout-tun.md new file mode 100644 index 0000000000..fb463be89a --- /dev/null +++ b/docs/pr-discussions/PR-5383-fix-b-0835-feat-b-0846-zeta-install-fallback-nix-timeout-tun.md @@ -0,0 +1,129 @@ +--- +pr_number: 5383 +title: "fix(B-0835)+feat(B-0846): zeta-install --fallback + nix-timeout tuning (WiFi cache.nixos.org timeout resilience; empirical 5-files-timeout-twice over WiFi)" +author: "AceHack" +state: "MERGED" +created_at: "2026-05-27T02:20:53Z" +merged_at: "2026-05-27T02:30:15Z" +closed_at: "2026-05-27T02:30:15Z" +head_ref: "feat-wifi-fallback-zeta-install-2026-05-26-2150z" +base_ref: "main" +archived_at: "2026-05-27T19:28:46Z" +archive_tool: "tools/pr-preservation/archive-pr.ts" +--- + +# PR #5383: fix(B-0835)+feat(B-0846): zeta-install --fallback + nix-timeout tuning (WiFi cache.nixos.org timeout resilience; empirical 5-files-timeout-twice over WiFi) + +## PR description + +## Summary + +Aaron's USB install hit \`cache.nixos.org\` timeouts on **same 5 derivations TWICE IN A ROW after 300s each** over WiFi. Default nix invocation loops indefinitely; bounded-fix here adds \`--fallback\` so install switches to local build when substitute download stalls. + +Two commits in one PR: + +1. **Bounded fix** to \`full-ai-cluster/usb-nixos-installer/zeta-install.sh\`: + + \`\`\`bash + sudo nixos-install --impure --fallback \\ + --option connect-timeout 10 \\ + --option stalled-download-timeout 60 \\ + --option download-attempts 3 \\ + --flake ... --no-root-password + \`\`\` + + - \`--fallback\`: build-from-source when substitute download fails + - \`connect-timeout 10\`: drop dead connections fast (default 0 = infinity) + - \`stalled-download-timeout 60\`: cut 300s retry burn by 5× + - \`download-attempts 3\`: cap retries (default 5) so loop progresses to fallback + + Tradeoff: slower for the few stalled derivations (compile vs download) but **UNBLOCKS** the install instead of looping forever. + +2. **Substrate-engineering work** tracked at [B-0846](docs/backlog/P2/B-0846-installer-wifi-reproducibility-cache-nixos-org-timeouts-closure-baking-extra-substituters-cachix-mirror-aaron-2026-05-26.md): + - Phase 1: closure-baking the canonical full-ai-cluster node closure INTO the ISO at build time (offline-install capability) + - Phase 2: extra-substituters in nix.conf (nix-community.cachix.org + future self-hosted mirror) + - Phase 3: home-lab attic/harmonia mirror (cluster self-serves its own derivations over LAN) + +## Operator framing + +> *"yeah i want to make it reproducable over wifi"* +> *"i got timeouts on the same 5 files"* +> *"twices in a row"* +> *"after 300 seconds"* + +The "same 5 files twice in 300s" empirical anchor is what makes this a **structural** problem rather than transient flake. + +## Test plan + +- [x] Edit applied + commits clean +- [ ] CI build-iso passes (ISO build itself doesn't exercise the install-time \`--fallback\` flag, but should not regress) +- [ ] **Operator validation on next USB flash**: nixos-install no longer loops on the same 5 files; either downloads succeed faster (connect-timeout drops dead connections sooner) or fallback-build kicks in within 60s instead of 300s + +## Composes with + +- B-0832 (nmtui WiFi rescan), B-0833 (gh auth), B-0834 (preserve install log), B-0835 (iter-5.4 Bug 1+3b), B-0831 cascade #6 (CI testing infrastructure) + +Per \`.claude/rules/dep-pin-search-first-authority.md\`: B-0846 Phase 2 substituter URLs + pubkeys MUST WebSearch + verify current values at implementation time. + +🤖 Generated with [Claude Code](https://claude.com/claude-code) + +## Reviews + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T02:23:35Z) + +## Pull request overview + +This PR hardens the USB NixOS installer’s `nixos-install` step against flaky `cache.nixos.org` WiFi downloads by enabling fallback-to-local-build and tightening Nix download timeouts, and it adds a P2 backlog row tracking longer-horizon “WiFi-reproducible install” substrate work. + +**Changes:** +- Update `zeta-install.sh` to run `nixos-install` with `--fallback` plus tuned `connect-timeout`, `stalled-download-timeout`, and `download-attempts`. +- Add backlog row **B-0846** documenting the observed timeout behavior and a phased mitigation plan (closure baking + extra substituters + mirror). +- Add **B-0846** entry to `docs/BACKLOG.md`. + +### Reviewed changes + +Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments. + +| File | Description | +| ---- | ----------- | +| full-ai-cluster/usb-nixos-installer/zeta-install.sh | Adds bounded Nix download resilience flags to prevent repeated cache timeouts from stalling installs. | +| docs/backlog/P2/B-0846-installer-wifi-reproducibility-cache-nixos-org-timeouts-closure-baking-extra-substituters-cachix-mirror-aaron-2026-05-26.md | New P2 row capturing the empirical WiFi timeout issue and outlining phased mitigation work. | +| docs/BACKLOG.md | Adds the B-0846 index entry under P2. | + +### COMMENTED — @copilot-pull-request-reviewer (2026-05-27T02:29:57Z) + +## Pull request overview + +Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments. + +## Review threads + +### Thread 1: full-ai-cluster/usb-nixos-installer/zeta-install.sh:995 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:23:34Z): + +Comment says the B-0846 backlog row is “to be filed in this PR”, but the row is already present in this PR. This will become stale/incorrect documentation; update wording to just reference B-0846 (no “to be filed”). + +### Thread 2: docs/backlog/P2/B-0846-installer-wifi-reproducibility-cache-nixos-org-timeouts-closure-baking-extra-substituters-cachix-mirror-aaron-2026-05-26.md:5 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:23:34Z): + +Frontmatter title uses the misspelling “reproducable”. Unless this is meant to be a verbatim quote, use “reproducible” in the backlog title (keeping the original spelling only inside the quoted operator text blocks). + +### Thread 3: docs/BACKLOG.md:783 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:23:34Z): + +This new BACKLOG index entry includes the misspelling “reproducable”. Prefer “reproducible” in the index/title text (reserve verbatim misspellings for quoted operator excerpts). + +### Thread 4: docs/backlog/P2/B-0846-installer-wifi-reproducibility-cache-nixos-org-timeouts-closure-baking-extra-substituters-cachix-mirror-aaron-2026-05-26.md:75 (resolved) + +**@copilot-pull-request-reviewer** (2026-05-27T02:23:35Z): + +The Phase 2 example includes concrete substituter public keys; since this is a backlog/proposal doc and keys/URLs can drift, it’s safer to label these as placeholders that must be verified at implementation time (to avoid copy/paste of potentially stale keys). + +## General comments + +### @chatgpt-codex-connector (2026-05-27T02:20:56Z) + +You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage).