Reactor 3 ⇄Terminal ⛶
Pick a file in Files to edit it here.
Terminal
       3 #
       4 # Uses the recovery key that lives ENCRYPTED in the gcloud vault (never on disk in
       5 # plaintext). Works from ANY box with the user's gcloud auth — so it survives deletion
       6 # of the Hetzner reactor box. The build machine's Hetzner key is locked to build-only;
       7 # THIS is the unrestricted way back in.
       8 #
       9 #   aiq-mac-recover                 # open a full-access shell on the Mac
      10 #   aiq-mac-recover <command...>    # run a command with full access
     … +37 lines 

 Install and test the break-glass — it should decrypt the vault, extract the recovery key, and get me full access on the Mac (exercising the whole
  recovery path):

  Ran 1 shell command 

 Break-glass verified end-to-endaiq-mac-recover decrypted the vault, pulled the recovery key, and got full shell on the Mac. This path needs only
  your gcloud auth, so it survives the Hetzner box being deleted. Let me commit it and record the whole anti-lockout design:

  Running 1 shell command…
  ⎿  $ cd /root/local_data/user/3/project_aiq_build_machine_one
     rm -f "$CLAUDE_JOB_DIR/tmp/vault_append_editor.sh" "$CLAUDE_JOB_DIR/tmp/aiq_mac_recovery.pub" 2>/dev/null
     git add tools/reactor_control/aiq-mac-recover
     git commit -q -F - <<'MSG'
     recovery: aiq-mac-recover — gcloud-vault break-glass to the M…

 Misting… (10m 45s · ↓ 41.8k tokens)
  ⎿  Tip: Use /btw to ask a quick side question without interrupting Claude's current work

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── continue-conversation ──
❯ 

⏵⏵ bypass permissions on (shift+tab to cycle) · ← for agents · esc to interrupt
FilesEditorTerminal