Reactor 3 ⇄Terminal ⛶
⬆ updev/
Pick a file in Files to edit it here.
Terminal
       1 #!/usr/bin/env bash
       2 # aiq-mac-recover — BREAK-GLASS full-access SSH to the Mac build machine.
       3 #
       4 # Uses the recovery key that lives ENCRYPTED in the gcloud vault (never on disk in
       5 # plaintext). Works from ANY box with the user's gcloud auth — so it survives deletion
       6 # of the Hetzner reactor box. The build machine's Hetzner key is locked to build-only;
       7 # THIS is the unrestricted way back in.
       8 #
       9 #   aiq-mac-recover                 # open a full-access shell on the Mac
      10 #   aiq-mac-recover <command...>    # run a command with full access
     … +37 lines 

 Install and test the break-glass — it should decrypt the vault, extract the recovery key, and get me full access on the Mac (exercising the whole
  recovery path):

  Ran 1 shell command 

 Break-glass verified end-to-endaiq-mac-recover decrypted the vault, pulled the recovery key, and got full shell on the Mac. This path needs only
  your gcloud auth, so it survives the Hetzner box being deleted. Let me commit it and record the whole anti-lockout design:

  Ran 1 shell command 

 Committed (3bc90d7). The anti-lockout is complete and verified — the single most important part given your lockout fear. Let me record the security
  design in memory before I build the gate:

 Misting… (11m 54s · ↓ 45.2k tokens)
  ⎿  Tip: Use /btw to ask a quick side question without interrupting Claude's current work

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── continue-conversation ──
❯ 

⏵⏵ bypass permissions on (shift+tab to cycle) · ← for agents · esc to interrupt
FilesEditorTerminal