Summary
Add a simple bugatti totp <secret> CLI command that generates a 6-digit TOTP code from a base32 secret and prints it to stdout.
$ bugatti totp JBSWY3DPEHPK3PXP
482193
Why
Bugatti test steps that interact with GitHub 2FA currently embed inline Python scripts to generate TOTP codes:
python3 -c "import hmac,struct,time,hashlib,base64; k=base64.b32decode('SECRET'); ..."This is fragile (escaping issues in TOML system prompts, format string bugs), requires Python to be installed, and is hard for agents to use reliably. A native bugatti totp command would be simpler and more reliable.
Scope
- Accept a base32-encoded TOTP secret as the single argument
- Generate a standard RFC 6238 TOTP code (SHA1, 6 digits, 30-second period)
- Print the 6-digit code to stdout (zero-padded) and exit
- Exit code 0 on success, non-zero on invalid input
Example usage in a bugatti test step
[[steps]]
instruction = """
Generate a TOTP code by running: bugatti totp $GITHUB_TOTP_SECRET
Enter the 6-digit code into the 2FA input field.
"""
Implementation notes
- Rust has good TOTP crates (
totp-rs, or manual implementation with hmac + sha1 — it's ~20 lines)
- No config or state needed — purely functional, reads secret from argv, writes code to stdout
Summary
Add a simple
bugatti totp <secret>CLI command that generates a 6-digit TOTP code from a base32 secret and prints it to stdout.Why
Bugatti test steps that interact with GitHub 2FA currently embed inline Python scripts to generate TOTP codes:
This is fragile (escaping issues in TOML system prompts, format string bugs), requires Python to be installed, and is hard for agents to use reliably. A native
bugatti totpcommand would be simpler and more reliable.Scope
Example usage in a bugatti test step
Implementation notes
totp-rs, or manual implementation withhmac+sha1— it's ~20 lines)