Add 2fa: Zig port of rsc/2fa two-factor authentication agent

[Copilot]

Ports rsc/2fa to Zig as a new src/bin/2fa.zig binary — a CLI tool for managing TOTP/HOTP two-factor authentication codes stored in ~/.2fa.

Algorithms

• Base32 decode (RFC 4648) — case-insensitive, padding optional
• HOTP (RFC 4226) — HMAC-SHA1 + dynamic truncation via std.crypto.auth.hmac.HmacSha1
• TOTP (RFC 6238) — HOTP with counter = ⌊unix_time / 30⌋

CLI

2fa --add [-7|-8] [--hotp] name   # prompt for base32 secret, append to ~/.2fa
2fa --list                         # list key names
2fa [--clip] [name]                # show code(s); all TOTP keys if no name

Short flags: -a/-l/-c/-7/-8/-t

Keychain format (~/.2fa)

Compatible with rsc/2fa's file format:

github totp JBSWY3DPEHPK3PXP
work 7hotp JBSWY3DPEHPK3PXP 42

Lines: name [7|8]totp|[7|8]hotp base32secret [counter]. HOTP counter is incremented and persisted on each code display.

Tests

9 unit tests covering RFC 4648 base32 vectors, all 10 RFC 4226 Appendix D HOTP vectors, zero-padded code formatting, keychain parsing, and keyTypeString.

Build

Added "2fa" to buildBinaries() in build.zig, wiring up run-2fa, install-2fa, and test-2fa steps.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• cs.opensource.google
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)
• ziglang.org
  • Triggering command: /usr/bin/curl curl -s REDACTED -o /tmp/zig.tar.xz --max-time 60 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>2fa port</issue_title>
<issue_description>https://github.com/rsc/2fa</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes 2fa port #49

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[Copilot]

Pull request overview

This PR adds a new 2fa binary — a Zig port of rsc/2fa — implementing a CLI tool for managing TOTP/HOTP two-factor authentication codes stored in ~/.2fa. It includes base32 decoding, HOTP/TOTP computation, keychain file I/O, clipboard support, and unit tests.

Changes:

• New src/bin/2fa.zig implementing the full 2FA CLI (add, list, show codes with optional clipboard copy).
• Registration of the 2fa binary in build.zig's buildBinaries() list.
• 9 unit tests covering base32 decoding, HOTP vectors, code formatting, keychain parsing, and type-string generation.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
src/bin/2fa.zig	New binary implementing TOTP/HOTP 2FA agent with CLI, keychain file management, and tests.
build.zig	Adds "2fa" to the binary list so it gets run-, install-, and test- build steps.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[jiacai2050]

@copilot fix conflict.

[Copilot]

@copilot fix conflict.

Merged main into the branch in f5aea90, incorporating the fastfetch and progress binaries. The conflict in build.zig is resolved — all three new binaries now appear in buildBinaries().