Open Source

AgenticBlockTransfer — A Better dd for AI Agents and Humans

Adam Erickson

5 min read
AgenticBlockTransfer — A Better dd for AI Agents and Humans

Today we are releasing AgenticBlockTransfer (abt), an open-source cross-platform disk imaging tool built in Rust that reads, writes, verifies, hashes, and formats block devices via CLI, TUI, and GUI interfaces — with native support for AI agent orchestration through JSON-LD ontology, OpenAPI, and the Model Context Protocol (MCP).

abt is both an agentic-first CLI successor to dd and a human-first GUI/TUI successor to balenaEtcher, Ventoy, Rufus, Fedora Media Writer, and rpi-imager. Simple. Reliable. Safe. Efficient. Fast.

Heritage

abt traces its lineage to IBM's BLock Transfer (BLT) — a mainframe utility for moving data between block-addressable devices. When UNIX adapted the concept, it became Dataset Definition (dd), a tool that has endured for over 50 years as the de facto standard for raw block I/O. The dd interface — terse, powerful, unforgiving — was designed for operators who understood the hardware.

abt carries this heritage forward into an era of AI agents and human-centered design. For AI agents, the CLI exposes a machine-readable JSON-LD ontology so any agentic system can discover, parameterize, and invoke block transfer operations without human documentation. For humans, the TUI and GUI modes provide the guided, safe experience of balenaEtcher and Rufus — device enumeration, format auto-detection, progress visualization, post-write verification — without the 500 MB Electron runtime or platform lock-in.

Why dd Isn't Enough

dd will silently destroy any target — including your boot drive — with zero validation. It has two exit codes (0 and 1), no dry-run mode, and no way to confirm you're writing to the right device. For an AI agent invoking dd, one wrong character in a device path means catastrophic data loss with zero warning and zero undo.

abt is designed from the ground up to prevent this:

  • Pre-flight safety checks — source validation, target existence, system drive blocking, mounted filesystem detection, image size verification, self-write protection, and privilege checks — all before a single byte is written.
  • Three safety levelslow for humans (blocks system drives, interactive confirmation), medium for agents (validates image size, warns on non-removable, requires token or prompt), and high for critical ops (requires confirm token, backs up partition table, restricts to removable media only).
  • Device fingerprints — TOCTOU prevention for agents that enumerate devices and write in separate steps. The device token ensures the target hasn't changed between commands.
  • 10 structured exit codes — not just 0 or 1, but specific codes for safety check failures, verification mismatches, permission errors, source/target issues, size overflows, device changes, and cancellations.
  • Dry-run mode — see exactly what will happen without writing anything, including JSON output for agent consumption.

Features at a Glance

abt ships with an extensive feature set that covers every disk imaging workflow:

  • Multi-format — ISO, IMG, RAW, DMG, VHD, VHDX, VMDK, QCOW2, WIM, FFU with transparent format conversion.
  • Auto-decompression — gz, bz2, xz, zstd, zip detected via magic bytes, not file extensions.
  • Write verification — byte-for-byte read-back with exact mismatch offset reporting, including memory-mapped verification.
  • Multi-algorithm hashing — SHA-256, SHA-512, MD5, BLAKE3, CRC32.
  • HTTP/HTTPS sources — stream images directly from URLs with progress tracking.
  • Sparse writes — skip all-zero blocks for dramatically faster large images.
  • Device cloning — block-level device-to-device copy with inline hashing, sparse optimization, and post-clone verification.
  • Secure erase — 6 methods including ATA Secure Erase, NVMe Sanitize, and TRIM/discard with multi-pass support.
  • Benchmarking suite — sequential read/write throughput at multiple block sizes, IOPS measurement, recommended block size.
  • Differential writes — block-level comparison, only writes changed blocks.
  • Multicast imaging — flash multiple devices simultaneously over UDP multicast.
  • Multi-boot USB — Ventoy-style multi-ISO USB with auto-detected GRUB2 config.
  • Boot sector validation — MBR signature, GPT header, EFI System Partition, and bootloader detection.
  • Raspberry Pi OS catalog — browse the official rpi-imager OS list with search and filtering.

Three Interfaces, One Binary

abt ships as a single binary with three UI modes, feature-gated at compile time:

  • CLI — 25 commands with full shell completions (bash, zsh, fish, PowerShell), man page generation, and structured JSON output.
  • TUI — interactive terminal UI via ratatui with a built-in file browser for guided operation.
  • GUI — native desktop application via egui/eframe with 6 theme presets, drag-and-drop image loading, file dialogs, and OS-native toast notifications on completion.

AI Agent Integration

What truly sets abt apart is its agentic-first design. Three integration modes make abt natively discoverable and operable by AI systems:

  • JSON-LD ontologyabt ontology --full emits a complete JSON-LD capability schema using schema.org vocabulary. An AI agent can call this once to learn everything it needs — parameters, types, constraints, defaults, examples, exit codes, preconditions, postconditions — without reading documentation.
  • OpenAPI schemaabt ontology -f openapi generates an OpenAPI 3.1 spec with 9 endpoints and 12 schemas for REST wrapper integration.
  • MCP server modeabt mcp exposes all capabilities via the Model Context Protocol (JSON-RPC 2.0 over stdio), allowing AI agents to directly invoke operations.

Performance & Reliability Engineering

The I/O engine is built for production reliability on real hardware:

  • Async I/O (io_uring) — Linux kernel 5.1+ with aligned double-buffered pipeline; graceful fallback on other platforms.
  • Zero-copy transfers — splice(2) on Linux, sendfile(2) on macOS/FreeBSD.
  • Parallel decompression — multi-threaded decompression pipeline for bz2/zstd with read-ahead for gz/xz.
  • Inline hashing — hash computed during write, eliminating the need to re-read and re-decompress the source during verification.
  • Lock-free progress — AtomicU8/AtomicU64-based tracking with fully wait-free snapshot reads.
  • Retry with backoff — transient I/O errors retried up to 3× with exponential backoff.
  • Graceful shutdown — Ctrl+C sets an atomic cancel flag; in-flight writes complete the current block, flush, and sync before exit.

Compliance & Formal Verification

abt is built for environments where compliance matters:

  • FIPS compliance mode--fips restricts to FIPS-approved algorithms (SHA-256/SHA-512), OS CSPRNG for erase, TLS 1.2+ minimum, HTTPS-only downloads.
  • Compliance self-assessmentabt compliance runs NIST FIPS 140, SP 800-88, CMMC 2.0 Level 2, and DoD standard checks with JSON output for SIEM integration.
  • Structured audit trail — HMAC-SHA256 integrity-chained security event log per CMMC AU.L2-3.3.1/3.3.8.
  • Sanitization records — NIST SP 800-88 Rev 1 §4.7 compliant certificates for every erase operation.
  • Formal verification — 10 Safety Invariants with Kani proof harnesses, 24 property-based tests, and compile-time static assertions.

Platform Support

abt runs on Linux, macOS, Windows, and FreeBSD with platform-native device enumeration (sysfs/lsblk, diskutil, PowerShell Get-Disk, sysctl/geom) and OS-specific formatting backends. Device scope spans microcontrollers and embedded SPI/I2C/eMMC/MTD, removable USB/SD media, desktop NVMe/SATA drives, and cloud virtual disks and NBD.

Accessibility & Localization

abt includes 16 ARIA roles, a WCAG 2.1 AA high-contrast palette, an announcement queue with screen-reader hints, and keyboard-only mode. Localization covers 12 locales with 4 built-in message catalogs (en/de/fr/es) and auto-detected system locale.

Get Started

Install from crates.io:

cargo install abt

Or build from source (requires Rust 1.70+):

git clone https://github.com/nervosys/AgenticBlockTransfer.git
cd AgenticBlockTransfer
cargo build --release

Then try it:

# List devices
abt list

# Write an image (auto-detects format, decompresses, verifies)
abt write -i ubuntu-24.04.iso -o /dev/sdb

# Export AI ontology
abt ontology --full

# Start MCP server
abt mcp

# Launch the GUI
abt gui

AgenticBlockTransfer is licensed under AGPL-3.0. Commercial licenses are available — contact NERVOSYS, LLC for details.

Check out the project on GitHub. We'd love your feedback!

Per aspera ad astra 🚀

Sign up for more like this.

Enter your email
Subscribe