azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13

Browse Source 
Author: Mike Swanson
Machine: Mikes-MacBook-Air.local
Timestamp: 2026-06-07 12:59:13
This commit is contained in:
Mike Swanson
2026-06-07 12:59:14 -07:00
parent b848e34a8e
commit 0210d66b40
6 changed files with 788 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

361
wiki/clients/wolkin-law.md Normal file
View File

@@ -0,0 +1,361 @@
# Wolkin Law (Robert S. Wolkin, Esq.)
**Client Type:** Legal Services
**Service Model:** Per-incident / Ad-hoc
**Primary Contact:** Robert Wolkin (robert@rswolkin.com)
**Remote Assistant:** Julie (julie@rswolkin.com)
**Syncro ID:** Not documented
**GuruRMM Client:** Wolkin, Robert / Main
**Last Compiled:** 2026-06-07
**Compiled By:** Mikes-MacBook-Air/claude-main
---
## Overview
Solo law practice operated by Robert Wolkin with remote administrative assistance from Julie. Practice operates from a physical office location with a primary workstation (FRONT) and requires remote file access for Julie working from a separate location (RSW-Laptop). Infrastructure is minimal but critical for daily operations, focusing on secure remote file sharing and M365 collaboration.
---
## Current State
### Active Services
- **Remote Access VPN**: ZeroTier mesh network (network 17d709436c834c9b) connecting office and remote workstations
- **File Sharing**: SMB shares from FRONT (Scans, Forms, Pleadings) accessed via persistent network drives on RSW-Laptop
- **M365 Mailbox Delegation**: Julie has FullAccess permissions to Robert's mailbox with AutoMapping enabled
- **GuruRMM Monitoring**: 3 Windows 11 agents enrolled (FRONT, RSW-Laptop, DESKTOP-V1JT1SE)
- **Software Deployment**: Office 365 and Adobe Creative Cloud Desktop being deployed to RSW-Laptop
### Service Delivery Model
Per-incident work with no documented prepaid block or recurring monthly agreement. Work is performed on-demand as needs arise.
### Recent Activity
- **2026-06-07**: ZeroTier VPN deployment, file sharing configuration, M365 mailbox delegation, software installation
---
## Infrastructure
### Network Architecture
#### ZeroTier Mesh VPN
- **Network ID**: `17d709436c834c9b`
- **Network Type**: Private mesh (peer-to-peer)
- **Subnet**: 10.147.19.0/24
- **Purpose**: Secure remote file access between office and remote locations
Connected nodes:
- **FRONT** (office PC): 10.147.19.199, Node ID `0c00b9917a`
- **RSW-Laptop** (remote): 10.147.19.54, Node ID `2a497be947`
DNS resolution provided via hosts file entries on both machines for `FRONT` and `RSW-Laptop` hostnames.
#### Office Network
- **Printer**: RICOH network printer at 172.17.110.110 (Standard TCP/IP Port 9100)
- **Printer Driver**: RICOH PCL6 UniversalDriver V4.33
- **Office Subnet**: 172.17.0.0/16 (assumed based on printer IP)
The office network is NOT routed through ZeroTier; only the office PC participates in the mesh for file sharing purposes. Printer access from remote locations is not currently configured.
### Systems
#### FRONT (Office Workstation)
- **Role**: Primary office workstation, file share host
- **OS**: Windows 11
- **ZeroTier IP**: 10.147.19.199
- **GuruRMM Agent ID**: `04765560-3e8a-46e5-a507-c5f5f4ead6eb`
- **Local User**: julie (Administrator group)
- **Desktop Redirection**: OneDrive (owner's account)
**SMB Shares**:
- `\\FRONT\Scans``C:\Scans`
- `\\FRONT\Forms``C:\Users\Owner\OneDrive\Desktop\Forms`
- `\\FRONT\Pleadings``C:\Users\Owner\OneDrive\Desktop\Pleading Forms and Filing`
- `\\FRONT\RICOH` → RICOH printer share (access issues unresolved)
**Permissions**: Local user `julie` has NTFS FullControl on all shared folders (Scans, Forms, Pleadings).
#### RSW-Laptop (Remote Laptop)
- **Role**: Julie's remote workstation
- **OS**: Windows 11
- **ZeroTier IP**: 10.147.19.54
- **GuruRMM Agent ID**: `043fd673-35a2-4d3d-8f91-ed73ce70cc1e`
- **Local User**: julie (Administrator group)
**Network Drives** (persistent, mapped via `net use` with credentials):
- `S:``\\FRONT\Scans`
- `F:``\\FRONT\Forms`
- `P:``\\FRONT\Pleadings`
**Desktop Shortcuts** (UNC paths for resilience):
- `Scans.lnk``\\FRONT\Scans`
- `Forms.lnk``\\FRONT\Forms`
- `Pleading Forms and Filing.lnk``\\FRONT\Pleadings`
**Software Installed/Deploying**:
- Microsoft 365 (Office Deployment Tool 17830-20162, O365BusinessRetail, 64-bit, silent install in progress)
- Adobe Creative Cloud Desktop 6.0.0.660 (silent install in progress)
#### DESKTOP-V1JT1SE
- **Role**: Personal machine (Bob's personal device)
- **Status**: Out of scope for MSP services
- **GuruRMM**: Enrolled but not managed
### M365 Tenant
**Domain**: rswolkin.com
**Tenant ID**: `ceb6dbe7-82c8-4d8f-9c6b-49aa26208e9b`
**Licensed Users**:
- **robert@rswolkin.com**: Primary user (Robert Wolkin)
- Password: `Alissa16$!` (for Adobe Creative Cloud sign-in)
- **julie@rswolkin.com**: Remote assistant
- Password: `Jaylen0607!`
- Mailbox Permissions: FullAccess to robert@rswolkin.com with AutoMapping enabled
**ComputerGuru MSP Apps**: At least Exchange Operator app is consented (used for mailbox delegation). Other ACG apps (Security Investigator, User Manager, Tenant Admin, Defender Add-on) consent status not documented.
---
## Credentials
All credentials are stored in vault at `clients/wolkin-law/*.sops.yaml` and user profile settings.
### Local Accounts
- **julie** (both FRONT and RSW-Laptop): `Jaylen0607!`
- Role: Administrator on both machines
- Matches M365 password for convenience
### M365 Accounts
- **julie@rswolkin.com**: `Jaylen0607!`
- **robert@rswolkin.com**: `Alissa16$!`
### ZeroTier
- **Network ID**: `17d709436c834c9b`
- **Access**: Managed via ZeroTier Central web console
---
## Known Issues & Limitations
### HIGH: GuruRMM Password Setting Bug
**Discovery Date**: 2026-06-07
**Impact**: Critical - affects user account provisioning
**Status**: Documented in `.claude/memory/feedback_rmm_password_limitation.md`
All password-setting commands executed via GuruRMM (PowerShell `Set-LocalUser`, PowerShell `net user`, CMD `net user`) return exit code 0 and "The command completed successfully" but fail to actually set the password. Verification with `net user <username>` shows "Password required: No" and authentication fails.
**Workaround**: Use ScreenConnect for all password operations. The identical commands work correctly when executed via ScreenConnect, ruling out privilege issues (both run as SYSTEM). The bug is specific to GuruRMM's Windows agent process spawning mechanism.
**Investigation Status**: Requires inspection of GuruRMM agent command execution code. High priority for platform stability.
### MEDIUM: RICOH Printer Access from Remote
**Discovery Date**: 2026-06-07
**Impact**: Medium - printer access from remote location not functional
**Status**: Deferred for later investigation
The RICOH network printer (172.17.110.110) is shared from FRONT as `\\FRONT\RICOH` but the RSW-Laptop receives access denied errors when attempting to connect. The printer is on the office LAN (172.17.0.0/16) which is not routed through ZeroTier.
**Decision Point**: Two options considered:
1. Route entire 172.17.0.0/16 office subnet through ZeroTier (rejected for security/complexity)
2. Fix printer sharing permissions over ZeroTier mesh (chosen approach, not yet resolved)
**Next Steps**: Investigate printer share permissions and credential passthrough behavior over ZeroTier connections.
### LOW: Software Installation Verification Pending
**Status**: In Progress
**Impact**: Low - installations were started and running at session end
Office 365 and Adobe Creative Cloud Desktop installations were initiated on RSW-Laptop via silent installers but were still running in background when the session concluded. Installation completion and software functionality have not been verified.
**Next Steps**:
- Verify Office 365 installation completed successfully
- Verify Adobe Creative Cloud Desktop installation completed successfully
- Test application launches and licensing activation
### LOW: Mailbox AutoMapping Propagation
**Status**: Waiting for propagation (5-15 minutes typical)
**Impact**: Low - mailbox access was granted, just waiting for Outlook auto-configuration
Julie was granted FullAccess permissions to Robert's mailbox with AutoMapping enabled. The permission was successfully applied via Exchange Operator app API, but the mailbox won't appear automatically in Julie's Outlook until the AutoMapping propagates.
**Next Steps**: Verify Robert's mailbox appears in Julie's Outlook client without manual configuration.
---
## Patterns & Decisions
### ZeroTier over Tailscale
**Decision Date**: 2026-06-07
Client specifically requested ZeroTier instead of Tailscale for the VPN solution. Existing Tailscale 1.98.4 installations were removed from both FRONT and RSW-Laptop, and ZeroTier 1.16.2 was deployed in their place.
**Rationale**: Client preference (specific reason not documented).
**Related Pattern**: Documented Tailscale client management pattern exists (see `wiki/patterns/tailscale-client-management.md`) but is not applicable to this client.
### Hostname-Based UNC Paths
**Decision Date**: 2026-06-07
Desktop shortcuts initially used drive letters (`S:\`, `F:\`, `P:\`) but were updated to UNC paths using the `FRONT` hostname (`\\FRONT\Scans`, etc.) after the mapped drives disconnected.
**Rationale**: UNC paths provide better resilience. If mapped drives disconnect or IP addresses change, the shortcuts continue working as long as the hostname resolves. Hosts file entries provide static DNS resolution for the FRONT hostname on the ZeroTier network.
### Administrator Access for Remote User
**Decision Date**: 2026-06-07
Julie's local account on RSW-Laptop was added to the Administrators group instead of standard Users group.
**Rationale**: Simplifies access and troubleshooting for remote work scenarios. Julie requires software installation capabilities and full system access for her role.
**Security Consideration**: Acceptable risk for a two-user practice with trusted remote assistant.
### SMB File Sharing vs. Cloud Storage
**Decision Date**: 2026-06-07 (implicit)
File sharing is implemented via SMB over ZeroTier mesh rather than migrating to OneDrive/SharePoint shared folders.
**Rationale**:
- Owner's desktop is already redirected to OneDrive
- Existing file organization and workflows remain intact
- No user training required for cloud storage paradigm
- Forms and Pleadings folders already stored in OneDrive (but accessed via SMB)
**Trade-off**: Requires VPN connectivity and FRONT to be online. No offline access to files from RSW-Laptop.
---
## History
### 2026-06-07: ZeroTier VPN Deployment & Remote Access Configuration
**Work Performed By**: Mike Swanson
**Session Log**: `clients/wolkin-law/session-logs/2026-06-07-mike-zerotier-setup.md`
Deployed ZeroTier mesh VPN to connect office PC (FRONT) with Julie's remote laptop (RSW-Laptop) for secure file sharing. Removed existing Tailscale installations and installed ZeroTier 1.16.2 on both machines, joining network 17d709436c834c9b with IPs 10.147.19.199 (FRONT) and 10.147.19.54 (RSW-Laptop). Added bidirectional hosts file entries for hostname resolution.
Created local `julie` user accounts on both machines (Administrator group) with matching M365 credentials. Encountered and documented critical GuruRMM bug where password-setting commands complete successfully but fail to actually set passwords; worked around using ScreenConnect.
Configured SMB file sharing for three folders (Scans at C:\Scans, Forms and Pleadings in OneDrive\Desktop). Granted julie NTFS FullControl permissions on all three. Mapped persistent network drives (S:, F:, P:) on RSW-Laptop and created desktop shortcuts using UNC paths (\\FRONT\...) for resilience.
Granted julie@rswolkin.com FullAccess permissions to robert@rswolkin.com's M365 mailbox using ComputerGuru Exchange Operator app. Enabled AutoMapping for automatic mailbox appearance in Outlook.
Initiated Office 365 and Adobe Creative Cloud Desktop installations on RSW-Laptop (silent installs running at session end). Investigated printer sharing for RICOH network printer but encountered access denied errors; deferred for later investigation.
**Key Deliverables**:
- Functional remote file access via ZeroTier VPN
- Three SMB shares accessible from remote location
- M365 mailbox delegation configured
- Software deployment in progress
- GuruRMM password bug documented for platform team
**Deferred Items**:
- RICOH printer access from remote
- Office/Adobe installation verification
- File share access testing from Julie's actual user session (all testing was SYSTEM context)
---
## Compliance & Security Considerations
### Data Protection
- **Attorney-Client Privileged Material**: All file shares contain legal documents and case files subject to attorney-client privilege
- **Encryption**: ZeroTier provides encrypted mesh networking (AES-256)
- **Access Control**: SMB shares require authentication; only `julie` local account has permissions
- **Physical Security**: FRONT is at office location; RSW-Laptop location not documented
### M365 Security Posture
- **MFA Status**: Not documented
- **Conditional Access**: Not documented
- **Mailbox Delegation Audit**: Julie has FullAccess to Robert's mailbox (appropriate for assistant role)
- **Data Loss Prevention**: Not documented
**Recommendation**: Enable MFA for both M365 accounts (robert@rswolkin.com and julie@rswolkin.com) to protect against credential compromise, especially given the sensitive nature of legal communications.
### Network Security
- **VPN Type**: ZeroTier mesh (peer-to-peer, not hub-and-spoke)
- **Office Firewall**: Not documented
- **Endpoint Protection**: Not documented
- **Patch Management**: GuruRMM monitoring in place but update policies not documented
---
## Service Delivery Notes
### Communication Patterns
- Primary contact via Robert Wolkin (robert@rswolkin.com)
- No documented SLA or response time expectations
- Per-incident service model (user initiates contact when issues arise)
### Billing Model
Not documented. No prepaid block or monthly recurring charge noted.
### Session Logs
All work sessions stored in `clients/wolkin-law/session-logs/` subdirectory.
---
## Related Documentation
### Wiki Articles
- [Tailscale Client Management Pattern](../patterns/tailscale-client-management.md) - Not applicable (client uses ZeroTier)
- [GuruRMM Project](../projects/gururmm.md) - Platform documentation including known issues
### Session Logs
- [2026-06-07: ZeroTier VPN Setup](../../clients/wolkin-law/session-logs/2026-06-07-mike-zerotier-setup.md)
### Memory Items
- `.claude/memory/feedback_rmm_password_limitation.md` - GuruRMM password bug documentation
### Vault Entries
- `clients/wolkin-law/*.sops.yaml` - Client credentials (exact structure not documented)
---
## Quick Reference
### File Share Access (from Remote)
```cmd
S: \\FRONT\Scans
F: \\FRONT\Forms
P: \\FRONT\Pleadings
```
### Remap Drives (if disconnected)
```cmd
net use S: \\FRONT\Scans /user:FRONT\julie Jaylen0607! /persistent:yes
net use F: \\FRONT\Forms /user:FRONT\julie Jaylen0607! /persistent:yes
net use P: \\FRONT\Pleadings /user:FRONT\julie Jaylen0607! /persistent:yes
```
### ZeroTier Management
```cmd
# View network status
"C:\Program Files (x86)\ZeroTier\One\zerotier-cli.bat" listnetworks
# View node info
"C:\Program Files (x86)\ZeroTier\One\zerotier-cli.bat" info
```
### GuruRMM Agent IDs
- **FRONT**: `04765560-3e8a-46e5-a507-c5f5f4ead6eb`
- **RSW-Laptop**: `043fd673-35a2-4d3d-8f91-ed73ce70cc1e`
- **DESKTOP-V1JT1SE**: Not documented (out of scope)
---
## Sources
This article was compiled from:
- Session log: `clients/wolkin-law/session-logs/2026-06-07-mike-zerotier-setup.md`
- GuruRMM platform data (agent enrollment, client structure)
- M365 tenant configuration via remediation tool
- Direct observation during VPN deployment and file sharing configuration
**Compilation Methodology**: Full initial compilation from first comprehensive work session. No prior wiki article existed; previous wiki index entry was a stub referencing "Robert Wolkin" as a separate entry.
**Last Updated**: 2026-06-07
**Next Review**: After completion of pending items (printer access, software installation verification, file share user testing)

9
wiki/index.md
View File

@@ -1,7 +1,7 @@
# Wiki Index
Last updated: 2026-06-05
Compiled by: GURU-BEAST-ROG/claude-main
Last updated: 2026-06-07
Compiled by: Mikes-MacBook-Air/claude-main
This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
Run `/wiki-lint` to check for stale entries and broken backlinks.
@@ -37,7 +37,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Furrier / Desert Rat](clients/furrier.md) | Mike Furrier owner; desertrat.com on websvr/cPanel; DMARC p=reject + Mailprotector SBR fix applied 2026-04-21; tim@ is a forwarder (not a mailbox); Syncro ID 391491 | 2026-05-24 |
| [Horseshoe Management](clients/horseshoe-management.md) | Property management; prepaid block 31.75 hrs remaining at $175/hr; APC Smart-UPS P.17 bypass relay fault cleared; repeat UPS failures suggest electrical issue; plaintext creds in Syncro notes — needs vault migration | 2026-05-24 |
| [Kittle Design & Construction](clients/kittle-design.md) | Design & construction; M365 kittlearizona.com; breach confirmed (Alexis hidden inbox rule + duplicate Authenticator); broad OAuth consent revoked; Ken inbox rule unresolved; no Entra P1/P2 | 2026-05-24 |
| [Robert Wolkin](clients/robert-wolkin.md) | STUB — small office, non-technical; GuruRMM client `Wolkin, Robert`/Main, 3 Win11 agents. Tailscale rollout (dedicated tailnet, ACG Admin, `tag:wolkin`): connect RSW-Laptop -> front; DESKTOP-V1JT1SE is Bob's personal machine, out of scope. Profile/Syncro unverified | 2026-06-06 |
| [Wolkin Law](clients/wolkin-law.md) | Solo law practice; per-incident service; ZeroTier mesh VPN (network 17d709436c834c9b) connecting FRONT (office, 10.147.19.199) and RSW-Laptop (remote, 10.147.19.54); SMB file shares for Scans/Forms/Pleadings over VPN; M365 tenant rswolkin.com (tenant ceb6dbe7-82c8-4d8f-9c6b); julie@rswolkin.com has FullAccess to robert@rswolkin.com mailbox; GuruRMM client `Wolkin, Robert`/Main with 3 Win11 agents (DESKTOP-V1JT1SE out of scope); CRITICAL bug: GuruRMM password commands fail silently; RICOH printer access unresolved; Office 365 + Adobe CC deployment in progress | 2026-06-07 |
| [The Law Offices of Chris Scileppi](clients/scileppi-law.md) | Law firm; Syncro ID 9601863; Sylvia Mac mini (M2 8 GB) mail memory exhaustion; Mail disabled; on webmail; replacement Mac mini (M4 16/24 GB) pending order; GuruRMM enrollment blocked | 2026-05-24 |
| [Western Tire](clients/western-tire.md) | Tire retail (jackfurriers.com brand); Mike Furrier owner (Syncro ID 391491); email migrated from websvr to IX 2026-04-22; 30 mailboxes; SSL cert expires 2026-05-30 | 2026-05-24 |
| [Kittle (general contractor)](clients/kittle.md) | General contractor Tucson AZ; Syncro 32460233; HPE MicroServer Gen11 WS2025 EVAL at 10.0.0.5; no backups, no firewall; DKIM/DMARC missing; 3 plaintext creds in Syncro notes; GuruRMM onboarding 2026-05-08 | 2026-05-24 |
@@ -55,7 +55,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| Article | Summary | Last Compiled |
|---|---|---|
| [GuruRMM](projects/gururmm.md) | RMM platform, Rust/Axum server + React dashboard + cross-platform agent; stable fleet pinned v0.6.47; lone beta agent GURU-5070 on v0.6.54 (per-agent channel override); server v0.3.37; 55 enrolled agents; backup-alert quality pass shipped 2026-06-07 (false backup_failed 15->2; backup_storage_low removed); tray BUG-020 (duplicate/ghost icons) fixed to beta (commit 137dd85); active development | 2026-06-07 |
| [GuruRMM](projects/gururmm.md) | RMM platform, Rust/Axum server + React dashboard + cross-platform agent; stable fleet pinned v0.6.47; lone beta agent GURU-5070 on v0.6.54 (per-agent channel override); server v0.3.45; 55 enrolled agents; backup-alert quality pass shipped + credential inheritance deployed + offboarding wizard spec complete; clickable alert badges with client filtering; tray BUG-020 (duplicate/ghost icons) fixed to beta (commit 137dd85); active development | 2026-06-07 |
| [Dataforth DOS — Test Datasheet Pipeline](projects/dataforth-dos.md) | DOS update system + TestDataDB pipeline (Node.js, PostgreSQL, Hoffman API); 469K records, 458.5K live on website; 2025 crypto attack recovery; security incident 2026-03-27; SCMVAS/SCMHVAS extension; email notifications via Graph API | 2026-05-24 |
| [ClaudeTools Discord Bot](projects/discord-bot.md) | Claude Agent SDK bot in Discord; one persistent session per thread; Phase 1.5 complete (native tools, no hand-written tools); Phases 2-4 (API integration, remediation, UX) pending; runs as NSSM service on BEAST | 2026-05-24 |
| [The Computer Guru Show](projects/radio-show.md) | Radio show archive processing pipeline (Whisper + pyannote + SQLite FTS5) + post-show content workflow; 572 episodes indexed; FastAPI UI redesigned; Jupiter audio-file gap open | 2026-05-24 |
@@ -116,6 +116,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| Equity Valuation Services | Single Win11 VM | — |
| Scileppi Law | Sylvias-Mini (M2 Mac mini) | GuruRMM (enrollment pending) |
| Universal Cryogenics | UC2-SERVER (172.29.0.5, DC, guest VM); WIN-709JUVCJ2DQ (172.29.0.4, Hyper-V/Veeam, Dell PowerEdge 2950); 6 workstations (ucryo.local, 172.29.0.x) | GuruRMM (8 agents, site LIGHT-WOLF-2305) |
| Wolkin Law | FRONT (10.147.19.199 ZeroTier, office PC, SMB share host); RSW-Laptop (10.147.19.54 ZeroTier, remote); DESKTOP-V1JT1SE (out of scope); RICOH printer (172.17.110.110); M365 rswolkin.com | GuruRMM (3 Win11 agents, client Wolkin, Robert/Main); ZeroTier mesh VPN 17d709436c834c9b |
---

67
wiki/projects/gururmm.md
View File

@@ -3,7 +3,7 @@ type: project
name: gururmm
display_name: GuruRMM
last_compiled: 2026-06-07
compiled_by: GURU-5070/claude-main
compiled_by: Mikes-MacBook-Air/claude-main
aliases:
- guru-rmm
sources:
@@ -49,6 +49,7 @@ sources:
- session-logs/2026-05-24-GURU-KALI-session.md
- session-logs/2026-05-31-howard-gururmm-roadmap-and-features.md
- session-logs/2026-06-02-mike-bsod-detection-and-pipeline.md
- session-logs/2026-06-07-mike-gururmm-offboarding-spec.md
- "live GuruRMM Postgres query 2026-06-04: agents/sites/update_rollouts/agent_updates tables (channel verification)"
- session-logs/2026-06-07-mike-gururmm-backup-alert-cleanup.md
backlinks:
@@ -64,7 +65,7 @@ backlinks:
GuruRMM is a Remote Monitoring & Management platform built by Arizona Computer Guru LLC for internal MSP operations and eventual productization. The server (Rust/Axum) and dashboard (React/TypeScript) are production-deployed at https://rmm.azcomputerguru.com with approximately 55 enrolled agents across multiple client sites. The agent runs on managed Windows, Linux, and macOS endpoints.
**Current version:** agent 0.6.54 (beta) / 0.6.47 (stable) / server 0.3.37 as of 2026-06-04. Fleet on stable target 0.6.47 (pinned 2026-05-28); GURU-5070 is the lone beta agent (explicit per-agent override), running 0.6.54 and auto-riding each new beta build. Note: committed changelogs are stale (stop at agent v0.6.22 / server v0.3.1) — migrations + commit log are the authoritative feature record, not changelogs.
**Current version:** agent 0.6.54 (beta) / 0.6.47 (stable) / server 0.3.45 as of 2026-06-07. Fleet on stable target 0.6.47 (pinned 2026-05-28); GURU-5070 is the lone beta agent (explicit per-agent override), running 0.6.54 and auto-riding each new beta build. Note: committed changelogs are stale (stop at agent v0.6.22 / server v0.3.1) — migrations + commit log are the authoritative feature record, not changelogs.
**Backup-alert quality pass shipped 2026-06-07:** False `backup_failed` alerts reduced 15 -> 2 fleet-wide (commits `779f7f6` + `b82c010` on main). `backup_storage_low` alert type removed entirely — the `DataCopied/TotalData` ratio measures backup-dataset completeness, not destination capacity, and produced 5 fleet-wide false alerts. See Backup Integration section for full detail.
@@ -76,6 +77,38 @@ GuruRMM is a Remote Monitoring & Management platform built by Arizona Computer G
---
## Recent Work
### 2026-06-07 — Credential Inheritance Deployment & Offboarding Spec
**Deployed to production:**
- Server v0.3.45 with credential inheritance feature enabled
- Credential inheritance allows hierarchical credential propagation (Global → Client → Site) with opt-in `is_inheritable` flag
- De-duplication logic by (credential_type, label) with most-specific-scope-wins resolution
- `/effective` endpoints validated for clients and sites showing proper inheritance and conflict resolution
**Dashboard UI enhancements:**
- Clickable alert severity badges in ClientExceptionsBand component
- Badge clicks filter /alerts page by severity + client_id for scoped alert viewing
- Offline badge filters /agents page to show client-specific offline agents only
- Deep-linking support via URL parameters for client filtering on Alerts and Agents pages
**Specification work:**
- SPEC-028 offboarding wizard specification created (835 lines)
- Covers site and client offboarding workflows with 6-step and 5-step modals respectively
- Includes data export, dependency analysis, typed confirmation, audit logging, and cascading deletions
- FEATURE_ROADMAP.md updated with "Client & Site Lifecycle Management" section covering offboarding/onboarding features
**Key features of offboarding spec:**
- Multi-step modal workflow with clear progression
- Pre-flight dependency checks (alerts, pending commands, active connections)
- Comprehensive data export (credentials, policies, network devices, audit trail) with temp tokens and 1-hour expiry
- Typed name confirmation for destructive final step
- Immutable audit_logs table for compliance and traceability
- Enforced cascade deletion validation for clients
---
## Capabilities / Feature Set
*Synthesized from authoritative artifacts (API routes, agent modules, 48 migrations, roadmap, commit log) at live `main` — not from session logs. See Compilation Notes.*
@@ -115,6 +148,10 @@ Agent<->server communication is a persistent authenticated WebSocket with auto-r
- Threshold alerts (ack/resolve, per-agent + fleet summary, dashboard filter). Alert templates (`022`) with effective resolution; per-client email settings (`020`). Maintenance mode (`021`) to suppress alerting per scope.
- Watchdog: **separate** supervising process (polls `GuruRMMAgent` every 30s, restart backoff, alert after 3 fails) + launches/reaps the tray into active user sessions via WTS. Full alert CRUD + ack/resolve.
### Credentials Management
- Encrypted credentials vault (`016`): scoped global/client/site, typed (password, SSH key, SNMP), metadata-only by default with separate `/reveal` decrypt endpoint (known HIGH item: `/reveal` ownership-scope check — [verify current state]).
- **Credential inheritance (deployed 2026-06-07):** Opt-in hierarchical cascade with `is_inheritable` flag allowing credentials to propagate from Global → Client → Site. De-duplication by (credential_type, label) with most-specific scope winning. `/effective` endpoints merge and return inherited + direct credentials with `inherited_from` indicator.
### Backup Integration (MSP360 / MSPBackups)
- Multi-provider config (`034`/`035`) with connection test, scheduled sync, per-agent + all-providers status, fleet coverage report, and agent<->MSP360 mapping (`044`) with confidence scoring + manual verification. Dashboard UI for mappings/verify shipped 2026-05-31.
- **Alert quality pass (2026-06-07, commit `779f7f6`):** Non-backup MSP360 PlanTypes (8=Restore, 13=Consistency-check) excluded from backup alerting and compliance evaluation (FU2 guard). MSP360 message JSON decoded into readable alert text via `summarize_backup_error` (FU1). `create_or_update_alert` now refreshes `title`/`message`/`severity` on re-trigger, also fixing a latent severity-escalation freeze where re-triggered alerts kept stale severity. Fleet result: false `backup_failed` alerts 15 -> 2; survivors (AD1: retention warning + file skips, LAB-Becky: no storage account configured) are genuine and self-describing.
@@ -130,7 +167,6 @@ Agent<->server communication is a persistent authenticated WebSocket with auto-r
- Auth: JWT (login/register/me); agents auth over WS via per-agent API key + hardware device_id.
- **Microsoft Entra ID SSO** (OAuth2/OIDC + PKCE), gated on server config. Multi-provider incl. Google is spec'd (SPEC-008) but **Google not implemented [verify]**.
- Organizations / multi-tenancy: org CRUD, per-org membership + roles, limits, dev-admin **user impersonation** (`/auth/impersonate/:id`). Backend present; dashboard UI shipped 2026-05-31.
- Encrypted credentials vault (`016`): scoped global/client/site, typed (password, SSH key, SNMP), metadata-only by default with separate `/reveal` decrypt endpoint (known HIGH item: `/reveal` ownership-scope check — [verify current state]).
- Enrollment & keys (`012`): per-agent key issuance on first run, site API keys (regenerable), site-specific MSI with SITEKEY injected at download, public install-report ingestion. Legacy PowerShell agent path for Server 2008 R2.
- Logs: agent log upload (periodic + on-demand), per-agent events (`042`), fleet log view, AI-assisted log analysis (`/logs/analyze`) — AI-optional per locked decision.
@@ -218,9 +254,17 @@ gururmm/
### Current Focus
<<<<<<< HEAD
As of 2026-06-07 (agent 0.6.54 beta / 0.6.47 stable / server 0.3.37+):
- **BUG-020 — tray duplicate/ghost icons (fixed to beta, 2026-06-04):** Commit `137dd85` shipped to main -> beta. Fix #1: per-session `Local\GuruRMM_Tray` single-instance mutex in the tray binary. Fix #2: `TrayLauncher` reconciliation via `WTSEnumerateProcessesW` (idempotent across watchdog restarts). Fix #3: graceful `Global\GuruRMM_TrayShutdown_{sid}` event -> 3s wait -> `TerminateProcess` fallback (so `NIM_DELETE` fires and ghost icon is cleaned). [NOTE: Fix #3 is implemented but dormant — `terminate_all` has no caller in the agent yet. Tracked in coord todo `25fdf31a` to wire into the watchdog policy-disable/uninstall path.]
=======
As of 2026-06-07 (agent 0.6.54 beta / 0.6.47 stable / server 0.3.45):
- **Credential inheritance (deployed 2026-06-07):** Production server running v0.3.45 with full credential inheritance and de-duplication. `/effective` endpoints validated. Dashboard clickable alert badges and client-scoped filtering implemented.
- **SPEC-028 offboarding wizard (specification complete):** 835-line spec created for site and client offboarding workflows. Includes data export, dependency analysis, typed confirmation, and audit logging. Roadmap updated with "Client & Site Lifecycle Management" section. Implementation pending.
- **BUG-020 — tray duplicate/ghost icons (fixed to beta, 2026-06-04):** Commit `137dd85` shipped to main → beta. Fix #1: per-session `Local\GuruRMM_Tray` single-instance mutex in the tray binary. Fix #2: `TrayLauncher` reconciliation via `WTSEnumerateProcessesW` (idempotent across watchdog restarts). Fix #3: graceful `Global\GuruRMM_TrayShutdown_{sid}` event → 3s wait → `TerminateProcess` fallback (so `NIM_DELETE` fires and ghost icon is cleaned). [NOTE: Fix #3 is implemented but dormant — `terminate_all` has no caller in the agent yet. Tracked in coord todo `25fdf31a` to wire into the watchdog policy-disable/uninstall path.]
>>>>>>> 5869da2 (sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13)
- **BSOD detection Phase 2/3 (deferred):** Dashboard "Crashes" tab + BSOD in Alerts stream (issue #10, dashboard bullets unchecked); `fetch_bsod_dump` on-demand upload; full ~350-entry bugcheck name table (Phase 1 ships a 10-code map).
- **Linux fleet unit drift:** Auto-updater replaces the binary but does NOT refresh the systemd unit file. Pre-BUG-016-fix Linux agents have new binary + old unit (missing `StateDirectory=gururmm`). Needs an ops-script pass via `/rmm` or organic at next reinstall.
- **Tray IPC + peer authorization** — Linux tray merged (PR #13+#14). Open: Windows peer authz (#16), logind console-user resolution (#17), macOS tray (#18), subscriber broadcast (#19).
@@ -327,7 +371,11 @@ Gitea push to main
## Active State
<<<<<<< HEAD
**Fleet (as of 2026-06-04, live Postgres verified; no enrollment changes in 2026-06-07 session):**
=======
**Fleet (as of 2026-06-07):**
>>>>>>> 5869da2 (sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13)
- 55 enrolled agents total
- Stable channel: pinned at 0.6.47 windows/amd64 (promoted 2026-05-28); 0.6.46 linux. All 39 sites and 118 agents are on stable (channel NULL = stable default).
- Beta channel: **GURU-5070 only** — per-agent `update_channel = 'beta'` override (site "Mike's Car" / `103c10b9-c1de-4dd8-b382-b8362ed3143e` has `update_channel = NULL`, so stable is the site default; GURU-5070 is the explicit per-agent exception). Beta has no `update_rollouts` pin — server dispatches the newest signed beta artifact straight from the build pipeline.
@@ -358,7 +406,11 @@ Gitea push to main
- Response: `stdout`, `stderr`, `exit_code`, `status` (running/completed/failed/timeout/interrupted)
**Dashboard — complete and working:**
<<<<<<< HEAD
Agents management, Clients/Sites CRUD, Commands execution + terminal, Logs + AI analysis, Alerts, Metrics (CPU/RAM/disk/network, process drill-down modal), Auto-update triggering, Network state, Entra ID SSO (Entra only — Google planned per SPEC-008, not implemented), Policies Dashboard (all tabs), Registry editor, MSP360 backup status card + agent<->backup mappings/verify UI, Organizations management + dev-admin impersonation UI.
=======
Agents management, Clients/Sites CRUD, Commands execution + terminal, Logs + AI analysis, Alerts (with clickable severity badges + client filtering), Metrics (CPU/RAM/disk/network, process drill-down modal), Auto-update triggering, Network state, Entra ID SSO (Entra only — Google planned per SPEC-008, not implemented), Policies Dashboard (all tabs), Registry editor, MSP360 backup status card + agent↔backup mappings/verify UI, Organizations management + dev-admin impersonation UI, Credentials management with inheritance support.
>>>>>>> 5869da2 (sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13)
**Dashboard — incomplete (see UI_GAPS.md):**
- Enrollment management UI (revoke keys, audit log, duplicate hostname warnings)
@@ -366,6 +418,7 @@ Agents management, Clients/Sites CRUD, Commands execution + terminal, Logs + AI
- BSOD/Crashes tab on Agent Detail (Phase 2 deferred)
- BSOD in Alerts stream (Phase 2 deferred)
- Tunnel session management (interactive terminal — backend skeleton, not production-ready)
- Offboarding wizard UI (SPEC-028 complete, implementation pending)
**Open Gitea issues:**
- #10 — BSOD detection Phase 2/3 (dashboard + fetch_bsod_dump + full bugcheck table)
@@ -425,7 +478,11 @@ These decisions are locked. Do not reverse without explicit user approval.
| 2026-06-01 | BUG-016 (Linux systemd missing StateDirectory=gururmm) + BUG-017 (device_id OnceLock cache) fixed (commit 30da053). GURU-KALI had 11 ghost agent rows from repeated UUID churn — fixed and verified. BSOD forensics: GURU-5070 bluescreened with `0x116 VIDEO_TDR_FAILURE` (nvlddmkm.sys, NVIDIA driver 32.0.15.9201 on RTX 5070 Ti Laptop GPU); GuruConnect cleared on three grounds; root cause one-off driver TDR. BSOD detection feature (issue #10 Phase 1) implemented: bsod.rs + migration 048 + ws/mod.rs handler; code review caught and fixed SF-1 (watermark before send) + SF-2 (non-atomic watermark write); merged to main (0ec55cf), agent versioned 0.6.51. |
| 2026-06-02 | Server 0.3.37 + migration 048 deployed. Build channel default-beta fix applied to build-windows.sh + build-linux.sh (macOS already correct). Webhook wired to dispatch build-server.sh with change-gate (last-built-commit-server) + backup/rollback. Fleet converged to 0.6.51. GURU-KALI BUG-016 unit file refreshed, override removed, verified clean. [NOTE: the session log recorded "GURU-5070 promoted to stable" — contradicted by live DB; see 2026-06-04 entry.] |
| 2026-06-04 | Channel correction confirmed via live Postgres query: GURU-5070 `agents.update_channel = 'beta'` (explicit per-agent override). Site "Mike's Car" and all 39 sites are `update_channel = NULL` (stable default); GURU-5070 is the only beta agent in the 119-agent fleet. Stable channel pinned at 0.6.47 windows/amd64 + 0.6.46 linux via `update_rollouts` (promoted 2026-05-28); beta channel has 0 `update_rollouts` rows (server dispatches newest signed beta artifact directly). GURU-5070 running 0.6.54. BUG-020 (duplicate/ghost tray icons) fixed in commit `137dd85` to beta: per-session single-instance mutex + `WTSEnumerateProcessesW` reconciliation + graceful shutdown event (fix #3 dormant pending `terminate_all` wiring — coord todo `25fdf31a`). Verified by Grok + Code Review Agent. |
<<<<<<< HEAD
| 2026-06-07 | Backup-alert quality pass shipped. FU1 (`summarize_backup_error` decodes MSP360 message JSON; `create_or_update_alert` now refreshes title/message/severity on re-trigger, also fixes latent severity-escalation freeze) + FU2 (exclude non-backup PlanTypes 8=Restore/13=Consistency-check from alerting/compliance): false `backup_failed` alerts 15 -> 2 fleet-wide (survivors AD1, LAB-Becky are genuine and self-describing), commit `779f7f6`. `backup_storage_low` alert type removed entirely (commit `b82c010`): `DataCopied/TotalData` measures backup-dataset completeness, not destination capacity — produced 5 fleet-wide false alerts including DF-HYPERV-B "100% Full" on a 4 GB plan; `resolve_all_backup_storage_alerts` (type-scoped, idempotent, once-per-tick) clears stragglers; 5 -> 0 verified after 17:21:41 UTC restart. Genuine destination-capacity alerting deferred (needs MSP360 storage-accounts endpoint). `BACKUP_STALE` evaluator confirmed already correct — no new code. Both commits on main. Submodule pinned at `226ba9f` in parent. |
=======
| 2026-06-07 | Credential inheritance deployed to production (server v0.3.45). Hierarchical credential propagation (Global → Client → Site) with `is_inheritable` flag and de-duplication by (credential_type, label). `/effective` endpoints validated. Dashboard UI: clickable alert severity badges with client filtering, offline badge now scopes to client-specific agents. SPEC-028 offboarding wizard specification created (835 lines) covering site and client offboarding workflows with data export, dependency analysis, typed confirmation, and audit logging. FEATURE_ROADMAP.md updated with "Client & Site Lifecycle Management" section. |
>>>>>>> 5869da2 (sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13)
---
@@ -438,7 +495,11 @@ These decisions are locked. Do not reverse without explicit user approval.
- Auto-update reliability fix for BB-SERVER and RECEPTIONIST-PC was incomplete at 2026-05-24 save. [unverified]
- **2026-06-02 recompile:** Folded in BSOD detection feature (Phase 1 shipped — agent/src/bsod.rs, migration 048, ws handler, always-Critical alerts, verified against real 0x116 dump); server build now wired into webhook (change-gated + rollback); build channel default changed to beta (stable is explicit promote); versions updated to agent 0.6.51 / server 0.3.37; fleet converged. Corrected submodule framing (tracks active repo, develop here + push to Gitea — not "stale, do not develop"). Added build-server.sh change-gate marker and server build log to Key Files. Added server's root RMM agent as a good pattern. Updated Current Focus with BSOD Phase 2/3 and Linux fleet unit drift. Added four new anti-patterns (minidump crate, default-stable builds, webhook agent-only gap, auto-update race). Migration count updated 46 -> 48.
- **2026-06-04 recompile:** Corrected GURU-5070 channel state — live Postgres confirms `update_channel = 'beta'` per-agent (not stable as the 2026-06-02 session log implied). Stable fleet pinned at 0.6.47 (not 0.6.51). GURU-5070 on 0.6.54 beta. Beta channel has no `update_rollouts` pin. Added BUG-020 (tray duplicate/ghost icons) — symptom, root cause, fix commit `137dd85`, dormant follow-up for fix #3 wiring. Updated Summary, Components table, Active State, Current Focus, History, Good Patterns, and Compilation Notes. Added sources entry for live Postgres query + commit 137dd85. Added `aliases: [guru-rmm]` frontmatter to cross-reference the tombstone at `wiki/projects/guru-rmm.md`.
<<<<<<< HEAD
- **2026-06-07 recompile:** Folded in backup-alert quality pass (commits `779f7f6` + `b82c010`, both on main). Updated Backup Integration capability section: added FU1/FU2 alert quality pass detail (false backup_failed 15->2; summarize_backup_error; create_or_update_alert refresh); documented backup_storage_low removal (structurally false DataCopied/TotalData signal; 5->0 false alerts; resolve_all_backup_storage_alerts); confirmed BACKUP_STALE evaluator correct (no new code); added key functions list and MSP360 PlanType exclusion map. Updated Repo Structure to include db/mspbackups.rs and mspbackups/ key functions. Updated Current Focus MSP360 line and added /backup-status endpoint shape gap. Updated Summary date and added backup-alert quality pass note. Active State date note updated. Added 2026-06-07 History row. Patterns and History existing rows preserved verbatim.
=======
- **2026-06-07 recompile:** Updated for credential inheritance production deployment (server v0.3.45), clickable alert badges with client filtering, and SPEC-028 offboarding wizard specification. Added Recent Work section documenting 2026-06-07 session accomplishments. Updated Current Focus to reflect credential inheritance as deployed and offboarding wizard as spec-complete/implementation-pending. Updated Dashboard status to include credentials management with inheritance. Updated version numbers throughout (server 0.3.37 → 0.3.45). Added session-logs/2026-06-07-mike-gururmm-offboarding-spec.md to sources. Updated History Highlights with 2026-06-07 entry.
>>>>>>> 5869da2 (sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13)
## Backlinks