From 1924053d584b91a075b1daa774f39b6b0a3c5505 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Mon, 25 May 2026 20:25:40 -0700 Subject: [PATCH] sync: auto-sync from GURU-5070 at 2026-05-25 20:25:37 Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-05-25 20:25:37 --- session-logs/2026-05-25-session.md | 86 ++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/session-logs/2026-05-25-session.md b/session-logs/2026-05-25-session.md index 5f978b0..0971a04 100644 --- a/session-logs/2026-05-25-session.md +++ b/session-logs/2026-05-25-session.md @@ -1699,3 +1699,89 @@ None. - gururmm current deployed: v0.3.22, commit 646eb0a - Audit #2 report: reports/2026-05-25-rmm-audit-2.md on branch audit/2026-05-25-rmm-audit-2 (4a4311b) - Coord API: http://172.16.3.30:8001/api/coord/status + +--- + +## Update: 20:24 PT — GuruRMM Audit-2 Remediation + Bug Fix Sprint (GURU-5070) + +## User +- **User:** Mike Swanson (mike) +- **Machine:** GURU-5070 +- **Role:** admin +- **Session:** ~15:45 - 20:24 MST + +## Session Summary + +Picked up a coord message from Mikes-MacBook-Air indicating the Safe Agent Rollout System (Phases 1-6) was code-complete and ready for testing. Before executing the test plan, reviewed active coord messages from GURU-BEAST-ROG which revealed three blocking hazards: migration 046 was already applied in production (causing a 28-restart crash loop earlier in the day), crash detection in `health.rs` was dead code keyed on an event type that was never emitted, and `build-server.sh` had no rollback capability on deploy failure. The MacBook's "ready to test" signal was premature. + +Addressed the blockers by merging `fix/audit-2-remediation` (PR #22) which had been prepared by GURU-BEAST-ROG. That branch fixed crash detection (re-keyed to `update_success`), hardened `build-server.sh` with a build lock and binary auto-rollback, and added `Agent.update_channel` to all agent API responses. Also recovered uncommitted work from the submodule — a feature branch (`feature/log-finding-dispatch`) with collapsible FindingCards and an agent command dispatch panel in the log analysis view. That was committed to its own branch, reviewed, and merged as PR #23. + +With the critical fixes landed, worked through the remaining MEDIUM bugs from the audit-2 report. BUG-007 converted the 5 remaining `sqlx::query!` compile-time macros in `health.rs` to runtime sqlx, adding a `HealthMetricsRow` struct and deleting 5 orphaned `.sqlx/` cache files (PR #24). BUG-008 fixed 5 sites in `metrics.rs` where raw DB error text leaked to API clients via `e.to_string()` — replaced with the project's `internal_err()` helper (PR #25). BUG-009/010 added `isError` error banner handling to 8 dashboard pages (Logs, Alerts, AlertTemplates, Commands, Dashboard, Settings, Sites, Users) using the pattern established in `Clients.tsx` (PR #26). BUG-011 eliminated all 14 `: any` annotations across 6 files, using `unknown` + `axios.isAxiosError()` guards for error handlers and proper typed interfaces for JSONB array locals (PR #27). + +Each fix followed the full workflow: branch from main, code change, code review agent approval, Gitea Agent merge, submodule pointer advance in claudetools. All 6 PRs merged cleanly with CI auto-bump firing after each merge. The audit-2 MEDIUM bug backlog is now clear. + +## Key Decisions + +- **Blocked Phase 6 testing despite MacBook's "ready" signal** — GURU-BEAST-ROG coord messages revealed migration 046 was already applied in prod and crash detection was inert; proceeding with testing on a broken foundation would have produced false results. +- **Recovered Logs.tsx uncommitted work as a feature branch rather than discarding** — the collapsible FindingCard + dispatch panel was real, useful work. Committed to `feature/log-finding-dispatch` before advancing the submodule pointer rather than stashing and losing it. +- **Used `axios.isAxiosError()` for all error type narrowing** (BUG-011) — project had no established pattern for this; chose the official Axios type guard over intersection types or `as` casts to remain type-safe without adding overhead. +- **BUG-004 (update_rollouts wiring) left as scaffolding** — Mike's earlier decision to label it Phase-2 inert rather than wire automation stood; crash detection (BUG-002) must be verified live before gating promotions on health signals. +- **Kept `??` over `||` in Login/Register catch handlers** — reviewer noted server actually returns plain text errors, not `{ error: "..." }` JSON, so the `.error` field access never worked in either case. Pre-existing issue logged; not in scope for BUG-011. + +## Problems Encountered + +- **coord API rejecting notes with special characters** — `curl` payloads with em-dashes in the notes field triggered HTTP 422 parse errors. Resolved by simplifying the notes string to ASCII before the PUT call. +- **Submodule checkout blocked by uncommitted Logs.tsx** — `git submodule update --remote` failed because the working tree had the in-progress FindingCard dispatch feature uncommitted. Resolved by branching, committing, and pushing before advancing the pointer. +- **Bash working directory persistence** — Bash tool retains `cd` across calls in a session; after entering the gururmm submodule directory early in the session, subsequent bare git commands ran against the submodule repo rather than claudetools. Worked around by using explicit `cd /d/claudetools` prefixes for claudetools-level operations. + +## Configuration Changes + +- `projects/msp-tools/guru-rmm` submodule pointer advanced 5 times (PRs #22-#27) +- `session-logs/2026-05-25-session.md` — appended this update + +## Credentials & Secrets + +None discovered or created this session. + +## Infrastructure & Servers + +- **gururmm-build / 172.16.3.30** — GuruRMM server + build host. Webhook builds fired after each merge to main. Service restarted automatically via build-server.sh. +- **Coord API** — `http://172.16.3.30:8001/api/coord` — used for component state updates (server, dashboard both set to `building`) and message reads. +- **Gitea** — `http://172.16.3.20:3000` — PRs #22-#27 all merged via API. + +## Commands & Outputs + +```bash +# Merge fix/audit-2-remediation (PR #22) — merge SHA e6d1e9c +# Merge feature/log-finding-dispatch (PR #23) — merge SHA 2650d5ce +# Merge fix/bug-007-runtime-sqlx (PR #24) — merge SHA 940ced14 +# Merge fix/bug-008-internal-err (PR #25) — merge SHA e5426b4d +# Merge fix/bug-009-010-iserror (PR #26) — merge SHA 3c09f9bc +# Merge fix/bug-011-no-any (PR #27) — merge SHA 3aa9ea4f + +# Verify no sqlx macros remain in health.rs +grep -n "sqlx::query!" server/src/updates/health.rs +# (no output — clean) + +# Verify no :any remains in 6 files +grep -rn ": any" dashboard/src/components/InventoryTab.tsx ... +# (no output — clean) +``` + +## Pending / Incomplete Tasks + +- **Phase 6 test plan** (`PHASE_6_TEST_PLAN.md`) — not yet executed. Blockers cleared (BUG-002/003/006 merged). Can now proceed: SSH to 172.16.3.30, run `verify-rollout-system.sh`, confirm webhook build from today's merges completed, then execute test plan systematically. +- **Auth error display bug** — Login/Register catch handlers read `err.response?.data?.error` but server returns plain text, not JSON. The fallback message always shows. Low priority; separate follow-up needed. +- **BUG-004 (update_rollouts wiring)** — deferred by Mike; requires re-spec before implementation. Depends on BUG-002 (crash detection) being verified live first. +- **BUG-005 (mac build stub)** — product decision needed: provision Apple hardware + implement build-mac.sh, or mark platform as N/A in audit pipeline. +- **feature/log-finding-dispatch** — merged. No open items. + +## Reference Information + +- GuruRMM Gitea repo: `http://172.16.3.20:3000/azcomputerguru/gururmm` +- PRs merged today: #22 (audit-2-remediation), #23 (log dispatch), #24 (BUG-007), #25 (BUG-008), #26 (BUG-009/010), #27 (BUG-011) +- Phase 6 test plan: `ClaudeTools/PHASE_6_TEST_PLAN.md` +- Verification script: `ClaudeTools/verify-rollout-system.sh` +- Audit-2 report: `projects/msp-tools/guru-rmm/reports/2026-05-25-rmm-audit-2.md` +- Bug tracking: `projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md` (BUG-002 through BUG-012) +- Coord API component state: server=building, dashboard=building (as of end of session)