From 1a0bcc80b09ab17811afb653dcc1ef436a90598f Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Wed, 27 May 2026 07:37:44 -0700 Subject: [PATCH] chore(memory): fix shared-memory index issues Audit of .claude/memory found and fixed: - Broken link: Power Failure Runbook (../.claude/... -> ../...) - 8 orphaned memories not in MEMORY.md index (Graph CA/password-reset, vault-write-sequence, GURU-BEAST-ROG, 3x Cascades, identity proposal) -> now indexed under their sections, so they're discoverable - 5 files missing frontmatter -> added name/description/type - Duplicate index entry for reference_workstation_setup.md -> deduped - Trimmed the worst oversized index hooks (Syncro invoice line was 427 chars) Co-Authored-By: Claude Opus 4.7 (1M context) --- .claude/memory/MEMORY.md | 27 ++++++++++++------- .../approval-workflow-tools-vs-projects.md | 6 +++++ .../feedback_syncro_appointment_date_check.md | 6 +++++ .../memory/gururmm-development-principles.md | 6 +++++ .../proposal_identity_centralization.md | 6 +++++ .../syncro_invoice_verification_pattern.md | 6 +++++ 6 files changed, 47 insertions(+), 10 deletions(-) diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 6652c43..39d5a08 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -1,26 +1,25 @@ # Memory Index ## Reference -- [ACG Office Network Infrastructure](infra_office_network.md) — IPs, hosts, roles for pfSense/Jupiter/VMs/Docker. Use before assuming what's where; .21 (Uranus) is storage, not a proxy. -- [Power Failure Runbook](../.claude/POWER_FAILURE_RUNBOOK.md) — Step-by-step recovery: Tailscale routes, libvirt/VMs, Seafile, NPM/DNS. Run in order after any power event. -- [Syncro API — Invoice Verification Pattern](syncro_invoice_verification_pattern.md) - **CRITICAL:** List endpoint (/invoices?customer_id=X) does NOT return ticket linkage. Must query individual invoices (/invoices/{number}) to get ticket_id field. Invoice numbers are strings. Use ticket ID (not number) for comparison. Real case: falsely reported 31 tickets had no invoices (actually 29 had invoices, 2 were Non-Billable). -- [Approval Workflow: Tools vs Projects](approval-workflow-tools-vs-projects.md) - General tools (remediation-tool, onboard scripts, MSP utilities): Howard can modify OR Claude can execute with Howard/Mike approval. Projects (GuruRMM, etc.): require Mike approval, features→roadmap, bugs→bug list. +- [ACG Office Network Infrastructure](infra_office_network.md) — IPs/hosts/roles for pfSense/Jupiter/VMs/Docker. Check before assuming; .21 (Uranus) is storage. +- [Power Failure Runbook](../POWER_FAILURE_RUNBOOK.md) — Recovery order after a power event: Tailscale routes, libvirt/VMs, Seafile, NPM/DNS. +- [Syncro API — Invoice Verification Pattern](syncro_invoice_verification_pattern.md) — /invoices?customer_id=X returns no ticket linkage; query /invoices/{number} for ticket_id. Compare by ticket ID, not number. +- [Approval Workflow: Tools vs Projects](approval-workflow-tools-vs-projects.md) — Tools (remediation, scripts): Howard/Claude with approval. Projects (GuruRMM): Mike approval; features→roadmap, bugs→bug list. - [Community Forum (Flarum)](reference_community_forum.md) - Flarum forum at community.azcomputerguru.com, API access, database, posting workflow - [Radio Show Website](reference_radio_website.md) - Astro static site at radio.azcomputerguru.com on IX server - [IX Server SSH Access](reference_ix_server_ssh.md) - SSH access notes for GURU-5070 — re-verify key auth (was CachyOS) - [IX Access via Tailscale](reference_ix_access_tailscale.md) - IX server accessible with Tailscale on, no VPN needed -- [GURU-5070 Workstation (Mike's primary)](reference_workstation_setup.md) - Mike's box, Windows 11. Same machine as OC-5070/ACG-5070/acg-guru-5070 (renamed). SOPS vault, Ollama, all dev tools. - [Matomo Analytics](reference_matomo_analytics.md) - Self-hosted analytics at analytics.azcomputerguru.com, site IDs, tracking for all 3 sites - [Dataforth Contact - AJ](reference_dataforth_contact.md) - AJ at Dataforth, dataforthgit@ email forwarding to him - [TickTick Integration](reference_ticktick_integration.md) - OAuth API integration, MCP server, SOPS vault creds, project/task CRUD -- [Client Docs Structure](reference_client_docs_structure.md) - clients//docs/ layout (overview, network, servers, cloud, security, rmm, issues). Template at clients/_client_template/. -- [MSP Audit Scripts](reference_msp_audit_scripts.md) - server_audit.ps1 / workstation_audit.ps1 at projects/msp-tools/msp-audit-scripts/. ScreenConnect 80-char rule. +- [Client Docs Structure](reference_client_docs_structure.md) — clients//docs/ layout (overview, network, servers, cloud, security, rmm). Template: clients/_client_template/. +- [MSP Audit Scripts](reference_msp_audit_scripts.md) — server_audit.ps1 / workstation_audit.ps1 at projects/msp-tools/msp-audit-scripts/. - [GuruRMM Server Layout](reference_gururmm_server.md) - SSH as `guru`, repo at /home/guru/gururmm, deploy to /var/www/gururmm/dashboard/ -- [GuruRMM API — run script on agent](reference_gururmm_api.md) - POST /api/agents/:id/command with command_type=powershell + command text; poll /api/commands/:id for stdout/stderr. Use instead of ScreenConnect copy-paste. -- [Pluto Build Server](reference_pluto_build_server.md) - General-purpose Windows build VM, 172.16.3.36, SSH as Administrator, MSVC toolchain — use for any EXE (utilities, Howard's tools, GuruRMM agent) +- [GuruRMM API — run script on agent](reference_gururmm_api.md) — POST /api/agents/:id/command (command_type=powershell); poll /api/commands/:id for output. Beats ScreenConnect copy-paste. +- [Pluto Build Server](reference_pluto_build_server.md) — Windows build VM, 172.16.3.36, SSH Administrator, MSVC + WiX. Use for any EXE/MSI build. ## Users -- [Howard Enos](user_howard.md) — Mike's brother, technician, full trust/access. Machines: ACG-TECH03L (laptop), Howard-Home (desktop) — authoritative list in users.json. +- [Howard Enos](user_howard.md) — Mike's brother, technician, full access. Machines: ACG-TECH03L, Howard-Home (authoritative in users.json). ## Feedback - [Attribution is read, never inferred](feedback_attribution_from_identity.md) — Who-did-what (user+machine) comes ONLY from identity.json + users.json + git authorship. Never infer from hostname patterns, the userEmail hint, or memory. The "5070" box is Mike's. sync.sh reconciles git config to identity.json; /save renders the User block via whoami-block.sh. @@ -49,11 +48,15 @@ - [Clear-RecycleBin fails silently as SYSTEM](feedback_clear_recyclebin_system_context.md) — RMM-dispatched cleanup scripts cannot use `Clear-RecycleBin -Force`; the cmdlet uses Shell COM and silently no-ops without an interactive desktop. Enumerate `C:\$Recycle.Bin\\*` directly. Hit on ASSISTMAN-PC 2026-05-08. - [Cascades — ask security group on user creation](feedback_cascades_user_security_group.md) — When creating any Cascades user, always ask which security group(s) they go in. Deliberate per-user decision; an OU→group auto-mirror was explicitly declined 2026-05-14. OU = sync scope; group = access/CA decision. - [Cascades folder redirect — fdeploy failure/recovery](feedback_cascades_folder_redirect.md) — Must pre-create subfolders before first logon. fdeploy caches failures silently. Recovery: fix-shell-redirect.ps1. Both GUID and legacy name keys required. +- [Graph CA policy reads are eventually consistent](feedback_graph_ca_policy_eventual_consistency.md) — After PATCHing a CA policy (204), wait ~5s before GET-verifying; immediate reads can be stale. +- [Graph password reset needs a privileged role](feedback_graph_password_reset_requires_role.md) — PATCH passwordProfile on an existing user 403s without a directory role; User.ReadWrite.All alone only sets a password at CREATE. +- [Vault writes — do the full sequence yourself](feedback_complete_vault_operations_end_to_end.md) — A vault entry = write plaintext → sops -e -i → git add/commit/push, all of it; don't stop at "encrypted on disk." - [GuruRMM dev is Mike's, not Howard's](feedback_rmm_dev_is_mike.md) — Never route RMM dev/bug coord notes to Howard (0 RMM commits by him). Howard only submits RMM feature requests; GuruScan is his project, RMM is not. ## Machine - [GURU-5070 Workstation Setup](reference_workstation_setup.md) - Mike's primary (owner confirmed 2026-05-26). Windows 11 Pro. Renamed from OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070; all the same box, all Mike's. +- [GURU-BEAST-ROG Setup Status](machine_windows_guru_setup_status.md) — Windows workstation fully configured except SSH key deployment to servers. ## Pending Setup - [Mac gururmm setup pending](project_mac_gururmm_setup_pending.md) — ACTION REQUIRED: run `bash scripts/install-hooks.sh` in gururmm repo on Mikes-MacBook-Air before any RMM work @@ -68,3 +71,7 @@ - [Dataforth Test Datasheet Pipeline](project_datasheet_pipeline.md) - Full pipeline rebuilt 2026-03-27. Server-side generation replaces DFWDS/Uploader. Website upload still broken. - [Dataforth Security Incident](project_dataforth_incident_2026-03-27.md) - DF-JOEL2 compromised, MFA deployed, IC3 filed. CA policies enforce April 4. - [Radio show co-host — Tara, not Tom](radio_show_no_cohost_named_tom.md) — Co-host in 2014-s6e19 and 2016-s8e43 is Tara. "Tom" was hallucinated; rename complete. Multiple co-hosts have rotated through the show. +- [Cascades admin accounts](project_cascades_admin_accounts.md) — Howard uses sysadmin@cascadestucson.com, Mike uses admin@cascadestucson.com; daily admin, NOT break-glass. +- [Cascades CA phased rollout](project_cascades_ca_phased_rollout.md) — Caregiver CA policies scoped to SG-Caregivers-Pilot, expand by dept; PATCH excludeGroups, never delete the all-users-MFA policy. +- [Cascades caregiver pilot cleanup](project_cascades_pilot_cleanup.md) — Remove pilot accounts (pilot.test@, howard.enos@) at the end of the caregiver bypass pilot. +- [Proposal: centralize config in identity.json](proposal_identity_centralization.md) — Rationale for the identity.json machine-config centralization (claudetools_root, ollama/python); now implemented. diff --git a/.claude/memory/approval-workflow-tools-vs-projects.md b/.claude/memory/approval-workflow-tools-vs-projects.md index 732b226..d886dd1 100644 --- a/.claude/memory/approval-workflow-tools-vs-projects.md +++ b/.claude/memory/approval-workflow-tools-vs-projects.md @@ -1,3 +1,9 @@ +--- +name: Approval workflow — tools vs projects +description: General MSP tools (remediation, onboard scripts) — Howard can modify or Claude runs with Howard/Mike approval. Projects (GuruRMM) require Mike approval; features→roadmap, bugs→bug list. +type: feedback +--- + # Approval Workflow: Tools vs Projects **Created:** 2026-04-29 diff --git a/.claude/memory/feedback_syncro_appointment_date_check.md b/.claude/memory/feedback_syncro_appointment_date_check.md index 4edad18..c141e47 100644 --- a/.claude/memory/feedback_syncro_appointment_date_check.md +++ b/.claude/memory/feedback_syncro_appointment_date_check.md @@ -1,3 +1,9 @@ +--- +name: Syncro — verify appointment date day-of-week +description: Before creating any Syncro appointment, verify the computed date falls on the intended weekday (py datetime) and show the day name in the preview. Wrong-day incident #32312 2026-05-21. +type: feedback +--- + # Syncro — Verify appointment date day-of-week before creating **Rule:** Before creating any Syncro appointment, always verify that the computed date diff --git a/.claude/memory/gururmm-development-principles.md b/.claude/memory/gururmm-development-principles.md index 61d593e..ff76578 100644 --- a/.claude/memory/gururmm-development-principles.md +++ b/.claude/memory/gururmm-development-principles.md @@ -1,3 +1,9 @@ +--- +name: GuruRMM Development Principles +description: Every GuruRMM feature is full-stack (backend+API+UI+docs+scalability); product works without AI; the FEATURE_ROADMAP entry update is part of definition-of-done. Mirrors guru-rmm/docs/DESIGN.md. +type: project +--- + # GuruRMM Development Principles **Created:** 2026-04-29 diff --git a/.claude/memory/proposal_identity_centralization.md b/.claude/memory/proposal_identity_centralization.md index e12533a..9638a10 100644 --- a/.claude/memory/proposal_identity_centralization.md +++ b/.claude/memory/proposal_identity_centralization.md @@ -1,3 +1,9 @@ +--- +name: Proposal — centralize machine config in identity.json +description: Rationale for moving per-machine config (ollama endpoint/model, python cmd, platform, claudetools_root) into identity.json instead of per-script detection. Implemented 2026-05-27. +type: project +--- + # Proposal: Centralize Machine-Specific Config in identity.json ## Problem diff --git a/.claude/memory/syncro_invoice_verification_pattern.md b/.claude/memory/syncro_invoice_verification_pattern.md index 74ee3e2..4c3cc50 100644 --- a/.claude/memory/syncro_invoice_verification_pattern.md +++ b/.claude/memory/syncro_invoice_verification_pattern.md @@ -1,3 +1,9 @@ +--- +name: Syncro API — invoice verification pattern +description: The /invoices?customer_id=X list endpoint returns no ticket linkage; query individual invoices (/invoices/{number}) for ticket_id. Compare by ticket ID, not number. +type: reference +--- + # Syncro API: Correct Invoice Verification Pattern **Created:** 2026-04-30