sync: auto-sync from GURU-5070 at 2026-05-30 11:51:56
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-05-30 11:51:56
This commit is contained in:
@@ -97,3 +97,48 @@ The session closed with a `/sync` (pulled four of Howard's auto-sync commits) an
|
||||
- **Commit SHAs — claudetools:** `e8ac759`, `df6a2dd`, `e5ccb6a`, `c670471`, `c70cd70` (gc-audit skill).
|
||||
- **Coord todos (guruconnect):** done — `faf39fe0`, `c8916c89`; open — `9a462965`, `3c1f372a`, `542137df`.
|
||||
- **Radio episode:** `projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md`.
|
||||
|
||||
---
|
||||
|
||||
## Update: 11:49 PT — GuruConnect v2 Phase 1 COMPLETED (Tasks 5-7, trusted-proxy fix) + local Rust toolchain
|
||||
|
||||
### Session Summary (this update)
|
||||
Continued from the morning save and completed all of GuruConnect v2 Phase 1 (the secure-session-core). After the morning's Tasks 1-4 + authz split, this block delivered, in order: the trusted-proxy client-IP fix, Task 5 (attended consent), a local Rust toolchain on GURU-5070, the agent-crate clippy cleanup, Task 6 (full key fidelity — the headline), and Task 7 (HW H.264 + negotiated raw fallback). Each followed the Coding Agent (Opus) → Code Review (Opus) → commit loop. Phase 1 is now complete; every CRITICAL and HIGH from the 2026-05-29 audit is remediated in code.
|
||||
|
||||
Trusted-proxy fix (todo 3c1f372a): GC runs behind NPM on loopback, so axum `ConnectInfo` was always 127.0.0.1 — the Task-4 rate limiter/lockout bucketed every external client into one key (one abuser could lock out everyone). Added shared `utils::ip_extract::client_ip` honoring X-Real-IP / rightmost-untrusted X-Forwarded-For ONLY when the TCP peer is a configured trusted proxy (`CONNECT_TRUSTED_PROXIES` env, default loopback, fail-closed); wired into the limiter, relay, and audit logging. Task 5 (consent): proto `ConsentRequest`/`ConsentResponse`; the server gates an attended session at `join_session` (invisible to the tech until granted; `StartStream` only fires from `join_session`, so an unconsented session never streams), 60s timeout → teardown, Windows MessageBox dialog (fail-closed).
|
||||
|
||||
Mid-session, installed a full local Rust toolchain on GURU-5070 (rustup/cargo 1.96, MSVC C++ Build Tools, protoc 35.0 via winget; `PROTOC` env set), ending the per-task build-host round-trips. This Windows machine builds BOTH the server and the Windows agent locally — better coverage than the Linux build host, which can't compile the agent. The local clippy immediately exposed that CI never clippy-checks the agent crate (build-server clippy is Linux-only; build-agent only runs `cargo build`); 77 pre-existing agent clippy errors had accumulated. Cleaned them up (commit d0de888, behavior-preserving, code-reviewed) and filed a todo to add agent-clippy to CI.
|
||||
|
||||
Task 6 (full key fidelity — headline): `WH_KEYBOARD_LL` hook on the viewer diverts system combos (Win/Win+R, Alt+Tab, Ctrl+Esc) to the remote as full `KeyEvent`s and suppresses local handling, GATED on viewer focus + a toggle so it never bricks the technician's own keyboard; scan-code `SendInput` with correct extended-key flags; Ctrl+Alt+Del completes through the SAS helper (SYSTEM `SendSAS`, `SoftwareSASGeneration` policy); modifier hygiene re-syncs key-ups on focus loss. Review caught a BLOCKER — the hook wasn't focus-scoped — fixed. Task 7 (codec, last): encoder trait + factory; capability negotiation (`AgentStatus.supports_h264` + server `select_video_codec` + `StartStream.video_codec`); MF H.264 encoder + viewer decoder (FIRST-CUT, compile-verified-only, default-OFF via `DEFAULT_PREFER_H264=false`); raw+Zstd byte-for-byte unchanged as the guaranteed default. Task 6/7 were authored AND verified locally (fmt/clippy/test/build) — the toolchain payoff.
|
||||
|
||||
### Key Decisions (this update)
|
||||
- Installed the local Rust+MSVC+protoc toolchain on GURU-5070 to end build-host round-trips; Coding Agents now self-verify locally and hand back CI-green code. Recorded in memory `reference_guru5070_rust_toolchain`.
|
||||
- Cleaned the 77 pre-existing agent clippy errors BEFORE Task 6 (which edits agent code) so the local clippy loop runs on a clean base; filed a CI todo (CI never lints the agent).
|
||||
- Trusted-proxy IP: honor forwarding headers ONLY from a configured trusted-proxy allowlist (default loopback), fail-closed; never trust a header from an untrusted (spoofable) peer.
|
||||
- Task 6 hook focus-gated (`VIEWER_FOCUSED` AtomicBool, set from `WindowEvent::Focused`) so it diverts system keys only when the viewer window is focused. SAS named-pipe DACL tightened from NULL/Everyone to Authenticated Users.
|
||||
- Task 7 ships H.264 dormant (`DEFAULT_PREFER_H264=false`): raw+Zstd is what runs; H.264 is compile-verified-only until live hardware validation (Task 8). `unsafe impl Send for H264Encoder` verified sound (session future is `block_on`-driven, never `spawn`ed).
|
||||
|
||||
### Problems Encountered (this update)
|
||||
- Local clippy (cargo 1.96, newer than CI's 1.94) exposed 77 pre-existing agent clippy errors CI never caught → cleaned up + filed the CI-gap todo. (Local rustfmt 1.9 vs CI 1.8: empirically verified NO skew — `cargo fmt --check` clean on the CI-green HEAD.)
|
||||
- Task 6 Code Review BLOCKER: the `WH_KEYBOARD_LL` hook diverted system combos regardless of viewer focus, so an unfocused viewer would swallow the technician's own Win/Alt+Tab/Ctrl+Esc → fixed with the focus gate.
|
||||
- Coord lock-release jq one-liner failed (locks endpoint shape); left to auto-expire (harmless). Em-dash in a todo POST failed again ("error parsing the body") → ASCII-only retry.
|
||||
- Bash-tool CWD persisted into the `guru-connect` submodule from `git apply` calls, so a relative `.claude/scripts/...` path resolved wrong; use absolute paths.
|
||||
|
||||
### Configuration Changes (this update)
|
||||
**guru-connect:** new `server/src/utils/ip_extract.rs` (trusted-proxy client-IP); new `agent/src/consent/mod.rs` (Task 5); new `agent/src/encoder/{h264,capability,color}.rs` + `agent/src/viewer/decoder.rs` (Task 7). Modified across server (relay, session, middleware/rate_limit+mod, main, auth, db/{machines,sessions,events,users}, api) and agent (viewer/{input,render,mod}, input/{keyboard,mod}, session, bin/sas_service, ~22 files in the clippy sweep), proto/guruconnect.proto, agent/Cargo.toml, Cargo.lock (pruned), and the plan.md task markers.
|
||||
**claudetools:** new memory `.claude/memory/reference_guru5070_rust_toolchain.md` + MEMORY.md index line.
|
||||
**GURU-5070 machine:** rustup (cargo 1.96 at `~/.cargo/bin`), VS2022 Build Tools (VCTools workload), protoc 35.0 (winget). `PROTOC` set as a User env var.
|
||||
|
||||
### Commands & Outputs (this update)
|
||||
- Local GC verify (PowerShell, from the guru-connect dir): `$env:PROTOC="C:\Users\guru\AppData\Local\Microsoft\WinGet\Packages\Google.Protobuf_Microsoft.Winget.Source_8wekyb3d8bbwe\bin\protoc.exe"; cargo fmt --all; cargo clippy --workspace --all-targets --all-features -- -D warnings; cargo test --workspace; cargo build --workspace` — all green (Task 7: 89 tests). Default target is `x86_64-pc-windows-msvc`; builds server + agent.
|
||||
- `winget install Rustlang.Rustup` / `Microsoft.VisualStudio.2022.BuildTools` (`--override "--add Microsoft.VisualStudio.Workload.VCTools --includeRecommended"`) / `Google.Protobuf`.
|
||||
|
||||
### Pending / Incomplete Tasks (this update)
|
||||
- **GC v2 Phase 1 is COMPLETE (Tasks 1-7).** Next: **Task 8 — live hardware validation** (esp. the H.264 first-cut go-live gates), then **Phase 2** (file transfer + dashboard + web viewer — v2 has NO operator dashboard yet, so it is NOT a full v1 replacement until Phase 2), **Phase 3** (`/api/integration/v1/` RMM contract), **Phase 4** (multi-tenancy switch-on).
|
||||
- **Open coord todos (guruconnect):** `9a462965` (viewer-token revocation on logout), `542137df` (multi-instance fail-closed DB single-use gate), `addd7eea` (add agent-clippy to the build-agent CI job), + the H.264-go-live gating todo (live-validate, real force-IDR via CODECAPI, document the no-spawn invariant, graceful decode-worker spawn). **Closed this update:** `3c1f372a` (trusted-proxy).
|
||||
- **GC v2 deploy:** `deploy.yml` SSH step still a stub; v1→v2 cutover deferred until at least Phase 2 (needs the dashboard).
|
||||
|
||||
### Reference Information (this update)
|
||||
- **New commit SHAs — guru-connect:** `5d5cd26`+`8cb0b5b` (trusted-proxy IP), `9082e11`+`fbf9e26` (Task 5 consent), `d0de888` (agent clippy cleanup), `bb73ba6` (Task 6 key fidelity), `f9bdecb` (Task 7 codec).
|
||||
- **Local toolchain memory:** `.claude/memory/reference_guru5070_rust_toolchain.md`.
|
||||
- **Plan (source of truth):** `guru-connect/specs/v2-secure-session-core/plan.md` (Tasks 1-7 all marked done/implemented).
|
||||
|
||||
Reference in New Issue
Block a user