sync: auto-sync from GURU-5070 at 2026-05-30 11:51:56

Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-05-30 11:51:56
2026-05-30 11:52:03 -07:00
parent 7d600a0d9f
commit 2460d52b48
4 changed files with 73 additions and 1 deletions
--- a/.claude/memory/MEMORY.md
+++ b/.claude/memory/MEMORY.md
@@ -1,6 +1,7 @@
 # Memory Index
 ## Reference
 - [GURU-5070 Rust toolchain](reference_guru5070_rust_toolchain.md) — GURU-5070 now has cargo + MSVC + protoc; build/clippy/test guru-connect LOCALLY (set PROTOC to the winget path) instead of the build host. CI only clippy-checks the Linux server, not the Windows agent.
 - [ACG Office Network Infrastructure](infra_office_network.md) — IPs/hosts/roles for pfSense/Jupiter/VMs/Docker. Check before assuming; .21 (Uranus) is storage.
 - [Power Failure Runbook](../POWER_FAILURE_RUNBOOK.md) — Recovery order after a power event: Tailscale routes, libvirt/VMs, Seafile, NPM/DNS.
 - [Syncro API — Invoice Verification Pattern](syncro_invoice_verification_pattern.md) — /invoices?customer_id=X returns no ticket linkage; query /invoices/{number} for ticket_id. Compare by ticket ID, not number.
--- a/.claude/memory/reference_guru5070_rust_toolchain.md
+++ b/.claude/memory/reference_guru5070_rust_toolchain.md
@@ -0,0 +1,26 @@
 ---
 name: reference_guru5070_rust_toolchain
 description: GURU-5070 has the full local Rust toolchain (cargo + MSVC + protoc) — build/clippy/test the guru-connect workspace LOCALLY instead of the build host; set PROTOC first
 metadata:
  type: reference
 ---
 As of 2026-05-30, GURU-5070 has the full Rust dev toolchain installed, so GuruConnect can be
 built/linted/tested locally — **no more build-host (172.16.3.30) round-trips just for `cargo fmt`/clippy.**
 - **cargo/rustc/clippy/rustfmt:** `C:\Users\guru\.cargo\bin\` (rustup; cargo 1.96, rustfmt 1.9, clippy 0.1.96).
 - **MSVC C++ Build Tools:** VS2022 BuildTools (VCTools workload) — provides the `x86_64-pc-windows-msvc` linker.
 - **protoc:** 35.0 via winget. The build.rs prost codegen needs it — **set the env var first:**
  `$env:PROTOC = "C:\Users\guru\AppData\Local\Microsoft\WinGet\Packages\Google.Protobuf_Microsoft.Winget.Source_8wekyb3d8bbwe\bin\protoc.exe"` (also set persistently as a User env var).
 - Default target is `x86_64-pc-windows-msvc` (per the repo `.cargo/config.toml`), so this machine builds BOTH
  the server AND the Windows agent — better coverage than the Linux build host, which can't compile the agent.
 - **Local gates that mirror CI** (run from the guru-connect dir with PROTOC set):
  `cargo fmt --all`, `cargo clippy --workspace --all-targets --all-features -- -D warnings`,
  `cargo test --workspace`, `cargo build --workspace`. Local rustfmt agrees with CI (verified — no skew).
 - **CI gap to know:** CI only runs clippy on the **Linux server** build; the Windows **agent** crate is never
  clippy-checked in CI (let 77 errors accumulate, cleaned up 2026-05-30). Todo to add agent clippy to the
  build-agent (Pluto) job. So: clippy the agent LOCALLY before committing.
 **How to apply:** when a Coding Agent works on GuruConnect Rust, have it self-verify with the local toolchain
 (set PROTOC, run the four gates, iterate to green) and commit CI-green code — don't delegate fmt/clippy to the
 build host. See [[project_guruconnect_v2_direction]].
--- a/projects/msp-tools/guru-connect
+++ b/projects/msp-tools/guru-connect
--- a/session-logs/2026-05-30-session.md
+++ b/session-logs/2026-05-30-session.md
@@ -97,3 +97,48 @@ The session closed with a `/sync` (pulled four of Howard's auto-sync commits) an
 - **Commit SHAs — claudetools:** `e8ac759`, `df6a2dd`, `e5ccb6a`, `c670471`, `c70cd70` (gc-audit skill).
 - **Coord todos (guruconnect):** done — `faf39fe0`, `c8916c89`; open — `9a462965`, `3c1f372a`, `542137df`.
 - **Radio episode:** `projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md`.
 ---
 ## Update: 11:49 PT — GuruConnect v2 Phase 1 COMPLETED (Tasks 5-7, trusted-proxy fix) + local Rust toolchain
 ### Session Summary (this update)
 Continued from the morning save and completed all of GuruConnect v2 Phase 1 (the secure-session-core). After the morning's Tasks 1-4 + authz split, this block delivered, in order: the trusted-proxy client-IP fix, Task 5 (attended consent), a local Rust toolchain on GURU-5070, the agent-crate clippy cleanup, Task 6 (full key fidelity — the headline), and Task 7 (HW H.264 + negotiated raw fallback). Each followed the Coding Agent (Opus) → Code Review (Opus) → commit loop. Phase 1 is now complete; every CRITICAL and HIGH from the 2026-05-29 audit is remediated in code.
 Trusted-proxy fix (todo 3c1f372a): GC runs behind NPM on loopback, so axum `ConnectInfo` was always 127.0.0.1 — the Task-4 rate limiter/lockout bucketed every external client into one key (one abuser could lock out everyone). Added shared `utils::ip_extract::client_ip` honoring X-Real-IP / rightmost-untrusted X-Forwarded-For ONLY when the TCP peer is a configured trusted proxy (`CONNECT_TRUSTED_PROXIES` env, default loopback, fail-closed); wired into the limiter, relay, and audit logging. Task 5 (consent): proto `ConsentRequest`/`ConsentResponse`; the server gates an attended session at `join_session` (invisible to the tech until granted; `StartStream` only fires from `join_session`, so an unconsented session never streams), 60s timeout → teardown, Windows MessageBox dialog (fail-closed).
 Mid-session, installed a full local Rust toolchain on GURU-5070 (rustup/cargo 1.96, MSVC C++ Build Tools, protoc 35.0 via winget; `PROTOC` env set), ending the per-task build-host round-trips. This Windows machine builds BOTH the server and the Windows agent locally — better coverage than the Linux build host, which can't compile the agent. The local clippy immediately exposed that CI never clippy-checks the agent crate (build-server clippy is Linux-only; build-agent only runs `cargo build`); 77 pre-existing agent clippy errors had accumulated. Cleaned them up (commit d0de888, behavior-preserving, code-reviewed) and filed a todo to add agent-clippy to CI.
 Task 6 (full key fidelity — headline): `WH_KEYBOARD_LL` hook on the viewer diverts system combos (Win/Win+R, Alt+Tab, Ctrl+Esc) to the remote as full `KeyEvent`s and suppresses local handling, GATED on viewer focus + a toggle so it never bricks the technician's own keyboard; scan-code `SendInput` with correct extended-key flags; Ctrl+Alt+Del completes through the SAS helper (SYSTEM `SendSAS`, `SoftwareSASGeneration` policy); modifier hygiene re-syncs key-ups on focus loss. Review caught a BLOCKER — the hook wasn't focus-scoped — fixed. Task 7 (codec, last): encoder trait + factory; capability negotiation (`AgentStatus.supports_h264` + server `select_video_codec` + `StartStream.video_codec`); MF H.264 encoder + viewer decoder (FIRST-CUT, compile-verified-only, default-OFF via `DEFAULT_PREFER_H264=false`); raw+Zstd byte-for-byte unchanged as the guaranteed default. Task 6/7 were authored AND verified locally (fmt/clippy/test/build) — the toolchain payoff.
 ### Key Decisions (this update)
 - Installed the local Rust+MSVC+protoc toolchain on GURU-5070 to end build-host round-trips; Coding Agents now self-verify locally and hand back CI-green code. Recorded in memory `reference_guru5070_rust_toolchain`.
 - Cleaned the 77 pre-existing agent clippy errors BEFORE Task 6 (which edits agent code) so the local clippy loop runs on a clean base; filed a CI todo (CI never lints the agent).
 - Trusted-proxy IP: honor forwarding headers ONLY from a configured trusted-proxy allowlist (default loopback), fail-closed; never trust a header from an untrusted (spoofable) peer.
 - Task 6 hook focus-gated (`VIEWER_FOCUSED` AtomicBool, set from `WindowEvent::Focused`) so it diverts system keys only when the viewer window is focused. SAS named-pipe DACL tightened from NULL/Everyone to Authenticated Users.
 - Task 7 ships H.264 dormant (`DEFAULT_PREFER_H264=false`): raw+Zstd is what runs; H.264 is compile-verified-only until live hardware validation (Task 8). `unsafe impl Send for H264Encoder` verified sound (session future is `block_on`-driven, never `spawn`ed).
 ### Problems Encountered (this update)
 - Local clippy (cargo 1.96, newer than CI's 1.94) exposed 77 pre-existing agent clippy errors CI never caught → cleaned up + filed the CI-gap todo. (Local rustfmt 1.9 vs CI 1.8: empirically verified NO skew — `cargo fmt --check` clean on the CI-green HEAD.)
 - Task 6 Code Review BLOCKER: the `WH_KEYBOARD_LL` hook diverted system combos regardless of viewer focus, so an unfocused viewer would swallow the technician's own Win/Alt+Tab/Ctrl+Esc → fixed with the focus gate.
 - Coord lock-release jq one-liner failed (locks endpoint shape); left to auto-expire (harmless). Em-dash in a todo POST failed again ("error parsing the body") → ASCII-only retry.
 - Bash-tool CWD persisted into the `guru-connect` submodule from `git apply` calls, so a relative `.claude/scripts/...` path resolved wrong; use absolute paths.
 ### Configuration Changes (this update)
 **guru-connect:** new `server/src/utils/ip_extract.rs` (trusted-proxy client-IP); new `agent/src/consent/mod.rs` (Task 5); new `agent/src/encoder/{h264,capability,color}.rs` + `agent/src/viewer/decoder.rs` (Task 7). Modified across server (relay, session, middleware/rate_limit+mod, main, auth, db/{machines,sessions,events,users}, api) and agent (viewer/{input,render,mod}, input/{keyboard,mod}, session, bin/sas_service, ~22 files in the clippy sweep), proto/guruconnect.proto, agent/Cargo.toml, Cargo.lock (pruned), and the plan.md task markers.
 **claudetools:** new memory `.claude/memory/reference_guru5070_rust_toolchain.md` + MEMORY.md index line.
 **GURU-5070 machine:** rustup (cargo 1.96 at `~/.cargo/bin`), VS2022 Build Tools (VCTools workload), protoc 35.0 (winget). `PROTOC` set as a User env var.
 ### Commands & Outputs (this update)
 - Local GC verify (PowerShell, from the guru-connect dir): `$env:PROTOC="C:\Users\guru\AppData\Local\Microsoft\WinGet\Packages\Google.Protobuf_Microsoft.Winget.Source_8wekyb3d8bbwe\bin\protoc.exe"; cargo fmt --all; cargo clippy --workspace --all-targets --all-features -- -D warnings; cargo test --workspace; cargo build --workspace` — all green (Task 7: 89 tests). Default target is `x86_64-pc-windows-msvc`; builds server + agent.
 - `winget install Rustlang.Rustup` / `Microsoft.VisualStudio.2022.BuildTools` (`--override "--add Microsoft.VisualStudio.Workload.VCTools --includeRecommended"`) / `Google.Protobuf`.
 ### Pending / Incomplete Tasks (this update)
 - **GC v2 Phase 1 is COMPLETE (Tasks 1-7).** Next: **Task 8 — live hardware validation** (esp. the H.264 first-cut go-live gates), then **Phase 2** (file transfer + dashboard + web viewer — v2 has NO operator dashboard yet, so it is NOT a full v1 replacement until Phase 2), **Phase 3** (`/api/integration/v1/` RMM contract), **Phase 4** (multi-tenancy switch-on).
 - **Open coord todos (guruconnect):** `9a462965` (viewer-token revocation on logout), `542137df` (multi-instance fail-closed DB single-use gate), `addd7eea` (add agent-clippy to the build-agent CI job), + the H.264-go-live gating todo (live-validate, real force-IDR via CODECAPI, document the no-spawn invariant, graceful decode-worker spawn). **Closed this update:** `3c1f372a` (trusted-proxy).
 - **GC v2 deploy:** `deploy.yml` SSH step still a stub; v1→v2 cutover deferred until at least Phase 2 (needs the dashboard).
 ### Reference Information (this update)
 - **New commit SHAs — guru-connect:** `5d5cd26`+`8cb0b5b` (trusted-proxy IP), `9082e11`+`fbf9e26` (Task 5 consent), `d0de888` (agent clippy cleanup), `bb73ba6` (Task 6 key fidelity), `f9bdecb` (Task 7 codec).
 - **Local toolchain memory:** `.claude/memory/reference_guru5070_rust_toolchain.md`.
 - **Plan (source of truth):** `guru-connect/specs/v2-secure-session-core/plan.md` (Tasks 1-7 all marked done/implemented).