azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-BEAST-ROG at 2026-06-02 09:10:35

Browse Source 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-02 09:10:35
This commit is contained in:
Mike Swanson
2026-06-02 09:10:39 -07:00
parent 551aaf2fe1
commit 25ce5f0439
2 changed files with 107 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
clients/birth-biologic/session-logs/2026-06-02-session.md Normal file
View File

@@ -0,0 +1,102 @@
# Session Log — Birth Biologic / KSTEENBB2025 SmartBadge Watch False Positive
**Date:** 2026-06-02
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-BEAST-ROG
- **Role:** admin
---
## Session Summary
A `[SMARTBADGE-WATCH] DRIFT KSTEENBB2025 FAIL | no RESULT line returned: null` alert fired in Discord's `#dev-alerts` channel. The alert appeared to indicate that Kristin Steen's machine (KSTEENBB2025 at Birth Biologic) had drifted from the fleet reference SmartBadge configuration established during the 2026-05-29 remediation.
Investigation revealed the alert was a false positive caused by a bug in the watch script (`check-ksteen-smartbadge.sh`). The root cause: `jq -r '.stdout'` emits the literal 4-character string `"null"` when the RMM API returns a JSON `null` for the stdout field (which occurs when a command fails or produces no output before the result is fetched). The original script then grepped `"null"` for a `RESULT:` line, found nothing, and fell through to the drift-alert path with `REASON="no RESULT line returned: null"`.
The script was fixed on BEAST and pushed to Gitea. A live re-run of the verify script against KSTEENBB2025 via the GuruRMM API confirmed the machine is clean: `RESULT: PASS` returned in ~8 seconds (2 polls).
---
## Key Decisions
- **False positive classification:** The alert was not treated as real drift — the machine was verified live via a direct RMM dispatch before any remediation was considered. This avoids unnecessary client-side changes.
- **INFRA-ERROR vs DRIFT distinction:** Added a new exit path for commands that never reach a terminal state within the poll window. These are now classified as infrastructure errors and do not fire drift alerts. This prevents transient RMM glitches (slow agent response, command queue delays) from creating noise.
- **Session log location:** Placed in `clients/birth-biologic/` rather than root `session-logs/` because the incident is client-specific (live RMM command on KSTEENBB2025, Birth Biologic Syncro context).
---
## Problems Encountered
- **`jq -r '.stdout'` returns literal `"null"` on JSON null:** Fixed by switching to `.stdout // empty` which coerces JSON null to an empty string. The grep for `RESULT:` then correctly produces no match without triggering the misleading `"no RESULT line returned: null"` message.
- **No log file existed on BEAST:** The scheduled task runs on GURU-5070, not BEAST. The log at `.claude/logs/ksteen-smartbadge.log` lives on GURU-5070's copy of the repo. BEAST had no log to inspect, so the live API re-run was the only diagnostic path available from this machine.
- **Insufficient diagnostic context in original alert:** When stdout was null, the original alert provided no status, exit code, or stderr — making the root cause invisible. Added `status=`, `exit_code=`, and stderr to the no-RESULT diagnostic message.
---
## Configuration Changes
- **Modified:** `.claude/scripts/check-ksteen-smartbadge.sh`
- Switched `jq -r '.stdout'` to `jq -r '.stdout // empty'`
- Added `FINAL_ST` variable to track terminal state after poll loop
- Added `ERR` and `EXIT_CODE` variables from `.stderr // empty` and `.exit_code // empty`
- Added INFRA-ERROR exit path for non-terminal command status (does not count as drift)
- Increased poll window from 20×4s=80s to 30×4s=120s
- Enhanced no-RESULT diagnostic to include status + exit_code + stderr
- Committed: `551aaf2`
---
## Credentials & Secrets
- Vault path accessed: `infrastructure/gururmm-server.sops.yaml` (fields: `credentials.gururmm-api.admin-email`, `credentials.gururmm-api.admin-password`) — for RMM API authentication during live verify
---
## Infrastructure & Servers
- **GuruRMM API:** `http://172.16.3.30:3001`
- **KSTEENBB2025:** Kristin Steen's workstation at Birth Biologic
- Agent ID: `ee3c6aea-e9cc-4d2f-9e79-a38dd0eb129e`
- Status at time of check: `online`, last seen `2026-06-02T16:06:32Z`
- **Coord API:** `http://172.16.3.30:8001`
- **Scheduled task:** "ClaudeTools - KSTEEN SmartBadge Daily" on GURU-5070 — runs `check-ksteen-smartbadge.sh` daily
---
## Commands & Outputs
**Live verify dispatch (from BEAST):**
```
CID: e88e1ee7-4f08-4d7c-b176-c91b38d661d2
poll 1: running
poll 2: completed
FINAL STATUS: completed
STDOUT: RESULT: PASS
STDERR: (empty)
EXIT CODE: 0
```
**Commit pushed:**
```
551aaf2 fix(smartbadge-watch): handle null stdout from RMM and add diagnostic context
```
---
## Pending / Incomplete Tasks
- GURU-5070 needs to pull the fix before tomorrow's scheduled run — will happen automatically on the next `/sync` from GURU-5070
- SMARTBADGE-WATCH monitoring continues through 2026-06-05 per coord todo `4a5b09b3`
---
## Reference Information
- Script: `.claude/scripts/check-ksteen-smartbadge.sh`
- Verify script: `.claude/scripts/ksteen-smartbadge-verify.ps1`
- Fix script: `.claude/scripts/ksteen-smartbadge-fix.ps1`
- Commit: `551aaf2`
- Gitea: `https://git.azcomputerguru.com/azcomputerguru/ClaudeTools`
- Wiki: `wiki/clients/birth-biologic.md` (SmartBadge history lines 105-106)
- Original remediation session: `session-logs/2026-05-29-*` on GURU-5070

7
wiki/clients/birth-biologic.md
View File

@@ -2,10 +2,11 @@
type: client type: client
name: birth-biologic name: birth-biologic
display_name: BirthBiologic display_name: BirthBiologic
last_compiled: 2026-05-24 last_compiled: 2026-06-02
compiled_by: DESKTOP-0O8A1RL/claude-main compiled_by: GURU-BEAST-ROG/discord-bot
sources: sources:
- clients/birth-biologic/session-logs/2026-04-21-session.md - clients/birth-biologic/session-logs/2026-04-21-session.md
- clients/birth-biologic/session-logs/2026-06-02-session.md
backlinks: backlinks:
- projects/gururmm - projects/gururmm
--- ---
@@ -112,6 +113,7 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
- **Syncro duplicate comments on #109277420:** Two duplicate comments were noted in the session log. GUI deletion only (no API delete for comments). Verify status next time in ticket view. - **Syncro duplicate comments on #109277420:** Two duplicate comments were noted in the session log. GUI deletion only (no API delete for comments). Verify status next time in ticket view.
- **ITSvcs folder exclusion:** The `ITSvcs` folder on the Datto share is ACG-owned, not client data. Always exclude from any migration or client-facing file audit. - **ITSvcs folder exclusion:** The `ITSvcs` folder on the Datto share is ACG-owned, not client data. Always exclude from any migration or client-facing file audit.
- **GuruRMM command body requirements:** `command_type` field is required (use `"powershell"` for PS scripts). Missing field returns 422. JWT must include `sub`, `role`, `orgs`, `exp`, `iat` claims — any missing claim returns 401. - **GuruRMM command body requirements:** `command_type` field is required (use `"powershell"` for PS scripts). Missing field returns 422. JWT must include `sub`, `role`, `orgs`, `exp`, `iat` claims — any missing claim returns 401.
- **GuruRMM `.stdout` null handling in watch scripts:** `jq -r '.stdout'` emits the literal 4-char string `"null"` when the API returns JSON `null` for stdout. Always use `.stdout // empty` (or `.stdout // ""`) so that a null field becomes an empty string, not the word "null". Affects any script that greps command output for a sentinel line.
- **PS5.1 quirks on BB-SERVER:** No Unicode box-drawing characters (parse error in PS5.1); no `@{} + @{}` hashtable merge (use foreach loop); use `${encodedPath}` not `$encodedPath:` in URL strings (colon interpreted as drive reference). - **PS5.1 quirks on BB-SERVER:** No Unicode box-drawing characters (parse error in PS5.1); no `@{} + @{}` hashtable merge (use foreach loop); use `${encodedPath}` not `$encodedPath:` in URL strings (colon interpreted as drive reference).
## Active Work ## Active Work
@@ -128,6 +130,7 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
| Date | Event | | Date | Event |
|---|---| |---|---|
| 2026-06-02 | Mike (BEAST/discord-bot): SMARTBADGE-WATCH fired a false-positive DRIFT alert. Root cause: `jq -r '.stdout'` emitting literal `"null"` when RMM API returned JSON null stdout. Live re-verify via RMM confirmed KSTEENBB2025 clean (`RESULT: PASS`). Fixed `check-ksteen-smartbadge.sh` (commit `551aaf2`): `.stdout // empty` coercion, INFRA-ERROR vs DRIFT distinction, stderr/exit_code in diagnostics, poll window 80s→120s. |
| 2026-05-29 | Mike: Corrected the SmartBadge fix — Kristin's machine had been left on the *older* Workplace Desktop v8 (diverged from fleet). Revo-removed v8, installed Workplace v10.53.4 (Workplace2), aligned SmartBadge `_CC` add-in/CLSID to EVO-X1, cleared her stuck per-user `LoadBehavior=2`. Verified working. Public tech notes + 1hr warranty on Syncro #32339. Stood up a 7-day daily verification (scheduled task on GURU-5070 + coord todo `4a5b09b3`, expires 2026-06-05). | | 2026-05-29 | Mike: Corrected the SmartBadge fix — Kristin's machine had been left on the *older* Workplace Desktop v8 (diverged from fleet). Revo-removed v8, installed Workplace v10.53.4 (Workplace2), aligned SmartBadge `_CC` add-in/CLSID to EVO-X1, cleared her stuck per-user `LoadBehavior=2`. Verified working. Public tech notes + 1hr warranty on Syncro #32339. Stood up a 7-day daily verification (scheduled task on GURU-5070 + coord todo `4a5b09b3`, expires 2026-06-05). |
| 2026-05-28 | Mike: Initial Kristin Steen SmartBadge remediation (Syncro #32339) — diagnosed dual Workplace2/Workplace Desktop install; **uninstalled the wrong one (Workplace2 v10)**, leaving v8 Desktop (corrected 2026-05-29). | | 2026-05-28 | Mike: Initial Kristin Steen SmartBadge remediation (Syncro #32339) — diagnosed dual Workplace2/Workplace Desktop install; **uninstalled the wrong one (Workplace2 v10)**, leaving v8 Desktop (corrected 2026-05-29). |
| 2026-04-21 | Mike: New client onboarded to GuruRMM (client + site created, vault entry saved). Tenant Admin app consented. sysadmin@birthbiologic.com assigned M365 Business Premium. GuruRMM agent installed on BB-SERVER. Custom Datto→SharePoint migration script built. Supply Management (160 files) migrated via script. SPMT launched for 4 remaining folders. Syncro ticket #109277420 opened. | | 2026-04-21 | Mike: New client onboarded to GuruRMM (client + site created, vault entry saved). Tenant Admin app consented. sysadmin@birthbiologic.com assigned M365 Business Premium. GuruRMM agent installed on BB-SERVER. Custom Datto→SharePoint migration script built. Supply Management (160 files) migrated via script. SPMT launched for 4 remaining folders. Syncro ticket #109277420 opened. |