azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-17 11:44:54

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-17 11:44:54
This commit is contained in:
Mike Swanson
2026-06-17 11:45:09 -07:00
parent 388f66ca11
commit 2ad2f5b5b7
1 changed files with 142 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
session-logs/2026-06/2026-06-17-mike-unifi-cloud-connector-ai-tooling.md Normal file
View File

@@ -0,0 +1,142 @@
# Session - UniFi cloud Site Manager connector (UOS parity), AI-tooling audits + reliability, skill harvest
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
## Session Summary
Continuation of the 2026-06-16/17 MSP+harness day. Opened by finishing the Scileppi Mac
downloads redesign and resolving Syncro #32333 (corrected after a hallucinated/no-preview comment;
re-sent accurately, no charge). Then an error-log review drove two harness fixes: a PowerShell-2
guard in `onboarding-diagnostic.ps1` (it was PS3+ only, crashed on Win7/AMT-PC) and a new
`feedback_windows_quote_stripping` memory consolidating the recurring embedded-double-quote bug.
A large block was an RTFM audit of the second-model / Tier-0 skills against their real docs/APIs:
**grok** had a genuine bug (its multi-agent `web_search` was strangled by the wrapper's blanket
`--no-subagents`) - fixed, plus pinned `-m grok-build` for reasoning modes and corrected doc drift;
**gemini (agy)** audited clean (pinned model still valid); **ollama** had a broken endpoint
auto-detect one-liner in OLLAMA.md (urlopen-as-truthiness raises instead of failing over) - fixed.
Harvested 4 MIT skills from obra/superpowers (the Anthropic pdf/mcp-builder/canvas-design/
theme-factory skills are license-restricted - installed those via the official Claude Code
marketplace instead). Curated the ACG brand kit into the website-showcase project and synced to Gitea.
The centerpiece: a UniFi cloud capability. Mike provided a UniFi Site Manager API key. Mapped the
API empirically + via grok/gemini: `api.ui.com/v1/hosts|sites|devices|isp-metrics` gives fleet
inventory + WAN/ISP telemetry, and - the breakthrough - the **cloud CONNECTOR**
(`/v1/connector/consoles/{id}/proxy/network/...`) reaches each console's LOCAL Network API
remotely with the same account key, including the internal `/stat/device|sta` endpoints. That is
**full UOS parity** (per-radio cu_total airtime, per-client RSSI) for ALL 36 ACG consoles, no UOS
server / no LAN/VPN. Built `gw-sitemanager.sh` (fleet/devices/sites/isp/net) and wired the existing
`model-rank`/`optimize-radios` analyses to the connector via `--console` (new `rf-analyze.py`).
Validated against Cascades through the connector - matched the UOS-Mongo figures exactly (75 APs,
2.4GHz util 65-90%/interf 53-78%, all power-down) after fixing a macs[] gotcha (the report endpoint
returns only ~10 of 77 APs unless you POST the MAC list).
Made `neighbor-collect.sh` connector-capable (name map from the cloud) so disable-analysis works on
remote sites. Researched gateway VPN/Teleport: the connector reaches VPN-server config and Teleport
settings; web search found the Teleport invite-link API (`POST /cmd/teleport`). Finally, on Mike's
must-fix directive, properly fixed the web-search bots (diagnosed from raw output): gemini gets
3-retry+backoff for its intermittent empty turns; grok xsearch (which chronically times out on
multi-part queries) now uses streaming-json and auto-falls-back to gemini search.
## Key Decisions
- **Connector internal stat API = the parity path.** The Site Manager API alone is inventory-only;
the connector proxy to `/proxy/network/api/s/<site>/stat/*` returns the same `ace_stat` depth as
UOS Mongo. Used that for the `net` command and rf-analyze, giving fleet-wide parity beyond UOS.
- **Left the UOS-Mongo path 100% untouched;** the connector path is purely additive (`--console`
flag) - "don't lose functionality."
- **Gemini is the reliable web-search engine; grok xsearch is best-effort with gemini fallback.**
Diagnosed grok's failure as a real multi-agent timeout (xAI-side), so a fallback - not more budget -
is the right fix.
- **Anthropic skills are NOT vendored** (their LICENSE.txt forbids copying/derivatives/redistribution);
installed via the official marketplace per-machine instead. Only MIT (obra) skills were committed.
- **Web search >= blind endpoint-probing** (Mike's correction): probing guesses URLs and mostly 404s;
the searches gave the real leads. Probe only to CONFIRM a search/doc hypothesis; reading our own
config is fine.
## Problems Encountered
- **#32333 hallucinated comment sent without preview** - logged correction+friction; rewrote
accurately, previewed, re-sent.
- **grok xsearch returned empty** - root-caused (RTFM): `web_search` = multi-agent model, killed by
`--no-subagents`. Later found it ALSO times out on heavy queries -> streaming-json + gemini fallback.
- **Cascades connector run showed 10 of 77 APs** - the `/stat/report/*.ap` endpoint defaults to a
small subset; fixed by POSTing `macs:[<all uap macs>]` (now 75, matching UOS).
- **Teleport "no API" was wrong** - I'd probed wrong paths; the real surface is `/rest/setting/teleport`
(config) and `POST /cmd/teleport {"cmd":"invite-link"}` (invites), found via gemini + live verify.
- **Repeated empty captures** from mixing backgrounded ask-grok/gemini (`&`+`wait`) with foreground
work in one Bash call - logged as friction; run AI calls as separate run_in_background tool calls.
- **errorlog rebase conflict** with Howard's auto-sync - resolved by keeping both entries.
## Configuration Changes
New/changed (committed + pushed):
- `.claude/skills/unifi-wifi/scripts/gw-sitemanager.sh` - NEW cloud backend (fleet/host/devices/sites/isp/net/find/raw).
- `.claude/skills/unifi-wifi/scripts/rf-analyze.py` - NEW connector-fed analyzer (rank/optimize).
- `.claude/skills/unifi-wifi/scripts/model-rank.sh`, `optimize-radios.sh` - added `--console [--site]` route.
- `.claude/skills/unifi-wifi/scripts/neighbor-collect.sh` - added `--console [--site]` (connector name map).
- `.claude/skills/unifi-wifi/references/site-manager-api.md` - NEW full catalog (3 tiers + connector + VPN/Teleport).
- `.claude/skills/unifi-wifi/SKILL.md` - Plane 3 (cloud) note.
- `.claude/skills/grok/scripts/ask-grok.sh` - xsearch subagents/yolo fix, grok-build pin, streaming-json + gemini fallback.
- `.claude/skills/grok/SKILL.md` - model/xsearch/fallback notes.
- `.claude/skills/agy/scripts/ask-gemini.sh` - emit_or_fail 3-retry+backoff; version bump.
- `.claude/skills/agy/SKILL.md` - version/verified-date.
- `.claude/OLLAMA.md` - fixed the broken endpoint auto-detect one-liner.
- `.claude/scripts/onboarding-diagnostic.ps1` - PS2 version guard.
- `.claude/skills/{brainstorming,root-cause-tracing,test-driven-development,using-git-worktrees}/` - harvested (MIT).
- `projects/acg-website-showcase/brand-kit/` - curated ACG brand assets (14M).
- Memories: `feedback_windows_quote_stripping`, `feedback_interview_ai_read_docs`,
`feedback_web_search_over_probing`, `reference_unifi_site_manager_api`.
- `docs/CT_THOUGHTS.md` - Thought 2 (web-search reliability, Fixed).
## Credentials & Secrets
Vaulted this session (via vault-helper, encrypted + pushed to the vault repo):
- `services/unifi-site-manager` - UniFi Site Manager / Cloud API key (account owner mike@azcomputerguru.com).
Auth header `X-API-KEY`. Grants remote read of all ~36 ACG consoles + the connector deep path.
- `clients/brooklyn-skybar/udm-ssh` - Brooklyn/Skybar UDM root SSH password (root / vav0neb6vnf7FER-gev),
WAN 67.1.139.219. NOTE: WAN SSH/HTTPS (22/443/8443) is firewalled - reach via the connector, not direct.
## Infrastructure & Servers
- UniFi Site Manager API: base `https://api.ui.com`; connector proxy
`https://api.ui.com/v1/connector/consoles/{hostId}/proxy/network/...`.
- Brooklyn/Skybar console id `E43883325A01...77EA56D0000000063AA61F7:2109856759`, WAN 67.1.139.219,
UDM Pro, 31 devices, OpenVPN server enabled (67.1.115.174:1194), WireGuard server (disabled), Teleport enabled.
- "UOS Server" host id `2d6b654d-9b79-4eaa-b2e1-52062a5690ef` (ext 98.181.90.163), 47 sites; Cascades = site `va6iba3v`.
- Ollama (GURU-5070) localhost:11434 v0.30.8; models qwen3:8b/qwen3.6:latest/qwen3:14b/codestral:22b/nomic-embed-text.
## Commands & Outputs
- Cloud fleet: `bash .claude/skills/unifi-wifi/scripts/gw-sitemanager.sh fleet` (36 consoles).
- Deep parity: `... net "Brooklyn/Skybar" radios|clients`; via UOS Server: `... net "UOS Server" --site va6iba3v ...`.
- Analysis on non-UOS: `model-rank.sh --console "<name>" [--site <s>] [days] [band]` / `optimize-radios.sh --console ...`.
- Cascades validated: `model-rank.sh --console "UOS Server" --site va6iba3v 7 ng` -> 75 APs, matched UOS.
- search-bot e2e: grok xsearch timed out (rc=124) -> `[grok xsearch timed out -> answered via gemini search]` -> real answer.
## Pending / Incomplete Tasks
- **On-demand VPN/tunnel for SSH access** (the open thread to continue): a host running Claude (or a
Linux jump host) brings up the gateway's OpenVPN/WireGuard server config on demand for AP-VLAN reach.
Solid: OpenVPN server config is readable via connector (`networkconf` x_ca_crt/x_shared_client_crt/
x_shared_client_key/x_auth_key + WAN + RADIUS `/rest/account`). Open (settle via web search now that
it works): cleanest per-client `.ovpn`/`.conf` retrieval/download endpoint; WireGuard peer-create flow.
- **Gated `vpn` command** for gw-sitemanager.sh (read VPN/WAN/Teleport; create/modify + Teleport
invite-gen behind DRY-RUN+confirm) - offered, not built.
- Teleport invite gen (`POST /cmd/teleport {"cmd":"invite-link"}`) - found but NOT fired (write).
- Two observations from the ollama audit: GURU-5070 missing from the OLLAMA.md machine table;
syncro/feature-request hardcode qwen3:14b/3.6 instead of identity.json prose_model.
- AMT-PC Bitdefender push (Mike, via Syncro).
## Reference Information
- Commits (origin/main this session, newest first): `9b553179` errorlog, `972bade0` search-bot fix,
earlier: `7e435e31` neighbor-collect connector + VPN/Teleport doc, `47b31dcd` Cascades validation,
`f987812f` rf-analyze, `6fdc21d9` cloud backend, plus grok/gemini/ollama/skill-harvest/brand-kit commits.
- Catalog: `.claude/skills/unifi-wifi/references/site-manager-api.md`.
- Syncro #32333 (Scileppi) internal id 111242786 - Resolved, no charge.
- Marketplace install for Anthropic skills: `/plugin marketplace add anthropics/skills` then
`/plugin install document-skills@anthropic-agent-skills` + `example-skills@anthropic-agent-skills`.