sync: auto-sync from GURU-5070 at 2026-05-30 15:26:54

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-30 15:26:54

.claude/memory/project_guruconnect_deploy.md

@@ -41,8 +41,11 @@ GOTCHAS (all hit on the 2026-05-30 deploy):
   `WatchdogSec=30s` — so do NOT run `setup-systemd.sh` / copy the repo unit, or v2 restart-loops
   every 30s. Unit: User=guru, EnvironmentFile=server/.env, WorkingDirectory=server/, ProtectSystem=strict.
 - **`CONNECT_TRUSTED_PROXIES`** is a v2 env var (comma-separated IPs; defaults to loopback fail-closed).
-  NPM proxies from `172.16.3.30`, so set `CONNECT_TRUSTED_PROXIES=127.0.0.1,::1,172.16.3.30` in
-  `server/.env` or client-IP extraction (rate-limit-per-IP, logging) is wrong. Only `JWT_SECRET` is hard-required.
+  Public `connect.azcomputerguru.com` ingresses through **NPM on Jupiter (172.16.3.20)**, which forwards to
+  the relay on 172.16.3.30:3002. So set `CONNECT_TRUSTED_PROXIES=127.0.0.1,::1,172.16.3.20` in `server/.env`
+  (the Jupiter NPM hop, NOT the relay host .30 — that was a wrong first guess). Without trusting 172.16.3.20
+  the relay logs every public agent as 172.16.3.20 instead of reading X-Forwarded-For; with it, the real client
+  IP shows (verified: a Pavon agent logged its true public IP 98.172.64.243). Only `JWT_SECRET` is hard-required.
 - **NULL tags bug:** `connect_machines.tags` is `text[]` nullable with no default; v2 decodes it as
   non-`Option`, so rows with NULL tags throw "unexpected null" at reconcile (and likely the Machines
   list). Mitigated with `UPDATE connect_machines SET tags='{}' WHERE tags IS NULL`. Real fix is a