sync: auto-sync from GURU-5070 at 2026-07-02 06:23:34
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-07-02 06:23:34
This commit is contained in:
2
.gitignore
vendored
2
.gitignore
vendored
@@ -145,3 +145,5 @@ temp/
|
||||
.invcfg
|
||||
.inv/
|
||||
.one.json
|
||||
.rmm-token
|
||||
.rmm-url
|
||||
|
||||
@@ -21,6 +21,10 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
|
||||
2026-07-02 | GURU-BEAST-ROG | self-check/registry-trim | [friction] trimmed skill registry locally while GURU-5070 shipped the same trim upstream; auto-sync merge raced my uncommitted edits (transient UU state, stale 15777 reading mid-merge); fix: check coord / claim a lock before fleet-wide harness edits [ctx: ref=coord-locks]
|
||||
|
||||
2026-07-02 | GURU-5070 | bash/env | [friction] referenced $RMM/$TOKEN from prior Bash call; env does not persist between calls - re-auth inline [ctx: ref=CLAUDE.md shell-env rule]
|
||||
|
||||
2026-07-02 | GURU-5070 | cargo/windows-msvc-linker | [friction] cargo check on GURU-5070 fails 'linker link.exe not found' (MSVC linker not on PATH / vcvars64.bat not found under VS roots) - blocks local server typecheck; memory reference_guru5070_rust_toolchain claims MSVC present. Build on the pipeline/Linux host instead. [ctx: ref=reference_guru5070_rust_toolchain host=GURU-5070]
|
||||
|
||||
2026-07-01 | GURU-5070 | bash/msys-pathconv | [friction] cmd.exe /c from Git-bash: MSYS converted /c to C: and opened an interactive cmd (2min timeout); use powershell.exe directly or MSYS_NO_PATHCONV=1 [ctx: ref=msys-path-conversion-family]
|
||||
|
||||
2026-07-01 | GURU-5070 | bash/jq-windows | [friction] jq --rawfile with /dev/stdin fails on Windows jq (no /proc); build JSON from a shell var with jq -n --arg instead
|
||||
|
||||
@@ -353,3 +353,95 @@ GCM shadowing); parent gitlink advances with this /save.
|
||||
- Syncro #32451 internal id 112986219, comment 421704524; customer Birth Biologic 17983014.
|
||||
- Submodule commit a35bd1bf1758ac462abdf05bdd9ee6a1c7b427ee (acg-discord-bot main).
|
||||
- Bot model verification log lines: 2026-07-01 20:01:07 "Claude model: claude-fable-5".
|
||||
|
||||
## Update: 2026-07-02 06:22 PT — CrowdStrike Falcon spec + framework build (Tasks 0-3)
|
||||
|
||||
### Session Summary
|
||||
|
||||
Continued the CrowdStrike thread. Added the developer.crowdstrike.com API reference to the
|
||||
RMM_THOUGHTS entry (OAuth2, Sensor Download + Installation Tokens for install, Hosts/RTR/
|
||||
policy for management), then ran `/shape-spec` to produce a full spec at
|
||||
projects/msp-tools/guru-rmm/specs/crowdstrike-falcon/ (plan/shape/references/standards).
|
||||
Mike's shaping input: multi-tenant per-client CIDs from day one; MODULAR — each partner
|
||||
enables with their own API creds/region; RTR + alert ingestion OUT of scope; creds handled
|
||||
safely; uniform plugin framework preferred; P1, needs a draft very soon. Design decision:
|
||||
build CrowdStrike as plugin #1 on a vendor-agnostic integrations framework (generalizes the
|
||||
proven mspbackups shape) rather than a one-off.
|
||||
|
||||
Then implemented the server half, Tasks 0-3, each committed + pushed to guru-rmm main and
|
||||
VERIFIED green by the pipeline (CI [ci-version-bump] on top of each = successful Linux
|
||||
server build — the real compile gate; local cargo check is blocked on GURU-5070 by a
|
||||
missing MSVC linker, logged as friction against reference_guru5070_rust_toolchain):
|
||||
- Task 1 (8b75274): migration 065 — 5 vendor-agnostic tables (integrations,
|
||||
integration_credentials [reuses credentials TEXT/base64 encryptor shape],
|
||||
integration_client_mappings, integration_sync_state, integration_agent_links), per-
|
||||
partner, all IF NOT EXISTS.
|
||||
- Task 2 (cac7e1d): IntegrationPlugin trait (axum::async_trait, object-safe) + PluginRegistry
|
||||
+ credential encrypt/decrypt chokepoint (crypto::Encryptor) + full runtime-sqlx DB layer.
|
||||
KEY FINDING: codebase uses RUNTIME sqlx queries, not query! macros -> NO .sqlx regen ever
|
||||
needed for this feature.
|
||||
- Task 3 (6c83a03): generic /api/integrations REST (list/upsert/delete/credentials[encrypt
|
||||
chokepoint, GET returns configured-bool only]/test[dispatch to plugin]/mappings/sync-state);
|
||||
added registry: Arc<PluginRegistry> to AppState.
|
||||
|
||||
Also: restarted the BEAST Discord bot service (came back up on claude-fable-5 21:15). Server
|
||||
framework (Tasks 1-3) complete + building; next is Task 4 (CrowdStrike client: OAuth2 +
|
||||
region + Sensor Download/Installation Tokens/Hosts wrappers, test_connection + sync).
|
||||
|
||||
### Key Decisions
|
||||
|
||||
- Vendor-agnostic framework FIRST (5 generic tables + trait + registry + generic API), so
|
||||
SentinelOne/Guardz/etc. are new modules not new schema. Matches Mike's "modular" + the
|
||||
roadmap Integrations Center design principle.
|
||||
- Encrypted-cred columns are TEXT/base64 (matches crypto.rs Encryptor + credentials table),
|
||||
NOT BYTEA as references.md loosely wrote.
|
||||
- Runtime sqlx (no query! macros) -> no .sqlx cache churn; big de-risk.
|
||||
- Pipeline build is the compile gate (build-pipeline standard); each task pushed by explicit
|
||||
SHA + rebased over concurrent CI version-bumps; verified green via the version-bump marker.
|
||||
- v1 single-partner resolution (SELECT id FROM partners ... LIMIT 1) like mspbackups; schema
|
||||
carries partner_id everywhere for later multi-partner scoping.
|
||||
- Containment/lift is the one management WRITE kept in v1 scope; RTR + alerts deferred.
|
||||
|
||||
### Problems Encountered
|
||||
|
||||
- Local cargo check blocked: no MSVC link.exe on GURU-5070 (vcvars64.bat not found under VS
|
||||
roots) — env, not code. Used the pipeline (Linux) as the gate; logged friction.
|
||||
- JWT roles decode: exchange-op earlier task needed base64url (tr _- /+ + pad); noted.
|
||||
- Repeated non-fast-forward pushes from CI [ci-version-bump] commits landing between my
|
||||
pushes — rebased onto origin/main each time and pushed by SHA.
|
||||
|
||||
### Configuration Changes
|
||||
|
||||
- projects/msp-tools/guru-rmm (submodule, main):
|
||||
- specs/crowdstrike-falcon/{plan,shape,references,standards}.md (new, dd646f6)
|
||||
- server/migrations/065_integrations_framework.sql (new)
|
||||
- server/src/db/integrations.rs (new), server/src/db/mod.rs (+pub mod)
|
||||
- server/src/integrations/mod.rs (new), server/src/main.rs (mod + AppState.registry)
|
||||
- server/src/api/integrations.rs (new), server/src/api/mod.rs (+pub mod + routes)
|
||||
- docs/RMM_THOUGHTS.md (+CrowdStrike thought + API reference)
|
||||
- errorlog.md: +1 friction (MSVC linker).
|
||||
|
||||
### Commands & Outputs
|
||||
|
||||
- Spec commit dd646f6; Task1 8b75274; Task2 cac7e1d; Task3 6c83a03 (all guru-rmm main,
|
||||
pipeline-green via ci-version-bump).
|
||||
- Push pattern: commit -> git rebase origin/main -> git push origin <sha>:refs/heads/main
|
||||
-> git ls-remote verify; poll origin/main for ci-version-bump = build OK.
|
||||
|
||||
### Pending / Incomplete Tasks
|
||||
|
||||
- Task 4: server/src/integrations/crowdstrike/{mod,client}.rs — OAuth2 client-credentials +
|
||||
region base URL map (US-1/US-2/EU-1/US-GOV), Sensor Download + Installation Tokens + Hosts
|
||||
wrappers; implement test_connection + sync.
|
||||
- Task 5: register CrowdStrikePlugin in PluginRegistry::build() + sync worker in main.rs.
|
||||
- Task 6: deploy job (migration 066) + agent-side install (Task 7, Win first).
|
||||
- Task 8: dashboard (Integrations page + Falcon panels). Task 9: e2e verification.
|
||||
- Parent gitlink for guru-rmm still lagging; advance on a later /sync if desired.
|
||||
|
||||
### Reference Information
|
||||
|
||||
- Spec dir: projects/msp-tools/guru-rmm/specs/crowdstrike-falcon/ (plan.md = source of truth,
|
||||
[DONE] markers per task).
|
||||
- CrowdStrike API: developer.crowdstrike.com/api-reference (OAuth2 client creds; Sensor
|
||||
Download 13 ops, Installation Tokens 9, Hosts 10, Host Group 9; regional base URLs).
|
||||
- guru-rmm main after Task 3 + CI bump: ea148e4.
|
||||
|
||||
Reference in New Issue
Block a user