From 3e6f94637762a2e004671dbe35cc12ab10648519 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Thu, 2 Jul 2026 06:24:22 -0700 Subject: [PATCH] sync: auto-sync from GURU-5070 at 2026-07-02 06:23:34 Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-07-02 06:23:34 --- .gitignore | 2 + errorlog.md | 4 + ...6-07-01-mike-self-check-skill-desc-trim.md | 92 +++++++++++++++++++ 3 files changed, 98 insertions(+) diff --git a/.gitignore b/.gitignore index 86cbc0e4..f1cce0e3 100644 --- a/.gitignore +++ b/.gitignore @@ -145,3 +145,5 @@ temp/ .invcfg .inv/ .one.json +.rmm-token +.rmm-url diff --git a/errorlog.md b/errorlog.md index 2ae94ca8..ca9b81c6 100644 --- a/errorlog.md +++ b/errorlog.md @@ -21,6 +21,10 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure · 2026-07-02 | GURU-BEAST-ROG | self-check/registry-trim | [friction] trimmed skill registry locally while GURU-5070 shipped the same trim upstream; auto-sync merge raced my uncommitted edits (transient UU state, stale 15777 reading mid-merge); fix: check coord / claim a lock before fleet-wide harness edits [ctx: ref=coord-locks] +2026-07-02 | GURU-5070 | bash/env | [friction] referenced $RMM/$TOKEN from prior Bash call; env does not persist between calls - re-auth inline [ctx: ref=CLAUDE.md shell-env rule] + +2026-07-02 | GURU-5070 | cargo/windows-msvc-linker | [friction] cargo check on GURU-5070 fails 'linker link.exe not found' (MSVC linker not on PATH / vcvars64.bat not found under VS roots) - blocks local server typecheck; memory reference_guru5070_rust_toolchain claims MSVC present. Build on the pipeline/Linux host instead. [ctx: ref=reference_guru5070_rust_toolchain host=GURU-5070] + 2026-07-01 | GURU-5070 | bash/msys-pathconv | [friction] cmd.exe /c from Git-bash: MSYS converted /c to C: and opened an interactive cmd (2min timeout); use powershell.exe directly or MSYS_NO_PATHCONV=1 [ctx: ref=msys-path-conversion-family] 2026-07-01 | GURU-5070 | bash/jq-windows | [friction] jq --rawfile with /dev/stdin fails on Windows jq (no /proc); build JSON from a shell var with jq -n --arg instead diff --git a/session-logs/2026-07/2026-07-01-mike-self-check-skill-desc-trim.md b/session-logs/2026-07/2026-07-01-mike-self-check-skill-desc-trim.md index ed50d0c4..17a12ff2 100644 --- a/session-logs/2026-07/2026-07-01-mike-self-check-skill-desc-trim.md +++ b/session-logs/2026-07/2026-07-01-mike-self-check-skill-desc-trim.md @@ -353,3 +353,95 @@ GCM shadowing); parent gitlink advances with this /save. - Syncro #32451 internal id 112986219, comment 421704524; customer Birth Biologic 17983014. - Submodule commit a35bd1bf1758ac462abdf05bdd9ee6a1c7b427ee (acg-discord-bot main). - Bot model verification log lines: 2026-07-01 20:01:07 "Claude model: claude-fable-5". + +## Update: 2026-07-02 06:22 PT — CrowdStrike Falcon spec + framework build (Tasks 0-3) + +### Session Summary + +Continued the CrowdStrike thread. Added the developer.crowdstrike.com API reference to the +RMM_THOUGHTS entry (OAuth2, Sensor Download + Installation Tokens for install, Hosts/RTR/ +policy for management), then ran `/shape-spec` to produce a full spec at +projects/msp-tools/guru-rmm/specs/crowdstrike-falcon/ (plan/shape/references/standards). +Mike's shaping input: multi-tenant per-client CIDs from day one; MODULAR — each partner +enables with their own API creds/region; RTR + alert ingestion OUT of scope; creds handled +safely; uniform plugin framework preferred; P1, needs a draft very soon. Design decision: +build CrowdStrike as plugin #1 on a vendor-agnostic integrations framework (generalizes the +proven mspbackups shape) rather than a one-off. + +Then implemented the server half, Tasks 0-3, each committed + pushed to guru-rmm main and +VERIFIED green by the pipeline (CI [ci-version-bump] on top of each = successful Linux +server build — the real compile gate; local cargo check is blocked on GURU-5070 by a +missing MSVC linker, logged as friction against reference_guru5070_rust_toolchain): +- Task 1 (8b75274): migration 065 — 5 vendor-agnostic tables (integrations, + integration_credentials [reuses credentials TEXT/base64 encryptor shape], + integration_client_mappings, integration_sync_state, integration_agent_links), per- + partner, all IF NOT EXISTS. +- Task 2 (cac7e1d): IntegrationPlugin trait (axum::async_trait, object-safe) + PluginRegistry + + credential encrypt/decrypt chokepoint (crypto::Encryptor) + full runtime-sqlx DB layer. + KEY FINDING: codebase uses RUNTIME sqlx queries, not query! macros -> NO .sqlx regen ever + needed for this feature. +- Task 3 (6c83a03): generic /api/integrations REST (list/upsert/delete/credentials[encrypt + chokepoint, GET returns configured-bool only]/test[dispatch to plugin]/mappings/sync-state); + added registry: Arc to AppState. + +Also: restarted the BEAST Discord bot service (came back up on claude-fable-5 21:15). Server +framework (Tasks 1-3) complete + building; next is Task 4 (CrowdStrike client: OAuth2 + +region + Sensor Download/Installation Tokens/Hosts wrappers, test_connection + sync). + +### Key Decisions + +- Vendor-agnostic framework FIRST (5 generic tables + trait + registry + generic API), so + SentinelOne/Guardz/etc. are new modules not new schema. Matches Mike's "modular" + the + roadmap Integrations Center design principle. +- Encrypted-cred columns are TEXT/base64 (matches crypto.rs Encryptor + credentials table), + NOT BYTEA as references.md loosely wrote. +- Runtime sqlx (no query! macros) -> no .sqlx cache churn; big de-risk. +- Pipeline build is the compile gate (build-pipeline standard); each task pushed by explicit + SHA + rebased over concurrent CI version-bumps; verified green via the version-bump marker. +- v1 single-partner resolution (SELECT id FROM partners ... LIMIT 1) like mspbackups; schema + carries partner_id everywhere for later multi-partner scoping. +- Containment/lift is the one management WRITE kept in v1 scope; RTR + alerts deferred. + +### Problems Encountered + +- Local cargo check blocked: no MSVC link.exe on GURU-5070 (vcvars64.bat not found under VS + roots) — env, not code. Used the pipeline (Linux) as the gate; logged friction. +- JWT roles decode: exchange-op earlier task needed base64url (tr _- /+ + pad); noted. +- Repeated non-fast-forward pushes from CI [ci-version-bump] commits landing between my + pushes — rebased onto origin/main each time and pushed by SHA. + +### Configuration Changes + +- projects/msp-tools/guru-rmm (submodule, main): + - specs/crowdstrike-falcon/{plan,shape,references,standards}.md (new, dd646f6) + - server/migrations/065_integrations_framework.sql (new) + - server/src/db/integrations.rs (new), server/src/db/mod.rs (+pub mod) + - server/src/integrations/mod.rs (new), server/src/main.rs (mod + AppState.registry) + - server/src/api/integrations.rs (new), server/src/api/mod.rs (+pub mod + routes) + - docs/RMM_THOUGHTS.md (+CrowdStrike thought + API reference) +- errorlog.md: +1 friction (MSVC linker). + +### Commands & Outputs + +- Spec commit dd646f6; Task1 8b75274; Task2 cac7e1d; Task3 6c83a03 (all guru-rmm main, + pipeline-green via ci-version-bump). +- Push pattern: commit -> git rebase origin/main -> git push origin :refs/heads/main + -> git ls-remote verify; poll origin/main for ci-version-bump = build OK. + +### Pending / Incomplete Tasks + +- Task 4: server/src/integrations/crowdstrike/{mod,client}.rs — OAuth2 client-credentials + + region base URL map (US-1/US-2/EU-1/US-GOV), Sensor Download + Installation Tokens + Hosts + wrappers; implement test_connection + sync. +- Task 5: register CrowdStrikePlugin in PluginRegistry::build() + sync worker in main.rs. +- Task 6: deploy job (migration 066) + agent-side install (Task 7, Win first). +- Task 8: dashboard (Integrations page + Falcon panels). Task 9: e2e verification. +- Parent gitlink for guru-rmm still lagging; advance on a later /sync if desired. + +### Reference Information + +- Spec dir: projects/msp-tools/guru-rmm/specs/crowdstrike-falcon/ (plan.md = source of truth, + [DONE] markers per task). +- CrowdStrike API: developer.crowdstrike.com/api-reference (OAuth2 client creds; Sensor + Download 13 ops, Installation Tokens 9, Hosts 10, Host Group 9; regional base URLs). +- guru-rmm main after Task 3 + CI bump: ea148e4.