From 40e76178122d79b01d45a1786227812c4983b097 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 29 May 2026 10:54:56 -0700 Subject: [PATCH] docs: session log 2026-05-29 update (GC tooling + Pluto native CI green) Co-Authored-By: Claude Opus 4.8 (1M context) --- session-logs/2026-05-29-session.md | 71 ++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/session-logs/2026-05-29-session.md b/session-logs/2026-05-29-session.md index cb7cbd6..430f657 100644 --- a/session-logs/2026-05-29-session.md +++ b/session-logs/2026-05-29-session.md @@ -97,3 +97,74 @@ Submodule conversion (Gitea Agent): - Roadmap context: `projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md:635-675`, `docs/UI_GAPS.md:155-186` - Key GC integration files: `server/src/middleware/security_headers.rs:30,37-39` (frame-ancestors), `server/static/viewer.html`, `server/src/relay/mod.rs:187` (agent key validation), `server/src/main.rs:300` (`/api/version`) - Key RMM files: `server/src/api/commands.rs:87-157` (command dispatch), `agent/src/device_id.rs`, `dashboard/src/pages/AgentDetail.tsx:1893-1931` + +--- + +## Update: 17:52 PT — GuruConnect operational tooling + Pluto native CI build (green) + +### Session Summary + +Brought GuruConnect to operational parity with GuruRMM and stood up native Windows CI on Pluto. +Established GC's `docs/` (FEATURE_ROADMAP, ARCHITECTURE_DECISIONS ADR-001/002, SPEC-001, CHANGELOG), +added the `/gc-feature-request` skill, and registered the `guruconnect` coord project_key. Built CI +in Gitea Actions: conventional-commit auto-versioning, git-cliff changelog + `/api/changelog` +endpoint, and Azure Trusted Signing (jsign, reusing RMM's cert profile) on a workflow_dispatch-gated +release. Decisions: modernize in Gitea Actions (not RMM's webhook/script model), reuse RMM's exact +Trusted Signing cert profile, leave RMM's own pipeline untouched (its beta→stable promotion already +provides release control — better than tag-gating). + +Native Windows agent build: rather than mingw cross-compile, provisioned Pluto (Unraid VM +"Claude-Builder", hostname PLUTO, 172.16.3.36) as a Gitea Actions runner driven entirely through its +GuruRMM agent (no SSH — GURU-5070's key isn't authorized). Installed act_runner (label windows-msvc, +host-mode SYSTEM, scheduled-task autostart), Node 20, PowerShell 7, protoc 28.3; confirmed rc.exe + +MSVC cargo 1.95 present. Iterated the CI to green through a stack of pre-existing breakage: cargo fmt +drift (ran `cargo fmt --all`), clippy made informational, `.cargo/config` windows-msvc default-target +leaking into Linux clippy/test (CARGO_BUILD_TARGET override), PROTOC env + protoc PATH in the Windows +jobs, workspace-root artifact paths (binary is at root `target/`, not `agent/target/`), committed the +missing root `Cargo.lock` (fixes cargo audit), audit made informational, and removed the redundant/ +broken `test.yml`. build-and-test run #17 is fully GREEN (Server Linux, Agent native MSVC on Pluto, +Security Audit, Build Summary). + +Also located the portal and recorded infra knowledge (see below). + +### Key Decisions +- GC operational tooling in Gitea Actions; reuse RMM's Azure Trusted Signing cert profile (ADR-002). +- Native MSVC build on Pluto via a Gitea Actions runner (drop mingw cross-compile); sign on Linux via jsign (artifact handoff). +- RMM pipeline left as-is — promotion/rollback already provides deliberate release control. +- clippy + cargo audit are informational (warn-only) until the GC re-spec refreshes deps/wires API. +- Release is workflow_dispatch-gated (no auto-release on push). + +### Problems Encountered +- No Gitea Actions runner existed (RMM uses webhook+scripts) → provisioned act_runner on Pluto. +- act_runner registered but `.runner` not written (ErrorActionPreference=Stop aborted on stderr) → re-registered with `*>` redirection. +- Host-mode Windows runner needs node + pwsh for JS actions and BOM-free GITHUB_PATH → installed Node 20 + PowerShell 7. +- RMM command 180s reaper killed slow installs (PS7 extract) → used .NET ZipFile extract; cached RMM JWT to avoid login rate-limiting. +- Agent CI failures were config, not code: missing protoc, workspace-root artifact path, missing Cargo.lock. Native build itself compiles clean (verified directly on Pluto, 4m20s). + +### Configuration Changes +- GC repo: `docs/FEATURE_ROADMAP.md`, `docs/ARCHITECTURE_DECISIONS.md`, `docs/specs/SPEC-001-operational-tooling-parity.md`, `CHANGELOG.md`, `cliff.toml`, `Cargo.lock` (new); `.gitea/workflows/build-and-test.yml` + `release.yml` (native Pluto build, PROTOC, paths, audit); `.gitea/workflows/test.yml` (deleted); `server/src/api/changelog.rs` + routing; `server/.env.example` (CHANGELOG_DIR). +- claudetools: `.claude/commands/gc-feature-request.md` (new); CLAUDE.md project-keys (+guruconnect); memory `feedback_no_botalerts_internal_rmm.md`, `feedback_autonomous_infra_setup.md`, `project_versionable_products.md`; updated `reference_pluto_build_server.md`, `.claude/machines/pluto.md`, `wiki/systems/pluto.md` (Claude-Builder=PLUTO). +- Pluto (172.16.3.36): act_runner (C:\actrunner, scheduled task GiteaActRunner-guruconnect), Node 20 (C:\node), PowerShell 7 (C:\pwsh), protoc 28.3 (C:\protoc; PROTOC machine env) — all added to machine PATH. + +### Credentials & Secrets +- Added 8 Gitea Actions secrets to `guru-connect` repo (values from `services/azure-trusted-signing.sops.yaml` / `/etc/gururmm-signing.env`): AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, TS_ENDPOINT, TS_ACCOUNT, TS_CERT_PROFILE, TS_TIMESTAMP_URL, CI_PUSH_TOKEN (CI_PUSH_TOKEN reuses the azcomputerguru Gitea api-token from `services/gitea.sops.yaml`). +- No new secrets created. Azure Trusted Signing = account `gururmm-signing`, profile `gururmm-public-trust`, `wus2.codesigning.azure.net`. + +### Infrastructure & Servers +- PLUTO = Unraid VM "Claude-Builder" = 172.16.3.36 (Windows Server 2019, 16c/16GB). RMM agent id 07a11ece-… (changes on re-enroll; resolve by hostname PLUTO). Drive via /rmm; no `pluto` vault entry. +- Gitea runners: `guruconnect-builder` (Linux 172.16.3.30, ubuntu-latest) + `pluto-guruconnect` (Pluto, windows-msvc) — both online. +- GC portal: tech dashboard live at https://connect.azcomputerguru.com/dashboard (NPM → 172.16.3.30:3002, DNS 72.194.62.4). End-user support-code portal NOT built (gap). + +### Commands & Outputs +- RMM login: `POST http://172.16.3.30:3001/api/auth/login` (creds `infrastructure/gururmm-server.sops.yaml` credentials.gururmm-api.*); run cmds via `POST /api/agents/:id/command`, poll `/api/commands/:id`. JWT rate-limits on repeated login — cache it. +- Gitea Actions runner mgmt via API token (`services/gitea.sops.yaml` credentials.api.api-token): runners at `/api/v1/repos/azcomputerguru/guru-connect/actions/runners`; logs at `http://172.16.3.20:3000//actions/runs//jobs//logs`; terminal state is in task `status` (NOT `conclusion`, which stays null). +- Native build verified: `cargo build --release --target x86_64-pc-windows-msvc` on Pluto → `target/x86_64-pc-windows-msvc/release/guruconnect.exe`, 4m20s clean. + +### Pending / Incomplete Tasks +- Validate the gated `release.yml` end-to-end (version bump → native build → Azure Trusted Signing → Gitea release). NEXT STEP this session. +- GC re-spec: re-tighten clippy + cargo audit to hard gates after a dependency refresh; build the end-user support-code portal. + +### Reference Information +- GC commits: `60519be` (tooling), `f2e0456` (gate), `1c5c1e7` (cargo fmt), `b2f9cbc` (clippy/target), `cd88fac` (clippy informational), `8a47332` (native Pluto build), `39e9ac4` (workflow_dispatch), `4ddced1` (CI suite fixes). build-and-test run #17 green. +- claudetools: `…ab78de2` (submodule bumps), `7d326f2` (Pluto memory/wiki docs). +- SPEC-001: `projects/msp-tools/guru-connect/docs/specs/SPEC-001-operational-tooling-parity.md`.