From 4783b62b79e9b0bd8294c81b197c9b53748f21a9 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Thu, 28 May 2026 09:58:22 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-05-28 09:58:16 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-28 09:58:16 --- .../2026-05-28-howard-gururmm-spec-013-014.md | 109 ++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 session-logs/2026-05-28-howard-gururmm-spec-013-014.md diff --git a/session-logs/2026-05-28-howard-gururmm-spec-013-014.md b/session-logs/2026-05-28-howard-gururmm-spec-013-014.md new file mode 100644 index 0000000..09de0c8 --- /dev/null +++ b/session-logs/2026-05-28-howard-gururmm-spec-013-014.md @@ -0,0 +1,109 @@ +# GuruRMM — SPEC-013 File Browser + SPEC-014 Windows Event Log Viewer + +## User +- **User:** Howard Enos (howard) +- **Machine:** Howard-Home +- **Role:** tech + +--- + +## Session Summary + +Session continued from an earlier context window that had been compacted. The prior window (SPEC-012) had already committed sortable table headers. This session picked up with Howard's two-part feature submission made at the end of that prior window: a file browser/disk explorer (posed as a feature question) and a Windows Event Log viewer (a hard feature request). + +Codebase research confirmed no existing file browser or event log code in any layer — `CommandType` enum (`agent/src/transport/mod.rs`) has only Shell, PowerShell, Python, Script, and ClaudeTask; AgentDetail.tsx has no "events" or "files" tab; no server routes or DB tables for either feature exist. Both roadmap placeholders were present but unlinked: `[ ] Windows Event Log monitoring - P2` under Core Agent Features, and `[ ] File browser - P3` under File Operations. + +SPEC-013 (File Browser / Disk Explorer) was written as "Under Discussion" at P3. It specifies a new `FileBrowse` CommandType on the agent using only `std::fs` (no third-party tools), a server relay endpoint, and a lazy-load file tree pane on the AgentDetail Overview tab accessible by clicking the disk usage card. One level of directory is returned per request; pagination and depth limits guard against large directory payloads. The spec explicitly flags this as needing Mike's approval before sprint assignment, and poses the key question of whether to defer until file transfer (P2) ships first. Effort estimated at Medium (3-5 days). + +SPEC-014 (Windows Event Log Viewer) was written as Proposed at P2. It specifies a new "Events" tab on AgentDetail (Windows agents only), on-demand log queries via PowerShell `Get-WinEvent` (Phase 1) with a migration path to native Rust `windows` crate `EvtQuery` (Phase 2). Server adds a new `event_log_watches` table for per-agent or global watch rules; matched events create records in the existing `alerts` table. Dashboard Events tab includes log name picker, date/time range, severity filter, event ID and source fields, and paginated results. Policy tab on AgentDetail extended with an event watch rules section. Effort estimated at Medium (3-5 days). + +Both specs written, FEATURE_ROADMAP.md updated with linked entries replacing the bare placeholders. Committed to gururmm as `90e37f2`, pushed to origin. Submodule pointer in claudetools advanced. Coord message sent to Mike (`b224d532`) with both spec summaries and the key open questions for each. + +--- + +## Key Decisions + +- **SPEC-013 status "Under Discussion" not "Proposed"** — Howard explicitly framed the file browser as a question for Mike, not a hard request. Status reflects that it cannot be sprint-assigned without Mike's input. +- **SPEC-013: lazy load one level per request** — full recursive traversal on large disks (e.g., C:\) would time out and produce enormous payloads. Per-request single-level lazy expand is the only safe model. +- **SPEC-013: read-only v1** — no delete/rename/upload in the file browser. Matches the existing P2 roadmap item for file transfer which is a separate feature. +- **SPEC-013: no new tab — opens inline on Overview** — file browser opens as a pane from the disk usage card click, not a new tab. Avoids adding a tab that is only meaningful after a deliberate action. +- **SPEC-014: Phase 1 PowerShell relay** — `Get-WinEvent` via the existing PowerShell CommandType is much faster to ship than native Rust `windows` crate EvtQuery. Phase 2 noted as a future upgrade for performance. +- **SPEC-014: no persistent event log storage in v1** — events are on-demand only; no server-side log accumulation. Keeps scope and DB footprint minimal. Background watch loop only stores matched events as alerts. +- **SPEC-014: Events tab Windows-only** — Linux (syslog/journald) and macOS (unified log) are different backend paths; deferred explicitly. Tab hidden for non-Windows agents in v1. +- **SPEC-014: 60-second watch loop poll** — balances freshness vs. agent CPU impact. Made configurable in the spec's open questions section. +- **Coord message flags two open questions for Mike** — PowerShell vs. native Rust for Phase 1, and whether file browser priority should be pushed up or deferred past file transfer. + +--- + +## Problems Encountered + +- **Context window compacted mid-session** — earlier work (SPEC-012 commit, Cascades billing) was compacted into a summary. No data loss; all needed commit SHAs, file paths, and decisions were captured in the summary and prior session log. + +--- + +## Configuration Changes + +- `projects/msp-tools/guru-rmm/docs/specs/SPEC-013-file-browser-disk-explorer.md` — created (~180 lines) +- `projects/msp-tools/guru-rmm/docs/specs/SPEC-014-windows-event-log-viewer.md` — created (~220 lines) +- `projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md` — updated two placeholders with spec links (lines 303, 367) +- `projects/msp-tools/guru-rmm` (submodule) — advanced to commit 90e37f2 + +--- + +## Credentials & Secrets + +None created or modified this session. + +--- + +## Infrastructure & Servers + +- **GuruRMM server:** 172.16.3.30:3001 +- **Coord API:** http://172.16.3.30:8001/api/coord +- **Ollama:** http://localhost:11434 — not called this session (specs written directly) + +--- + +## Commands & Outputs + +```bash +# gururmm commit +git commit -m "spec: add SPEC-013 file browser and SPEC-014 Windows event log viewer" +# → [main 90e37f2] — 3 files changed, 586 insertions(+), 2 deletions(-) + +# Push succeeded (no rebase needed this time) +git push origin main +# → 810c72d..90e37f2 + +# Submodule advance in claudetools +git commit -m "chore(submodule): advance guru-rmm — SPEC-013 file browser + SPEC-014 event log viewer" +# → [main 75306d9] + +# Coord message sent +POST /api/coord/messages → id: b224d532-3eab-47eb-81a9-5b46d6cd8734 +``` + +--- + +## Pending / Incomplete Tasks + +- **SPEC-013 Mike review required:** File browser is Under Discussion — needs Mike's decision on P3 priority vs. deferring until file transfer (P2) ships first. +- **SPEC-014 implementation:** Event log viewer spec ready for sprint. Open question for Mike: PowerShell Phase 1 acceptable, or go native Rust from the start? +- **SPEC-012 implementation:** Sortable headers spec (4h, no blockers) ready for sprint assignment. +- **WinRing0 kernel service cleanup (todo 42c08298):** MSI MajorUpgrade removes lhm folder but does not stop/delete the registered WinRing0 service on already-affected endpoints. +- **BUG-001 (Windows thermal collection):** Blocked — LHM removed in v0.6.46 means Windows temps are always None. WMI ACPI (Approach 1) and NVAPI (Approach 2) not yet implemented. +- **Cascades pending migration work:** Ashley Jensen folder redirect verification, RECEPTIONIST-PC Q:/W: drive check, NURSESTATION-PC HIPAA auto-lock GPO, Nurses credential vault, Phase 3 domain joins (DESKTOP-KQSL232 blocked, CHEF-PC, SALES4-PC, MDIRECTOR-PC), Entra Connect OU=Administrative scope expansion, M365 relicensing (31 seats Business Standard → Business Premium — time-sensitive). + +--- + +## Reference Information + +- **SPEC-013:** `projects/msp-tools/guru-rmm/docs/specs/SPEC-013-file-browser-disk-explorer.md` +- **SPEC-014:** `projects/msp-tools/guru-rmm/docs/specs/SPEC-014-windows-event-log-viewer.md` +- **gururmm commit:** 90e37f2 (SPEC-013 + SPEC-014 specs + roadmap update) +- **claudetools commit:** 75306d9 (submodule advance) +- **Coord message ID:** b224d532-3eab-47eb-81a9-5b46d6cd8734 +- **AgentDetail.tsx tab type (line 94):** add `"events"` for SPEC-014 implementation +- **agent/src/transport/mod.rs:** add `FileBrowse` and `EventLogQuery` CommandType variants +- **New DB table for SPEC-014:** `event_log_watches` (migration needed before agent deploy) +- **SPEC-012 pages to modify:** `dashboard/src/pages/Clients.tsx:198`, `Sites.tsx:508`, `Agents.tsx:312`