azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-05-28 14:33:36

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-28 14:33:36
This commit is contained in:
Mike Swanson
2026-05-28 14:33:40 -07:00
parent 1127ea1abd
commit 4cee299acd
1 changed files with 117 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
session-logs/2026-05-28-session.md
View File

@@ -375,3 +375,120 @@ Ran the install on Sylvia's Mac (M2 arm64). Agent installed, LaunchDaemon loaded
- Install script (fixed): `https://rmm.azcomputerguru.com/install/scileppi`
- Glaztech session log: `clients/glaztech/session-logs/2026-05-28-session.md`
- Symlinks created on gururmm-build (172.16.3.30): `aarch64-latest``arm64-latest`, `x86_64-latest``amd64-latest`
---
## Update: 14:28 PT — Scileppi Mac cleanup, SC/MBAM removal, /rmm skill
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
---
## Session Summary
Work continued on Scileppi Law's Mac mini WEST-MEADOW-9025, picking up after the previous session had left the AFP rsync completed but the symlink not yet in place. The AFP symlink setup was finalized: `/Users/sylvia/Downloads` was replaced with a symlink pointing to `/Volumes/Data/StorageTemp` on SL-SERVER (AFP share, 16 TB free). An AFP automount LaunchAgent was installed at `/Users/sylvia/Library/LaunchAgents/com.azcomputerguru.mount-slserver.plist` using `osascript mount volume` with `RunAtLoad: true` and bootstrapped via `launchctl bootstrap gui/501` so the share mounts automatically at each login. User confirmed all content in StorageTemp was disposable; all files were deleted. Final disk state: 12 GB used, down from ~370 GB.
ScreenConnect was then fully removed: the LaunchDaemon and two LaunchAgents (`connectwisecontrol-*.plist`, `-onlogin.plist`, `-prelogin.plist`) were unloaded via `launchctl bootout` and deleted, and the app bundle was removed. Malwarebytes was removed in a second pass: `RTProtectionDaemon`, `FrontendAgent`, and `SettingsDaemon` processes were killed; all three plists (two LaunchDaemons, one LaunchAgent) were unloaded and deleted; `/Library/Application Support/Malwarebytes/` and its engine directory were removed. Removal was verified by checking running processes and plist paths.
Hidden internal work notes were posted to Syncro ticket #32333 (comment ID 414281822). Two 400 errors were encountered before success — the root cause was a missing `Content-Type: application/json` header on the first POST (Syncro returns an HTML error page, not JSON), and a missing `subject` field on the second. A memory entry (`feedback_syncro_content_type.md`) was saved. A bot alert was posted to #bot-alerts confirming the comment.
The second area of work was building the `/rmm` skill (`D:\claudetools\.claude\commands\rmm.md`, 655 lines). The skill was researched from three sources: `server/src/api/commands.rs` and `db/commands.rs` for exact request/response field names and all status values; session logs for macOS and Windows platform gotchas accumulated over prior RMM work; and existing memory files. The skill documents the complete workflow — JWT bootstrap from vault, hostname-to-UUID agent resolution, dispatch with all `command_type` and `context` options, polling loop handling all 6 status values, cancel, history, platform-specific patterns for Windows/macOS/Linux, verified response shapes (notably `command_text` not `command` in GET response), an error table, and bot-alert format. The `/rmm` entry was added to `CLAUDE.md`.
## Key Decisions
- AFP automount implemented as a user LaunchAgent (not system LaunchDaemon) so it runs in Sylvia's session and uses her Keychain credentials for the AFP password silently.
- StorageTemp content deleted immediately after user confirmed it was unneeded — no staging period, aligned with the goal of freeing disk space.
- ScreenConnect removed entirely rather than disabled — no active use case at Scileppi, and having it gone simplifies the agent picture.
- `/rmm` built as a single file rather than a helper-script structure (like `/remediation-tool`): the workflow is curl + poll loop only and does not benefit from external token caching or multi-script composition.
- `/rmm` skill sourced directly from Rust source rather than relying on memory or old docs — critical because the GET response field is `command_text` (not `command`), which would have caused silent null-parse failures if taken from memory alone.
- All 6 command status values documented, including `interrupted` (agent restarted mid-run) and the `failed` + reaper-stderr pattern for timeouts — not documented anywhere else.
## Problems Encountered
- **`python3` on macOS without Xcode CLI tools** is a stub that triggers an installer popup — unusable in agent context. Fix: `/usr/bin/base64 -D` (BSD `base64`, capital D) for base64-decode file writes.
- **`nohup` in agent shell context fails** with `nohup: can't detach from console: Inappropriate ioctl for device` — no TTY in agent shells. Fix: `launchctl bootstrap system <plist>` (LaunchDaemon) for truly detached background execution.
- **macOS ACL `group:everyone deny delete`** on `~/Downloads` caused `rm -rf` to fail silently — the post-move `ln -s` landed inside Downloads as `Downloads/StorageTemp` instead of replacing the directory. Fix: `chmod -a "group:everyone deny delete"`, remove `.DS_Store` and `.localized`, `rmdir`, then `ln -s`.
- **`pgrep rsync` matched `colorsyncd`** as a substring. Fix: `pgrep -f "rsync.*Downloads"` for specificity.
- **Syncro POST `/comment` returned 400 HTML twice** — first missing `-H "Content-Type: application/json"`; second had the header but was missing the required `subject` field. Both must be present.
- **`launchctl bootstrap gui/501` failed on first attempt** with I/O error — the LaunchAgents directory didn't exist yet. Fix: `mkdir -p /Users/sylvia/Library/LaunchAgents` before writing the plist.
## Configuration Changes
- **Created:** `D:\claudetools\.claude\commands\rmm.md``/rmm` skill (655 lines)
- **Created:** `D:\claudetools\.claude\memory\feedback_syncro_content_type.md` — Syncro POST requires Content-Type + subject
- **Modified:** `D:\claudetools\.claude\CLAUDE.md` — added `/rmm` to commands table
- **Created on WEST-MEADOW-9025:** `/Users/sylvia/Library/LaunchAgents/com.azcomputerguru.mount-slserver.plist` — AFP automount at Sylvia's login
- **Removed from WEST-MEADOW-9025:** All ScreenConnect plists and app bundle
- **Removed from WEST-MEADOW-9025:** All Malwarebytes plists, processes, and app directory (`/Library/Application Support/Malwarebytes/`)
## Credentials & Secrets
None new this session. GuruRMM API credentials (from vault) used for RMM skill documentation:
- Vault: `infrastructure/gururmm-server.sops.yaml``credentials.gururmm-api.admin-email` / `credentials.gururmm-api.admin-password`
## Infrastructure & Servers
- **WEST-MEADOW-9025** — Scileppi Law Mac mini, macOS, GuruRMM agent `1386d9fd` prefix (online, enrolled this session)
- **SL-SERVER** — Scileppi Law file server, AFP share `Data` at `afp://SL-SERVER._afpovertcp._tcp.local/Data`, `/Volumes/Data/StorageTemp` path, 16 TB free
- **GuruRMM API** — `http://172.16.3.30:3001` (JWT auth, 24h tokens)
## Commands & Outputs
```bash
# Strip macOS home dir ACL blocking rmdir
chmod -a "group:everyone deny delete" /Users/sylvia/Downloads
rm -f /Users/sylvia/Downloads/.DS_Store /Users/sylvia/Downloads/.localized
rmdir /Users/sylvia/Downloads
ln -s /Volumes/Data/StorageTemp /Users/sylvia/Downloads
chown -h sylvia:staff /Users/sylvia/Downloads
# AFP automount LaunchAgent bootstrap (UID 501)
launchctl bootstrap gui/501 /Users/sylvia/Library/LaunchAgents/com.azcomputerguru.mount-slserver.plist
# Malwarebytes removal sequence
launchctl bootout system /Library/LaunchDaemons/com.malwarebytes.mbam.rtprotection.daemon.plist
launchctl bootout system /Library/LaunchDaemons/com.malwarebytes.mbam.settings.daemon.plist
launchctl bootout gui/501 /Users/sylvia/Library/LaunchAgents/com.malwarebytes.mbam.frontend.agent.plist
rm /Library/LaunchDaemons/com.malwarebytes.mbam.rtprotection.daemon.plist
rm /Library/LaunchDaemons/com.malwarebytes.mbam.settings.daemon.plist
rm /Users/sylvia/Library/LaunchAgents/com.malwarebytes.mbam.frontend.agent.plist
rm -rf "/Library/Application Support/Malwarebytes"
# GuruRMM command dispatch (jq --arg for safe script encoding)
PAYLOAD=$(jq -n --arg ct "shell" --arg cmd "$SCRIPT" '{command_type: $ct, command: $cmd, timeout_seconds: 120}')
curl -s -X POST "$RMM/api/agents/$AGENT_ID/command" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "$PAYLOAD"
# Response: {"command_id": "uuid", "status": "running"|"pending", "message": "..."}
# GET response field: command_text (NOT command)
# Syncro comment (both headers required — missing either causes 400)
curl -s -X POST "${BASE}/tickets/${ID}/comment?api_key=${API_KEY}" \
-H "Content-Type: application/json" \
--data-binary @- <<JSON
{"subject":"Work Notes","body":"...use br not newline...","hidden":true,"do_not_email":true}
JSON
```
## Pending / Incomplete Tasks
- **Scileppi billing** — no time logged to Syncro #32333 yet. Ask for minutes + labor type before logging.
- **Glaztech: notify Steve** — glassservices.com SPF is `v=spf1 -all` (breaks all outbound). SCL bypass is a workaround only; Steve needs to fix SPF at registrar. Resend original rejected Harts Glass emails once fixed.
- **Glaztech wiki** — no wiki article. Run `/wiki-compile client:glaztech`.
- **Scileppi wiki** — update to reflect WEST-MEADOW-9025 GuruRMM enrollment and AFP redirect.
- **GuruRMM macOS install route** — nginx serves `/install/` as static files; dynamic Rust route unreachable publicly. Fix before documenting self-service macOS enrollment for clients.
- **`install_script_macos` plist bug** — Rust-generated macOS install script in `install.rs` likely has same `SiteId` vs `site_id` field mismatch. Needs audit.
## Reference Information
- Syncro ticket #32333 (Scileppi Law): https://computerguru.syncromsp.com/tickets/111242786
- Syncro comment ID: 414281822
- GuruRMM agent WEST-MEADOW-9025: UUID prefix `1386d9fd` (full UUID in `/api/agents`)
- `/rmm` skill: `D:\claudetools\.claude\commands\rmm.md`
- Memory entry: `D:\claudetools\.claude\memory\feedback_syncro_content_type.md`
- RMM API source: `server/src/api/commands.rs`, `server/src/db/commands.rs`
- AFP automount plist: `/Users/sylvia/Library/LaunchAgents/com.azcomputerguru.mount-slserver.plist`