sync: auto-sync from GURU-KALI at 2026-05-26 18:47:58

Author: Mike Swanson
Machine: GURU-KALI
Timestamp: 2026-05-26 18:47:58

session-logs/2026-05-26-guru-kali-attribution-hardening.md

@@ -0,0 +1,76 @@
+# Session Log — Work Attribution Hardening
+
+## User
+- **User:** Mike Swanson (mike)
+- **Machine:** GURU-KALI
+- **Role:** admin
+- **Session span:** 2026-05-26, afternoon–evening MST (ending ~18:47 MST)
+
+## Session Summary
+
+Routine `/sync` rounds (clean fast-forwards; one larger 21-commit pull bringing GuruScan, the coord-todos system, `/wiki-compile`, and Lone Star/QuantumWMS wiki seeds) led into an `identity.json` update mandated by a coord message from the Mac: added `"claudetools_root": "/home/guru/claudetools"` (detected via `git rev-parse --show-toplevel`) and replied to the originating session to confirm.
+
+Mike then raised the core problem: recurring misattribution of work to the wrong user/hostname, often via stale machine names. Initial instinct was to treat this as a git-authorship/"attribution rules" gap and build enforcement (mailmap/history rewrite). Mike course-corrected twice — it is not a git/gitea problem, it is (1) stale/owner-less `MEMORY.md` items corrupting reasoning-time inference, and (2) a shortcoming in the `/save`+`/sync` commands. Forensics confirmed his read precisely: across 892 commits, **zero** had an author disagreeing with the named machine's owner; across 180 session logs, **zero** User-block mismatches. Git history and logs were already clean. The only misattribution vector was inference fed by stale memory (an "ACG-5070 workstation" note with no owner; Howard's note saying "desktop hostname TBD") plus attribution being a soft model instruction rather than a deterministic step.
+
+Implemented a three-part fix and ran it through the Code Review Agent (which found one HIGH and one MEDIUM bug — both fixed and re-verified). Result: attribution is now read deterministically from `identity.json`/`users.json`/git authorship, never inferred; every machine in memory is bound to an owner; and the 5070 box's rename lineage is recorded as Mike's.
+
+## Key Decisions
+
+- **No git history rewrite.** Confirmed git authorship is clean (0 mismatches/892 commits), and the repo is shared + rebase-synced across ~6 machines, so a filter-repo rewrite would be destructive and unjustified. Mailmap was also dropped — there is no display-attribution problem to paper over.
+- **Attribution is read, never inferred** — codified as the governing rule. Sources of truth: `identity.json` (who's at the keyboard), `users.json` (machine registry), git authorship. Never hostname patterns, the `userEmail` hint, or memory.
+- **Deterministic User block** via a dedicated script (`whoami-block.sh`) that `/save` runs and pastes verbatim — removes the model's freedom to fill the block from inference.
+- **git config reconciled to identity.json on every sync** (local config, both repos), so commit authorship cannot drift going forward.
+- **Confirmed with Mike:** `OC-5070` / `acg-guru-5070` / `ACG-5070` / `GURU-5070` are one physical machine, renamed over time, all Mike's. Recorded as such.
+- **Namespaced this log by machine** (`-guru-kali-attribution-hardening`) instead of appending to the shared `2026-05-26-session.md`, to keep attribution unambiguous — consistent with the work itself.
+
+## Problems Encountered
+
+- **Self-inflicted inference, live:** initial analysis asserted "OC-5070 = old GURU-5070" and "azcomputerguru = ambiguous" as fact — the exact failure mode under repair. Corrected to verifying against `users.json`/asking Mike rather than inferring.
+- **Code review found a HIGH bug:** on a present-but-malformed `identity.json`, `USER_DISPLAY` fell back to the `"unknown"` sentinel and would have been written as the git author (clobbering correct config in both repos). Fixed by guarding both reconcile call sites to skip when `USER_DISPLAY == "unknown"` and warn instead. Verified: existing config preserved.
+- **MEDIUM bug:** `whoami-block.sh` dumped a Python traceback and emitted an empty block on malformed `identity.json`. Fixed with a try/except fallback block + `exit 0`. Verified clean.
+- **Could not re-review via SendMessage** (tool unavailable in this environment); fixes were the review agent's own prescribed changes and were each verified empirically instead of re-spawning a full review agent.
+
+## Configuration Changes
+
+**Modified:**
+- `.claude/scripts/sync.sh` — added `reconcile_git_identity()`; called (guarded against the `unknown` sentinel) in the claudetools repo and the vault repo; added a stale identity.json-machine vs hostname warning.
+- `.claude/commands/save.md` — User block now generated by `whoami-block.sh` (not hand-written/inferred); corrected the stale description of sync.sh staging (`git add -A` after garbled-path purge, not "by name").
+- `.claude/memory/user_howard.md` — machines now ACG-TECH03L + Howard-Home, deferring to `users.json`; removed the "desktop hostname TBD" hole.
+- `.claude/memory/reference_workstation_setup.md` — retitled to GURU-5070 (Mike's primary); recorded the OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070 rename chain and explicit owner.
+- `.claude/memory/MEMORY.md` — updated the two stale 5070 index lines and Howard's line; surfaced the new attribution rule at the top of Feedback.
+- `.claude/identity.json` — added `claudetools_root: /home/guru/claudetools` (gitignored, per-machine; not synced).
+
+**Created:**
+- `.claude/scripts/whoami-block.sh` — deterministic `## User` block generator from identity.json (+users.json role); handles missing/malformed identity and missing Python.
+- `.claude/memory/feedback_attribution_from_identity.md` — the keystone "attribution is read, never inferred" rule with the why and how-to-apply.
+
+## Credentials & Secrets
+
+None created or discovered. No secret values touched. The git config reconcile uses only the name/email already in `identity.json`.
+
+## Infrastructure & Servers
+
+- Coord API `http://172.16.3.30:8001/api/coord` — sent confirmation message `dfeb6f2a-2d90-4bfe-bf95-a14eec449b3d` (GURU-KALI → Mikes-MacBook-Air) re: claudetools_root.
+- This machine: GURU-KALI (Linux/Kali), git config `Mike Swanson <mike@azcomputerguru.com>` (matches identity.json — reconcile is a no-op here).
+- Machine→owner registry remains authoritative in `.claude/users.json`: mike = GURU-5070, Mikes-MacBook-Air, GURU-BEAST-ROG, GURU-KALI (DESKTOP-0O8A1RL retired); howard = ACG-TECH03L, Howard-Home.
+
+## Commands & Outputs
+
+- Forensic cross-check (read-only): `git log --all --format=... | python3` mapping machine-in-subject → owner vs author → **0** author≠owner across 302 machine-named commits; 7 distinct author identities, all reconcilable to Mike or Howard.
+- Session-log scan: 180 logs, 128 with User/Machine blocks, **0** user≠machine-owner mismatches; 52 pre-protocol (unattributed, not misattributed).
+- `whoami-block.sh` verified: happy path (Mike/GURU-KALI/admin), malformed identity (UNREADABLE fallback, exit 0), missing identity (UNKNOWN fallback, exit 0).
+- `reconcile_git_identity` verified in scratch repo: corrects on drift, silent no-op when matching, no clobber on empty args, `unknown`-sentinel guard preserves existing config.
+
+## Pending / Incomplete Tasks
+
+- **Broader memory-staleness sweep** — offered, not yet done. The attribution-scoped items are fixed; a general pass over the other ~50 memory files (e.g. `feedback_bypass_permissions_setting.md`, machine-setup notes) is a separate task awaiting go-ahead.
+- **Code Review re-approval** — the review verdict was "Requires Revision"; all checklist items were fixed + verified but not formally re-approved by the agent (SendMessage unavailable). Re-run a review if a formal sign-off is wanted.
+- **GuruRMM BUG-005 (mac build)** — still open, awaiting Mike's product decision (ship mac agents vs defer + make the audit pipeline treat a stubbed platform as N/A).
+
+## Reference Information
+
+- Code Review Agent id (this session): `a2b8c4d44c3c72b5d`.
+- Coord confirmation message id: `dfeb6f2a-2d90-4bfe-bf95-a14eec449b3d`.
+- New rule memory: `.claude/memory/feedback_attribution_from_identity.md`.
+- Related memory: `feedback_identity_precedence.md` (identity.json beats the userEmail hint).
+- Scripts: `.claude/scripts/whoami-block.sh`, `.claude/scripts/sync.sh` (`reconcile_git_identity`).