diff --git a/.claude/tmp_cmd_payload.json b/.claude/tmp_cmd_payload.json
new file mode 100644
index 0000000..d9b7069
--- /dev/null
+++ b/.claude/tmp_cmd_payload.json
@@ -0,0 +1 @@
+{"command_type": "powershell", "command": "Write-Output '=== PLEX LISTENING PORTS ==='\nGet-NetTCPConnection -OwningProcess (Get-Process 'Plex Media Server').Id -State Listen -ErrorAction SilentlyContinue |\n  Select-Object LocalAddress, LocalPort | Sort-Object LocalPort | Format-Table -AutoSize\n\nWrite-Output '=== OMBI PROCESS ==='\nGet-Process ombi -ErrorAction SilentlyContinue | Select-Object Name, Id, CPU, @{N='RAM_MB';E={[math]::Round($_.WorkingSet/1MB,1)}}, Path | Format-Table -AutoSize\n\nWrite-Output '=== IP CONFIG ==='\nGet-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.IPAddress -notmatch '^(127|169)' } |\n  Select-Object IPAddress, InterfaceAlias | Format-Table -AutoSize", "context": "system"}
\ No newline at end of file
diff --git a/projects/msp-tools/guru-rmm b/projects/msp-tools/guru-rmm
index 9db5f88..167e59d 160000
--- a/projects/msp-tools/guru-rmm
+++ b/projects/msp-tools/guru-rmm
@@ -1 +1 @@
-Subproject commit 9db5f8840e600d45ee7cb313d45d71495ce96feb
+Subproject commit 167e59d7629fc60882aca499574e707138e8433b
diff --git a/session-logs/2026-05-22-session.md b/session-logs/2026-05-22-session.md
index 09b3597..6cef5aa 100644
--- a/session-logs/2026-05-22-session.md
+++ b/session-logs/2026-05-22-session.md
@@ -895,3 +895,104 @@ Parse error: unknown variant `RunInUserSession`, expected one of
 - **Watchdog service name:** `GuruRMMWatchdog` (constant: `crate::service::windows::WATCHDOG_SERVICE_NAME`)
 - **Updater fix location:** `agent/src/updater/mod.rs` lines ~208-247 (Step 6.5)
 - **Server migration path:** `server/migrations/041_add_command_context.sql`
+
+---
+
+## Update: 20:45 PT — GuruRMM registry editor bug fix + roadmap
+
+## User
+- **User:** Mike Swanson (mike)
+- **Machine:** DESKTOP-0O8A1RL
+- **Role:** admin
+- **Session span:** ~20:30–20:45 PT
+
+### Session Summary
+
+Diagnosed and fixed the "NetworkError when attempting to fetch resource" error appearing in the GuruRMM dashboard Registry tab across multiple machines. The error was occurring at the browser network level — not a server error, not a timeout, not a CORS failure.
+
+Investigation started by confirming CORS preflight returned HTTP 200 with correct `access-control-allow-origin: *` headers, that `rmm-api.azcomputerguru.com` was reachable (cert valid through June 30, HTTP 200 from health check), and that the registry endpoint itself worked correctly when called via curl — returning valid HKLM subkeys in under 2 seconds. The server logs showed no registry requests arriving, confirming the request was failing at the browser before reaching the server.
+
+Inspection of the deployed dashboard bundle (`index-Dd_cSzVZ.js`, built May 20) revealed the root cause: the `registryFetch` function (minified as `w6`) used hardcoded `http://localhost:3001/api` as its base URL and `localStorage.getItem("auth_token")` as the token key. The browser blocked the request as mixed content (HTTP fetch from an HTTPS page), producing the TypeError/NetworkError. The rest of the app used the axios client correctly configured to `https://rmm-api.azcomputerguru.com`. The source in the Gitea repo already had the correct `${API_BASE_URL}` usage, but the dashboard hadn't been rebuilt since the fix was committed.
+
+Attempted `npm run build` on the server — blocked by 5 TypeScript errors: unused imports in `AgentDetail.tsx` (`formatRelative`, `StatusBadge`, `SeverityBadge`), missing `watchdog` field on the `PolicyData` interface (AgentDetail.tsx was accessing `policy.watchdog?.check_interval_seconds` etc.), missing `Policy` type import in `AgentDetail.tsx`, an unused `BackupStatusBadge` in `MSPBackups.tsx`, and unused `CreateSiteResponse` in `Sites.tsx`. Fixed all 5 via the Coding Agent, committed (`167e59d`), rebuilt (2874 modules, 11.42s), and deployed. Verified new bundle `index-JLsRx3b8.js` has `Ac="https://rmm-api.azcomputerguru.com"` as the registry base URL. User confirmed registry editor works.
+
+Added "Remote Registry Editor (Windows)" section to `docs/FEATURE_ROADMAP.md` marking the read-only browser as `[x]` (shipped) and listing write operations (edit value, create key, create value, delete key/value, rename, export .reg, audit log) as P2/P3 future work.
+
+### Key Decisions
+
+- **Skipped re-testing CORS headers with credentials** — other API calls (axios-based) all work from the same origin, proving CORS is globally configured. The "NetworkError" category of error is browser-side rejection, not server-side rejection; CORS was ruled out early.
+- **Direct SSH curl test before browser debugging** — confirmed the registry endpoint worked at the server level in under 5 seconds; this immediately proved the bug was in the dashboard code, not agent or server.
+- **Added `watchdog` to `PolicyData` interface rather than casting** — the correct fix is to type it properly; a cast would silence the error but not document the shape. Shape was inferred from AgentDetail.tsx usage.
+- **Roadmap entry includes audit log item** — registry edits are a destructive remote action; logging who changed what is essential for MSP accountability even if it's P2 (not P1 like the edit capability itself).
+
+### Problems Encountered
+
+- **5 TypeScript errors blocked dashboard rebuild** — `tsc -b` is strict about unused locals and type completeness. Fixed by removing the unused imports and adding the `watchdog` field to `PolicyData`. Build was clean after.
+- **`wc -l` showed 897 lines but bundle grep showed old localhost URL** — the issue was that the deployed `index.html` was loading `index-Dd_cSzVZ.js` (May 20 build) while several newer bundles existed in the assets directory. Confirmed active bundle by reading `index.html` directly.
+
+### Configuration Changes
+
+- `dashboard/src/api/client.ts` — Added `watchdog?` block to `PolicyData` interface
+- `dashboard/src/pages/AgentDetail.tsx` — Removed unused imports (`formatRelative`, `StatusBadge`, `SeverityBadge`); added `Policy` to client.ts imports
+- `dashboard/src/pages/MSPBackups.tsx` — Removed unused `BackupStatusBadge` function + dead `BackupStatusValue` type alias
+- `dashboard/src/pages/Sites.tsx` — Removed unused `CreateSiteResponse` import
+- `docs/FEATURE_ROADMAP.md` — Added "Remote Registry Editor (Windows)" section after "File Operations"
+
+### Credentials & Secrets
+
+- **GuruRMM dashboard admin:** `admin@azcomputerguru.com` / `GuruRMM2025` (vault: `projects/gururmm/dashboard.sops.yaml`)
+- **JWT used for testing:** Short-lived token generated during session — expired, not recorded
+
+### Infrastructure & Servers
+
+- **GuruRMM server:** `172.16.3.30:3001` (HTTP direct), `https://rmm-api.azcomputerguru.com` (HTTPS via nginx, direct — not Cloudflare)
+- **Dashboard:** `https://rmm.azcomputerguru.com` (behind Cloudflare)
+- **`rmm-api.azcomputerguru.com` DNS:** `72.194.62.10` (direct public IP, Let's Encrypt cert valid through 2026-06-30)
+- **`rmm.azcomputerguru.com` DNS:** Cloudflare IPs (`104.26.8.237`, `104.26.9.237`, `172.67.72.147`)
+- **nginx config:** `/etc/nginx/sites-enabled/gururmm` — no `proxy_read_timeout` on `/api/` (default 60s)
+- **Dashboard deploy path:** `/var/www/gururmm/dashboard/`
+- **Gitea repo (server-side clone):** `/home/guru/gururmm`
+
+### Commands & Outputs
+
+```bash
+# Test registry CORS preflight
+curl -s -I -X OPTIONS "https://rmm-api.azcomputerguru.com/api/agents/test/registry/enumerate" \
+  -H "Origin: https://rmm.azcomputerguru.com" \
+  -H "Access-Control-Request-Method: POST" \
+  -H "Access-Control-Request-Headers: authorization,content-type"
+# Result: HTTP/1.1 200 OK, access-control-allow-origin: *
+
+# Confirm registry endpoint works end-to-end
+TOKEN="eyJ0eXAiOiJKV1Qi..."
+curl -s -X POST "http://172.16.3.30:3001/api/agents/7d4f823c-f23d-40b8-ae72-b83cd2ccb09d/registry/enumerate" \
+  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"path":"HKLM","mode":"keys"}'
+# Result: {"keys":[{"name":"BCD00000000","path":"HKLM\\BCD00000000"},{"name":"HARDWARE",...}]}
+
+# Find hardcoded URL in deployed bundle
+grep -oP '.{0,100}function w6.{0,100}' /var/www/gururmm/dashboard/assets/index-Dd_cSzVZ.js
+# Result: ...http://localhost:3001/api";function $fe(){...localStorage.getItem("auth_token")...
+
+# Build dashboard on server (after TS fix commit)
+cd /home/guru/gururmm/dashboard && npm run build
+# Result: 2874 modules transformed, 11.42s, no errors
+
+# Deploy
+sudo cp -r /home/guru/gururmm/dashboard/dist/* /var/www/gururmm/dashboard/
+```
+
+### Pending / Incomplete Tasks
+
+- **Registry write operations** — roadmap entry added (P2); no implementation started
+- **Peaceful Spirit VPN (BridgettePSHomeComputer)** — still needs VPN deployment when machine comes online; admin must interactively run `Set-VpnConnection -Name "Peaceful Spirit VPN" -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AllUserConnection -Force`
+- **Pre-login VPN verification (Peaceful Spirit)** — confirm VPN auto-connects at Windows login screen on Maras-HP-Laptop and PST-SURFACE
+
+### Reference Information
+
+- **Commits this update:** `167e59d` (TypeScript fixes + dashboard rebuild)
+- **NEPTUNE agent ID:** `7d4f823c-f23d-40b8-ae72-b83cd2ccb09d`
+- **Active dashboard bundle:** `/var/www/gururmm/dashboard/assets/index-JLsRx3b8.js` (built 2026-05-23 04:08)
+- **Roadmap file:** `projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md`
+- **Registry API routes:** `POST /api/agents/:id/registry/enumerate`, `POST /api/agents/:id/registry/read`
+- **Registry server code:** `server/src/api/registry.rs`
+- **Registry dashboard components:** `dashboard/src/components/registry/RegistryBrowser.tsx`, `RegistryTree.tsx`, `RegistryValues.tsx`