From 6e5a38953985e03fccb964e5afab18c456a6410c Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Sat, 13 Jun 2026 12:11:14 -0700 Subject: [PATCH] sync: auto-sync from GURU-5070 at 2026-06-13 12:10:56 Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-13 12:10:56 --- .claude/memory/MEMORY.md | 1 + .../feedback_dm_wrapping_commands_to_mike.md | 29 ++++++ ...6-13-mike-rmm-legacy-nativescm-and-smb1.md | 89 +++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 .claude/memory/feedback_dm_wrapping_commands_to_mike.md create mode 100644 session-logs/2026-06-13-mike-rmm-legacy-nativescm-and-smb1.md diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 00b34d7..be15c0f 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -139,3 +139,4 @@ - [IX WHM API access = 'ClaudeTools' token, not password](ix-whm-dns-api-access.md) — IX cPanel/WHM (ix.azcomputerguru.com:2087) DNS + all API work uses the FULL-ACCESS-root WHM API token at vault `infrastructure/ix-server` `credentials.whm-api-token` via header `Authorization: whm root:` (force curl -4). Password basic-auth on legacy json-api now 403s. Public NS ns1/ns2.acghosting.com = 52.52.94.202. - [Vault EVERY credential surfaced in-session](feedback-vault-every-credential.md) — any cred (pasted/created/discovered) -> store via the vault skill + document purpose & exact usage immediately; it's a standing job rule (reinforced in CORE CLAUDE.md). Lost IX creds wasted ~1h on 2026-06-12. - [GuruRMM install-report v1: reuse endpoint + failed-install agent](gururmm-install-report-failed-agent-v1.md) — legacy NSIS installer reuses /api/install-report (machine info + logs, success+fail); server upserts a visible "failed-install" device on failure reports (Mike: in v1); verify-connect-before-success; trend/near-fail analytics. Server side is a separate sequential SPEC after the legacy-agent branch lands. +- [DM wrapping commands to Mike in Discord](feedback_dm_wrapping_commands_to_mike.md) — long/wrapping one-liners go via Discord DM (code block copies clean), not just chat; bot token vault projects/discord-bot/bot-token, Mike uid 264814939619721216, MUST set User-Agent header or Cloudflare 403 errcode 1010; helper .claude/tmp/discord-dm.py diff --git a/.claude/memory/feedback_dm_wrapping_commands_to_mike.md b/.claude/memory/feedback_dm_wrapping_commands_to_mike.md new file mode 100644 index 0000000..6bec4dd --- /dev/null +++ b/.claude/memory/feedback_dm_wrapping_commands_to_mike.md @@ -0,0 +1,29 @@ +--- +name: feedback_dm_wrapping_commands_to_mike +description: When a command/snippet you want Mike to run is long enough to wrap in the terminal, DM it to him in Discord (code block copies cleanly) instead of only putting it in chat. +metadata: + type: feedback +--- + +Mike (2026-06-13): "For any command that wraps (like this one) DM me in discord, the +line breaks suck." Terminal line-wrapping mangles long one-liners when he copies them. + +**How to apply:** When you produce a command/code block for Mike to run that would wrap +in the terminal (long one-liners, multi-flag commands), send it to him via Discord DM as a +```fenced code block``` (Discord copies the whole line cleanly regardless of visual wrap), +and just reference it in chat ("DM'd you the command"). Short, non-wrapping commands can +stay inline. + +**Mechanics (verified working 2026-06-13):** +- Bot token: vault `projects/discord-bot/bot-token.sops.yaml` field `credentials.bot_token`. +- Mike's Discord user id: `264814939619721216` (Howard: `624667664501178379`). +- **MUST set a `User-Agent` header** like `DiscordBot (https://azcomputerguru.com, 1.0)` -- + Discord's API is behind Cloudflare, which returns **403 error 1010** for the default + urllib/curl UA. This is the #1 gotcha; both DM-open and message-send fail without it. +- Open a DM channel: `POST https://discord.com/api/v10/users/@me/channels {"recipient_id":}` + -> returns channel id; then `POST /channels//messages {"content": "..."}`. +- Reusable helper written this session: `.claude/tmp/discord-dm.py` (reads body from a file + or stdin; `BOT_TOKEN` from env). The bot CAN initiate DMs to Mike (mutual guild + 624663750603046913); the earlier 403 was the missing UA, not a privacy block. + +Related: [[reference_resource_map]] (Discord bot), the `discord-bot` project. diff --git a/session-logs/2026-06-13-mike-rmm-legacy-nativescm-and-smb1.md b/session-logs/2026-06-13-mike-rmm-legacy-nativescm-and-smb1.md new file mode 100644 index 0000000..358fefc --- /dev/null +++ b/session-logs/2026-06-13-mike-rmm-legacy-nativescm-and-smb1.md @@ -0,0 +1,89 @@ +# Session 2026-06-13 — GuruRMM legacy native-SCM MSRV probe + SMB1 client enable + +## User +- **User:** Mike Swanson (mike) +- **Machine:** GURU-5070 +- **Role:** admin + +## Summary +Two threads: +1. **GuruRMM legacy 32-bit installer decision (due-today item).** Investigated whether the + legacy tier can adopt native SCM (the multi-AI recommendation in `installer/legacy/README.md` + / SPEC-029 §12), which was documented as blocked on a Rust-1.77 / i686 MSRV check for the + `windows-service` crate. **Result: GREEN, end-to-end.** The MSRV wall does not exist, and the + `legacy` and `native-service` Cargo features are orthogonal (TLS gates on `legacy` alone). +2. **SMB1 client enable** on this Win11 box to reach `192.168.0.20` over the VWP VPN. Staged; + reboot pending. + +## Thread 1 — GuruRMM legacy native-SCM (GREEN) + +### Findings +- **Isolated MSRV probe** (throwaway crate, `windows-service = "0.7"` + `windows = "0.58"` with + the agent's exact feature set): compiles clean on Rust 1.77 -> `i686-pc-windows-msvc`. Run on + Beast (`guru@100.101.122.4`). Resolved to 1.77-safe versions (windows-sys 0.52.0, + windows-targets 0.52.6). GURU-5070 itself has NO MSVC build tools, so the probe was run on Beast. +- **README premise was wrong on two counts:** (a) the crates DO build on 1.77/i686; (b) the legacy + rustls TLS-1.2 path gates on the `legacy` feature ONLY (`agent/src/transport/tls.rs` header says + so) — NOT on the absence of `native-service`. So `--features legacy,native-service` gives both + Win7 rustls TLS 1.2 AND native SCM. The `legacy` feature is purely additive + (rustls/webpki/zeroize); zero overlap with `native-service` (`agent/Cargo.toml`). +- **End-to-end build (the confirmation Mike approved):** real agent crate, + `cargo +1.77 build --ignore-rust-version --release --no-default-features --features legacy,native-service + --target i686-pc-windows-msvc`, built in an **isolated git worktree** on Beast + (`C:\Temp\gururmm-nsvc`, detached at `fad54ed`) with a separate target dir + (`C:\Temp\gururmm-nsvc-target`), lock moved aside so 1.77 re-resolves scoped to the feature set + (mirrors the pipeline's legacy wave). **Full-graph lock resolution SUCCEEDED** (the edition-2024 + transitive-dep fear did not materialize). Built in 2m39s, exit 0, 17 warnings (incl. the + already-tracked unused `TrayLauncher::terminate_all`). + +### Artifact +- **Path (GURU-5070):** `C:\Users\guru\Downloads\gururmm-agent-legacy-nativeSCM-x86-0.6.66.exe` +- **SHA256:** `b0a25e17401c4c16a1334a65c75c6fde7a2ac26d1b60a8cfbca8d13b65e891d3` +- Confirmed 32-bit PE (machine `0x014C`), 5.29 MB. **Unsigned** (isolated build — not via pipeline). +- Compiled-in endpoints (production): `wss://rmm-api.azcomputerguru.com/ws` / + `https://rmm-api.azcomputerguru.com`. Will enroll as a real device. + +### Enrollment gotcha (traced for the Valleywide test) +- Native `install()` (`agent/src/service.rs:476`) writes the input into `agent.toml`'s `api_key`; + it does NOT set registry `SiteId`. The runtime resolver `resolve_windows_config()` + (`agent/src/main.rs`) only ENROLLS when `HKLM\SOFTWARE\GuruRMM\SiteId` is set (enrolls via + `/api/enroll` with the site UUID; a friendly code 422s). With only a TOML `api_key` it uses the + value verbatim and the server rejects a site code. +- **Bulletproof test procedure (elevated):** + 1. `reg add HKLM\SOFTWARE\GuruRMM /v SiteId /t REG_SZ /d /f` (UUID, not code; FIRST) + 2. `gururmm-agent-...exe install --api-key --skip-legacy-check` + 3. `gururmm-agent-...exe start` (service name `GuruRMMAgent`, install dir `C:\Program Files\GuruRMM`) + - Verify: `sc query GuruRMMAgent` = RUNNING (real SCM, no NSSM); `reg query HKLM\SOFTWARE\GuruRMM /v AgentKey` + appears within ~120s (enrolled over rustls TLS 1.2); device online in dashboard. + - Teardown: `gururmm-agent-...exe uninstall`. + +### Beast cleanup pending +- Leftover on Beast: `C:\Temp\gururmm-nsvc` (git worktree — remove with + `git -C C:\gururmm worktree remove --force C:\Temp\gururmm-nsvc`) and `C:\Temp\gururmm-nsvc-target`, + `C:\Temp\nsvc-build.bat`, `C:\Temp\nsvc-build.log`. Left in place in case signing/rebuild needed. + +### Next +- Mike validates the binary on a Valleywide machine. On runtime-PASS, correct the SPEC-029 §12 / + `installer/legacy/README.md` "blocked / ship NSIS+NSSM" note and pursue the unified x86-MSI + + native-SCM direction (drops NSIS + NSSM). Optional: sign the test exe via `sign-windows.sh`. + +## Thread 2 — SMB1 client enable (GURU-5070, Win11) +- Goal: reach `192.168.0.20` over VWP VPN (Tailscale off). Both SMB ports reachable (TCP 445 + 139 + open; ICMP blocked, normal). No per-connection SMB1 switch exists — must install the SMB1 client + optional feature. +- **Done:** `SMB1Protocol` (parent) + `SMB1Protocol-Client` ENABLED; `SMB1Protocol-Server` left + DISABLED (client-only). Payload was present (state was `Disabled`, not payload-removed). +- **Reboot REQUIRED** — `mrxsmb10` driver registers only on restart. (This /scc ends with a reboot.) +- After reboot: reconnect VWP VPN; `net use \\192.168.0.20\ ...`; verify with + `Get-SmbConnection` Dialect = 1.5. +- **Caveat:** `EnableInsecureGuestLogons` = False. If `.20` is a guest/NAS share, also need + `Set-SmbClientConfiguration -EnableInsecureGuestLogons $true`. +- **REVERT when done (security):** disable `SMB1Protocol-Client` + parent (+ insecure-guest if set), + reboot to unload driver. SMB1 = EternalBlue-class exposure; do not leave on. + +## Pending tasks +- [ ] Mike: validate native-SCM legacy agent on a Valleywide machine (artifact + procedure above). +- [ ] On PASS: correct SPEC-029 §12 / legacy README; pursue unified x86-MSI + native-SCM. +- [ ] Clean up Beast `C:\Temp\gururmm-nsvc*` worktree/target/bat/log. +- [ ] After SMB1 task: revert SMB1 client enable on GURU-5070 + reboot. +- [ ] Other due-today item still open: SPEC-030 Phase 1 (failed-install visibility) — not started.