azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-KALI at 2026-05-26 20:00:50

Browse Source 
Author: Mike Swanson
Machine: GURU-KALI
Timestamp: 2026-05-26 20:00:50
This commit is contained in:
Mike Swanson
2026-05-26 20:00:51 -07:00
parent 8bdb9197c4
commit 7b79fab5be
1 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
session-logs/2026-05-26-guru-kali-attribution-hardening.md
View File

@@ -96,3 +96,51 @@ Audited all 60 files in `.claude/memory/` (delegated the read+cross-reference to
- Ollama Tailscale fallback — is it Howard-Home @ 100.92.127.64 or GURU-BEAST-ROG @ 100.101.122.4 (CLAUDE.md)?
- Has `install-hooks.sh` run on the Mac? (if yes, delete `project_mac_gururmm_setup_pending.md`)
- Neptune 2026-03-22 overnight TODOs and Pluto key rotation — still open?
## Update: 20:00 MST — Ollama per-machine fallback + Pluto/Neptune key evaluation
Resolved the three items Mike flagged from the memory sweep.
**Session Summary**
Mike directed three follow-ups: (1) Ollama fallback is a per-machine user choice — store it in identity.json; (2) ask the Mac about the pending hooks setup; (3) evaluate the Pluto/Neptune SSH key-rotation question, noting both run the GuruRMM agent.
For Ollama, added `ollama_fallback` to GURU-KALI's identity.json (GURU-BEAST-ROG @ 100.101.122.4, Mike's choice) and rewrote the fallback resolution in three places — `feedback_ollama_tier0_routing.md`, `.claude/OLLAMA.md`, and the CLAUDE.md Ollama table — to read the per-machine endpoint from identity.json instead of hardcoding an IP. This removed the [DISCREPANCY] caveat (the memory's 100.92.127.64/Howard-Home value was the lone outlier; CLAUDE.md/OLLAMA.md already used Beast).
For the Pluto/Neptune keys, used the GuruRMM API from GURU-KALI (reachable) to dispatch a read-only PowerShell command to both agents enumerating authorized_keys comments. Findings resolved the question factually: Pluto's old `guru@DESKTOP-0O8A1RL` key is already rotated out (current keys are the build server's: `gururmm-build@gururmm-server`, `guru@gururmm-build`); Neptune has no SSH authorized_keys at all. Updated reference_pluto_build_server.md to the verified state. Sent a coord message to the Mac re: install-hooks.sh (no reply yet).
**Key Decisions**
- Ollama fallback made a per-machine identity.json field (not a fleet-wide constant) per Mike's "user can choose" directive; resolver degrades to local-only when unset, so other machines are safe until they set their own.
- Evaluated the key question via RMM read-only dispatch rather than guessing or SSH-ing — both targets run the agent, and reading authorized_keys is non-destructive.
- Did NOT add GURU-5070's pubkey to Pluto or rotate anything — Mike said "evaluate," and key writes need explicit confirmation. Surfaced it as a decision instead.
**Configuration Changes**
- `.claude/identity.json` (gitignored, not synced) — added `ollama_fallback: {host: GURU-BEAST-ROG, endpoint: http://100.101.122.4:11434}`.
- `.claude/memory/feedback_ollama_tier0_routing.md` — resolver now reads identity.json `ollama_fallback`; removed [DISCREPANCY] caveat.
- `.claude/OLLAMA.md` — Endpoints resolver + rationale rewritten to per-machine identity.json; fixed retired DESKTOP-0O8A1RL / HOWARD-HOME references.
- `.claude/CLAUDE.md` — Ollama table + fallback note now point at identity.json `ollama_fallback`.
- `.claude/memory/reference_pluto_build_server.md` — authorized-key line replaced with RMM-verified current keys; noted GURU-5070 key not yet authorized.
**Infrastructure & Servers**
- GuruRMM API: `http://172.16.3.30:3001`, auth via SOPS `infrastructure/gururmm-server.sops.yaml` (claude-api@azcomputerguru.com). Reachable from GURU-KALI.
- Agent IDs: PLUTO `5316f56f-a1b3-4ac5-97ac-71ddf6a74d2e` (172.16.3.36), NEPTUNE `7d4f823c-f23d-40b8-ae72-b83cd2ccb09d`. 60 agents enrolled total.
- Pluto authorized keys (verified 2026-05-26): `gururmm-build@gururmm-server`, `guru@gururmm-build` in both `C:\ProgramData\ssh\administrators_authorized_keys` and `Administrator\.ssh\authorized_keys`. Neptune: none.
**Commands & Outputs**
- RMM execute pattern: `POST /api/agents/:id/command` (command_type=powershell), poll `GET /api/commands/:id`. zsh gotcha: `status` is a read-only var — ran the dispatcher under `bash` and used `st` instead.
- Coord message to Mac: id `625d80a7-6689-4aef-87a6-b6aa46e26dd9`.
**Pending / Incomplete Tasks**
- Mac `install-hooks.sh` status — awaiting Mac coord reply; delete `project_mac_gururmm_setup_pending.md` once confirmed.
- Decision: add GURU-5070's pubkey to Pluto so the documented workstation-SSH workflow works? (write op, needs confirmation.)
- Decision: coord-broadcast a "set your `ollama_fallback`" note to other machines, or leave each to choose?
**Reference Information**
- Commits this session: attribution hardening `4e97e20`, memory sweep `d3f3d28`, Ollama/Pluto `8bdb919`.
- New script: `.claude/scripts/whoami-block.sh`. New rule memory: `feedback_attribution_from_identity.md`. GURU-5070-added memory: `feedback_rmm_dev_is_mike.md`.