From 7bca175176742f96564d14ab91db98f42c20ac82 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Wed, 20 May 2026 05:10:56 -0700 Subject: [PATCH] sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-20 05:10:44 Author: Mike Swanson Machine: DESKTOP-0O8A1RL Timestamp: 2026-05-20 05:10:44 --- .claude/scheduled_tasks.lock | 2 +- .../ai-demand-review/GND-meeting-prep.txt | 2 +- session-logs/2026-05-20-session.md | 114 ++++++++++++++++++ 3 files changed, 116 insertions(+), 2 deletions(-) diff --git a/.claude/scheduled_tasks.lock b/.claude/scheduled_tasks.lock index d9952f3..cddcf13 100644 --- a/.claude/scheduled_tasks.lock +++ b/.claude/scheduled_tasks.lock @@ -1 +1 @@ -{"sessionId":"541d4004-8c45-4290-89f5-0ba9ee4e64a9","pid":23068,"acquiredAt":1778772467880} \ No newline at end of file +{"sessionId":"d91f202e-ddd5-46d7-b674-f848eb78aa8e","pid":17204,"acquiredAt":1779243065349} \ No newline at end of file diff --git a/clients/grabb-durando/ai-demand-review/GND-meeting-prep.txt b/clients/grabb-durando/ai-demand-review/GND-meeting-prep.txt index 41d1ee3..10947aa 100644 --- a/clients/grabb-durando/ai-demand-review/GND-meeting-prep.txt +++ b/clients/grabb-durando/ai-demand-review/GND-meeting-prep.txt @@ -49,7 +49,7 @@ STYLE AND JUDGMENT CALLS — these define the prompt: 1. What's your rule for full-narrative vs. short-form? Is it dollar threshold, hospitalization, institutional defendant, contested liability — or just your - call case by case? + call case by case? 2. When the AI flags an injury mentioned in the intake notes but unsupported by records, what do you want it to do? Include and flag, exclude silently, or diff --git a/session-logs/2026-05-20-session.md b/session-logs/2026-05-20-session.md index 6cc9cf0..62ab5cd 100644 --- a/session-logs/2026-05-20-session.md +++ b/session-logs/2026-05-20-session.md @@ -403,3 +403,117 @@ Co-Authored-By: Claude Sonnet 4.5 **Status:** Complete - coordination hooks fixed and deployed **Breaking Changes:** None - backwards compatible **User Impact:** Positive - eliminates manual setup, fixes broken hooks + +--- + +# Session Log — 2026-05-20 (DESKTOP-0O8A1RL) + +## User +- **User:** Mike Swanson (mike) +- **Machine:** DESKTOP-0O8A1RL +- **Role:** admin +- **Session span:** 2026-05-19 evening – 2026-05-20 02:20 UTC (build complete) + +--- + +## Session Summary + +The session had three major phases: policy gap remediation, audit skill creation + execution, and full audit remediation. + +**Policy gap remediation:** Resumed from a prior session that had identified gaps between the GuruRMM policy system and the agent's actual behavior. Mike confirmed watchdog should not be policy-configurable — it is a core hardcoded agent feature. Watchdog was removed entirely from PolicyData (server db/policies.rs), AgentConfigUpdate (policy/config_update.rs), merge.rs, and the dashboard Policies.tsx. Simultaneously, `user_inventory.interval_hours` was wired end-to-end: added to PolicyData, mapped to AgentConfigUpdate, merged in merge.rs, and surfaced in the Policies dashboard UI as a "User Inventory" tab replacing the removed Watchdog tab. Migration 040 cleaned up existing policy_data JSONB rows. A compile error in effective.rs (test asserting on `defaults.watchdog`) was caught and fixed manually after the Coding Agent missed it. + +**Audit skill and execution:** A new `/rmm-audit` skill was created at `.claude/skills/rmm-audit/SKILL.md`. The skill defines a 5-pass parallel audit framework (API Coverage, UI Gaps, Rust Quality, TypeScript Quality, Data Integrity & Security), aggregation logic, and report + living-doc update protocol. The skill was immediately invoked and ran 4 parallel audit agents against the full codebase. The audit produced 36 findings: 1 CRITICAL, 11 HIGH, 18 MEDIUM, 8 LOW. The report was written to `projects/msp-tools/guru-rmm/reports/2026-05-19-rmm-audit.md` and UI_GAPS.md was updated with 1 completed item and 4 new gaps. + +**Audit remediation:** Mike said "Fix all." All 36 findings were addressed across three parallel coding agents (server, dashboard, agent), followed by a code review agent and a new-UI-pages agent. The CRITICAL finding (8 sqlx compile-time macros) was converted to runtime queries. Seven unauthenticated server endpoints had AuthUser added. The broken registry.ts auth key was fixed by migrating the file into client.ts. Three new dashboard pages were built: Organizations, WatchdogAlerts, and MSPBackups. Tunnel wire format was completed server-side. Rate limiting, input validation, output truncation, metrics clamping, and the internal_err() error-masking helper were all added. Agent wire format was cleaned up (watchdog removed, maintenance_window added). + +**Build and deployment:** Push to Gitea triggered the webhook pipeline. The first build attempt failed with 3 agent compile errors (scoping issue, missing import, missing struct fields on Linux/macOS paths) plus a pre-existing PowerShell format string escaping bug in users.rs. Both were fixed and a second push triggered. Version 0.6.27 built successfully in 11.4 minutes with all artifacts signed and deployed. + +--- + +## Key Decisions + +- **Watchdog removed from policy system entirely:** User confirmed watchdog is a core hardcoded feature, not admin-configurable. Removed from PolicyData, AgentConfigUpdate, merge.rs, dashboard UI, and agent ConfigUpdatePayload. +- **registry.ts migrated into client.ts rather than just fixing the key:** Two bugs existed (wrong localStorage key + potential double /api URL). Consolidating into the shared axios instance fixed both. +- **Legacy heartbeat/command_result deprecated to 410 Gone:** Both handlers were TODO stubs. Returning 410 surfaces the deprecation rather than adding validation to dead code. +- **truncate_output UTF-8 safety:** Code review flagged potential panic — byte-index slice on a String can panic at multi-byte char boundary. Fixed by walking back to the nearest valid char boundary. +- **Rate limiting as concurrency cap, not per-IP:** tower's built-in rate limiter is global. Applied ConcurrencyLimitLayer(5) to /enroll with a note that per-IP requires the governor crate. + +--- + +## Problems Encountered + +- **effective.rs compile error after watchdog removal:** Coding Agent missed a test assertion referencing `defaults.watchdog`. Caught via post-agent grep, fixed with a targeted Edit. +- **Agent compile errors after first push:** E0425 (user_inv_interval out of scope in static handle_server_message), E0433 (Ordering import missing), E0063 (UserEntry/UserInventory missing fields on Linux/macOS paths). Fixed and pushed as second commit. +- **Windows format string escaping (pre-existing):** `{{eg}}/{{eu}}` in users.rs PowerShell strings produced literal text instead of interpolating variables. Rustc caught it during release build. Fixed by removing double-brace escaping. + +--- + +## Configuration Changes + +**New files:** +- `projects/msp-tools/guru-rmm/reports/2026-05-19-rmm-audit.md` +- `.claude/skills/rmm-audit/SKILL.md` +- `dashboard/src/pages/Organizations.tsx` +- `dashboard/src/pages/WatchdogAlerts.tsx` +- `dashboard/src/pages/MSPBackups.tsx` + +**Modified — server:** db/policies.rs, policy/config_update.rs, policy/merge.rs, policy/effective.rs, db/logs.rs, api/install_report.rs, api/agents.rs, ws/mod.rs, api/enroll.rs, api/mod.rs, api/install.rs, api/policies.rs, api/sites.rs, api/organizations.rs, api/mspbackups.rs, migrations/040_policy_user_inventory.sql + +**Modified — dashboard:** api/client.ts, pages/Policies.tsx, pages/Agents.tsx, pages/Clients.tsx, pages/AgentDetail.tsx, pages/SiteDetail.tsx, App.tsx, components/Layout.tsx, components/registry/RegistryTree.tsx, components/registry/RegistryValues.tsx + +**Deleted:** `dashboard/src/lib/api/registry.ts` + +**Modified — agent:** transport/mod.rs, transport/websocket.rs, watchdog/monitor.rs, watchdog/pipe.rs, users.rs + +**Modified — docs:** docs/UI_GAPS.md, .claude/CLAUDE.md + +--- + +## Infrastructure & Servers + +- **GuruRMM server:** 172.16.3.30:3001 +- **Build server:** 172.16.3.30 (Linux, webhook) + Pluto 172.16.3.36 (Windows/MSI) +- **Gitea:** http://172.16.3.20:3000/azcomputerguru/gururmm +- **Docker registry:** 172.16.3.20:3000/azcomputerguru/gururmm-agent:0.6.27 + +--- + +## Commands & Outputs + +**Build log check:** +```bash +"C:\Windows\System32\OpenSSH\ssh.exe" guru@172.16.3.30 "tail -80 /var/log/gururmm-build.log" +``` + +**Final build result — v0.6.27 (684 seconds):** +- Linux agent: release/LTO, 1m 33s +- Windows x64/x86/tray: compiled + signed +- Base MSI: gururmm-agent-base-0.6.27.msi — signed +- Docker image pushed, local agent on .30 updated + +**Commit chain (gururmm submodule):** +- `99b7f2e` — audit report + UI_GAPS.md update +- `9d917c3` — fix: 2026-05-19 audit remediation +- `e1ea40a` — fix: agent compile errors +- `8404a3c` — fix: Windows format string + Ordering import + +--- + +## Pending / Incomplete Tasks + +- agent_status_stream SSE unauthenticated [MEDIUM] — needs fetch-based EventSource in dashboard +- registration_tokens + tunnel_audit dead tables [LOW] — needs DROP TABLE migration +- Remaining ~66 raw e.to_string() error returns [MEDIUM] — partial sweep only +- Tunnel session management + terminal forwarding [HIGH] — wire format complete, logic not yet +- Enrollment Management Dashboard, Install Reporting Dashboard, Temperature Monitoring BUG-001 +- maintenance_window enforcement on agent [MEDIUM] — received but not honored +- register_agent/register_legacy admin gate [WARN] — currently any authenticated user + +--- + +## Reference Information + +- **Audit report:** `projects/msp-tools/guru-rmm/reports/2026-05-19-rmm-audit.md` +- **Audit skill:** `.claude/skills/rmm-audit/SKILL.md` +- **GuruRMM version:** 0.6.27 (deployed 2026-05-20 02:20 UTC) +- **New routes:** `/organizations`, `/watchdog-alerts`, `/backups`