From 7d326f2fd064b2e5ffb4512e51563481a72d6734 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 29 May 2026 10:37:44 -0700 Subject: [PATCH] docs: record Claude-Builder=PLUTO mapping + infra working-feedback memories - Pluto memory/wiki/machine notes: Unraid VM "Claude-Builder" == hostname PLUTO == 172.16.3.36 (same box); RMM-agent access path when SSH key unauthorized; now also builds the GuruConnect Windows agent + hosts a Gitea Actions runner. - New feedback memories: post #bot-alerts only for client/ticket-affecting RMM commands; proceed autonomously through routine infra/build prerequisites. Co-Authored-By: Claude Opus 4.8 (1M context) --- .claude/machines/pluto.md | 6 ++++++ .claude/memory/MEMORY.md | 4 +++- .../memory/feedback_autonomous_infra_setup.md | 17 +++++++++++++++ .../feedback_no_botalerts_internal_rmm.md | 21 +++++++++++++++++++ .../memory/reference_pluto_build_server.md | 4 +++- wiki/systems/pluto.md | 6 ++++-- 6 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 .claude/memory/feedback_autonomous_infra_setup.md create mode 100644 .claude/memory/feedback_no_botalerts_internal_rmm.md diff --git a/.claude/machines/pluto.md b/.claude/machines/pluto.md index fe06729..039baa2 100644 --- a/.claude/machines/pluto.md +++ b/.claude/machines/pluto.md @@ -13,6 +13,12 @@ general-purpose workstation — it has no Claude Code, no vault, no coord API ac Its sole function is to run `cargo build` for Windows targets when `build-windows.sh` SSHes in. +It also runs a **GuruRMM agent** (enrolled as hostname **PLUTO**, client "AZ Computer Guru"), +so it can be driven via `/rmm` (run PowerShell) when a workstation's SSH key isn't authorized — +e.g. to inspect the box or add a pubkey. As of 2026-05-29 it also builds the **GuruConnect** +Windows agent and hosts a Gitea Actions runner for guru-connect's native MSVC builds. There is +no dedicated `pluto` vault entry — the box is the Unraid VM named "Claude-Builder". + --- ## Hardware & Location diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 248cbde..3d75967 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -17,7 +17,7 @@ - [GuruRMM Server Layout](reference_gururmm_server.md) - SSH as `guru`, repo at /home/guru/gururmm, deploy to /var/www/gururmm/dashboard/ - [GuruRMM API — run script on agent](reference_gururmm_api.md) — POST /api/agents/:id/command (command_type=powershell); poll /api/commands/:id for output. Beats ScreenConnect copy-paste. - [GuruRMM user_session command context](reference_gururmm_user_session_context.md) — command API `context=user_session` runs as the logged-on user (WTS); does interactive-only cmds that fail as SYSTEM. Needs an active (admin) user. -- [Pluto Build Server](reference_pluto_build_server.md) — Windows build VM, 172.16.3.36, SSH Administrator, MSVC + WiX. Use for any EXE/MSI build. +- [Pluto Build Server](reference_pluto_build_server.md) — Windows build VM: hostname PLUTO = Unraid VM "Claude-Builder" = 172.16.3.36 (all the same box). MSVC + WiX. No `pluto` vault entry. Drive via /rmm (agent enrolls as PLUTO) when SSH key isn't authorized. - [Coord /messages API shape](reference_coord_messages_api_shape.md) — GET /api/coord/messages returns {total,skip,limit,messages[]} NOT a bare array; parse .messages[], strip control chars, read flag may be null. ## Users @@ -61,6 +61,8 @@ - [Howard: defer backend/server follow-up to Mike](feedback_howard_delegation.md) — Howard doesn't want to touch server/agent code unless Mike asks - [Syncro is the default PSA; Autotask is opt-in](feedback_psa_default_syncro.md) — Ticketing/billing/customers default to Syncro (/syncro). Only use /autotask on an explicit "in Autotask" request. /autotask kept local/undistributed. - [Command Formatting](feedback_command_formatting.md) — Always multi-line scripts, never one-liners; one-liners wrap in chat and break on copy-paste +- [No bot-alerts for internal RMM dev/infra](feedback_no_botalerts_internal_rmm.md) — Post #bot-alerts ONLY when an RMM command directly affects a client endpoint or ticket; skip for internal build/CI/dev/recon. +- [Autonomous infra/build setup](feedback_autonomous_infra_setup.md) — During infra/build/CI/dev setup, just install prerequisites and push through routine steps; reserve check-ins for genuine decisions (forks, destructive/outward, client/prod). ## Machine - [GURU-5070 Workstation Setup](reference_workstation_setup.md) - Mike's primary (owner confirmed 2026-05-26). Windows 11 Pro. Renamed from OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070; all the same box, all Mike's. diff --git a/.claude/memory/feedback_autonomous_infra_setup.md b/.claude/memory/feedback_autonomous_infra_setup.md new file mode 100644 index 0000000..14a05ce --- /dev/null +++ b/.claude/memory/feedback_autonomous_infra_setup.md @@ -0,0 +1,17 @@ +--- +name: feedback_autonomous_infra_setup +description: During build/CI/infra/dev-tooling setup, just install prerequisites and push through routine steps autonomously; don't pause to ask before each one +metadata: + type: feedback +--- + +For infrastructure / build / CI / dev-tooling setup, Mike wants forward momentum. **Don't stop to +ask before routine prerequisite steps** — e.g. installing Node.js on a build VM, adding tools to +PATH, installing a toolchain, registering a runner. Just do them and report. + +**Reserve check-ins for genuine decisions:** architecture forks, destructive or +outward-facing/irreversible actions, ambiguous requirements, or anything touching client/production +state. Routine "X needs to be installed" is not a decision — install it. + +Stated 2026-05-29 during the PLUTO Gitea-Actions-runner setup (re: installing Node for host-mode JS +actions). Related: [[reference_pluto_build_server]], [[feedback_no_botalerts_internal_rmm]]. diff --git a/.claude/memory/feedback_no_botalerts_internal_rmm.md b/.claude/memory/feedback_no_botalerts_internal_rmm.md new file mode 100644 index 0000000..9bf0944 --- /dev/null +++ b/.claude/memory/feedback_no_botalerts_internal_rmm.md @@ -0,0 +1,21 @@ +--- +name: feedback_no_botalerts_internal_rmm +description: Post #bot-alerts ONLY when an RMM command directly affects a client endpoint or a ticket; skip for internal infra/build/dev/recon (e.g. PLUTO build-runner setup) +metadata: + type: feedback +--- + +The `/rmm` skill instructs "post a one-line #bot-alert after every dispatch." Mike does NOT want +#bot-alerts for **internal infrastructure / dev-tooling** commands — e.g. installing a Gitea Actions +runner on PLUTO, CI/build orchestration on build VMs, inventory/recon during setup. + +**The rule (Mike, 2026-05-29):** post a #bot-alert ONLY when the RMM command **directly affects a +client endpoint or a ticket** (remediation, a client machine change, ticket-linked work). For +everything else — internal infra, build/CI orchestration, dev-tooling, recon/inventory (e.g. the +PLUTO build-runner setup) — SKIP the alert. + +**Why:** keeps #bot-alerts signal-high — it's a client/ticket activity feed, not a build log. + +**How to apply:** When dispatching via `/rmm` or the GuruRMM command API, ask "does this touch a +client/ticket?" If no, do NOT call `post-bot-alert.sh`. Overrides the skill's blanket "alert after +every dispatch" rule. Related: [[reference_pluto_build_server]]. diff --git a/.claude/memory/reference_pluto_build_server.md b/.claude/memory/reference_pluto_build_server.md index e9c1357..016e9e1 100644 --- a/.claude/memory/reference_pluto_build_server.md +++ b/.claude/memory/reference_pluto_build_server.md @@ -1,12 +1,14 @@ --- name: Pluto Build Server -description: General-purpose Windows build VM on Jupiter — for any EXE needing native Windows compilation (utilities, Howard's tools, GuruRMM agent, etc.) +description: General-purpose Windows build VM — hostname PLUTO / Unraid VM name "Claude-Builder" / 172.16.3.36. For any EXE needing native Windows MSVC compilation (utilities, Howard's tools, GuruRMM + GuruConnect agents). Drive via /rmm (agent enrolls as PLUTO) when SSH key isn't authorized. type: reference --- Pluto is a Windows Server VM on Jupiter. It is the **general-purpose Windows build machine** for any project needing a native Windows executable — not just GuruRMM. - **Hostname:** PLUTO (VM on Jupiter) +- **Unraid VM name:** **Claude-Builder** — the VM is listed as "Claude-Builder" in Unraid; it is the SAME machine as PLUTO / 172.16.3.36. There is **no dedicated `pluto` vault entry** — don't go searching for one. +- **Drive it remotely without SSH:** PLUTO runs a GuruRMM agent (client "AZ Computer Guru"). Use `/rmm` — resolve hostname **PLUTO** → agent id at runtime (IDs change on re-enroll; do not hardcode) — to run PowerShell on it. This is the path to use when a workstation's SSH key isn't authorized (e.g. GURU-5070, see below). - **Static IP:** 172.16.3.36 (confirmed static 2026-04-19) - **SSH:** `ssh -i ~/.ssh/id_ed25519 Administrator@172.16.3.36` (key auth) - **Authorized keys (verified via RMM 2026-05-26):** `gururmm-build@gururmm-server` and `guru@gururmm-build` (the build server's keys), present in both `C:\ProgramData\ssh\administrators_authorized_keys` and `Administrator\.ssh\authorized_keys`. The old `guru@DESKTOP-0O8A1RL` key (retired machine) has already been rotated out. NOTE: no personal-workstation key (e.g. GURU-5070) is currently authorized — the `ssh -i ~/.ssh/id_ed25519 Administrator@172.16.3.36` workflow below works only from a host whose pubkey is in the file; add GURU-5070's pubkey to `administrators_authorized_keys` if you need direct workstation SSH. diff --git a/wiki/systems/pluto.md b/wiki/systems/pluto.md index aecf3f3..87aa163 100644 --- a/wiki/systems/pluto.md +++ b/wiki/systems/pluto.md @@ -19,8 +19,9 @@ backlinks: ## Identity - **Hostname:** Pluto / Claude-Builder - **IP:** 172.16.3.36 -- **Role:** Windows MSI and cargo build server for GuruRMM — the only machine in the fleet that produces Windows agent binaries and WiX MSI installers -- **Location:** virsh VM on Jupiter (172.16.3.20), domain name "Claude-Builder" +- **Role:** Windows MSVC build server — produces GuruRMM Windows agent binaries + WiX MSI, and (2026-05-29) the **GuruConnect** Windows agent. Hosts a Gitea Actions runner for guru-connect's native MSVC builds. +- **RMM agent identity:** enrolled in GuruRMM as hostname **PLUTO** (client "AZ Computer Guru"). Drive it via `/rmm` (resolve PLUTO → agent id at runtime) when a workstation SSH key isn't authorized. There is **no dedicated `pluto` vault entry** — don't search for one. +- **Location:** VM on Jupiter (172.16.3.20), Unraid/virsh **VM name "Claude-Builder"** (= PLUTO = 172.16.3.36, same machine) - **OS:** Windows Server 2019 Standard - **SSH user:** Administrator @@ -42,6 +43,7 @@ Pluto is not a general-purpose server. It has no web services, no Claude Code, n - **Known-hosts file:** `/opt/gururmm/pluto_known_hosts` — three pinned keys (RSA, ECDSA, ED25519) for 172.16.3.36. **Never use `StrictHostKeyChecking=no`** — a MITM would inject malicious binaries into MSI artifacts. - **To update pinned keys** (e.g. after OS reinstall): `ssh-keyscan 172.16.3.36 > /opt/gururmm/pluto_known_hosts` - **SSH from DESKTOP-0O8A1RL:** Uses a different network path than from gururmm-build — one failing does not imply the other fails. +- **From a workstation with no authorized key (e.g. GURU-5070):** SSH will be refused (`Permission denied (publickey)`). Use the **GuruRMM agent** instead — `/rmm` → run PowerShell on PLUTO — to inspect or configure the box, or to add a workstation pubkey to `administrators_authorized_keys`. ## Build Tools