docs: record Claude-Builder=PLUTO mapping + infra working-feedback memories

- Pluto memory/wiki/machine notes: Unraid VM "Claude-Builder" == hostname PLUTO ==
  172.16.3.36 (same box); RMM-agent access path when SSH key unauthorized; now also
  builds the GuruConnect Windows agent + hosts a Gitea Actions runner.
- New feedback memories: post #bot-alerts only for client/ticket-affecting RMM commands;
  proceed autonomously through routine infra/build prerequisites.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.claude/machines/pluto.md

@@ -13,6 +13,12 @@ general-purpose workstation — it has no Claude Code, no vault, no coord API ac
 Its sole function is to run `cargo build` for Windows targets when `build-windows.sh`
 SSHes in.
 
+It also runs a **GuruRMM agent** (enrolled as hostname **PLUTO**, client "AZ Computer Guru"),
+so it can be driven via `/rmm` (run PowerShell) when a workstation's SSH key isn't authorized —
+e.g. to inspect the box or add a pubkey. As of 2026-05-29 it also builds the **GuruConnect**
+Windows agent and hosts a Gitea Actions runner for guru-connect's native MSVC builds. There is
+no dedicated `pluto` vault entry — the box is the Unraid VM named "Claude-Builder".
+
 ---
 
 ## Hardware & Location

.claude/memory/MEMORY.md

@@ -17,7 +17,7 @@
 - [GuruRMM Server Layout](reference_gururmm_server.md) - SSH as `guru`, repo at /home/guru/gururmm, deploy to /var/www/gururmm/dashboard/
 - [GuruRMM API — run script on agent](reference_gururmm_api.md) — POST /api/agents/:id/command (command_type=powershell); poll /api/commands/:id for output. Beats ScreenConnect copy-paste.
 - [GuruRMM user_session command context](reference_gururmm_user_session_context.md) — command API `context=user_session` runs as the logged-on user (WTS); does interactive-only cmds that fail as SYSTEM. Needs an active (admin) user.
-- [Pluto Build Server](reference_pluto_build_server.md) — Windows build VM, 172.16.3.36, SSH Administrator, MSVC + WiX. Use for any EXE/MSI build.
+- [Pluto Build Server](reference_pluto_build_server.md) — Windows build VM: hostname PLUTO = Unraid VM "Claude-Builder" = 172.16.3.36 (all the same box). MSVC + WiX. No `pluto` vault entry. Drive via /rmm (agent enrolls as PLUTO) when SSH key isn't authorized.
 - [Coord /messages API shape](reference_coord_messages_api_shape.md) — GET /api/coord/messages returns {total,skip,limit,messages[]} NOT a bare array; parse .messages[], strip control chars, read flag may be null.
 
 ## Users
@@ -61,6 +61,8 @@
 - [Howard: defer backend/server follow-up to Mike](feedback_howard_delegation.md) — Howard doesn't want to touch server/agent code unless Mike asks
 - [Syncro is the default PSA; Autotask is opt-in](feedback_psa_default_syncro.md) — Ticketing/billing/customers default to Syncro (/syncro). Only use /autotask on an explicit "in Autotask" request. /autotask kept local/undistributed.
 - [Command Formatting](feedback_command_formatting.md) — Always multi-line scripts, never one-liners; one-liners wrap in chat and break on copy-paste
+- [No bot-alerts for internal RMM dev/infra](feedback_no_botalerts_internal_rmm.md) — Post #bot-alerts ONLY when an RMM command directly affects a client endpoint or ticket; skip for internal build/CI/dev/recon.
+- [Autonomous infra/build setup](feedback_autonomous_infra_setup.md) — During infra/build/CI/dev setup, just install prerequisites and push through routine steps; reserve check-ins for genuine decisions (forks, destructive/outward, client/prod).
 
 ## Machine
 - [GURU-5070 Workstation Setup](reference_workstation_setup.md) - Mike's primary (owner confirmed 2026-05-26). Windows 11 Pro. Renamed from OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070; all the same box, all Mike's.

.claude/memory/feedback_autonomous_infra_setup.md

@@ -0,0 +1,17 @@
+---
+name: feedback_autonomous_infra_setup
+description: During build/CI/infra/dev-tooling setup, just install prerequisites and push through routine steps autonomously; don't pause to ask before each one
+metadata:
+  type: feedback
+---
+
+For infrastructure / build / CI / dev-tooling setup, Mike wants forward momentum. **Don't stop to
+ask before routine prerequisite steps** — e.g. installing Node.js on a build VM, adding tools to
+PATH, installing a toolchain, registering a runner. Just do them and report.
+
+**Reserve check-ins for genuine decisions:** architecture forks, destructive or
+outward-facing/irreversible actions, ambiguous requirements, or anything touching client/production
+state. Routine "X needs to be installed" is not a decision — install it.
+
+Stated 2026-05-29 during the PLUTO Gitea-Actions-runner setup (re: installing Node for host-mode JS
+actions). Related: [[reference_pluto_build_server]], [[feedback_no_botalerts_internal_rmm]].

.claude/memory/feedback_no_botalerts_internal_rmm.md

@@ -0,0 +1,21 @@
+---
+name: feedback_no_botalerts_internal_rmm
+description: Post #bot-alerts ONLY when an RMM command directly affects a client endpoint or a ticket; skip for internal infra/build/dev/recon (e.g. PLUTO build-runner setup)
+metadata:
+  type: feedback
+---
+
+The `/rmm` skill instructs "post a one-line #bot-alert after every dispatch." Mike does NOT want
+#bot-alerts for **internal infrastructure / dev-tooling** commands — e.g. installing a Gitea Actions
+runner on PLUTO, CI/build orchestration on build VMs, inventory/recon during setup.
+
+**The rule (Mike, 2026-05-29):** post a #bot-alert ONLY when the RMM command **directly affects a
+client endpoint or a ticket** (remediation, a client machine change, ticket-linked work). For
+everything else — internal infra, build/CI orchestration, dev-tooling, recon/inventory (e.g. the
+PLUTO build-runner setup) — SKIP the alert.
+
+**Why:** keeps #bot-alerts signal-high — it's a client/ticket activity feed, not a build log.
+
+**How to apply:** When dispatching via `/rmm` or the GuruRMM command API, ask "does this touch a
+client/ticket?" If no, do NOT call `post-bot-alert.sh`. Overrides the skill's blanket "alert after
+every dispatch" rule. Related: [[reference_pluto_build_server]].

.claude/memory/reference_pluto_build_server.md

@@ -1,12 +1,14 @@
 ---
 name: Pluto Build Server
-description: General-purpose Windows build VM on Jupiter — for any EXE needing native Windows compilation (utilities, Howard's tools, GuruRMM agent, etc.)
+description: General-purpose Windows build VM — hostname PLUTO / Unraid VM name "Claude-Builder" / 172.16.3.36. For any EXE needing native Windows MSVC compilation (utilities, Howard's tools, GuruRMM + GuruConnect agents). Drive via /rmm (agent enrolls as PLUTO) when SSH key isn't authorized.
 type: reference
 ---
 
 Pluto is a Windows Server VM on Jupiter. It is the **general-purpose Windows build machine** for any project needing a native Windows executable — not just GuruRMM.
 
 - **Hostname:** PLUTO (VM on Jupiter)
+- **Unraid VM name:** **Claude-Builder** — the VM is listed as "Claude-Builder" in Unraid; it is the SAME machine as PLUTO / 172.16.3.36. There is **no dedicated `pluto` vault entry** — don't go searching for one.
+- **Drive it remotely without SSH:** PLUTO runs a GuruRMM agent (client "AZ Computer Guru"). Use `/rmm` — resolve hostname **PLUTO** → agent id at runtime (IDs change on re-enroll; do not hardcode) — to run PowerShell on it. This is the path to use when a workstation's SSH key isn't authorized (e.g. GURU-5070, see below).
 - **Static IP:** 172.16.3.36 (confirmed static 2026-04-19)
 - **SSH:** `ssh -i ~/.ssh/id_ed25519 Administrator@172.16.3.36` (key auth)
 - **Authorized keys (verified via RMM 2026-05-26):** `gururmm-build@gururmm-server` and `guru@gururmm-build` (the build server's keys), present in both `C:\ProgramData\ssh\administrators_authorized_keys` and `Administrator\.ssh\authorized_keys`. The old `guru@DESKTOP-0O8A1RL` key (retired machine) has already been rotated out. NOTE: no personal-workstation key (e.g. GURU-5070) is currently authorized — the `ssh -i ~/.ssh/id_ed25519 Administrator@172.16.3.36` workflow below works only from a host whose pubkey is in the file; add GURU-5070's pubkey to `administrators_authorized_keys` if you need direct workstation SSH.

wiki/systems/pluto.md

@@ -19,8 +19,9 @@ backlinks:
 ## Identity
 - **Hostname:** Pluto / Claude-Builder
 - **IP:** 172.16.3.36
-- **Role:** Windows MSI and cargo build server for GuruRMM — the only machine in the fleet that produces Windows agent binaries and WiX MSI installers
+- **Role:** Windows MSVC build server — produces GuruRMM Windows agent binaries + WiX MSI, and (2026-05-29) the **GuruConnect** Windows agent. Hosts a Gitea Actions runner for guru-connect's native MSVC builds.
-- **Location:** virsh VM on Jupiter (172.16.3.20), domain name "Claude-Builder"
+- **RMM agent identity:** enrolled in GuruRMM as hostname **PLUTO** (client "AZ Computer Guru"). Drive it via `/rmm` (resolve PLUTO → agent id at runtime) when a workstation SSH key isn't authorized. There is **no dedicated `pluto` vault entry** — don't search for one.
+- **Location:** VM on Jupiter (172.16.3.20), Unraid/virsh **VM name "Claude-Builder"** (= PLUTO = 172.16.3.36, same machine)
 - **OS:** Windows Server 2019 Standard
 - **SSH user:** Administrator
 
@@ -42,6 +43,7 @@ Pluto is not a general-purpose server. It has no web services, no Claude Code, n
 - **Known-hosts file:** `/opt/gururmm/pluto_known_hosts` — three pinned keys (RSA, ECDSA, ED25519) for 172.16.3.36. **Never use `StrictHostKeyChecking=no`** — a MITM would inject malicious binaries into MSI artifacts.
 - **To update pinned keys** (e.g. after OS reinstall): `ssh-keyscan 172.16.3.36 > /opt/gururmm/pluto_known_hosts`
 - **SSH from DESKTOP-0O8A1RL:** Uses a different network path than from gururmm-build — one failing does not imply the other fails.
+- **From a workstation with no authorized key (e.g. GURU-5070):** SSH will be refused (`Permission denied (publickey)`). Use the **GuruRMM agent** instead — `/rmm` → run PowerShell on PLUTO — to inspect or configure the box, or to add a workstation pubkey to `administrators_authorized_keys`.
 
 ## Build Tools