sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-19 18:02:34
Author: Mike Swanson Machine: DESKTOP-0O8A1RL Timestamp: 2026-05-19 18:02:34
This commit is contained in:
@@ -989,3 +989,93 @@ it automatically on first run. Claude updates it when switching modes.
|
||||
**Time Invested:** 20 minutes (investigation + implementation + testing + documentation)
|
||||
**Impact:** Fixes coordination hooks on all machines, prevents future first-clone issues
|
||||
**Breaking Change:** No — backwards compatible, only adds initialization logic
|
||||
|
||||
---
|
||||
|
||||
## Update: 18:15 PT — Policy gaps, watchdog removal, rmm-audit skill
|
||||
|
||||
## User
|
||||
- **User:** Mike Swanson (mike)
|
||||
- **Machine:** DESKTOP-0O8A1RL
|
||||
- **Role:** admin
|
||||
- **Session span:** ~2026-05-19 17:00–18:15 PT (resumed from earlier context, continued GuruRMM policy work)
|
||||
|
||||
---
|
||||
|
||||
## Session Summary
|
||||
|
||||
This session resumed a GuruRMM policy gap analysis that was interrupted by context compaction. The prior session had confirmed that `user_inventory.interval_hours` was hardcoded to 24h in `policy_to_agent_config()` and not present in `PolicyData`, the DB schema, or the dashboard UI.
|
||||
|
||||
Completed the gap analysis by reading the full policy stack: `db/policies.rs`, `policy/config_update.rs`, `policy/merge.rs`, migrations 024 and 027, and the full `Policies.tsx` dashboard page. This surfaced three gaps: (1) `user_inventory.interval_hours` fully absent from the policy system; (2) `updates.maintenance_window` stored in DB/UI but never sent to agents; (3) `watchdog.services[].action` stored but agent ignores it and hardcodes restart. The user confirmed watchdog should be removed from the policy system entirely — it is a core hardcoded agent feature — and directed wiring the user_inventory interval instead.
|
||||
|
||||
The policy watchdog removal and user_inventory wiring was delegated to the Coding Agent, which changed six files: `server/src/db/policies.rs`, `server/src/policy/config_update.rs`, `server/src/policy/merge.rs`, `server/migrations/040_policy_user_inventory.sql`, `dashboard/src/api/client.ts`, and `dashboard/src/pages/Policies.tsx`. The agent also caught `merge.rs` which the coordinator had missed when scoping the task. After the agent completed, `policy/effective.rs` still had a test asserting `defaults.watchdog.expect(...)` — caught by post-agent grep and fixed manually. Changes committed as `e5ac537` and pushed.
|
||||
|
||||
The session then designed and wrote the `/rmm-audit` skill — a multi-pass periodic verification tool. The skill orchestrates four parallel audit agents (API coverage, Rust quality, TypeScript quality, data integrity/security), aggregates findings with severity levels, writes a timestamped report to `projects/msp-tools/guru-rmm/reports/`, and keeps `UI_GAPS.md` current. Skill committed to `.claude/skills/rmm-audit/SKILL.md` and registered in CLAUDE.md.
|
||||
|
||||
---
|
||||
|
||||
## Key Decisions
|
||||
|
||||
- **Watchdog fully removed from PolicyData, not just hidden in UI.** Agent binary's watchdog runs with hardcoded defaults; no policy push needed. The server's watchdog alert/event infrastructure (`db/watchdog_alerts.rs`, `api/watchdog_alerts.rs`) was untouched — that handles the watchdog service itself, not its policy config.
|
||||
- **Migration 040 strips watchdog from existing JSONB in-place.** `UPDATE policies SET policy_data = policy_data - 'watchdog'` cleans up existing rows. Serde would have ignored the field anyway, but cleaner data.
|
||||
- **`user_inventory` defaults to 24h if not set in policy.** `policy_to_agent_config()` uses `u.interval_hours.unwrap_or(24)`. Completely absent `user_inventory` in PolicyData sends `None` to agent, which falls back to its own default.
|
||||
- **`updates.maintenance_window` gap left open.** Stored in DB/UI but agent-side enforcement does not exist. No fix attempted — would require agent changes.
|
||||
- **rmm-audit skill uses parallel agents.** Four passes are independent and run simultaneously, halving wall-clock audit time.
|
||||
- **rmm-audit derives truth from code, not docs.** Skill explicitly instructs agents to treat `.md` documentation as potentially stale. UI_GAPS.md already stale — Policies UI is fully built but marked "not started" since April 2026.
|
||||
|
||||
---
|
||||
|
||||
## Problems Encountered
|
||||
|
||||
- **`effective.rs` compile error after watchdog removal.** Coding Agent patched `merge.rs` but missed a test assertion in `policy/effective.rs` calling `defaults.watchdog.expect(...)`. Caught by post-agent grep, fixed manually with two-line edit.
|
||||
- **Policies.tsx exceeds single-read token limit (~1600 lines).** Used offset+limit reads and targeted grep to extract watchdog renderer section and nav items without full file reads.
|
||||
|
||||
---
|
||||
|
||||
## Configuration Changes
|
||||
|
||||
**New files:**
|
||||
- `.claude/skills/rmm-audit/SKILL.md`
|
||||
- `projects/msp-tools/guru-rmm/reports/README.md`
|
||||
- `projects/msp-tools/guru-rmm/server/migrations/040_policy_user_inventory.sql`
|
||||
|
||||
**Modified files:**
|
||||
- `server/src/db/policies.rs` — removed WatchdogConfig/ServiceWatch/ProcessWatch, added UserInventoryConfig
|
||||
- `server/src/policy/config_update.rs` — removed AgentWatchdogConfig, wired user_inventory from policy
|
||||
- `server/src/policy/merge.rs` — removed watchdog merge functions, added merge_user_inventory
|
||||
- `server/src/policy/effective.rs` — updated test assertion from watchdog to user_inventory
|
||||
- `dashboard/src/api/client.ts` — removed watchdog from PolicyData, added user_inventory
|
||||
- `dashboard/src/pages/Policies.tsx` — removed Watchdog tab, added User Inventory tab
|
||||
- `.claude/CLAUDE.md` — added /rmm-audit to commands table
|
||||
|
||||
---
|
||||
|
||||
## Pending / Incomplete Tasks
|
||||
|
||||
- `updates.maintenance_window` not sent to agents — agent-side enforcement code does not exist
|
||||
- Temperature collection (BUG-001) — agent never sends cpu_temp_celsius / gpu_temp_celsius; quick fix in `agent/src/metrics/mod.rs`
|
||||
- Tunnel session management UI — backend complete, no UI (UI_GAPS.md P2)
|
||||
- Install reporting read endpoints + UI — GET /api/install-reports endpoints missing
|
||||
- Run `/rmm-audit` to surface current gap list and reconcile stale UI_GAPS.md
|
||||
- watchdog.services[].action — stored in PolicyData JSONB but wire format drops it; agent hardcodes restart
|
||||
|
||||
---
|
||||
|
||||
## Reference Information
|
||||
|
||||
**Commits this update:**
|
||||
- `gururmm e5ac537` — feat: wire user_inventory.interval_hours into policy system
|
||||
- `gururmm 182d61e` — feat: add reports/ directory placeholder
|
||||
- `claudetools 3c4ae42` — feat: add /rmm-audit skill for periodic GuruRMM end-to-end verification
|
||||
- `claudetools b918776` — chore: update guru-rmm submodule to e5ac537
|
||||
|
||||
**Key files — policy system:**
|
||||
- `server/src/db/policies.rs` — PolicyData struct
|
||||
- `server/src/policy/merge.rs` — merge_policy_data() + system_defaults()
|
||||
- `server/src/policy/config_update.rs` — AgentConfigUpdate + policy_to_agent_config()
|
||||
- `server/migrations/040_policy_user_inventory.sql` — latest migration
|
||||
|
||||
**rmm-audit skill:**
|
||||
- `.claude/skills/rmm-audit/SKILL.md`
|
||||
- Reports: `projects/msp-tools/guru-rmm/reports/YYYY-MM-DD-rmm-audit.md`
|
||||
- Invoke: `/rmm-audit` (explicit only)
|
||||
|
||||
Reference in New Issue
Block a user