sync: auto-sync from HOWARD-HOME at 2026-06-22 10:36:17

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-22 10:36:17

.claude/memory/MEMORY.md

@@ -121,6 +121,7 @@
 - [CyndyOffice physical HP lockups](cyndyoffice-physical-hp-lockups.md) — RMM "Howard-VM" site agent CyndyOffice is a PHYSICAL HP Pavilion TP01 (not a VM); ~20 hard freezes/6wk = Kernel-Power 41 bugcheck-0, no dump/WHEA = hardware (RAM/PSU/BIOS), SSD healthy. UUID re-enrolls.
 - [Automate memory consolidation/lint (phased)](project_memory_consolidation_automation.md) — Eventually auto-run /memory-dream; lint+additive fixes can automate early, merges/deletes stay human-approved. Engine: .claude/skills/memory-dream/ + .claude/scripts/sync-memory.sh.
 - [Trebesch PST consolidation (staged)](project_trebesch_pst_consolidation.md) — Address-book CSV from 24 PSTs on DESKTOP-QNP3ON5; scripts staged at .claude/tmp/treb-*.ps1, WAITING for Howard's 6pm-MST 2026-06-01 go signal (attended run). See [[reference_trebesch_qnp3on5]].
+- [GuruRMM security scope — integrate AV, don't replace it](project_gururmm_security_scope.md) — No native virus/malware removal in the RMM; AV products do that. RMM monitors AV reports + sends commands to AV products, and its built-in value is helping techs FIND issues. Program removal is a separate feature.
 - [GuruRMM project state](project_gururmm.md) — Dev principles (every feature full-stack: backend+API+UI+docs+scalability; product works without AI; FEATURE_ROADMAP update is part of definition-of-done; mirrors guru-rmm/docs/DESIGN.md). Webhook docs-only build guard (SPEC-020 Phase 0; webhook-handler.py repo copy is STALE — don't redeploy). Mac install-hooks.sh setup STILL PENDING on Mikes-MacBook-Air.
 - [GuruConnect](project_guruconnect.md) — v2 direction (native-first full key fidelity Win+R/Ctrl+Alt+Del + bidirectional file cut/paste/drag; WebRTC fallback only; standalone-first + RMM contract; tenancy-ready schema; Mike willing to scrap v1). Manual deploy procedure to 172.16.3.30 (build-on-server in login shell; sqlx runtime queries; NPM `CONNECT_TRUSTED_PROXIES=172.16.3.20` gotcha). v2 live since 2026-05-30.
 - [Apple MDM + Developer certs (GuruRMM mobile)](project_apple_mdm_certs.md) — ACG holds Apple Developer+signing and Apple MDM Push certs (acquired 2026-05-29) for SPEC-017. MDM push cert RENEWS ANNUALLY on the same Apple ID or all enrolled iOS devices break.

.claude/memory/project_gururmm_security_scope.md

@@ -0,0 +1,16 @@
+---
+name: GuruRMM security scope — integrate AV, don't replace it
+description: GuruRMM product scope on security/AV — the RMM does NOT build native virus/malware removal; it integrates AV products (monitor their reports + send commands to them) and its own built-in value is helping techs FIND issues. Program/software removal is a separate, distinct feature.
+type: project
+---
+
+Product-direction decision (Mike, 2026-06-22). When weighing security/diagnostic features for GuruRMM:
+
+- **No native AV / virus / malware removal in the RMM.** Dedicated AV products (Bitdefender GravityZone, Datto EDR/AV — see [[reference_acg_msp_stack]]) do that work. Don't pitch building a RogueKiller-style scanner/quarantine engine into the agent.
+- **The RMM's AV role is integration:** monitor/surface the AV products' reports + status, and send commands/actions to those AV products *through* the RMM. Manage AV, don't be AV.
+- **The RMM's own built-in value is helping techs FIND issues** — diagnostics, health surfacing, "what's wrong with this box" tooling — not performing endpoint security remediation itself.
+- **Program/software removal is a DISTINCT feature** (the ARP-registry silent-uninstall engine, SPEC-030 `remote-software-uninstall`), unrelated to AV. It was being worked in a separate session as of this date.
+
+**Why:** avoids reinventing mature AV engines, keeps the RMM RMM-first (mission.md non-goals), and plays to the self-hosted-management strength rather than competing with security vendors.
+
+**How to apply:** for security-flavored feature ideas, frame as "monitor + command the existing AV/security product" or "help the tech locate the problem," not "build the security capability natively." Related: [[project_gururmm]], [[feedback_no_manufactured_guardrails]].

.disp.json

@@ -0,0 +1 @@
+{"command_type":"powershell","command":"Write-Output HELLO_FROM_TEST","timeout_seconds":30}

errorlog.md

@@ -17,6 +17,10 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
 
 <!-- Append entries below this line -->
 
+2026-06-22 | Howard-Home | save/wiki-compile | [friction] /save Phase 3 emits 'project:guru-rmm' (from submodule dir name) but canonical wiki article is 'gururmm'; guru-rmm.md is a tombstone redirect. Map guru-rmm -> gururmm in the slug derivation. [ctx: ref=wiki-slug-tombstone proj=guru-rmm]
+
+2026-06-22 | Howard-Home | gururmm/product-direction | [correction] assumed RMM should build native virus/malware removal; correct is: AV products do removal, RMM only monitors AV reports + sends commands to AV products, and RMM's own built-in value is helping techs find issues
+
 2026-06-22 | GURU-5070 | packetdial/vendor-model | [correction] conflated PacketDial/NetSapiens/OIT; correct: PacketDial = ACG's VoIP-dept brand, NetSapiens = the PBX platform, OIT/OITVOIP = white-label wholesaler running NetSapiens (api.ucaasnetwork.com)
 
 2026-06-22 | GURU-5070 | packetdial | HTTP 400 DELETE https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/number-filters: {"code":400,"message":"The default answering rule cannot be deleted."} [ctx: cmd=unblock-numbers]

session-logs/2026-06/2026-06-21-howard-gururmm-features-audit-submodule-fix.md

@@ -198,3 +198,62 @@ fleet build+deploy, left to Howard/Mike.
 - Branch tips: fix `4eb5054`, docs `487431f`. PRs: #45 (code), #46 (docs).
 - Verified live: 270 agents/178 online; REST `watchdog-alert` path sound; `watchdog_events`=0 = dead
   WS path (no producer).
+
+---
+
+## Update: 10:35 PT (2026-06-22) — Tracker reconciliation + GuruRMM wiki full recompile
+
+### Session Summary
+Closed out the session by making the living docs and wiki truthful for everything that landed.
+First reconciled the trackers against `main`: flipped BUG-018 from "Investigated/Open" to **Fixed**
+(`cea87d4` — DELETE returns 202 + background purge) and marked the **Event Log Watch management UI**
+`[x]` complete in `UI_GAPS.md` (`0fa65f5`), bumping its Last-Updated. These went on the existing docs
+branch (PR #46) so they stay file-disjoint from the BUG-022 code PR (#45).
+
+Then ran the recommended wiki update (decoupled from `/save`, so the prior save didn't do it):
+`/wiki-compile project:guru-rmm --full`. The `guru-rmm` article turned out to be a **tombstone
+redirect** — the canonical article is `gururmm` (no hyphen). Switched target and did a full recompile
+of `wiki/projects/gururmm.md` (651 -> 775 lines) by delegating gather+synthesis to a Sonnet agent: it
+read live artifacts from `origin/main` (migrations, routes, roadmap, BUILD.md, recent commits) + the
+delta session logs (2026-06-12 -> 22) + the existing article, and produced an updated article folding
+in BUG-018/020/021/022, Event Log Watch UI, SPEC-021, MSP360 deep-link, enrollment-modal UX, the
+two-wave (stable + legacy-1.77) Windows build, the BUG-021 dep-pin gotcha, and the watchdog section
+corrected to REST-`watchdog-alert`-only per BUG-022. Reviewed the staged diff, caught + removed a
+stale carryover (the article still listed the watchdog-alerts UI resolve/delete routes as "missing" —
+they exist + the UI is complete), applied it, refreshed the `wiki/index.md` GuruRMM row (v0.6.67,
+~270 enrolled) + header date, committed to main (`b977f5e`), and released the per-article coord lock.
+
+### Key Decisions
+- Tracker edits for BUG-018 + Event Log Watch UI went on the docs branch (PR #46), not a new branch —
+  same file (`FEATURE_ROADMAP.md`/`UI_GAPS.md`), keeps it bundled with the other verification-pass doc
+  updates and disjoint from the code PR.
+- Wiki recompile delegated to a Sonnet agent (per the skill + the high-volume multi-source read) — it
+  wrote to `.claude/wiki_staging/` and I reviewed/applied, keeping the 97 KB synthesis out of main ctx.
+- Compiled the canonical slug `gururmm`, NOT `guru-rmm` (the tombstone redirect caught the hyphen trap).
+
+### Problems Encountered
+- **`/save` recommends the wrong wiki slug for GuruRMM:** Phase 3 derives `project:guru-rmm` from the
+  submodule directory name, but the canonical wiki article is `gururmm` (the `guru-rmm.md` is a
+  tombstone redirect). Caught immediately by reading the stub. Logged as a friction so the `/save`
+  slug derivation can map `guru-rmm -> gururmm`.
+- **Stale carryover in the recompiled article:** the Sonnet draft kept an old "watchdog-alerts UI
+  routes missing on server" gap that is actually shipped/complete. Caught it in the Phase-5.2 staged
+  review and removed it before applying — full recompiles inherit stale claims, so the diff review is
+  load-bearing.
+
+### Configuration Changes (this update)
+- guru-rmm `docs/bug-021-windows-build` (`855b46b`): `FEATURE_ROADMAP.md` BUG-018 -> Fixed;
+  `UI_GAPS.md` Event Log Watch UI `[ ]` -> `[x]` + Last-Updated bump.
+- ClaudeTools main (`b977f5e`): `wiki/projects/gururmm.md` full recompile (651 -> 775 lines);
+  `wiki/index.md` GuruRMM row + header refreshed.
+- `errorlog.md`: one `--friction` entry (`/save` wiki-slug derivation `guru-rmm` vs canonical `gururmm`).
+
+### Pending / Incomplete (session close)
+- **PR #45** (BUG-022 code) + **PR #46** (BUG-018/021/022 + Event Log Watch roadmap/UI_GAPS + RMM
+  thought) await Howard/Mike merge. Merge #45 before #46; merging #45 = fleet build+deploy.
+- Empty `watchdog_events` table retained — drop in a future consolidated cleanup migration.
+- Granular watchdog visibility (REST `watchdog-event` producer) — RMM_THOUGHTS, Raw, needs Mike's go.
+
+### Reference (this update)
+- Wiki: `wiki/projects/gururmm.md` (canonical; `guru-rmm.md` = tombstone redirect). Commit `b977f5e`.
+- Docs branch tip: `855b46b`. Coord lock `9d9dc3ef` (claimed + released).