diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 35066b47..17b5dadc 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -121,6 +121,7 @@ - [CyndyOffice physical HP lockups](cyndyoffice-physical-hp-lockups.md) — RMM "Howard-VM" site agent CyndyOffice is a PHYSICAL HP Pavilion TP01 (not a VM); ~20 hard freezes/6wk = Kernel-Power 41 bugcheck-0, no dump/WHEA = hardware (RAM/PSU/BIOS), SSD healthy. UUID re-enrolls. - [Automate memory consolidation/lint (phased)](project_memory_consolidation_automation.md) — Eventually auto-run /memory-dream; lint+additive fixes can automate early, merges/deletes stay human-approved. Engine: .claude/skills/memory-dream/ + .claude/scripts/sync-memory.sh. - [Trebesch PST consolidation (staged)](project_trebesch_pst_consolidation.md) — Address-book CSV from 24 PSTs on DESKTOP-QNP3ON5; scripts staged at .claude/tmp/treb-*.ps1, WAITING for Howard's 6pm-MST 2026-06-01 go signal (attended run). See [[reference_trebesch_qnp3on5]]. +- [GuruRMM security scope — integrate AV, don't replace it](project_gururmm_security_scope.md) — No native virus/malware removal in the RMM; AV products do that. RMM monitors AV reports + sends commands to AV products, and its built-in value is helping techs FIND issues. Program removal is a separate feature. - [GuruRMM project state](project_gururmm.md) — Dev principles (every feature full-stack: backend+API+UI+docs+scalability; product works without AI; FEATURE_ROADMAP update is part of definition-of-done; mirrors guru-rmm/docs/DESIGN.md). Webhook docs-only build guard (SPEC-020 Phase 0; webhook-handler.py repo copy is STALE — don't redeploy). Mac install-hooks.sh setup STILL PENDING on Mikes-MacBook-Air. - [GuruConnect](project_guruconnect.md) — v2 direction (native-first full key fidelity Win+R/Ctrl+Alt+Del + bidirectional file cut/paste/drag; WebRTC fallback only; standalone-first + RMM contract; tenancy-ready schema; Mike willing to scrap v1). Manual deploy procedure to 172.16.3.30 (build-on-server in login shell; sqlx runtime queries; NPM `CONNECT_TRUSTED_PROXIES=172.16.3.20` gotcha). v2 live since 2026-05-30. - [Apple MDM + Developer certs (GuruRMM mobile)](project_apple_mdm_certs.md) — ACG holds Apple Developer+signing and Apple MDM Push certs (acquired 2026-05-29) for SPEC-017. MDM push cert RENEWS ANNUALLY on the same Apple ID or all enrolled iOS devices break. diff --git a/.claude/memory/project_gururmm_security_scope.md b/.claude/memory/project_gururmm_security_scope.md new file mode 100644 index 00000000..97c13e03 --- /dev/null +++ b/.claude/memory/project_gururmm_security_scope.md @@ -0,0 +1,16 @@ +--- +name: GuruRMM security scope — integrate AV, don't replace it +description: GuruRMM product scope on security/AV — the RMM does NOT build native virus/malware removal; it integrates AV products (monitor their reports + send commands to them) and its own built-in value is helping techs FIND issues. Program/software removal is a separate, distinct feature. +type: project +--- + +Product-direction decision (Mike, 2026-06-22). When weighing security/diagnostic features for GuruRMM: + +- **No native AV / virus / malware removal in the RMM.** Dedicated AV products (Bitdefender GravityZone, Datto EDR/AV — see [[reference_acg_msp_stack]]) do that work. Don't pitch building a RogueKiller-style scanner/quarantine engine into the agent. +- **The RMM's AV role is integration:** monitor/surface the AV products' reports + status, and send commands/actions to those AV products *through* the RMM. Manage AV, don't be AV. +- **The RMM's own built-in value is helping techs FIND issues** — diagnostics, health surfacing, "what's wrong with this box" tooling — not performing endpoint security remediation itself. +- **Program/software removal is a DISTINCT feature** (the ARP-registry silent-uninstall engine, SPEC-030 `remote-software-uninstall`), unrelated to AV. It was being worked in a separate session as of this date. + +**Why:** avoids reinventing mature AV engines, keeps the RMM RMM-first (mission.md non-goals), and plays to the self-hosted-management strength rather than competing with security vendors. + +**How to apply:** for security-flavored feature ideas, frame as "monitor + command the existing AV/security product" or "help the tech locate the problem," not "build the security capability natively." Related: [[project_gururmm]], [[feedback_no_manufactured_guardrails]]. diff --git a/.disp.json b/.disp.json new file mode 100644 index 00000000..cc3d3f2d --- /dev/null +++ b/.disp.json @@ -0,0 +1 @@ +{"command_type":"powershell","command":"Write-Output HELLO_FROM_TEST","timeout_seconds":30} diff --git a/errorlog.md b/errorlog.md index 27a8ecdf..38dae653 100644 --- a/errorlog.md +++ b/errorlog.md @@ -17,6 +17,10 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure · +2026-06-22 | Howard-Home | save/wiki-compile | [friction] /save Phase 3 emits 'project:guru-rmm' (from submodule dir name) but canonical wiki article is 'gururmm'; guru-rmm.md is a tombstone redirect. Map guru-rmm -> gururmm in the slug derivation. [ctx: ref=wiki-slug-tombstone proj=guru-rmm] + +2026-06-22 | Howard-Home | gururmm/product-direction | [correction] assumed RMM should build native virus/malware removal; correct is: AV products do removal, RMM only monitors AV reports + sends commands to AV products, and RMM's own built-in value is helping techs find issues + 2026-06-22 | GURU-5070 | packetdial/vendor-model | [correction] conflated PacketDial/NetSapiens/OIT; correct: PacketDial = ACG's VoIP-dept brand, NetSapiens = the PBX platform, OIT/OITVOIP = white-label wholesaler running NetSapiens (api.ucaasnetwork.com) 2026-06-22 | GURU-5070 | packetdial | HTTP 400 DELETE https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/number-filters: {"code":400,"message":"The default answering rule cannot be deleted."} [ctx: cmd=unblock-numbers] diff --git a/session-logs/2026-06/2026-06-21-howard-gururmm-features-audit-submodule-fix.md b/session-logs/2026-06/2026-06-21-howard-gururmm-features-audit-submodule-fix.md index 59240ab8..41a4a018 100644 --- a/session-logs/2026-06/2026-06-21-howard-gururmm-features-audit-submodule-fix.md +++ b/session-logs/2026-06/2026-06-21-howard-gururmm-features-audit-submodule-fix.md @@ -198,3 +198,62 @@ fleet build+deploy, left to Howard/Mike. - Branch tips: fix `4eb5054`, docs `487431f`. PRs: #45 (code), #46 (docs). - Verified live: 270 agents/178 online; REST `watchdog-alert` path sound; `watchdog_events`=0 = dead WS path (no producer). + +--- + +## Update: 10:35 PT (2026-06-22) — Tracker reconciliation + GuruRMM wiki full recompile + +### Session Summary +Closed out the session by making the living docs and wiki truthful for everything that landed. +First reconciled the trackers against `main`: flipped BUG-018 from "Investigated/Open" to **Fixed** +(`cea87d4` — DELETE returns 202 + background purge) and marked the **Event Log Watch management UI** +`[x]` complete in `UI_GAPS.md` (`0fa65f5`), bumping its Last-Updated. These went on the existing docs +branch (PR #46) so they stay file-disjoint from the BUG-022 code PR (#45). + +Then ran the recommended wiki update (decoupled from `/save`, so the prior save didn't do it): +`/wiki-compile project:guru-rmm --full`. The `guru-rmm` article turned out to be a **tombstone +redirect** — the canonical article is `gururmm` (no hyphen). Switched target and did a full recompile +of `wiki/projects/gururmm.md` (651 -> 775 lines) by delegating gather+synthesis to a Sonnet agent: it +read live artifacts from `origin/main` (migrations, routes, roadmap, BUILD.md, recent commits) + the +delta session logs (2026-06-12 -> 22) + the existing article, and produced an updated article folding +in BUG-018/020/021/022, Event Log Watch UI, SPEC-021, MSP360 deep-link, enrollment-modal UX, the +two-wave (stable + legacy-1.77) Windows build, the BUG-021 dep-pin gotcha, and the watchdog section +corrected to REST-`watchdog-alert`-only per BUG-022. Reviewed the staged diff, caught + removed a +stale carryover (the article still listed the watchdog-alerts UI resolve/delete routes as "missing" — +they exist + the UI is complete), applied it, refreshed the `wiki/index.md` GuruRMM row (v0.6.67, +~270 enrolled) + header date, committed to main (`b977f5e`), and released the per-article coord lock. + +### Key Decisions +- Tracker edits for BUG-018 + Event Log Watch UI went on the docs branch (PR #46), not a new branch — + same file (`FEATURE_ROADMAP.md`/`UI_GAPS.md`), keeps it bundled with the other verification-pass doc + updates and disjoint from the code PR. +- Wiki recompile delegated to a Sonnet agent (per the skill + the high-volume multi-source read) — it + wrote to `.claude/wiki_staging/` and I reviewed/applied, keeping the 97 KB synthesis out of main ctx. +- Compiled the canonical slug `gururmm`, NOT `guru-rmm` (the tombstone redirect caught the hyphen trap). + +### Problems Encountered +- **`/save` recommends the wrong wiki slug for GuruRMM:** Phase 3 derives `project:guru-rmm` from the + submodule directory name, but the canonical wiki article is `gururmm` (the `guru-rmm.md` is a + tombstone redirect). Caught immediately by reading the stub. Logged as a friction so the `/save` + slug derivation can map `guru-rmm -> gururmm`. +- **Stale carryover in the recompiled article:** the Sonnet draft kept an old "watchdog-alerts UI + routes missing on server" gap that is actually shipped/complete. Caught it in the Phase-5.2 staged + review and removed it before applying — full recompiles inherit stale claims, so the diff review is + load-bearing. + +### Configuration Changes (this update) +- guru-rmm `docs/bug-021-windows-build` (`855b46b`): `FEATURE_ROADMAP.md` BUG-018 -> Fixed; + `UI_GAPS.md` Event Log Watch UI `[ ]` -> `[x]` + Last-Updated bump. +- ClaudeTools main (`b977f5e`): `wiki/projects/gururmm.md` full recompile (651 -> 775 lines); + `wiki/index.md` GuruRMM row + header refreshed. +- `errorlog.md`: one `--friction` entry (`/save` wiki-slug derivation `guru-rmm` vs canonical `gururmm`). + +### Pending / Incomplete (session close) +- **PR #45** (BUG-022 code) + **PR #46** (BUG-018/021/022 + Event Log Watch roadmap/UI_GAPS + RMM + thought) await Howard/Mike merge. Merge #45 before #46; merging #45 = fleet build+deploy. +- Empty `watchdog_events` table retained — drop in a future consolidated cleanup migration. +- Granular watchdog visibility (REST `watchdog-event` producer) — RMM_THOUGHTS, Raw, needs Mike's go. + +### Reference (this update) +- Wiki: `wiki/projects/gururmm.md` (canonical; `guru-rmm.md` = tombstone redirect). Commit `b977f5e`. +- Docs branch tip: `855b46b`. Coord lock `9d9dc3ef` (claimed + released).