fix(memory): drop 49 stale index entries pointing at deleted files
Commit4dc4563had added MEMORY.md entries for the 49 resurrected orphan files. My deletion commit 720bdd8 removed the files but missed the matching index lines (read MEMORY.md before the rebase pulled4dc4563in). Index now matches the actual on-disk file set. Self-check: 72 PASS / 0 WARN / 1 FAIL (autotask manifest issue remains, not fixable on this machine). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -21,14 +21,6 @@
|
|||||||
- [Gitea git-op latency](reference_gitea_git_op_latency.md) — SSH (.20:2222) is SLOWEST (~1.5s); internal HTTP+token ~0.55s; SOPS lookup only ~0.33s. Don't switch to SSH for speed. Gitea SSH is .20:2222 (API ssh_url .21 is wrong).
|
- [Gitea git-op latency](reference_gitea_git_op_latency.md) — SSH (.20:2222) is SLOWEST (~1.5s); internal HTTP+token ~0.55s; SOPS lookup only ~0.33s. Don't switch to SSH for speed. Gitea SSH is .20:2222 (API ssh_url .21 is wrong).
|
||||||
- [GuruRMM technical reference](reference_gururmm.md) — Server (172.16.3.30) layout + downloads dir `/var/www/gururmm/downloads` + `.channel` sidecar rollout control (stable/beta) + privileged server access via the server's OWN root RMM agent (hostname `gururmm`, no SSH needed; plink fallback) + API + `context=user_session` (WTS impersonation) + build-pipeline vendoring at `deploy/build-pipeline/` + Linux agent systemd sandbox trap.
|
- [GuruRMM technical reference](reference_gururmm.md) — Server (172.16.3.30) layout + downloads dir `/var/www/gururmm/downloads` + `.channel` sidecar rollout control (stable/beta) + privileged server access via the server's OWN root RMM agent (hostname `gururmm`, no SSH needed; plink fallback) + API + `context=user_session` (WTS impersonation) + build-pipeline vendoring at `deploy/build-pipeline/` + Linux agent systemd sandbox trap.
|
||||||
- [Trebesch DESKTOP-QNP3ON5 shell replacement](reference_trebesch_qnp3on5.md) — AT Trebesch box runs an Explorer shell replacement; explorer.exe owner check returns blank — use Win32_ComputerSystem.UserName. GuruRMM SWIFT-LION-2892.
|
- [Trebesch DESKTOP-QNP3ON5 shell replacement](reference_trebesch_qnp3on5.md) — AT Trebesch box runs an Explorer shell replacement; explorer.exe owner check returns blank — use Win32_ComputerSystem.UserName. GuruRMM SWIFT-LION-2892.
|
||||||
- [Dataforth Contact - AJ](reference_dataforth_contact.md) -- AJ at Dataforth - email forwarding setup needed for dataforthgit@ address
|
|
||||||
- [GuruRMM API — run PowerShell on any agent](reference_gururmm_api.md) -- API endpoints, auth flow, and curl recipe to execute a script on any GuruRMM agent and retrieve output. Use this instead of asking user to paste script into ScreenConnect.
|
|
||||||
- [reference_gururmm_pipeline_vendored](reference_gururmm_pipeline_vendored.md) -- GuruRMM build-pipeline scripts are now version-controlled at deploy/build-pipeline/ in the gururmm repo (2026-06-01); build-shared.sh auto-syncs them to /opt/gururmm each build, so edit-in-repo + push = live — EXCEPT build-shared.sh + webhook-handler.py, which need a manual cp.
|
|
||||||
- [GuruRMM Server Layout](reference_gururmm_server.md) -- SSH user, home directory, and deploy paths on 172.16.3.30
|
|
||||||
- [gururmm-user-session-context](reference_gururmm_user_session_context.md) -- GuruRMM commands accept context=user_session (migration 041) to run as the active logged-on user via WTS impersonation — executes previously-interactive-only commands that fail as SYSTEM with "NonInteractive mode
|
|
||||||
- [IX Server Access via Tailscale](reference_ix_access_tailscale.md) -- IX server (ix.azcomputerguru.com) is accessible with Tailscale on, no VPN needed
|
|
||||||
- [IX Server SSH Access](reference_ix_server_ssh.md) -- SSH access notes for IX server - key auth not set up on GURU-5070 (was CachyOS), must use sshpass with password
|
|
||||||
- [reference_rmm_agent_runs_in_systemd_sandbox](reference_rmm_agent_runs_in_systemd_sandbox.md) -- Commands dispatched via the GuruRMM agent execute INSIDE the agent's systemd sandbox (ProtectSystem=strict) — fs/mount observations reflect the agent's private namespace, NOT the host. For host truth, SSH directly or read /proc/<host-pid>/mountinfo.
|
|
||||||
|
|
||||||
## Users
|
## Users
|
||||||
- [Howard Enos](user_howard.md) — Mike's brother, technician, full access. Machines: ACG-TECH03L, Howard-Home (authoritative in users.json).
|
- [Howard Enos](user_howard.md) — Mike's brother, technician, full access. Machines: ACG-TECH03L, Howard-Home (authoritative in users.json).
|
||||||
@@ -76,34 +68,6 @@
|
|||||||
|
|
||||||
### Cascades
|
### Cascades
|
||||||
- [Cascades operational rules](feedback_cascades.md) — Two active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU.
|
- [Cascades operational rules](feedback_cascades.md) — Two active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU.
|
||||||
- [feedback-rmm-unc-path-encoding](feedback-rmm-unc-path-encoding.md) -- RMM PowerShell UNC paths via user_session context lose one backslash when using string literals — must build with [char]92
|
|
||||||
- [feedback_cascades_folder_redirect](feedback_cascades_folder_redirect.md) -- Cascades folder redirection — fdeploy failure/retry behavior, correct new-user procedure, recovery script location
|
|
||||||
- [cascades-user-security-group](feedback_cascades_user_security_group.md) -- When creating or adding any Cascades user, always ask which security group(s) the account goes into — deliberate decision, never auto-derived from OU
|
|
||||||
- [feedback_gururmm_agent_parity](feedback_gururmm_agent_parity.md) -- Add feature X to the agent" means all three platforms (Windows + Linux + macOS) in the same change — no exceptions
|
|
||||||
- [feedback-gururmm-builds](feedback_gururmm_builds.md) -- GuruRMM builds must go through the Gitea webhook pipeline, never run manually via SSH
|
|
||||||
- [feedback-howard-delegation](feedback_howard_delegation.md) -- Howard prefers to leave backend/server-side follow-up and risky implementation work to Mike unless explicitly asked — don't assign those items to Howard or prompt him to do them.
|
|
||||||
- [feedback_no_botalerts_internal_rmm](feedback_no_botalerts_internal_rmm.md) -- Post #bot-alerts ONLY when an RMM command directly affects a client endpoint or a ticket; skip for internal infra/build/dev/recon (e.g. PLUTO build-runner setup)
|
|
||||||
- [feedback_no_indented_code_blocks](feedback_no_indented_code_blocks.md) -- Never indent code inside code blocks — Howard copy-pastes directly and leading spaces break PowerShell commands
|
|
||||||
- [GuruRMM development is Mike's, not Howard's](feedback_rmm_dev_is_mike.md) -- GuruRMM code/bugs/dev are Mike's domain — never route RMM dev or bug coord notes to Howard. Howard only SUBMITS RMM feature requests; GuruScan is Howard's project, not RMM
|
|
||||||
- [feedback_rmm_identify_by_ip](feedback_rmm_identify_by_ip.md) -- When the offending/target machine is known by external IP, identify the RMM agent by matching the IP — don't recon every candidate.
|
|
||||||
- [Syncro — verify appointment date day-of-week](feedback_syncro_appointment_date_check.md) -- Before creating any Syncro appointment, verify the computed date falls on the intended weekday (py datetime) and show the day name in the preview. Wrong-day incident #32312 2026-05-21.
|
|
||||||
- [Syncro — confirm appointment owner explicitly when creating tickets with appointments](feedback_syncro_appointment_owner.md) -- When creating Syncro tickets that include an appointment, always ask "who is the appointment owner?" before posting. Don't auto-default to the ticket's assigned tech, and distinguish owner from additional attendees.
|
|
||||||
- [Syncro — leave contact blank by default on tickets and billing](feedback_syncro_blank_contact.md) -- When creating Syncro tickets or billing them out, leave the contact field blank ("Not Assigned") in most cases. Blank contact lets Syncro use the company-level defaults for notifications and email routing. Setting a specific contact can route to a secondary email and bypass the customer's intended distribution.
|
|
||||||
- [Syncro — Cascades contact incident detail (Meredith Kuhn)](feedback_syncro_cascades_contact.md) -- Incident context for why the blank-contact rule matters at Cascades — Meredith Kuhn is the recurring wrong default that Syncro pre-selects. See feedback_syncro_blank_contact.md for the global rule.
|
|
||||||
- [Syncro duplicate prevention — tickets AND comments](feedback_syncro_comment_dedup.md) -- Never retry ANY Syncro POST (ticket create or comment) without first GETting to confirm the action didn't already succeed — Syncro has no idempotency on any endpoint
|
|
||||||
- [feedback-syncro-content-type](feedback_syncro_content_type.md) -- Syncro API POST calls require explicit Content-Type application/json header or they 400 with an HTML error page
|
|
||||||
- [feedback-syncro-corrections-preserve-tech](feedback_syncro_corrections_preserve_tech.md) -- Preserve Syncro attribution — corrections keep the original tech's labor user_id (commission); and adding notes/labor never changes the ticket owner. Only reassign labor or ticket ownership when explicitly asked.
|
|
||||||
- [Syncro emergency/after-hours billing — check prepay_hours first](feedback_syncro_emergency_billing.md) -- Emergency labor is time-and-a-half (×1.5), applied once, never additive. Branch by customer.prepay_hours. Prepaid → emergency item 26184 at hours×1.5 (premium in quantity); non-prepaid → 26184 at actual hours (rate has 1.5×).
|
|
||||||
- [feedback_syncro_estimate_hardware](feedback_syncro_estimate_hardware.md) -- Hardware line items on Syncro estimates always use product_id 32252 with varying name/price per item
|
|
||||||
- [Syncro comment HTML formatting](feedback_syncro_html.md) -- Use <br> for line breaks in Syncro comments, not <ul>/<li> — list tags don't render
|
|
||||||
- [feedback-syncro-labor-tax](feedback_syncro_labor_tax.md) -- Labor is never taxable in Arizona — always set taxable=false on labor line items in Syncro
|
|
||||||
- [Syncro — use a billable labor type (in-shop / onsite / remote / web), never "Prepaid project labor](feedback_syncro_labor_type.md) -- When billing Syncro tickets, the labor product on the line item MUST be one of in-shop, onsite, remote, or web labor. "Prepaid project labor" is an exempt labor type and will NOT draw down a customer's prepay block — using it silently breaks block-hour accounting.
|
|
||||||
- [feedback_syncro_line_items](feedback_syncro_line_items.md) -- Correct Syncro API endpoint for adding labor/product line items to tickets
|
|
||||||
- [feedback-syncro-live-rates](feedback_syncro_live_rates.md) -- Always fetch Syncro labor rates live from the API — never use hardcoded rate table
|
|
||||||
- [feedback-syncro-no-madeup-labor-items](feedback_syncro_no_madeup_labor_items.md) -- NEVER invent or rename Syncro labor line items — every labor line must use an existing product with its REAL name (from GET /products/<id>); work detail goes in the description field, not the name
|
|
||||||
- [Syncro — use add_line_item for billing, not timers](feedback_syncro_timer_first.md) -- Syncro billing uses add_line_item directly. Timer workflow (timer_entry → charge_timer_entry) is not used. Overrides previous rule about timers being required.
|
|
||||||
- [Syncro — timer_entry response is FLAT, not wrapped](feedback_syncro_timer_response_shape.md) -- POST /tickets/{id}/timer_entry returns a flat object {"id": N, "ticket_id": ..., "product_id": ..., ...}, NOT wrapped in {"timer": {...}} or {"timer_entry": {...}}. Parse as `.id`, never `.timer.id` — using the wrapped pattern silently returns null and creates duplicate timers when the script "retries".
|
|
||||||
- [Syncro — warranty work uses the "Labor- Warranty work" product, never patch a billable product to $0](feedback_syncro_warranty_product.md) -- For warranty/no-charge labor on Syncro tickets, use product_id 1049360 (Labor- Warranty work, $0/hr). Do NOT use a regular labor product with billable=false or a patched price_retail=0. Prices are determined by the product selected; never override the dollar amount to make one product behave like another.
|
|
||||||
|
|
||||||
## Machine
|
## Machine
|
||||||
- [GURU-5070 Workstation Setup](reference_workstation_setup.md) — Mike's primary (owner confirmed 2026-05-26). Windows 11 Pro. Renamed from OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070; all the same box, all Mike's.
|
- [GURU-5070 Workstation Setup](reference_workstation_setup.md) — Mike's primary (owner confirmed 2026-05-26). Windows 11 Pro. Renamed from OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070; all the same box, all Mike's.
|
||||||
@@ -131,16 +95,3 @@
|
|||||||
- [ACG MSP tool stack](reference_acg_msp_stack.md) — ScreenConnect/CW Control, Splashtop, Syncro, Datto RMM, Datto EDR/AV, GuruRMM are ACG's OWN tools; do not flag as foreign/threat on managed machines (Defender-off is expected when Datto AV is active).
|
- [ACG MSP tool stack](reference_acg_msp_stack.md) — ScreenConnect/CW Control, Splashtop, Syncro, Datto RMM, Datto EDR/AV, GuruRMM are ACG's OWN tools; do not flag as foreign/threat on managed machines (Defender-off is expected when Datto AV is active).
|
||||||
- [ACG Website Hosting](project_azcomputerguru_hosting.md) — azcomputerguru.com is hosted on IX Web Hosting via cPanel.
|
- [ACG Website Hosting](project_azcomputerguru_hosting.md) — azcomputerguru.com is hosted on IX Web Hosting via cPanel.
|
||||||
- [jq on Windows emits CRLF](feedback_jq_crlf_windows.md) — winget jq outputs CRLF; trailing \r silently breaks `for x in $(jq ...)` loops + read-from-@tsv. Override `jq(){ command jq "$@"|tr -d '\r'; }`. Windows-build-specific (passes on Mac/Linux).
|
- [jq on Windows emits CRLF](feedback_jq_crlf_windows.md) — winget jq outputs CRLF; trailing \r silently breaks `for x in $(jq ...)` loops + read-from-@tsv. Override `jq(){ command jq "$@"|tr -d '\r'; }`. Windows-build-specific (passes on Mac/Linux).
|
||||||
- [GuruRMM Development Principles](gururmm-development-principles.md) -- Every GuruRMM feature is full-stack (backend+API+UI+docs+scalability); product works without AI; the FEATURE_ROADMAP entry update is part of definition-of-done. Mirrors guru-rmm/docs/DESIGN.md.
|
|
||||||
- [project-cascades-migration-plan](project-cascades-migration-plan.md) -- Cascades of Tucson department migration plan — Syncro ticket, plan file location, resume command
|
|
||||||
- [Cascades admin account ownership](project_cascades_admin_accounts.md) -- Howard uses sysadmin@cascadestucson.com, Mike uses admin@cascadestucson.com — used for daily admin work, not break-glass.
|
|
||||||
- [project-cascades-billing](project_cascades_billing.md) -- Cascades of Tucson Syncro billing — prepaid block customer, rate TBD
|
|
||||||
- [Cascades CA bypass — phased per-group rollout, NOT tenant-wide](project_cascades_ca_phased_rollout.md) -- Caregiver bypass CA policies are scoped to SG-Caregivers-Pilot only at start, then expanded one department at a time. Legacy all-users-MFA stays in place; we PATCH excludeGroups, never delete it during rollout.
|
|
||||||
- [Cascades caregiver pilot — cleanup obligations](project_cascades_pilot_cleanup.md) -- Pilot accounts (pilot.test@, howard.enos@ once synced) at Cascades must be removed at end of caregiver bypass pilot.
|
|
||||||
- [Dataforth email infrastructure](project_dataforth_email.md) -- Dataforth uses M365 for email; the Exchange server on 172.16.x.x / neptune.acghosting.com is NOT Dataforth's — it belongs to ACG's own infrastructure
|
|
||||||
- [Dataforth Security Incident 2026-03-27](project_dataforth_incident_2026-03-27.md) -- DF-JOEL2 compromised via ScreenConnect social engineering. MFA deployed. IC3 filed. C2 IPs blocked. Full remediation completed.
|
|
||||||
- [project_guruconnect_deploy](project_guruconnect_deploy.md) -- How to deploy GuruConnect (v2+) to production — the server (172.16.3.30) builds its own Linux binary; gotchas with the systemd watchdog, trusted-proxy env, and auto-run migrations
|
|
||||||
- [project_guruconnect_v2_direction](project_guruconnect_v2_direction.md) -- GuruConnect v2 modernization direction (Mike, 2026-05-29) — native-first full key fidelity + bidirectional file cut/paste/drag are the headline must-haves; WebRTC is fallback only
|
|
||||||
- [Mac gururmm hook setup pending](project_mac_gururmm_setup_pending.md) -- Mikes-MacBook-Air needs install-hooks.sh run in gururmm repo — one-time setup to prevent sqlx migration drift
|
|
||||||
- [project-pluto-build-server](project_pluto_build_server.md) -- Pluto Windows build server — location, role, and access details
|
|
||||||
- [project_rmm_webhook_docs_guard](project_rmm_webhook_docs_guard.md) -- RMM build webhook now skips docs-only pushes (host guard in /opt/gururmm/webhook-handler.py). The repo copy is stale — don't redeploy it.
|
|
||||||
|
|||||||
Reference in New Issue
Block a user