azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-23 16:11:46

Browse Source 
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-23 16:11:46
This commit is contained in:
Mike Swanson
2026-05-23 16:11:50 -07:00
parent 288ff122ca
commit 99e9d11d4f
5 changed files with 292 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
', ' VERSION_BUMPED=true', ' fi', '', ' # Dashboard', r Normal file
View File

0
', ' VERSION_BUMPED=true', ' fi', '', ' # Server', r Normal file
View File

0
', ' VERSION_BUMPED=true', ' fi', '', ' if [[ == true ]]; then', ' log Committing Normal file
View File

2
projects/msp-tools/guru-rmm

Submodule projects/msp-tools/guru-rmm updated: 4f1c456c16...a6cc32d80a

291
session-logs/2026-05-23-session.md
View File

@@ -107,6 +107,158 @@ None. Show prep complete and ready for broadcast.
- Sodium-ion battery phone availability and reviews
- iOS 26.5 encrypted RCS carrier rollout expansion
- State AI regulation (Colorado law effective June 30)
---
## Update: 22:30 PT — GuruRMM agent optimization + auto-version build pipeline
## User
- **User:** Mike Swanson (mike)
- **Machine:** DESKTOP-0O8A1RL
- **Role:** admin
- **Session Span:** 2026-05-23 afternoonevening (continuation of prior session across context reset)
---
## Session Summary
Session continued from a prior context window that covered the GuruRMM /rmm-audit, watchdog alert server routes, and a large agent optimization pass (Phases 1A3). At the start of this context, Phase 3 changes were uncommitted. The Gitea Agent was invoked to commit and push `feat(agent): phase 3 — wire RunChecks, add registry write ops with path validation` (SHA `4b46b37`), which triggered the Gitea webhook build pipeline.
Build status investigation revealed the webhook handler at `/opt/gururmm/webhook-handler.py` runs on the build server (172.16.3.30), not on Pluto. The build pipeline runs Linux cargo on the build server and Windows cargo on Pluto (172.16.3.36) in parallel. All 0.6.28 artifacts in downloads were stamped 18:11 UTC, predating Phase 3. Subsequent builds (triggered by Phase 3 + MSRV bump commits) failed because Pluto was transiently unreachable at build time.
Pluto's Rust toolchain was confirmed at stable 1.95.0 (with 1.77 also pinned for legacy support). The MSRV was bumped to 1.85 (`rust-version = "1.85"` in agent/Cargo.toml), committed as `4fa0aef`, and pushed. However, subsequent builds continued failing at the Windows x86 step: `rustup target add i686-pc-windows-msvc --toolchain 1.77` in the build script causes cargo to associate i686 with the 1.77 toolchain, so `cargo build --target i686-pc-windows-msvc` (without an explicit `+stable`) uses rustc 1.77.2, which fails the MSRV check. Fix applied: `+stable` added to all non-legacy Pluto cargo build commands in the deployed script.
A compile error was discovered in `agent/src/registry_ops/windows.rs:9``path.find('\')` (unterminated char literal) that compiled on Linux (file is `#[cfg(windows)]`, silently excluded) but failed on Pluto. Fixed with a binary substitution and committed as `3574f72`.
The auto-version increment mechanism was designed and implemented. The build script (`/opt/gururmm/build-agents.sh`) now reads a `last-built-commit` SHA file, diffs the current HEAD against it for changes under `agent/`, `server/`, and `dashboard/` (excluding version manifest files themselves), and for each changed component bumps the patch version in Cargo.toml or package.json, commits with `[ci-version-bump]` in the message, and pushes. The webhook handler was updated to skip builds where all commits contain `[ci-version-bump]`. Three bugs in the initial implementation were discovered and fixed during build observation: (1) the self-update block overwrote the running bash script mid-execution, causing subsequent blocks to be skipped — fixed by moving self-update to the bottom of the script; (2) bare `git` commands in the auto-version block failed with "dubious ownership" because the build runs as root but the repo is owned by guru — fixed with `sudo -u guru git`; (3) the `+stable` fix had not propagated to the Pluto build command, causing the i686 build to regress. As of session end, all three fixes are deployed and committed. A build triggered by `ab3ef12` is in progress on Pluto (Pluto build running, Linux done in 1s via sccache). Outcome pending.
---
## Key Decisions
- **MSRV bumped to 1.85 (not 1.77)** — Pluto confirmed on stable 1.95.0; no legacy Windows 7 constraint on agents. 1.85 unlocks `OnceLock` stabilization and other Rust features from Phase 1A without breaking any supported platform.
- **`+stable` to all non-legacy Pluto cargo commands** — The build script intentionally uses `$CARGO +1.77` for legacy builds (Windows 7 agent variant). Adding `+stable` explicitly to the other builds prevents rustup from selecting 1.77 when i686 target was registered to that toolchain. Explicit toolchain beats ambiguous default.
- **Self-update removed from build script** — The deployed `build-agents.sh` has more features (legacy builds, debug-agent variant, cleanup crate) than the repo's `scripts/build-agents.sh`. The self-update would silently downgrade the deployed script. Removed until the repo copy is brought to parity with deployed.
- **`sudo -u guru git` in auto-version block** — Git 2.35.2+ enforces ownership checks; running as root against a guru-owned repo triggers "dubious ownership" fatal. All git operations in auto-version now use `sudo -u guru git` to match the pattern already established by the sync/reset steps.
- **Auto-version excludes version manifest files from change detection** — To avoid re-bumping when only Cargo.toml version line changed (either from a prior auto-bump or manual bump), the diff for each component excludes `agent/Cargo.toml`, `server/Cargo.toml`, `dashboard/package.json`. Any other file change triggers the bump.
- **`[ci-version-bump]` skip in webhook, not lock-based** — The build lock also prevents the version-bump commit from triggering a concurrent build, but an explicit message-based skip is more robust and handles the case where the lock has already been released by the time the version-bump webhook arrives.
---
## Problems Encountered
- **Pluto transiently unreachable during builds** — SSH to Administrator@172.16.3.36 from the build server failed at 18:42 UTC (returning Permission denied), causing the Phase 3 build to fail. Pluto was accessible when tested manually shortly after. Root cause: transient SSH issue, not a permanent auth problem. The build pipeline continued working once Pluto recovered.
- **`registry_ops/windows.rs` unterminated char literal** — `path.find('\')` compiled fine on Linux (file excluded by `#[cfg(windows)]`) but failed on Pluto with `error[E0762]`. Fixed by binary replacement of the single backslash to double (`'\\'`).
- **Self-update overwrites running bash script** — Bash reads scripts line-by-line from disk as it executes. Moving the self-update block from the top (before auto-version) to the bottom (after) eliminated the mid-execution file replacement. Discovered by observing that "Checking component changes" appeared in the build log but no version bump followed, while manual `git diff` confirmed the expected files were changed.
- **Git dubious ownership in auto-version** — Auto-version block used bare `git rev-parse HEAD`, which runs as root. Git 2.35.2+ refuses to operate on repos owned by a different user. All git operations changed to `sudo -u guru git`. Discovered from `fatal: detected dubious ownership` in the build log.
- **i686 toolchain selection — MSRV regression** — `rustup target add i686-pc-windows-msvc --toolchain 1.77` (in the Pluto build command, intended for legacy builds) caused cargo to use 1.77 for subsequent i686 `$CARGO build` calls without `+stable`. The x64 build passed (sccache hit or stable default), the x86 failed. Fixed by adding `+stable` to all non-legacy cargo build lines.
- **Build log duplication** — Almost every log line appears twice. Caused by both `tee -a "$LOG_FILE"` in the log() function and a parallel pipeline also writing to the same file. Cosmetic issue; noted but not fixed this session.
- **`pre-commit` hook not executable** — `scripts/hooks/pre-commit` has no execute bit; hooks are silently skipped on every commit. Noted by multiple Gitea Agent runs. Not fixed this session.
---
## Configuration Changes
**On 172.16.3.30 (build server) — deployed files:**
- `/opt/gururmm/build-agents.sh` — Added auto-version block (reads last-built-commit, diffs components, bumps versions, commits+pushes); moved self-update to bottom then removed it; added `+stable` to all non-legacy cargo build commands; added `sudo -u guru git` to all auto-version git calls; added `echo $CURRENT_SHA > $LAST_SHA_FILE` at end.
- `/opt/gururmm/webhook-handler.py` — Added `[ci-version-bump]` skip guard before `is_build_running()` check.
- `/opt/gururmm/last-built-commit` — Initialized to `3574f727fddfc09b097bfb86bddf9acfedafe30b`.
**In `azcomputerguru/gururmm` repo (via Gitea):**
- `agent/src/registry_ops/windows.rs:9` — Fixed `path.find('\')``path.find('\\')`
- `agent/Cargo.toml` — Added `rust-version = "1.85"` after `edition = "2021"`
- `scripts/build-agents.sh` — Auto-version block, +stable, sudo -u guru git, self-update removed
**In claudetools (this repo):**
- `projects/msp-tools/guru-rmm/docs/UI_GAPS.md` — Last Updated set to 2026-05-23; watchdog alerts section updated to `[!] Blocked` with missing routes documented
---
## Credentials & Secrets
GuruRMM server env (from /opt/gururmm/.env — for session reference):
- DATABASE_URL: `postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@localhost:5432/gururmm`
- JWT_SECRET: `ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=`
- ENTRA_CLIENT_SECRET: `gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w`
- ALERT_GRAPH_CLIENT_SECRET: `rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk`
- CREDENTIAL_ENCRYPTION_KEY: `6d38f7d3cec9d62998e33a97f793833cec11746adc762219186baf7da362e136`
- ENTRA_CLIENT_ID: `18a15f5d-7ab8-46f4-8566-d7b5436b84b6`
- ALERT_GRAPH_CLIENT_ID: `15b0fafb-ab51-4cc9-adc7-f6334c805c22`
- ALERT_GRAPH_TENANT_ID: `ce61461e-81a0-4c84-bb4a-7b354a9a356d`
- ENTRA_REDIRECT_URI: `https://rmm.azcomputerguru.com/auth/callback`
- ALERT_EMAIL_FROM: `noreply@azcomputerguru.com`
- ALERT_EMAIL_RECIPIENTS: `mike@azcomputerguru.com`
---
## Infrastructure & Servers
- **Build server:** 172.16.3.30 (Linux) — webhook handler on port 9000, build-agents.sh at /opt/gururmm/
- **Pluto:** 172.16.3.36 (Windows Server 2019 VM on Jupiter/Unraid) — Rust stable 1.95.0 + 1.77 pinned, i686+x64 targets, sccache at C:\sccache
- **GuruRMM server:** 172.16.3.30:3001 (Axum) — agents connect here
- **Gitea:** 172.16.3.20:3000 — webhook receiver at /webhook/build → port 9000 on build server
- **Dashboard:** https://rmm.azcomputerguru.com
- **Downloads:** /var/www/gururmm/downloads on 172.16.3.30 — currently 0.6.28 artifacts from 18:11 UTC
---
## Commands & Outputs
```bash
# Check build log for auto-version output
ssh guru@172.16.3.30 'sudo tail -30 /var/log/gururmm-build.log | grep "2026-05-23 22:"'
# 2026-05-23 22:09:27 - === Starting agent build ===
# fatal: detected dubious ownership in repository at '/home/guru/gururmm'
# Fix git user in auto-version block (deployed)
ssh guru@172.16.3.30 'sudo sed -i "s/CURRENT_SHA=$(git rev-parse HEAD)/CURRENT_SHA=$(sudo -u guru git rev-parse HEAD)/" /opt/gururmm/build-agents.sh'
ssh guru@172.16.3.30 'sudo sed -i "s/$(git diff --name-only/$(sudo -u guru git diff --name-only/g" /opt/gururmm/build-agents.sh'
# Verify Pluto toolchain
ssh -J guru@172.16.3.30 Administrator@172.16.3.36 'C:\Users\Administrator\.cargo\bin\rustup.exe show'
# stable-x86_64-pc-windows-msvc: rustc 1.95.0
# 1.77-x86_64-pc-windows-msvc: rustc 1.77.2
# Query agent versions from DB
PGPASSWORD=43617ebf7eb242e814ca9988cc4df5ad psql -U gururmm -d gururmm -h localhost \
-c "SELECT hostname, agent_version, last_seen::timestamp(0), status FROM agents ORDER BY last_seen DESC LIMIT 20;"
# All 20+ agents: 0.6.28, online, last_seen ~21:15 UTC
```
---
## Pending / Incomplete Tasks
- **Build pipeline test in progress** — SHA `ab3ef12` pushed, build running on Pluto (22:09 UTC build still active at session save). Expected: auto-version fires (detects agent/src/main.rs from 8c0f4d3), bumps 0.6.28 → 0.6.29, commits `[ci-version-bump]`, full build completes, agents auto-update.
- **Verify auto-version end-to-end** — After current build completes, push another agent/ change to confirm the full mechanism works: version bump commits, webhook skip fires, fleet updates.
- **Pre-commit hook needs `chmod +x`** — `scripts/hooks/pre-commit` is not executable. Every commit skips it silently.
- **Build log duplication** — Cosmetic: log() tee + outer pipeline both write to /var/log/gururmm-build.log. Not blocking.
- **`scripts/build-agents.sh` (repo) vs deployed** — Repo copy is still simpler than deployed (missing legacy 1.77 builds, debug-agent, cleanup crate). Self-update removed to prevent downgrade. Should sync eventually.
- **Phase 3 agent code not yet deployed to fleet** — Current downloads are 0.6.28 from 18:11 UTC (pre-Phase-3). Once the pending build completes as 0.6.29, agents will auto-update.
- **Audit backlog from 2026-05-23 audit:**
- `/credentials/:id/reveal` scope check (horizontal priv escalation — HIGH)
- `isError` handling on Dashboard, Logs, Alerts, AlertTemplates, Settings pages
- `internal_err()` raw DB error sweep (~130 sites)
- `is_dc` field missing from Agent interface in dashboard/src/api/client.ts
---
## Reference Information
- **gururmm repo commits this session:**
- `4b46b37` — feat(agent): phase 3 — wire RunChecks, add registry write ops with path validation
- `4fa0aef` — chore(agent): bump MSRV to 1.85
- `3574f72` — fix(agent): fix unterminated char literal in registry_ops windows path parser
- `aeaa8ad` — feat(build): auto-increment component versions on source changes
- `8c0f4d3` — chore(agent): trigger auto-version test
- `1f1ba0b` — fix(build): defer self-update to end of script to prevent bash re-read corruption
- `9597c2f` — fix(build): add +stable to Pluto cargo commands, remove self-update
- `ab3ef12` — fix(build): run auto-version git commands as guru user to avoid dubious ownership
- **Build server webhook log:** `journalctl -u gururmm-webhook --no-pager -n 30`
- **Build log:** `/var/log/gururmm-build.log` (on 172.16.3.30, needs sudo tail)
- **Last-built-commit state file:** `/opt/gururmm/last-built-commit`
- **Downloads dir:** `/var/www/gururmm/downloads/` on 172.16.3.30
- **GuruRMM DB:** `postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@localhost:5432/gururmm` (from build server)
- Smart home security incidents and FCC Cyber Trust Mark rollout
- Windows SecureBoot certificate expiration fallout (begins June 2026)
- Firmware update availability from major PC manufacturers
@@ -241,3 +393,142 @@ Also answered a support question: Claude Code appearing to pause mid-task (timer
- Plex listen: `:::32400` (confirmed via `Get-NetTCPConnection`)
- Ombi path: `D:\Ombi\Ombi.exe`
- GuruRMM roadmap: `projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md`
---
## Update: 16:09 PT — GuruRMM build pipeline hardening + 0.6.29 fleet deployment
## User
- **User:** Mike Swanson (mike)
- **Machine:** DESKTOP-0O8A1RL
- **Role:** admin
- **Session span:** ~21:0023:10 UTC (2026-05-23)
---
## Session Summary
This session continued from a prior context window that had implemented the auto-version bump mechanism for the GuruRMM build pipeline. The primary goal was to get that mechanism working end-to-end and deliver Phase 3 agent changes (registry write ops, RunChecks wiring) to the fleet as version 0.6.29.
At session resumption the build triggered by commit `ab3ef12` had just completed its Linux phase but failed on Pluto (Windows build server, 172.16.3.36). Investigation of the build log revealed two cascading problems: (1) `CURRENT_SHA=$(sudo -u guru git rev-parse HEAD)` was silently returning empty because git's `safe.directory` check rejected the `/home/guru/gururmm` repo when run from the systemd service context (HOME=/root, no system-wide gitconfig exception), causing all three `git diff` component comparisons to use a malformed `LAST_SHA..` range and return zero; (2) the legacy `+1.77` cargo build commands on Pluto failed with `error: cannot be built because it requires rustc 1.85 or newer, while the currently active rustc version is 1.77.2` because `rust-version = "1.85"` was added to `agent/Cargo.toml` in a prior session without exempting the intentionally-old legacy toolchain builds.
Both issues were fixed directly on the server: `git config --system --add safe.directory /home/guru/gururmm` was added to the system gitconfig (affects all users, proper fix for the systemd context), and `--ignore-rust-version` was appended to both `+1.77` cargo build lines in the deployed `/opt/gururmm/build-agents.sh`. The repo copy at `scripts/build-agents.sh` was also updated. Two commits were then pushed: `2ae3629` (build fix) and `72695b3` (trivial agent change to trigger auto-version).
The build at 22:41 UTC succeeded completely: auto-version fired (`Agent: 0.6.28 -> 0.6.29`, committed as `a6cc32d [ci-version-bump]`), Linux build completed in 83 seconds, Pluto built all variants (x64, x86, legacy-amd64, legacy-x86, base MSI) in ~19 minutes total. All artifacts deployed to `/var/www/gururmm/downloads/`, `last-built-commit` updated to `a6cc32d`. Fleet auto-update rolled out immediately — 37 of ~50 online agents upgraded to 0.6.29 within minutes of artifact deployment.
---
## Key Decisions
- **System-wide safe.directory instead of per-user**: `git config --system` rather than writing to `/root/.gitconfig` or adding `safe.directory = *` — scoped correctly to the one repo, affects all users on the host, survives systemd environment stripping.
- **`--ignore-rust-version` on legacy builds**: The `+1.77` cargo invocations target Windows XP/Vista-era endpoints and intentionally use an old toolchain. Rather than removing `rust-version = "1.85"` from Cargo.toml (which would lose MSRV enforcement for all other builds), `--ignore-rust-version` was added only to the two legacy lines.
- **Trivial agent change to trigger auto-version test**: A comment-only change to `agent/src/main.rs` (`72695b3`) was used to fire the auto-version mechanism for the first time cleanly, confirming the full pipeline: diff → bump → commit `[ci-version-bump]` → build versioned artifacts → update `last-built-commit`.
- **`--ignore-rust-version` not added to the cleanup crate build**: The cleanup crate's `cargo build` in the script was left unchanged — it doesn't have `rust-version` set, so no issue.
- **Did not self-update deployed script from repo**: The deployed `/opt/gururmm/build-agents.sh` is richer than the repo copy (legacy 1.77 builds, debug-agent, MSI, signing, cleanup crate). The self-update block was removed in a prior session to prevent downgrade. Fixes were applied directly to both files.
---
## Problems Encountered
- **`CURRENT_SHA` empty — safe.directory rejection in systemd context**: `sudo -u guru git rev-parse HEAD` succeeded in interactive SSH but failed when the build script ran under the webhook systemd service (User=root, HOME=/root). Git 2.34.1 on Ubuntu 22.04 rejected the repo because the system gitconfig lacked a `safe.directory` exception for `/home/guru/gururmm`. Fix: `sudo git config --system --add safe.directory /home/guru/gururmm`. Confirmed by tracing the single-occurrence `fatal: detected dubious ownership` line in the build log (non-duplicated = stderr, not through tee = came from the `$()` capture with no `2>&1`).
- **Legacy +1.77 cargo builds failing MSRV check**: After `rust-version = "1.85"` was added to `agent/Cargo.toml` in a prior session, the legacy builds (`$CARGO +1.77 build --release --features legacy`) immediately failed the MSRV pre-check. The x64 +stable build succeeded (sccache hit, MSRV check passed), but the subsequent `+1.77` invocations failed. Fix: added `--ignore-rust-version` to both legacy build lines in the deployed and repo scripts.
- **Multiple prior builds silently missing auto-version**: Three builds before this session (21:13, 21:45, 21:48, 22:09 UTC) all skipped auto-version for different reasons: (1) self-update at top of script overwriting the running script, (2) bare `git` as root failing safe.directory, (3) `+stable` missing on Pluto i686 build. All three bugs were diagnosed from build log traces across the prior context window. This session only needed to fix #2 (safe.directory) and an additional issue (#4: legacy MSRV) that manifested in this build.
- **22:09 build built `9597c2f` not `ab3ef12`**: The webhook at 22:09 was triggered by `9597c2f`, not `ab3ef12`. The `ab3ef12` push happened while the 22:09 build was already running, and the webhook handler's `is_build_running()` check skipped it. This meant `ab3ef12`'s safe.directory fix to the deployed script was never exercised by a build until the current session's push.
---
## Configuration Changes
**On 172.16.3.30 (build server):**
- `/etc/gitconfig` — added `safe.directory = /home/guru/gururmm` via `git config --system`
- `/opt/gururmm/build-agents.sh` — added `--ignore-rust-version` to both `+1.77` legacy cargo build lines (lines 112-113)
**In gururmm repo (`/home/guru/gururmm`, pushed to origin):**
- `scripts/build-agents.sh` — same `--ignore-rust-version` fix
- `agent/src/main.rs` — comment-only change (trigger commit)
**On build server state:**
- `/opt/gururmm/last-built-commit` — updated from `3574f727fddfc09b097bfb86bddf9acfedafe30b` to `a6cc32d80a1969a6991b4a487530a5abcd096276`
- `/var/www/gururmm/downloads/` — 0.6.29 artifacts added for all variants; `*-latest` symlinks updated
---
## Credentials & Secrets
No new credentials created. Reference only:
- GuruRMM PostgreSQL: `postgresql-user: gururmm`, `postgresql-password: 43617ebf7eb242e814ca9988cc4df5ad`, DB: `gururmm`, host: localhost on 172.16.3.30
- Vault path: `infrastructure/gururmm-server.sops.yaml`
---
## Infrastructure & Servers
- **Build server:** 172.16.3.30, SSH user: guru, systemd service: `gururmm-webhook` (User=root, port 9000), build script: `/opt/gururmm/build-agents.sh`
- **Pluto (Windows build):** 172.16.3.36, SSH user: Administrator, Windows Server 2019 VM on Jupiter (Unraid)
- **GuruRMM server:** 172.16.3.30:3001 (Rust/Axum), WebSocket-based fleet management
- **Agent downloads:** `/var/www/gururmm/downloads/` on 172.16.3.30
- **Build log:** `/var/log/gururmm-build.log`
- **State file:** `/opt/gururmm/last-built-commit`
- **System gitconfig:** `/etc/gitconfig` (new safe.directory entry)
---
## Commands & Outputs
```bash
# Fix safe.directory for build script systemd context
sudo git config --system --add safe.directory /home/guru/gururmm
# Verify
git config --system --list | grep safe
# → safe.directory=/home/guru/gururmm
# Fix legacy build MSRV (on build server as root)
sudo sed -i 's/\$CARGO +1\.77 build/\$CARGO +1.77 build --ignore-rust-version/g' /opt/gururmm/build-agents.sh
# Same fix on repo copy (as guru)
sudo -u guru sed -i 's/\$CARGO +1\.77 build/\$CARGO +1.77 build --ignore-rust-version/g' /home/guru/gururmm/scripts/build-agents.sh
# Commits pushed
# 2ae3629 — fix(build): add --ignore-rust-version to legacy 1.77 cargo builds
# 72695b3 — chore(agent): trigger auto-version for 0.6.28 -> 0.6.29
# Build result (auto-version fired):
# 2026-05-23 22:41:25 - Agent: 0.6.28 -> 0.6.29
# 2026-05-23 22:41:26 - Version bump committed: a6cc32d80a1969a6991b4a487530a5abcd096276
# 2026-05-23 22:41:26 - Building version: 0.6.29
# 2026-05-23 23:01:04 - === Build complete: v0.6.29 — total 1180s ===
# Fleet check via DB
PGPASSWORD='43617ebf7eb242e814ca9988cc4df5ad' psql -h localhost -U gururmm -d gururmm \
-c "SELECT agent_version, COUNT(*) FROM agents GROUP BY agent_version ORDER BY agent_version;"
# 0.6.29 | 37 (majority of fleet updated within minutes)
```
---
## Pending / Incomplete Tasks
- **10 agents not yet on 0.6.29**: 3 at 0.6.28, 7 at 0.6.27 — likely offline or on non-default update channels. 6 legacy agents (0.6.3 and below) predate auto-update, need manual reinstall.
- **`fatal: not a git repository` in generate-changelog.sh**: Appears at end of build log (`|| true` suppresses), script runs git commands from wrong directory. Non-blocking but should be fixed to properly generate changelogs.
- **Build log duplication**: Every log line appears twice — once via `tee -a $LOG_FILE`, once via Python subprocess capturing stdout. Cosmetic but makes log analysis harder.
- **`scripts/build-agents.sh` (repo) vs deployed**: Deployed script has debug-agent, cleanup crate, code-signing, legacy 1.77 builds. Repo copy is simpler. Self-update removed. These will drift further over time; should eventually reconcile.
- **Pre-commit hook not executable**: `scripts/hooks/pre-commit` on 172.16.3.30 has no execute bit — silently skipped on all commits. Needs `chmod +x`.
- **Audit backlog** (from 2026-05-23 audit report): `credentials/:id/reveal` scope check (HIGH), `isError` handling on several dashboard pages, `internal_err()` raw DB error sweep (~130 call sites), `is_dc` field missing from `Agent` TS interface.
- **Phase 3 code deployed**: Registry write ops and RunChecks wiring are now live in the fleet via 0.6.29.
---
## Reference Information
- gururmm repo HEAD: `72695b3` (trigger commit) — auto-version bumped to `a6cc32d` during build
- `last-built-commit`: `a6cc32d80a1969a6991b4a487530a5abcd096276`
- Version bump commit: `a6cc32d chore: auto-bump versions [ci-version-bump]`
- Build duration: 1180s (Pluto legacy builds dominate — ~19 min)
- 0.6.29 artifacts: all variants in `/var/www/gururmm/downloads/`
- Coord API components updated: `gururmm/agents` and `gururmm/server` → version `0.6.29`, state `deployed`
- Vault: `infrastructure/gururmm-server.sops.yaml` (GuruRMM DB + SSH creds)
- Build log: `/var/log/gururmm-build.log` (search for `22:41` for this build)