azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-05-29 13:48:45

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-29 13:48:45
This commit is contained in:
Mike Swanson
2026-05-29 13:48:51 -07:00
parent c093e7f8a4
commit afb3a9ec6d
7 changed files with 586 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
session-logs/2026-05-29-session.md
View File

@@ -224,3 +224,106 @@ manifest versions now start at 0.2.2 (legitimate first signed release).
### Reference Information
- GC release commits: `e7f38ce`/`5727ccf` (jsign 7.1 + verify fix). Release run #22 green. Release `v0.2.2`.
- claudetools: `…70d2190` (submodule bump for verify fix).
---
## Update: 20:47 PT — Birth Biologic SmartBadge correction, GuruRMM 0.3.36 deploy, alert re-routing, Rednour onboarding + onboarding diagnostic
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
### Session Summary
Began with Birth Biologic: Kristin Steen (KSTEENBB2025) could not use the Datto SmartBadge Excel add-in. RMM recon against her machine and the working reference (EVO-X1) showed the 2026-05-28 fix had gone the wrong direction — it removed the newer Datto Workplace v10.53.4 (Workplace2, the fleet standard) and left the older Workplace Desktop v8.50.13. Corrected it: Mike Revo-uninstalled v8 (clean, swept the `{2B96EDC1}` CLSID + non-`_CC` add-in keys), then via RMM installed Workplace v10.53.4 from her Downloads, aligned the SmartBadge `_CC` CLSID/add-in to EVO-X1, and cleared her stuck per-user `LoadBehavior=2`. Verified byte-for-byte against EVO-X1. Filed Syncro #32339 public tech notes + 1hr warranty, and stood up a 7-day daily verification (scheduled task on GURU-5070 + coord todo).
GuruRMM Integration Center ("Store") planning: confirmed it is greenfield (MSP360 built, Syncro/catalog not). Locked five design decisions (partner-scoped, generic JSONB config storage with MSP360 migrated in, catalog + Syncro built together, code-defined plugin registry, AES-256-GCM reuse) and landed a revised SPEC-005 as gururmm PR #28. Parked per Mike; tracked in coord todo. Mike also questioned why site API keys are published when enrollment correlates by site_id — code review confirmed the modern `POST /enroll` gate is site_id-only and the site api_key is used only by the legacy WS path + install-info; filed as a security/arch decision.
Resolved Howard's blocker: the gururmm server on 172.16.3.30 was still running 0.3.32 despite an 18:51 restart. Root cause — the 0.3.36 binary had been copied to `/usr/local/bin/gururmm-server`, but the systemd `ExecStart` is `/opt/gururmm/gururmm-server`, which was still yesterday's 0.3.32. Copied 0.3.36 to the correct path, restarted, verified `/status` = 0.3.36 and command flow (test command to ACG-DC16 returned completed/exit 0). Replied to Howard on coord.
Re-routed bot alerts: RMM/Dev alerts (`[RMM]/[DEPLOY]/[DEV]/[BUILD]/[GURURMM]/[SMARTBADGE-WATCH]`) now auto-route to the new private #dev-alerts (Howard + Mike); Syncro/general stay in #bot-alerts. Onboarded Rednour Law Offices (client + site "Main", `GREEN-FALCON-7214`), vaulted the one-time enrollment key, and documented the whole flow as `/rmm onboard` in the skill. Three Rednour agents enrolled and online.
Built Phase 1 of an onboarding diagnostic (`/rmm diagnose`): a PS5.1/ASCII/SYSTEM-safe security+health probe dispatched via RMM, a triage layer grading RED/AMBER/GREEN, immutable per-client baselines, prior-baseline diff, and CRITICAL alerts to #dev-alerts. Code-reviewed (no blockers; folded in immutability guard, severity-independent finding ids, Defender-unknown sentinel, expanded competitor/backup detection). Baselined all three Rednour machines. Mike clarified the "foreign agents" it flagged (ScreenConnect/CW Control, Splashtop, Syncro, Datto RMM+EDR) are ACG's own stack — filed a detection-tuning todo and saved a memory so they aren't re-flagged. Real day-one findings surfaced: two machines on EOL Win10 22H2, RDP-without-NLA on REDNOURCARRIEVI, missing BitLocker, low disk, no backup agent on FrontDeskReception.
### Key Decisions
- **Reversed the 2026-05-28 SmartBadge fix** — the fleet standard is the *newer* Datto Workplace v10.53.4 (Workplace2); Workplace Desktop v8 is older despite the name. EVO-X1 used as the canonical reference.
- **Let Mike Revo-uninstall v8** rather than silent-uninstall via RMM — GUI uninstaller sweeps leftovers a silent uninstall leaves; coordinated to avoid both touching the live box at once.
- **SmartBadge daily watch via local scheduled task, not /schedule** — `/schedule` provisions cloud agents that can't reach the internal RMM API (172.16.3.30); only a LAN machine can.
- **Integration Center: partner-scoped, generic JSONB storage, catalog+Syncro together, code plugin registry, AES-256-GCM reuse** — corrected SPEC-005's internal-only, DB-catalog-table assumptions.
- **Server deploy to `/opt/gururmm/gururmm-server`** — that is the real `ExecStart`; the wiki's `/usr/local/bin` path is stale and caused the failed deploy.
- **Alert routing by message prefix** — auto-routes existing call sites with no edits; explicit `dev`/`bot` 2nd-arg override retained.
- **Onboarding diagnostic Phase 1 = script via /rmm now, Phase 3 = native GuruRMM feature later**; baselines stored in repo now, GuruRMM DB when the native feature lands ("both").
### Problems Encountered
- **Excel rewrote per-user add-in state on exit** — required Excel closed before clearing Kristin's `LoadBehavior=2`; the fix script guards on EXCEL.EXE.
- **sops encrypt failures** — needed `--config "$VR/.sops.yaml"` from outside the vault dir; bare YAML dates threw `Cannot walk value, unknown type: time.Time` (quote them); failed encrypt leaves plaintext on disk (verify with `grep -c 'ENC['`). Documented in `/rmm onboard`.
- **Server "rebuild" didn't take** — 0.3.36 binary was deployed to the wrong path (`/usr/local/bin` vs the service's `/opt/gururmm`). Fixed by copying to the correct path + restart.
- **Discord 400 on em-dash** — a unicode em-dash in an alert broke the JSON post (Windows Git Bash argv encoding); ASCII-only is already the rule.
- **Agent ~32KB command-size cap** — the 62KB diagnostic probe was rejected; runner base64-chunks the upload (<24KB chunks) then decodes/runs/cleans up.
- **Detection false positives** — substring matches (`cove`->Recovery, `ltsvc`->Vaultsvc) and PS5.1 scalar `.Count`; fixed with `\b` anchors and `@(...)` wrapping. Then ACG's own stack flagged as "foreign" — filed tuning todo + memory.
- **git push rejected (non-fast-forward)** twice — other instances had advanced origin; resolved with `pull --rebase` then push.
### Configuration Changes
- KSTEENBB2025 (via RMM): uninstalled Datto Workplace Desktop v8.50.13 (Revo); installed Datto Workplace v10.53.4; `_CC` CLSID `{3C639243}` -> Workplace2 x64/x86 DLLs; removed `{2B96EDC1}` + non-`_CC` add-in keys; per-user `Datto.SmartBadgeShim_CC` LoadBehavior 2->3, cleared Resiliency, set DoNotDisableAddinList.
- 172.16.3.30: `cp /usr/local/bin/gururmm-server /opt/gururmm/gururmm-server` (0.3.36), old saved `/opt/gururmm/gururmm-server.0.3.32.bak`, `systemctl restart gururmm-server`.
- `.claude/scripts/post-bot-alert.sh` — dev/bot channel routing by prefix + override arg.
- `.claude/scripts/ksteen-smartbadge-verify.ps1`, `ksteen-smartbadge-fix.ps1`, `check-ksteen-smartbadge.sh` — new (SmartBadge verify/fix/daily-runner).
- `.claude/scripts/onboarding-diagnostic.ps1`, `run-onboarding-diagnostic.sh` — new (onboarding diagnostic Phase 1).
- `.claude/commands/rmm.md` — added `/rmm onboard`, `/rmm diagnose`, dev-alerts routing notes.
- `.claude/memory/reference_acg_msp_stack.md` (+ MEMORY.md index) — new.
- `wiki/clients/birth-biologic.md` — agents table, dual-Workplace SmartBadge known issue + fleet standard, 5/28-5/29 history.
- Vault `D:/vault/clients/rednour/gururmm-site-main.sops.yaml` — new (Rednour enrollment key).
- Scheduled task "ClaudeTools - KSTEEN SmartBadge Daily" on GURU-5070 (daily 09:00, 2026-05-30..06-05).
- gururmm PR #28 (branch `feat/spec-005-integration-center`) — revised SPEC-005.
### Credentials & Secrets
- Rednour GuruRMM site API key (one-time, `grmm_...`): vaulted at `clients/rednour/gururmm-site-main.sops.yaml` (credentials.api_key). Site `GREEN-FALCON-7214`.
- Gitea API token field path correction: `services/gitea.sops.yaml` -> `credentials.api.api-token` (not `credentials.api-token`).
- Syncro API key: `msp-tools/syncro.sops.yaml` -> `credentials.credential` (unchanged).
- No new secrets created beyond the Rednour site key.
### Infrastructure & Servers
- GuruRMM server 172.16.3.30: `/status` -> 0.3.36; service `ExecStart=/opt/gururmm/gururmm-server` (NOT /usr/local/bin — wiki stale); build via `sudo /opt/gururmm/build-server.sh` (builds in `/home/guru/gururmm/server`, log `/var/log/gururmm-build.log`).
- Rednour Law Offices: client `85f7cff4-d4db-48a8-b477-b8788122a361`, site Main `c7f5787c-8e71-45b3-841f-fa52436f7d26` / `GREEN-FALCON-7214`. Agents: FrontDeskReception `04765560-...`, LegalAsst `18825ea7-...`, rednourcarrievirt `8e4e2221-...`.
- BB agents: BB-SERVER `6c02baa7`, KSTEENBB2025 `ee3c6aea`, EVO-X1 `9595f002`, BB-Office2 `48763401`.
- Discord channels: #bot-alerts `624710699771232265`, #dev-alerts `1509998508198068484` (private).
### Commands & Outputs
```bash
# Server fix (172.16.3.30)
sudo cp /opt/gururmm/gururmm-server /opt/gururmm/gururmm-server.0.3.32.bak
sudo systemctl stop gururmm-server
sudo cp /usr/local/bin/gururmm-server /opt/gururmm/gururmm-server
sudo systemctl start gururmm-server
curl -s localhost:3001/status | jq .version # -> "0.3.36"
# vault new entry (non-interactive)
sops --config "$VR/.sops.yaml" --encrypt --in-place <file> # quote dates; secrets under credentials:
# onboarding diagnostic
bash .claude/scripts/run-onboarding-diagnostic.sh <host> <client-slug>
```
### Pending / Incomplete Tasks
- **Rednour:** real findings to action — 2x EOL Win10 22H2 (LegalAsst, REDNOURCARRIEVI), RDP-without-NLA (REDNOURCARRIEVI), missing BitLocker, low disk (REDNOURCARRIEVI ~12%), no backup agent (FrontDeskReception). Mike to direct remediation.
- **KSTEENBB2025:** SmartBadge confirmed working; 7-day watch running (coord todo `4a5b09b3`).
- **Integration Center:** PR #28 open for review/merge; then /shape-spec + scaffold (coord todo `0198ba04`). PARKED.
- **GuruRMM enrollment security:** site_id-only enrollment gate decision (coord todo `00074cd8`).
- **Onboarding diagnostic:** Phase 3 native feature (coord todo `76c6050b`); single-element-array MD-table bug (`cc5dbdfa`); ACG-stack detection allowlist tuning (`3d886f1a`).
- **Wiki:** gururmm.md ExecStart path (/opt vs /usr/local/bin) should be corrected; no wiki article for Rednour yet.
### Reference Information
- Syncro #32339 (BB SmartBadge): public cmt 414607766, warranty li 42639366. Customer 17983014.
- gururmm PR #28: https://git.azcomputerguru.com/azcomputerguru/gururmm/pulls/28
- Coord: Howard reply f888b21c; broadcast bafae411; todos 4a5b09b3 / 0198ba04 / 00074cd8 / 76c6050b / cc5dbdfa / 3d886f1a.
- Rednour install page: https://rmm.azcomputerguru.com/install/GREEN-FALCON-7214
- Baselines: `clients/rednour/onboarding-baselines/` (FRONTDESKRECEPT, LEGALASST, REDNOURCARRIEVI).