sync: auto-sync from GURU-5070 at 2026-05-26 20:10:26
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-05-26 20:10:26
This commit is contained in:
@@ -759,3 +759,79 @@ GET /tickets/111060920
|
||||
### Reference
|
||||
|
||||
- Syncro ticket #32324 (id: 111060920): https://computerguru.syncromsp.com/tickets/111060920
|
||||
|
||||
---
|
||||
|
||||
## Update: 20:08 PT — Lonestar wiki + Apple MDM prep, GuruRMM capability recompile, RMM user_session correction, identity Phase 2 migration
|
||||
|
||||
## User
|
||||
- **User:** Mike Swanson (mike)
|
||||
- **Machine:** GURU-5070
|
||||
- **Role:** admin
|
||||
|
||||
### Session Summary
|
||||
|
||||
Seeded the Lone Star Electrical wiki article (`wiki/clients/lonestar-electrical.md`) via the new `/wiki-compile` skill. Lone Star is an outlier in the fleet: a Google Workspace shop (not M365) with mobile devices managed by ManageEngine MDM (Zoho), not Intune. Then produced an Apple-MDM setup reference (`clients/lonestar-electrical/docs/apple-mdm-setup-reference.md`) for enrolling their field iPhone (Syncro #32251) + existing iPads into the existing ManageEngine tenant — flagging the APNs-certificate prerequisite and the caveat that ManageEngine self-enrollment was deliberately disabled on 2026-03-24 (so Apple enrollment must use targeted invites, not blanket self-enrollment).
|
||||
|
||||
Investigated whether Howard's TECH03 laptop (`ACG-TECH03L`) ever checked in: it has no coord check-in and no GuruRMM agent (60 agents enrolled, none match). Howard works by remoting into HOWARD-HOME, so TECH03's local Claude sits stale and unmanaged — there is no remote channel to force a Claude update on it. During this I incorrectly claimed RMM commands only run as SYSTEM; Mike corrected me and verification proved a `user_session` execution context exists (migration `041_add_command_context`; `CommandContext` enum system|user_session; `agent/src/watchdog/wts.rs` uses WTSQueryUserToken + CreateProcessAsUserW).
|
||||
|
||||
That exposed a wiki gap: the GuruRMM article documented the misleading "runs as LocalSystem" with no mention of `user_session`. Root cause was that wiki-compile sourced capabilities from session logs, never from authoritative artifacts (migrations, API routes, agent modules). Fixed the process: added a project-only "Phase 2P — Authoritative Artifact Discovery" to `/wiki-compile` (reads migrations, routes, agent modules, roadmap-done, commit log; includes a stale-submodule guard that reads `origin/main` when the pinned submodule lags) and a Capabilities / Feature Set section to the project template. Re-ran GuruRMM through it — delegated artifact synthesis to an agent against a throwaway worktree of live `main` (cd27a59) — adding a comprehensive Capabilities section and correcting stale claims (LocalSystem, BUG-001 temperature now resolved, Entra-only SSO, plus previously-absent user-inventory/discovery/VM-detection/safe-rollout surfaces).
|
||||
|
||||
Escalated the stale BUG-001 roadmap text to Howard via coord — then Mike corrected that RMM is his domain, not Howard's (Howard does zero RMM code). Deleted the misrouted message, verified no actual attribution corruption (users.json machine lists don't overlap; GuruRMM repo is 368 commits Mike / 0 Howard), and saved a routing-rule memory. A concurrent GURU-KALI session (also Mike) ran a broader attribution-hardening pass (pulled in via sync) that reached the same conclusion — git history clean, the misattribution was reasoning-time inference from owner-less memory notes.
|
||||
|
||||
Finally, ran the identity.json Phase 2 migration (centralize Ollama/Python/platform config) directed by Mike's Mac session. `migrate-identity.sh` failed on Windows with two bugs, both fixed and pushed: it hardcoded `python3` instead of the detected `$PYTHON_CMD` (exit 127), and passed a Git Bash POSIX path to native Windows Python (FileNotFoundError → fixed with `cygpath -m`).
|
||||
|
||||
### Key Decisions
|
||||
|
||||
- **Capability completeness belongs in wiki-compile (read artifacts), not in /save (stage data).** For code projects, ground truth is code/migrations/routes, not session-log narrative. Pushing capability cataloging onto /save would be redundant and lossy. So the fix was type-aware deep source discovery, not a /save change.
|
||||
- **Changelogs are NOT an authoritative capability source for GuruRMM** — committed changelogs stop at agent v0.6.22 while the fleet runs 0.6.39+. Migrations (current, 46) + commit log are authoritative.
|
||||
- **Lone Star Apple MDM uses the existing ManageEngine tenant, not Apple Business Manager** (Mike's choice) — needs only an APNs cert + targeted enrollment.
|
||||
- **Fixed migrate-identity.sh rather than just reporting it** — the two Windows bugs would break every Windows machine in the fleet rollout; fix is unambiguous and unblocks others. Re-ran the corrected script end-to-end rather than a manual one-off.
|
||||
- **Retracted (deleted) the misrouted BUG-001 coord note** rather than leaving it — RMM bugs are Mike's; a note to Howard is noise he'd never action.
|
||||
|
||||
### Problems Encountered
|
||||
|
||||
- **Wrong claim: RMM runs as SYSTEM only.** Corrected by Mike; verified the `user_session` WTS-impersonation path exists in code. Lesson encoded in the GuruRMM capabilities section.
|
||||
- **wiki-compile missed shipped capabilities** (the `user_session` gap). Root-caused to source coverage; fixed with Phase 2P artifact discovery.
|
||||
- **Misrouted RMM bug to Howard.** RMM is Mike's domain (Howard only submits feature requests). Deleted the message; saved `feedback_rmm_dev_is_mike.md`. The concurrent GURU-KALI attribution-hardening pass superseded it with the broader `feedback_attribution_from_identity.md` (both retained — different concerns).
|
||||
- **migrate-identity.sh failed twice on Windows:** hardcoded `python3` (exit 127) then POSIX-path-to-Windows-Python (FileNotFoundError). Both fixed (`$PYTHON_CMD` + `cygpath -m`) and pushed.
|
||||
- **Push races** with concurrent GURU-KALI/Mac sessions — resolved by sync.sh rebase each time.
|
||||
|
||||
### Configuration Changes
|
||||
|
||||
- CREATED `wiki/clients/lonestar-electrical.md` (+ index entry) — commit 4c6c554
|
||||
- CREATED `clients/lonestar-electrical/docs/apple-mdm-setup-reference.md` — commit 628f866/1c17bbb
|
||||
- MODIFIED `.claude/commands/wiki-compile.md` (Phase 2P), `wiki/_templates/project.md` (Capabilities section), `wiki/projects/gururmm.md` (Capabilities + corrections) — commit d4eb835
|
||||
- CREATED `.claude/memory/feedback_rmm_dev_is_mike.md` (+ MEMORY.md index) — commit 7631b55
|
||||
- MODIFIED `.claude/scripts/migrate-identity.sh` (Windows fixes) — commit 251bb35
|
||||
- MODIFIED (local, gitignored) `.claude/identity.json` — added python/ollama/platform/architecture/last_updated; and `claudetools_root: D:/claudetools` earlier this session
|
||||
- PULLED: GURU-KALI attribution-hardening + identity Phase 2 work (feedback_attribution_from_identity.md, whoami-block.sh, migrate-identity.sh, proposal_identity_centralization.md, sync.sh hardening, memory hygiene)
|
||||
|
||||
### Credentials & Secrets
|
||||
|
||||
- No new secrets. GuruRMM API auth via `infrastructure/gururmm-server.sops.yaml`. Lone Star: Google Workspace admin `sysadmin@lonestarelectrical.net` + ManageEngine MDM `mike@azcomputerguru.com` (Zoho Super Admin) — vault `clients/lonestar-electrical/google-workspace.sops.yaml`.
|
||||
|
||||
### Infrastructure & Servers
|
||||
|
||||
- **Lone Star Electrical:** Syncro 33809612, prepaid 17.25h, Tucson; Google Workspace `lonestarelectrical.net`; ManageEngine MDM (Zoho) at https://mdm.manageengine.com/webclient; 2 Android tablets (Zach, JOSE) QR-enrolled; field iPhone + iPads pending Apple MDM.
|
||||
- **TECH03 (`ACG-TECH03L`):** Howard's laptop — NOT enrolled in GuruRMM, never checked into coord. Howard uses HOWARD-HOME (also not RMM-enrolled).
|
||||
- **GuruRMM:** live `main` cd27a59; fleet agents 0.6.39/0.6.41; 60 agents enrolled. `user_session` command context is Windows-only, needs an active logged-on session.
|
||||
|
||||
### Commands & Outputs
|
||||
|
||||
- Live-repo artifact read without bumping the pinned submodule: `git fetch origin main` then `git worktree add /d/gururmm-live origin/main` (removed after via `git worktree remove --force`).
|
||||
- migrate-identity.sh failure: `line 78: python3: command not found` (exit 127), then `FileNotFoundError: '/d/claudetools/.claude/scripts/../identity.json'`. Fixed: `"$PYTHON_CMD"` + `IDENTITY_PATH_PY=$(cygpath -m "$IDENTITY_PATH")`.
|
||||
|
||||
### Pending / Incomplete Tasks
|
||||
|
||||
- **Lone Star Apple MDM:** gather iPhone/iPad serials + iOS versions, choose the Apple ID for the APNs cert, decide supervised vs unsupervised (Configurator-on-Mac before the iPhone leaves the shop), then enroll via targeted invites.
|
||||
- **Glabman wifi quote** (todo 1bf0cfef, due 2026-05-27) — send updated UniFi equipment quote.
|
||||
- **GND-SERVER Datto alert** — confirm cleared via Workplace Online / no new alert (deletion synced).
|
||||
- **BUG-001 roadmap text** in the GuruRMM repo is Mike's to flip to Resolved (wiki already corrected).
|
||||
- (Carried) quantumwms John Velez consent; 2x Business Premium before 2026-06-03; Autotask skill; Western Tire #32199 billing; Kittle HIGH.
|
||||
|
||||
### Reference
|
||||
|
||||
- Commits: 4c6c554 (lonestar wiki), 628f866/1c17bbb (apple-mdm ref), d4eb835 (wiki-compile Phase 2P + GuruRMM recompile), 7631b55 (rmm_dev memory), 251bb35 (migrate-identity Windows fix). Pulled: identity Phase 2 + GURU-KALI attribution hardening.
|
||||
- Coord: deleted misrouted BUG-001 note (was 92468218); replies eb8a27ba (claudetools_root), 8618a252 (identity Phase 2).
|
||||
- GuruRMM live main: cd27a59. user_session: migration 041_add_command_context, agent/src/watchdog/wts.rs, server/src/api/commands.rs CommandContext.
|
||||
|
||||
Reference in New Issue
Block a user