azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-05-30 07:01:49

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-30 07:01:49
This commit is contained in:
Mike Swanson
2026-05-30 07:02:00 -07:00
parent 4890649bde
commit dfa7af4aee
2 changed files with 269 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/show-prep.md → projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md
View File

@@ -1,9 +1,9 @@
# AZ Computer Guru Radio Show Prep
## Saturday, [SHOW DATE TBD — pending Mike]
## Saturday, May 30, 2026
**Show Date:** TBD (Howard prepping ahead — date depends on Mike)
**Research Date:** May 29, 2026
**Format:** 2 segments + open call-in overflow (Segment 3 reserved — Howard adding more topics)
**Show Date:** Saturday, May 30, 2026
**Research Date:** May 30, 2026
**Format:** 3 segments, all call-in driven (Segment 3 is now filled — topical tech news for May 2026)
> **HOWARD'S NOTE TO SELF / MIKE:** The whole game this show is CALL-INS. Lead with
> Segment 1 (promised vs. got) and Segment 2 (best invention since 1970) because both are
@@ -11,18 +11,27 @@
> are lit, keep them going the entire show. These two are nostalgia + debate bait on
> purpose. Voice-AI scams intentionally left OUT (already did a full segment on it
> 2026-03-14). Passwords/passkeys segment removed per Howard.
>
> **MIKE'S ADD (2026-05-30):** Filled Segment 3 with current tech news (AI glasses, the
> "AI is taking jobs" debate, the subscription squeeze, data centers in SPACE, and a
> security reality check) — all picked to keep the phones lit and tie back to Segments 1 & 2.
> A few optional "fresh 2026 hooks" added inline to Segment 1, clearly marked. **Everything
> in Segment 3 is dated/topical — glance at the headlines the morning of the show; details
> on this stuff move fast.**
---
## COMMON THREAD
**"Remember When? The Tech We Were Promised, the Inventions That Changed Everything, and the One Password Habit Worth Keeping"**
**"Remember When? The Tech We Were Promised, the Inventions That Changed Everything and the Wild Stuff Landing Right Now"**
Tonight is YOUR show. We're not lecturing — we're reminiscing and arguing (the fun kind).
First we run down all the futuristic tech we were PROMISED versus the goofy stuff we
actually got — flying cars became drones dropping off your toothpaste. Then we throw it
open for the great debate: what's the single BEST thing invented since 1970? The smartphone?
The internet? GPS? You're going to disagree with me, and
that's the point — the phones are open. So grab the phone. We want YOUR flying car.
The internet? GPS? You're going to disagree with me, and that's the point. And to close it
out, the tech that's ACTUALLY landing in 2026 — AI glasses, computers headed for orbit, and
the stuff that'll make you say "they did WHAT?" The phones are open all night. We want YOUR
flying car.
---
@@ -51,6 +60,10 @@ The bit IS the structure. Run these fast, banter on each, and bounce to callers
- Talking points: Robot vacuums are genuinely good now (we covered the one with LEGS) —
but "Rosie" is still science fiction. The dream was a butler; the reality is a pet.
- **Phone hook:** "What's the dumbest place your robot vacuum has gotten stuck?"
- **[FRESH 2026 HOOK — optional]** The robots ARE creeping closer to Rosie: there's now a
robot mop topping the charts that *washes its own mop pads in 176-degree hot water* at
its dock. So the maid still won't cook — but she finally cleans up after herself. Tease:
"We're one step closer to Rosie, folks — and we'll get to where she's headed in Segment 3."
**Story 3: The Paperless Office → 200 Unread PDFs and More Printers Than Ever**
- Promised (since the 1970s): computers would END paper
@@ -89,12 +102,15 @@ The bit IS the structure. Run these fast, banter on each, and bounce to callers
- Meal in a pill → we got DoorDash instead (arguably worse for you)
### The Reverse Twist (great mid-segment pivot)
"Here's the flip side — the stuff NOBody promised us that quietly changed everything:
"Here's the flip side — the stuff NOBODY promised us that quietly changed everything:
- The smartphone — nobody in 1985 asked for a supercomputer in their pocket
- GPS — turn-by-turn directions, free, no more gas-station maps or 'pull over and ask'
- Free video calls with the grandkids across the country
Tech OVER-promised on the flashy stuff (flying cars) and OVER-delivered on the boring
stuff that actually changed our lives. THAT'S the real story of technology."
- **[FRESH 2026 HOOK — optional]** And here's the kicker — the one piece of sci-fi they've
been promising forever, the smart glasses, FINALLY showed up this month, and it's a real
product you can buy. Hold that thought — it's our lead story in Segment 3.
### Why This Matters
- Everyone has a "future we were promised" story — this is pure call-in fuel
@@ -173,6 +189,13 @@ and say "I pick THAT one" — or "you're all wrong, here's the real answer."
crowd-pleaser, or the lithium-ion battery for the fun 'you're all forgetting the most
important one' angle.] That's my answer. Now call in and change my mind."
### The Modern Curveball (optional — only if a caller goes there, or to bridge into Segment 3)
"And before you all say it — yes, somebody's going to call in and say 'ARTIFICIAL
INTELLIGENCE.' Hold that thought. AI's barely a few years old in your living room, so is it
even eligible yet? We'll get into where AI is RIGHT NOW in our next segment — including the
glasses, the jobs question, and the stuff that's a little bit scary. But for THIS debate:
something already proven. What's the best thing since 1970?"
### The Rule That Makes People Call (keep repeating this)
"Here's the rule: you only get to pick ONE. Not a top five. Not 'they're all great.' ONE
best invention since 1970. The smartphone OR the internet — choose. So what's it gonna be?
@@ -184,22 +207,110 @@ Call in and make your case."
to call, but "choose the BEST and defend it" gets people fired up and dialing
- Naturally generational: older callers might say the MRI or GPS, younger ones the smartphone
- Flows right out of Segment 1 ("the smartphone was the thing nobody promised us — is it
also the BEST thing we got?")
also the BEST thing we got?") and INTO Segment 3 (the AI curveball)
### Segment Wrap
"Smartphone, the internet, GPS, the MRI machine, the computer chip, even the humble
battery — so many great things invented since 1970, and you've all got a favorite. Keep
the calls coming and keep defending your pick for the best of them all."
the calls coming. Up next, we fast-forward to RIGHT NOW: the tech that's landing this month,
and some of it is going to surprise you."
**Time: 14-16 minutes**
---
## SEGMENT 3: [RESERVED] — Open Call-In Overflow / Howard's Additional Topics (TBD)
- Howard is gathering more topics and details — slot this in OR use it as pure call-in
overflow if Segments 1 & 2 light up the lines (which is the plan)
- Backup conversation starters if calls run dry: "What tech did you swear you'd never use,
and now can't live without?" / "What's a gadget you miss that they don't make anymore?"
## SEGMENT 3: "Tech News RIGHT NOW — AI Glasses, Jobs, and Computers in SPACE" (14-16 min) — CALL-IN DRIVER
> **HOST NOTE:** This segment is the "present day" bookend to Segments 1 & 2 — we spent the
> show on what we were promised and what was best; now here's what's ACTUALLY landing in
> May 2026. Run these like the Segment 1 quick-hits: punch the headline, give your take,
> throw it to the phones. Every story has a hook. **These are current — skim the morning
> headlines before air in case a detail moved (see SOURCES at the bottom).**
### Opening
"All night we've talked about the future we were promised and the best of what we've built.
So let's land the plane in the present. Here's the tech that's ACTUALLY showing up right
now, in 2026 — and some of it is the sci-fi we've been waiting 40 years for, and some of it
is going to make you say 'they did WHAT?' Phones stay open. Here we go."
**Story 1: The Smart Glasses Finally Showed Up — and They've Got AI Watching With You**
- The news: Google teamed up with Warby Parker (yes, the glasses store) on "Intelligent
Eyewear" — real sunglasses or prescription frames, normal-looking, with a camera, speakers,
and Google's Gemini AI built in. You look at something and ask the glasses about it; it
answers in your ear.
- The Guru take: They promised us Google Glass over a decade ago and the whole world laughed
the guy out of the room. Now it's back — but it looks like NORMAL glasses, and it's smart
enough to actually be useful. The sci-fi finally arrived; it just had to wait until it
stopped looking ridiculous.
- The catch (this is the conservative-audience hook): These have a camera and a microphone
AND an AI on your face, seeing what you see, all day. Convenient? Absolutely. A little
unsettling? Also absolutely.
- **Phone hook:** "Would you wear AI glasses that see everything you see and answer in your
ear — or is that a hard no? Call in: cool, or creepy?"
**Story 2: "Is AI Coming for Your Job?" — Even the Experts Can't Agree**
- The news: Big companies — Cisco, Block, others — announced layoffs and openly blamed
"AI efficiencies." Meta reportedly moved thousands of people onto new AI teams. AND at the
same time, the CEO of OpenAI (the ChatGPT company) just walked it back, telling a crowd
the huge white-collar job losses he used to predict... probably won't happen after all.
- The Guru take: So the same crowd that spent two years telling us AI would replace
everybody is now both laying people off AND saying "never mind, it won't be that bad."
Pick a lane, fellas. The truth is in the middle — AI is a tool that's changing jobs, not a
robot showing up to do yours. Yet.
- **Phone hook:** "Has AI changed YOUR job — for better, for worse, or not at all? Or are
you just not buying the hype? The lines are open."
**Story 3: The Subscription Squeeze — Now Even Your AI Has a Monthly Bill**
- The news: Google just CUT the price of its top AI plan from $250 a month down to $100.
- The Guru take: First off — $100 a month for a chatbot is still wild. But the real story is
the cut: when a company slashes the price by 60 percent overnight, that tells you what they
were charging $250 for in the first place. And it's the same playbook everywhere now —
remember when you BOUGHT software and OWNED it? Now your phone, your TV, your car features,
your thermostat, and now your AI are all monthly rent. You don't own anything anymore; you
subscribe to it.
- **Phone hook:** "How many subscriptions are you paying for right now — be honest, add 'em
up. And which one makes you the maddest? Call in with your number."
**Story 4: They Want to Put Data Centers in SPACE (No, Really)**
- The news: Google is reportedly in serious talks with SpaceX about launching DATA CENTERS
into orbit — the giant computer warehouses that run the internet and all this AI — because
Earth is running out of the room and the electricity to power them all.
- The Guru take: Tie it right back to Segment 1 — we were promised flying cars, and instead
we're getting the internet's brain LAUNCHED INTO SPACE because AI is so power-hungry we
can't fit it on the planet anymore. That's the most 2026 sentence I've ever said. The
future isn't a jetpack; it's a server farm in orbit.
- **Phone hook:** "Tech we were promised: flying cars. Tech we're getting: computers in
space. Somebody call in and make that make sense."
**Story 5: The Reality Check (the Computer Guru beat — practical + a little cautionary)**
- The news: Security researchers showed they could strip the safety guardrails off major AI
models — from big names — in a matter of MINUTES, getting them to do things they're built
to refuse. And a big industry survey found 94 percent of organizations now call AI the
number-one driver of cyber risk this year.
- The Guru take: Here's the part the ads don't mention. The same AI that's in your new
glasses, your phone, your search bar — the safety controls on it can be peeled off in
minutes by someone who knows what they're doing. This is exactly why we keep preaching it:
be careful what you tell these things. Treat a chatbot like a stranger on the bus, not your
doctor or your accountant.
- **Phone hook:** "What WON'T you tell a chatbot? Where's YOUR line with this stuff? Call in."
**Story 6 (Quick Gadget Hits — rapid fire, then back to phones):**
- A new $100 Fitbit (the "Fitbit Air") — cheap, week-long battery, for folks who want the
health tracking without the smartwatch price. ("Finally, one that doesn't cost more than
the doctor's visit it's supposed to save you.")
- New entry-level Garmin running watches for the walkers and runners in the audience.
- The robot mop from Segment 1 that washes its OWN pads in 176-degree water — Rosie's getting
closer, one chore at a time.
- **Phone hook:** "What's the one gadget that actually made your life better this year — and
what's the one that's still sitting in a drawer? Call in."
### Segment Wrap
"AI on your face, AI coming for your paycheck — or not — your AI on a monthly bill, and the
whole internet packing its bags for space. That's the future, ladies and gentlemen, and it
showed up while we were arguing about the best thing since 1970. Keep calling — tell me
which of these is the coolest, and which one keeps you up at night."
**Time: 14-16 minutes**
---
@@ -207,27 +318,32 @@ the calls coming and keep defending your pick for the best of them all."
### Summary
"Tonight was YOUR show. We laughed about the flying cars we were promised and the drones
and Roombas we actually got. And we argued about the single best thing invented since
1970 — and you all had a pick."
and Roombas we actually got. We argued about the single best thing invented since 1970 —
and you all had a pick. And we landed in the present with the tech showing up RIGHT now:
AI glasses, the jobs debate, the subscription squeeze, and computers headed for orbit."
### Final Thought
"Here's what I love about technology: it almost never shows up the way they promise. They
sold us flying cars; they gave us a supercomputer in our pocket instead — and honestly,
that's the better deal. The future isn't what we were told. It's weirder, funnier, and in a
lot of ways, better. Keep calling, keep remembering, and keep arguing with me. That's what
this show is for."
sold us flying cars; they gave us a supercomputer in our pocket instead — and now AI
glasses and data centers in space. The future isn't what we were told. It's weirder,
funnier, and in a lot of ways, better — as long as you keep your eyes open and your
guard up. Keep calling, keep remembering, and keep arguing with me. That's what this show
is for."
### Call to Action
- **Segment 1 & 2:** Keep the phones lit — your "promised future" and your "best invention
since 1970" pick
- **Segment 3:** AI glasses — cool or creepy? Has AI touched your job? How many subscriptions
are you drowning in? Call in.
---
## SOURCES / FACT-CHECK ANCHORS
> Most of this show is opinion + memory (call-in driven), so sourcing is light. These are
> the hard FACTS worth getting right on air:
> Segments 1 & 2 are opinion + memory (call-in driven), so sourcing is light. Segment 3 is
> CURRENT NEWS — these are dated to late May 2026; **skim the morning headlines before air**
> in case a number or name moved. The hard facts worth getting right on air:
### Inventions / Dates (verify spellings + years on air)
### Inventions / Dates (Segments 1 & 2 — verify spellings + years on air)
- Intel 4004 microprocessor — released 1971
- ARPANET — first link 1969; World Wide Web — Tim Berners-Lee, proposed 1989, live 1991
- iPhone — announced/released 2007
@@ -242,13 +358,34 @@ this show is for."
- AT&T Picturephone — 1964 World's Fair
- Back to the Future Part II hoverboards — set in 2015
### Current Tech News (Segment 3 — May 2026, VERIFY day-of, details move fast)
- **AI glasses:** Google + Warby Parker "Intelligent Eyewear" running Gemini on Android XR —
sunglasses or prescription, camera/speakers, hands-free Gemini. (Confirm availability/price
on air — was rolling out May 2026.)
- **AI + jobs:** Cisco and Block among companies citing "AI efficiencies" in layoffs; Meta
reassigning ~7,000 staff to AI groups; OpenAI's Sam Altman (Sydney) walked back his earlier
prediction of widespread white-collar job losses.
- **AI subscription price cut:** Google dropped its top AI subscription tier from $250 to
$100/month at I/O 2026.
- **Data centers in orbit:** Google reportedly in advanced talks with SpaceX about launching
AI data centers into space (power/space constraints on Earth).
- **AI safety:** researchers removed safety guardrails from major AI models "in minutes"; a
World Economic Forum-style survey found ~94% of organizations rank AI as the top cyber-risk
driver in 2026.
- **Gadgets:** Fitbit Air ~$99 (launched late May 2026); new entry Garmin Forerunner watches;
top-ranked robot mop with a 176F hot-water pad-wash dock.
---
## NOTES FOR FUTURE SHOWS
**Engagement strategy used here:**
- Built the whole show around call-ins by leading with two nostalgia/debate segments
- Built the whole show around call-ins by leading with two nostalgia/debate segments and
closing with a topical "right now" segment that bookends them
- "Pick ONLY one" forcing function in Segment 2 is the key engagement trick — reuse it
- Phone hooks written into EVERY story, not just at segment ends
- Segment 3 deliberately ties each item back to Segments 1 & 2 (glasses = the promised
sci-fi; data-centers-in-space = the flying-car bait-and-switch; AI = the "is it the best
invention?" curveball)
**Avoided / Excluded:**
- Voice-AI scams — intentionally left out; already a full dedicated segment on 2026-03-14
@@ -256,14 +393,17 @@ this show is for."
angle (the "jury-duty warrant call" variant) but NOT this show.
**Open / Pending:**
- SHOW DATE — TBD pending Mike
- Segment 3 — Howard adding more topics; reserved as call-in overflow for now
- Date SET: Saturday, May 30, 2026.
- Decide host's own "best invention" pick (smartphone crowd-pleaser vs. lithium-ion
contrarian angle).
- Segment 3 is news-dated — if the show slips a week, refresh the Segment 3 items.
---
## INFRASTRUCTURE NOTES
- No infrastructure or credentials used this session
- Draft built from Howard's topic list + existing show-prep format (matched to
2026-04-18 "Tech That Makes Life Fun" layout)
- Knowledge cutoff Aug 2025 — flagged all spots needing fresh 2026 verification inline
- Prepped: May 29, 2026 | Show date: TBD
- Segment 3 + fresh hooks added by Mike (via Claude) on 2026-05-30 from live web research
(see Sources). Segments 1 & 2 are Howard's original work, preserved.
- Prepped: May 29, 2026 (Howard, Segments 1-2) / expanded May 30, 2026 (Mike, Segment 3)
- Show date: Saturday, May 30, 2026

99
session-logs/2026-05-30-session.md Normal file
View File

@@ -0,0 +1,99 @@
# Session Log — 2026-05-30 (work spanning 2026-05-29 evening → 2026-05-30)
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
## Session Summary
The session opened as a GuruRMM feature request ("Mobile device support") and ran through the `/feature-request` flow. After clarifying scope (MDM for phones/tablets **plus** a GuruRMM mobile agent app — treated as one coherent feature), produced `SPEC-017-mobile-device-support.md`. The central technical finding documented: the iOS/Android capability asymmetry — an Android Device Admin app delivers real remote lock/wipe with no server certificate, but a sandboxed iOS App Store app cannot lock/wipe without an MDM enrollment profile (which needs the free Apple MDM Push Certificate). Mike then confirmed ACG now holds **both** Apple certificates (Developer Program + signing, and the MDM Push Certificate), so the spec was updated to mark both iOS phases Apple-cert-unblocked, with the annual MDM-push-cert renewal trap flagged.
The bulk of the session was a full GuruConnect (GC) modernization effort. Mike asked whether a `gc-audit` equivalent to `/rmm-audit` existed; it did not, so a `gc-audit` skill was authored, adapted to GC's actual architecture (protobuf wire format, runtime sqlx, Gitea Actions CI, static-HTML+component-library dashboard) rather than copying RMM assumptions. The skill was then run as a dry run: seven parallel/ sequential audit passes on Opus surfaced **three CRITICAL relay-plane auth failures** (any-JWT-joins-any-session, viewer-WS blacklist bypass, JWT-accepted-as-agent-key) plus the dashboard's wire-incompatible "protobuf" decoder, a stubbed deploy step leaving production 57 commits stale, and several HIGH/MEDIUM items. The audit report was committed and the skill was refined (use `.claude/standards/` as the compliance baseline; reconcile all `docs/specs/SPEC-*.md` + `specs/*/plan.md` `[DONE]` markers; tag already-planned findings `[TRACKED]` during a rebuild).
Mike then directed a ground-up re-spec. Produced `SPEC-002-v2-modernization-architecture.md` from four locked decisions: greenfield-but-salvage-proven-Rust-cores; native-first with full key fidelity (Win+R / Ctrl+Alt+Del / clipboard) and WebRTC only as a fallback; standalone-first with a versioned `/api/integration/v1/` RMM contract; hardened single-tenant now with a tenancy-ready schema. File transfer (clipboard cut/paste + drag-and-drop, bidirectional) was elevated to a headline differentiator after Mike named it as a favorite ScreenConnect feature. `/shape-spec` then produced `specs/v2-secure-session-core/` (Phase 1).
The Phase-1 keystone was implemented end to end across four tasks, each via a Coding Agent (Opus) → mandatory Code Review (Opus) → Gitea Agent commit loop: Task 1 (v2 schema + per-agent `cak_` keys + tenancy-ready columns), Task 2 (auth rebuild deleting the JWT-as-agent-key branch, session-scoped viewer tokens, per-agent key issuance, folding in a pre-existing machine-metadata bug fix), Task 3 (secure relay WS — viewer-token verification with blacklist + session-claim match, agent identity binding, frame caps, input throttle), and Task 4 (in-memory rate limiting + single-use widened support codes). A review-driven authorization-strength fix split viewer tokens into VIEW_ONLY vs CONTROL gated on permission, fully closing CRITICAL #1. Because the dev machine has no Rust toolchain, all code was verified on the build host (172.16.3.30) and confirmed compiling + passing tests (32/32), and the Gitea Actions CI was confirmed green. Every audit CRITICAL and HIGH in the auth/session core is now remediated in code.
The session closed with a `/sync` (pulled four of Howard's auto-sync commits) and a radio-show task: set the "promised vs got / best invention" episode to today's date (Saturday 2026-05-30), preserved Howard's Segments 1-2, and expanded the reserved Segment 3 into a topical May-2026 tech-news segment (AI glasses, AI-and-jobs, subscription squeeze, orbital data centers, AI security reality check, gadget hits) using live web research, since the assistant's training only runs to ~Jan 2026.
## Key Decisions
- **SPEC-017 scope:** treat "mobile device support" as MDM + a GuruRMM mobile agent app together; document the iOS/Android lock-wipe asymmetry rather than over-promising iOS parity.
- **gc-audit adapted, not copied:** GC uses runtime sqlx (not RMM's macros — and CLAUDE.md's "compile-time checked queries" line is stale), protobuf wire format, Gitea Actions CI, and a static-HTML+component-library dashboard. The skill's passes were rewritten accordingly; Pass B's initial "macros are the GC norm" rule was later corrected to flag new `query!` macros as a `[LOW]` deviation.
- **GC v2 direction (4 locked decisions):** greenfield-salvage-cores; native-first full key fidelity (WebRTC fallback only); standalone-first + versioned RMM contract; hardened single-tenant with a tenancy-ready (nullable `tenant_id`) schema so Phase 4 flips on isolation with no migration rewrite.
- **File transfer elevated:** clipboard cut/paste + drag-and-drop (both directions) made a core differentiator with a delayed-render clipboard design, not a deferred panel.
- **v2 sqlx + repo:** confirmed runtime `sqlx::query()` for v2 (GC already uses it); clean architectural reset in-place in the existing `guru-connect` repo (not a new repo).
- **Auth-strength (CRITICAL #1):** viewer-token minting gated on permission, and — after review found `view` is held by every default role — split into VIEW_ONLY (gated on `view`, relay refuses input) vs CONTROL (gated on `control`/admin) tokens. This is what actually closed CRITICAL #1.
- **Codec/transport/cutover:** H.264 default (HEVC opt-in); Phase-2 web viewer on protobuf-over-WSS first (WebRTC later); widened higher-entropy support codes; clean wholesale v1→v2 cutover (no client data to migrate).
- **Verification path:** with no local Rust toolchain, all Rust was verified by building + testing on the build host (172.16.3.30) and by confirming Gitea Actions CI, rather than trusting self-review.
- **Radio Segment 3:** built as a "present-day" bookend tying each item back to Segments 1-2; pulled live (web search) because training is stale for a same-day show.
## Problems Encountered
- **Gitea push failed mid-session** (internal :3000 refused, public 502) — a transient blip; later confirmed reachable and the pending commit had already been swept upstream by auto-sync. No loss.
- **Explore agent reported two GC docs at the repo root** (`FEATURE_ROADMAP.md`, `ARCHITECTURE_DECISIONS.md`) that actually live under `docs/`; caught and corrected the gc-audit skill's paths before finalizing.
- **CI red on Tasks 2/3/authz** — but only at the `cargo fmt --all --check` gate, which short-circuits before clippy/build/test, so the code had never actually compiled in CI. Verified on the build host that it compiled + passed; applied the fmt patch + two clippy one-liners (`8a01935`) → CI green.
- **Task 4 clippy red** — `empty_line_after_doc_comments` (rate_limit.rs) and two dead-code event constants (events.rs); fixed (`2118942`, build-host-verified) → CI green.
- **Audit authz finding:** Task 2/3's first authz gate used `has_permission("view")`, which is held by every default role, so it didn't actually narrow access; reviewer caught it, leading to the VIEW_ONLY/CONTROL split.
- **Coord todo POSTs failed twice on an em-dash** ("error parsing the body"); resolved by using ASCII-only text. (Same lesson recurred and was applied.)
- **No Rust toolchain on GURU-5070** — every Coding Agent could author but not compile; mitigated by build-host verification (172.16.3.30) for each task.
## Configuration Changes
**`azcomputerguru/guru-connect` (separate repo):**
- New: `docs/specs/SPEC-002-v2-modernization-architecture.md`, `reports/2026-05-29-gc-audit.md`, `specs/v2-secure-session-core/{plan,shape,references,standards}.md`.
- New (server): `migrations/004_v2_secure_session_core.sql`, `005_machine_metadata.sql`, `006_widen_support_code.sql`; `src/db/{agent_keys.rs,tenancy.rs}`; `src/auth/agent_keys.rs`; `src/api/machine_keys.rs`.
- Rebuilt/modified (server): `src/middleware/rate_limit.rs` (+mod.rs), `src/relay/mod.rs`, `src/api/sessions.rs`, `src/auth/{jwt.rs,mod.rs}`, `src/db/{machines,sessions,support_codes,events,users,mod}.rs`, `src/support_codes.rs`, `src/main.rs`, `Cargo.toml` (removed `tower_governor`).
- Episode/radio: n/a (different repo).
**`azcomputerguru/gururmm` (submodule):**
- New: `docs/specs/SPEC-017-mobile-device-support.md`; `docs/FEATURE_ROADMAP.md` updated (MDM checklist + Asset Location Tracking cross-link to SPEC-017).
**`azcomputerguru/claudetools` (this repo):**
- New: `.claude/skills/gc-audit/SKILL.md` (then refined twice).
- New memory: `.claude/memory/project_apple_mdm_certs.md`, `.claude/memory/project_guruconnect_v2_direction.md`; `MEMORY.md` index updated.
- Radio: created `projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md` (expanded, 25KB); `git rm` of `projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/`.
- This session log.
## Credentials & Secrets
- No new secrets created.
- Gitea API token used for CI status checks: SOPS vault `services/gitea.sops.yaml`, field `credentials.api.api-token`.
- ACG holds both Apple certs as of 2026-05-29 (Developer Program + signing; MDM Push Certificate). **Still to capture:** the exact owning Apple ID and expiry for the MDM Push Certificate (renews annually on the same Apple ID or all enrolled iOS devices break) — see `.claude/memory/project_apple_mdm_certs.md`.
## Infrastructure & Servers
- **Coordination API:** `http://172.16.3.30:8001/api/coord` (locks, todos) — no auth.
- **Gitea (internal):** `http://172.16.3.20:3000` (azcomputerguru org). Public: `git.azcomputerguru.com` (NPM/Cloudflare; prefer internal).
- **GC build/deploy host:** `172.16.3.30` (Linux, Rust toolchain present; GC server runs on `:3002` behind NPM at `connect.azcomputerguru.com`; GC clone at `/home/guru/guru-connect`). Production GC binary was stale (git `1bfd476`, ~2026-01-18) vs submodule HEAD — deploy step is a stub.
- **Gitea Actions runners (online):** `guruconnect-builder` (ubuntu-latest), `pluto-guruconnect` (windows-msvc, on Pluto 172.16.3.36).
- GC DB: PostgreSQL on the GC host; v2 migrations 004-006 added (not yet applied to production).
## Commands & Outputs
- `cargo fmt --all` / `cargo clippy --all-targets --all-features -- -D warnings` / `cargo build --release --target x86_64-unknown-linux-gnu` / `cargo test --release` — run on `172.16.3.30` to verify GC v2 (no local toolchain). Note: must set `CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu` on Linux because the repo `.cargo/config.toml` defaults to `x86_64-pc-windows-msvc`.
- GC v2 keystone test result on build host: `32 passed; 0 failed`.
- CI: build-and-test run on `2118942` — build-server, build-agent, security-audit all success.
- Coord todo POST: requires ASCII-only body (`text`, `created_by_user`, `created_by_machine` required); em-dashes cause "error parsing the body".
- `git rm -r projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/` — old radio folder removed after writing the dated one.
## Pending / Incomplete Tasks
- **GC v2 Phase 1 remainder:** Task 5 (attended-mode consent — proto `ConsentRequest`/`ConsentResponse`), Task 6 (native viewer full key fidelity — WH_KEYBOARD_LL hook, scan-code injection, SAS for Ctrl+Alt+Del, clipboard sync), Task 7 (HW H.264 + raw/Zstd fallback). Then Phase 2 (file transfer + dashboard + web viewer), Phase 3 (`/api/integration/v1/` RMM contract), Phase 4 (multi-tenancy switch-on). Source of truth: `specs/v2-secure-session-core/plan.md` + `docs/specs/SPEC-002-*.md`.
- **Open coord todos (guruconnect):** `9a462965` (revoke viewer tokens on logout), `3c1f372a` (trusted-proxy client-IP keying — NPM-on-loopback collapses clients to 127.0.0.1), `542137df` (multi-instance fail-closed DB single-use gate). Plus two `TODO(audit-events)` comments in `db/events.rs`.
- **GC v2 deploy:** wire the real `deploy.yml` SSH step (currently a stub) and chain `cargo audit` into release/deploy; v1→v2 cutover after the product-capability tasks.
- **SPEC-017 mobile:** capture the Apple MDM Push Certificate's owning Apple ID + expiry; provision Google Play/FCM.
- **Radio:** Mike's "best invention" pick (Segment 2); refresh Segment 3 items if the show slips past 2026-05-30.
## Reference Information
- **Specs:** `guru-connect/docs/specs/SPEC-002-v2-modernization-architecture.md`, `guru-connect/specs/v2-secure-session-core/`, `guru-connect/specs/native-remote-control/`; `gururmm/docs/specs/SPEC-017-mobile-device-support.md`.
- **Audit report:** `guru-connect/reports/2026-05-29-gc-audit.md`.
- **gc-audit skill:** `.claude/skills/gc-audit/SKILL.md`.
- **Memory:** `.claude/memory/project_apple_mdm_certs.md`, `.claude/memory/project_guruconnect_v2_direction.md`.
- **Commit SHAs — guru-connect:** `486debf` (audit report), `5c60a10` (SPEC-002), `81e4b99` (shape spec), `fef8111` (T1), `41691bf` (T2), `0f25878` (T3), `a453e79` (authz split), `8a01935` (fmt/clippy), `bfcdbb5` (T4), `2118942` (clippy fix).
- **Commit SHAs — gururmm:** `417856e` (SPEC-017).
- **Commit SHAs — claudetools:** `e8ac759`, `df6a2dd`, `e5ccb6a`, `c670471`, `c70cd70` (gc-audit skill).
- **Coord todos (guruconnect):** done — `faf39fe0`, `c8916c89`; open — `9a462965`, `3c1f372a`, `542137df`.
- **Radio episode:** `projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md`.