From dfa7af4aee14ead3bbedfc3041dd5ded3985567e Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Sat, 30 May 2026 07:02:00 -0700 Subject: [PATCH] sync: auto-sync from GURU-5070 at 2026-05-30 07:01:49 Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-05-30 07:01:49 --- .../show-prep.md | 200 +++++++++++++++--- session-logs/2026-05-30-session.md | 99 +++++++++ 2 files changed, 269 insertions(+), 30 deletions(-) rename projects/radio-show/episodes/{tbd-promised-vs-got-and-inventions => 2026-05-30-promised-vs-got-and-inventions}/show-prep.md (51%) create mode 100644 session-logs/2026-05-30-session.md diff --git a/projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/show-prep.md b/projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md similarity index 51% rename from projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/show-prep.md rename to projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md index 61232c1..4ca2c19 100644 --- a/projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/show-prep.md +++ b/projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md @@ -1,9 +1,9 @@ # AZ Computer Guru Radio Show Prep -## Saturday, [SHOW DATE TBD — pending Mike] +## Saturday, May 30, 2026 -**Show Date:** TBD (Howard prepping ahead — date depends on Mike) -**Research Date:** May 29, 2026 -**Format:** 2 segments + open call-in overflow (Segment 3 reserved — Howard adding more topics) +**Show Date:** Saturday, May 30, 2026 +**Research Date:** May 30, 2026 +**Format:** 3 segments, all call-in driven (Segment 3 is now filled — topical tech news for May 2026) > **HOWARD'S NOTE TO SELF / MIKE:** The whole game this show is CALL-INS. Lead with > Segment 1 (promised vs. got) and Segment 2 (best invention since 1970) because both are @@ -11,18 +11,27 @@ > are lit, keep them going the entire show. These two are nostalgia + debate bait on > purpose. Voice-AI scams intentionally left OUT (already did a full segment on it > 2026-03-14). Passwords/passkeys segment removed per Howard. +> +> **MIKE'S ADD (2026-05-30):** Filled Segment 3 with current tech news (AI glasses, the +> "AI is taking jobs" debate, the subscription squeeze, data centers in SPACE, and a +> security reality check) — all picked to keep the phones lit and tie back to Segments 1 & 2. +> A few optional "fresh 2026 hooks" added inline to Segment 1, clearly marked. **Everything +> in Segment 3 is dated/topical — glance at the headlines the morning of the show; details +> on this stuff move fast.** --- ## COMMON THREAD -**"Remember When? The Tech We Were Promised, the Inventions That Changed Everything, and the One Password Habit Worth Keeping"** +**"Remember When? The Tech We Were Promised, the Inventions That Changed Everything — and the Wild Stuff Landing Right Now"** Tonight is YOUR show. We're not lecturing — we're reminiscing and arguing (the fun kind). First we run down all the futuristic tech we were PROMISED versus the goofy stuff we actually got — flying cars became drones dropping off your toothpaste. Then we throw it open for the great debate: what's the single BEST thing invented since 1970? The smartphone? -The internet? GPS? You're going to disagree with me, and -that's the point — the phones are open. So grab the phone. We want YOUR flying car. +The internet? GPS? You're going to disagree with me, and that's the point. And to close it +out, the tech that's ACTUALLY landing in 2026 — AI glasses, computers headed for orbit, and +the stuff that'll make you say "they did WHAT?" The phones are open all night. We want YOUR +flying car. --- @@ -51,6 +60,10 @@ The bit IS the structure. Run these fast, banter on each, and bounce to callers - Talking points: Robot vacuums are genuinely good now (we covered the one with LEGS) — but "Rosie" is still science fiction. The dream was a butler; the reality is a pet. - **Phone hook:** "What's the dumbest place your robot vacuum has gotten stuck?" +- **[FRESH 2026 HOOK — optional]** The robots ARE creeping closer to Rosie: there's now a + robot mop topping the charts that *washes its own mop pads in 176-degree hot water* at + its dock. So the maid still won't cook — but she finally cleans up after herself. Tease: + "We're one step closer to Rosie, folks — and we'll get to where she's headed in Segment 3." **Story 3: The Paperless Office → 200 Unread PDFs and More Printers Than Ever** - Promised (since the 1970s): computers would END paper @@ -89,12 +102,15 @@ The bit IS the structure. Run these fast, banter on each, and bounce to callers - Meal in a pill → we got DoorDash instead (arguably worse for you) ### The Reverse Twist (great mid-segment pivot) -"Here's the flip side — the stuff NOBody promised us that quietly changed everything: +"Here's the flip side — the stuff NOBODY promised us that quietly changed everything: - The smartphone — nobody in 1985 asked for a supercomputer in their pocket - GPS — turn-by-turn directions, free, no more gas-station maps or 'pull over and ask' - Free video calls with the grandkids across the country Tech OVER-promised on the flashy stuff (flying cars) and OVER-delivered on the boring stuff that actually changed our lives. THAT'S the real story of technology." +- **[FRESH 2026 HOOK — optional]** And here's the kicker — the one piece of sci-fi they've + been promising forever, the smart glasses, FINALLY showed up this month, and it's a real + product you can buy. Hold that thought — it's our lead story in Segment 3. ### Why This Matters - Everyone has a "future we were promised" story — this is pure call-in fuel @@ -173,6 +189,13 @@ and say "I pick THAT one" — or "you're all wrong, here's the real answer." crowd-pleaser, or the lithium-ion battery for the fun 'you're all forgetting the most important one' angle.] That's my answer. Now call in and change my mind." +### The Modern Curveball (optional — only if a caller goes there, or to bridge into Segment 3) +"And before you all say it — yes, somebody's going to call in and say 'ARTIFICIAL +INTELLIGENCE.' Hold that thought. AI's barely a few years old in your living room, so is it +even eligible yet? We'll get into where AI is RIGHT NOW in our next segment — including the +glasses, the jobs question, and the stuff that's a little bit scary. But for THIS debate: +something already proven. What's the best thing since 1970?" + ### The Rule That Makes People Call (keep repeating this) "Here's the rule: you only get to pick ONE. Not a top five. Not 'they're all great.' ONE best invention since 1970. The smartphone OR the internet — choose. So what's it gonna be? @@ -184,22 +207,110 @@ Call in and make your case." to call, but "choose the BEST and defend it" gets people fired up and dialing - Naturally generational: older callers might say the MRI or GPS, younger ones the smartphone - Flows right out of Segment 1 ("the smartphone was the thing nobody promised us — is it - also the BEST thing we got?") + also the BEST thing we got?") and INTO Segment 3 (the AI curveball) ### Segment Wrap "Smartphone, the internet, GPS, the MRI machine, the computer chip, even the humble battery — so many great things invented since 1970, and you've all got a favorite. Keep -the calls coming and keep defending your pick for the best of them all." +the calls coming. Up next, we fast-forward to RIGHT NOW: the tech that's landing this month, +and some of it is going to surprise you." **Time: 14-16 minutes** --- -## SEGMENT 3: [RESERVED] — Open Call-In Overflow / Howard's Additional Topics (TBD) -- Howard is gathering more topics and details — slot this in OR use it as pure call-in - overflow if Segments 1 & 2 light up the lines (which is the plan) -- Backup conversation starters if calls run dry: "What tech did you swear you'd never use, - and now can't live without?" / "What's a gadget you miss that they don't make anymore?" +## SEGMENT 3: "Tech News RIGHT NOW — AI Glasses, Jobs, and Computers in SPACE" (14-16 min) — CALL-IN DRIVER + +> **HOST NOTE:** This segment is the "present day" bookend to Segments 1 & 2 — we spent the +> show on what we were promised and what was best; now here's what's ACTUALLY landing in +> May 2026. Run these like the Segment 1 quick-hits: punch the headline, give your take, +> throw it to the phones. Every story has a hook. **These are current — skim the morning +> headlines before air in case a detail moved (see SOURCES at the bottom).** + +### Opening +"All night we've talked about the future we were promised and the best of what we've built. +So let's land the plane in the present. Here's the tech that's ACTUALLY showing up right +now, in 2026 — and some of it is the sci-fi we've been waiting 40 years for, and some of it +is going to make you say 'they did WHAT?' Phones stay open. Here we go." + +**Story 1: The Smart Glasses Finally Showed Up — and They've Got AI Watching With You** +- The news: Google teamed up with Warby Parker (yes, the glasses store) on "Intelligent + Eyewear" — real sunglasses or prescription frames, normal-looking, with a camera, speakers, + and Google's Gemini AI built in. You look at something and ask the glasses about it; it + answers in your ear. +- The Guru take: They promised us Google Glass over a decade ago and the whole world laughed + the guy out of the room. Now it's back — but it looks like NORMAL glasses, and it's smart + enough to actually be useful. The sci-fi finally arrived; it just had to wait until it + stopped looking ridiculous. +- The catch (this is the conservative-audience hook): These have a camera and a microphone + AND an AI on your face, seeing what you see, all day. Convenient? Absolutely. A little + unsettling? Also absolutely. +- **Phone hook:** "Would you wear AI glasses that see everything you see and answer in your + ear — or is that a hard no? Call in: cool, or creepy?" + +**Story 2: "Is AI Coming for Your Job?" — Even the Experts Can't Agree** +- The news: Big companies — Cisco, Block, others — announced layoffs and openly blamed + "AI efficiencies." Meta reportedly moved thousands of people onto new AI teams. AND at the + same time, the CEO of OpenAI (the ChatGPT company) just walked it back, telling a crowd + the huge white-collar job losses he used to predict... probably won't happen after all. +- The Guru take: So the same crowd that spent two years telling us AI would replace + everybody is now both laying people off AND saying "never mind, it won't be that bad." + Pick a lane, fellas. The truth is in the middle — AI is a tool that's changing jobs, not a + robot showing up to do yours. Yet. +- **Phone hook:** "Has AI changed YOUR job — for better, for worse, or not at all? Or are + you just not buying the hype? The lines are open." + +**Story 3: The Subscription Squeeze — Now Even Your AI Has a Monthly Bill** +- The news: Google just CUT the price of its top AI plan from $250 a month down to $100. +- The Guru take: First off — $100 a month for a chatbot is still wild. But the real story is + the cut: when a company slashes the price by 60 percent overnight, that tells you what they + were charging $250 for in the first place. And it's the same playbook everywhere now — + remember when you BOUGHT software and OWNED it? Now your phone, your TV, your car features, + your thermostat, and now your AI are all monthly rent. You don't own anything anymore; you + subscribe to it. +- **Phone hook:** "How many subscriptions are you paying for right now — be honest, add 'em + up. And which one makes you the maddest? Call in with your number." + +**Story 4: They Want to Put Data Centers in SPACE (No, Really)** +- The news: Google is reportedly in serious talks with SpaceX about launching DATA CENTERS + into orbit — the giant computer warehouses that run the internet and all this AI — because + Earth is running out of the room and the electricity to power them all. +- The Guru take: Tie it right back to Segment 1 — we were promised flying cars, and instead + we're getting the internet's brain LAUNCHED INTO SPACE because AI is so power-hungry we + can't fit it on the planet anymore. That's the most 2026 sentence I've ever said. The + future isn't a jetpack; it's a server farm in orbit. +- **Phone hook:** "Tech we were promised: flying cars. Tech we're getting: computers in + space. Somebody call in and make that make sense." + +**Story 5: The Reality Check (the Computer Guru beat — practical + a little cautionary)** +- The news: Security researchers showed they could strip the safety guardrails off major AI + models — from big names — in a matter of MINUTES, getting them to do things they're built + to refuse. And a big industry survey found 94 percent of organizations now call AI the + number-one driver of cyber risk this year. +- The Guru take: Here's the part the ads don't mention. The same AI that's in your new + glasses, your phone, your search bar — the safety controls on it can be peeled off in + minutes by someone who knows what they're doing. This is exactly why we keep preaching it: + be careful what you tell these things. Treat a chatbot like a stranger on the bus, not your + doctor or your accountant. +- **Phone hook:** "What WON'T you tell a chatbot? Where's YOUR line with this stuff? Call in." + +**Story 6 (Quick Gadget Hits — rapid fire, then back to phones):** +- A new $100 Fitbit (the "Fitbit Air") — cheap, week-long battery, for folks who want the + health tracking without the smartwatch price. ("Finally, one that doesn't cost more than + the doctor's visit it's supposed to save you.") +- New entry-level Garmin running watches for the walkers and runners in the audience. +- The robot mop from Segment 1 that washes its OWN pads in 176-degree water — Rosie's getting + closer, one chore at a time. +- **Phone hook:** "What's the one gadget that actually made your life better this year — and + what's the one that's still sitting in a drawer? Call in." + +### Segment Wrap +"AI on your face, AI coming for your paycheck — or not — your AI on a monthly bill, and the +whole internet packing its bags for space. That's the future, ladies and gentlemen, and it +showed up while we were arguing about the best thing since 1970. Keep calling — tell me +which of these is the coolest, and which one keeps you up at night." + +**Time: 14-16 minutes** --- @@ -207,27 +318,32 @@ the calls coming and keep defending your pick for the best of them all." ### Summary "Tonight was YOUR show. We laughed about the flying cars we were promised and the drones -and Roombas we actually got. And we argued about the single best thing invented since -1970 — and you all had a pick." +and Roombas we actually got. We argued about the single best thing invented since 1970 — +and you all had a pick. And we landed in the present with the tech showing up RIGHT now: +AI glasses, the jobs debate, the subscription squeeze, and computers headed for orbit." ### Final Thought "Here's what I love about technology: it almost never shows up the way they promise. They -sold us flying cars; they gave us a supercomputer in our pocket instead — and honestly, -that's the better deal. The future isn't what we were told. It's weirder, funnier, and in a -lot of ways, better. Keep calling, keep remembering, and keep arguing with me. That's what -this show is for." +sold us flying cars; they gave us a supercomputer in our pocket instead — and now AI +glasses and data centers in space. The future isn't what we were told. It's weirder, +funnier, and in a lot of ways, better — as long as you keep your eyes open and your +guard up. Keep calling, keep remembering, and keep arguing with me. That's what this show +is for." ### Call to Action - **Segment 1 & 2:** Keep the phones lit — your "promised future" and your "best invention since 1970" pick +- **Segment 3:** AI glasses — cool or creepy? Has AI touched your job? How many subscriptions + are you drowning in? Call in. --- ## SOURCES / FACT-CHECK ANCHORS -> Most of this show is opinion + memory (call-in driven), so sourcing is light. These are -> the hard FACTS worth getting right on air: +> Segments 1 & 2 are opinion + memory (call-in driven), so sourcing is light. Segment 3 is +> CURRENT NEWS — these are dated to late May 2026; **skim the morning headlines before air** +> in case a number or name moved. The hard facts worth getting right on air: -### Inventions / Dates (verify spellings + years on air) +### Inventions / Dates (Segments 1 & 2 — verify spellings + years on air) - Intel 4004 microprocessor — released 1971 - ARPANET — first link 1969; World Wide Web — Tim Berners-Lee, proposed 1989, live 1991 - iPhone — announced/released 2007 @@ -242,13 +358,34 @@ this show is for." - AT&T Picturephone — 1964 World's Fair - Back to the Future Part II hoverboards — set in 2015 +### Current Tech News (Segment 3 — May 2026, VERIFY day-of, details move fast) +- **AI glasses:** Google + Warby Parker "Intelligent Eyewear" running Gemini on Android XR — + sunglasses or prescription, camera/speakers, hands-free Gemini. (Confirm availability/price + on air — was rolling out May 2026.) +- **AI + jobs:** Cisco and Block among companies citing "AI efficiencies" in layoffs; Meta + reassigning ~7,000 staff to AI groups; OpenAI's Sam Altman (Sydney) walked back his earlier + prediction of widespread white-collar job losses. +- **AI subscription price cut:** Google dropped its top AI subscription tier from $250 to + $100/month at I/O 2026. +- **Data centers in orbit:** Google reportedly in advanced talks with SpaceX about launching + AI data centers into space (power/space constraints on Earth). +- **AI safety:** researchers removed safety guardrails from major AI models "in minutes"; a + World Economic Forum-style survey found ~94% of organizations rank AI as the top cyber-risk + driver in 2026. +- **Gadgets:** Fitbit Air ~$99 (launched late May 2026); new entry Garmin Forerunner watches; + top-ranked robot mop with a 176F hot-water pad-wash dock. + --- ## NOTES FOR FUTURE SHOWS **Engagement strategy used here:** -- Built the whole show around call-ins by leading with two nostalgia/debate segments +- Built the whole show around call-ins by leading with two nostalgia/debate segments and + closing with a topical "right now" segment that bookends them - "Pick ONLY one" forcing function in Segment 2 is the key engagement trick — reuse it - Phone hooks written into EVERY story, not just at segment ends +- Segment 3 deliberately ties each item back to Segments 1 & 2 (glasses = the promised + sci-fi; data-centers-in-space = the flying-car bait-and-switch; AI = the "is it the best + invention?" curveball) **Avoided / Excluded:** - Voice-AI scams — intentionally left out; already a full dedicated segment on 2026-03-14 @@ -256,14 +393,17 @@ this show is for." angle (the "jury-duty warrant call" variant) but NOT this show. **Open / Pending:** -- SHOW DATE — TBD pending Mike -- Segment 3 — Howard adding more topics; reserved as call-in overflow for now +- Date SET: Saturday, May 30, 2026. +- Decide host's own "best invention" pick (smartphone crowd-pleaser vs. lithium-ion + contrarian angle). +- Segment 3 is news-dated — if the show slips a week, refresh the Segment 3 items. --- ## INFRASTRUCTURE NOTES -- No infrastructure or credentials used this session - Draft built from Howard's topic list + existing show-prep format (matched to 2026-04-18 "Tech That Makes Life Fun" layout) -- Knowledge cutoff Aug 2025 — flagged all spots needing fresh 2026 verification inline -- Prepped: May 29, 2026 | Show date: TBD +- Segment 3 + fresh hooks added by Mike (via Claude) on 2026-05-30 from live web research + (see Sources). Segments 1 & 2 are Howard's original work, preserved. +- Prepped: May 29, 2026 (Howard, Segments 1-2) / expanded May 30, 2026 (Mike, Segment 3) +- Show date: Saturday, May 30, 2026 diff --git a/session-logs/2026-05-30-session.md b/session-logs/2026-05-30-session.md new file mode 100644 index 0000000..6866276 --- /dev/null +++ b/session-logs/2026-05-30-session.md @@ -0,0 +1,99 @@ +# Session Log — 2026-05-30 (work spanning 2026-05-29 evening → 2026-05-30) + +## User +- **User:** Mike Swanson (mike) +- **Machine:** GURU-5070 +- **Role:** admin + +## Session Summary + +The session opened as a GuruRMM feature request ("Mobile device support") and ran through the `/feature-request` flow. After clarifying scope (MDM for phones/tablets **plus** a GuruRMM mobile agent app — treated as one coherent feature), produced `SPEC-017-mobile-device-support.md`. The central technical finding documented: the iOS/Android capability asymmetry — an Android Device Admin app delivers real remote lock/wipe with no server certificate, but a sandboxed iOS App Store app cannot lock/wipe without an MDM enrollment profile (which needs the free Apple MDM Push Certificate). Mike then confirmed ACG now holds **both** Apple certificates (Developer Program + signing, and the MDM Push Certificate), so the spec was updated to mark both iOS phases Apple-cert-unblocked, with the annual MDM-push-cert renewal trap flagged. + +The bulk of the session was a full GuruConnect (GC) modernization effort. Mike asked whether a `gc-audit` equivalent to `/rmm-audit` existed; it did not, so a `gc-audit` skill was authored, adapted to GC's actual architecture (protobuf wire format, runtime sqlx, Gitea Actions CI, static-HTML+component-library dashboard) rather than copying RMM assumptions. The skill was then run as a dry run: seven parallel/ sequential audit passes on Opus surfaced **three CRITICAL relay-plane auth failures** (any-JWT-joins-any-session, viewer-WS blacklist bypass, JWT-accepted-as-agent-key) plus the dashboard's wire-incompatible "protobuf" decoder, a stubbed deploy step leaving production 57 commits stale, and several HIGH/MEDIUM items. The audit report was committed and the skill was refined (use `.claude/standards/` as the compliance baseline; reconcile all `docs/specs/SPEC-*.md` + `specs/*/plan.md` `[DONE]` markers; tag already-planned findings `[TRACKED]` during a rebuild). + +Mike then directed a ground-up re-spec. Produced `SPEC-002-v2-modernization-architecture.md` from four locked decisions: greenfield-but-salvage-proven-Rust-cores; native-first with full key fidelity (Win+R / Ctrl+Alt+Del / clipboard) and WebRTC only as a fallback; standalone-first with a versioned `/api/integration/v1/` RMM contract; hardened single-tenant now with a tenancy-ready schema. File transfer (clipboard cut/paste + drag-and-drop, bidirectional) was elevated to a headline differentiator after Mike named it as a favorite ScreenConnect feature. `/shape-spec` then produced `specs/v2-secure-session-core/` (Phase 1). + +The Phase-1 keystone was implemented end to end across four tasks, each via a Coding Agent (Opus) → mandatory Code Review (Opus) → Gitea Agent commit loop: Task 1 (v2 schema + per-agent `cak_` keys + tenancy-ready columns), Task 2 (auth rebuild deleting the JWT-as-agent-key branch, session-scoped viewer tokens, per-agent key issuance, folding in a pre-existing machine-metadata bug fix), Task 3 (secure relay WS — viewer-token verification with blacklist + session-claim match, agent identity binding, frame caps, input throttle), and Task 4 (in-memory rate limiting + single-use widened support codes). A review-driven authorization-strength fix split viewer tokens into VIEW_ONLY vs CONTROL gated on permission, fully closing CRITICAL #1. Because the dev machine has no Rust toolchain, all code was verified on the build host (172.16.3.30) and confirmed compiling + passing tests (32/32), and the Gitea Actions CI was confirmed green. Every audit CRITICAL and HIGH in the auth/session core is now remediated in code. + +The session closed with a `/sync` (pulled four of Howard's auto-sync commits) and a radio-show task: set the "promised vs got / best invention" episode to today's date (Saturday 2026-05-30), preserved Howard's Segments 1-2, and expanded the reserved Segment 3 into a topical May-2026 tech-news segment (AI glasses, AI-and-jobs, subscription squeeze, orbital data centers, AI security reality check, gadget hits) using live web research, since the assistant's training only runs to ~Jan 2026. + +## Key Decisions + +- **SPEC-017 scope:** treat "mobile device support" as MDM + a GuruRMM mobile agent app together; document the iOS/Android lock-wipe asymmetry rather than over-promising iOS parity. +- **gc-audit adapted, not copied:** GC uses runtime sqlx (not RMM's macros — and CLAUDE.md's "compile-time checked queries" line is stale), protobuf wire format, Gitea Actions CI, and a static-HTML+component-library dashboard. The skill's passes were rewritten accordingly; Pass B's initial "macros are the GC norm" rule was later corrected to flag new `query!` macros as a `[LOW]` deviation. +- **GC v2 direction (4 locked decisions):** greenfield-salvage-cores; native-first full key fidelity (WebRTC fallback only); standalone-first + versioned RMM contract; hardened single-tenant with a tenancy-ready (nullable `tenant_id`) schema so Phase 4 flips on isolation with no migration rewrite. +- **File transfer elevated:** clipboard cut/paste + drag-and-drop (both directions) made a core differentiator with a delayed-render clipboard design, not a deferred panel. +- **v2 sqlx + repo:** confirmed runtime `sqlx::query()` for v2 (GC already uses it); clean architectural reset in-place in the existing `guru-connect` repo (not a new repo). +- **Auth-strength (CRITICAL #1):** viewer-token minting gated on permission, and — after review found `view` is held by every default role — split into VIEW_ONLY (gated on `view`, relay refuses input) vs CONTROL (gated on `control`/admin) tokens. This is what actually closed CRITICAL #1. +- **Codec/transport/cutover:** H.264 default (HEVC opt-in); Phase-2 web viewer on protobuf-over-WSS first (WebRTC later); widened higher-entropy support codes; clean wholesale v1→v2 cutover (no client data to migrate). +- **Verification path:** with no local Rust toolchain, all Rust was verified by building + testing on the build host (172.16.3.30) and by confirming Gitea Actions CI, rather than trusting self-review. +- **Radio Segment 3:** built as a "present-day" bookend tying each item back to Segments 1-2; pulled live (web search) because training is stale for a same-day show. + +## Problems Encountered + +- **Gitea push failed mid-session** (internal :3000 refused, public 502) — a transient blip; later confirmed reachable and the pending commit had already been swept upstream by auto-sync. No loss. +- **Explore agent reported two GC docs at the repo root** (`FEATURE_ROADMAP.md`, `ARCHITECTURE_DECISIONS.md`) that actually live under `docs/`; caught and corrected the gc-audit skill's paths before finalizing. +- **CI red on Tasks 2/3/authz** — but only at the `cargo fmt --all --check` gate, which short-circuits before clippy/build/test, so the code had never actually compiled in CI. Verified on the build host that it compiled + passed; applied the fmt patch + two clippy one-liners (`8a01935`) → CI green. +- **Task 4 clippy red** — `empty_line_after_doc_comments` (rate_limit.rs) and two dead-code event constants (events.rs); fixed (`2118942`, build-host-verified) → CI green. +- **Audit authz finding:** Task 2/3's first authz gate used `has_permission("view")`, which is held by every default role, so it didn't actually narrow access; reviewer caught it, leading to the VIEW_ONLY/CONTROL split. +- **Coord todo POSTs failed twice on an em-dash** ("error parsing the body"); resolved by using ASCII-only text. (Same lesson recurred and was applied.) +- **No Rust toolchain on GURU-5070** — every Coding Agent could author but not compile; mitigated by build-host verification (172.16.3.30) for each task. + +## Configuration Changes + +**`azcomputerguru/guru-connect` (separate repo):** +- New: `docs/specs/SPEC-002-v2-modernization-architecture.md`, `reports/2026-05-29-gc-audit.md`, `specs/v2-secure-session-core/{plan,shape,references,standards}.md`. +- New (server): `migrations/004_v2_secure_session_core.sql`, `005_machine_metadata.sql`, `006_widen_support_code.sql`; `src/db/{agent_keys.rs,tenancy.rs}`; `src/auth/agent_keys.rs`; `src/api/machine_keys.rs`. +- Rebuilt/modified (server): `src/middleware/rate_limit.rs` (+mod.rs), `src/relay/mod.rs`, `src/api/sessions.rs`, `src/auth/{jwt.rs,mod.rs}`, `src/db/{machines,sessions,support_codes,events,users,mod}.rs`, `src/support_codes.rs`, `src/main.rs`, `Cargo.toml` (removed `tower_governor`). +- Episode/radio: n/a (different repo). + +**`azcomputerguru/gururmm` (submodule):** +- New: `docs/specs/SPEC-017-mobile-device-support.md`; `docs/FEATURE_ROADMAP.md` updated (MDM checklist + Asset Location Tracking cross-link to SPEC-017). + +**`azcomputerguru/claudetools` (this repo):** +- New: `.claude/skills/gc-audit/SKILL.md` (then refined twice). +- New memory: `.claude/memory/project_apple_mdm_certs.md`, `.claude/memory/project_guruconnect_v2_direction.md`; `MEMORY.md` index updated. +- Radio: created `projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md` (expanded, 25KB); `git rm` of `projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/`. +- This session log. + +## Credentials & Secrets + +- No new secrets created. +- Gitea API token used for CI status checks: SOPS vault `services/gitea.sops.yaml`, field `credentials.api.api-token`. +- ACG holds both Apple certs as of 2026-05-29 (Developer Program + signing; MDM Push Certificate). **Still to capture:** the exact owning Apple ID and expiry for the MDM Push Certificate (renews annually on the same Apple ID or all enrolled iOS devices break) — see `.claude/memory/project_apple_mdm_certs.md`. + +## Infrastructure & Servers + +- **Coordination API:** `http://172.16.3.30:8001/api/coord` (locks, todos) — no auth. +- **Gitea (internal):** `http://172.16.3.20:3000` (azcomputerguru org). Public: `git.azcomputerguru.com` (NPM/Cloudflare; prefer internal). +- **GC build/deploy host:** `172.16.3.30` (Linux, Rust toolchain present; GC server runs on `:3002` behind NPM at `connect.azcomputerguru.com`; GC clone at `/home/guru/guru-connect`). Production GC binary was stale (git `1bfd476`, ~2026-01-18) vs submodule HEAD — deploy step is a stub. +- **Gitea Actions runners (online):** `guruconnect-builder` (ubuntu-latest), `pluto-guruconnect` (windows-msvc, on Pluto 172.16.3.36). +- GC DB: PostgreSQL on the GC host; v2 migrations 004-006 added (not yet applied to production). + +## Commands & Outputs + +- `cargo fmt --all` / `cargo clippy --all-targets --all-features -- -D warnings` / `cargo build --release --target x86_64-unknown-linux-gnu` / `cargo test --release` — run on `172.16.3.30` to verify GC v2 (no local toolchain). Note: must set `CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu` on Linux because the repo `.cargo/config.toml` defaults to `x86_64-pc-windows-msvc`. +- GC v2 keystone test result on build host: `32 passed; 0 failed`. +- CI: build-and-test run on `2118942` — build-server, build-agent, security-audit all success. +- Coord todo POST: requires ASCII-only body (`text`, `created_by_user`, `created_by_machine` required); em-dashes cause "error parsing the body". +- `git rm -r projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/` — old radio folder removed after writing the dated one. + +## Pending / Incomplete Tasks + +- **GC v2 Phase 1 remainder:** Task 5 (attended-mode consent — proto `ConsentRequest`/`ConsentResponse`), Task 6 (native viewer full key fidelity — WH_KEYBOARD_LL hook, scan-code injection, SAS for Ctrl+Alt+Del, clipboard sync), Task 7 (HW H.264 + raw/Zstd fallback). Then Phase 2 (file transfer + dashboard + web viewer), Phase 3 (`/api/integration/v1/` RMM contract), Phase 4 (multi-tenancy switch-on). Source of truth: `specs/v2-secure-session-core/plan.md` + `docs/specs/SPEC-002-*.md`. +- **Open coord todos (guruconnect):** `9a462965` (revoke viewer tokens on logout), `3c1f372a` (trusted-proxy client-IP keying — NPM-on-loopback collapses clients to 127.0.0.1), `542137df` (multi-instance fail-closed DB single-use gate). Plus two `TODO(audit-events)` comments in `db/events.rs`. +- **GC v2 deploy:** wire the real `deploy.yml` SSH step (currently a stub) and chain `cargo audit` into release/deploy; v1→v2 cutover after the product-capability tasks. +- **SPEC-017 mobile:** capture the Apple MDM Push Certificate's owning Apple ID + expiry; provision Google Play/FCM. +- **Radio:** Mike's "best invention" pick (Segment 2); refresh Segment 3 items if the show slips past 2026-05-30. + +## Reference Information + +- **Specs:** `guru-connect/docs/specs/SPEC-002-v2-modernization-architecture.md`, `guru-connect/specs/v2-secure-session-core/`, `guru-connect/specs/native-remote-control/`; `gururmm/docs/specs/SPEC-017-mobile-device-support.md`. +- **Audit report:** `guru-connect/reports/2026-05-29-gc-audit.md`. +- **gc-audit skill:** `.claude/skills/gc-audit/SKILL.md`. +- **Memory:** `.claude/memory/project_apple_mdm_certs.md`, `.claude/memory/project_guruconnect_v2_direction.md`. +- **Commit SHAs — guru-connect:** `486debf` (audit report), `5c60a10` (SPEC-002), `81e4b99` (shape spec), `fef8111` (T1), `41691bf` (T2), `0f25878` (T3), `a453e79` (authz split), `8a01935` (fmt/clippy), `bfcdbb5` (T4), `2118942` (clippy fix). +- **Commit SHAs — gururmm:** `417856e` (SPEC-017). +- **Commit SHAs — claudetools:** `e8ac759`, `df6a2dd`, `e5ccb6a`, `c670471`, `c70cd70` (gc-audit skill). +- **Coord todos (guruconnect):** done — `faf39fe0`, `c8916c89`; open — `9a462965`, `3c1f372a`, `542137df`. +- **Radio episode:** `projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md`.