sync: auto-sync from HOWARD-HOME at 2026-06-01 17:07:55

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-01 17:07:55

.claude/memory/MEMORY.md

@@ -20,6 +20,7 @@
 - [Gitea Internal API Access](reference_gitea_internal.md) — git.azcomputerguru.com is NOT behind Cloudflare — it's the office Cox IP NAT'd to NPM (openresty) on Jupiter. Prefer internal 172.16.3.20:3000 for reliability (bypasses NPM SSL-renewal reload blips).
 - [Gitea git-op latency](reference_gitea_git_op_latency.md) — SSH (.20:2222) is SLOWEST (~1.5s); internal HTTP+token ~0.55s; SOPS lookup only ~0.33s. Don't switch to SSH for speed. Gitea SSH is .20:2222 (API ssh_url .21 is wrong).
 - [GuruRMM technical reference](reference_gururmm.md) — Server (172.16.3.30) layout + API + `context=user_session` (WTS impersonation) + build-pipeline vendoring at `deploy/build-pipeline/` (auto-syncs to /opt/gururmm) + Linux agent systemd sandbox trap (ProtectSystem=strict makes fs/mount observations sandbox-local).
+- [Trebesch DESKTOP-QNP3ON5 shell replacement](reference_trebesch_qnp3on5.md) — AT Trebesch box runs an Explorer shell replacement; explorer.exe owner check returns blank — use Win32_ComputerSystem.UserName. GuruRMM SWIFT-LION-2892.
 
 ## Users
 - [Howard Enos](user_howard.md) — Mike's brother, technician, full access. Machines: ACG-TECH03L, Howard-Home (authoritative in users.json).
@@ -70,6 +71,7 @@
 
 ## Project
 - [Automate memory consolidation/lint (phased)](project_memory_consolidation_automation.md) — Eventually auto-run /memory-dream; lint+additive fixes can automate early, merges/deletes stay human-approved. Engine: .claude/skills/memory-dream/ + .claude/scripts/sync-memory.sh.
+- [Trebesch PST consolidation (staged)](project_trebesch_pst_consolidation.md) — Address-book CSV from 24 PSTs on DESKTOP-QNP3ON5; scripts staged at .claude/tmp/treb-*.ps1, WAITING for Howard's 6pm-MST 2026-06-01 go signal (attended run). See [[reference_trebesch_qnp3on5]].
 - [GuruRMM project state](project_gururmm.md) — Dev principles (every feature full-stack: backend+API+UI+docs+scalability; product works without AI; FEATURE_ROADMAP update is part of definition-of-done; mirrors guru-rmm/docs/DESIGN.md). Webhook docs-only build guard (SPEC-020 Phase 0; webhook-handler.py repo copy is STALE — don't redeploy). Mac install-hooks.sh setup STILL PENDING on Mikes-MacBook-Air.
 - [GuruConnect](project_guruconnect.md) — v2 direction (native-first full key fidelity Win+R/Ctrl+Alt+Del + bidirectional file cut/paste/drag; WebRTC fallback only; standalone-first + RMM contract; tenancy-ready schema; Mike willing to scrap v1). Manual deploy procedure to 172.16.3.30 (build-on-server in login shell; sqlx runtime queries; NPM `CONNECT_TRUSTED_PROXIES=172.16.3.20` gotcha). v2 live since 2026-05-30.
 - [Apple MDM + Developer certs (GuruRMM mobile)](project_apple_mdm_certs.md) — ACG holds Apple Developer+signing and Apple MDM Push certs (acquired 2026-05-29) for SPEC-017. MDM push cert RENEWS ANNUALLY on the same Apple ID or all enrolled iOS devices break.

.claude/memory/project_trebesch_pst_consolidation.md

@@ -0,0 +1,20 @@
+---
+name: project_trebesch_pst_consolidation
+description: AT Trebesch PST contact consolidation — staged, waiting for Howard's 6pm-MST (2026-06-01) go signal to run extract+merge
+metadata:
+  type: project
+---
+
+Task: consolidate ALL address-book contacts from AT Trebesch's 24 PST files (~155 GB on DESKTOP-QNP3ON5) into one Outlook-importable CSV at `C:\Users\Owner\Desktop\Contacts\`. Ties to Syncro ticket 31953.
+
+**Why:** customer lost contacts; wants the address books (the **Contacts folders**) condensed — NOT the Auto-Complete cache and NOT the "Suggested Contacts" auto-harvest folder.
+
+**Status (2026-06-01 ~4:45pm MST):** fully staged, NOT yet run. Howard said hold until **6:00 PM MST** (01:00 UTC Jun 2) and he will trigger it manually (chose attended, not auto-scheduled), because the live Outlook churn would disrupt the user during the day.
+
+**Validated:** Outlook COM works in `context=user_session` (probe COM_OK). Live profile shows Contacts=794 (earthlink) / 374 (Outlook1) / 366 (Outlook), `Suggested Contacts` correctly hits [WOULD SKIP], `archive1.pst` (10GB) has no contacts (giants likely contact-empty).
+
+**Scripts (local, ready to dispatch via /rmm):**
+- `C:\claudetools\.claude\tmp\treb-extract.ps1` — Phase 1, user_session COM. Auto-discovers+dedupes PSTs (by name+size), smallest-first, resumable (skips done JSON), mounts each unique PST, walks ONLY contact-type folders, excludes Suggested Contacts/Recipient Cache/etc by name, writes per-PST JSON to `Contacts\_work\`. Captures Notes (=Body).
+- `C:\claudetools\.claude\tmp\treb-merge.ps1` — Phase 2, runs as SYSTEM. Groups by email-or-name, recency-wins gap-fill super-record, but Notes are CONCATENATED across copies (never dropped), up to 3 emails, adds Source PSTs / Source folders / Copies merged audit columns, Outlook native CSV headers.
+
+**Plan:** safe set first (exclude 48/16/10 GB mail archives), extract -> merge -> deliver CSV, then spot-check one giant for contacts. Agent: ba173f0c-19e8-488d-834c-1b6f6dfd5699. See [[reference_trebesch_qnp3on5]].

.claude/memory/reference_trebesch_qnp3on5.md

@@ -0,0 +1,12 @@
+---
+name: reference_trebesch_qnp3on5
+description: AT Trebesch's DESKTOP-QNP3ON5 runs an Explorer shell replacement — detect the logged-on user via Win32_ComputerSystem.UserName, not explorer.exe
+metadata:
+  type: reference
+---
+
+DESKTOP-QNP3ON5 (Syncro customer 238740, GuruRMM client "AT Trebesch", agent ba173f0c-19e8-488d-834c-1b6f6dfd5699, user = `Owner`) **runs a third-party Explorer shell replacement** instead of explorer.exe.
+
+Consequence: `Get-CimInstance Win32_Process -Filter "Name='explorer.exe'"` returns nothing, so the common "logged-on user = explorer.exe owner" check yields **blank** on this box. Confirm the session instead with `(Get-CimInstance Win32_ComputerSystem).UserName` (returned `DESKTOP-QNP3ON5\Owner`). Outlook COM in `context=user_session` works fine here despite the shell swap.
+
+GuruRMM site: code SWIFT-LION-2892, key vaulted at `clients/attrebesch/gururmm-site-main.sops.yaml`. See [[project_trebesch_pst_consolidation]].

clients/attrebesch/session-logs/2026-06-01-session.md

@@ -0,0 +1,78 @@
+# AT Trebesch — 2026-06-01
+
+## User
+- **User:** Howard Enos (howard)
+- **Machine:** Howard-Home
+- **Role:** tech
+
+## Session Summary
+
+Reviewed the full pending-todo backlog (coord API, 38 items) and the live Syncro ticket board to surface actionable client work for Howard. Identified ~13 tickets assigned to Howard (user_id 1750), several overlapping coord todos (DesertRV RMM standup, Cascades ALIS/Karen Rossini). Pivoted into onboarding a new GuruRMM client.
+
+Onboarded **AT Trebesch** (Syncro customer 238740, Tucson residential) into GuruRMM: created the client + "Main" site, captured the one-time site enrollment key, vaulted it, committed/pushed the vault. Confirmed the client's primary workstation DESKTOP-QNP3ON5 was already enrolled and checking in.
+
+Scoped and staged a contact-recovery task: consolidate every address-book contact spread across the customer's PST files into one Outlook-importable CSV. Ran read-only RMM scans to characterize the machine: PST inventory (24 PSTs, ~155 GB, including two 48 GB and one 16 GB file), session/Outlook state, and a validated Outlook COM probe. The probe confirmed COM works in the user session, that the address book lives in the Contacts folders (794/374/366 in the three loaded stores), that the legacy "Suggested Contacts" auto-harvest folder is present and correctly excluded, and that the 10 GB archive1.pst holds no contacts (signal that the giant mail archives are likely contact-empty).
+
+Authored two PowerShell scripts (extract + merge) implementing a resilient, resumable, smallest-first extraction via Outlook COM `AddStore`, with an intelligent merge (email-or-name dedupe, recency-wins gap-fill, notes concatenated across copies, up to 3 emails, audit columns). Per Howard's clarifications, the scripts target only real address-book folders (not the Auto-Complete cache or Suggested Contacts) and fully capture contact Notes.
+
+Howard requested the actual extraction be held until **6:00 PM MST** and that he will trigger it manually (attended run). Nothing was dispatched against the customer's live Outlook data; only read-only scans/probes ran. Two memory notes were saved to preserve the staged state.
+
+## Key Decisions
+
+- **Route A (Outlook COM in user_session)** over a standalone PST parser — Outlook present + Owner logged in, and COM maps contacts 1:1 to Outlook's CSV import schema with zero machine footprint.
+- **Two-phase architecture** (extract as user → JSON per PST; merge as SYSTEM → CSV) for resilience: extraction timeouts/hangs don't lose completed work, and merge runs on whatever JSONs exist.
+- **Smallest-first + resumable** ordering so real contact stores are captured before the risky 48 GB archives; re-dispatch skips completed PSTs.
+- **Exclude auto-harvest folders by name** (`Suggested Contacts`, `Recipient Cache`, GAL/recipient caches) per Howard's "address book, not everyone who emailed" requirement. Validated by the probe ([WOULD SKIP] on the live Suggested Contacts folder).
+- **Dedupe key = primary email, else normalized First+Last** — errs toward not over-merging (a stray duplicate beats merging two different people).
+- **Notes concatenated across duplicate copies** (not newest-wins) so no note content is lost — added after Howard explicitly asked to copy notes.
+- **Attended 6pm run** (not auto-scheduled) — client data op touching live Outlook; Howard wants to watch for hangs on the big PSTs.
+- **Dedupe identical PST copies by name+size** before mounting (the set has many backup-folder/`D:\E` mirrors) to avoid redundant AddStore work.
+
+## Problems Encountered
+
+- **Blank logged-on-user detection** — `Win32_Process explorer.exe` owner came back empty. Cause: the machine runs a third-party Explorer shell replacement. Resolved by confirming the session via `Win32_ComputerSystem.UserName` (= `DESKTOP-QNP3ON5\Owner`); saved as a memory note.
+- **Probe mis-dispatched (exit 127)** — first probe ran from the wrong working directory (shell CWD had carried over into the guru-rmm submodule from an earlier source-inspection `cd`), so `git rev-parse` resolved the wrong repo root and vault.sh wasn't found. Resolved by pinning `REPO_ROOT=/c/claudetools`.
+- **PowerShell parse error in the probe** — embedded apostrophes and a `\` inside double-quoted strings broke the parser (nothing executed). Resolved by rewriting output strings to use interpolation and avoid those characters.
+
+## Configuration Changes
+
+- Created `C:\claudetools\.claude\tmp\treb-extract.ps1` — Phase 1 contact extraction (Outlook COM, user_session).
+- Created `C:\claudetools\.claude\tmp\treb-merge.ps1` — Phase 2 merge → CSV (SYSTEM).
+- Created `C:\claudetools\.claude\memory\reference_trebesch_qnp3on5.md` — shell-replacement / logged-on-user quirk.
+- Created `C:\claudetools\.claude\memory\project_trebesch_pst_consolidation.md` — staged-task state.
+- Updated `C:\claudetools\.claude\memory\MEMORY.md` — added two pointers (Reference + Pending Setup).
+- Vault (D:/vault): created `clients/attrebesch/gururmm-site-main.sops.yaml` (encrypted, committed, pushed).
+
+## Credentials & Secrets
+
+- AT Trebesch GuruRMM **site enrollment key** (grmm_…) is vaulted at `clients/attrebesch/gururmm-site-main.sops.yaml` (round-trip verified). Not reproduced here — read via `bash .claude/scripts/vault.sh get clients/attrebesch/gururmm-site-main.sops.yaml`.
+- No other new secrets. Syncro/RMM creds unchanged (vault: `infrastructure/gururmm-server.sops.yaml`).
+
+## Infrastructure & Servers
+
+- **Syncro customer 238740** — AT Trebesch, treb737@earthlink.net, 5205294999, 7280 N. Cathedral Rock, Tucson AZ (residential).
+- **GuruRMM** — API http://172.16.3.30:3001, dashboard https://rmm.azcomputerguru.com.
+  - Client "AT Trebesch": `a6dbe776-c3b0-4345-8c2c-597cff8a9b4d`
+  - Site "Main": `2df75e13-4268-49db-babe-489b66729f87`, code **SWIFT-LION-2892**
+  - Install page: https://rmm.azcomputerguru.com/install/SWIFT-LION-2892
+  - MSI: https://rmm.azcomputerguru.com/api/sites/2df75e13-4268-49db-babe-489b66729f87/installer
+- **DESKTOP-QNP3ON5** — agent `ba173f0c-19e8-488d-834c-1b6f6dfd5699`, Windows, user `Owner`, runs an Explorer shell replacement. Outlook = Microsoft 365 Apps x64, 16.0.19929.20172. Free space C: 593 GB, D: 915 GB.
+
+## Commands & Outputs
+
+- GuruRMM timeout behavior (verified in `server/src/db/commands.rs` reaper + `agent/src/transport/websocket.rs`): `timeout_seconds` honored exactly, no hidden cap; default 300s, NULL→600s.
+- PST inventory: 24 files, 154.83 GB. Largest: `Outlook2.pst` 48639 MB & 48633.2 MB, `treb737@earthlink.net - Default.pst` 16619.9 MB, `archive1.pst` 10524 & 10499.3 MB. Many byte-identical copies across `Desktop\Outlook\backup\`, `D:\E\`, `Documents\Outlook Files\`.
+- COM probe output: `COM_OK`; 5 loaded stores; address-book counts Contacts=794 (earthlink) / 374 (Outlook1) / 366 (Outlook); `[WOULD SKIP] Suggested Contacts`; archive1.pst/backup.pst no contacts.
+
+## Pending / Incomplete Tasks
+
+- **HOLD until 6:00 PM MST 2026-06-01 (01:00 UTC Jun 2):** run `treb-extract.ps1` then `treb-merge.ps1` on DESKTOP-QNP3ON5 via /rmm. Howard triggers manually ("go" = safe set excluding giants; "go, all PSTs" = include 48/16/10 GB archives). Output CSV → `C:\Users\Owner\Desktop\Contacts\`.
+- After delivery: spot-check one giant archive for contacts; only scan the rest if non-empty.
+- Related open Syncro tickets for AT Trebesch: 32160 (assess for threats — pairs with /rmm diagnose) and 31953 (earthlink address book — this contact-recovery task).
+
+## Reference Information
+
+- Scripts: `C:\claudetools\.claude\tmp\treb-extract.ps1`, `C:\claudetools\.claude\tmp\treb-merge.ps1`
+- Memory: `reference_trebesch_qnp3on5.md`, `project_trebesch_pst_consolidation.md`
+- Syncro ticket #31953 (address book), #32160 (threats)
+- RMM API: POST /api/agents/:id/command (context=user_session for COM), poll GET /api/commands/:id