From ef55121d9516b8438bc432a24fe6611fc7c4c683 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Sun, 21 Jun 2026 17:47:14 -0700 Subject: [PATCH] errorlog lint follow-ups: bitdefender log-gap fix + submodule memory + Windows CORE rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - bitdefender gz.py: add "missing name" to _EXPECTED_ERROR_MARKERS — closes the last gap in Howard's errorlog suppression ("Missing name 'X' in 'options' object" validation errors were still logged). Verified all 10 real spam messages now suppressed; genuine errors still log. - memory feedback_submodule_autosync_discipline: capture the recurring auto-synced-submodule rule (worktree or push-by-SHA + ls-remote verify; assert HEAD==origin/main before audits; never checkout-- shared files). Recurred on Howard-Home x3 + GURU-5070 this session. - CLAUDE.md CORE Windows bullet: promote the two top recurring mechanical traps (/tmp path mismatch, curl.exe/plink quote-stripping) to always-loaded hard rules so they stop repeating. Lint of errorlog.md: bitdefender expected-validation spam was ~70% of entries (Howard's suppression now complete); fabb3421/Mail.Send drift closed earlier this session; wiki-compile lock-release doc already fixed (entries predate the fix). Co-Authored-By: Claude Opus 4.8 (1M context) --- .claude/CLAUDE.md | 7 +++- .claude/memory/MEMORY.md | 1 + .../feedback_submodule_autosync_discipline.md | 38 +++++++++++++++++++ .claude/skills/bitdefender/scripts/gz.py | 1 + 4 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 .claude/memory/feedback_submodule_autosync_discipline.md diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index e29a9eac..023fa5bc 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -48,7 +48,12 @@ production, data-loss. Detail: EXTENDED + `.claude/OLLAMA.md`. - **Log preventable friction too (`--friction`):** any time you waste tokens on a preventable, repeatable self-inflicted error — harness/env/tool misuse (Git-Bash `/tmp` path mismatch, shell env not persisting between Bash calls, passing huge args on the command line, PowerShell var case-collisions, etc.) — log it: `bash .claude/scripts/log-skill-error.sh "" "what wasted tokens + the fix" --friction [--context "ref="]`. **If it repeats something already in memory or CLAUDE.md, that's the highest-value entry** — it means a rule/memory isn't working; cite the ref. This log is the corpus we lint to build better CLAUDE.md rules and to clean stale/misleading memory. Goal: stop paying twice for the same mistake. - **Windows:** ensure `bash` resolves to Git-for-Windows MSYS bash, not the WSL stub; write `.claude/current-mode` with a relative/forward-slash path only (never a backslash Windows - path). Detail + fixes: EXTENDED. + path). **Never write API/scratch JSON to `/tmp`** — Git-Bash `/tmp` and the Write/Python tools + resolve it to different places (read-back fails); use a repo-relative path (`./.x.json`). **Never + embed `"` in `curl.exe`/`plink` args from PowerShell** — `CommandLineToArgvW` strips them and + silently mangles the payload; single-quote bodies, build `$` from `[char]36`, or use SSH key auth. + These two recur fleet-wide (errorlog) — treat as hard rules. Detail + fixes: EXTENDED, + memories `feedback_tmp_path_windows` + `feedback_windows_quote_stripping`. ## Coordination (live source of truth) The coord API (`http://172.16.3.30:8001/api/coord`, no auth) holds live locks, messages, diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 0dc07245..e81d5869 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -102,6 +102,7 @@ ### GuruRMM - [GuruRMM build verification (read before touching the pipeline)](feedback_gururmm_build_verification.md) — Merge-to-main IS the build+deploy; verify locally FIRST. Canonical refs: guru-rmm `docs/BUILD.md` + the `gururmm-build` skill (`verify.sh server|agent|dashboard|migrations`) + `deploy/build-pipeline/README.md`. Compile-gate trap: Windows cargo can't verify Linux-gated agent code (openssl-sys); Linux build on .30 is the real gate. Server needs SQLX_OFFLINE + fresh server/.sqlx; check migration-number collisions. +- [Submodule auto-sync discipline](feedback_submodule_autosync_discipline.md) — In auto-synced submodules (guru-rmm/guru-connect) local branch refs/HEAD don't survive across calls (background sync resets to the lagging gitlink; sessions share the tree). Use a git worktree or commit+push-by-explicit-SHA + `ls-remote` verify; assert HEAD==origin/main (or read `origin/main:`) before audits; never `checkout --` shared files. Recurring fleet friction. - [GuruRMM operational rules](feedback_gururmm.md) — Six rules: (1) RMM dev = Mike, never Howard (368/0 commits); GuruScan is Howard's. (2) Agent parity Win+Linux+macOS in same change. (3) Builds via Gitea webhook pipeline only, never SSH. (4) #bot-alerts only for client/ticket impact, skip internal infra/dev. (5) Identify agents by IP, not by reconning candidates. (6) UNC paths in user_session need [char]92 — literals get halved. - [Build channel default = beta](feedback_gururmm_build_channel_default.md) — New agent builds must be tagged BETA by default (stable = explicit promote re-tag); distinct from agents defaulting to the stable CHANNEL (correct). Fixed build-windows/linux.sh 2026-06-01; macOS already correct. Enables beta-first canary. - [Dashboard beta-first deploy](feedback_dashboard_beta_first.md) — Dashboard auto-builds to rmm-beta.azcomputerguru.com on push; prod (rmm.azcomputerguru.com) is explicit promote-only via promote-dashboard.sh --confirm. Never hand-rsync prod. One artifact, nginx sub_filter BETA banner. Stood up 2026-06-02. diff --git a/.claude/memory/feedback_submodule_autosync_discipline.md b/.claude/memory/feedback_submodule_autosync_discipline.md new file mode 100644 index 00000000..357ba08a --- /dev/null +++ b/.claude/memory/feedback_submodule_autosync_discipline.md @@ -0,0 +1,38 @@ +--- +name: feedback_submodule_autosync_discipline +description: In auto-synced submodules (guru-rmm/guru-connect) don't trust local branch refs — use a worktree or push-by-SHA + verify; assert HEAD==origin/main before audits. Recurring fleet friction. +metadata: + type: feedback +--- + +The superproject's background auto-sync resets each submodule's working tree to the **pinned +gitlink** (which intentionally lags `main`), and 3-4 Claude sessions can share one submodule +checkout. So inside `projects/msp-tools/guru-rmm` (and guru-connect) **local branch refs / HEAD do +NOT reliably survive across tool calls or sessions** — a `git switch -c feat` can get reset to the +gitlink mid-work, commits land on a detached HEAD, and `push -u origin ` ships a stale ref. + +**Do this instead:** +- **Feature work:** `git worktree add origin/main`, edit + commit + push there, then + `worktree remove` — OR commit in place, capture `sha=$(git rev-parse HEAD)`, and push by EXPLICIT + sha: `git push origin :refs/heads/`. Then VERIFY: `git ls-remote origin `. + (This session: that push-by-SHA is exactly how the BUG-019 merge + docs landed cleanly.) +- **Before any audit/analysis that reads the working tree:** assert `HEAD == origin/main` + (`git rev-parse HEAD` vs `git rev-parse origin/main`); if behind, `git fetch` + checkout + origin/main first, or read `git show origin/main:`. A stale gitlink makes you "fix" + already-fixed code (a real audit wasted a fix on a bug already closed in main). +- **Never `git checkout -- `** to clean up a dirty submodule tree — it clobbers a + concurrent session's uncommitted work. Move untracked files aside instead. +- HTTPS auth to the gururmm/guru-connect remote (git.azcomputerguru.com) on GURU-5070 uses the + vaulted `services/gitea` api-token via GIT_ASKPASS (the gitea skill can't inject it — parent repo + is HTTP, submodule is a different host; SSH key not authorized here). + +**Why:** recurring across the fleet (Howard-Home detached-HEAD x2 + a stale-gitlink audit; +GURU-5070 hit a non-fast-forward on a docs push this session). Each occurrence costs a +re-diagnose/rebuild cycle. Howard fixed the `sync.sh` submodule-clobber root cause + moved to +worktrees (2026-06-21), but the defensive discipline still applies. + +**How to apply:** worktree or push-by-SHA + `ls-remote` verify for writes; assert HEAD==origin/main +(or read `origin/main:`) before audits; never `checkout --` shared files. + +Related: [[gururmm-session-logs-submodule-save]] [[feedback_gururmm_build_verification]] +[[feedback_verify_committed_state_before_push]] [[using-git-worktrees]] diff --git a/.claude/skills/bitdefender/scripts/gz.py b/.claude/skills/bitdefender/scripts/gz.py index e25e29f6..b6d3fe2c 100644 --- a/.claude/skills/bitdefender/scripts/gz.py +++ b/.claude/skills/bitdefender/scripts/gz.py @@ -68,6 +68,7 @@ def _log_skill_error(skill, msg, context=""): # conditions - only real failures worth pattern-spotting. These are NOT logged. _EXPECTED_ERROR_MARKERS = ( "required parameter is missing", + "missing name", # e.g. "Missing name 'reportingInterval' in 'options' object" (validation) "invalid value", "not expected", "method not found",