Exit code fix: add $proc.Handle caching after Start-Process -PassThru to prevent
the handle from being released before ExitCode is readable (known PS5.1 bug).
GuruRMM reporting: launcher now finds results.json after each scan and emits
GURUSCAN_RESULT_JSON:<compressed> to stdout. Agent CommandResult captures it;
server stores it in commands.stdout for retrieval via GET /api/commands/:id.
Pre-scan hardening:
- Pre-flight EXE check: warns about missing scanner binaries before run starts
- Windows Defender exclusions added for scanner/log paths before scan, removed after
AdwCleaner: add /path {LOG_ROOT} arg so logs write directly to scan log root;
update log_src to {LOG_ROOT}\Logs to match.
HitmanPro: add /quiet to scan and clean args to suppress GUI in headless runs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removed/simplified sections now handled by identity.json:
- Removed Ollama endpoint table (now in identity.json)
- Condensed verbose Ollama description
- Updated GrepAI CLI path to use $CLAUDETOOLS_ROOT
- Added migrate-identity.sh step to onboarding
All machine-specific config (Ollama, Python, paths) now centralized
in identity.json — CLAUDE.md references it, doesn't duplicate it.
Phase 2 migration complete:
sync.sh:
- Read Python command from identity.json first (.python.command)
- Fall back to auto-detection for legacy machines
- Eliminates per-session detection overhead
syncro.md:
- Read Ollama endpoint from identity.json (.ollama.endpoint // .ollama.fallback)
- Read Python command from identity.json (.python.command)
- Both sections have legacy fallbacks with detection
- Eliminates 2-second curl probe on every write operation
- Updated day-of-week verification code example
- Updated Ollama draft call section
Impact: All scripts now read machine-specific config from identity.json
(populated by migrate-identity.sh). Faster, explicit, offline-safe.
The script auto-detected PYTHON_CMD but then hardcoded `python3` for the
JSON write (exit 127 on Windows where only `py` exists), and passed a Git
Bash POSIX path (/d/...) to native Python (FileNotFoundError). Fixes:
- use "$PYTHON_CMD" instead of hardcoded python3
- convert IDENTITY_PATH via `cygpath -m` for the interpreter (no-op elsewhere)
Verified on GURU-5070: identity.json migrated correctly (py, windows/amd64,
localhost Ollama, qwen3:8b).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Auto-detects Python command, platform, architecture
- Probes Ollama (local vs remote)
- Sets prose_model based on machine (qwen3:8b for GURU-5070, else qwen3:14b)
- Tested on Mikes-MacBook-Air: all fields populated correctly
Ready for coord rollout to all machines.
Merge Ollama fallback pattern with identity.json approach.
Store endpoint/fallback/prose_model to eliminate curl probes.
Same pattern as claudetools_root/vault_path (working).
Next: coord message rollout to populate fields on all machines.
- Updated sync.sh to read claudetools_root from identity.json
- Updated syncro.md skill to use identity.json for repo path
- Updated CLAUDE.md onboarding to include claudetools_root field
- Eliminates cross-architecture path detection issues
- Fallback to git rev-parse for legacy machines
Each machine sets claudetools_root during onboarding, just like vault_path.
Skill + template:
- wiki-compile Phase 2P: type-aware authoritative-artifact discovery for
projects (migrations, API routes, agent modules, roadmap-done, commit log),
with a stale-submodule guard that reads origin/main when the pinned
submodule lags. Changelogs treated as incomplete, not authoritative.
- project template: add a Capabilities / Feature Set section.
GuruRMM recompile (from live main artifacts, not session logs):
- Added Capabilities / Feature Set section covering monitoring, remote
execution (incl. system vs user_session contexts), inventory/discovery,
update mgmt, policy, alerting/watchdog, backup, tunnel, identity/security.
- Fixed the misleading "runs as LocalSystem" command-fields line (the gap
that started this) and the stale BUG-001 temperature claim (now shipped).
- Qualified Entra-only SSO; noted safe-rollout is unwired scaffolding.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Seeded from March MDM session logs + Syncro (customer 33809612) + vault.
Google Workspace shop with ManageEngine MDM (Zoho); documents the
dual-EMM self-enrollment trap resolved 2026-03-24.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a complete PowerShell-based malware scanning toolkit:
- Invoke-GuruScan.ps1: main orchestrator running RKill, AdwCleaner,
Emsisoft, HitmanPro, and ESET in sequence with pre/post cleanup,
whitelist support, ForceRemove blacklist, and -Headless switch
- Invoke-PostRebootCleanup.ps1: post-reboot temp-user session that
shows a fullscreen splash, verifies boot-time cleanup completed,
removes scanner files, and restores the original user login name
- Download-Scanners.ps1: downloads/refreshes scanner EXEs
- Get-ScanSummary.ps1: parses results.json with optional Ollama AI analysis
- Invoke-Remediation.ps1: re-runs scanners in clean mode
Key features: exit-code-based reboot detection, whoami-based user
capture (SYSTEM-safe via quser fallback), domain\user and local
MACHINE\user restore on login screen after cleanup reboot.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/wiki-compile: new skill that seeds or refreshes wiki client articles
from session logs and live Syncro PSA data.
- Three modes: seed (new article), refresh (surgical update), full (--full flag)
- Syncro enrichment for client targets: customer profile, contacts,
open tickets, recent invoices, asset count
- Ambiguous customer search: pause and ask user to pick
- Customer not found: graceful warn + continue with session logs only
- Syncro is authoritative for all billing fields (hours, rate, contract type)
- Refresh mode: surgical edits only (hours, active tickets, frontmatter)
- Seed/full: Ollama qwen3:14b synthesis; Claude-direct fallback
- Asset count in Profile only — no asset detail tables in wiki
- Commits and pushes after write
/wiki-lint: add Step 6 — Syncro Live-Check
- Pulls live prepay_hours for every client article with a Syncro customer ID
- Auto-fixes stale hours in place; commits fixes in one batch
- Flags articles with open tickets and stale compiled date for review
- Adds Syncro section to lint report output
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Migration 20260526_150000 adds nullable due_at datetime column. Model, schemas
(create/update/response), and sync.sh display updated. Sync output now shows
due:YYYY-MM-DDTHH:MM alongside any todo with a due date.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New coord_todos table and API endpoints (GET/POST/PUT/DELETE /api/coord/todos)
supporting manual and auto-created items, sub-tasks via parent_id, and inclusive
for_user/for_machine filters (OR-null) for sync/save display. sync.sh Phase 7
now shows pending todos grouped by project after every sync. CLAUDE.md documents
auto-creation behavior for unresolved follow-up. Web/email pricing doc updated:
block time rate clarified, INKY reference removed, dates updated.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
