Commit Graph

97 Commits

Author SHA1 Message Date
5a97967b4b wiki+memory: consolidate kittle-design -> kittle (redirect stub); add feedback memories (syncro preview, refresh-first, autonomy scope)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 17:28:17 -07:00
46e58ef7b5 sync: auto-sync from HOWARD-HOME at 2026-06-09 17:08:26
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-09 17:08:26
2026-06-09 17:08:39 -07:00
19b0e50ac4 sync: auto-sync from HOWARD-HOME at 2026-06-09 10:33:12
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-09 10:33:12
2026-06-09 10:33:25 -07:00
b4fcea91dc fix(remediation): close the recurring Exchange-Admin-role gap fleet-wide
EXO email-cleanup tasks (Search-UnifiedAuditLog, Get-MessageTrace, inbox rules) kept
401/403-ing per tenant because the Exchange Operator SP was missing the Exchange Admin
directory role — admin consent grants Exchange.ManageAsApp but never the directory role.
onboard-tenant.sh assigns it, but tenants consented before that step / by hand never got
it, and nothing audited for it. Hence the recurring 'next onboarding will fix it' (false
for already-onboarded tenants).

- NEW assign-exchange-role.sh: idempotent role assignment via the authoritative
  roleManagement/directory/roleAssignments API (the legacy directoryRoles/members list
  reads back unreliably). <domain|--all> + --verify/--dry-run.
- Backfilled the whole fleet (--all): 13 stragglers ASSIGNED, 12 already OK, 20 skipped
  (tenant-admin not consented), 0 errors. Safe Site included.
- Standing audit documented (assign-exchange-role.sh --all --verify) + memory so no future
  session repeats the empty promise.
- Adds wiki/clients/safesite.md (tenant + 4-source endpoint inventory + investigation).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 20:07:28 -07:00
e97d972285 sync: auto-sync from GURU-BEAST-ROG at 2026-06-08 08:40:52
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-08 08:40:52
2026-06-08 08:40:58 -07:00
c8a8becd4b sync: auto-sync from GURU-5070 at 2026-06-08 06:50:14
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-08 06:50:14
2026-06-08 06:50:19 -07:00
c778037dde sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 19:46:36
Author: Mike Swanson
Machine: Mikes-MacBook-Air.local
Timestamp: 2026-06-07 19:46:36
2026-06-07 19:46:38 -07:00
7d834e1d8f sync: auto-sync from GURU-5070 at 2026-06-07 17:45:03
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-07 17:45:03
2026-06-07 17:45:07 -07:00
2273a96a9f sync: auto-sync from Mikes-MacBook-Air.local at 2026-06-07 12:59:13
Author: Mike Swanson
Machine: Mikes-MacBook-Air.local
Timestamp: 2026-06-07 12:59:13
2026-06-07 12:59:46 -07:00
8abcb112b1 docs(memory): vault git-auth fix — GCM shadows store token on git.azcomputerguru.com
Vault sync was failing with "remote: Failed to authenticate user" against
git.azcomputerguru.com. Root cause: Git Credential Manager (first in the
helper chain) shadowed the valid PAT in the store helper with a stale
cached OAUTH_USER JWT.

Fix (machine-local git config, already applied — not in the repo):
- Reset the vault repo credential.helper to store-only (drop inherited GCM).
- Pin azcomputerguru@ in the vault remote URL so store returns the durable
  PAT instead of a volatile OAUTH_USER JWT.

Repo change here is documentation only: a feedback memory capturing the
diagnosis + fix, plus an index line in MEMORY.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 08:07:13 -07:00
807180f29b feat(scripts): add Firefox driver (ff.py) via Playwright; disable claude-in-chrome
Add .claude/scripts/ff.py, a Firefox browser driver built on Playwright and
the Firefox sibling of the existing cdp.py Chrome driver. It runs a small
background daemon holding one Playwright Firefox page on a persistent profile,
controlled over localhost:9333, with subcommands launch/status/nav/shot/click/
type/eval/console/network/stop. Verified end-to-end (real screenshot, network
and console capture). This is now the preferred browser-automation path because
Mike dislikes Chrome and the claude-in-chrome extension (that connector was
disabled in ~/.claude.json this session - not a repo change).

Add memory reference_ff_firefox_driver.md documenting the driver and an index
line in MEMORY.md. The MEMORY.md change also unavoidably includes a pre-existing
adjacent index line for reference_antigravity_agy_not_headless.md, so that memory
file is bundled in to keep the index consistent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 18:50:45 -07:00
a1e85de432 docs(gitea): require non-interactive git auth on Windows
Mike's objection to Git for Windows is the constant GCM password
prompts that hang automation/background pushes, not the tool itself.
Document the working fix (repo-local credential.helper=store primed
with the azcomputerguru Gitea API token, GIT_TERMINAL_PROMPT=0) in the
Gitea Agent definition and shared memory.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 14:54:16 -07:00
bc5048b885 feat(human-flow): AST-based scanner v2 + Friction Index rubric
Upgrade the human-flow skill (Gemini-assisted, Claude-reviewed):
- scan.mjs rewritten to AST-based (@babel/parser/traverse) with 4
  detectors: unlabeled-icon-button, tiny-target, missing-feedback-props,
  click-without-keyboard; regex fallback on parse failure.
- Objective Friction Index (Motor 3.0 / Cognitive 2.5 / Keyboard 2.5 /
  Feedback 2.0); 0-10 Human Workflow Score.
- New heuristics: State-Flow Audit, Precision Rail / Fumble Zones,
  Restraint-o-Meter (1-5) for the fancy pass.
- `fix` command DISABLED for now (advisory only): the AST generator
  reprints whole files and produces noisy diffs; agents apply surgical
  fixes from the report. To be revisited with a string-splice editor.
- Add @babel/* deps + package-lock.json.
- Memory: agy review/review-files is NOT actually read-only (wrote files
  + ran npm despite documented plan-mode) — diff after every agy review.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 17:58:10 -07:00
8b82e28ed6 sync: auto-sync from GURU-5070 at 2026-06-05 16:44:08
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-05 16:44:08
2026-06-05 16:44:18 -07:00
383f137186 rmm dashboard redesign (Gemini live review) + CDP Chrome driver
- .claude/scripts/cdp.py: drive Chrome via DevTools Protocol; screenshots to disk
  (so Gemini/Grok can see the live site). Fixes invisible-window + no-disk-screenshot.
- reference_cdp_chrome_driver.md (+ MEMORY index)
- gururmm submodule pointer -> dashboard redesign docs (local 3cef6ba)
- session log

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 13:10:37 -07:00
73c36342fd memory: Syncro bot alerts must include ticket link
Feedback from Mike (Bardach #32387): every Syncro ticket bot-alert needs a
clickable link (https://computerguru.syncromsp.com/tickets/<internal_id>).
post-bot-alert.sh posts raw text, so the URL must be in the message.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 13:10:37 -07:00
480f97ed3e sync: auto-sync from GURU-5070 at 2026-06-02 20:40:54
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 20:40:54
2026-06-02 20:40:58 -07:00
c7a82dd4e9 sync: auto-sync from HOWARD-HOME at 2026-06-02 20:16:41
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-02 20:16:41
2026-06-02 20:16:51 -07:00
6e3d70b0c6 docs(gururmm): record dashboard beta-first channel + memory
- wiki/projects/gururmm.md: beta-first dashboard channels (rmm-beta) + wiring
- .claude/memory: feedback_dashboard_beta_first + index line
- bump guru-rmm submodule pointer to the beta-channel commit

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 20:14:52 -07:00
e312b2a7a1 fix(memory): drop 49 stale index entries pointing at deleted files
Commit f977540 had added MEMORY.md entries for the 49 resurrected
orphan files. My deletion commit 720bdd8 removed the files but missed
the matching index lines (read MEMORY.md before the rebase pulled
f977540 in). Index now matches the actual on-disk file set.

Self-check: 72 PASS / 0 WARN / 1 FAIL (autotask manifest issue
remains, not fixable on this machine).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-02 15:06:57 -07:00
b51a2e85c0 chore(memory): re-apply consolidation deletions + lift additive-only constraint
The 39 files I deleted in d676a9a got resurrected by sync-memory.sh on
GURU-5070 (0daa795) because the script is additive-only. Re-deleted them
(49 files this time -- some additional drift between machines).

Also added feedback_memory_sync_destructive_ok.md capturing the policy
shift: with everyone onboarded, the memory tooling no longer needs
additive-only safety. memory-dream may apply proposed merges/deletions
and sync-memory.sh should propagate repo-side deletions back to profile
stores. Script updates to honor that are still pending -- without them,
this round of cleanup is also vulnerable to resurrection.

Self-check: 0 WARN, 1 FAIL remaining (autotask command -- manifest issue,
not fixable on this machine; needs Mike to either un-localize /autotask
or move it to capability-gated in baseline/manifest.json).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-02 15:03:58 -07:00
f977540351 memory: add 49 orphaned files to MEMORY.md index
Applied memory-dream --apply-safe to resolve orphan warning from self-check.

- Added all 49 orphaned feedback/project/reference memories to index
- Index now complete with all 127 memory files properly referenced

This resolves the WARN from self-check about orphaned memory files.
2026-06-02 14:57:59 -07:00
88d026bce5 docs(memory): record winget-jq CRLF gotcha for harness scripts
The winget jq build on Windows emits CRLF; a trailing \r silently corrupts
`for x in $(jq ...)` loops and read-from-@tsv fields (single-value $() hides it).
Fix: override `jq(){ command jq "$@" | tr -d '\r'; }`. Windows-build-specific,
so it passes review on Mac/Linux. First hit + fix: the self-check skill engine.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 14:51:09 -07:00
c4681f59d0 sync: auto-sync from GURU-BEAST-ROG at 2026-06-02 10:44:23
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-02 10:44:23
2026-06-02 10:44:29 -07:00
0daa7951b3 sync: auto-sync from GURU-5070 at 2026-06-02 07:25:49
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 07:25:49
2026-06-02 07:25:55 -07:00
2b5d871cbc feat: session recovery toolset (orphan detector + /recover)
Reconstructs session logs from Claude Code transcripts when a session
crashes or is closed before /save. Two entry points:

- /recover <uuid|latest> : manual, Claude-reviewed reconstruction
- detect_orphaned_sessions.py : scheduled scan that auto-builds logs for
  substantive, unsaved, not-yet-recovered transcripts (banner-marked
  RECOVERED-UNVERIFIED), commits them, and posts a #bot-alerts FYI.

recover_session.py is the shared engine: Python extracts the verbatim
command/config/reference timeline; Ollama drafts prose-only narrative.
Machine-local ledger (.claude/state/) prevents reprocessing. Reviewed:
git add scoped to own files, ledger written only after successful push,
per-uuid idempotency, --max cap for unattended runs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 18:33:07 -07:00
1988c65f58 sync: auto-sync from HOWARD-HOME at 2026-06-01 17:07:55
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-01 17:07:55
2026-06-01 17:10:07 -07:00
b120efe03f sync: auto-sync from GURU-5070 at 2026-06-01 16:30:28
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-01 16:30:28
2026-06-01 16:33:58 -07:00
d676a9a03b chore(memory): consolidate scattered feedback/project/reference files
Compressed memory store 104 -> 71 files via four passes:

- Syncro: 19 scattered feedback_syncro_* files merged into 3 rule files
  (api/billing/workflow) + an on-demand feedback_syncro_history.md for
  incident detail, quotes, and tech/product ID tables.
- Four near-duplicate merges: Howard paste-safety, Pluto build server,
  Howard backend deferral, IX server access (ssh+tailscale).
- Per-cluster rule/state/history split applied to GuruConnect (2->1),
  Dataforth (3->2), Cascades (7->3), GuruRMM (13->3).
- New reference_resource_map.md: single auto-loaded cheatsheet for
  "do I have access to X and how do I connect from this machine?"
- MEMORY.md rewritten to match the new layout.

Health: broken backlinks 8->7, overlap clusters 12->5, orphans 17->0.
2026-06-01 16:25:45 -07:00
19b69c52ad Add memory-dream skill + additive cross-machine memory sync
memory-dream: read-only memory lint/consolidation analyzer (index, backlinks,
stale refs, dup clusters, profile drift); additive-only --apply-safe, all
merges/deletes are proposals. sync-memory.sh: additive repo<->harness-profile
union (no delete/overwrite, conflicts surfaced), wired to a SessionStart hook.
Migrates the useful profile-only memories into the synced repo store.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 15:22:12 -07:00
f184412b9b sync: auto-sync from GURU-5070 at 2026-06-01 06:57:20
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-01 06:57:20
2026-06-01 06:57:28 -07:00
82188bc352 sync: auto-sync from HOWARD-HOME at 2026-05-31 20:13:56
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-31 20:13:56
2026-05-31 20:14:09 -07:00
c4457c8a21 memory: record RMM webhook docs-only build guard (SPEC-020 Phase 0)
Host guard in /opt/gururmm/webhook-handler.py skips docs-only pushes; note the
stale repo copy must not be redeployed over it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 17:07:09 -07:00
08caeaf594 memory: add RMM identify-by-IP feedback
Match a known external IP to the RMM agent rather than reconning every
candidate machine (Mike's correction during the Pavon GuruConnect-client
removal). Notes the GuruRMM agent-IP tracking gap (todo 7459428e).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 16:39:46 -07:00
1898f42f0e scc: Session save and push from GURU-5070 at 2026-05-30 14:47
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-30 14:46:14 -07:00
8143221659 sync: auto-sync from GURU-5070 at 2026-05-30 11:51:56
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-30 11:51:56
2026-05-30 11:52:04 -07:00
a816687674 memory: record GuruConnect v2 direction (SPEC-002)
Native-first full key fidelity + bidirectional file cut/paste/drag are Mike's
headline must-haves; WebRTC fallback only. Greenfield-salvage-cores,
standalone-first + RMM contract, hardened single-tenant but tenancy-ready.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 18:08:41 -07:00
3c1853d358 spec(gururmm): SPEC-017 mobile device support + Apple cert memory
- Update guru-rmm submodule pointer (SPEC-017 mobile device support)
- Record Apple Developer + MDM Push certs (acquired 2026-05-29); MDM push
  cert renews annually on the same Apple ID or all enrolled iOS devices break

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 17:11:37 -07:00
bb09756232 memory: ACG's own MSP stack (ScreenConnect/Splashtop/Syncro/Datto RMM+EDR/GuruRMM) - not foreign agents
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 13:25:18 -07:00
2048d73a4a sync: auto-sync from HOWARD-HOME at 2026-05-29 12:35:52
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-29 12:35:52
2026-05-29 12:36:03 -07:00
d0cbf6126e docs: record Claude-Builder=PLUTO mapping + infra working-feedback memories
- Pluto memory/wiki/machine notes: Unraid VM "Claude-Builder" == hostname PLUTO ==
  172.16.3.36 (same box); RMM-agent access path when SSH key unauthorized; now also
  builds the GuruConnect Windows agent + hosts a Gitea Actions runner.
- New feedback memories: post #bot-alerts only for client/ticket-affecting RMM commands;
  proceed autonomously through routine infra/build prerequisites.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 10:37:44 -07:00
42cf2bdd68 chore: convert guru-connect to submodule; integrate ADR-008 + 2026-05-29 session log
guru-connect is now tracked as a submodule (azcomputerguru/guru-connect @ e3e95f8);
its working state was published to the GC repo first, so no content is lost. guru-rmm
advanced to include ADR-008 (GC integration boundary) replayed on top of the team's
Integrations Center / discovery advances. Includes the native-remote-control spec
(now inside the GC submodule), the versionable-products memory, and the session log.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 06:36:54 -07:00
f04c5012e9 sync: auto-sync from HOWARD-HOME at 2026-05-28 12:26:48
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-28 12:26:48
2026-05-28 12:26:56 -07:00
3dbbbfaa6b sync: auto-sync from GURU-5070 at 2026-05-27 16:54:37
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-27 16:54:37
2026-05-27 16:54:45 -07:00
ba90915da5 docs(session)+rules: 2026-05-27 — Quantum M365 onboarding, IX autodiscover fix, Syncro emergency/labor/attribution rules
Session logs: root (Michael #32329 hosting offer + IX simplehost.email autodiscover DNS fix + Cascades #32332 emergency correction) + Quantum client log (M365 tenant 2fd0092b onboarding, break-glass GA, CA report-only).

Syncro rule overhaul:
- Emergency billing: prepaid -> 26184 @ hours x1.5 (was 26118); non-prepaid -> 26184 with channel rate (onsite $262.50 / remote+inshop $225)
- Never make up labor items (existing product + real name; QuickBooks sync)
- Corrections preserve original tech's user_id (commission); adding notes/labor never changes ticket owner

/remediation-tool: Conditional Access may be managed programmatically (report-only first + exclude break-glass + confirm before enforce); fabb3421 deprecated for customer tenants; Quantum tenant onboarded (gotchas table).

Memory: 4 new (no-madeup-labor, corrections-preserve-tech, ca-programmatic, quantum-godaddy-tenant) + updates.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 14:57:55 -07:00
3f3a16a56d sync: auto-sync from HOWARD-HOME at 2026-05-27 11:24:44
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-27 11:24:44
2026-05-27 11:25:34 -07:00
599d861478 docs(memory): coord /messages API shape (paginated object, not array)
Pin down the coord messages endpoint shape after repeated mark-read failures:
{total,skip,limit,messages[]}; parse .messages[], strip control chars, read may be null.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 11:10:24 -07:00
19594b15dc docs(session): 2026-05-27 — RMM Phase 2 deploy, Autotask integration, Tohono DoIT #32328
- Root log: GuruRMM Phase 2 authz/IDOR deployed (v0.3.31); Autotask creds verified + vaulted; /autotask scaffolded (kept local)
- Client log (new): Tohono O'odham DoIT — Starlink static IP / site-to-site research, ticket #32328
- Memory: Syncro is default PSA, Autotask opt-in (feedback_psa_default_syncro.md)

Note: .claude/commands/autotask.md intentionally left local/uncommitted per Mike.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 10:40:06 -07:00
2ca7bfc475 chore(memory): fix shared-memory index issues
Audit of .claude/memory found and fixed:
- Broken link: Power Failure Runbook (../.claude/... -> ../...)
- 8 orphaned memories not in MEMORY.md index (Graph CA/password-reset,
  vault-write-sequence, GURU-BEAST-ROG, 3x Cascades, identity proposal)
  -> now indexed under their sections, so they're discoverable
- 5 files missing frontmatter -> added name/description/type
- Duplicate index entry for reference_workstation_setup.md -> deduped
- Trimmed the worst oversized index hooks (Syncro invoice line was 427 chars)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 07:37:59 -07:00
15de6a7cf2 sync: auto-sync from GURU-KALI at 2026-05-26 19:41:06
Author: Mike Swanson
Machine: GURU-KALI
Timestamp: 2026-05-26 19:41:06
2026-05-26 19:41:07 -07:00