Removes the stale copy of gururmm source from claudetools tracking and
replaces it with a submodule pointing to the live gururmm Gitea repo.
Fixes context drift between session logs and actual codebase state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Created comprehensive show prep using breaking news from April 9-18, 2026:
- Artemis II post-flight news conference (April 16)
- IonQ quantum 'Holy Grail' breakthrough (April 14)
- 90% cancer detection from stool samples via AI (April 9)
- Stanford AI Index 2026 findings
- RAM shortage hitting consumers today
Replaced recycled CES content with current, timely stories.
File: projects/radio-show/episodes/2026-04-18-tech-that-makes-life-fun/show-prep-fresh.html
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Created platform-level admin account (howard@azcomputerguru.com) on GuruRMM.
Dashboard + API access details in messages/for-howard.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixed Cascades pfSense password in vault (a6A6c6fe→Th1nk3r^99, moved from
dataforth to cascades-tucson). Ollama exposed via Tailscale for Howard
(100.92.127.64:11434, firewall restricted to 100.0.0.0/8). Reviewed
Howard's first full day of work on shared system.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CLAUDE.md: Ollama section rewritten. localhost for Mike's workstation,
100.92.127.64:11434 via Tailscale for all other machines. Claude reads
identity.json hostname to determine which URL to use. Firewall rule
restricts to Tailscale 100.0.0.0/8 subnet only.
ONBOARDING.md: updated Ollama section for remote access.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Discovered from GUI page source: comment[product_id] + comment[minutes_spent]
+ comment[bill_time_now] are fields on POST /tickets/{id}/comment. This is
how the GUI adds time — as part of the comment, not via separate timer_entry.
Updated billing workflow + added --time/--labor flags to comment command.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Timer entries use POST /tickets/{id}/timer_entry with labor product IDs
(not invoice products). "Make Invoice" converts timers to invoice.
Documented 7 common labor products with IDs. Fixed line_items path to
/invoices/{id}/line_items.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create, update, close, comment on, search, and bill tickets via Syncro
REST API. Includes customer search, invoice creation, line items, and
ticket timer management. API key from SOPS vault.
Verified: pulls real ticket data from computerguru.syncromsp.com.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two phishing campaigns hit Glaztech on 2026-04-17 bypassing MailProtector
via exposed M365 MX record. Spoofed internal senders, forwarded by 8 users.
Fixes applied: removed direct M365 MX, DMARC p=reject, Enhanced Filtering
on inbound connector. 32 messages purged across all affected mailboxes.
Forensic samples + full incident report preserved.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New clients/evs/ directory with session log documenting the
registry tweak to restore the classic right-click context menu
on Howard's EVS VM (reg add of empty InprocServer32 under the
Win11 new-menu CLSID, per-user HKCU, no admin needed).
589G OwnCloud data moved from cache SSD to disk7 array (2h49m rsync).
Cache dropped from 82% to 34%. MariaDB + Discourse recovered and running
7h+ healthy. Share config changed to no-cache permanently.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Jupiter cache drive at 99% BTRFS data allocation — MariaDB + Discourse
crash-looping. Root cause: 589G OwnCloud data stuck on cache (mover
blocked by active SMB session from OwnCloud VM). Migration in progress
(rsync cache->array disk7, ~90% at time of commit). Also fixed /mode
command to acknowledge /color is user-invokable only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Five modes: client (orange), dev (cyan), infra (red), general (blue),
remediation (purple). Auto-detects from user messages using keyword
priority rules. Manual override via /mode <name>. Color changes via
/color on mode transitions. Posture adjusts per mode (e.g., infra =
confirm-before-destructive, dev = delegate freely).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Appended afternoon work: MSI installer MVP, Len's Auto Brokerage test
client, Uranus server docs, multi-user identity system, onboarding guide,
bootstrap package, audit gap fixes (GrepAI/Ollama/MCP/settings), and
generic /import command for folder ingestion.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Slash command that accepts any folder path, scans all files, classifies
by content (client work, project code, credentials, session logs, tools,
docs), sanitizes credentials into SOPS vault, presents a placement plan
for approval, then executes.
Handles Claude Code session data (delegates to tools/import-sessions.py),
existing project detection, duplicate checks, and credential extraction.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
tools/import-sessions.py: Scans ~/.claude/projects/ for existing Claude
Code sessions, extracts summaries (user messages, tools used, files
touched, credential flags), stages for Claude to organize into
ClaudeTools folder structure.
Audit gap fixes:
- .mcp.json: added grepai MCP server
- .claude/settings.json: created with bypassPermissions default
- .claude/MCP_SERVERS.md: documented all MCP servers
- Ollama: all 3 models pulled (qwen3:14b, codestral:22b, nomic-embed-text)
- GrepAI: initialized (grepai init), watcher ready
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Enhance /save and /sync slash commands to attribute commits by author
so Mike and Howard can see at a glance what the other person did.
- sync.sh: loads identity.json, shows incoming/outgoing commits with
author + age before pull/push, groups by author in final summary
- sync.md: describes the new output format + conflict attribution
- save.md: pre-commit Change Summary block + post-commit Summary
Motivation: repo is now shared across team, `git log` alone made it
hard to see "when did Howard change that?" without hunting.
- ONBOARDING.md: comprehensive guide explaining WHY the setup exists
(vault, session logs, skills, agents, Ollama/GrepAI, daily workflow).
Written for someone who's never used Claude Code before.
- CLAUDE.md: on first sync, Claude walks new users through ONBOARDING.md
section by section + sets up git remote for their own Gitea account.
- users.json: Howard's gitea_username added (own account, admin on all repos).
Audit findings noted: GrepAI not installed, Ollama not running,
MCP_SERVERS.md missing. These need fixing per-machine before onboarding
is fully smooth.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- .claude/identity.json (gitignored, per-machine) identifies who's at the keyboard
- .claude/users.json (tracked) registers known team members + roles + machines
- CLAUDE.md: on first sync, Claude asks "Mike or Howard?" and creates identity.json
- Session logs must include User section for attribution
- Git commits use per-user name/email (shared Gitea push account)
- Howard Enos (tech, full trust) added as second team member
- Memory entry created for Howard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
End-to-end automated signing via jsign on Linux build server (SP-authenticated
to Azure Trusted Signing). First signed release built through the pipeline.
First signed MSI installer using WiX 5 on Windows workstation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sed escape-sequence handling through the heredoc lost the \1
backreference, yielding an empty VERSION. Switched to
awk -F'"' '/^version/{print $2; exit}' which is simpler and resistant to
quoting. First full end-to-end signed build validated v0.6.1 deployed
and verified against the Microsoft cert chain.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- sign-windows.sh: jsign wrapper using Trusted Signing service principal
via OAuth client_credentials flow. Reads SP creds from
/etc/gururmm-signing.env (root-only). Uses RFC3161 timestamping (jsign's
default Authenticode mode fails against Microsoft ACS).
- build-agents.sh: now signs the Windows binary in-place after cargo build
and computes sha256 AFTER signing so consumers get correct hashes.
- Updated -latest symlinks for both Linux + Windows in the build script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reproducible signing setup for any developer machine. metadata.json
points signtool at the gururmm-signing account / gururmm-public-trust
cert profile. sign.ps1 wraps signtool with the right /dlib + /dmdf +
timestamp flags; uses az login session for authentication.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TEST-DATASHEET-PROCESS.md: comprehensive pipeline documentation for
Dataforth engineering (10 sections, data flow, state diagram, FAQ)
- signing-attestation/: domain ownership attestation letter with
in-place signature for Azure Trusted Signing identity validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
