"Emergency" is a billing modifier, not a delivery channel. Added explicit
hard rule that Remote/Onsite/In-Shop must be confirmed separately when billing
emergency — the delivery channel determines price_retail and cannot be guessed.
Updated both the Hard Rules section and the Billing workflow Step 1 gather prompt.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pin down the coord messages endpoint shape after repeated mark-read failures:
{total,skip,limit,messages[]}; parse .messages[], strip control chars, read may be null.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Read and send mail for an ACG mailbox via the shared Claude-MSP-Access Graph app
(fabb3421), defaulting to the running user's mailbox from identity.json (mike/howard).
Send and reply are hard-gated: full To/Cc/Subject/Body preview + explicit confirm,
external recipients flagged, no retries/bulk, saved to Sent. Read path verified live;
token cached to .claude/tmp (gitignored), secret from SOPS vault.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Syncro is the default PSA; Autotask is opt-in. Ignoring .claude/commands/autotask.md
so /save and /sync (git add -A) don't push it to the fleet. Remove the line to distribute.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Audit of .claude/memory found and fixed:
- Broken link: Power Failure Runbook (../.claude/... -> ../...)
- 8 orphaned memories not in MEMORY.md index (Graph CA/password-reset,
vault-write-sequence, GURU-BEAST-ROG, 3x Cascades, identity proposal)
-> now indexed under their sections, so they're discoverable
- 5 files missing frontmatter -> added name/description/type
- Duplicate index entry for reference_workstation_setup.md -> deduped
- Trimmed the worst oversized index hooks (Syncro invoice line was 427 chars)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
AdwCleaner requires both elevated privileges and an interactive desktop
session simultaneously -- SYSTEM context is elevated but Session 0 (no
desktop), user_session has a desktop but a non-elevated WTS token.
Removing for now; will re-add with schtasks InteractiveToken dispatch
when that mechanism is implemented.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
NoNewWindow caused scanner processes to inherit PowerShell's stdout/stderr
pipe handles from the GuruRMM agent. If any scanner hung in Session 0
(e.g. AdwCleaner GUI init), it held the pipe open after PowerShell exited,
blocking the GuruRMM command for hours until the server-side reaper fired.
WindowStyle=Hidden gives each scanner its own window/console so pipe
handles are not inherited. Scanner processes that timeout are still killed
by Wait-ProcessWithTimeout; the overall scan completes normally.
Verified: full pipeline completes in ~7.5 min on RMM-TEST-MACHINE with
EICAR detection, GURUSCAN_RESULT_JSON emitted correctly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Mike's decision (2026-05-27): the roadmap is a maintained status-and-plan
tracker ([ ]=planned, [x]=shipped, dated), consulted going in and updated
coming out.
- gururmm-development-principles memory: new "Living Roadmap (MANDATORY)"
principle — consult before building, update the entry in the SAME change
when shipping/modifying; roadmap update is part of definition-of-done.
Dev is the primary maintainer; the audit is the backstop.
- rmm-audit skill: state the convention explicitly — the roadmap pass
default is reconcile-and-flip (not annotate-only).
(Companion gururmm-repo changes — DESIGN.md principle + baseline checkbox
reconcile — pushed separately to the gururmm repo.)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The skill's frontmatter claimed it updated FEATURE_ROADMAP.md, but the body
had no roadmap-reconciliation logic — so stale checkboxes slipped through
(Network Discovery Node backend + BUG-001 temperature both shipped while
marked [ ]). Added:
- Agent F (parallel, read-only): cross-references every roadmap checkbox
against code artifacts; classifies STALE-INCOMPLETE / PARTIAL /
STALE-COMPLETE / ACCURATE with proving artifact. Conservative — only
flips when end-to-end evidence is unambiguous; backend/scaffolding-only
is PARTIAL, never flipped.
- Living-docs step: actually flip stale checkboxes, annotate partials,
flag [x]-but-missing as [HIGH] regressions; every change logged in the
report's new "FEATURE_ROADMAP.md Delta" section (no silent edits).
- Phase 0 extracts the roadmap claims list; --pass=roadmap added.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Exit code fix: add $proc.Handle caching after Start-Process -PassThru to prevent
the handle from being released before ExitCode is readable (known PS5.1 bug).
GuruRMM reporting: launcher now finds results.json after each scan and emits
GURUSCAN_RESULT_JSON:<compressed> to stdout. Agent CommandResult captures it;
server stores it in commands.stdout for retrieval via GET /api/commands/:id.
Pre-scan hardening:
- Pre-flight EXE check: warns about missing scanner binaries before run starts
- Windows Defender exclusions added for scanner/log paths before scan, removed after
AdwCleaner: add /path {LOG_ROOT} arg so logs write directly to scan log root;
update log_src to {LOG_ROOT}\Logs to match.
HitmanPro: add /quiet to scan and clean args to suppress GUI in headless runs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removed/simplified sections now handled by identity.json:
- Removed Ollama endpoint table (now in identity.json)
- Condensed verbose Ollama description
- Updated GrepAI CLI path to use $CLAUDETOOLS_ROOT
- Added migrate-identity.sh step to onboarding
All machine-specific config (Ollama, Python, paths) now centralized
in identity.json — CLAUDE.md references it, doesn't duplicate it.
Phase 2 migration complete:
sync.sh:
- Read Python command from identity.json first (.python.command)
- Fall back to auto-detection for legacy machines
- Eliminates per-session detection overhead
syncro.md:
- Read Ollama endpoint from identity.json (.ollama.endpoint // .ollama.fallback)
- Read Python command from identity.json (.python.command)
- Both sections have legacy fallbacks with detection
- Eliminates 2-second curl probe on every write operation
- Updated day-of-week verification code example
- Updated Ollama draft call section
Impact: All scripts now read machine-specific config from identity.json
(populated by migrate-identity.sh). Faster, explicit, offline-safe.
The script auto-detected PYTHON_CMD but then hardcoded `python3` for the
JSON write (exit 127 on Windows where only `py` exists), and passed a Git
Bash POSIX path (/d/...) to native Python (FileNotFoundError). Fixes:
- use "$PYTHON_CMD" instead of hardcoded python3
- convert IDENTITY_PATH via `cygpath -m` for the interpreter (no-op elsewhere)
Verified on GURU-5070: identity.json migrated correctly (py, windows/amd64,
localhost Ollama, qwen3:8b).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Auto-detects Python command, platform, architecture
- Probes Ollama (local vs remote)
- Sets prose_model based on machine (qwen3:8b for GURU-5070, else qwen3:14b)
- Tested on Mikes-MacBook-Air: all fields populated correctly
Ready for coord rollout to all machines.
