Cloned gururmm repo as submodule at projects/msp-tools/guru-rmm
Now tracking commit f804983 (hooks + migration verification)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added fresh radio show prep HTML (April 18, 2026 broadcast)
- Created vanilla cake recipe HTML for web publishing
- Removed guru-rmm submodule (migration incomplete, needs gururmm repo)
Machine: Mikes-MacBook-Air.local
Timestamp: 2026-04-19 08:09:00
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Points to commit that adds .gitattributes, install-hooks.sh, verify-migrations.sh,
009_add_missing_indexes.sql, and resolves sqlx checksum drift.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removes the stale copy of gururmm source from claudetools tracking and
replaces it with a submodule pointing to the live gururmm Gitea repo.
Fixes context drift between session logs and actual codebase state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
End-to-end automated signing via jsign on Linux build server (SP-authenticated
to Azure Trusted Signing). First signed release built through the pipeline.
First signed MSI installer using WiX 5 on Windows workstation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sed escape-sequence handling through the heredoc lost the \1
backreference, yielding an empty VERSION. Switched to
awk -F'"' '/^version/{print $2; exit}' which is simpler and resistant to
quoting. First full end-to-end signed build validated v0.6.1 deployed
and verified against the Microsoft cert chain.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- sign-windows.sh: jsign wrapper using Trusted Signing service principal
via OAuth client_credentials flow. Reads SP creds from
/etc/gururmm-signing.env (root-only). Uses RFC3161 timestamping (jsign's
default Authenticode mode fails against Microsoft ACS).
- build-agents.sh: now signs the Windows binary in-place after cargo build
and computes sha256 AFTER signing so consumers get correct hashes.
- Updated -latest symlinks for both Linux + Windows in the build script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reproducible signing setup for any developer machine. metadata.json
points signtool at the gururmm-signing account / gururmm-public-trust
cert profile. sign.ps1 wraps signtool with the right /dlib + /dmdf +
timestamp flags; uses az login session for authentication.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TEST-DATASHEET-PROCESS.md: comprehensive pipeline documentation for
Dataforth engineering (10 sections, data flow, state diagram, FAQ)
- signing-attestation/: domain ownership attestation letter with
in-place signature for Azure Trusted Signing identity validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Installed C:\ProgramData\dataforth-uploader\ on AD2 with:
- credentials.json (SYSTEM+Administrators ACL only)
- run-pipeline.ps1 (DFWDS-process -> enumerate For_Web -> upload-delta)
- dfwds-process.js + upload-delta.js (copied from prior install dir)
- logs/ with 60-day retention
Scheduled Task 'DataforthTestDatasheetUploader' registered as SYSTEM,
hourly trigger, 30-min execution limit. First SYSTEM-context run verified:
received=7061 unchanged=7061 errors=0 in 8.7s.
Initial registration via inline base64 mangled the backslashes in the -File
argument (resulted in ERROR_DIRECTORY 0x8007010B). Fixed by running the
registration PowerShell from a file rather than an encoded command string.
Also deleted throwaway tmp/list_amtransit.py + tmp/reset_cansley.py which
had hardcoded ACG admin password.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Built the missing piece between the test datasheet pipeline and Dataforth's
new product API. End-to-end:
- Pulled DFWDS (Dataforth Web Datasheet System) VB6 source from
AD1\Engineering\ENGR\ATE\Test Datasheets\DFWDS to local for analysis
- Decoded its filename validation: A-J prefix decodes (A=10..J=19), all-
numeric WO# valid (no leading 0), anything else bad
- Ported the validation + move logic to Node (dfwds-process.js)
- Built bulk uploader (upload-delta.js) for Hoffman's Swagger API
(POST /api/v1/TestReportDataFiles/bulk with OAuth client_credentials)
Sanitized 3 prior reference scripts (fetch-server-inventory, test-scenarios,
test-upload-two) to read CF_* env vars instead of hardcoded creds.
Live drain results:
- 897 files moved Test_Datasheets -> For_Web (all valid, no renames, no
bad), DFWDS port summary in 1.1s
- Pushed entire For_Web (7,061 files) to Hoffman API in 49.7s @ 142/s:
Created=803 Updated=114 Unchanged=6,144 Errors=0
- Server count: 489,579 -> 490,382 (+803 net new)
Also:
- Added clients/dataforth/.gitignore to exclude plaintext Oauth.txt note
- Added clients/instrumental-music-center/docs/2026-04-13-ticket-notes.md
(ticket write-up of 2026-04-11/12/13 IMC1 RDS removal/SQL migration work)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolves issues that could cause agent failure, stuck updates, and
silent errors during the update process.
Critical Fixes:
1. Binary Replacement Race Condition (Unix)
- PROBLEM: Window between rename and copy where no binary exists
- FIX: Use atomic rename pattern - copy to temp in same directory,
then single atomic rename operation
- IMPACT: Eliminates complete agent failure on crash during update
2. Update Failure Without Rollback
- PROBLEM: If restart fails after update, no rollback triggered
- FIX: Added rollback_binary() method, explicitly rolls back on
restart failure before returning error
- IMPACT: Agent no longer stuck in broken state
3. Windows Scheduled Task Timing Bug
- PROBLEM: Scheduled time could be in past, schtasks would fail
- FIX: Add 60-second buffer, return date+time tuple with /SD param
- IMPACT: Rollback watchdog now reliably schedules on Windows
4. Windows Binary Replacement Error Handling
- PROBLEM: All errors silently ignored with .ok()
- FIX: Proper error propagation with .context() on all operations
- IMPACT: Update failures now visible with actionable error messages
Code Review: APPROVED
- All fixes correctly address root causes
- Atomic operations eliminate race conditions
- Comprehensive error handling throughout
- Platform-specific code properly isolated
Testing: Syntax verified (cross-compilation toolchain not available)
Additional Issues Identified (for follow-up):
- HIGH: Unix watchdog doesn't survive reboots (systemd timer needed)
- MEDIUM: No concurrent update protection (lock file recommended)
- LOW: chmod failure should be fatal
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Stub migrations (005-008) satisfy sqlx requirement for previously
applied migrations that are missing source files in the codebase.
These migrations were applied in production but not committed.
Renumbered 005_add_missing_indexes to 009 to match production sequence.
Test results document confirms all Phase 1 tunnel API endpoints are
functioning correctly with proper error handling and HTTP status codes.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Avoids conflict with migrations 5-8 that were applied to production
database but are missing from current codebase. Migration 010 will be
applied after the existing sequence (1-4, 9 for 005_add_missing_indexes).
PostgreSQL doesn't support inline CONSTRAINT with WHERE clause.
Changed to separate CREATE UNIQUE INDEX statement for the partial
unique constraint on (tech_id, agent_id, status) WHERE status = 'active'.
This ensures only one active tunnel session per (tech, agent) pair
while allowing multiple closed sessions in history.
Migration tested and verified on PostgreSQL 14.
Comprehensive record of 2026-04-11/12 work extending the Dataforth Test
Datasheet Pipeline: discovery, implementation, deploy to AD2, full
backfill of 27,937 datasheets, post-deploy regex patch for QB plain-
decimal PASS lines, and repo commit 0dd3d82.
Includes credentials, infrastructure paths, commit reference, open
items (vault hygiene, rsync coverage), and accuracy-extraction
reference logic for future sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Extends the Test Datasheet Pipeline on AD2:C:\Shares\testdatadb to
generate web-published datasheets for the SCMVAS-Mxxx (obsolete) and
SCMHVAS-Mxxxx (replacement) High Voltage Input Module product lines.
Both are tested either with the existing TESTHV3 software (production
VASLOG .DAT logs) or in Engineering with plain .txt output.
Key changes on AD2 (all deployed 2026-04-12 with dated backups):
- parsers/spec-reader.js: getSpecs() returns a `{_family:'SCMVAS',
_noSpecs:true}` sentinel for SCMVAS/SCMHVAS/VAS-M/HVAS-M model prefixes
so the export pipeline does not silently skip them for missing specs.
- templates/datasheet-exact.js: new Accuracy-only template branch
(generateSCMVASDatasheet + helpers) that mirrors the existing shipped
format byte-for-byte. Extraction regex covers both QuickBASIC STR$()
output formats: scientific-with-trailing-status-digit (98.4% of
records) and plain-decimal (1.6% of records above QB's threshold).
- parsers/vaslog-engtxt.js (new): parses the Engineering-Tested .txt
files in TS-3R\LOGS\VASLOG\VASLOG - Engineering Tested\. Filename SN
regex strips optional trailing 14-digit timestamp; in-file "SN:"
header is the authoritative source when the filename is malformed.
- database/import.js: LOG_TYPES grows a VASLOG_ENG entry with
subfolder + recursive flags. Pre-existing 7 log types keep their
implicit recursive=true behaviour (config.recursive !== false).
importFiles() routes VASLOG_ENG paths before the generic loop so a
VASLOG - Engineering Tested/*.txt path does not mis-dispatch to the
multiline parser.
- database/export-datasheets.js: VASLOG_ENG records are written
verbatim via fs.copyFileSync(source_file, For_Web/<SN>.TXT) for true
byte-level pass-through, with a graceful raw_data fallback when the
source file is no longer on disk.
Deploy outcome:
- 27,503 SCMVAS/SCMHVAS datasheets rendered (27,065 from scientific +
438 from plain-decimal PASS lines, post-patch rerun)
- 434 Engineering-Tested .txt files pass-through-copied to For_Web
- 0 errors across both batches
Repo layout added here:
- scmvas-hvas-research/: discovery artifacts (source .BAS, hvin.dat,
sample .DAT + .txt, binary-format notes, IMPLEMENTATION_PLAN.md)
- implementation/: staged final code + deploy helpers + local test
harness + per-step verification scripts
- backups/pre-deploy-20260412/: independent local snapshot of the 4
AD2 files replaced, pulled byte-for-byte before deploy
All helper scripts fetch the AD2 password at runtime from the SOPS
vault (clients/dataforth/ad2.sops.yaml). None of the committed files
contain the plaintext credential. Known vault-entry hygiene issue
(stale shell-escape backslash before the `!`) is documented in the
fetcher comments and stripped at read-time; flagged separately for
cleanup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Removed gaming section per user request
- Added detailed pricing and availability for all CES gadgets
- Added company names, researchers, trial info for medical breakthroughs
- Added detailed specs for AI tools (NotebookLM, Gemini)
- Updated to 3-segment format
- Added price badges and availability badges for visual clarity
- Used ASCII markers instead of emojis per directives
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added company names, prices, availability dates for all topics
- CES gadgets: LG (,999-,999), Samsung TriFold (,500-,000), Roborock (,599), etc.
- Medical: Galleri test (, available now), VERVE-102 gene therapy details
- AI tools: NotebookLM (free), Gemini Imagen 3 (free tier), detailed access info
- Removed gaming section per user request
- Updated common thread and show wrap for 3-segment format
- Added specific researchers, trial status, company details throughout
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Show prep for April 5, 11, 18, 2026 (markdown + HTML)
- IX server Smart Slider 3 Pro security scan script
- Comprehensive security audit report (87 WordPress sites)
- All sites safe: 0 PRO (compromised), 3 FREE (safe)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
DOS 6.22 MD fails on existing dirs, then COPY creates a file instead of
copying into a directory. Dirs now pre-created on NAS server side.
Also removed trailing backslash from COPY target path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mixed-case paths caused "invalid directory" on TS-27. All paths now uppercase
to match DOS convention and Samba default case = upper setting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
