Host guard in /opt/gururmm/webhook-handler.py skips docs-only pushes; note the
stale repo copy must not be redeployed over it.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Match a known external IP to the RMM agent rather than reconning every
candidate machine (Mike's correction during the Pavon GuruConnect-client
removal). Notes the GuruRMM agent-IP tracking gap (todo 7459428e).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Update guru-rmm submodule pointer (SPEC-017 mobile device support)
- Record Apple Developer + MDM Push certs (acquired 2026-05-29); MDM push
cert renews annually on the same Apple ID or all enrolled iOS devices break
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Pluto memory/wiki/machine notes: Unraid VM "Claude-Builder" == hostname PLUTO ==
172.16.3.36 (same box); RMM-agent access path when SSH key unauthorized; now also
builds the GuruConnect Windows agent + hosts a Gitea Actions runner.
- New feedback memories: post #bot-alerts only for client/ticket-affecting RMM commands;
proceed autonomously through routine infra/build prerequisites.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
guru-connect is now tracked as a submodule (azcomputerguru/guru-connect @ e3e95f8);
its working state was published to the GC repo first, so no content is lost. guru-rmm
advanced to include ADR-008 (GC integration boundary) replayed on top of the team's
Integrations Center / discovery advances. Includes the native-remote-control spec
(now inside the GC submodule), the versionable-products memory, and the session log.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Pin down the coord messages endpoint shape after repeated mark-read failures:
{total,skip,limit,messages[]}; parse .messages[], strip control chars, read may be null.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Audit of .claude/memory found and fixed:
- Broken link: Power Failure Runbook (../.claude/... -> ../...)
- 8 orphaned memories not in MEMORY.md index (Graph CA/password-reset,
vault-write-sequence, GURU-BEAST-ROG, 3x Cascades, identity proposal)
-> now indexed under their sections, so they're discoverable
- 5 files missing frontmatter -> added name/description/type
- Duplicate index entry for reference_workstation_setup.md -> deduped
- Trimmed the worst oversized index hooks (Syncro invoice line was 427 chars)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mike's decision (2026-05-27): the roadmap is a maintained status-and-plan
tracker ([ ]=planned, [x]=shipped, dated), consulted going in and updated
coming out.
- gururmm-development-principles memory: new "Living Roadmap (MANDATORY)"
principle — consult before building, update the entry in the SAME change
when shipping/modifying; roadmap update is part of definition-of-done.
Dev is the primary maintainer; the audit is the backstop.
- rmm-audit skill: state the convention explicitly — the roadmap pass
default is reconcile-and-flip (not annotate-only).
(Companion gururmm-repo changes — DESIGN.md principle + baseline checkbox
reconcile — pushed separately to the gururmm repo.)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Merge Ollama fallback pattern with identity.json approach.
Store endpoint/fallback/prose_model to eliminate curl probes.
Same pattern as claudetools_root/vault_path (working).
Next: coord message rollout to populate fields on all machines.
Update cascades-tucson.md Syncro billing pattern to note the blank-contact
rule applies to all customers. Update feedback_syncro_cascades_contact.md
to be incident-detail only (Meredith Kuhn default), pointing to the global
rule in feedback_syncro_blank_contact.md. Update MEMORY.md index entry.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Implements LLM-compiled wiki layer between raw session logs and live
CONTEXT.md, inspired by Karpathy's knowledge base workflow. Adds wiki/
directory structure, article templates, spec docs, and seeds first two
articles (Cascades of Tucson, GuruRMM) from 60+ session logs.
Updates CLAUDE.md to check wiki first on all context-loading triggers.
Captures verified ACG IP/hostname map and Neptune physical-location
clarification (Dataforth D2, subnet overlap TODO) in memory.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sync.sh: replace `git diff-index --quiet HEAD --` with
`[ -n "$(git status --porcelain)" ]` in both the main-repo (Phase 1) and
vault change-detection, so brand-new untracked files are no longer silently
skipped (the bug Howard hit 2026-04-17). Mark project_sync_script_bug.md
RESOLVED.
.gitignore: exclude the datto BSOD dumps (6 MB zip + 48 MB extracted) so the
detection fix doesn't sweep 54 MB of binaries into the repo.
memory: finish the add_line_item reconciliation — drop legacy "time entry" /
timer-billable framing from feedback_syncro_labor_type and
feedback_syncro_warranty_product (and their index lines); the product-selection
rules themselves are unchanged.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mike's overhaul replaced the timer workflow with add_line_item, and he
already rewrote feedback_syncro_timer_first.md. Reconcile the leftovers:
- MEMORY.md index line for timer_first still stated the superseded
"timers required" rule as current — rewrite to the add_line_item rule.
- timer_entry response-shape memory is now about a dead workflow — mark
it HISTORICAL (index + file banner), retained only for manual timer use.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Billing now uses add_line_item directly; timer_entry/charge_timer_entry removed
- Added Verified Response Shapes table for all endpoints (tested live against ACG internal customer)
- Billing workflow rewritten as strict 5-step locked script with no branches
- Added STOP rule: never try alternative endpoints/formats on unexpected responses
- bot-alerts section: explicit success ([OK] + message_id) and failure ([WARNING]) criteria
- Updated feedback memory to supersede the old timer-first rule
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CODING_GUIDELINES.md: tighten parity rule wording to match Mike's intent:
"add feature X" means Windows + Linux + macOS in the same commit
- memory: add feedback_gururmm_agent_parity for future session enforcement
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Full tenant verification sweep: all Intune/Entra objects match session logs
- Entra Connect staging mode exited; 17 AD groups synced to cloud
- CA policies (Block-off-network, Sign-in-frequency-8h, Block-non-compliant) patched from SG-Caregivers-Pilot to AD-synced SG-Caregivers
- Registration Campaign exclusion updated to SG-Caregivers
- Deleted test accounts: howard.enos (AD) and pilot.test (M365)
- Documented Christine Nyanzunda collision risk, Ederick Yuzon open item, standing security-group rule
- Session log written
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
