- Pluto memory/wiki/machine notes: Unraid VM "Claude-Builder" == hostname PLUTO ==
172.16.3.36 (same box); RMM-agent access path when SSH key unauthorized; now also
builds the GuruConnect Windows agent + hosts a Gitea Actions runner.
- New feedback memories: post #bot-alerts only for client/ticket-affecting RMM commands;
proceed autonomously through routine infra/build prerequisites.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Documents the full GuruRMM onboarding process (POST /api/clients, POST /api/sites
with one-time api_key capture), the vault storage step, and the sops-encryption
gotchas hit while onboarding Rednour Law Offices (--config required, quote dates,
secrets under credentials:).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Corrected the 2026-05-28 SmartBadge fix on KSTEENBB2025: the older Datto
Workplace Desktop v8 had been left in place (diverged from the fleet, which
runs Datto Workplace v10.53.4 / Workplace2). Removed v8, installed v10,
aligned the SmartBadge _CC add-in + CLSID to the EVO-X1 reference, and cleared
Kristin's stuck per-user LoadBehavior=2.
- ksteen-smartbadge-verify.ps1: PASS/FAIL verdict vs fleet reference
- ksteen-smartbadge-fix.ps1: machine + per-user remediation
- check-ksteen-smartbadge.sh: daily runner (RMM -> verdict -> #bot-alerts,
coord message to Mike on drift); driven by a 7-day scheduled task on GURU-5070
- wiki: agents table, dual-Workplace SmartBadge known issue + fleet standard,
2026-05-28/29 history
Syncro #32339. Coord todo 4a5b09b3 (watch expires 2026-06-05).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
guru-connect is now tracked as a submodule (azcomputerguru/guru-connect @ e3e95f8);
its working state was published to the GC repo first, so no content is lost. guru-rmm
advanced to include ADR-008 (GC integration boundary) replayed on top of the team's
Integrations Center / discovery advances. Includes the native-remote-control spec
(now inside the GC submodule), the versionable-products memory, and the session log.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Any ticket, estimate, appointment, or schedule created for testing or API
research must have its subject/name prefixed with [TEST]. Added as a Hard
Rule and cross-referenced in the recurring schedules section.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sanitize_json() called `python3` unconditionally, but on ACG Windows boxes
the Microsoft Store python3 alias is disabled and `py` is the launcher
(feedback_python_windows). When `python3` was missing the function silently
returned empty, and the surrounding `result_safe='{"messages":[]}'` default
dropped every unread coord message — no error, no warning, no toast.
Now prefers identity.json's `.python.command` (set during machine onboarding,
matching the pattern other scripts already use), falls back to
`command -v python3 || command -v py || command -v python`, and if no Python
is available falls back to `tr -d '\000-\037'` so jq can still parse — lossy
on real \n/\t in string fields but keeps messages visible instead of dropping
them.
"Emergency" is a billing modifier, not a delivery channel. Added explicit
hard rule that Remote/Onsite/In-Shop must be confirmed separately when billing
emergency — the delivery channel determines price_retail and cannot be guessed.
Updated both the Hard Rules section and the Billing workflow Step 1 gather prompt.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pin down the coord messages endpoint shape after repeated mark-read failures:
{total,skip,limit,messages[]}; parse .messages[], strip control chars, read may be null.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Read and send mail for an ACG mailbox via the shared Claude-MSP-Access Graph app
(fabb3421), defaulting to the running user's mailbox from identity.json (mike/howard).
Send and reply are hard-gated: full To/Cc/Subject/Body preview + explicit confirm,
external recipients flagged, no retries/bulk, saved to Sent. Read path verified live;
token cached to .claude/tmp (gitignored), secret from SOPS vault.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Audit of .claude/memory found and fixed:
- Broken link: Power Failure Runbook (../.claude/... -> ../...)
- 8 orphaned memories not in MEMORY.md index (Graph CA/password-reset,
vault-write-sequence, GURU-BEAST-ROG, 3x Cascades, identity proposal)
-> now indexed under their sections, so they're discoverable
- 5 files missing frontmatter -> added name/description/type
- Duplicate index entry for reference_workstation_setup.md -> deduped
- Trimmed the worst oversized index hooks (Syncro invoice line was 427 chars)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mike's decision (2026-05-27): the roadmap is a maintained status-and-plan
tracker ([ ]=planned, [x]=shipped, dated), consulted going in and updated
coming out.
- gururmm-development-principles memory: new "Living Roadmap (MANDATORY)"
principle — consult before building, update the entry in the SAME change
when shipping/modifying; roadmap update is part of definition-of-done.
Dev is the primary maintainer; the audit is the backstop.
- rmm-audit skill: state the convention explicitly — the roadmap pass
default is reconcile-and-flip (not annotate-only).
(Companion gururmm-repo changes — DESIGN.md principle + baseline checkbox
reconcile — pushed separately to the gururmm repo.)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The skill's frontmatter claimed it updated FEATURE_ROADMAP.md, but the body
had no roadmap-reconciliation logic — so stale checkboxes slipped through
(Network Discovery Node backend + BUG-001 temperature both shipped while
marked [ ]). Added:
- Agent F (parallel, read-only): cross-references every roadmap checkbox
against code artifacts; classifies STALE-INCOMPLETE / PARTIAL /
STALE-COMPLETE / ACCURATE with proving artifact. Conservative — only
flips when end-to-end evidence is unambiguous; backend/scaffolding-only
is PARTIAL, never flipped.
- Living-docs step: actually flip stale checkboxes, annotate partials,
flag [x]-but-missing as [HIGH] regressions; every change logged in the
report's new "FEATURE_ROADMAP.md Delta" section (no silent edits).
- Phase 0 extracts the roadmap claims list; --pass=roadmap added.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Removed/simplified sections now handled by identity.json:
- Removed Ollama endpoint table (now in identity.json)
- Condensed verbose Ollama description
- Updated GrepAI CLI path to use $CLAUDETOOLS_ROOT
- Added migrate-identity.sh step to onboarding
All machine-specific config (Ollama, Python, paths) now centralized
in identity.json — CLAUDE.md references it, doesn't duplicate it.
Phase 2 migration complete:
sync.sh:
- Read Python command from identity.json first (.python.command)
- Fall back to auto-detection for legacy machines
- Eliminates per-session detection overhead
syncro.md:
- Read Ollama endpoint from identity.json (.ollama.endpoint // .ollama.fallback)
- Read Python command from identity.json (.python.command)
- Both sections have legacy fallbacks with detection
- Eliminates 2-second curl probe on every write operation
- Updated day-of-week verification code example
- Updated Ollama draft call section
Impact: All scripts now read machine-specific config from identity.json
(populated by migrate-identity.sh). Faster, explicit, offline-safe.
The script auto-detected PYTHON_CMD but then hardcoded `python3` for the
JSON write (exit 127 on Windows where only `py` exists), and passed a Git
Bash POSIX path (/d/...) to native Python (FileNotFoundError). Fixes:
- use "$PYTHON_CMD" instead of hardcoded python3
- convert IDENTITY_PATH via `cygpath -m` for the interpreter (no-op elsewhere)
Verified on GURU-5070: identity.json migrated correctly (py, windows/amd64,
localhost Ollama, qwen3:8b).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Auto-detects Python command, platform, architecture
- Probes Ollama (local vs remote)
- Sets prose_model based on machine (qwen3:8b for GURU-5070, else qwen3:14b)
- Tested on Mikes-MacBook-Air: all fields populated correctly
Ready for coord rollout to all machines.
Merge Ollama fallback pattern with identity.json approach.
Store endpoint/fallback/prose_model to eliminate curl probes.
Same pattern as claudetools_root/vault_path (working).
Next: coord message rollout to populate fields on all machines.
- Updated sync.sh to read claudetools_root from identity.json
- Updated syncro.md skill to use identity.json for repo path
- Updated CLAUDE.md onboarding to include claudetools_root field
- Eliminates cross-architecture path detection issues
- Fallback to git rev-parse for legacy machines
Each machine sets claudetools_root during onboarding, just like vault_path.
Skill + template:
- wiki-compile Phase 2P: type-aware authoritative-artifact discovery for
projects (migrations, API routes, agent modules, roadmap-done, commit log),
with a stale-submodule guard that reads origin/main when the pinned
submodule lags. Changelogs treated as incomplete, not authoritative.
- project template: add a Capabilities / Feature Set section.
GuruRMM recompile (from live main artifacts, not session logs):
- Added Capabilities / Feature Set section covering monitoring, remote
execution (incl. system vs user_session contexts), inventory/discovery,
update mgmt, policy, alerting/watchdog, backup, tunnel, identity/security.
- Fixed the misleading "runs as LocalSystem" command-fields line (the gap
that started this) and the stale BUG-001 temperature claim (now shipped).
- Qualified Entra-only SSO; noted safe-rollout is unwired scaffolding.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
/wiki-compile: new skill that seeds or refreshes wiki client articles
from session logs and live Syncro PSA data.
- Three modes: seed (new article), refresh (surgical update), full (--full flag)
- Syncro enrichment for client targets: customer profile, contacts,
open tickets, recent invoices, asset count
- Ambiguous customer search: pause and ask user to pick
- Customer not found: graceful warn + continue with session logs only
- Syncro is authoritative for all billing fields (hours, rate, contract type)
- Refresh mode: surgical edits only (hours, active tickets, frontmatter)
- Seed/full: Ollama qwen3:14b synthesis; Claude-direct fallback
- Asset count in Profile only — no asset detail tables in wiki
- Commits and pushes after write
/wiki-lint: add Step 6 — Syncro Live-Check
- Pulls live prepay_hours for every client article with a Syncro customer ID
- Auto-fixes stale hours in place; commits fixes in one batch
- Flags articles with open tickets and stale compiled date for review
- Adds Syncro section to lint report output
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Migration 20260526_150000 adds nullable due_at datetime column. Model, schemas
(create/update/response), and sync.sh display updated. Sync output now shows
due:YYYY-MM-DDTHH:MM alongside any todo with a due date.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New coord_todos table and API endpoints (GET/POST/PUT/DELETE /api/coord/todos)
supporting manual and auto-created items, sub-tasks via parent_id, and inclusive
for_user/for_machine filters (OR-null) for sync/save display. sync.sh Phase 7
now shows pending todos grouped by project after every sync. CLAUDE.md documents
auto-creation behavior for unresolved follow-up. Web/email pricing doc updated:
block time rate clarified, INKY reference removed, dates updated.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Saturn is decommissioned. The GuruRMM build server at 172.16.3.30
is correctly named 'gururmm-build'.
Also fixed wiki standards template that incorrectly listed Neptune
as 172.16.3.30. Neptune is actually the Exchange server at Dataforth
(172.16.3.11), not the GuruRMM build server.
Updated files:
- PHASE_6_TEST_PLAN.md (all Saturn references)
- verify-rollout-system.sh (comments)
- session-logs/2026-05-25-session.md (all Saturn references)
- .claude/specs/wiki-layer/standards.md (Neptune example)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Problem: macOS hostname command returns 'Mikes-MacBook-Air.local' but
coord messages are addressed to 'Mikes-MacBook-Air/claude-main'. Hook
script was querying for wrong session ID, so messages never displayed.
Fix: Strip .local suffix using bash parameter expansion before building
session ID.
Result: Coord messages now display correctly on macOS machines.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
