Cloned gururmm repo as submodule at projects/msp-tools/guru-rmm
Now tracking commit f804983 (hooks + migration verification)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added fresh radio show prep HTML (April 18, 2026 broadcast)
- Created vanilla cake recipe HTML for web publishing
- Removed guru-rmm submodule (migration incomplete, needs gururmm repo)
Machine: Mikes-MacBook-Air.local
Timestamp: 2026-04-19 08:09:00
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Points to commit that adds .gitattributes, install-hooks.sh, verify-migrations.sh,
009_add_missing_indexes.sql, and resolves sqlx checksum drift.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removes the stale copy of gururmm source from claudetools tracking and
replaces it with a submodule pointing to the live gururmm Gitea repo.
Fixes context drift between session logs and actual codebase state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
End-to-end automated signing via jsign on Linux build server (SP-authenticated
to Azure Trusted Signing). First signed release built through the pipeline.
First signed MSI installer using WiX 5 on Windows workstation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sed escape-sequence handling through the heredoc lost the \1
backreference, yielding an empty VERSION. Switched to
awk -F'"' '/^version/{print $2; exit}' which is simpler and resistant to
quoting. First full end-to-end signed build validated v0.6.1 deployed
and verified against the Microsoft cert chain.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- sign-windows.sh: jsign wrapper using Trusted Signing service principal
via OAuth client_credentials flow. Reads SP creds from
/etc/gururmm-signing.env (root-only). Uses RFC3161 timestamping (jsign's
default Authenticode mode fails against Microsoft ACS).
- build-agents.sh: now signs the Windows binary in-place after cargo build
and computes sha256 AFTER signing so consumers get correct hashes.
- Updated -latest symlinks for both Linux + Windows in the build script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reproducible signing setup for any developer machine. metadata.json
points signtool at the gururmm-signing account / gururmm-public-trust
cert profile. sign.ps1 wraps signtool with the right /dlib + /dmdf +
timestamp flags; uses az login session for authentication.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TEST-DATASHEET-PROCESS.md: comprehensive pipeline documentation for
Dataforth engineering (10 sections, data flow, state diagram, FAQ)
- signing-attestation/: domain ownership attestation letter with
in-place signature for Azure Trusted Signing identity validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolves issues that could cause agent failure, stuck updates, and
silent errors during the update process.
Critical Fixes:
1. Binary Replacement Race Condition (Unix)
- PROBLEM: Window between rename and copy where no binary exists
- FIX: Use atomic rename pattern - copy to temp in same directory,
then single atomic rename operation
- IMPACT: Eliminates complete agent failure on crash during update
2. Update Failure Without Rollback
- PROBLEM: If restart fails after update, no rollback triggered
- FIX: Added rollback_binary() method, explicitly rolls back on
restart failure before returning error
- IMPACT: Agent no longer stuck in broken state
3. Windows Scheduled Task Timing Bug
- PROBLEM: Scheduled time could be in past, schtasks would fail
- FIX: Add 60-second buffer, return date+time tuple with /SD param
- IMPACT: Rollback watchdog now reliably schedules on Windows
4. Windows Binary Replacement Error Handling
- PROBLEM: All errors silently ignored with .ok()
- FIX: Proper error propagation with .context() on all operations
- IMPACT: Update failures now visible with actionable error messages
Code Review: APPROVED
- All fixes correctly address root causes
- Atomic operations eliminate race conditions
- Comprehensive error handling throughout
- Platform-specific code properly isolated
Testing: Syntax verified (cross-compilation toolchain not available)
Additional Issues Identified (for follow-up):
- HIGH: Unix watchdog doesn't survive reboots (systemd timer needed)
- MEDIUM: No concurrent update protection (lock file recommended)
- LOW: chmod failure should be fatal
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Stub migrations (005-008) satisfy sqlx requirement for previously
applied migrations that are missing source files in the codebase.
These migrations were applied in production but not committed.
Renumbered 005_add_missing_indexes to 009 to match production sequence.
Test results document confirms all Phase 1 tunnel API endpoints are
functioning correctly with proper error handling and HTTP status codes.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Avoids conflict with migrations 5-8 that were applied to production
database but are missing from current codebase. Migration 010 will be
applied after the existing sequence (1-4, 9 for 005_add_missing_indexes).
PostgreSQL doesn't support inline CONSTRAINT with WHERE clause.
Changed to separate CREATE UNIQUE INDEX statement for the partial
unique constraint on (tech_id, agent_id, status) WHERE status = 'active'.
This ensures only one active tunnel session per (tech, agent) pair
while allowing multiple closed sessions in history.
Migration tested and verified on PostgreSQL 14.
- Change production API URL from /msp-api to /quote/api
- Switch admin auth to X-Api-Key header as primary (suPHP strips Authorization)
- Keep Bearer token as fallback for PHP-FPM environments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix calculateQuote() to respect serviceInterests flags
- Only include GPS/Support costs when user has enabled them
- Update Step6Summary to conditionally render service sections
- Add sender display name (Arizona Computer Guru) to emails
- Add reply-to address (admin@azcomputerguru.com)
- Fixes phantom $380 support charge appearing in totals
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SolverBot:
- Inject active project path into agent system prompts so agents
know which directory to scope file operations to
GuruRMM:
- Bump agent version to 0.6.0
- Add serde aliases for PowerShell/ClaudeTask command types
- Add typed CommandType enum on server for proper serialization
- Support claude_task command type in send_command API
Dataforth:
- Fix SCP space-escaping in Sync-FromNAS.ps1
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Reduce layout density ~20% (tighter padding, margins, fonts)
- Flatten Agents table view with Client/Site columns (no grouping)
- Add version info to sidebar footer (UI v0.2.0, API v0.1.0)
- Replace Commands nav with sidebar History log
- Add /history page with full command list
- Add /history/:id detail view with output display
- Apply Mission Control styling to all new components
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Overhaul the GuruRMM dashboard with a dark cyberpunk aesthetic featuring
glassmorphism effects, cyan accent lighting, and smooth animations.
Visual Changes:
- Dark theme with CSS variables for consistent theming
- Glassmorphism card effects with colored glow variants
- Grid pattern backgrounds and floating geometric shapes
- JetBrains Mono + Inter font pairing for tech aesthetic
- Cyan, green, amber, and rose accent colors with glow effects
Component Updates:
- index.css: Complete CSS overhaul with utility classes, animations,
and glassmorphism foundations (1300+ lines added)
- Login.tsx: Glassmorphism login card with gradient logo and
floating background shapes
- Layout.tsx: Dark sidebar with cyan nav highlights, grid pattern
main area, animated user profile section
- Dashboard.tsx: Animated stat cards with staggered entrances,
live status indicator with pulse animation, relative timestamps
- Card.tsx: Added glow variants (cyan/green/amber/rose) with
hover lift effects
- Button.tsx: Gradient backgrounds, glow-on-hover, scale animations
- Input.tsx: Dark styling with cyan focus glow, added Textarea component
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Database:
- Add missing indexes for api_key_hash, status, metrics queries
- New migration: 005_add_missing_indexes.sql
Server:
- Fix WebSocket Ping/Pong protocol (RFC 6455 compliance)
- Use separate channel for Pong responses
Agent:
- Replace format!() path construction with PathBuf::join()
- Replace todo!() macros with proper errors for macOS support
Dashboard:
- Fix duplicate filter values in Agents page (__unassigned__ sentinel)
- Add onError handlers to all mutations in Agents, Clients, Sites pages
All changes reviewed and approved.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
