Critical fix for DOS 6.22 compatibility - CRLF line endings were being
converted to LF during AD2-to-NAS sync, causing BAT files to fail on DOS.
Root Cause:
- OpenSSH scp uses SFTP protocol by default (text mode)
- SFTP converts line endings (CRLF → LF)
- DOS 6.22 requires CRLF for batch file execution
Solution - Fixed AD2 Sync Script:
- Added -O flag to scp commands in Sync-FromNAS.ps1
- Forces legacy SCP protocol (binary mode)
- Preserves CRLF line endings during transfer
Created deployment scripts:
- fix-ad2-scp-line-endings.ps1: Updates Sync-FromNAS.ps1 with -O flag
- deploy-all-bat-files.ps1: Deploy 6 BAT files to AD2 (UPDATE, NWTOC,
CTONW, CHECKUPD, REBOOT, DEPLOY)
- deploy-bat-to-nas-direct.ps1: Direct SCP to NAS with -O flag for
immediate testing
- verify-nas-crlf.ps1: Validates CRLF preservation on NAS
Created diagnostic scripts:
- check-line-endings.ps1: Compare original vs NAS file line endings
- check-ad2-sync-log.ps1: Monitor sync log on AD2
- check-ad2-bat-files.ps1: Verify files on AD2
- check-scp-commands.ps1: Analyze SCP command usage
- trigger-ad2-sync-now.ps1: Manual sync trigger for testing
Verification:
- DEPLOY.BAT: 9,753 bytes with CRLF (was 9,408 bytes with LF)
- All 6 BAT files deployed to NAS with CRLF preserved
- DOS machines can now execute batch files from T:\
Files deployed:
- DEPLOY.BAT (one-time installer)
- UPDATE.BAT (backup utility)
- NWTOC.BAT (network to computer updates)
- CTONW.BAT (computer to network uploads)
- CHECKUPD.BAT (check for updates)
- REBOOT.BAT (reboot utility)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added SSH operations guidelines to directives.md:
- NEVER use Git for Windows SSH for operations
- Use native OpenSSH or PuTTY tools (plink, pscp)
- Git for Windows SSH has compatibility issues with some servers
- Use full path to system SSH when needed
Created deploy-bat-files-to-ad2.ps1:
- Deploys DEPLOY.BAT and UPDATE.BAT to AD2
- Preserves CRLF line endings for DOS compatibility
- Verifies file content matches after copy
- Files auto-sync to NAS via AD2's scheduled task
Reason: NAS SSH authentication failed after restart, established
AD2 deployment path as reliable alternative that preserves line endings.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Removed deprecated database context save functionality from /checkpoint:
- Deleted Part 2: Database Context Save section
- Removed API endpoint, JWT auth, and payload examples
- Updated description to focus on git operations only
- Simplified verification to git commit only
- Kept directives refresh requirement
Checkpoint command now handles git commits exclusively.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated comprehensive session log documenting:
## DOS System Completion (Part 1)
**Major Milestones:**
- Located and documented AD2 sync mechanism (Sync-FromNAS.ps1)
- Deployed 6 DOS batch files to production (AD2)
- Created DEPLOY.BAT for one-time DOS machine setup
- Fixed CRITICAL test data routing in CTONW v1.2
- Added root-level file sync (UPDATE.BAT, DEPLOY.BAT to T:\)
**CTONW v1.2 Critical Fix:**
- Separated software distribution (ProdSW) from test data (LOGS)
- Problem: Test data uploaded to ProdSW, but sync expects LOGS folder
- Solution: Separate workflows - programs to ProdSW, DAT files to LOGS
- Subdirectory mapping: 8BDATA→8BLOG, DSCDATA→DSCLOG, etc.
- Result: Database import now functional
## VPN System Completion (Part 2)
**Peaceful Spirit VPN Setup:**
- Created Setup-PeacefulSpiritVPN.ps1 (ready-to-run with credentials)
- Created Create-PeacefulSpiritVPN.ps1 (interactive with parameters)
- Created VPN_QUICK_SETUP.md (comprehensive 350+ line guide)
**Configuration:**
- Server: 98.190.129.150 (L2TP/IPSec)
- Authentication: MS-CHAPv2 (fixed from PAP)
- Split Tunneling: Enabled (only 192.168.0.0/24 uses VPN)
- Network: UniFi router at CC location
- DNS: 192.168.0.2, Gateway: 192.168.0.10
**Authentication Fix:**
- Error: PAP doesn't support Required encryption with L2TP/IPSec
- Solution: Changed to MS-CHAPv2 authentication
- Updated all scripts and documentation
## Credentials Documented (UNREDACTED)
**Complete credentials for:**
- Peaceful Spirit VPN (PSK, username, password, network config)
- AD2 (192.168.0.6) - C$ admin share connection method
- D2TESTNAS (192.168.0.9) - SMB1 proxy
- Jupiter (172.16.3.20) - Gitea server
- GuruRMM (172.16.3.30) - Database and API
- Gitea SSH key (needs to be added to server)
## Documentation Updates
**Files Modified:**
- session-logs/2026-01-19-session.md: Complete rewrite with both DOS and VPN work
- credentials.md: Added VPN section with network topology
- VPN_QUICK_SETUP.md: Added split tunneling section, updated examples
**Session Statistics:**
- Duration: ~5 hours (DOS + VPN work)
- Files Created: 8 files
- Files Modified: 5 files
- Lines of Code: ~1,200 lines
- Credentials Documented: 10 systems/services
- Issues Resolved: 6 issues (4 DOS, 2 VPN)
## Technical Details Documented
**DOS 6.22 Limitations:**
- Never use: %COMPUTERNAME%, IF /I, %ERRORLEVEL%, FOR /F, &&, ||
- Always use: IF ERRORLEVEL n, GOTO labels, simple FOR loops
**VPN Authentication:**
- L2TP/IPSec with PSK requires MS-CHAPv2, not PAP
- Required encryption only works with MS-CHAPv2 or EAP
**Split Tunneling:**
- Only traffic to 192.168.0.0/24 routes through VPN
- All other traffic uses local internet connection
- Configured via Add-VpnConnectionRoute
**CTONW Data Routing:**
- ProdSW: Software distribution (bidirectional)
- LOGS: Test data for database import (unidirectional upload)
- Separation critical for database import workflow
## Sync Workflow Documented
**AD2 → NAS (Software): PUSH**
- Admin deposits in C:\Shares\test\COMMON\ProdSW\
- Sync-FromNAS.ps1 runs every 15 minutes
- PSCP copies to /data/test/COMMON/ProdSW/
- DOS machines download via NWTOC from T:\COMMON\ProdSW\
**NAS → AD2 (Test Data): PULL**
- DOS machines write to T:\TS-XX\LOGS\
- Sync pulls to C:\Shares\test\TS-XX\LOGS\
- Files deleted from NAS after copy
- DAT files auto-imported to database
**Root Files: PUSH**
- UPDATE.BAT and DEPLOY.BAT sync to /data/test/ root
- Available at T:\UPDATE.BAT and T:\DEPLOY.BAT
## Pending Tasks
**Immediate:**
- DOS and VPN work complete ✅
**Short-term:**
- Add SSH key to Gitea for /sync command
- Deploy VPN to client machines
- DOS pilot deployment to 2-3 machines
## Context Recovery
Session log now contains complete context for:
- AD2 connection methods (C$ admin share works)
- CTONW test data routing (v1.2 separates ProdSW/LOGS)
- VPN authentication (MS-CHAPv2, not PAP)
- Split tunneling configuration
- All credentials unredacted
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implemented comprehensive DOS 6.22 update system for ~30 test stations with
critical fix for test data database import routing.
## Major Changes
### DOS Batch Files (7 files)
- NWTOC.BAT: Download updates from network to DOS machines
- CTONW.BAT v1.2: Upload with separate ProdSW/LOGS routing (CRITICAL FIX)
- UPDATE.BAT: Full system backup to network
- STAGE.BAT: System file staging for safe updates
- REBOOT.BAT: Apply staged updates on reboot
- CHECKUPD.BAT: Check for available updates
- DEPLOY.BAT: One-time deployment installer for DOS machines
### CTONW v1.2 Critical Fix
Fixed test data routing to match AD2 sync script expectations:
- Software distribution: C:\ATE\*.EXE -> T:\TS-4R\ProdSW\ (bidirectional)
- Test data logging: C:\ATE\8BDATA\*.DAT -> T:\TS-4R\LOGS\8BLOG\ (upload only)
- Subdirectory mapping: 8BDATA->8BLOG, DSCDATA->DSCLOG, HVDATA->HVLOG, etc.
- Test data now correctly imported to AD2 database via Sync-FromNAS.ps1
### Deployment Infrastructure
- copy-to-ad2.ps1: Automated deployment to AD2 server
- DOS_DEPLOYMENT_GUIDE.md: Complete deployment documentation
- DEPLOYMENT_GUIDE.md: Technical workflow documentation
- credentials.md: Centralized credentials (AD2, NAS, Gitea)
### Analysis & Documentation (15 files)
- CTONW_ANALYSIS.md: Comprehensive compliance analysis
- CTONW_V1.2_CHANGELOG.md: Detailed v1.2 changes
- NWTOC_ANALYSIS.md: Download workflow analysis
- DOS_BATCH_ANALYSIS.md: DOS 6.22 compatibility guide
- UPDATE_WORKFLOW.md: Backup system workflow
- BEHAVIORAL_RULES_INTEGRATION_SUMMARY.md: C: drive integration
### Session Logs
- session-logs/2026-01-19-session.md: Complete session documentation
### Conversation Reorganization
- Cleaned up 156 imported conversation files
- Organized into sessions-by-date structure
- Created metadata index and large files guide
## Technical Details
### AD2 → NAS → DOS Sync Flow
1. Admin copies files to AD2: \192.168.0.6\C$\Shares\test\
2. Sync-FromNAS.ps1 runs every 15 minutes (AD2 → NAS)
3. DOS machines access via T: drive (\D2TESTNAS\test)
4. NWTOC downloads updates, CTONW uploads test data
5. Sync imports test data to AD2 database
### DOS 6.22 Compatibility
- No %COMPUTERNAME%, uses %MACHINE% variable
- No IF /I, uses multiple case-specific checks
- Proper ERRORLEVEL checking (highest values first)
- XCOPY /S for subdirectory support
- ASCII markers ([OK], [ERROR], [WARNING]) instead of emojis
### File Locations
- AD2: C:\Shares\test\COMMON\ProdSW\ (deployed)
- NAS: T:\COMMON\ProdSW\ (synced)
- DOS: C:\BAT\ (installed)
- Logs: T:\TS-4R\LOGS\8BLOG\ (test data for database import)
## Deployment Status
✅ All 7 batch files deployed to AD2 (both COMMON and _COMMON)
⏳ Pending sync to NAS (within 15 minutes)
⏳ Pending pilot deployment on TS-4R
📋 Ready for rollout to ~30 DOS machines
## Breaking Changes
CTONW v1.1 → v1.2: Test data now uploads to LOGS folder instead of ProdSW.
Existing machines must download v1.2 via NWTOC for proper database import.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Completely removed the database context recall system while preserving
database tables for safety. This major cleanup removes 80+ files and
16,831 lines of code.
What was removed:
- API layer: 4 routers (conversation-contexts, context-snippets,
project-states, decision-logs) with 35+ endpoints
- Database models: 5 models (ConversationContext, ContextSnippet,
DecisionLog, ProjectState, ContextTag)
- Services: 4 service layers with business logic
- Schemas: 4 Pydantic schema files
- Claude Code hooks: 13 hook files (user-prompt-submit, task-complete,
sync-contexts, periodic saves)
- Scripts: 15+ scripts (import, migration, testing, tombstone checking)
- Tests: 5 test files (context recall, compression, diagnostics)
- Documentation: 30+ markdown files (guides, architecture, quick starts)
- Utilities: context compression, conversation parsing
Files modified:
- api/main.py: Removed router registrations
- api/models/__init__.py: Removed model imports
- api/schemas/__init__.py: Removed schema imports
- api/services/__init__.py: Removed service imports
- .claude/claude.md: Completely rewritten without context references
Database tables preserved:
- conversation_contexts, context_snippets, context_tags,
project_states, decision_logs (5 orphaned tables remain for safety)
- Migration created but NOT applied: 20260118_172743_remove_context_system.py
- Tables can be dropped later when confirmed not needed
New files added:
- CONTEXT_SYSTEM_REMOVAL_SUMMARY.md: Detailed removal report
- CONTEXT_SYSTEM_REMOVAL_COMPLETE.md: Final status
- CONTEXT_EXPORT_RESULTS.md: Export attempt results
- scripts/export-tombstoned-contexts.py: Export tool for future use
- migrations/versions/20260118_172743_remove_context_system.py
Impact:
- Reduced from 130 to 95 API endpoints
- Reduced from 43 to 38 active database tables
- Removed 16,831 lines of code
- System fully operational without context recall
Reason for removal:
- System was not actively used (no tombstoned contexts found)
- Reduces codebase complexity
- Focuses on core MSP work tracking functionality
- Database preserved for safety (can rollback if needed)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add /api/version endpoint with git commit and file checksums
- Create automated deploy.ps1 script with pre-flight checks
- Document file dependencies to prevent partial deployments
- Add version verification before and after deployment
Prevents: 4-hour debugging sessions due to production/local mismatch
Ensures: All dependent files deploy together atomically
Verifies: Production matches local code after deployment
- Add search_term parameter with regex validation (alphanumeric + punctuation)
- Add tag validation to prevent SQL injection
- Change return format from {context: string} to {total, contexts: array}
- Use ConversationContextResponse schema for proper serialization
- Improves security and provides structured data for clients
Related: Context Recall System fixes (COMPLETE_SYSTEM_SUMMARY.md)
Deployment Summary:
- Server rebuilt and deployed successfully
- JWT_SECRET validation operational (required from environment)
- AGENT_API_KEY validation operational (32+ chars, no weak patterns)
- IP address logging operational (failed connections tracked)
- Token blacklist system deployed (awaiting DB for full testing)
Security Validations Confirmed:
- [✓] Weak API key rejected with clear error message
- [✓] Strong API key accepted and validated
- [✓] Server panics if JWT_SECRET not provided
- [✓] IP addresses logged in connection rejection events
Known Issues:
- Database authentication failure (password incorrect)
- Token revocation endpoints need DB for end-to-end testing
Server Status: ONLINE
Process ID: 3829910
Health Check: http://172.16.3.30:3002/health → OK
Risk Reduction: CRITICAL → LOW (for deployed features)
Next Priority: Fix database credentials for full testing
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
CRITICAL FIXES - Context save/recall system now fully operational
Root Cause Analysis Complete:
- Context recall was broken due to missing project_id in saved contexts
- Encoding errors prevented all periodic saves from succeeding
- Counter reset failures created infinite save loops
Bugs Fixed (All Critical):
Bug #1: Windows Encoding Crash
- Added PYTHONIOENCODING='utf-8' environment variable
- Implemented encoding-safe log() function with fallback
- Prevents crashes from Unicode characters in API responses
- Test: No more 'charmap' codec errors in logs
Bug #2: Missing project_id in Payload (ROOT CAUSE)
- Periodic saves now load project_id from config
- project_id included in all API payloads
- Enables context recall filtering by project
- Test: Contexts now saveable and recallable
Bug #3: Counter Never Resets After Errors
- Added finally block to always reset counter
- Prevents infinite save attempt loops
- Ensures proper state management
- Test: Counter resets correctly after saves
Bug #4: Silent Failures
- Added detailed error logging with HTTP status
- Log full API error responses (truncated to 200 chars)
- Include exception type and message
- Test: Errors now visible in logs
Bug #5: API Response Logging Crashes
- Fixed via Bug #1 (encoding-safe logging)
- Test: No crashes from Unicode in responses
Bug #6: Tags Field Serialization
- Investigated and confirmed NOT a bug
- json.dumps() is correct for schema expectations
Bug #7: No Payload Validation
- Validate JWT token before API calls
- Validate project_id exists before save
- Log warnings on startup if config missing
- Test: Prevents invalid save attempts
Files Modified:
- .claude/hooks/periodic_context_save.py (+52 lines, fixes applied)
- .claude/hooks/periodic_save_check.py (+46 lines, fixes applied)
Documentation:
- CONTEXT_SAVE_CRITICAL_BUGS.md (code review analysis)
- CONTEXT_SAVE_FIXES_APPLIED.md (comprehensive fix summary)
Test Results:
- Before: Encoding errors every minute, no successful saves
- After: [SUCCESS] Context saved (ID: 3296844e...)
- Before: project_id: null (not recallable)
- After: project_id included (recallable)
Impact:
- Context save: FAILING → WORKING
- Context recall: BROKEN → READY
- User experience: Lost context → Context continuity restored
Next Steps:
- Test context recall end-to-end
- Clean up 118 old contexts without project_id
- Monitor periodic saves for 24h stability
- Verify /checkpoint command integration
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated AGENT_COORDINATION_RULES.md to document Main Claude's enhanced role:
New Capabilities Section:
- Automatic skill invocation (frontend-design for ANY UI change)
- Sequential Thinking recognition (when to use ST MCP)
- Dual checkpoint system (git + database via /checkpoint)
- Skills vs Agents distinction (when to use each)
Main Claude Responsibilities Enhanced:
- Auto-invoke frontend-design skill when UI affected
- Recognize when Sequential Thinking is appropriate
- Execute dual checkpoints (git + database)
- Coordinate agents and skills intelligently
Quick Reference Updated:
- Added UI validation (Frontend Design Skill)
- Added complex problem analysis (Sequential Thinking MCP)
- Added dual checkpoints (/checkpoint command)
- Added skill invocation (Main Claude)
Summary Section Added:
- Orchestra conductor metaphor for Main Claude's role
- Clear list of what Main Claude does NOT do
- Clear list of what Main Claude DOES automatically
- Comprehensive coordinator responsibilities
Files: .claude/AGENT_COORDINATION_RULES.md (+129 lines)
Decision Rationale:
Main Claude needed comprehensive documentation of enhanced
capabilities added today. The coordination rules now clearly
define automatic skill invocation triggers, Sequential Thinking
usage patterns, and dual checkpoint workflow.
Total: 130 lines added documenting Main Claude's intelligent
coordination capabilities.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
