Amend windows-bootstrap.ps1 with every gap the 2026-06-06 GURU-5070
reinstall exposed, so the next rebuild is clean:
- Phase 7: install python deps into BOTH interpreters (py/3.14 for vault
+ scripts, python/3.12 for the MCP servers). Single-interpreter installs
left ticktick MCP (no httpx/mcp in 3.12) and vault get-field (no PyYAML
in 3.14) dead. Add pyyaml + websocket-client to the baseline libs.
- Phase 3: persist ~\.grok\bin (+ ~\.local\bin, %APPDATA%\npm) to the User
PATH; grok's installer leaves it session-only.
- Phase 6: prime non-interactive git auth (setup-git-auth.sh) so pushes
never hang on a GCM prompt.
- Phase 8: expand to the real 5-model set and add the hydration gotcha so a
populated D:\OllamaModels is never needlessly re-downloaded (~48 GB).
Document all four in machines/guru-5070.md known issues.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add setup-git-auth.sh: idempotent, fail-silent script that primes the
git credential store from the vault Gitea token, scoped per-repo by the
actual origin host. Only seizes the helper from the prompting GCM
`manager` (leaves Mac osxkeychain alone); fast-path no-op once set.
Wire it into a backgrounded SessionStart hook and set
GIT_TERMINAL_PROMPT=0 / GCM_INTERACTIVE=Never in settings.json env so
no session on any machine can hang on a credential prompt.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Mike's objection to Git for Windows is the constant GCM password
prompts that hang automation/background pushes, not the tool itself.
Document the working fix (repo-local credential.helper=store primed
with the azcomputerguru Gitea API token, GIT_TERMINAL_PROMPT=0) in the
Gitea Agent definition and shared memory.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Rename the machine to the name in the bundle's identity.json (default GURU-5070,
override with -Hostname) when run as admin, with an end-of-run reboot reminder.
Ensures scheduled tasks, coord session IDs, and log attribution line up. RESTORE.md
documents the step.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add restore-at-risk-work.ps1 and wire it into bootstrap Phase 6. Recreates
local-only WIP rescued to the recovery bundle's at-risk-work/: re-applies the
three guru-rmm stash patches back AS stashes (LIFO order preserved) and drops
the guru-connect tmp-spec018.diff back as its untracked working file. Patches
that won't apply cleanly are reported for manual git apply --3way. Updates
RESTORE.md and the session log with the rescue details.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add .claude/bootstrap/ (windows-bootstrap.ps1, restore-secrets.ps1,
backup-to-bundle.ps1, RESTORE.md) plus machines/guru-5070.md. Idempotent
11-phase rebuild after a clean Windows reset: winget core tools + .NET/WiX,
protoc, Poppler, Tailscale; restore SOPS age key/SSH/tool-auth/identity from
the E:/F: recovery bundle; clone repos+submodules; set OLLAMA_MODELS/HOST/PROTOC;
detect existing D:\OllamaModels; register scheduled tasks. Includes session log.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
sync.sh now posts a per-machine coord component
(claudetools/git_sync_<MACHINE>) flipped syncing -> idle/degraded around
each run, so the fleet can see who is mid-sync / last sync state. Fully
best-effort: a 3s-capped curl guarded with || true + return 0, emitted
only after the lock is acquired (contention/exit-75 emits nothing), and
finalize captures $? first and returns it so the signal can never change
the sync's real exit code. Reviewed (verified it cannot break sync).
Extract the per-machine concurrency lock from sync.sh into a sourceable
lib (.claude/scripts/sync-lock.sh) plus a `run <cmd>` wrapper that locks
the current repo (same lock-dir basename, so it mutually excludes with
sync.sh in the ClaudeTools repo and self-scopes in any project repo).
sync.sh now sources it (behavior identical — verified by review). /scc
routes its commit+push through the locked, rebase-safe sync.sh (and drops
the bare YYYY-MM-DD-session.md filename for the per-session-unique one).
/checkpoint now stages+commits atomically under the repo lock so a
concurrent session in a shared worktree can't be swept in. Closes the
remaining commit paths that bypassed the lock shipped in 6b0ce9a.
Multiple concurrent Claude sessions (and the scheduled-task sync) were
stepping on each other's git state. sync.sh now takes an atomic mkdir
lock in .git/ around the whole run (stage/commit/fetch/rebase/push +
vault), exits 75 (EX_TEMPFAIL = deferred) on contention instead of
racing, and reclaims stale/dead-owner locks with a re-verify-before-clear
guard (closes two TOCTOU races caught in review). /save now mandates
per-session-unique log filenames (never the bare YYYY-MM-DD-session.md).
Docs updated for the lock + deferred-exit semantics.
Note: git add -A is still the catch-all sweep; full per-session commit
isolation and routing /scc + /checkpoint through the lock are follow-ups.
New `elevate` mode that goes beyond friction to make a UI top-notch and
flags when to redesign rather than patch. references/polish-and-redesign.md
holds 12 heuristics (hierarchy, signature moment, action gravity, narrative,
lonely states, density, rhythm, type, tokens, depth/finish, motion, redesign
triggers) synthesized from three independent model passes (Claude + Gemini +
Grok). Adds an Elevation Index (0-10), a Redesign Urgency score (>=4 leads
with a Structural Audit), and Opportunity-ranked Quick Wins / Elevations /
Redesign Candidates tiers. SKILL.md: command + mode section + extend note.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- New wiki/systems/ix-server.md: IX web host (172.16.3.10) facts, the
ACG hosted sites table, and a full record of radio.azcomputerguru.com
(Astro static + React 19 islands; source in projects/radio-show/website/;
build npm run build -> dist -> rsync to cPanel doc root).
- index.md: list the new IX systems article.
- radio-show.md: fix the stale "ix-server.md may not exist" backlink.
- memory reference_radio_website.md: add stack detail (React islands,
wavesurfer/fuse, node>=22) + pointer to the new wiki article.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Upgrade the human-flow skill (Gemini-assisted, Claude-reviewed):
- scan.mjs rewritten to AST-based (@babel/parser/traverse) with 4
detectors: unlabeled-icon-button, tiny-target, missing-feedback-props,
click-without-keyboard; regex fallback on parse failure.
- Objective Friction Index (Motor 3.0 / Cognitive 2.5 / Keyboard 2.5 /
Feedback 2.0); 0-10 Human Workflow Score.
- New heuristics: State-Flow Audit, Precision Rail / Fumble Zones,
Restraint-o-Meter (1-5) for the fancy pass.
- `fix` command DISABLED for now (advisory only): the AST generator
reprints whole files and produces noisy diffs; agents apply surgical
fixes from the report. To be revisited with a string-splice editor.
- Add @babel/* deps + package-lock.json.
- Memory: agy review/review-files is NOT actually read-only (wrote files
+ ran npm despite documented plan-mode) — diff after every agy review.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
review/review-files resolve relative paths only against CWD or
$CLAUDETOOLS_ROOT, never a submodule/subdir — so submodule-relative
paths fail with "file not found". Add a [!WARNING] callout to both
SKILL.md files, fix the misleading "absolute or repo-relative" table
wording, and add inline GOTCHA comments at each resolution site in
both scripts. Bitten us repeatedly (latest: GuruConnect review).
Feedback from Mike (Bardach #32387): every Syncro ticket bot-alert needs a
clickable link (https://computerguru.syncromsp.com/tickets/<internal_id>).
post-bot-alert.sh posts raw text, so the URL must be in the message.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds explicit Syncro ticket creation section to remediation-tool.md.
Ticket #32387 was created without priority, assignee, or a valid issue type.
Now specifies required fields, valid problem_type values, and an enforcement
checklist to prevent null fields in any POST payload.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
image-analyze: independent second-model vision over OAuth (pins the
gemini-3.1-pro-preview vision model; the default flash-lite router
hallucinates image content) — reads an image via read_file and describes it.
search: Google-grounded live web results with citation URLs (google_web_search).
Both verified working on the keyless Google OAuth. Image GENERATION
(nano-banana) still needs an AI Studio key + extension and stays Grok's lane.
Includes a scoped best-effort output sanitizer for image-analyze (preview
model occasionally leaks reasoning tokens); text/verify/review/search
unchanged. migrate-identity.sh now upgrades the gemini capabilities array.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
If a grok read_file-based review (review/review-files/review-diff) returns
empty (the 0.2.20-style headless tool-gating regression), retry once with
the file(s)/diff embedded inline via the no-tools text path, when content
is under 256KB; otherwise emit a clear skip note. Keeps grok-reads-files as
the default happy path (works on 0.2.22) and degrades gracefully instead of
returning silence. text/verify/raw unchanged; Windows path handling intact.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Live Mailprotector CloudFilter REST client (emailservice.io/api/v1,
Bearer auth via vault msp-tools/mailprotector.sops.yaml). Lists mail-flow
logs and held/quarantined messages across client domains and releases them
(POST messages/{id}/deliver, deliver_many). Read-only by default; every
release/rule-add/config-change gated behind --confirm. Mirrors the
packetdial skill pattern. Built after diagnosing a Dataforth held-outbound
message that never reached ACG.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
role_assigned() sent an unencoded space in the OData $filter
(principalId eq '...'), so the query always failed and the function
always returned false -> onboard-tenant.sh always printed
"MISSING -> ASSIGNING" and relied on the conflict-tolerant POST for
idempotency. Fixed to %20; corrected the stale PIM-misdiagnosis comment.
Verified live against the ACG tenant. Roles still assign correctly;
PRESENT/MISSING reporting is now accurate.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sibling of the grok skill: routes text/verify/review (+ review-files,
review-diff, raw) to the official Google Gemini CLI (gemini, npm global,
v0.45.1) for an independent second model. ask-gemini.sh mirrors ask-grok.sh
(identity-aware gating, binary auto-locate, cygpath hardening, prompt-file
inputs, clean stdout/stderr separation, JSON .response extraction). review
modes copy targets into a temp dir + --include-directories to bypass
Gemini's gitignore/workspace sandbox. verify/review pinned to
gemini-3.1-pro-preview (GEMINI_MODEL overridable). migrate-identity.sh
auto-detects gemini and writes a per-machine identity.json gemini block.
Auth: Google OAuth (no key). Fleet Gemini host: GURU-5070.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Fixes the two Windows pain points when routing code review to the Grok CLI
(native Windows grok.exe driven from Git Bash):
- winpath() (cygpath -w; no-op off Windows) on every path handed to grok.exe
(--prompt-file, --cwd) -> deterministic, space-safe; removes reliance on
MSYS's argv auto-conversion heuristic (the 'confounded by Windows paths').
- review mode resolves to an absolute Windows path (handles absolute/spaced paths).
- NEW review-files [-i instr] <f1> [f2...]: review a set of files together.
- NEW review-diff [-C <repo-dir>] [-i instr] <gitref> [-- <pathspec>]: review a
git diff; -C targets submodules (e.g. guru-rmm). Diff goes via --prompt-file,
not a shell arg -> no 'quote hell'.
Tested: text, review (spaced abs path), review-files (2 tray modules),
review-diff (self-review of these changes). SKILL.md updated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The ask-grok.sh wrapper script used 'timeout' command which doesn't
exist on macOS by default. Updated to detect macOS (darwin) and use
'gtimeout' from GNU coreutils instead.
Tested on macOS with:
- Text reasoning queries (working)
- Live web + X/Twitter search (working)
Requires: brew install coreutils (provides gtimeout)
- wiki/projects/gururmm.md: beta-first dashboard channels (rmm-beta) + wiring
- .claude/memory: feedback_dashboard_beta_first + index line
- bump guru-rmm submodule pointer to the beta-channel commit
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
SKILL.md still narrated the 2026-06-01-and-earlier additive-only stance.
With the policy change captured in feedback_memory_sync_destructive_ok.md
and sync-memory.sh now in mirror mode, the framing needed updating.
Behavior of the tool itself is unchanged (--apply-safe still only does
the low-risk index appends + profile->repo copies; merges/dedups still
land in PROPOSED for a human). The reasons given for that are now:
they're judgment calls, not "we might wipe useful data."
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drops the additive-union semantics that resurrected deliberate deletions
across the fleet (see feedback_memory_sync_destructive_ok.md and the
2026-06-01 consolidation that came back the next morning).
New behavior:
* file in REPO, not in PROFILE -> copy REPO -> PROFILE (unchanged)
* file in PROFILE, not in REPO -> DELETE from PROFILE (was: copy back)
* file in BOTH, identical -> no-op
* file in BOTH, differ -> overwrite PROFILE (was: log conflict)
Safety: aborts if the repo has <5 .md files (guards against a broken
repo wiping the profile store).
Test plan verified on GURU-BEAST-ROG:
* dry-run + apply matched (2 copies + 10 overwrites + 0 deletes)
* idempotent re-run = 79 identical, 0 ops
* self-check memory category PASS
* git status .claude/memory/ clean (script touched profile only)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Commit 4dc4563 had added MEMORY.md entries for the 49 resurrected
orphan files. My deletion commit 720bdd8 removed the files but missed
the matching index lines (read MEMORY.md before the rebase pulled
4dc4563 in). Index now matches the actual on-disk file set.
Self-check: 72 PASS / 0 WARN / 1 FAIL (autotask manifest issue
remains, not fixable on this machine).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The 39 files I deleted in 0c00010 got resurrected by sync-memory.sh on
GURU-5070 (f8ed03c) because the script is additive-only. Re-deleted them
(49 files this time -- some additional drift between machines).
Also added feedback_memory_sync_destructive_ok.md capturing the policy
shift: with everyone onboarded, the memory tooling no longer needs
additive-only safety. memory-dream may apply proposed merges/deletions
and sync-memory.sh should propagate repo-side deletions back to profile
stores. Script updates to honor that are still pending -- without them,
this round of cleanup is also vulnerable to resurrection.
Self-check: 0 WARN, 1 FAIL remaining (autotask command -- manifest issue,
not fixable on this machine; needs Mike to either un-localize /autotask
or move it to capability-gated in baseline/manifest.json).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Applied memory-dream --apply-safe to resolve orphan warning from self-check.
- Added all 49 orphaned feedback/project/reference memories to index
- Index now complete with all 127 memory files properly referenced
This resolves the WARN from self-check about orphaned memory files.
The winget jq build on Windows emits CRLF; a trailing \r silently corrupts
`for x in $(jq ...)` loops and read-from-@tsv fields (single-value $() hides it).
Fix: override `jq(){ command jq "$@" | tr -d '\r'; }`. Windows-build-specific,
so it passes review on Mac/Linux. First hit + fix: the self-check skill engine.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
New /self-check skill: each machine probes its own ClaudeTools harness wiring
(identity.json paths, required tooling, settings.json hooks, skill/command/script
set, vault decrypt, coord/Gitea connectivity, Ollama capability tier) and grades
RED/AMBER/GREEN against a checked-in provisional baseline manifest.
- Capability-tier model: architectural/OS/hardware differences (e.g. no local
Ollama) select a fallback ruleset instead of failing.
- Duplicate detection: flags command/skill names that diverge between the repo
and ~/.claude (the "same /cmd, different behaviour" cross-machine bug);
CRLF-only diffs ignored.
- Memory check: index + orphan detection, plus a model-driven semantic pass for
memories that contradict identity/settings.
- V1 is a census tool: --publish writes a per-machine census to coord
(component selfcheck_<host>); fanout requests the fleet to self-check +
self-remediate + re-publish; aggregate derives the proposed baseline. No
machine ever fixes another.
Reviewed twice by the Code Review Agent; three CRITICAL coord-API bugs and the
CRLF false-WARN found and fixed, verified live against the coord API.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jq -r '.stdout' returns the literal string "null" when the API field is JSON
null, causing the RESULT: grep to fail and fire a false drift alert. Fixes:
- Use `.stdout // empty` so null becomes empty string
- Add FINAL_ST tracking; treat non-terminal status as INFRA-ERROR, not drift
- Increase poll window from 20x4s=80s to 30x4s=120s for slow commands
- Read .stderr and .exit_code; include them in the no-RESULT diagnostic
Live check 2026-06-02: KSTEENBB2025 is PASS (today's alert was a false positive).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
