ClaudeTools — Daily Show Notes

Gemini CLI on the Mac, Wolkin’s FRONT Gets a Checkup, and a Plan to Print From Anywhere

📅 June 6, 2026 👤 Mike Swanson 🖥 Mikes-MacBook-Air ⏱ ~2 hours

Gemini CLI GuruRMM Wolkin Tailscale macOS fix

In This Episode

Stood up the Mac as a second Gemini CLI fleet host for the AGY skill, fixed a macOS base64 bug in the GuruRMM onboarding diagnostic, ran a full security/health baseline on Wolkin’s FRONT PC (graded AMBER — 5 warnings), dispatched a reboot to clear a pending-update flag, and wrote up a Tailscale mesh-VPN plan for remote laptop-to-office printing.

Chapters

00:00

Gemini CLI joins the fleet

Installed @google/gemini-cli v0.45.1 via Homebrew npm, added a gemini block to identity.json with full AGY capabilities, and flagged the Mac as a fleet host. One step left: run gemini once to finish Google OAuth.

00:20

Two sync cycles

Pulled 15 then 17 commits — new AGY + Mailprotector skills, sync-lock.sh per-machine locking, human-flow scanner v2, Cascades Tucson GPO scripts, and a new IX server wiki article.

00:45

Wolkin FRONT diagnostic AMBER

First onboarding baseline for FRONT (Win 11 Home 25H2, ASUS P500MV). 0 critical, 5 warning, 14 info. Probe chunked into 4×24KB uploads, ran as SYSTEM, exit 0. Immutable JSON + Markdown baselines written.

01:20

Remote printing — Tailscale plan

Office is on Verizon residential (CGNAT, dynamic IP), so traditional VPN and port-forwarding are out. Picked Tailscale mesh VPN (WireGuard, free ≤100 devices) over GuruConnect, ScreenConnect redirect, cloud print, and DIY VPN. Deployment plan documented.

FRONT — Warning Findings

Defender Tamper Protection OFF — RTP on and signatures current, but tamper protection disabled. Enable via Intune/Security Center.
4 pending Windows updates — may include security patches; install next maintenance window.
2 disk errors in last 14 days (Event IDs 7/51/153) — run Check Disk / SMART. No BSODs or unexpected shutdowns.
Reboot pending (PendingFileRenameOperations) — reboot dispatched this session to clear it.
Group Policy Client (gpsvc) stopped — should auto-start even on workgroup machines; investigate. (Other stopped services — Dropbox/Google/Intel updaters — are benign.)

FRONT — The Good News

BitLocker enabled on OS volume (TPM + recovery password, 100% encrypted)
Defender active and only registered AV — no conflicts
All firewall profiles enabled; SMBv1 disabled; LAPS detected
No competitor/leftover RMM agents; ScreenConnect present as expected
OS supported until 2027-10-12; last hotfix KB5089573 (2026-05-27)

Tech Note — macOS base64 fix

BSD base64 (macOS) uses -i input with no wrap flag; GNU (Linux) uses -w0. The diagnostic script now tries BSD first, falls back to GNU, then a portable base64 < file | tr -d '\n' stdin path.

Follow-ups

Complete Gemini OAuth on the Mac (gemini interactively)
Fix identity.json machine name (“Mikes-MacBook-Air” vs hostname “Mac”)
Verify FRONT came back online after reboot
Remediate FRONT AMBER findings, then re-run diagnostic for a second baseline
Deploy Tailscale: enroll laptop in RMM, install on both, share printer, test print, vault creds

Show Links

clients/rswolkin/onboarding-baselines/FRONT-20260606T133142.json — immutable snapshot
clients/rswolkin/onboarding-baselines/FRONT-20260606T133142.md — human report
clients/rswolkin/remote-printing-tailscale-plan.md — deployment plan
.claude/scripts/run-onboarding-diagnostic.sh — base64 portability fix