# Error Log Brief records of preventable, pattern-worthy events across the fleet — used to improve skills, write better CLAUDE.md rules, and clean stale/misleading memory. The aim: never pay tokens twice for the same avoidable mistake. Append newest at the top; keep entries to 1-2 lines. **Always write via the helper, never by hand:** `bash .claude/scripts/log-skill-error.sh "" "" [--correction|--friction] [--context "k=v"]` Format: `YYYY-MM-DD | MACHINE | command/skill/context | [type] error (brief) [ctx: ...]` Categories (the `[type]` tag): _(none)_ = skill/command execution failure · `[correction]` = user corrected an improper assumption I made · `[friction]` = preventable self-inflicted token-waste (harness/env/tool misuse; cite a `ref=` in ctx when it repeats a documented gotcha — that flags a rule/memory to strengthen). --- 2026-06-30 | Howard-Home | remediation-tool/exchange-op | [friction] Add-MailboxPermission -AutoMapping $true silently rolled back the FullAccess grant for 2 of 4 delegates (cmdlet echoed [FullAccess] success but Get-MailboxPermission showed NONE); a failed msExchDelegateListLink write aborts the whole Add transaction. Fix: re-add with -AutoMapping $false (FullAccess then persists); set automapping separately/interactively if auto-attach is required. [ctx: tenant=cascadestucson.com mailbox=tamra.matthews app=ComputerGuru-Exchange-Operator] 2026-06-30 | Howard-Home | /syncro | [correction] invoiced 'Windows Pro Upgrade' line items (Cascades 67887/67890) with blank CATEGORY; product_category was null and I billed it anyway — correct is to pre-flight GET /products/, never invoice a null/blank category, and never invent one (use existing set e.g. Software) [ctx: ref=feedback_syncro_line_item_category invoices=67887,67890 product=23571919] 2026-06-30 | Howard-Home | rmm/printer-map | [friction] Add-Printer -ConnectionName in user_session = HRESULT 0x800702e4 ELEVATION_REQUIRED (Point-and-Print); agent watchdog times out on the interactive UAC prompt. Use WScript.Network.AddWindowsPrinterConnection + have a user at console approve, or pre-stage driver/connection as SYSTEM 2026-06-30 | Howard-Home | rmm/powershell | [friction] literal UNC backslashes (hostshare) in a jq-built PS payload got mangled to a single backslash -> Add-Printer 'invalid name'; fix: build UNC with [char]92 instead of literal backslashes [ctx: ref=feedback_windows_quote_stripping host=RECEPTIONIST-PC] 2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=fw-list] 2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=fw-list] 2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=audit] 2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run] 2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run] 2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run] 2026-06-30 | GURU-5070 | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}] 2026-06-30 | Howard-Home | bash/env | [friction] Bash tool default timeout 120000ms cut off long RMM watch loops twice; set timeout param to 600000 for multi-minute monitoring. 2026-06-30 | Howard-Home | powershell/env | [friction] "C:.~BT" in a double-quoted PS string expands $WINDOWS to empty -> C:.~BT; Test-Path falsely reports folder missing. Fix: backtick-escape (`$) or single-quote the path. 2026-06-29 | GURU-5070 | remediation-tool/graph | [friction] Tenant Admin app 403s on group DELETE (has GroupMember write, not Group.ReadWrite.All); use User Manager app for M365 group deletion [ctx: tenant=birthbiologic op=group-delete] 2026-06-29 | GURU-5070 | rmm/rsync-cygwin | [friction] cwRsync (cygwin) on AD2 misreads a Windows 'C:path' DESTINATION as a remote host; pulls silently fail. Use /cygdrive/c/... for local src AND dst [ctx: host=AD2 ref=dataforth-dos-sync] 2026-06-29 | GURU-5070 | graph/sharepoint-upload | BirthBio media upload: all 10 large files failed at chunk 0 (connection closed on send + 503) with 60MB chunks; docs OK [ctx: site=birthbiologic chunk=60MB fix=reduce-to-10MiB+retry] 2026-06-29 | GURU-5070 | rmm/user-management | [correction] Claimed GuruRMM has no built-in user-password action; it DOES - the per-agent User Manager tab (Users/Groups) manages local + domain (on a DC) + AAD users: reset_password, set_enabled, set_password_never_expires, add/remove_from_group. Used raw Set-ADAccountPassword PowerShell instead (which also leaked the pw into command history). [ctx: endpoint=/api/agents/{id}/users + /users/action component=UserManagerTab.tsx] 2026-06-29 | GURU-5070 | remediation-tool | [correction] assumed 'AD account' meant Entra/M365 account; user meant ON-PREM AD. 365/email stays disabled; on-prem handled separately (no ADsync - cloud-only user). [ctx: client=VWP user=teresa@valleywideplastering.com] 2026-06-29 | Howard-Home | discord-dm | Discord send to howard (DM) failed [ctx: http=400 resp={"message": "Invalid Form Body", "code": 50035, "errors": {"content": {"_errors"] 2026-06-29 | GURU-5070 | remediation-tool/reset-password.sh | [friction] JIT de-elevation can never succeed: an app-only SP cannot remove its OWN Privileged Authentication Administrator assignment ('no privilege to remove self'). Every admin-account reset leaves standing PAA on the ComputerGuru Tenant Admin SP; requires a human Global Admin to remove. Likely also left PAA on birthbiologic.com (2026-06-08). [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f sp=fccda86c-77ca-4248-b876-b0cdba8605d4 role=PrivilegedAuthAdmin fix=PIM-or-second-principal-or-human-GA] 2026-06-29 | GURU-5070 | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f assignment=ikzke6-tKk6E1qsmSeCKE2yozfzKd0hCuHawzbqGBdQ-1 http=400] 2026-06-29 | GURU-5070 | syncro/billing | [friction] created invoice on ticket with pre-existing unbilled line item without checking first; invoice swept a prior 5.0h migration charge + my 1.0h, deducting 6.0h from prepaid block (10->3 total, intended 2). ALWAYS GET /tickets/{id} .line_items before POST /invoices on a prepaid customer [ctx: client=birth-biologic ticket=32187 invoice=1650837688] 2026-06-29 | GURU-5070 | remediation-tool/birthbiologic | [correction] assumed MX still on Google (per 06-26 docs); actual: MX cut to M365 (birthbiologic-com.mail.protection.outlook.com) on Sat 2026-06-27 — verify MX live, don't trust stale migration-scope docs [ctx: client=birth-biologic] 2026-06-29 | GURU-5070 | rmm/windows-fileaudit | [friction] OneDrive cloud-only files at >=260-char paths can't be header-read: Graph driveItem-by-path 404s them and local [IO.File]::Open fails (MAX_PATH) even with ? prefix and AppContext UseLegacyPathHandling/BlockLongPaths switches; need robocopy/SPMT (long-path native) for those [ctx: host=ACG-DWP-X-BB count=89 client=birth-biologic] 2026-06-29 | GURU-5070 | rmm/bash | [friction] passed ~20KB base64 inline via jq --arg in command line -> 'Argument list too long'; should stage data on the endpoint (it already had the CSV) or chunk-upload, never inline-pass large blobs [ctx: ref=CLAUDE.md windows-rules; host=ACG-DWP-X-BB] 2026-06-29 | GURU-5070 | migration/datto-to-sharepoint | 2026-06-26 SharePoint push corrupted files: byte array stringified ('$bytes') so each file written as space-separated DECIMAL TEXT instead of binary (xlsx '80 75 3 4...', pdf '37 80 68 70...'); format-agnostic, ~15 local + up to ~3298 cloud-only files modified 06-26; Datto source intact [ctx: client=birth-biologic host=ACG-DWP-X-BB vector=base64/stdout-capture-upload fix=use OneDrive-sync/SPMT or [IO.File]::WriteAllBytes] 2026-06-29 | Howard-Home | cascades/SG-Caregivers | [correction] assumed adding Feller + Nyanzunda to SG-Caregivers per 6/4 worklist; correct is group = frontline caregivers ONLY, exclude admins/managers/admin-adjacent (Feller PA-remote, Nyanzunda MC admin asst) do NOT go in 2026-06-29 | Howard-Home | rmm/coord | [friction] 172.16.3.30 unreachable from Howard-Home (RMM :3001 + coord :8001 dead; Cascades VPN up) — ACG-internal route down [ctx: ref=cascades-caregiver-group-task] 2026-06-29 | Howard-Home | rmm/powershell | [friction] used $pid as a variable in remote PS script; $PID is a reserved automatic variable (current process id) so the .zip ProgID read was clobbered (showed 16044). Use a non-reserved name e.g. $zipProg [ctx: ref=feedback_windows_quote_stripping-style-PS-gotchas] 2026-06-29 | Howard-Home | rmm/rednour-legalasst | [correction] assumed LEGALASST was the cloned machine; correct is that CARRIE'S machine was cloned (to host rednourcarrievirt) and LEGALASST is EMMA'S machine (not cloned). Emma's drives X/Y/Z were remapped today to ednourcarrievirt [ctx: client=rednour host=LEGALASST] 2026-06-29 | Howard-Home | rmm-auth/tailscale | [friction] RMM+coord unreachable (http=000); tailscaled service RUNNING but backend stuck in NoState after restart -> 172.16.3.30 unping-able from HOWARD-HOME [ctx: ref=remote-diag fix=tailscale-relogin] 2026-06-29 | Howard-Home | rmm-auth | RMM login failed (no token returned from /api/auth/login) [ctx: url=http://172.16.3.30:3001 resp=] 2026-06-29 | Howard-Home | rmm-search | RMM auth failed via rmm-auth.sh (no TOKEN/RMM) 2026-06-29 | Howard-Home | rmm-search | RMM auth failed via rmm-auth.sh (no TOKEN/RMM) 2026-06-29 | Howard-Home | save/rmm-scratch | [friction] wrote RMM command-id scratch files (.netprobe_id, .stage_id, etc.) to repo root C:/claudetools; .netprobe_id got swept into a sync commit by git add -A and needed git rm. Use the session scratchpad dir for transient IDs, not the repo root. [ctx: ref=feedback_tmp_path_windows] 2026-06-28 | Howard-Home | rmm/spec-015-safeboot | [friction] safe-mode survival test stranded DESKTOP-MS42HNC: (a) registering only GuruRMMAgent/Watchdog in SafeBootNetwork is insufficient for the agent to connect in Safe Mode (needs network-stack deps e.g. BFE/Dnscache/CryptSvc); (b) Task-Scheduler dead-man does NOT fire in Safe Mode so auto-revert failed -> required manual console recovery [ctx: host=DESKTOP-MS42HNC spec=SPEC-015 fix=use-a-service-not-schtasks-for-revert test-only-on-disposable-VM] 2026-06-28 | Howard-Home | rmm/powershell-discovery | [friction] broad '*.log' Get-ChildItem on C:WindowsTemp pulled a 157KB Office C2R telemetry log into command output, wasting tokens; scope log searches to the specific filename (mccleanup.log) or a tight -Filter, not *.log 2026-06-27 | GURU-5070 | sync/bash-timeout | [friction] sync.sh SIGTERM'd at 2min: Bash tool default 120s timeout collides with sync.sh's ~120s lock-wait window (exit 143). Fix: invoke sync.sh with Bash timeout >=180000ms so it can acquire the lock or cleanly exit 75 2026-06-27 | GURU-5070 | syncro/bot-alert | [friction] posted bot-alert without the mandated '-> ' tail; format is [SYNCRO] #num (cust) - summary -> https://computerguru.syncromsp.com/tickets/ [ctx: ref=syncro.md#post-to-bot-alerts] 2026-06-27 | GURU-5070 | birthbio/datto-sharepoint | [correction] assumed 'reappearing' files were a Datto two-way-sync resurrection from the transfer VM; correct: they were stale copies left in SharePoint since the April additive push (deleted from Datto later, never removed from SP). Mirror cleanup removed them. 2026-06-27 | GURU-5070 | bash/background-poller | [friction] background poll script used $0-relative temp files ($0.l.json etc.) for curl --data-binary @file; under run_in_background $0 didn't resolve to a writable path so every poll errored + it never detected completion. Fix: use absolute scratchpad paths in background scripts, not $0-relative 2026-06-26 | Howard-Home | syncro/billing | [correction] hand-rolled add_line_item API calls from memory instead of using the /syncro skill; malformed tickets reached Winter for cleanup. Correct: route ALL Syncro billing/invoicing through the skill. Generalized to a CORE skill-first rule. [ctx: rule=skill-first memory=feedback_skill_first_routing tickets=#32193,#32194] 2026-06-26 | Howard-Home | bash/env | [friction] used relative .claude/scripts/rmm-auth.sh after an earlier cd into a skill scripts dir (cwd persists across Bash calls) -> 'No such file or directory'; fix: cd /c/claudetools first or use absolute paths [ctx: ref=2026-06-25-edr-rollout cwd-drift note] 2026-06-26 | Howard-Home | rmm/bash-quoting | [friction] REPEAT (same session, day after logging it): used doubled single-quotes ('') around a PowerShell registry path inside a single-quoted bash $SCRIPT again -> 'Windows NT' path space broke the read. Fix is known (double-quotes inside). Rule from feedback_windows_quote_stripping not sticking under flow - consider always building PS scripts via a heredoc to a var, never inline single-quoted with embedded quotes. [ctx: ref=feedback_windows_quote_stripping repeat=2] 2026-06-26 | Howard-Home | discord-dm | Discord send to howard (DM) failed [ctx: http=400 resp={"message": "Invalid Form Body", "code": 50035, "errors": {"content": {"_errors"] 2026-06-26 | GURU-5070 | output/style | [correction] used emoji in responses despite CLAUDE.md NO-EMOJIS rule; Mike corrected. Use ASCII markers only [ctx: ref=CLAUDE.md-key-rules] 2026-06-26 | GURU-5070 | rmm | [correction] bypassed /rmm skill (raw API via Windows curl due to broken git-bash curl) and skipped the mandatory [RMM] #dev-alerts post on write ops; alert is required regardless of dispatch method 2026-06-26 | GURU-5070 | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}] 2026-06-26 | GURU-5070 | bash/env | [friction] git-bash /mingw64/bin/curl quarantined by Windows Defender -> RMM helpers (rmm-ps.sh/rmm-auth.sh) fail 'Permission denied'; workaround use C:/Windows/System32/curl.exe [ctx: machine=GURU-5070 fix=defender-exclusion-on-git-mingw64-bin] 2026-06-26 | Howard-Home | rmm/smb-testing | [friction] RMM-dispatched net use/net view/Test-Path/Get-SmbConnection are UNRELIABLE for SMB client testing - they fail with error 67 / RPC 1702 / 'none' even for KNOWN-GOOD targets (Karen's NAS she uses daily; Crystal had a live 5-open-file server session but Get-SmbConnection via RMM showed none). The agent-injected process lacks the user's real network-logon session. Wasted a long investigation treating these artifacts as a CS-SERVER SMB outage; server truth (Get-SmbSession) showed 7 live users + 30 open files + new sessions. VALIDATE SMB with Get-SmbSession server-side or a REAL interactive test, never RMM-dispatched client cmds. [ctx: host=CS-SERVER client=cascades ref=drive-map-verify] 2026-06-26 | GURU-5070 | agy/gemini | gemini CLI headless failed: throwIneligibleOrProjectIdError / _doSetupUser (auth-eligibility, needs interactive re-login) [ctx: task=verify-gws-migration-scopes] 2026-06-26 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err= at process.processTicksAndRejections (node:internal/process/task_queues:104:] 2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: grant_app_role appRoleAssignment failed [ctx: role=bf394140-e372-4bf9-a898-299cfc7564e5 msg=Resource '161b8f61-5c16-4e1a-9a23-4bb7076b0946' does not exist or one of its que] 2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: grant_app_role appRoleAssignment failed [ctx: role=6931bccd-447a-43d1-b442-00a195474933 msg=Resource 'bab4699b-32a3-4434-9cad-7a4a08cc4d9e' does not exist or one of its que] 2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: grant_app_role appRoleAssignment failed [ctx: role=df021288-bdef-4463-88db-98f22de89214 msg=Resource 'bab4699b-32a3-4434-9cad-7a4a08cc4d9e' does not exist or one of its que] 2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: failed to acquire Tenant Admin token [ctx: tenant=19a568e8-9e88-413b-9341-cbc224b39145 exit=3] 2026-06-26 | Howard-Home | rmm/cascades-cs-server | [correction] assumed CS-SERVER AV was GravityZone Bitdefender (used bitdefender skill, chased tamper password); actually DattoAV / Endpoint Protection SDK at C:Program Filesinfocytegentdattoav, managed by Datto RMM (CagService) + HUNTAgent. GravityZone removal did nothing; rtp1/rtp2 minifilters re-arm on boot (reverted Start=4->1). rtp1 attached to DeviceNamedPipe = breaks SMB IPC$/RPC 1702. [ctx: host=CS-SERVER client=cascades] 2026-06-26 | Howard-Home | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}] 2026-06-26 | Howard-Home | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}] 2026-06-26 | Howard-Home | drive-map | drive-map verify failed on DESKTOP-LPOPV30 [ctx: cmd=e932bc94-0557-4913-a0b1-c97c1aa5da26] 2026-06-26 | Howard-Home | drive-map | drive-map verify failed on DESKTOP-LPOPV30 [ctx: cmd=18fec38b-8fae-4a1b-a3d8-5b90b124dbc2] 2026-06-26 | Howard-Home | drive-map | drive-map verify failed on DESKTOP-LPOPV30 [ctx: cmd=82aa3177-558e-464e-ab75-81f8f7d7f3cc] 2026-06-26 | GURU-5070 | remediation-tool | [correction] claimed no tier has mail read/write and reached for an EWS workaround; correct: exchange-op (Exchange Operator app) = Exchange Administrator role + full_access_as_app + Exchange.ManageAsApp = full all-access for ANY mailbox/Exchange op including moving mail [ctx: tenant=tedards.net recurring=true ref=feedback_exchange_op_all_access] 2026-06-26 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120] 2026-06-26 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml] 2026-06-26 | Howard-Home | rmm/bash-quoting | [friction] doubled single-quotes ('') inside a single-quoted bash $SCRIPT collapse the string, leaving a PowerShell registry path with a space unquoted (Windows NT) -> read fails, ErrorActionPreference=Stop aborts before changepk. Fix: use double-quotes for paths inside the single-quoted bash heredoc, never doubled single-quotes. [ctx: ref=feedback_windows_quote_stripping] 2026-06-25 | GURU-5070 | vault/display | [friction] echoing a vault entry, sed line-redaction missed the multi-line JSON private_key (matched 'key:' not 'private_key": "') and printed the full SA private key; when displaying vault entries use vault.sh get-field for named fields or drop the entire credentials: block, never a line-regex over JSON credential blobs 2026-06-29 | GURU-BEAST-ROG | mailprotector | HTTP 404 POST https://emailservice.io/api/v1/users/find_by_address: "Not found" [ctx: cmd=find-user] 2026-06-26 | GURU-BEAST-ROG | email-investigation | [correction] assumed tedards.net also uses GuruProtect/Inky; correct: only ACG uses Inky for inbound. Tedards routes directly to Exchange Online. 2026-06-26 | Howard-Home | rmm/acl | [friction] Set-Acl/icacls ACL propagation on a large folder tree (Carrie Documents) exceeded the RMM command timeout twice; because stdout is dropped on timeout, a randomly-generated password printed in the same script was lost each time. Fix: generate the password LOCALLY (retain it) and inject via placeholder, and run ACL propagation as a separate long-timeout (>=600s) command isolated from any value you need back. [ctx: host=REDNOURCARRIEVI skill=rmm op=Set-Acl] 2026-06-25 | Howard-Home | wiki-compile | [friction] Sonnet subagent hit 32k output-token cap regenerating full ~600-line article via Write; wrote nothing [ctx: fix=targeted staged edits of deltas for large existing articles, not full regen] 2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=raw] 2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=agent] 2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=agent] 2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 412: {"error":{"statusCode":412,"message":"column reference "id" is ambiguous"}} [ctx: cmd=scan] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml] 2026-06-25 | Howard-Home | datto-edr | [friction] EDR scan endpoints from Infocyte module (targets/{id}/scan, targets/scan, scans) all 404 on Datto EDR tenant; working trigger is POST /Agents/scan {ids:[...]} but 'Scan - EDR' is TENANT-WIDE (empty/ids body scanned 156 hosts); cancel via POST /userTasks/{id}/cancel (204) [ctx: skill=datto-edr tenant=azcomp4587] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=255) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=255) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'groups' failed (rc=127) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'users' failed (rc=127) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=1) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'users' failed (rc=127) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'shares' failed (rc=1) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=1) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=1) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'groups' failed (rc=127) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'users' failed (rc=127) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'shares' failed (rc=1) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | memory-dream | orphan detector mis-parses index lines containing [[wikilink]] text: flags feedback_broken_backlinks_are_writeme_markers.md as orphan despite being indexed (L174), so --apply-safe appends duplicate index lines every run. Fix: match orphan on the ](.md) link target, not the rendered link text. [ctx: skill=memory-dream file=scripts/memory_dream.py recurring=yes] 2026-06-25 | GURU-5070 | remediation-tool/EOP | [friction] checking ACG own-tenant EOP quarantine: reached for investigator-exo (401 - Exchange Admin role only on Exchange OPERATOR SP, not Investigator), then RecipientAddress needs JSON array not string (400); skill has no EOP/quarantine section at all [ctx: ref=feedback_exchange_role_recurring_gap] 2026-06-25 | GURU-5070 | sync/tailscale | [correction] diagnosed 172.16.3.x unreachable as transient blip; real cause was Tailscale node KEY EXPIRY on the subnet-router node (pfSense advertising 172.16.0.0/22) dropping it off the tailnet [ctx: fix=disabled key expiration on the node; symptom=internet OK but whole 172.16.3.x dead] 2026-06-25 | GURU-5070 | sync/gitea | fetch failed: could not connect to 172.16.3.20:3000 (Gitea unreachable, exit 128) [ctx: host=172.16.3.20:3000 machine=GURU-5070] 2026-06-25 | Howard-Home | remediation-tool/reset-password.sh | JIT cleanup cannot self-remove: after elevating the Tenant Admin SP to Privileged Authentication Administrator to reset a password, the DELETE of that role assignment is performed BY the same SP and Graph blocks it (HTTP 400 'Removing self from built-in role is not allowed'), leaving a STANDING PAA role on the SP - needs a Global Admin/portal removal; script should detect this and surface portal steps instead of a bare WARNING [ctx: tenant=cascadestucson SP=ComputerGuru-Tenant-Admin role=PrivilegedAuthAdmin] 2026-06-25 | Howard-Home | rmm/dispatch | [friction] embedded escaped quotes " , " in a PowerShell -join inside the jq/heredoc dispatch chain caused a parse error (script failed pre-exec, wasted one dispatch); fix: build strings with + concatenation or [char]44, never escaped quotes in RMM PowerShell payloads [ctx: ref=feedback_windows_quote_stripping] 2026-06-25 | Howard-Home | wiki-compile/gururmm | [correction] characterized SPEC-030 software uninstall as SHIPPED/working capability; correct is BETA, merged+deployed but NOT guaranteed to work (many uninstallers fail: AV, Launchy/AIMP, drivers) 2026-06-25 | Howard-Home | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=207fa277-e9d8-4eb7-ada1-1064d2221498 assignment=ikzke6-tKk6E1qsmSeCKE6mJ-qU1txBOtmTwQuJl0Tc-1 http=400] 2026-06-25 | Howard-Home | synology/ls | [friction] ls arg mangled by MSYS path-conversion (/Public -> C:/Program Files/Git/Public) before Python sees it; FileStation list also 407-denied for admin anyway. Fix: use call folder_path=/x (= form not converted) or MSYS_NO_PATHCONV=1; real file browsing via SSH backend. [ctx: ref=feedback_tmp_path_windows os=windows] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=2) [ctx: host=192.168.0.120] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 401) [ctx: err={"code": 401}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.CheckExist.check failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.CheckExist.check failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}] 2026-06-25 | Howard-Home | synology | SYNO.Core.Service.list failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | synology | SYNO.Core.Service.query failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | synology | SYNO.Core.Service.get_service failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | synology | SYNO.Core.Service.list_service failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | synology | SYNO.Core.Service.enum failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | synology | SYNO.Core.Service.list failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | bash/reachability-probe | [friction] /dev/tcp TCP probe falsely reported host DOWN on Windows MSYS while device was UP; wasted a cycle. Fix: don't trust /dev/tcp on Git-bash Windows for reachability — use the actual client (python urllib) or curl --max-time. 2026-06-25 | Howard-Home | synology | SYNO.Core.QuickConnect.get failed (code 103) [ctx: err={"code": 103}] 2026-06-25 | Howard-Home | bash/background | [friction] run_in_background shell does not inherit $TMPDIR -> empty path, exit 127; use absolute paths in detached scripts [ctx: ref=feedback_tmp_path_windows] 2026-06-24 | Howard-Home | unifi-wifi/live-stats | [friction] rapid successive controller logins -> HTTP 403 lockout; reuse one session/save JSON instead of re-auth per query [ctx: host=172.16.3.29:11443 site=va6iba3v] 2026-06-24 | Howard-Home | rmm/cascades-cs-server | [correction] led with a 9-day-stale wiki '[CRITICAL] degraded RAID / failing drive' flag and recommended drive replacement (SSDs were purchased, tech went onsite to hot-swap); a LIVE Dell OMSA omreport query then showed the OS mirror had self-recovered and is healthy (all 5 disks Online, all LEDs green), and the '5th unused drive' was actually the global hot spare. Always pull live OMSA/iDRAC before acting on a stale hardware flag; Windows Get-PhysicalDisk cannot see RAID member health. [ctx: ref=feedback_verify_live_before_acting host=CS-SERVER tag=9MQFTK1] 2026-06-24 | Howard-Home | process/client-deliverables | [correction] did not gate outbound client/vendor deliverables through the impeccable skill; rule: run impeccable on anything sent externally 2026-06-24 | Howard-Home | syncro/ticket-create | [correction] created #32193/#32194 with priority 'Normal' instead of Syncro's canonical number-prefixed '2 Normal'; the value did not match the priority dropdown so it displayed blank (Winter flagged it). Always set priority as 'N Name' (e.g. '2 Normal','4 Urgent') AND a valid problem_type (Onsite/Remote/etc.) on every ticket create via the syncro skill. [ctx: ref=syncro-skill priority-format] 2026-06-24 | Howard-Home | rmm/dispatch | [friction] UNC double-backslash in heredoc+jq RMM command got mangled to single backslash (cs-server -> cs-server), causing net use error 67 and net-use hangs that looked like a missing/broken share; single-backslash local paths (D:Shares) were unaffected. Fix: build UNC from [char]92 at runtime ($bs=[char]92; $unc="{0}{0}server{0}share" -f $bs) so no literal backslash traverses the dispatch chain. [ctx: ref=feedback_windows_quote_stripping] 2026-06-24 | GURU-5070 | syncro/billing-prepay | [friction] customer SEARCH endpoint returned prepay_hours=null so preview wrongly said 'no block / $300'; the customer actually had a 20.5h block. ALWAYS read prepay via GET /customers/{id} (full record), never the search-list field [ctx: cust=14232794 ticket=32455] 2026-06-24 | GURU-5070 | unifi-wifi/controller-rest | [friction] CSRF token missed because read via dict(resp.headers) (case-sensitive); UniFi returns X-Csrf-Token mixed-case -> PUT got 403. Use resp.headers.get() (case-insensitive) to capture X-CSRF-Token/X-Updated-Csrf-Token 2026-06-24 | GURU-5070 | unifi-wifi/gw-control block-ips | [friction] block-ips clones an existing WAN_IN rule's schema; if it clones the PPTP GRE rule it creates a DROP rule with proto=gre -> ineffective against TCP/UDP brute-force. Had to PUT protocol=all. Fix: block-ips should force protocol=all on the new rule 2026-06-24 | GURU-5070 | vault/get-field | [friction] get-field password returned a wrong 4-char value (not credentials.password) -> caused 401 login; always use the FULL dotted path credentials.password, don't rely on bare key [ctx: ref=errorlog 2026-06-22 gitea same class; entry=uos-server-network-api-rw] 2026-06-24 | GURU-5070 | agy/ask-gemini | gemini CLI auth/setup failure (throwIneligibleOrProjectIdError, _doSetupUser) - empty response after 3 attempts; needs interactive 'gemini' re-login [ctx: task=factorio-research] 2026-06-24 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err= at process.processTicksAndRejections (node:internal/process/task_queues:104:] 2026-06-23 | Howard-Home | unifi-wifi/gw-sitemanager | Site Manager API call failed (HTTP 403) [ctx: path=/v1/connector/consoles/1C6A1B1BC2470000000008B8D1B50000000009302B160000000067A67E3A:1341833834/proxy/network/integration/v1/sites] 2026-06-23 | Howard-Home | unifi-wifi/gw-sitemanager | Site Manager API call failed (HTTP 403) [ctx: path=/v1/connector/consoles/1C6A1B1BC2470000000008B8D1B50000000009302B160000000067A67E3A:1341833834/proxy/network/self/sites] 2026-06-23 | Howard-Home | unifi-wifi/gw-sitemanager | Site Manager API call failed (HTTP 403) [ctx: path=/v1/connector/consoles/1C6A1B1BC2470000000008B8D1B50000000009302B160000000067A67E3A:1341833834/proxy/network/api/s/default/stat/device] 2026-06-23 | GURU-BEAST-ROG | syncro-emergency-billing | [correction] used onsite emergency rate (62.50) instead of in-shop emergency rate (25.00); correct rates: in-shop=25.00/hr, onsite=62.50/hr 2026-06-23 | GURU-BEAST-ROG | syncro/billing | Syncro API has no delete or update endpoint for line items — add_line_item is the only confirmed write method. Cannot correct a line item price via API; requires manual UI deletion. [ctx: ticket=32447 line_item_id=42988553] 2026-06-23 | GURU-5070 | rmm/vwp-qbs-firewall | [correction] treated VWP-QBS firewall-disabled as an oversight to re-enable promptly; correct: it's intentionally OFF until VWP testing completes - leave it, do not re-flag [ctx: client=valleywide host=VWP-QBS] 2026-06-23 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run] 2026-06-23 | Howard-Home | bash/json-test-data | [friction] Git-Bash heredoc (even quoted <<'EOF') wrote C: as single backslash -> invalid JSON -> PS engine threw 'Unrecognized escape sequence' exit 3; fix: build JSON test files via PowerShell ConvertTo-Json, not bash heredocs [ctx: ref=feedback_tmp_path_windows] 2026-06-23 | GURU-5070 | vault/sops | [friction] sops -e -i run from repo dir not vault dir -> 'no creation rules', wrote SECRET in PLAINTEXT to vault file; fix: cd into vault root (or use --config) before sops -e so .sops.yaml path_regex matches [ctx: ref=vault skill] 2026-06-23 | GURU-5070 | mailbox/graph | POST messageRules 403 ErrorAccessDenied - ComputerGuru Mailbox app (1873b1b0) has Mail.ReadWrite but not MailboxSettings.ReadWrite; inbox-rule creation needs MailboxSettings.ReadWrite [ctx: mbx=rua@azcomputerguru.com] 2026-06-23 | GURU-5070 | discord-dm/screenconnect-ps | [friction] handed Mike a PowerShell one-liner with embedded double-quotes to paste into ScreenConnect's command runner; SC strips the quotes (same CommandLineToArgvW class as curl.exe/plink) so 'native' parsed as a cmdlet and the quoted exe path broke. Fix: for any PS command delivered through a quote-mangling layer (ScreenConnect cmd box, curl.exe, plink), use -EncodedCommand (UTF-16LE base64) — no quotes to strip. [ctx: ref=feedback_windows_quote_stripping] 2026-06-23 | Howard-Home | gururmm/uninstall-engine | [friction] live-tested with -List-shaped targets (which include install_location) -> masked a StrictMode crash that only occurs with the server's UninstallTarget shape (no install_location); always re-test the destructive path with the ACTUAL caller/serialized shape 2026-06-22 | Howard-Home | gururmm/uninstall-engine | [correction] assumed AnyDesk needs remote removal; it has UninstallString '...AnyDesk.exe --uninstall' and supports --silent, so it is silently removable -- added vendor rule 2026-06-22 | Howard-Home | bash/json | [friction] hand-built JSON literal with C: backslashes collapsed to single backslash in Git-Bash (invalid JSON, ConvertFrom-Json failed); fix: build JSON with jq --arg / extract from existing valid json 2026-06-22 | Howard-Home | gitea/pr-api | PR create returned 'invalid token'; vault.sh get-field services/gitea credentials.api-token returned 4 chars (wrong field resolution) [ctx: repo=gururmm endpoint=172.16.3.20:3000] 2026-06-22 | Howard-Home | sync/submodules | [friction] Phase-3 'git submodule update --init --recursive' reset guru-rmm submodule to pinned commit, discarding feature branch + commits mid-build; fix: submodule_update_safe() skips branch/dirty submodules [ctx: ref=sync.sh:525 fixed] 2026-06-22 | Howard-Home | save/wiki-compile | [friction] /save Phase 3 emits 'project:guru-rmm' (from submodule dir name) but canonical wiki article is 'gururmm'; guru-rmm.md is a tombstone redirect. Map guru-rmm -> gururmm in the slug derivation. [ctx: ref=wiki-slug-tombstone proj=guru-rmm] 2026-06-22 | Howard-Home | gururmm/product-direction | [correction] assumed RMM should build native virus/malware removal; correct is: AV products do removal, RMM only monitors AV reports + sends commands to AV products, and RMM's own built-in value is helping techs find issues 2026-06-22 | Mikes-MacBook-Air.local | discord-dm/bot-alerts | [correction] used discord-dm for non-sensitive notification; correct approach: tag users in bot-alerts message (<@userid>) for team notifications, reserve DMs for sensitive info only 2026-06-22 | GURU-5070 | packetdial/vendor-model | [correction] conflated PacketDial/NetSapiens/OIT; correct: PacketDial = ACG's VoIP-dept brand, NetSapiens = the PBX platform, OIT/OITVOIP = white-label wholesaler running NetSapiens (api.ucaasnetwork.com) 2026-06-22 | GURU-5070 | packetdial | HTTP 400 DELETE https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/number-filters: {"code":400,"message":"The default answering rule cannot be deleted."} [ctx: cmd=unblock-numbers] 2026-06-22 | GURU-5070 | packetdial | HTTP 400 DELETE https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/number-filters: {"code":400,"message":"The default answering rule cannot be deleted."} [ctx: cmd=unblock-numbers] 2026-06-22 | GURU-5070 | packetdial | HTTP 400 GET https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/smsnumbers: {"code":400,"message":"Please include "domain" and "dest" or "number" fields"} [ctx: cmd=smsnumbers] 2026-06-22 | GURU-5070 | packetdial | HTTP 400 GET https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/smsnumbers: {"code":400,"message":"Please include "domain" and "dest" or "number" fields"} [ctx: cmd=smsnumbers] 2026-06-22 | GURU-5070 | packetdial | HTTP 400 POST https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/timeframes: {"code":400,"message":"All Days of Week timeframes should have at most 1 days of week entry."} [ctx: cmd=create-timeframe] 2026-06-22 | GURU-5070 | packetdial | HTTP 404 GET https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/devices: {"code":404,"message":"No Route Found [92]"} [ctx: cmd=raw] 2026-06-22 | Howard-Home | guruscan-test | upload failed [ctx: file=GuruScan.psm1 host=DESKTOP-MS42HNC] 2026-06-22 | Howard-Home | guruscan/GuruScan.psm1 | reboot-cleanup task registration fails: -DeleteExpiredTaskAfter on an AtLogOn trigger (no EndBoundary) => task XML invalid HRESULT 0x80041319; also non-terminating CIM error fell through to a false '[OK] task registered'. Fixed: removed DeleteExpiredTaskAfter, added -ErrorAction Stop + post-register verification [ctx: host=DESKTOP-MS42HNC fn=Register-ScannerCleanupTask] 2026-06-22 | Howard-Home | build/pipeline-status | [friction] reported BUG-021 Windows build as still-failing from a build-log snapshot; it had already been fixed (1dce66d) + gone green (v0.6.67) by report time. Re-check the LIVE last-built-commit marker vs origin/main (and the most recent build SUCCESS line, not just the last FAILED line) before asserting build status or escalating a build bug. [ctx: ref=stale-audit-base-friction proj=guru-rmm] 2026-06-22 | Howard-Home | guruscan/GuruScan.psm1 | HitmanPro exit-code misparse: real HitmanPro returns bitmask (exit 5 = 36 threats quarantined + reboot required) but code mapped only {1,2}; reported total_threats=0 reboot_required=False on a real 36-threat removal, so reboot-cleanup lifecycle never fired. Fixed: bit0=threats, bit4=reboot [ctx: host=DESKTOP-MS42HNC engine=HitmanPro-3.8.50] 2026-06-22 | Howard-Home | screenconnect/browser-automation | [friction] HOWARD-HOME: ff.py Firefox daemon won't launch (port 9333 dead, silent 60s timeout) AND cdp.py ModuleNotFoundError 'websocket' (websocket-client not installed) -> can't drive the SC website to build the access installer. Fix: pip install websocket-client; verify playwright firefox installed for ff.py. [ctx: machine=HOWARD-HOME tool=ff.py,cdp.py] 2026-06-22 | Howard-Home | deploy/cpanel | [friction] cPanel deploy served STALE files post-upload (opcache) - page showed only top buttons + api.php 403; fix: opcache_reset via one-off _oc.php hit through external-IP origin path (127.0.0.1 vhost 404s) then browser hard-reload 2026-06-22 | GURU-5070 | bash/cargo-windows | [friction] cargo check on Windows from Git-bash fails to LINK: GNU coreutils link.exe (MSYS) shadows MSVC link.exe on PATH -> 'link: extra operand' on build scripts. Not a code/dep issue. Prepend MSVC bin to PATH or build on the build host. [ctx: ref=windows-msys-path host=GURU-5070] 2026-06-22 | Howard-Home | ssh/windows | [friction] native Windows OpenSSH (System32 ssh.exe) SSH_ASKPASS fails 'CreateProcessW error:193' on a .sh askpass; for non-interactive password auth use MSYS bare 'ssh' (Git-for-Windows) which execs the shell askpass (as pfsense-ssh.sh does) 2026-06-22 | Howard-Home | ssh/php-cli | [friction] inline 'ssh root@host "php -r ..."' mangled (printed PHP usage) — nested bash->ssh->single-quote escaping strips the -r script; ship a base64'd .php file and run 'php file.php' instead [ctx: ref=feedback_windows_quote_stripping] 2026-06-22 | GURU-5070 | coord/purge-bash | [friction] jq-on-Windows emits CRLF: message IDs fed to a curl DELETE loop had trailing CR -> all 208 DELETEs returned HTTP 000 (broken URL). Fixed with tr -d CR + read trim. Repeat of documented gotcha. [ctx: ref=feedback_jq_crlf_windows] 2026-06-22 | GURU-5070 | coord/gururmm-merge-authority | [correction] assumed GuruRMM merges/deploys are Mike-only (held BUG-018 for Mike's go); correct is Howard can handle merges himself 2026-06-22 | Mikes-MacBook-Air.local | coord/check-messages.sh | [correction] broadcasts never marked read on server, only in local seen-file -> repeat on every session [ctx: fix: mark broadcasts read on server like personal messages] 2026-06-21 | Howard-Home | git/submodule | [friction] Did feature work directly in the SHARED guru-rmm submodule working tree while a CONCURRENT Claude session was active in it. The other session switched branches (fix/audit-cleanup -> bugfix/bug-019 -> detached) and repointed my branch ref mid-work, and the working tree ended up with BOTH sessions' uncommitted changes mixed together. Wasted a recovery cycle. FIX: when doing submodule feature work and other sessions may be live (the /save note warns 3-4 sessions share one tree), create an isolated 'git worktree add origin/main' FIRST, do all edits + commit + push-by-SHA there, then 'worktree remove' — never rely on the shared checkout's branch/HEAD surviving. Do NOT 'git checkout --' shared files to clean up (clobbers the other session's uncommitted work). [ctx: ref=git/submodule detached-HEAD + stale-audit friction] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.deletePackage]: The required parameter is missing : packageId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.deletePackage]: One or more parameters are not expected: packageName, companyId [ctx: cmd=delete-package] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: Missing name 'reportingInterval' in 'options' object [ctx: cmd=report-create] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createCustomRule]: Invalid value provided for "settings.target" field [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: The required parameter is missing : targetIds [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: The required parameter is missing : type [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone HTTP 429: 429 Too Many Requests

429 Too Many Requests


nginx
[ctx: cmd=blocklist-remove] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createRestoreEndpointFromIsolationTask]: This endpoint cannot be restored from isolation. It is either not isolated, cannot be isolated or a isolation task is already in progress. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createRestoreEndpointFromIsolationTask]: The required parameter is missing : endpointId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createIsolateEndpointTask]: The required parameter is missing : endpointId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createRestoreEndpointFromIsolationTask]: One or more parameters are not expected: endpointIds [ctx: cmd=unisolate] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createIsolateEndpointTask]: One or more parameters are not expected: endpointIds [ctx: cmd=isolate] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: You must specify a value for 'policyId' parameter. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=assign-policy] 2026-06-21 | Howard-Home | rmm-audit/submodule | [friction] Audit agents read the guru-rmm WORKING TREE which the background auto-sync had pinned at a stale gitlink (2e469f1, 5 commits behind origin/main). One MEDIUM finding (500-body info-disclosure, 17 sites) was ALREADY FIXED in main (commit 58c1a96) — wasted a fix attempt on already-fixed code. FIX: before any audit/analysis that reads the working tree, assert the submodule HEAD == origin/main (git rev-parse HEAD vs origin/main); if behind, checkout origin/main first OR have agents read 'git show origin/main:'. Always re-verify a finding against the real target ref before fixing. Root cause shared with the detached-HEAD friction: submodule pinned behind main + auto-sync resets the working tree to the stale gitlink. [ctx: ref=git/submodule detached-HEAD friction] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallSecurityAgentTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getTasksList]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.createUninstallTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createRemoveTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.removeClient]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.uninstallEndpoint]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createAgentUninstallTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallClientTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | git/submodule | [friction] Commits in the guru-rmm submodule landed on a DETACHED HEAD: a feature branch created via 'git switch -c' kept getting reset to the recorded gitlink commit (likely background auto-sync running submodule checkout in the superproject), so the branch never advanced and 'git push -u origin ' pushed the stale ref. Wasted a full re-diagnose+rebuild cycle. FIX: in submodules under auto-sync, don't trust local branch refs survive across tool calls. Commit, capture sha=$(git rev-parse HEAD), cherry-pick onto the known base if detached, and push by EXPLICIT sha: 'git push origin :refs/heads/'; then VERIFY with 'git ls-remote origin ' and a server-side worktree build. 2026-06-21 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=clients/cascades-tucson/pfsense-firewall act=showblock] 2026-06-21 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:9999 slug=cascades-tucson act=showblock] 2026-06-21 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=showblock] 2026-06-21 | Howard-Home | guruscan/whitelist-design | [correction] over-engineered whitelist as dynamic service-discovery; correct approach is a simple static hard list of install folders (scanners that support exclude-lists ignore listed folders; RKill won't, accepted) 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createCustomGroup]: The required parameter is missing : groupName [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createCustomGroup]: One or more parameters are not expected: name [ctx: cmd=make-group] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [push.sendTestPushEvent]: The required parameter is missing : eventType [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.updateIncidentNote]: The required parameter is missing : type [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.changeIncidentStatus]: The required parameter is missing : type [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.deleteCustomRule]: The required parameter is missing : ruleId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createCustomRule]: The required parameter is missing : name [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRestoreQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRemoveQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.getPackageDetails]: The required parameter is missing : packageId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [integrations.getIntegrationsList]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [licensing.getMonthlyUsagePerCompany]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [push.sendTestPushEvent]: The required parameter is missing : eventType [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.updateIncidentNote]: The required parameter is missing : type [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.changeIncidentStatus]: The required parameter is missing : type [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createCustomRule]: The required parameter is missing : name [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRestoreQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRemoveQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.getReportConfiguration]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.deleteReport]: The required parameter is missing : reportId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.getDownloadLinks]: The required parameter is missing : reportId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: The required parameter is missing : name [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.getPackageDetails]: The required parameter is missing : packageId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.setEndpointLabel]: The required parameter is missing : label [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.uninstallClientTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallRoleTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallClientTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createReconfigureClientTask]: The required parameter is missing : targetIds [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallTask]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createScanTaskByMailboxes]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetailsByIp]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsByPolicy]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.setEndpointLabel]: The required parameter is missing : endpointId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.createCompany]: The required parameter is missing : name [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.activateCompany]: The required parameter is missing : companyId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.deleteCompany]: The required parameter is missing : companyId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.getCompaniesList]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.getCompanyDetailsByUser]: The required parameter is missing : username [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.suspendCompany]: The required parameter is missing : companyId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.updateCompany]: The requested API method not found. [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.createCompany]: The required parameter is missing : type [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | guruscan/Download-Scanners.ps1 | exit 1: 'The property Count cannot be found' under Set-StrictMode when $manual/$failed summary has a single row (.Count on scalar) [ctx: host=DESKTOP-MS42HNC stage=download-summary] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [accounts.deleteAccount]: The required parameter is missing : accountId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [accounts.updateAccount]: The required parameter is missing : accountId [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [accounts.createAccount]: The required parameter is missing : email [ctx: cmd=raw] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint] 2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints] 2026-06-21 | GURU-KALI | remediation-tool/docs-drift | [friction] Mail.Send-already-in-suite kept resurfacing as 'broken/decision-needed' for 4 asks — root cause was gotchas.md saying 'suite has no mail scopes / mailbox BLOCKED' + a 'Decision 2026-06-15 NOT yet executed' block, contradicting feedback-memory line that the suite (exchange-op b43e7342) already holds Mail.Send. Fix: single authoritative truth across all live docs + headline in the feedback memory [ctx: ref=feedback_365_remediation_tool.md commit=f55b8d2] 2026-06-21 | GURU-KALI | mailbox/remediation-tool | [correction] assumed Mail.Send needs a separate app (fabb3421/Claude-MSP-Access); correct is Mail.Send ALREADY EXISTS in the 365 remediation app suite — docs hardwiring the deleted fabb3421 must be purged everywhere [ctx: ref=4th-time-asked] 2026-06-21 | HOWARD-HOME | bitdefender/selftest | [friction] gz.py main() logs EVERY GravityZoneError to errorlog, so selftest bad-id cases + discovery validation-probes (empty/invalid params) auto-spam ~20 expected "errors" per run. Fix: skip _log_skill_error for expected validation/not-found responses, or have selftest/raw set an env flag to suppress logging. [ctx: ref=do-not-log-expected-conditions] 2026-06-20 | Howard-Home | discord-dm/file-upload | [friction] Discord multipart attachment upload: (1) inline -F payload_json={json} -> 400 PAYLOAD_JSON_INVALID; (2) payload_json written to mktemp /tmp file -> Windows curl can't open MSYS /tmp path -> HTTP 000. Fix: write payload_json to a RELATIVE ./file and use -F 'payload_json=<./file;type=application/json' + -F 'files[N]=@path'. discord-dm.sh is text-only; consider adding an --attach flag. [ctx: ref=msys-tmp-path-mismatch tool=curl machine=HOWARD-HOME] 2026-06-20 | Mikes-MacBook-Air.local | harness-guard | [friction] mapfile not available on macOS bash 3.2; guard silently skips all checks [ctx: ref=.claude/scripts/harness-guard.sh line 28; bash 3.2 predates mapfile (bash 4.0); replace with bash 3.2-compatible while-read loop] 2026-06-19 | GURU-5070 | rmm/mspbackups cbb delete | cbb delete -g (generation purge) on Blaster2 Local destination is blocked: 'File deletion on backup storage is restricted due to your service provider policy'. Agent-side deletion of MSP360 backup data is disabled by the provider policy; MBS REST API (api.mspbackups.com) is monitoring-only (no plan/storage delete endpoints, probed 404). Reclaiming local backup space must be done in the MSP360 management console (lift the restrict-deletion policy and let 90-day retention purge, or delete old generations/legacy bunches there). 90-day retention WAS set successfully via cbb editBackupPlan/editBackupIBBPlan. [ctx: machine=GURU-5070 client=jimmy host=Blaster2] 2026-06-19 | GURU-5070 | rmm/onboard vault | [friction] stashed onboard vars in a scratch .env and sourced it; NAME=Jimmy Company (unquoted space) made 'source' exec the 2nd word as a command and left NAME unset -> vault file written with client: null. Fix: quote values when writing the env (printf '%s=%q'), or read back with grep|cut not source. [ctx: machine=GURU-5070 client=jimmy] 2026-06-19 | Howard-Home | ix/whm-api | [friction] WHM /json-api/cpanel UAPI Fileman get_file_content returned empty 'file' param (error: file does not exist); wasted calls. Fix: for IX cPanel file reads/edits use paramiko SFTP with root creds from vault infrastructure/ix-server, not the WHM UAPI file wrapper 2026-06-19 | GURU-5070 | coord/self-check publish | [friction] coord-queue.jsonl queued a census with an MSYS-mangled URL path (/api/coord/... -> C:/Program Files/Git/api/coord/...) AND was git-tracked (not gitignored), so a stale RED census propagated to the repo and could clobber a published GREEN if drained. Fix: gitignore .claude/coord-queue.jsonl; the queue writer must prefix the curl path with the full coord_api base or set MSYS2_ARG_CONV_EXCL/MSYS_NO_PATHCONV to stop path conversion. [ctx: machine=GURU-5070 ref=CLAUDE.md-softfail-queue] 2026-06-19 | Howard-Home | unifi-wifi/gw-sitemanager | find subcommand crashed: GET /v1/hosts -> HTTP 500, then JSON decode traceback (no graceful handling of non-JSON error body) [ctx: client=khalsa cmd=find] 2026-06-19 | Howard-Home | discord-dm | Discord send to howard (DM) failed [ctx: http=400 resp={"message": "Invalid Form Body", "code": 50035, "errors": {"content": {"_errors"] 2026-06-19 | GURU-BEAST-ROG | rmm-search | [friction] rmm-search.sh invoked bare python3 -> MS Store stub on Windows; fixed to use py.sh resolver [ctx: ref=py.sh-broadcast-9b1c5c39] 2026-06-19 | GURU-KALI | git/submodules | [friction] fresh claudetools re-clone: 'git submodule update --init --recursive' failed with 'could not read Username / terminal prompts disabled' for all https://git.azcomputerguru.com submodules; fix = set credential.helper=store GLOBALLY (local-on-superproject does NOT propagate to per-submodule child clone processes). ~/.git-credentials already had the cred. [ctx: ref=reclone-submodule-creds event=2026-06-18-restructure] 2026-06-18 | GURU-5070 | agy/search | gemini CLI threw ineligible/projectId setup error (throwIneligibleOrProjectIdError), empty response after 3 attempts [ctx: mode=search host=GURU-5070] 2026-06-18 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err= at process.processTicksAndRejections (node:internal/process/task_queues:104:] 2026-06-18 | Howard-Home | git/sync-temp-files | [friction] controller-query scratch (.sta.json/.dev.json/.q*) written to repo CWD got swept into the commit by sync.sh 'git add -A', then a stray locked .sta.json blocked the rebase. Fix: write API scratch OUTSIDE the repo (or use the already-ignored .tmp- prefix); gitignored the patterns [ctx: ref=howard-home /tmp friction family] 2026-06-18 | Howard-Home | rmm | [friction] agent returns exit -1 'Failed to execute command' on a ~7KB multi-line powershell body sent as one command; split into <2KB section scripts and each ran fine [ctx: host=DESKTOP-TRCIEJA agent=0.6.66] 2026-06-18 | GURU-5070 | coord/ad2-comms | [correction] tried to coordinate with the AD2 session via coord API msg+lock; AD2 is network-isolated (Gitea only, no coord API) so those were no-ops. ALL inter-session comms with AD2 must go via git /sync (committed notes/docs). 2026-06-18 | GURU-5070 | syncro | comment POST piped straight to jq failed with 'jq: parse error: Invalid numeric literal at line 1 col 10' and left it AMBIGUOUS whether the note posted (GET-verify showed it had NOT); per no-retry rule had to GET first, then re-post. Robust pattern that worked: jq -n payload to a file, POST with --data-binary @file, capture response to a file, then GET-verify by subject. Skill's curl|jq comment pattern should adopt this. [ctx: ticket=32441 skill=syncro pattern=curl-pipe-jq] 2026-06-18 | GURU-5070 | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#bot-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}] 2026-06-18 | GURU-5070 | ssh/ad2 | [correction] attributed AD2 SSH timeouts to a flaky VPN tunnel + my rapid scp/ssh bursts; real cause = OpenVPN adapter MTU 1500 vs tunnel PMTU ~1424 -> TCP MSS blackhole that drops bulk/scp segments (DF set) while small cmds pass. Fix: tunnel adapter MTU 1400 [ctx: ref=feedback_prefer_ssh_over_rmm] 2026-06-18 | GURU-5070 | bash/env | [friction] /tmp curl-write then Windows-python read mismatch; wrote .claude/tmp + absolute path fixed it [ctx: ref=feedback_tmp_path_windows] 2026-06-18 | Howard-Home | pfsense-ssh/logs | [friction] used clog on pfSense 25.07 logs (now plain-text ASCII) -> empty output -> wrongly concluded DHCP log was empty / dhcpd not serving; cost a hypothesis. Read pfSense 25.07 logs with tail/grep/cat directly, NOT clog [ctx: ref=reference_pfsense_25_07_ops client=cascades-tucson] 2026-06-18 | AD2 | vault | real vault.sh not found at resolved vault_path; vault read failed [ctx: path=D:/vault/scripts/vault.sh] 2026-06-18 | AD2 | vault | real vault.sh not found at resolved vault_path; vault read failed [ctx: path=D:/vault/scripts/vault.sh] 2026-06-17 | GURU-5070 | mailbox/365-mail | [correction] claimed in a prior session that /mailbox skill + memories were repointed off the deleted fabb3421 to the 365-mail suite, but mailbox.md still hardwired fabb3421 (token 401 AADSTS700016). Correct app is the dedicated ComputerGuru Mailbox app 1873b1b0 via get-token.sh 'mailbox' tier (cert auth); repointed mailbox.md + feedback_365_remediation_tool.md 2026-06-17. Lesson: verify the edit actually landed before reporting it done. 2026-06-17 | Howard-Home | wiki-compile/coord | [friction] skill doc Phase 6 shows 'lock release claudetools wiki//' but coord.py takes 'lock release '; wasted a round-trip. Capture the lock id from claim output and release by id. [ctx: ref=wiki-compile-skill] 2026-06-17 | Howard-Home | unifi/controller-write | [friction] UniFi OS controller PUT (rest/device port_overrides) returned 403 without CSRF. Fix: login with -D headers, read 'x-updated-csrf-token' (or decode csrfToken from TOKEN cookie JWT), send as X-CSRF-Token on PUT/POST/DELETE 2026-06-17 | Howard-Home | bash/env | [friction] Git-Bash /tmp path mismatch again: msys curl -o /tmp/x.json wrote where Windows python could not read it (FileNotFoundError). Fix: write API JSON to CWD-relative ./.x.json so curl+python share the path [ctx: ref=howard-home known /tmp friction] 2026-06-17 | Howard-Home | pfsense/cascades-voice-vlan | [correction] assumed new RFC1918 alias + DNS-to-firewall:53/123 rules + clone VLAN20 for VOICE isolation; correct is clone the GUEST VLAN (VLAN50/igc1.50, the only actually-isolated net: 3x literal-CIDR quick blocks + pass any) and hand out PUBLIC DNS 8.8.8.8/1.1.1.1 via DHCP. VLAN20 is NOT isolated; config.xml rules were mismapped/not matching live pfctl -sr [ctx: ref=voice-vlan-cutover.md; lesson=read pfctl -sr not just config.xml] 2026-06-17 | GURU-5070 | ssh/plink-windows | [friction] plink -pw with a special-char password through Git-bash -> native plink.exe got MANGLED (CommandLineToArgvW) -> 'Access denied', led to a wrong 'stale cred' conclusion + wasted DMs. The pw was correct. Use system OpenSSH KEY auth (or pass pw via stdin/file), never plink -pw, for special-char passwords on Windows [ctx: ref=feedback_windows_quote_stripping;host=192.168.0.9] 2026-06-17 | GURU-5070 | vault/d2testnas-cred | [correction] CORRECTION: the d2testnas password is NOT stale - it worked for Mike. My plink '-pw' failure was special-char mangling through Git-bash -> native plink.exe (Windows CommandLineToArgvW). Use KEY auth (system OpenSSH) for password-special-char hosts [ctx: ref=feedback_windows_quote_stripping;host=192.168.0.9] 2026-06-17 | GURU-5070 | vault/d2testnas-cred | vaulted clients/dataforth/d2testnas credentials.password REJECTED by 192.168.0.9 (Access denied) - stale/wrong; needs update. Key auth is the reliable path [ctx: host=192.168.0.9] 2026-06-17 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err=Attempt 1 failed: You have exhausted your capacity on this model. Your quota wil] 2026-06-17 | GURU-5070 | agy | gemini auth/login failure [ctx: mode=search] 2026-06-17 | Howard-Home | wiki-compile | [friction] Phase 6 release cmd documented as 'coord.py lock release claudetools ' but coord.py 'lock release' takes the LOCK ID, not the resource path -> inline release no-ops and strands the lock until TTL. Fix: capture lock id from claim and release by id. [ctx: skill=wiki-compile phase=6] 2026-06-17 | GURU-5070 | grok | grok xsearch incomplete (rc=124); auto-fell back to gemini [ctx: mode=xsearch] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | GURU-5070 | research-method | [correction] treated blind endpoint-probing as 'authoritative' over web search; Mike: web searches (grok/gemini) have been MORE valuable - they gave the real leads (connector proxy, teleport setting path), probing only confirmed and mostly 404s. Lead with web search; probe only to CONFIRM a search/doc-derived hypothesis [ctx: ref=feedback_interview_ai_read_docs] 2026-06-17 | GURU-5070 | bash/background-ai | [friction] mixing a backgrounded ask-grok/ask-gemini ('&' + wait) with foreground curl probes in ONE Bash command repeatedly yields an EMPTY output capture; run AI calls as separate run_in_background Bash tool calls, never '&'+wait inline with work to capture [ctx: ref=grok/gemini wrappers] 2026-06-17 | GURU-5070 | agy | gemini returned no response (empty after retry) [ctx: mode=search err=Ripgrep is not available. Falling back to GrepTool.] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | Howard-Home | unifi-wifi/apply-radio | [friction] per-AP --apply loop: each call re-logs-in to the controller; rapid succession throttles -> write silently skips (no [ok]). Fix: space calls (sleep 3-4) or add multi-AP/one-login support 2026-06-17 | Howard-Home | wiki-compile | [friction] full recompile Sonnet subagent ran ~54min then crashed on 32k output cap (tried to emit the ~490-line article despite being told to write-to-file and return only a summary); recovered via direct surgical Edits to the existing article. Fix: for --full on large existing articles, prefer targeted Edit integration over a subagent rewrite, or hard-cap/forbid article body in the subagent reply. [ctx: skill=wiki-compile target=client:cascades-tucson] 2026-06-17 | GURU-5070 | grok/ask-grok.sh | [correction] blindly probed grok with slow timed runs to find the xsearch syntax instead of reading its bundled docs (~/.grok/docs/user-guide/ + README.md) / interviewing the model first; the docs gave the root cause directly (web_search=grok-4.20-multi-agent multi-agent model, killed by --no-subagents) [ctx: ref=feedback_interview_ai_read_docs] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | GURU-5070 | grok/xsearch | xsearch returned empty (stopReason finalization quirk) on Grok-co-work research; fell back to text-mode design + Claude synthesis [ctx: topic=grok-as-claude-cowork] 2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-17 | GURU-5070 | syncro/customer-comment | [friction] posted a customer-facing emailed comment to #32333 WITHOUT previewing for human review first; preview-before-send is mandatory for ALL outgoing comms [ctx: ref=CLAUDE.md syncro 'Before any POST: Always show the full payload and wait for confirmation'] 2026-06-17 | GURU-5070 | syncro/customer-comment | [correction] conflated Arizona Medical Transit (AMT-PC, Windows: Dell bloatware + misbehaving Syncro agent) cleanup into the Scileppi Mac (#32333) customer comment; Scileppi was a full-disk/Trash + Mail + Downloads-redesign job, no Dell/agent work [ctx: ticket=32333 mac=scileppi] 2026-06-16 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-16 | GURU-5070 | rmm/shell-quoting | [friction] shutdown /r /t 60 /c "comment" FAILED via command_type=shell: embedded double-quotes in the command got mangled through the agent cmd layer, shutdown rejected the args and dumped usage. Fix: avoid embedded double-quotes in RMM shell commands (drop /c, or build the quoted arg another way) [ctx: ref=bash/curl.exe-on-windows quote-stripping; agent=AMT-PC; cmd=shutdown] 2026-06-16 | GURU-5070 | syncro/billing | [friction] billed AMT as non-prepaid off the customer-SEARCH endpoint prepay=null; real prepay (detail endpoint) was 7.0 -> invoice correctly netted $0 via block, but I set the wrong (upsell) invoice note. Always read prepay from /customers/{id} detail, not the list/search [ctx: ref=syncro_invoice_verification_pattern;cust=7088349] 2026-06-16 | GURU-5070 | rmm/onboarding-diagnostic | onboarding-diagnostic.ps1 fails on Win7/PowerShell 2.0: uses [ordered] hashtables (PS3+) -> 'Unable to find type [ordered]', empty DIAG-JSON, no grade. Probe not PS2/legacy-compatible -> can't diagnose Win7/2008R2 legacy agents (first hit: AMT-PC) 2026-06-16 | GURU-5070 | rmm-diagnose | could not extract valid diagnostic JSON from probe output [ctx: host=AMT-PC status=completed exit=0] 2026-06-16 | GURU-5070 | mailprotector/starrpass | [correction] assumed starrpass.com was on Mailprotector; correct: starrpass.com is direct-to-MS (EOP/Defender) - Starr Pass MP account 16170 covers ONLY devconllc.com. Check @starrpass.com mail via remediation-tool/EOP 2026-06-16 | GURU-5070 | mailprotector | HTTP 404 POST https://emailservice.io/api/v1/users/find_by_address: "Not found" [ctx: cmd=find-user] 2026-06-16 | Howard-Home | bash/curl.exe-on-windows | [friction] PowerShell-invoked curl.exe strips embedded double-quotes from --data-urlencode args (CommandLineToArgvW), silently mangling POST bodies; pfSense PHP became 'echo PHPRUNS-OK' -> 'Undefined constant'. Fix: write payloads with single-quotes only, build $ via [char]36, keep one line. [ctx: ref=pfsense diag_command.php php-exec; cost=4 wasted RMM round-trips] 2026-06-16 | GURU-5070 | remediation-tool/get-token | [friction] get-token.sh reads vault_path from ~/.claude/identity.json (home), which lacks the field on this machine; repo identity.json (.claude/identity.json) has it. Fix: export VAULT_ROOT_ENV=$(jq -r .vault_path .claude/identity.json) before calling get-token [ctx: ref=remediation-tool;machine=GURU-5070] 2026-06-15 | GURU-5070 | rmm/quickbooks-folderbrowser | [correction] assumed F:FolderRedirection was a dead/missing drive (Test-Path F: = False under SYSTEM); correct: F: is a per-user NETWORK-mapped redirected folder, invisible to the SYSTEM context RMM runs in - must diagnose mapped-drive/redirect issues in user_session 2026-06-15 | GURU-5070 | rmm | ProfWiz Pro silent-install command returned 'Execution error: Failed to execute command' (status failed, no stdout) on SP-SharonW11 [ctx: agent=86de13d7 host=SP-SharonW11 task=upw-install] 2026-06-15 | GURU-5070 | remediation-tool (Starr Pass licensing) | [correction] reported Brian Shinn's account as DELETED (tied it to the recycle-bin bshinn@ from 6/10 onboarding); actually Mike UNLICENSED Brian in M365 - account not deleted. Don't conflate a soft-deleted recycle-bin entry with the user's recent action; check the ACTIVE account's assignedLicenses for an unlicense 2026-06-15 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=] 2026-06-15 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=Cancelled] 2026-06-15 | GURU-5070 | graduation-pipeline (BEAST Ollama) | [friction] BEAST Ollama ran inference on CPU (api/ps showed qwen3:32b AND qwen3:14b with vram=0); 32b timed out at 240s, 14b at 175s. GPU not engaged - the 'use BEAST GPU' premise needs a BEAST-side Ollama GPU config/driver fix before large-model triage is practical 2026-06-15 | GURU-5070 | graduation-pipeline (BEAST env) | [friction] assumed BEAST uses WSL because 'bash' there resolved to the WindowsApps WSL stub (uname said WSL2). BEAST runs the harness under Git-for-Windows MSYS bash like other Windows boxes; reach its Ollama via localhost (Git-bash) or the Tailscale IP. REPEAT of the documented WSL-stub-vs-Git-bash gotcha [ctx: ref=feedback_windows_bash_mapping] 2026-06-15 | GURU-5070 | tmp-promotion-check (/save,/scc) | [friction] hung for minutes: line 51 ran 'grep -rqlF projects/' per scratch file, recursing Rust target/, node_modules/, .git in the guru-rmm/guru-connect submodules. Fixed: --include='*.md' + --exclude-dir for heavy trees. Stalled the /save sync behind it 2026-06-15 | GURU-5070 | memory-dream (--apply-safe) | flagged feedback_broken_backlinks_are_writeme_markers.md as an orphan and appended a DUPLICATE index line though it already had one — orphan detector likely keys on the frontmatter name: slug, not the (file.md) link target. Fix the index-line matching to compare by filename [ctx: mode=apply-safe] 2026-06-15 | GURU-5070 | powershell/var-case | [friction] PowerShell vars are case-INSENSITIVE: $gUid silently overwrote $guid (GPO id), Set-ADObject hit a bad DN and left GPT.ini/AD versionNumber inconsistent until fixed. Never rely on case to distinguish PS variables 2026-06-15 | GURU-5070 | python/argv-limit | [friction] passed full /api/agents JSON (248 agents) as a python CLI arg -> 'Argument list too long' on Windows. Pipe large payloads via stdin, not argv 2026-06-15 | GURU-5070 | bash/env-persist | [friction] re-derived RMM token every call after $TOKEN/$RMM vanished between Bash tool calls - shell env does NOT persist across calls; must re-eval auth (or chain) in the same command 2026-06-15 | GURU-5070 | bash/tmp-path | [friction] wrote curl -o /tmp/x.json then jq read it back and failed (No such file) - Git-Bash vs Write/tool /tmp resolve differently. Pipe directly or use repo-relative paths. REPEAT of documented gotcha [ctx: ref=feedback_tmp_path_windows] 2026-06-15 | GURU-5070 | DMARC / DNS | [correction] assumed ACG's own INKY rua convention (reports-sg.inkydmarc.com) applied to a client domain; only use the INKY rua if THAT client is onboarded to INKY - otherwise plain p=none or a real mailbox 2026-06-15 | GURU-5070 | remediation-tool (sendMail) | [correction] assumed none of the consented apps could send mail and started granting Graph Mail.Send; the Exchange Operator app ALREADY had Graph Mail.Send - I was decoding the EXO-audience token, not a Graph-audience token. Mint a Graph token for the app before concluding a permission is missing 2026-06-15 | GURU-5070 | rmm-search | [correction] assumed the CLI search must replicate the UI Omnibox scoreMatch exactly; user wants a FLEXIBLE forgiving multi-field search optimized for first-try correctness, not UI parity 2026-06-15 | GURU-BEAST-ROG | /syncro (comment edit) | Syncro API does not expose a comment-edit or comment-delete endpoint — once posted, comments can only be modified via the GUI. Bot posted an internal resolution note with an unwanted "Performed by: ClaudeTools Discord Bot" line and could not remove it programmatically. Remediation needed: either suppress bot-attribution lines from internal notes by default, or add a GUI-edit step to the workflow when the note needs correction. 2026-06-14 | GURU-5070 | mailbox skill (Graph token) | FABB app `fabb3421` (Claude-MSP-Access / "Cloud MSP Access") token request returned AADSTS700016 — app/SP no longer present in azcomputerguru.com tenant (deleted; gotchas.md already marked it deprecated). Blocks /mailbox + the M365 contacts task. Verified the remediation suite (live, ACG tenant) carries NO Mail.Send/Mail.ReadWrite/Contacts scopes (investigator has Mail.Read only) — so a straight repoint can't restore mailbox-send/contacts. Pending Mike decision: stand up a single-tenant ACG-internal mailbox app vs. add scopes to a suite tier. [2026-06-15] Docs hardened — gotchas.md now marks fabb3421 DELETED with the Mail/Contacts-scope blast radius + flags the 3 legacy "old app only" tenants (Valleywide/Dataforth/Cascades) as now having NO working remediation app (migration URGENT); mailbox.md carries a BLOCKED/AADSTS700016 banner. DECISION 2026-06-15 (Mike): Mail.Send goes into the suite (Exchange Operator tier) since its real use is IR victim-notification during mailbox takeovers; add Mail.Send to the exchange-op manifest + consent, repoint mailbox.md to exchange-op. Implementation not yet executed (production app change, needs go). 2026-06-14 | GURU-KALI | coord skill (coord.py) | Documented invocation `py .claude/skills/coord/scripts/coord.py ...` failed exit 127 — `py` (the Windows py-launcher) does not exist on Linux. Worked around with `python3`. [RESOLVED 2026-06-14] Added `.claude/scripts/py.sh` (resolves the working interpreter: identity.json `python.command` -> py -> python3 -> python, skipping the MS Store shim) and repointed all skill/command DOC invocations from bare `py` to `bash "$CLAUDETOOLS_ROOT/.claude/scripts/py.sh"`. The `.sh` skill scripts already resolved internally — left untouched. Broadcast to fleet. 2026-06-14 | GURU-BEAST-ROG | coord skill (coord.py msg send) | `py "$CLAUDETOOLS_ROOT/.claude/skills/coord/scripts/coord.py"` failed — `$CLAUDETOOLS_ROOT` is not exported in fresh Git-bash shells here, so the path resolved under `C:\Program Files\Git\`. [RESOLVED 2026-06-14] Added `.claude/scripts/ensure-settings-env.py` (seeds `env.CLAUDETOOLS_ROOT` in per-machine `settings.local.json` from `identity.json`); Claude Code injects it into every Bash call. Wired into ONBOARDING.md + broadcast to fleet. Effective next session start. 2026-06-14 | GURU-BEAST-ROG | /sync (sync.sh Phase 3, submodule update) | submodule `projects/msp-tools/guru-rmm` checkout of f38da05 aborted: untracked `docs/RMM_THOUGHTS.md` would be overwritten. Parent repo synced fine; submodule pointer left lagging. Recurring transient. [RESOLVED 2026-06-15] sync.sh now has `resolve_submodule_collisions()` — on the abort it moves only the untracked files the incoming commit tracks aside to `.synced-aside-` (content preserved, NOT --force) then retries once. Verified live: guru-rmm advanced ed92097->f38da05; the aside copy held 94 lines of un-committed 2026-06-08 thoughts (rescued, not lost — needs manual merge into canonical RMM_THOUGHTS.md). 2026-06-16 | HOWARD-HOME | unifi-wifi/device-control.sh provision | cmd/devmgr force-provision returned HTTP 400 (mac 0c:ea:14:3f:40:6d / AP 445); verb needs fix — likely wrong cmd name or requires device _id not mac. block/kick/locate via stamgr work; adopt/restart/upgrade unverified.