azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/session-logs/2026-05-26-guru-kali-attribution-hardening.md
Mike Swanson 7b79fab5be sync: auto-sync from GURU-KALI at 2026-05-26 20:00:50 
Author: Mike Swanson
Machine: GURU-KALI
Timestamp: 2026-05-26 20:00:50
2026-05-26 20:00:51 -07:00

147 lines
14 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Session Log — Work Attribution Hardening
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-KALI
- **Role:** admin
- **Session span:** 2026-05-26, afternoonevening MST (ending ~18:47 MST)
## Session Summary
Routine `/sync` rounds (clean fast-forwards; one larger 21-commit pull bringing GuruScan, the coord-todos system, `/wiki-compile`, and Lone Star/QuantumWMS wiki seeds) led into an `identity.json` update mandated by a coord message from the Mac: added `"claudetools_root": "/home/guru/claudetools"` (detected via `git rev-parse --show-toplevel`) and replied to the originating session to confirm.
Mike then raised the core problem: recurring misattribution of work to the wrong user/hostname, often via stale machine names. Initial instinct was to treat this as a git-authorship/"attribution rules" gap and build enforcement (mailmap/history rewrite). Mike course-corrected twice — it is not a git/gitea problem, it is (1) stale/owner-less `MEMORY.md` items corrupting reasoning-time inference, and (2) a shortcoming in the `/save`+`/sync` commands. Forensics confirmed his read precisely: across 892 commits, **zero** had an author disagreeing with the named machine's owner; across 180 session logs, **zero** User-block mismatches. Git history and logs were already clean. The only misattribution vector was inference fed by stale memory (an "ACG-5070 workstation" note with no owner; Howard's note saying "desktop hostname TBD") plus attribution being a soft model instruction rather than a deterministic step.
Implemented a three-part fix and ran it through the Code Review Agent (which found one HIGH and one MEDIUM bug — both fixed and re-verified). Result: attribution is now read deterministically from `identity.json`/`users.json`/git authorship, never inferred; every machine in memory is bound to an owner; and the 5070 box's rename lineage is recorded as Mike's.
## Key Decisions
- **No git history rewrite.** Confirmed git authorship is clean (0 mismatches/892 commits), and the repo is shared + rebase-synced across ~6 machines, so a filter-repo rewrite would be destructive and unjustified. Mailmap was also dropped — there is no display-attribution problem to paper over.
- **Attribution is read, never inferred** — codified as the governing rule. Sources of truth: `identity.json` (who's at the keyboard), `users.json` (machine registry), git authorship. Never hostname patterns, the `userEmail` hint, or memory.
- **Deterministic User block** via a dedicated script (`whoami-block.sh`) that `/save` runs and pastes verbatim — removes the model's freedom to fill the block from inference.
- **git config reconciled to identity.json on every sync** (local config, both repos), so commit authorship cannot drift going forward.
- **Confirmed with Mike:** `OC-5070` / `acg-guru-5070` / `ACG-5070` / `GURU-5070` are one physical machine, renamed over time, all Mike's. Recorded as such.
- **Namespaced this log by machine** (`-guru-kali-attribution-hardening`) instead of appending to the shared `2026-05-26-session.md`, to keep attribution unambiguous — consistent with the work itself.
## Problems Encountered
- **Self-inflicted inference, live:** initial analysis asserted "OC-5070 = old GURU-5070" and "azcomputerguru = ambiguous" as fact — the exact failure mode under repair. Corrected to verifying against `users.json`/asking Mike rather than inferring.
- **Code review found a HIGH bug:** on a present-but-malformed `identity.json`, `USER_DISPLAY` fell back to the `"unknown"` sentinel and would have been written as the git author (clobbering correct config in both repos). Fixed by guarding both reconcile call sites to skip when `USER_DISPLAY == "unknown"` and warn instead. Verified: existing config preserved.
- **MEDIUM bug:** `whoami-block.sh` dumped a Python traceback and emitted an empty block on malformed `identity.json`. Fixed with a try/except fallback block + `exit 0`. Verified clean.
- **Could not re-review via SendMessage** (tool unavailable in this environment); fixes were the review agent's own prescribed changes and were each verified empirically instead of re-spawning a full review agent.
## Configuration Changes
**Modified:**
- `.claude/scripts/sync.sh` — added `reconcile_git_identity()`; called (guarded against the `unknown` sentinel) in the claudetools repo and the vault repo; added a stale identity.json-machine vs hostname warning.
- `.claude/commands/save.md` — User block now generated by `whoami-block.sh` (not hand-written/inferred); corrected the stale description of sync.sh staging (`git add -A` after garbled-path purge, not "by name").
- `.claude/memory/user_howard.md` — machines now ACG-TECH03L + Howard-Home, deferring to `users.json`; removed the "desktop hostname TBD" hole.
- `.claude/memory/reference_workstation_setup.md` — retitled to GURU-5070 (Mike's primary); recorded the OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070 rename chain and explicit owner.
- `.claude/memory/MEMORY.md` — updated the two stale 5070 index lines and Howard's line; surfaced the new attribution rule at the top of Feedback.
- `.claude/identity.json` — added `claudetools_root: /home/guru/claudetools` (gitignored, per-machine; not synced).
**Created:**
- `.claude/scripts/whoami-block.sh` — deterministic `## User` block generator from identity.json (+users.json role); handles missing/malformed identity and missing Python.
- `.claude/memory/feedback_attribution_from_identity.md` — the keystone "attribution is read, never inferred" rule with the why and how-to-apply.
## Credentials & Secrets
None created or discovered. No secret values touched. The git config reconcile uses only the name/email already in `identity.json`.
## Infrastructure & Servers
- Coord API `http://172.16.3.30:8001/api/coord` — sent confirmation message `dfeb6f2a-2d90-4bfe-bf95-a14eec449b3d` (GURU-KALI → Mikes-MacBook-Air) re: claudetools_root.
- This machine: GURU-KALI (Linux/Kali), git config `Mike Swanson <mike@azcomputerguru.com>` (matches identity.json — reconcile is a no-op here).
- Machine→owner registry remains authoritative in `.claude/users.json`: mike = GURU-5070, Mikes-MacBook-Air, GURU-BEAST-ROG, GURU-KALI (DESKTOP-0O8A1RL retired); howard = ACG-TECH03L, Howard-Home.
## Commands & Outputs
- Forensic cross-check (read-only): `git log --all --format=... | python3` mapping machine-in-subject → owner vs author → **0** author≠owner across 302 machine-named commits; 7 distinct author identities, all reconcilable to Mike or Howard.
- Session-log scan: 180 logs, 128 with User/Machine blocks, **0** user≠machine-owner mismatches; 52 pre-protocol (unattributed, not misattributed).
- `whoami-block.sh` verified: happy path (Mike/GURU-KALI/admin), malformed identity (UNREADABLE fallback, exit 0), missing identity (UNKNOWN fallback, exit 0).
- `reconcile_git_identity` verified in scratch repo: corrects on drift, silent no-op when matching, no clobber on empty args, `unknown`-sentinel guard preserves existing config.
## Pending / Incomplete Tasks
- **Broader memory-staleness sweep** — offered, not yet done. The attribution-scoped items are fixed; a general pass over the other ~50 memory files (e.g. `feedback_bypass_permissions_setting.md`, machine-setup notes) is a separate task awaiting go-ahead.
- **Code Review re-approval** — the review verdict was "Requires Revision"; all checklist items were fixed + verified but not formally re-approved by the agent (SendMessage unavailable). Re-run a review if a formal sign-off is wanted.
- **GuruRMM BUG-005 (mac build)** — still open, awaiting Mike's product decision (ship mac agents vs defer + make the audit pipeline treat a stubbed platform as N/A).
## Reference Information
- Code Review Agent id (this session): `a2b8c4d44c3c72b5d`.
- Coord confirmation message id: `dfeb6f2a-2d90-4bfe-bf95-a14eec449b3d`.
- New rule memory: `.claude/memory/feedback_attribution_from_identity.md`.
- Related memory: `feedback_identity_precedence.md` (identity.json beats the userEmail hint).
- Scripts: `.claude/scripts/whoami-block.sh`, `.claude/scripts/sync.sh` (`reconcile_git_identity`).
## Update: ~19:30 MST — broader memory-staleness sweep
Audited all 60 files in `.claude/memory/` (delegated the read+cross-reference to an agent against users.json, CLAUDE.md, infra_office_network, and live coord). 44 CURRENT, 16 flagged. Triaged into safe-fix / stale-but-uncertain / needs-real-world-check and applied fixes (delegated, then verified link integrity).
**Fixed (content corrections):**
- `radio_show_no_cohost_named_tom.md` — reattributed "the 5070 Ti session" to "Mike's session on GURU-5070 (then acg-guru-5070)"; linked the attribution rule.
- `feedback_1password_service_token.md`, `feedback_complete_vault_operations_end_to_end.md` — de-hardcoded `/c/Users/guru/vault` and `D:/vault` to the identity.json `vault_path` / `vault.sh` wrapper pattern (CLAUDE.md forbids hardcoded vault paths).
- `project_dataforth_incident_2026-03-27.md` — added `[RESOLVED]` banner (CA enforced 2026-04-04).
**Reframed + caveated (machine certain, underlying fact unverifiable):**
- `reference_ix_server_ssh.md`, `feedback_d2testnas_ssh.md` — CachyOS/acg-guru-5070 → GURU-5070 (now Windows 11); kept credential facts, added `[VERIFY]` caveats since the OS reinstall may have changed SSH key state.
- `reference_pluto_build_server.md` — flagged the `guru@DESKTOP-0O8A1RL` authorized-key (retired machine) for rotation/verify.
- `feedback_ollama_tier0_routing.md` — fixed `HOWARD-HOME``Howard-Home`; added `[DISCREPANCY]` caveat (note's `100.92.127.64` vs CLAUDE.md's canonical GURU-BEAST-ROG `100.101.122.4`).
- `project_mac_gururmm_setup_pending.md`, `project-cascades-migration-plan.md`, `project_neptune_sbr_email_routing.md` — added `[STALE]`/`[VERIFY]` caveats on aged open-items / machine-bound plan paths.
**Deduped:** deleted `reference_neptune_access_d2testnas.md` (covered by infra_office_network) and `project_email_routing_neptune.md` (folded its unique note into `project_neptune_sbr_email_routing.md`); updated MEMORY.md index. No dangling links to deleted files.
**Needs Mike's real-world check (left caveated in-place, not guessed):**
- Ollama Tailscale fallback — is it Howard-Home @ 100.92.127.64 or GURU-BEAST-ROG @ 100.101.122.4 (CLAUDE.md)?
- Has `install-hooks.sh` run on the Mac? (if yes, delete `project_mac_gururmm_setup_pending.md`)
- Neptune 2026-03-22 overnight TODOs and Pluto key rotation — still open?
## Update: 20:00 MST — Ollama per-machine fallback + Pluto/Neptune key evaluation
Resolved the three items Mike flagged from the memory sweep.
**Session Summary**
Mike directed three follow-ups: (1) Ollama fallback is a per-machine user choice — store it in identity.json; (2) ask the Mac about the pending hooks setup; (3) evaluate the Pluto/Neptune SSH key-rotation question, noting both run the GuruRMM agent.
For Ollama, added `ollama_fallback` to GURU-KALI's identity.json (GURU-BEAST-ROG @ 100.101.122.4, Mike's choice) and rewrote the fallback resolution in three places — `feedback_ollama_tier0_routing.md`, `.claude/OLLAMA.md`, and the CLAUDE.md Ollama table — to read the per-machine endpoint from identity.json instead of hardcoding an IP. This removed the [DISCREPANCY] caveat (the memory's 100.92.127.64/Howard-Home value was the lone outlier; CLAUDE.md/OLLAMA.md already used Beast).
For the Pluto/Neptune keys, used the GuruRMM API from GURU-KALI (reachable) to dispatch a read-only PowerShell command to both agents enumerating authorized_keys comments. Findings resolved the question factually: Pluto's old `guru@DESKTOP-0O8A1RL` key is already rotated out (current keys are the build server's: `gururmm-build@gururmm-server`, `guru@gururmm-build`); Neptune has no SSH authorized_keys at all. Updated reference_pluto_build_server.md to the verified state. Sent a coord message to the Mac re: install-hooks.sh (no reply yet).
**Key Decisions**
- Ollama fallback made a per-machine identity.json field (not a fleet-wide constant) per Mike's "user can choose" directive; resolver degrades to local-only when unset, so other machines are safe until they set their own.
- Evaluated the key question via RMM read-only dispatch rather than guessing or SSH-ing — both targets run the agent, and reading authorized_keys is non-destructive.
- Did NOT add GURU-5070's pubkey to Pluto or rotate anything — Mike said "evaluate," and key writes need explicit confirmation. Surfaced it as a decision instead.
**Configuration Changes**
- `.claude/identity.json` (gitignored, not synced) — added `ollama_fallback: {host: GURU-BEAST-ROG, endpoint: http://100.101.122.4:11434}`.
- `.claude/memory/feedback_ollama_tier0_routing.md` — resolver now reads identity.json `ollama_fallback`; removed [DISCREPANCY] caveat.
- `.claude/OLLAMA.md` — Endpoints resolver + rationale rewritten to per-machine identity.json; fixed retired DESKTOP-0O8A1RL / HOWARD-HOME references.
- `.claude/CLAUDE.md` — Ollama table + fallback note now point at identity.json `ollama_fallback`.
- `.claude/memory/reference_pluto_build_server.md` — authorized-key line replaced with RMM-verified current keys; noted GURU-5070 key not yet authorized.
**Infrastructure & Servers**
- GuruRMM API: `http://172.16.3.30:3001`, auth via SOPS `infrastructure/gururmm-server.sops.yaml` (claude-api@azcomputerguru.com). Reachable from GURU-KALI.
- Agent IDs: PLUTO `5316f56f-a1b3-4ac5-97ac-71ddf6a74d2e` (172.16.3.36), NEPTUNE `7d4f823c-f23d-40b8-ae72-b83cd2ccb09d`. 60 agents enrolled total.
- Pluto authorized keys (verified 2026-05-26): `gururmm-build@gururmm-server`, `guru@gururmm-build` in both `C:\ProgramData\ssh\administrators_authorized_keys` and `Administrator\.ssh\authorized_keys`. Neptune: none.
**Commands & Outputs**
- RMM execute pattern: `POST /api/agents/:id/command` (command_type=powershell), poll `GET /api/commands/:id`. zsh gotcha: `status` is a read-only var — ran the dispatcher under `bash` and used `st` instead.
- Coord message to Mac: id `625d80a7-6689-4aef-87a6-b6aa46e26dd9`.
**Pending / Incomplete Tasks**
- Mac `install-hooks.sh` status — awaiting Mac coord reply; delete `project_mac_gururmm_setup_pending.md` once confirmed.
- Decision: add GURU-5070's pubkey to Pluto so the documented workstation-SSH workflow works? (write op, needs confirmation.)
- Decision: coord-broadcast a "set your `ollama_fallback`" note to other machines, or leave each to choose?
**Reference Information**
- Commits this session: attribution hardening `4e97e20`, memory sweep `d3f3d28`, Ollama/Pluto `8bdb919`.
- New script: `.claude/scripts/whoami-block.sh`. New rule memory: `feedback_attribution_from_identity.md`. GURU-5070-added memory: `feedback_rmm_dev_is_mike.md`.
Reference in New Issue View Git Blame Copy Permalink