azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7342be1eaf9cee1d99b902933afff1eb3124c07c
claudetools/.claude/bootstrap/RESTORE.md
Mike Swanson 7342be1eaf feat(bootstrap): restore rescued GuruRMM/GuruConnect WIP on rebuild 
Add restore-at-risk-work.ps1 and wire it into bootstrap Phase 6. Recreates
local-only WIP rescued to the recovery bundle's at-risk-work/: re-applies the
three guru-rmm stash patches back AS stashes (LIFO order preserved) and drops
the guru-connect tmp-spec018.diff back as its untracked working file. Patches
that won't apply cleanly are reported for manual git apply --3way. Updates
RESTORE.md and the session log with the rescue details.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 12:11:08 -07:00

130 lines
6.5 KiB
Markdown
Raw Blame History

# ClaudeTools Windows Bootstrap & Recovery Runbook
Rebuild this workstation (GURU-5070, Lenovo Legion Pro 7 16IAX10H) after a clean
Windows reset. Everything here is driven by two scripts in this folder:
- `windows-bootstrap.ps1` — installs tools, restores secrets, clones repos, wires tasks
- `restore-secrets.ps1` — copies secrets/identity from the recovery bundle back into place
The recovery bundle lives on the removable drives:
| Drive | Label | Holds |
|-------|---------|-------|
| **E:** | (FAT32) | `claudetools-recovery\` — secrets + identity + manifests (redundant copy) |
| **F:** | Ventoy | `claudetools-recovery\` — same bundle **plus** `data\` (large client data) |
> F: is also a bootable rescue stick (SystemRescue, Boot Repair) — keep it; it can
> help fix the machine. The bundle lives in `F:\claudetools-recovery\`, Ventoy is untouched.
---
## What's in the bundle (and why it can't just be re-cloned)
`claudetools-recovery\`
- `secrets\`
- `sops-age\keys.txt`**THE most critical file.** The SOPS age private key. Without
it the entire vault (`D:\vault`) is permanently undecryptable. Not stored in any repo.
- `ssh\``id_ed25519` (+pub), `pst-cc-ucg` (+pub), `config`, `known_hosts`
- `claude\``.claude.json`, `.credentials.json` (Claude Code login), settings, keybindings, statusline
- `grok\``auth.json`, `config.toml`, `agent_id`
- `gemini\``oauth_creds.json`, `google_accounts.json`, settings, installation_id
- `git\.gitconfig`, `powershell\Microsoft.PowerShell_profile.ps1`
- `identity\` — repo-local gitignored files: `identity.json`, `settings.local.json`,
`current-mode`, `coord-broadcasts-seen`, `mcp.json`, `.claude/state\`, ticktick tokens, dataforth oauth
- `config\` — Windows Terminal settings, fleet `hosts` file, quote-wizard `.env.production`
- `manifests\``installed-tools.txt`, `ollama-models.txt`, `git-global-config.txt`,
`repos.txt`, `user-environment.reg` / `.txt` (incl. `OLLAMA_MODELS`/`OLLAMA_HOST`/`PROTOC`), `scheduled-tasks\*.xml`
- `at-risk-work\` — local-only WIP rescued from the submodules (not on any remote):
guru-rmm stashes as `.patch` files + guru-connect `tmp-spec018.diff`. The bootstrap
re-applies these automatically in Phase 6 (`restore-at-risk-work.ps1`) — the guru-rmm
ones are put back **as stashes** (`git stash list`), the guru-connect diff is dropped
back as its untracked working file. See `RESTORE-at-risk-work.txt` for manual steps.
- `data\` (F: only) — large non-Gitea client/project data, repo-relative paths
Everything else (all tracked code, skills, commands, docs, session logs, wiki) comes
back from Gitea on clone — no need to back it up.
---
## Fast path (one shot)
From an **elevated PowerShell**, with E: or F: plugged in:
```powershell
# copy the script off the drive first (so it survives a re-clone)
Copy-Item F:\claudetools-recovery\bootstrap\windows-bootstrap.ps1 $env:TEMP\boot.ps1
& $env:TEMP\.. # or just run directly:
F:\claudetools-recovery\bootstrap\windows-bootstrap.ps1 -SkipModels
```
`-SkipModels` defers the ~50 GB Ollama downloads. Drop it (or run Phase 8 later) when
you want them. Add `-RestoreData` to also pull back the large client data from `F:\...\data`.
The script is **idempotent** — safe to re-run; it skips anything already done. To run
just part of it: `-OnlyPhases "1,2,3"`.
---
## Manual path (if you'd rather do it by hand)
1. **Install App Installer** (winget) from the Microsoft Store if missing.
2. **Core tools** (winget ids):
`Git.Git`, `OpenJS.NodeJS.LTS`, `Python.Python.3.14`, `Rustlang.Rustup`,
`Microsoft.VisualStudioCode`, `Ollama.Ollama`, `jqlang.jq`,
`SecretsOPerationS.SOPS`, `FiloSottile.age`, `GitHub.cli`, `AgileBits.1Password.CLI`,
`Microsoft.DotNet.SDK.8`, `Google.Protobuf`, `oschwartz10612.Poppler`, `Tailscale.Tailscale`
Then `dotnet tool install --global wix` (MSI builds).
Set env: `OLLAMA_MODELS=D:\OllamaModels`, `OLLAMA_HOST=0.0.0.0:11434`, `PROTOC=<protoc.exe>`.
3. **AI CLIs:**
- Claude: `irm https://claude.ai/install.ps1 | iex``~/.local/bin/claude.exe`
- Gemini: `npm install -g @google/gemini-cli`
- Grok: `bash -c "curl -fsSL https://x.ai/cli/install.sh | bash"` (Git Bash)
4. **Restore home secrets:** `F:\claudetools-recovery\bootstrap\restore-secrets.ps1 -Group home`
5. **Clone repos:**
```
git clone https://git.azcomputerguru.com/azcomputerguru/claudetools.git D:\claudetools
cd D:\claudetools; git submodule update --init --recursive
git clone https://git.azcomputerguru.com/azcomputerguru/vault.git D:\vault
```
(On-network you can use `http://172.16.3.20:3000/...` to bypass the SSL-renewal blips.)
6. **Restore identity:** `restore-secrets.ps1 -Group repo`
7. **Ollama models (proper set for this 12 GB-VRAM laptop):**
`ollama pull nomic-embed-text:latest` (GrepAI embeddings) and `ollama pull qwen3:8b` (prose_model).
Models live on `D:\OllamaModels` (47.8 GB) — **if D: survived the reset they're already there, skip this.**
Heavy extras (`qwen3:14b`, `codestral:22b`, `qwen3.6:latest`) are opt-in only; they over-saturate 12 GB VRAM.
8. **Scheduled tasks:** import each XML in `manifests\scheduled-tasks\` via
`Register-ScheduledTask -Xml (Get-Content x.xml -Raw) -TaskName "..."`.
9. **Verify:** `D:\claudetools\.claude\scripts\onboarding-diagnostic.ps1`, then `/self-check` in Claude Code.
---
## Post-install: things that need an interactive login
Auth tokens are backed up, but some expire. If a tool says it's unauthenticated:
- **Claude Code:** run `claude`, then `/login` (browser).
- **GitHub CLI:** `gh auth login`
- **1Password:** `op signin`
- **Gemini:** launch `gemini`, complete the Google OAuth browser flow.
- **Grok:** `grok login` (tokens expire after 7 days).
- **Gitea git push:** uses the Windows Credential Manager (`credential.helper=manager`).
First push prompts for the shared `azcomputerguru` account. **Do NOT** bake the password
into the remote URL (the old `D:\work\gururmm` clone did — reset it to a clean URL).
## Verify the vault decrypts (proves the age key restored correctly)
```
bash D:/claudetools/.claude/scripts/vault.sh list
bash D:/claudetools/.claude/scripts/vault.sh get-field projects/claudetools/database.sops.yaml credentials.password
```
If that returns the password, recovery succeeded. If it errors about decryption, the
age key at `%APPDATA%\sops\age\keys.txt` and `~/.config/sops/age/keys.txt` is missing/wrong.
---
## Refreshing this bundle later
Re-run the backup any time (it's just file copies):
`D:\claudetools\.claude\bootstrap\backup-to-bundle.ps1` (writes to E: and F:).
Reference in New Issue View Git Blame Copy Permalink