azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98ea867d2c01a7ce828bb91a2096af375583138d
claudetools/session-logs/2026-03-20-session.md
Mike Swanson 98ea867d2c Session log: Ollama + GrepAI setup, coordinator review policy 
Installed Ollama with GPU support (qwen3:14b, codestral:22b, nomic-embed-text),
configured GrepAI semantic code search with optimized 256-token chunks and
context file boosting, added MCP server integration and deep-explore agent.
Updated claude.md with local AI usage guidelines and 4-tier output review policy.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 16:42:01 -07:00

544 lines
26 KiB
Markdown
Raw Blame History

# Session Log: 2026-03-20
## Session Summary
Continued work on azcomputerguru.com web properties. Three major accomplishments:
1. **Flarum community forum theme redesign** - Complete CSS rewrite for readability (v1 → v2)
2. **Matomo analytics setup** - Self-hosted analytics installed and tracking all 3 sites
3. **Cloudflare proxy re-enabled** - community, radio, and analytics subdomains back to orange cloud
## Work Completed
### 1. Flarum Forum Theme v2 (community.azcomputerguru.com)
**Problem:** The v1 theme had severe readability issues - dark text on dark backgrounds, discussion titles nearly invisible, overall muddy appearance.
**Root Cause:** Flarum's base CSS applies near-black heading colors (`rgb(17,17,17)`) and dark link colors meant for light themes. The v1 custom LESS used CSS variables (`var()`) and `!important` but Flarum's compiled CSS had higher specificity on key elements like `h2`, `.DiscussionListItem-main`.
**Solution:** Complete theme rewrite (v2) with:
- Replaced transparent navy overlays with **solid, layered gray surfaces** (GitHub Dark inspired)
- Color palette: `--g-base: #0d1117`, `--g-surface-1: #161b22`, `--g-surface-2: #1c2129`, etc.
- Text: `--g-text-primary: #e6edf3` (13.5:1 contrast ratio on surface-1)
- Added "Flarum Base Overrides" section targeting actual DOM elements (`h1-h6`, `.DiscussionListItem-main`, `.DiscussionListItem a`)
- Fixed sidebar spacing (reduced padding from 8px to 5px, separator margins from 8px to 5px)
- Added 10px left padding to sidebar nav items
**Theme file:** `/home/guru/ClaudeTools/projects/community-forum/theme-v2.less`
**Stored in:** Flarum DB `settings.custom_less`
**Backup of v1:** `/tmp/theme-v1-backup.less` on IX server
**Key lesson:** Flarum's LESS compiler caches aggressively. To force recompile:
1. Delete `public/assets/forum.css` and `rev-manifest.json`
2. Clear `storage/cache/*`, `storage/less-cache/*`, `storage/framework/cache/*`
3. Run `php flarum cache:clear`
4. Hit the site from an external client to trigger lazy CSS compilation
5. Hard refresh browser (`Ctrl+Shift+R`)
### 2. Matomo Analytics (analytics.azcomputerguru.com)
**Installed:** Matomo 5.8.0 on IX server
**Setup steps:**
- DNS record for `analytics.azcomputerguru.com` was pointing to wrong IP (52.52.94.202) — updated to 72.194.62.5
- Matomo files extracted to `/home/azcomputerguru/public_html/analytics/`
- Had to create `.htaccess` file (not included in Matomo zip for hidden files)
- Had to fix directory permissions (`chmod 755` on analytics dir)
- Web installer completed: system check, database, tables, superuser, first website, tracking code
**Sites configured:**
| Site ID | Name | URL | Tracking Method |
|---------|------|-----|-----------------|
| 1 | AZ Computer Guru | https://azcomputerguru.com | WordPress mu-plugin (`wp-content/mu-plugins/matomo-tracking.php`) |
| 2 | Community Forum | https://community.azcomputerguru.com | Flarum `custom_header` DB setting (appended) |
| 3 | Radio Show | https://radio.azcomputerguru.com | PHP script injected tracking into 204 HTML files before `</head>` |
**Cron job:** Added to `azcomputerguru` crontab:
```
*/5 * * * * /usr/local/bin/php /home/azcomputerguru/public_html/analytics/console core:archive --url=https://analytics.azcomputerguru.com > /dev/null 2>&1
```
### 3. Cloudflare Changes
**Re-enabled proxy (orange cloud) on:**
- `community.azcomputerguru.com` (record ID: `a1d406f701d30957784fdb1cb1662748`)
- `radio.azcomputerguru.com` (record ID: `a7b1605203f9a72e146d7b290e840c45`)
- `analytics.azcomputerguru.com` (record ID: `a3e71224ef035b97160de99a8fff9980`) — also fixed IP from 52.52.94.202 → 72.194.62.5
**API used:** DNS token `DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj`
- Token has DNS read/write only — cannot check/change SSL/TLS mode or WAF rules
### 4. Research Completed
**Google Analytics:** No GA tracking on any of the 3 sites. WordPress has Site Kit installed with Search Console connected but no GA4. Deferred to future session.
**AI Crawler Rules:** Cloudflare has "AI Crawl Control" feature (free plan). Requires:
1. Proxy enabled (done)
2. Dashboard: AI Crawl Control > Crawlers tab
3. Allow: ChatGPT-User, Claude-Web, Perplexity-User (referral traffic)
4. Optional: GPTBot, ClaudeBot, Google-Extended (training)
5. Our API token lacks WAF permissions — must do via dashboard
**Self-hosted analytics comparison:** Evaluated Umami vs Matomo. Chose Matomo because it's pure PHP+MySQL (runs natively on cPanel) vs Umami requiring Node.js + reverse proxy.
## Credentials
### Matomo Analytics (analytics.azcomputerguru.com)
- **Admin User:** MikeSwanson / Mat0mo2026!CGS
- **Admin Email:** mike@azcomputerguru.com
- **DB Host:** localhost (on IX server 172.16.3.10)
- **DB Name:** azcompu_matomo
- **DB User:** azcompu_matomo
- **DB Password:** Mat0mo2026!CGS
### Flarum Forum (community.azcomputerguru.com) — unchanged
- **DB:** azcompu_flarum / azcompu_flarum / Fl@rum2026!CGS
- **API Key:** 581b6c8c162a383ba87757f41b4381e9bf8db61d71bd578ee97fe32b7aeac046
### IX Server SSH (from CachyOS workstation)
- **Must use:** `sshpass -p $'Gptf*77ttb!@#!@#' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no root@172.16.3.10`
- **Note:** `$'...'` quoting required for special chars in password — regular single quotes fail (exit code 5)
### Cloudflare
- **Zone ID:** 1beb9917c22b54be32e5215df2c227ce
- **DNS Token:** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj (DNS read/write only)
- **NPM Token:** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w (broader, from Nginx Proxy Manager)
## Files Created/Modified
- `/home/guru/ClaudeTools/projects/community-forum/theme-v2.less` — new Flarum theme (created)
- IX: Flarum DB `settings.custom_less` — updated with theme v2
- IX: Flarum DB `settings.custom_header` — appended Matomo tracking (site ID 2)
- IX: `/home/azcomputerguru/public_html/analytics/` — Matomo installation (created)
- IX: `/home/azcomputerguru/public_html/analytics/.htaccess` — created for Apache
- IX: `/home/azcomputerguru/public_html/wp-content/mu-plugins/matomo-tracking.php` — WP tracking (created)
- IX: 204 HTML files in `/home/azcomputerguru/public_html/radio/` — Matomo tracking injected
- IX: `azcomputerguru` crontab — Matomo archive cron added
- `/home/guru/.claude/projects/-home-guru-ClaudeTools/memory/reference_matomo_analytics.md` — memory (created)
- `/home/guru/.claude/projects/-home-guru-ClaudeTools/memory/MEMORY.md` — updated index
- `/home/guru/ClaudeTools/credentials.md` — added Matomo section
## Pending/Incomplete Tasks
1. **Cloudflare SSL/TLS mode** — Verify it's "Full" or "Full (Strict)" in dashboard. Our API tokens can't check this.
2. **Cloudflare AI Crawl Control** — Configure in dashboard: allow ChatGPT-User, Claude-Web, Perplexity-User bots
3. **Google Analytics (GA4)** — Still needs setup. User deferred to future session. Need GA4 Measurement ID.
4. **WordPress Site Kit GA4** — Site Kit is installed on azcomputerguru.com with Search Console only. Can complete GA4 connection through Site Kit admin.
5. **Matomo API token** — Token came back empty during setup. May need to regenerate via Matomo admin panel.
6. **Radio site tracking durability** — HTML injection will be lost on next Astro rebuild/deploy. Should add to Astro layout component source instead.
7. **SSH key auth for IX** — Still using sshpass from CachyOS workstation. Should add ed25519 key.
8. **Broader Cloudflare API token** — Create one with WAF/Bot Management permissions for API-based AI crawler management.
---
## Update: 09:30 — VWP Infrastructure, Dataforth PBX, XenServer Migration Planning
### Session Summary
Major multi-client session: VWP infrastructure documentation, iDRAC console access, XenServer VM inventory, Dataforth phone system triage, and XenServer migration planning.
### 8. VWP Infrastructure Documentation
Updated credentials.md with VWP server details:
#### Citrix XenServer (PowerEdge R720)
- **Hypervisor:** XenServer 7.6.0
- **Hostname:** valleywide
- **Management IP:** 192.168.0.104 (DHCP, eth0)
- **MAC:** ec:f4:bb:d0:69:f8
- **Gateway:** 192.168.0.1
- **SSH:** root / r3tr0gradE99!
- **iDRAC IP:** 192.168.3.30
- **iDRAC MAC:** 78:45:C4:F1:CE:6E
- **iDRAC:** root / r3tr0gradE99#
- **Service Tag:** 52ZBVV1
- **iDRAC Firmware:** 2.60.60.60 (iDRAC 7)
#### QuickBooks Server (PowerEdge R640)
- **Hostname:** VWP-QBS.VWP.US
- **OS:** Windows Server 2022
- **iDRAC IP:** 192.168.3.189
- **iDRAC MAC:** 54:48:10:F2:A0:2E
- **iDRAC:** root / r3tr0gradE99#
- **Service Tag:** C84TTQ2
- **iDRAC Firmware:** 7.00.00.174 (iDRAC 9, HTML5 console works)
#### Hyper-V Server (PowerEdge R740)
- **Hostname:** VWP-HYPERV1
- **OS:** Windows Server 2025 Standard
- **IP:** 172.16.9.184
- **Domain:** VWP\VWP-HYPERV1
- **Specs:** 64 vCPUs (Xeon Platinum 8180M), 256GB RAM
- **Serial:** BN82FX2
### 9. iDRAC 7 Virtual Console Fix (192.168.3.30)
**Problem:** iDRAC 7 Java virtual console fails on modern systems, HTML5 console also fails.
**Steps taken via racadm over SSH:**
- Set `PluginType` from 1 (Java) to 2 (HTML5): `racadm set iDRAC.VirtualConsole.PluginType 2`
- Set TLS to 1.2 Only (was TLS 1.1+): `racadm set iDRAC.Webserver.TLSProtocol 2`
- Disabled console encryption: `racadm set iDRAC.VirtualConsole.EncryptEnable 0`
- Reset iDRAC: `racadm racreset soft`
**SSH command for iDRAC 7:**
```
sshpass -p 'r3tr0gradE99#' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,aes256-cbc root@192.168.3.30
```
**Java 8 setup for legacy iDRAC (if needed):**
- Installed `jre8-openjdk`, `jre8-openjdk-headless`, `icedtea-web`
- Set as default: `sudo archlinux-java set java-8-openjdk/jre`
- Relaxed security in `/usr/lib/jvm/java-8-openjdk/jre/lib/security/java.security`:
- `jdk.certpath.disabledAlgorithms=MD2`
- `jdk.tls.disabledAlgorithms=SSLv3, NULL, anon`
- Backup at `java.security.bak`
**Status:** HTML5 console still not working in Chrome (TLS cipher mismatch even with 1.2). Firefox with relaxed TLS profile also had issues. May need iDRAC firmware update to 2.65.65.65.
### 10. OpenVPN Setup for VWP
- **OVPN file:** `~/Downloads/OpenVPN-Server.ovpn`
- **Auth file:** `/etc/openvpn/vwp-auth.txt` (sysadmin / r3tr0gradE99#)
- **Connect command:** `sudo openvpn --config ~/Downloads/OpenVPN-Server.ovpn --auth-user-pass /etc/openvpn/vwp-auth.txt --group nobody --daemon vwp-vpn --log /tmp/vwp-vpn.log`
- **VPN IP:** 192.168.4.3
- **Routes:** 172.16.9.0/24, 192.168.0.0/24, 192.168.3.0/24
- **Remote:** 4.18.160.106:1194 TCP
**IMPORTANT: Tailscale and VWP VPN conflict** — Tailscale's policy routing (table 52) for `192.168.0.0/24` (Dataforth subnet via D2TESTNAS) overrides VPN routes to VWP's `192.168.0.0/24`. Must `sudo tailscale down` before using VWP VPN for `192.168.0.x` access.
### 11. XenServer SSH Access
**Problem:** SSH to `192.168.0.104` returned "Connection refused" even though sshd was running.
**Root causes (two):**
1. Tailscale routing `192.168.0.0/24` to Dataforth instead of VWP VPN
2. XenServer iptables `RH-Firewall-1-INPUT` chain blocking non-local SSH
**Fixes:**
1. `sudo tailscale down` (or `sudo ip rule add to 192.168.0.104/32 lookup main priority 100`)
2. On XenServer console: `iptables -I RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT`
**SSH command for XenServer:**
```
sshpass -p $'r3tr0gradE99!' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no root@192.168.0.104
```
Note: Must use `$'...'` quoting for the `!` in the password.
### 12. XenServer VM Inventory
| VM | OS | IP | State | vCPUs | RAM | Disk | Notes |
|----|----|----|-------|-------|-----|------|-------|
| BACKUP-SRV | Server 2019 Datacenter | 192.168.0.22 | running | 2 | 15GB | 240GB (140+100) | Installed 2024-01-17 |
| server 2012 R2 | Server 2012 R2 Standard | 192.168.0.19 | running | 4 | 16GB | 200GB | Installed 2019-04-14 |
| server 2003 | Server 2003 Enterprise SP2 | 192.168.0.20 | running | 4 | 3GB | 130GB (30+100) | **G: drive - document storage - PRIORITY** |
| XP | Windows XP | (no IP reported) | running | 2 | 3GB | 40GB | No PV tools? |
| Windows 7 (32-bit) | Windows 7 | 192.168.0.40 | halted | 2 | 4GB | 80GB | Intentionally off |
**Storage:** Local LVM — 1.47TB used of 2.24TB (~820GB free)
**Server 2003 disk detail:**
- xvda: 30GB (OS/C: drive) — VDI `4c99e07d-72ad-46f2-bb54-8c1154dc6eb1`
- xvdb: 100GB (**G: drive documents**) — VDI `828ea0ff-04c7-4f7c-9e4d-baa9e15d72bd`
### 13. Server 2003 Snapshot (Document Protection)
**Snapshot created:** `server2003-backup-20260320`
- **UUID:** `866638f5-9c9c-bf24-8c05-393d904fcead`
- **Type:** Live snapshot (no downtime)
- **Covers:** Both disks (30GB OS + 100GB G: drive)
- **Purpose:** Protect document storage before weekend migration
### 14. Dataforth PBX Triage
**Issue:** Phones reported down again.
**Diagnosis:**
- Asterisk running, 30+ extensions registered
- FirstDigital SIP trunk showing "Unavailable" — but this is **normal** for their setup
- SIP is inbound-only, forwarded via UDM port forward to PBX on VLAN100
- PBX doesn't register outbound with FirstDigital
- The `ens224` interface (10.208.107.118/30) has no working gateway — `10.208.107.117` unreachable
- Test call to 520-741-1404 **worked** — transient FirstDigital issue
**PBX network:**
- Management: `192.168.100.196` (DHCP, was .2 before)
- SIP interface: `10.208.107.118/30` on ens224 (dead gateway)
- SIP transport: `0.0.0.0:5060` UDP
### 15. Matomo Tracking Issue (Cloudflare)
**Problem:** Matomo tracking code on community/radio sites returning 503 for `matomo.js`.
**Root cause:** Cloudflare proxy on `analytics.azcomputerguru.com` was blocking/challenging cross-origin requests. The origin SSL cert is expired (Apr 2025) causing Cloudflare-to-origin connection failures.
**Current state:** Analytics subdomain switched back to proxied. SSL/TLS mode needs to be set to "Full" (not "Full Strict") in Cloudflare dashboard — our API tokens lack permission.
**Workaround needed:** Either fix SSL cert via AutoSSL or set Cloudflare SSL mode via dashboard.
### Credentials (this session)
#### VWP OpenVPN
- **User:** sysadmin
- **Password:** r3tr0gradE99#
- **Auth file:** /etc/openvpn/vwp-auth.txt
#### VWP XenServer (192.168.0.104)
- **SSH:** root / r3tr0gradE99!
- **Note:** `$'...'` quoting required for `!`
#### VWP iDRAC - Citrix R720 (192.168.3.30)
- **SSH/Web:** root / r3tr0gradE99#
- **racadm SSH:** requires `-o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,aes256-cbc`
#### VWP iDRAC - QB R640 (192.168.3.189)
- **Web:** root / r3tr0gradE99#
#### Dataforth PBX (192.168.100.2)
- **SSH:** sangoma / Gptf*77ttb!@#!@#
- **sudo:** same password via `echo 'Gptf*77ttb!@#!@#' | sudo -S`
### Files Modified
- `/home/guru/ClaudeTools/credentials.md` — added VWP XenServer, QB server, Hyper-V details
- `/etc/openvpn/vwp-auth.txt` — VWP VPN credentials (created)
- `/usr/lib/jvm/java-8-openjdk/jre/lib/security/java.security` — relaxed TLS for iDRAC
- `/tmp/firefox-idrac/user.js` — Firefox profile with relaxed TLS
### Packages Installed
- `jre8-openjdk` + `jre8-openjdk-headless` — Java 8 for iDRAC
- `icedtea-web` — Java Web Start (javaws)
### Pending/Incomplete Tasks
1. **XenServer → Hyper-V migration** — Planned for weekend. All 5 VMs need to migrate to VWP-HYPERV1 (172.16.9.184). Server 2003 (G: drive) is priority. Snapshot taken as protection.
2. **Xen Orchestra** — Install web-based XenServer management (alternative to XenCenter for Linux)
3. **iDRAC 7 virtual console** — HTML5 not working despite config changes. May need firmware update to 2.65.65.65. Java fallback works but cumbersome.
4. **Cloudflare SSL/TLS mode** — Set to "Full" in dashboard for analytics.azcomputerguru.com
5. **Cloudflare AI Crawl Control** — Configure in dashboard
6. **Google Analytics (GA4)** — Deferred
7. **Matomo analytics tracking** — Working on main site, community needs Flarum cache clear + Cloudflare fix, radio needs SSL fix
8. **XenServer iptables persistence** — The SSH firewall rule added is not persistent across reboots
9. **PBX management IP changed** — Was 192.168.100.2, now .196 via DHCP. Should set static.
10. **Java 8 is now default JRE** — May need to switch back to Java 25 for other tasks: `sudo archlinux-java set java-25-openjdk`
---
## Update: 09:35 — KVOI Bio, Network Scanning, Git Sync (MacBook Air)
### Session Summary
Light session on MacBook Air: wrote radio show bio for KVOI website, attempted to find Valleywide iLO credentials, scanned local network for VMware login pages, fixed git permissions, synced with Gitea.
### 1. KVOI Radio Show Bio
**Created bio/blurb for The Computer Guru Show on KVOI:**
> Mike Swanson has been the Tucson community's go-to resource for technology solutions that make sense for over 20 years. Since founding Arizona Computer Guru in 2001 and launching The Computer Guru Show in 2009, his mission has stayed the same: solve your technology problems while treating you like a person in the process. Whether you're a home user battling a stubborn computer or a business owner looking for IT support that actually speaks your language, The Computer Guru Show delivers straight answers without the jargon or the drama. No politics, no fluff - just real solutions from someone who's been in the trenches. Tune in Saturdays at 9am, call in at 520-790-2040, or visit gurushow.com.
**Key details included:**
- Mike Swanson name
- Founded Arizona Computer Guru 2001
- Show launched 2009
- "Over 20 years" (evergreen)
- Call-in: 520-790-2040
- Website: gurushow.com (redirects to radio.azcomputerguru.com)
- Tone: Expert + approachable, no politics
**To be used on:**
- KVOI website
- radio.azcomputerguru.com
### 2. Valleywide iLO Credential Search
**Searched credentials.md for VWP iLO creds — not found there.**
**Only iLO entry in credentials.md:**
- HP iLO (172.16.9.125): root / r3tr0gradE99#
- This is local lab infrastructure, not VWP
**VWP iDRAC credentials (already documented in earlier session):**
- XenServer R720 iDRAC (192.168.3.30): root / r3tr0gradE99#
- QB Server R640 iDRAC (192.168.3.189): root / r3tr0gradE99#
### 3. Network Scan for VMware Login Pages
**Scanned three network ranges for VMware/ESXi web interfaces:**
| Network | Status | Findings |
|---------|--------|----------|
| 192.168.3.x | Not reachable | Client site (VWP) |
| 192.168.0.x | Not reachable | Client site (VWP) |
| 172.16.9.x | Scanned successfully | See below |
**172.16.9.x discoveries:**
- **172.16.9.1** — UniFi Dream Machine Pro (UDM Pro)
- **172.16.9.124** — Avigilon security camera (SSL cert: AVIGILON-CAMERA-9C-H4A-3MH-270-112011126624)
- **172.16.9.125** — HP iLO (as expected)
**No VMware/ESXi found on any reachable network.**
**Note:** `nmap` is not installed on MacBook Air. Used curl-based scanning instead.
### 4. Git Permissions Fix
**Problem:** Sync failed with "insufficient permission for adding an object to repository database"
**Root cause:** Some directories in `.git/objects/` were owned by `root` instead of `azcomputerguru`:
```
drwxr-xr-x 3 root staff 96 Mar 13 06:12 01
```
**Fix:** User ran manually:
```bash
sudo chown -R azcomputerguru:staff /Users/azcomputerguru/ClaudeTools/.git/objects/
```
### 5. Gitea Sync
**Successfully synced with Gitea after permissions fix.**
**Pulled 11 files:**
- credentials.md (updated)
- session-logs/2026-03-19-session.md (new)
- session-logs/2026-03-20-session.md (new)
- 7 new forum posts in docs/forum-posts/
- projects/community-forum/theme-v2.less
**Recent commits from other machines:**
- VWP infra docs, iDRAC fixes, XenServer inventory, PBX triage
- Flarum theme v2, Matomo analytics, Cloudflare proxy re-enabled
- Workstation setup, ESXi license resets, FreePBX phone system fix
### Infrastructure Notes
**MacBook Air network access:**
- Can reach 172.16.9.x (home/lab network)
- Cannot reach 192.168.0.x or 192.168.3.x (VWP client network — need VPN)
### Pending/Incomplete
1. **KVOI bio** — Ready to publish, may need similar for radio.azcomputerguru.com
2. **VMware scan at VWP** — Need VPN access to scan 192.168.0.x and 192.168.3.x
3. **Install nmap on MacBook Air** — Would improve network scanning: `brew install nmap`
---
## Update: 15:45 — Ollama + GrepAI Setup on CachyOS Workstation
### Session Summary
Set up local AI infrastructure on acg-guru-5070 (CachyOS workstation). Installed Ollama with NVIDIA GPU support, pulled three models, installed and configured GrepAI for semantic code search, configured MCP server integration for Claude Code, and updated coordinator directives in `.claude/claude.md` with Ollama usage policies and review thresholds.
### Work Completed
#### 1. Ollama Installation
- **Install method:** Official install script (`curl -fsSL https://ollama.com/install.sh | sh`)
- **Location:** `/usr/local/bin/ollama`
- **Service:** systemd (`ollama.service`), enabled on boot, auto-starts
- **GPU:** NVIDIA RTX 5070 Ti Mobile detected automatically
#### 2. Models Pulled
| Model | Size | Purpose |
|-------|------|---------|
| `qwen3:14b` | 9.3 GB | General sub-tasks: summarization, classification, data extraction, drafting |
| `codestral:22b` | 12 GB | Code-specific sub-tasks: code generation, refactoring suggestions |
| `nomic-embed-text` | 274 MB | Embeddings for GrepAI semantic search |
#### 3. GrepAI Installation & Configuration
- **Version:** v0.35.0
- **Install:** Official install script (`curl -sSL https://raw.githubusercontent.com/yoanbernabeu/grepai/main/install.sh | sh`)
- **Location:** `/usr/local/bin/grepai`
- **Config:** `/home/guru/ClaudeTools/.grepai/config.yaml`
- **Index stats:** 1,437 files / 20,945 chunks / 118.3 MB
- **Chunk size:** 256 tokens (optimized from default 512, matching previous Windows setup)
- **Watcher:** Running as background daemon (PID 2665677)
- **Watcher log:** `/home/guru/.local/state/grepai/logs/grepai-worktree-37becac32343.log`
**Search boost config applied:**
- `credentials.md` — 1.5x boost
- `directives.md` — 1.5x boost
- `/session-logs/` — 1.4x boost
- `/.claude/` — 1.3x boost
- `.md` penalty removed (was 0.6x default, now neutral)
**Verified working:** `grepai search "SSH credentials"` correctly ranked `credentials.md` first (score 1.08)
#### 4. MCP Server Integration
- **Config file:** `/home/guru/.claude/projects/-home-guru-ClaudeTools/settings.json`
- **Server:** `grepai mcp-serve` with cwd `/home/guru/ClaudeTools`
- **Requires:** Claude Code restart to load
#### 5. deep-explore Agent
- Created by `grepai agent-setup --with-subagent`
- **File:** `.claude/agents/deep-explore.md`
- Provides semantic search + call graph tracing via Bash commands to grepai CLI
#### 6. claude.md Updates (Coordinator Directives)
Added to `.claude/claude.md` (syncs to all stations via Gitea):
**a) Delegation table:** Added `deep-explore` agent for semantic code search
**b) Local AI (Ollama) section:**
- Available models table
- GrepAI usage guidance (when to use vs Grep/Glob, how to use via MCP/agent/CLI)
- Ollama sub-task guidance (when to offload vs use Claude, API examples)
**c) Ollama Output Review Policy — 4 impact tiers:**
| Level | Review Required | Examples |
|-------|----------------|----------|
| Critical | ALWAYS review + verify against source | Auth/security code, credentials, DB migrations, production config, user-facing output |
| High | Review for correctness, spot-check | API logic, business rules, infra scripts, client work |
| Medium | Skim for obvious errors | Internal docs, session summaries, boilerplate |
| Low | Trust without review | Classification, reformatting, placeholders |
- Batch processing rule: review first 2-3 items before trusting the rest
- Flag-to-user rule: if local model output is Critical and review is uncertain, explicitly tell user
**d) Cross-platform fix:** SSH path note updated to cover both Windows and Linux
### Problems Encountered & Solutions
| Problem | Solution |
|---------|----------|
| `grepai index --force` command not found | v0.35.0 removed standalone `index` command — indexing is handled by `grepai watch` |
| GrepAI watcher log directory missing | Created `/home/guru/.local/state/grepai/logs/` manually |
| Both model pulls interrupted by wifi change | Ollama handles reconnection automatically — pulls resumed fine |
### Files Created
- `/home/guru/.claude/projects/-home-guru-ClaudeTools/settings.json` — MCP server config for GrepAI
- `/home/guru/ClaudeTools/.grepai/config.yaml` — GrepAI config (customized)
- `/home/guru/ClaudeTools/.claude/agents/deep-explore.md` — GrepAI exploration subagent
### Files Modified
- `/home/guru/ClaudeTools/.claude/claude.md` — Added Ollama section, review policy, delegation update, date bump
### Key Commands Reference
```bash
# Ollama
ollama list # Show installed models
ollama run qwen3:14b # Interactive general chat
ollama run codestral:22b # Interactive code chat
systemctl status ollama # Check service
# Ollama API
curl -s http://localhost:11434/api/generate -d '{"model":"qwen3:14b","prompt":"...","stream":false}' | jq -r '.response'
curl -s http://localhost:11434/api/chat -d '{"model":"codestral:22b","messages":[{"role":"user","content":"..."}],"stream":false}' | jq -r '.message.content'
# GrepAI
grepai status # Index health
grepai search "query" --json --compact # Semantic search
grepai watch --status # Watcher status
grepai watch --stop # Stop watcher
grepai watch --background # Start watcher daemon
grepai trace callers "FuncName" # Call graph
```
### Pending/Incomplete
1. **Restart Claude Code** — Required to load GrepAI MCP server
2. **Verify MCP integration** — Test `grepai` tools work after restart
3. **Commit and push**`.claude/claude.md` changes need to sync to Gitea for other stations
4. **GrepAI watcher auto-start** — Currently a backgrounded process, not a systemd service. Consider creating `~/.config/systemd/user/grepai-watcher.service` for persistence across reboots
5. **Java 8 still default JRE** — Switch back if needed: `sudo archlinux-java set java-25-openjdk`
Reference in New Issue View Git Blame Copy Permalink