Author: Mike Swanson Machine: Mikes-MacBook-Air.local Timestamp: 2026-06-07 10:26:40
9.4 KiB
GuruRMM Session: Credential Inheritance Deployment & Offboarding Wizard Spec
Date: 2026-06-07 Project: GuruRMM Focus: Production deployment of credential inheritance, clickable alert badges, offboarding wizard specification
User
- User: Mike Swanson (mike)
- Machine: Mikes-MacBook-Air
- Role: admin
Session Summary
The session advanced the credential inheritance feature by deploying server version 0.3.45 to production, enabling inheritance and de-duplication logic for client and site credentials. Testing confirmed successful validation of /effective endpoints, ensuring proper credential propagation and conflict resolution across hierarchical structures.
Clickable "Needs attention" badges were implemented in the ClientExceptionsBand component, linking critical/warning/info/offline statuses to filtered /alerts and /agents pages. A correction refined the offline badge to filter client-specific agents rather than fleet-wide, achieved by parameterizing URL queries for the Agents page and synchronizing filter dropdowns with URL state.
Investigation revealed existing delete functionality in Clients.tsx and ClientDetail.tsx with two-step confirmation, but user feedback highlighted a need for an offboarding wizard with data export capabilities. In response, SPEC-028 was authored, detailing a 835-line specification for a lifecycle management workflow, including data export, audit logging, and cascading deletions. The FEATURE_ROADMAP.md was updated to reflect the "Client & Site Lifecycle Management" initiative.
All changes were committed and pushed, completing the deployment of credential inheritance, UI refinements for alert filtering, and foundational work for offboarding workflows.
Key Decisions
- Deployed credential inheritance to single production server (172.16.3.30:3001) → serves both beta and prod dashboards
- Alert severity badges link with severity + client_id filters → prevents cross-client alert visibility
- Client filter uses client NAME in URLs → improves readability and shareability
- Used Link components with query parameters → enables better deep-linking and state persistence
- Existing delete functionality uses two-step confirmation → aligns with user expectations for safety
- Offboarding wizard designed as multi-step modal (6 steps for sites, 5 for clients) → ensures clarity and reduces errors
- Enforced cascade deletion for clients → ensures data integrity before offboarding
- Typed name confirmation used for destructive final step → reduces accidental deletions
- Audit_logs table added for immutable offboarding trail → ensures compliance and traceability
- Export files use temp tokens with 1-hour expiry → avoids permanent storage risks
Problems Encountered
- Git push rejected (twice): Branches diverged with remote changes → resolved with
git pull --rebase && git push - Offline badge showed all fleet-wide offline agents: Initial implementation didn't scope to client → fixed by adding clientName prop and client URL parameter to Agents page with filter dropdown sync
- Delete functionality visibility: User initially thought delete didn't exist → discovered it exists in Clients.tsx (line 316-342) and ClientDetail.tsx (lines 838-1089) with two-step confirmation pattern, but wasn't immediately visible
Configuration Changes
Files Modified
Dashboard (Frontend):
dashboard/src/pages/ClientDetail.tsx- Made alert badges clickable with filters, added clientName prop to ClientExceptionsBanddashboard/src/pages/Alerts.tsx- Added client_id URL parameter support for deep-linkingdashboard/src/pages/Agents.tsx- Added client URL parameter support with filter dropdown sync
Documentation:
docs/specs/SPEC-028-offboarding-wizard.md- Created (835 lines, comprehensive offboarding wizard specification)docs/FEATURE_ROADMAP.md- Added "Client & Site Lifecycle Management" section with offboarding/onboarding features
Files Created
docs/specs/SPEC-028-offboarding-wizard.md- Full specification for site and client offboarding wizards
Git Commits
Credential Inheritance Deployment:
- Tested via server build-server.sh on GURU-5070 (172.16.3.30)
- Server version: 0.3.45
- Build output: 87 warnings (all pre-existing), binary 13,926,096 bytes
- Service restarted successfully, health check passed
Dashboard Changes:
- Commit: Clickable "Needs attention" badges with client filtering
- Commit: Fixed offline badge to filter client-specific agents
- Commit: SPEC-028 offboarding wizard + roadmap update (fcf0e0a → f06ff09)
Credentials & Secrets
GuruRMM Server:
- Host: 172.16.3.30
- Port: 3001
- Version deployed: 0.3.45
- Build location: /home/guru/gururmm
- Service: gururmm-server.service
- Binary: /opt/gururmm/gururmm-server
- Backup: /opt/gururmm/gururmm-server.prev
Test Credentials Created:
- Client-level inheritable credential ID: 97d878a7-55f4-4b72-a84e-2d946c454e15
- Type: windows_domain
- Label: "Test Inheritable Domain Admin"
- Stored in: /tmp/test_client_inheritable_cred.txt
Infrastructure & Servers
Production Environment:
- Server: GURU-5070 (172.16.3.30)
- Backend: Rust/Axum @ 172.16.3.30:3001
- Dashboard Beta: https://rmm-beta.azcomputerguru.com
- Dashboard Prod: https://rmm.azcomputerguru.com
- Single backend serves both dashboards (beta and prod share same API)
Architecture:
- Frontend deployment: Two channels (beta auto-deploy, prod manual promotion)
- Backend deployment: Single production server
- Credential inheritance: Opt-in cascade (Global → Client → Site)
- De-duplication: By (credential_type, label), most specific scope wins
Commands & Outputs
Server Deployment
cd /home/guru/gururmm
./build-server.sh
# Output:
# Version: 0.3.45
# cargo build --release (87 warnings, all existing)
# Binary backed up to /opt/gururmm/gururmm-server.prev
# Service stopped, binary deployed, service started
# Health check passed
Testing Credential Inheritance
# Created client-level inheritable credential
curl -X POST http://172.16.3.30:3001/api/credentials \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"scope_type": "client",
"scope_id": "<client_uuid>",
"credential_type": "windows_domain",
"label": "Test Inheritable Domain Admin",
"username": "DOMAIN\\admin",
"password": "test123",
"is_inheritable": true
}'
# Tested /effective endpoint
curl http://172.16.3.30:3001/api/sites/<site_uuid>/credentials/effective
# Response included inherited credential with "inherited_from": "client"
Git Operations
# Multiple rebase cycles due to concurrent work
git pull --rebase && git push
# Final commit
git commit -m "Add SPEC-028: Site and Client Offboarding Wizard..."
git push # fcf0e0a → f06ff09
Pending / Incomplete Tasks
Immediate:
- None - all work for this session completed
Future Work (SPEC-028 Implementation):
- Review SPEC-028 with team
- Create database migration for audit_logs table
- Implement backend endpoints (preflight, dependencies, export, offboard)
- Build wizard components (OffboardingWizard, PreflightCheck, TypedConfirmation, etc.)
- Deploy to beta dashboard for testing
- Roll out to production after 1-week beta testing period
Roadmap Items Added:
- Site offboarding wizard (P2)
- Client offboarding wizard (P2)
- Agent offboarding wizard (P2)
- Offboarding audit log viewer (P3)
- Soft delete / trash bin (P3)
- Offboarding reason templates (P3)
- Client/site onboarding wizards (P2)
Reference Information
API Endpoints Tested:
POST /api/credentials- Create credential with is_inheritable flagGET /api/sites/:id/credentials/effective- Retrieve merged credentials with inheritanceGET /api/clients/:id/credentials/effective- Retrieve merged credentials for client
New Endpoints Specified (SPEC-028):
GET /api/sites/:id/offboarding-preflight- Pre-flight metricsGET /api/sites/:id/dependencies- Dependency analysisPOST /api/sites/:id/export- Generate export filesPOST /api/sites/:id/offboard- Atomic offboarding operationGET /api/clients/:id/offboarding-preflight- Client pre-flightPOST /api/clients/:id/export- Client exportPOST /api/clients/:id/offboard- Client offboarding
Database Schema Additions (Proposed in SPEC-028):
CREATE TABLE audit_logs (
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
event_type VARCHAR(50) NOT NULL,
resource_type VARCHAR(50) NOT NULL,
resource_id UUID NOT NULL,
resource_name VARCHAR(255) NOT NULL,
performed_by UUID NOT NULL REFERENCES users(id),
metadata JSONB,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
File Locations:
- SPEC-028:
docs/specs/SPEC-028-offboarding-wizard.md - Roadmap:
docs/FEATURE_ROADMAP.md(line 1105, new section) - ClientDetail:
dashboard/src/pages/ClientDetail.tsx - Alerts:
dashboard/src/pages/Alerts.tsx - Agents:
dashboard/src/pages/Agents.tsx
Related Documentation:
- Deployment summary:
/temp/credential-inheritance-deployment.md - Implementation details:
/temp/credentials-effective-endpoints-implementation.md
Commit SHAs:
- Final commit: f06ff09
- Previous: d441d4a (remote), fcf0e0a (local before rebase)
Client Test Data:
- Client ID used for testing: 417420f4-c3f4-482a-acd4-d6f63c8cddde
- Beta URL: https://rmm-beta.azcomputerguru.com/clients/417420f4-c3f4-482a-acd4-d6f63c8cddde