azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfa7af4aee14ead3bbedfc3041dd5ded3985567e
claudetools/session-logs/2026-05-30-session.md
Mike Swanson dfa7af4aee sync: auto-sync from GURU-5070 at 2026-05-30 07:01:49 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-30 07:01:49
2026-05-30 07:02:01 -07:00

13 KiB
Raw Blame History

Session Log — 2026-05-30 (work spanning 2026-05-29 evening → 2026-05-30)

User

  • User: Mike Swanson (mike)
  • Machine: GURU-5070
  • Role: admin

Session Summary

The session opened as a GuruRMM feature request ("Mobile device support") and ran through the /feature-request flow. After clarifying scope (MDM for phones/tablets plus a GuruRMM mobile agent app — treated as one coherent feature), produced SPEC-017-mobile-device-support.md. The central technical finding documented: the iOS/Android capability asymmetry — an Android Device Admin app delivers real remote lock/wipe with no server certificate, but a sandboxed iOS App Store app cannot lock/wipe without an MDM enrollment profile (which needs the free Apple MDM Push Certificate). Mike then confirmed ACG now holds both Apple certificates (Developer Program + signing, and the MDM Push Certificate), so the spec was updated to mark both iOS phases Apple-cert-unblocked, with the annual MDM-push-cert renewal trap flagged.

The bulk of the session was a full GuruConnect (GC) modernization effort. Mike asked whether a gc-audit equivalent to /rmm-audit existed; it did not, so a gc-audit skill was authored, adapted to GC's actual architecture (protobuf wire format, runtime sqlx, Gitea Actions CI, static-HTML+component-library dashboard) rather than copying RMM assumptions. The skill was then run as a dry run: seven parallel/ sequential audit passes on Opus surfaced three CRITICAL relay-plane auth failures (any-JWT-joins-any-session, viewer-WS blacklist bypass, JWT-accepted-as-agent-key) plus the dashboard's wire-incompatible "protobuf" decoder, a stubbed deploy step leaving production 57 commits stale, and several HIGH/MEDIUM items. The audit report was committed and the skill was refined (use .claude/standards/ as the compliance baseline; reconcile all docs/specs/SPEC-*.md + specs/*/plan.md [DONE] markers; tag already-planned findings [TRACKED] during a rebuild).

Mike then directed a ground-up re-spec. Produced SPEC-002-v2-modernization-architecture.md from four locked decisions: greenfield-but-salvage-proven-Rust-cores; native-first with full key fidelity (Win+R / Ctrl+Alt+Del / clipboard) and WebRTC only as a fallback; standalone-first with a versioned /api/integration/v1/ RMM contract; hardened single-tenant now with a tenancy-ready schema. File transfer (clipboard cut/paste + drag-and-drop, bidirectional) was elevated to a headline differentiator after Mike named it as a favorite ScreenConnect feature. /shape-spec then produced specs/v2-secure-session-core/ (Phase 1).

The Phase-1 keystone was implemented end to end across four tasks, each via a Coding Agent (Opus) → mandatory Code Review (Opus) → Gitea Agent commit loop: Task 1 (v2 schema + per-agent cak_ keys + tenancy-ready columns), Task 2 (auth rebuild deleting the JWT-as-agent-key branch, session-scoped viewer tokens, per-agent key issuance, folding in a pre-existing machine-metadata bug fix), Task 3 (secure relay WS — viewer-token verification with blacklist + session-claim match, agent identity binding, frame caps, input throttle), and Task 4 (in-memory rate limiting + single-use widened support codes). A review-driven authorization-strength fix split viewer tokens into VIEW_ONLY vs CONTROL gated on permission, fully closing CRITICAL #1. Because the dev machine has no Rust toolchain, all code was verified on the build host (172.16.3.30) and confirmed compiling + passing tests (32/32), and the Gitea Actions CI was confirmed green. Every audit CRITICAL and HIGH in the auth/session core is now remediated in code.

The session closed with a /sync (pulled four of Howard's auto-sync commits) and a radio-show task: set the "promised vs got / best invention" episode to today's date (Saturday 2026-05-30), preserved Howard's Segments 1-2, and expanded the reserved Segment 3 into a topical May-2026 tech-news segment (AI glasses, AI-and-jobs, subscription squeeze, orbital data centers, AI security reality check, gadget hits) using live web research, since the assistant's training only runs to ~Jan 2026.

Key Decisions

  • SPEC-017 scope: treat "mobile device support" as MDM + a GuruRMM mobile agent app together; document the iOS/Android lock-wipe asymmetry rather than over-promising iOS parity.
  • gc-audit adapted, not copied: GC uses runtime sqlx (not RMM's macros — and CLAUDE.md's "compile-time checked queries" line is stale), protobuf wire format, Gitea Actions CI, and a static-HTML+component-library dashboard. The skill's passes were rewritten accordingly; Pass B's initial "macros are the GC norm" rule was later corrected to flag new query! macros as a [LOW] deviation.
  • GC v2 direction (4 locked decisions): greenfield-salvage-cores; native-first full key fidelity (WebRTC fallback only); standalone-first + versioned RMM contract; hardened single-tenant with a tenancy-ready (nullable tenant_id) schema so Phase 4 flips on isolation with no migration rewrite.
  • File transfer elevated: clipboard cut/paste + drag-and-drop (both directions) made a core differentiator with a delayed-render clipboard design, not a deferred panel.
  • v2 sqlx + repo: confirmed runtime sqlx::query() for v2 (GC already uses it); clean architectural reset in-place in the existing guru-connect repo (not a new repo).
  • Auth-strength (CRITICAL #1): viewer-token minting gated on permission, and — after review found view is held by every default role — split into VIEW_ONLY (gated on view, relay refuses input) vs CONTROL (gated on control/admin) tokens. This is what actually closed CRITICAL #1.
  • Codec/transport/cutover: H.264 default (HEVC opt-in); Phase-2 web viewer on protobuf-over-WSS first (WebRTC later); widened higher-entropy support codes; clean wholesale v1→v2 cutover (no client data to migrate).
  • Verification path: with no local Rust toolchain, all Rust was verified by building + testing on the build host (172.16.3.30) and by confirming Gitea Actions CI, rather than trusting self-review.
  • Radio Segment 3: built as a "present-day" bookend tying each item back to Segments 1-2; pulled live (web search) because training is stale for a same-day show.

Problems Encountered

  • Gitea push failed mid-session (internal :3000 refused, public 502) — a transient blip; later confirmed reachable and the pending commit had already been swept upstream by auto-sync. No loss.
  • Explore agent reported two GC docs at the repo root (FEATURE_ROADMAP.md, ARCHITECTURE_DECISIONS.md) that actually live under docs/; caught and corrected the gc-audit skill's paths before finalizing.
  • CI red on Tasks 2/3/authz — but only at the cargo fmt --all --check gate, which short-circuits before clippy/build/test, so the code had never actually compiled in CI. Verified on the build host that it compiled + passed; applied the fmt patch + two clippy one-liners (8a01935) → CI green.
  • Task 4 clippy redempty_line_after_doc_comments (rate_limit.rs) and two dead-code event constants (events.rs); fixed (2118942, build-host-verified) → CI green.
  • Audit authz finding: Task 2/3's first authz gate used has_permission("view"), which is held by every default role, so it didn't actually narrow access; reviewer caught it, leading to the VIEW_ONLY/CONTROL split.
  • Coord todo POSTs failed twice on an em-dash ("error parsing the body"); resolved by using ASCII-only text. (Same lesson recurred and was applied.)
  • No Rust toolchain on GURU-5070 — every Coding Agent could author but not compile; mitigated by build-host verification (172.16.3.30) for each task.

Configuration Changes

azcomputerguru/guru-connect (separate repo):

  • New: docs/specs/SPEC-002-v2-modernization-architecture.md, reports/2026-05-29-gc-audit.md, specs/v2-secure-session-core/{plan,shape,references,standards}.md.
  • New (server): migrations/004_v2_secure_session_core.sql, 005_machine_metadata.sql, 006_widen_support_code.sql; src/db/{agent_keys.rs,tenancy.rs}; src/auth/agent_keys.rs; src/api/machine_keys.rs.
  • Rebuilt/modified (server): src/middleware/rate_limit.rs (+mod.rs), src/relay/mod.rs, src/api/sessions.rs, src/auth/{jwt.rs,mod.rs}, src/db/{machines,sessions,support_codes,events,users,mod}.rs, src/support_codes.rs, src/main.rs, Cargo.toml (removed tower_governor).
  • Episode/radio: n/a (different repo).

azcomputerguru/gururmm (submodule):

  • New: docs/specs/SPEC-017-mobile-device-support.md; docs/FEATURE_ROADMAP.md updated (MDM checklist + Asset Location Tracking cross-link to SPEC-017).

azcomputerguru/claudetools (this repo):

  • New: .claude/skills/gc-audit/SKILL.md (then refined twice).
  • New memory: .claude/memory/project_apple_mdm_certs.md, .claude/memory/project_guruconnect_v2_direction.md; MEMORY.md index updated.
  • Radio: created projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md (expanded, 25KB); git rm of projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/.
  • This session log.

Credentials & Secrets

  • No new secrets created.
  • Gitea API token used for CI status checks: SOPS vault services/gitea.sops.yaml, field credentials.api.api-token.
  • ACG holds both Apple certs as of 2026-05-29 (Developer Program + signing; MDM Push Certificate). Still to capture: the exact owning Apple ID and expiry for the MDM Push Certificate (renews annually on the same Apple ID or all enrolled iOS devices break) — see .claude/memory/project_apple_mdm_certs.md.

Infrastructure & Servers

  • Coordination API: http://172.16.3.30:8001/api/coord (locks, todos) — no auth.
  • Gitea (internal): http://172.16.3.20:3000 (azcomputerguru org). Public: git.azcomputerguru.com (NPM/Cloudflare; prefer internal).
  • GC build/deploy host: 172.16.3.30 (Linux, Rust toolchain present; GC server runs on :3002 behind NPM at connect.azcomputerguru.com; GC clone at /home/guru/guru-connect). Production GC binary was stale (git 1bfd476, ~2026-01-18) vs submodule HEAD — deploy step is a stub.
  • Gitea Actions runners (online): guruconnect-builder (ubuntu-latest), pluto-guruconnect (windows-msvc, on Pluto 172.16.3.36).
  • GC DB: PostgreSQL on the GC host; v2 migrations 004-006 added (not yet applied to production).

Commands & Outputs

  • cargo fmt --all / cargo clippy --all-targets --all-features -- -D warnings / cargo build --release --target x86_64-unknown-linux-gnu / cargo test --release — run on 172.16.3.30 to verify GC v2 (no local toolchain). Note: must set CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu on Linux because the repo .cargo/config.toml defaults to x86_64-pc-windows-msvc.
  • GC v2 keystone test result on build host: 32 passed; 0 failed.
  • CI: build-and-test run on 2118942 — build-server, build-agent, security-audit all success.
  • Coord todo POST: requires ASCII-only body (text, created_by_user, created_by_machine required); em-dashes cause "error parsing the body".
  • git rm -r projects/radio-show/episodes/tbd-promised-vs-got-and-inventions/ — old radio folder removed after writing the dated one.

Pending / Incomplete Tasks

  • GC v2 Phase 1 remainder: Task 5 (attended-mode consent — proto ConsentRequest/ConsentResponse), Task 6 (native viewer full key fidelity — WH_KEYBOARD_LL hook, scan-code injection, SAS for Ctrl+Alt+Del, clipboard sync), Task 7 (HW H.264 + raw/Zstd fallback). Then Phase 2 (file transfer + dashboard + web viewer), Phase 3 (/api/integration/v1/ RMM contract), Phase 4 (multi-tenancy switch-on). Source of truth: specs/v2-secure-session-core/plan.md + docs/specs/SPEC-002-*.md.
  • Open coord todos (guruconnect): 9a462965 (revoke viewer tokens on logout), 3c1f372a (trusted-proxy client-IP keying — NPM-on-loopback collapses clients to 127.0.0.1), 542137df (multi-instance fail-closed DB single-use gate). Plus two TODO(audit-events) comments in db/events.rs.
  • GC v2 deploy: wire the real deploy.yml SSH step (currently a stub) and chain cargo audit into release/deploy; v1→v2 cutover after the product-capability tasks.
  • SPEC-017 mobile: capture the Apple MDM Push Certificate's owning Apple ID + expiry; provision Google Play/FCM.
  • Radio: Mike's "best invention" pick (Segment 2); refresh Segment 3 items if the show slips past 2026-05-30.

Reference Information

  • Specs: guru-connect/docs/specs/SPEC-002-v2-modernization-architecture.md, guru-connect/specs/v2-secure-session-core/, guru-connect/specs/native-remote-control/; gururmm/docs/specs/SPEC-017-mobile-device-support.md.
  • Audit report: guru-connect/reports/2026-05-29-gc-audit.md.
  • gc-audit skill: .claude/skills/gc-audit/SKILL.md.
  • Memory: .claude/memory/project_apple_mdm_certs.md, .claude/memory/project_guruconnect_v2_direction.md.
  • Commit SHAs — guru-connect: 486debf (audit report), 5c60a10 (SPEC-002), 81e4b99 (shape spec), fef8111 (T1), 41691bf (T2), 0f25878 (T3), a453e79 (authz split), 8a01935 (fmt/clippy), bfcdbb5 (T4), 2118942 (clippy fix).
  • Commit SHAs — gururmm: 417856e (SPEC-017).
  • Commit SHAs — claudetools: e8ac759, df6a2dd, e5ccb6a, c670471, c70cd70 (gc-audit skill).
  • Coord todos (guruconnect): done — faf39fe0, c8916c89; open — 9a462965, 3c1f372a, 542137df.
  • Radio episode: projects/radio-show/episodes/2026-05-30-promised-vs-got-and-inventions/show-prep.md.
Reference in New Issue View Git Blame Copy Permalink