Files

Howard Enos eb5c147bcd sync: auto-sync from HOWARD-HOME at 2026-06-01 17:07:55

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-01 17:07:55

2026-06-01 17:10:07 -07:00

7.7 KiB

Raw Blame History

AT Trebesch — 2026-06-01

User

User: Howard Enos (howard)
Machine: Howard-Home
Role: tech

Session Summary

Reviewed the full pending-todo backlog (coord API, 38 items) and the live Syncro ticket board to surface actionable client work for Howard. Identified ~13 tickets assigned to Howard (user_id 1750), several overlapping coord todos (DesertRV RMM standup, Cascades ALIS/Karen Rossini). Pivoted into onboarding a new GuruRMM client.

Onboarded AT Trebesch (Syncro customer 238740, Tucson residential) into GuruRMM: created the client + "Main" site, captured the one-time site enrollment key, vaulted it, committed/pushed the vault. Confirmed the client's primary workstation DESKTOP-QNP3ON5 was already enrolled and checking in.

Scoped and staged a contact-recovery task: consolidate every address-book contact spread across the customer's PST files into one Outlook-importable CSV. Ran read-only RMM scans to characterize the machine: PST inventory (24 PSTs, ~155 GB, including two 48 GB and one 16 GB file), session/Outlook state, and a validated Outlook COM probe. The probe confirmed COM works in the user session, that the address book lives in the Contacts folders (794/374/366 in the three loaded stores), that the legacy "Suggested Contacts" auto-harvest folder is present and correctly excluded, and that the 10 GB archive1.pst holds no contacts (signal that the giant mail archives are likely contact-empty).

Authored two PowerShell scripts (extract + merge) implementing a resilient, resumable, smallest-first extraction via Outlook COM AddStore, with an intelligent merge (email-or-name dedupe, recency-wins gap-fill, notes concatenated across copies, up to 3 emails, audit columns). Per Howard's clarifications, the scripts target only real address-book folders (not the Auto-Complete cache or Suggested Contacts) and fully capture contact Notes.

Howard requested the actual extraction be held until 6:00 PM MST and that he will trigger it manually (attended run). Nothing was dispatched against the customer's live Outlook data; only read-only scans/probes ran. Two memory notes were saved to preserve the staged state.

Key Decisions

Route A (Outlook COM in user_session) over a standalone PST parser — Outlook present + Owner logged in, and COM maps contacts 1:1 to Outlook's CSV import schema with zero machine footprint.
Two-phase architecture (extract as user → JSON per PST; merge as SYSTEM → CSV) for resilience: extraction timeouts/hangs don't lose completed work, and merge runs on whatever JSONs exist.
Smallest-first + resumable ordering so real contact stores are captured before the risky 48 GB archives; re-dispatch skips completed PSTs.
Exclude auto-harvest folders by name (Suggested Contacts, Recipient Cache, GAL/recipient caches) per Howard's "address book, not everyone who emailed" requirement. Validated by the probe ([WOULD SKIP] on the live Suggested Contacts folder).
Dedupe key = primary email, else normalized First+Last — errs toward not over-merging (a stray duplicate beats merging two different people).
Notes concatenated across duplicate copies (not newest-wins) so no note content is lost — added after Howard explicitly asked to copy notes.
Attended 6pm run (not auto-scheduled) — client data op touching live Outlook; Howard wants to watch for hangs on the big PSTs.
Dedupe identical PST copies by name+size before mounting (the set has many backup-folder/D:\E mirrors) to avoid redundant AddStore work.

Problems Encountered

Blank logged-on-user detection — Win32_Process explorer.exe owner came back empty. Cause: the machine runs a third-party Explorer shell replacement. Resolved by confirming the session via Win32_ComputerSystem.UserName (= DESKTOP-QNP3ON5\Owner); saved as a memory note.
Probe mis-dispatched (exit 127) — first probe ran from the wrong working directory (shell CWD had carried over into the guru-rmm submodule from an earlier source-inspection cd), so git rev-parse resolved the wrong repo root and vault.sh wasn't found. Resolved by pinning REPO_ROOT=/c/claudetools.
PowerShell parse error in the probe — embedded apostrophes and a \ inside double-quoted strings broke the parser (nothing executed). Resolved by rewriting output strings to use interpolation and avoid those characters.

Configuration Changes

Created C:\claudetools\.claude\tmp\treb-extract.ps1 — Phase 1 contact extraction (Outlook COM, user_session).
Created C:\claudetools\.claude\tmp\treb-merge.ps1 — Phase 2 merge → CSV (SYSTEM).
Created C:\claudetools\.claude\memory\reference_trebesch_qnp3on5.md — shell-replacement / logged-on-user quirk.
Created C:\claudetools\.claude\memory\project_trebesch_pst_consolidation.md — staged-task state.
Updated C:\claudetools\.claude\memory\MEMORY.md — added two pointers (Reference + Pending Setup).
Vault (D:/vault): created clients/attrebesch/gururmm-site-main.sops.yaml (encrypted, committed, pushed).

Credentials & Secrets

AT Trebesch GuruRMM site enrollment key (grmm_…) is vaulted at clients/attrebesch/gururmm-site-main.sops.yaml (round-trip verified). Not reproduced here — read via bash .claude/scripts/vault.sh get clients/attrebesch/gururmm-site-main.sops.yaml.
No other new secrets. Syncro/RMM creds unchanged (vault: infrastructure/gururmm-server.sops.yaml).

Infrastructure & Servers

Syncro customer 238740 — AT Trebesch, treb737@earthlink.net, 5205294999, 7280 N. Cathedral Rock, Tucson AZ (residential).
GuruRMM — API http://172.16.3.30:3001, dashboard https://rmm.azcomputerguru.com.
- Client "AT Trebesch": a6dbe776-c3b0-4345-8c2c-597cff8a9b4d
- Site "Main": 2df75e13-4268-49db-babe-489b66729f87, code SWIFT-LION-2892
- Install page: https://rmm.azcomputerguru.com/install/SWIFT-LION-2892
- MSI: https://rmm.azcomputerguru.com/api/sites/2df75e13-4268-49db-babe-489b66729f87/installer
DESKTOP-QNP3ON5 — agent ba173f0c-19e8-488d-834c-1b6f6dfd5699, Windows, user Owner, runs an Explorer shell replacement. Outlook = Microsoft 365 Apps x64, 16.0.19929.20172. Free space C: 593 GB, D: 915 GB.

Commands & Outputs

GuruRMM timeout behavior (verified in server/src/db/commands.rs reaper + agent/src/transport/websocket.rs): timeout_seconds honored exactly, no hidden cap; default 300s, NULL→600s.
PST inventory: 24 files, 154.83 GB. Largest: Outlook2.pst 48639 MB & 48633.2 MB, treb737@earthlink.net - Default.pst 16619.9 MB, archive1.pst 10524 & 10499.3 MB. Many byte-identical copies across Desktop\Outlook\backup\, D:\E\, Documents\Outlook Files\.
COM probe output: COM_OK; 5 loaded stores; address-book counts Contacts=794 (earthlink) / 374 (Outlook1) / 366 (Outlook); [WOULD SKIP] Suggested Contacts; archive1.pst/backup.pst no contacts.

Pending / Incomplete Tasks

HOLD until 6:00 PM MST 2026-06-01 (01:00 UTC Jun 2): run treb-extract.ps1 then treb-merge.ps1 on DESKTOP-QNP3ON5 via /rmm. Howard triggers manually ("go" = safe set excluding giants; "go, all PSTs" = include 48/16/10 GB archives). Output CSV → C:\Users\Owner\Desktop\Contacts\.
After delivery: spot-check one giant archive for contacts; only scan the rest if non-empty.
Related open Syncro tickets for AT Trebesch: 32160 (assess for threats — pairs with /rmm diagnose) and 31953 (earthlink address book — this contact-recovery task).

Reference Information

Scripts: C:\claudetools\.claude\tmp\treb-extract.ps1, C:\claudetools\.claude\tmp\treb-merge.ps1
Memory: reference_trebesch_qnp3on5.md, project_trebesch_pst_consolidation.md
Syncro ticket #31953 (address book), #32160 (threats)
RMM API: POST /api/agents/:id/command (context=user_session for COM), poll GET /api/commands/:id

7.7 KiB Raw Blame History