Files
claudetools/errorlog.md
Mike Swanson f6f6aae618 sync: auto-sync from GURU-BEAST-ROG at 2026-06-30 15:11:06
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-30 15:11:06
2026-06-30 15:12:12 -07:00

775 lines
89 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Error Log
Brief records of preventable, pattern-worthy events across the fleet — used to improve
skills, write better CLAUDE.md rules, and clean stale/misleading memory. The aim: never
pay tokens twice for the same avoidable mistake. Append newest at the top; keep entries to
1-2 lines. **Always write via the helper, never by hand:**
`bash .claude/scripts/log-skill-error.sh "<skill/context>" "<brief>" [--correction|--friction] [--context "k=v"]`
Format: `YYYY-MM-DD | MACHINE | command/skill/context | [type] error (brief) [ctx: ...]`
Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
`[correction]` = user corrected an improper assumption I made ·
`[friction]` = preventable self-inflicted token-waste (harness/env/tool misuse; cite a
`ref=` in ctx when it repeats a documented gotcha — that flags a rule/memory to strengthen).
---
<!-- Append entries below this line -->
2026-06-30 | Howard-Home | remediation-tool/exchange-op | [friction] Add-MailboxPermission -AutoMapping $true silently rolled back the FullAccess grant for 2 of 4 delegates (cmdlet echoed [FullAccess] success but Get-MailboxPermission showed NONE); a failed msExchDelegateListLink write aborts the whole Add transaction. Fix: re-add with -AutoMapping $false (FullAccess then persists); set automapping separately/interactively if auto-attach is required. [ctx: tenant=cascadestucson.com mailbox=tamra.matthews app=ComputerGuru-Exchange-Operator]
2026-06-30 | Howard-Home | /syncro | [correction] invoiced 'Windows Pro Upgrade' line items (Cascades 67887/67890) with blank CATEGORY; product_category was null and I billed it anyway — correct is to pre-flight GET /products/<id>, never invoice a null/blank category, and never invent one (use existing set e.g. Software) [ctx: ref=feedback_syncro_line_item_category invoices=67887,67890 product=23571919]
2026-06-30 | Howard-Home | rmm/printer-map | [friction] Add-Printer -ConnectionName in user_session = HRESULT 0x800702e4 ELEVATION_REQUIRED (Point-and-Print); agent watchdog times out on the interactive UAC prompt. Use WScript.Network.AddWindowsPrinterConnection + have a user at console approve, or pre-stage driver/connection as SYSTEM
2026-06-30 | Howard-Home | rmm/powershell | [friction] literal UNC backslashes (hostshare) in a jq-built PS payload got mangled to a single backslash -> Add-Printer 'invalid name'; fix: build UNC with [char]92 instead of literal backslashes [ctx: ref=feedback_windows_quote_stripping host=RECEPTIONIST-PC]
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=fw-list]
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=fw-list]
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=audit]
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run]
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run]
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run]
2026-06-30 | GURU-5070 | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}]
2026-06-30 | Howard-Home | bash/env | [friction] Bash tool default timeout 120000ms cut off long RMM watch loops twice; set timeout param to 600000 for multi-minute monitoring.
2026-06-30 | Howard-Home | powershell/env | [friction] "C:.~BT" in a double-quoted PS string expands $WINDOWS to empty -> C:.~BT; Test-Path falsely reports folder missing. Fix: backtick-escape (`$) or single-quote the path.
2026-06-29 | GURU-5070 | remediation-tool/graph | [friction] Tenant Admin app 403s on group DELETE (has GroupMember write, not Group.ReadWrite.All); use User Manager app for M365 group deletion [ctx: tenant=birthbiologic op=group-delete]
2026-06-29 | GURU-5070 | rmm/rsync-cygwin | [friction] cwRsync (cygwin) on AD2 misreads a Windows 'C:path' DESTINATION as a remote host; pulls silently fail. Use /cygdrive/c/... for local src AND dst [ctx: host=AD2 ref=dataforth-dos-sync]
2026-06-29 | GURU-5070 | graph/sharepoint-upload | BirthBio media upload: all 10 large files failed at chunk 0 (connection closed on send + 503) with 60MB chunks; docs OK [ctx: site=birthbiologic chunk=60MB fix=reduce-to-10MiB+retry]
2026-06-29 | GURU-5070 | rmm/user-management | [correction] Claimed GuruRMM has no built-in user-password action; it DOES - the per-agent User Manager tab (Users/Groups) manages local + domain (on a DC) + AAD users: reset_password, set_enabled, set_password_never_expires, add/remove_from_group. Used raw Set-ADAccountPassword PowerShell instead (which also leaked the pw into command history). [ctx: endpoint=/api/agents/{id}/users + /users/action component=UserManagerTab.tsx]
2026-06-29 | GURU-5070 | remediation-tool | [correction] assumed 'AD account' meant Entra/M365 account; user meant ON-PREM AD. 365/email stays disabled; on-prem handled separately (no ADsync - cloud-only user). [ctx: client=VWP user=teresa@valleywideplastering.com]
2026-06-29 | Howard-Home | discord-dm | Discord send to howard (DM) failed [ctx: http=400 resp={"message": "Invalid Form Body", "code": 50035, "errors": {"content": {"_errors"]
2026-06-29 | GURU-5070 | remediation-tool/reset-password.sh | [friction] JIT de-elevation can never succeed: an app-only SP cannot remove its OWN Privileged Authentication Administrator assignment ('no privilege to remove self'). Every admin-account reset leaves standing PAA on the ComputerGuru Tenant Admin SP; requires a human Global Admin to remove. Likely also left PAA on birthbiologic.com (2026-06-08). [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f sp=fccda86c-77ca-4248-b876-b0cdba8605d4 role=PrivilegedAuthAdmin fix=PIM-or-second-principal-or-human-GA]
2026-06-29 | GURU-5070 | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f assignment=ikzke6-tKk6E1qsmSeCKE2yozfzKd0hCuHawzbqGBdQ-1 http=400]
2026-06-29 | GURU-5070 | syncro/billing | [friction] created invoice on ticket with pre-existing unbilled line item without checking first; invoice swept a prior 5.0h migration charge + my 1.0h, deducting 6.0h from prepaid block (10->3 total, intended 2). ALWAYS GET /tickets/{id} .line_items before POST /invoices on a prepaid customer [ctx: client=birth-biologic ticket=32187 invoice=1650837688]
2026-06-29 | GURU-5070 | remediation-tool/birthbiologic | [correction] assumed MX still on Google (per 06-26 docs); actual: MX cut to M365 (birthbiologic-com.mail.protection.outlook.com) on Sat 2026-06-27 — verify MX live, don't trust stale migration-scope docs [ctx: client=birth-biologic]
2026-06-29 | GURU-5070 | rmm/windows-fileaudit | [friction] OneDrive cloud-only files at >=260-char paths can't be header-read: Graph driveItem-by-path 404s them and local [IO.File]::Open fails (MAX_PATH) even with ? prefix and AppContext UseLegacyPathHandling/BlockLongPaths switches; need robocopy/SPMT (long-path native) for those [ctx: host=ACG-DWP-X-BB count=89 client=birth-biologic]
2026-06-29 | GURU-5070 | rmm/bash | [friction] passed ~20KB base64 inline via jq --arg in command line -> 'Argument list too long'; should stage data on the endpoint (it already had the CSV) or chunk-upload, never inline-pass large blobs [ctx: ref=CLAUDE.md windows-rules; host=ACG-DWP-X-BB]
2026-06-29 | GURU-5070 | migration/datto-to-sharepoint | 2026-06-26 SharePoint push corrupted files: byte array stringified ('$bytes') so each file written as space-separated DECIMAL TEXT instead of binary (xlsx '80 75 3 4...', pdf '37 80 68 70...'); format-agnostic, ~15 local + up to ~3298 cloud-only files modified 06-26; Datto source intact [ctx: client=birth-biologic host=ACG-DWP-X-BB vector=base64/stdout-capture-upload fix=use OneDrive-sync/SPMT or [IO.File]::WriteAllBytes]
2026-06-29 | Howard-Home | cascades/SG-Caregivers | [correction] assumed adding Feller + Nyanzunda to SG-Caregivers per 6/4 worklist; correct is group = frontline caregivers ONLY, exclude admins/managers/admin-adjacent (Feller PA-remote, Nyanzunda MC admin asst) do NOT go in
2026-06-29 | Howard-Home | rmm/coord | [friction] 172.16.3.30 unreachable from Howard-Home (RMM :3001 + coord :8001 dead; Cascades VPN up) — ACG-internal route down [ctx: ref=cascades-caregiver-group-task]
2026-06-29 | Howard-Home | rmm/powershell | [friction] used $pid as a variable in remote PS script; $PID is a reserved automatic variable (current process id) so the .zip ProgID read was clobbered (showed 16044). Use a non-reserved name e.g. $zipProg [ctx: ref=feedback_windows_quote_stripping-style-PS-gotchas]
2026-06-29 | Howard-Home | rmm/rednour-legalasst | [correction] assumed LEGALASST was the cloned machine; correct is that CARRIE'S machine was cloned (to host rednourcarrievirt) and LEGALASST is EMMA'S machine (not cloned). Emma's drives X/Y/Z were remapped today to
ednourcarrievirt [ctx: client=rednour host=LEGALASST]
2026-06-29 | Howard-Home | rmm-auth/tailscale | [friction] RMM+coord unreachable (http=000); tailscaled service RUNNING but backend stuck in NoState after restart -> 172.16.3.30 unping-able from HOWARD-HOME [ctx: ref=remote-diag fix=tailscale-relogin]
2026-06-29 | Howard-Home | rmm-auth | RMM login failed (no token returned from /api/auth/login) [ctx: url=http://172.16.3.30:3001 resp=]
2026-06-29 | Howard-Home | rmm-search | RMM auth failed via rmm-auth.sh (no TOKEN/RMM)
2026-06-29 | Howard-Home | rmm-search | RMM auth failed via rmm-auth.sh (no TOKEN/RMM)
2026-06-29 | Howard-Home | save/rmm-scratch | [friction] wrote RMM command-id scratch files (.netprobe_id, .stage_id, etc.) to repo root C:/claudetools; .netprobe_id got swept into a sync commit by git add -A and needed git rm. Use the session scratchpad dir for transient IDs, not the repo root. [ctx: ref=feedback_tmp_path_windows]
2026-06-28 | Howard-Home | rmm/spec-015-safeboot | [friction] safe-mode survival test stranded DESKTOP-MS42HNC: (a) registering only GuruRMMAgent/Watchdog in SafeBootNetwork is insufficient for the agent to connect in Safe Mode (needs network-stack deps e.g. BFE/Dnscache/CryptSvc); (b) Task-Scheduler dead-man does NOT fire in Safe Mode so auto-revert failed -> required manual console recovery [ctx: host=DESKTOP-MS42HNC spec=SPEC-015 fix=use-a-service-not-schtasks-for-revert test-only-on-disposable-VM]
2026-06-28 | Howard-Home | rmm/powershell-discovery | [friction] broad '*.log' Get-ChildItem on C:WindowsTemp pulled a 157KB Office C2R telemetry log into command output, wasting tokens; scope log searches to the specific filename (mccleanup.log) or a tight -Filter, not *.log
2026-06-27 | GURU-5070 | sync/bash-timeout | [friction] sync.sh SIGTERM'd at 2min: Bash tool default 120s timeout collides with sync.sh's ~120s lock-wait window (exit 143). Fix: invoke sync.sh with Bash timeout >=180000ms so it can acquire the lock or cleanly exit 75
2026-06-27 | GURU-5070 | syncro/bot-alert | [friction] posted bot-alert without the mandated '-> <link>' tail; format is [SYNCRO] <tech> <verb> #num (cust) - summary -> https://computerguru.syncromsp.com/tickets/<id> [ctx: ref=syncro.md#post-to-bot-alerts]
2026-06-27 | GURU-5070 | birthbio/datto-sharepoint | [correction] assumed 'reappearing' files were a Datto two-way-sync resurrection from the transfer VM; correct: they were stale copies left in SharePoint since the April additive push (deleted from Datto later, never removed from SP). Mirror cleanup removed them.
2026-06-27 | GURU-5070 | bash/background-poller | [friction] background poll script used $0-relative temp files ($0.l.json etc.) for curl --data-binary @file; under run_in_background $0 didn't resolve to a writable path so every poll errored + it never detected completion. Fix: use absolute scratchpad paths in background scripts, not $0-relative
2026-06-26 | Howard-Home | syncro/billing | [correction] hand-rolled add_line_item API calls from memory instead of using the /syncro skill; malformed tickets reached Winter for cleanup. Correct: route ALL Syncro billing/invoicing through the skill. Generalized to a CORE skill-first rule. [ctx: rule=skill-first memory=feedback_skill_first_routing tickets=#32193,#32194]
2026-06-26 | Howard-Home | bash/env | [friction] used relative .claude/scripts/rmm-auth.sh after an earlier cd into a skill scripts dir (cwd persists across Bash calls) -> 'No such file or directory'; fix: cd /c/claudetools first or use absolute paths [ctx: ref=2026-06-25-edr-rollout cwd-drift note]
2026-06-26 | Howard-Home | rmm/bash-quoting | [friction] REPEAT (same session, day after logging it): used doubled single-quotes ('') around a PowerShell registry path inside a single-quoted bash $SCRIPT again -> 'Windows NT' path space broke the read. Fix is known (double-quotes inside). Rule from feedback_windows_quote_stripping not sticking under flow - consider always building PS scripts via a heredoc to a var, never inline single-quoted with embedded quotes. [ctx: ref=feedback_windows_quote_stripping repeat=2]
2026-06-26 | Howard-Home | discord-dm | Discord send to howard (DM) failed [ctx: http=400 resp={"message": "Invalid Form Body", "code": 50035, "errors": {"content": {"_errors"]
2026-06-26 | GURU-5070 | output/style | [correction] used emoji in responses despite CLAUDE.md NO-EMOJIS rule; Mike corrected. Use ASCII markers only [ctx: ref=CLAUDE.md-key-rules]
2026-06-26 | GURU-5070 | rmm | [correction] bypassed /rmm skill (raw API via Windows curl due to broken git-bash curl) and skipped the mandatory [RMM] #dev-alerts post on write ops; alert is required regardless of dispatch method
2026-06-26 | GURU-5070 | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}]
2026-06-26 | GURU-5070 | bash/env | [friction] git-bash /mingw64/bin/curl quarantined by Windows Defender -> RMM helpers (rmm-ps.sh/rmm-auth.sh) fail 'Permission denied'; workaround use C:/Windows/System32/curl.exe [ctx: machine=GURU-5070 fix=defender-exclusion-on-git-mingw64-bin]
2026-06-26 | Howard-Home | rmm/smb-testing | [friction] RMM-dispatched net use/net view/Test-Path/Get-SmbConnection are UNRELIABLE for SMB client testing - they fail with error 67 / RPC 1702 / 'none' even for KNOWN-GOOD targets (Karen's NAS she uses daily; Crystal had a live 5-open-file server session but Get-SmbConnection via RMM showed none). The agent-injected process lacks the user's real network-logon session. Wasted a long investigation treating these artifacts as a CS-SERVER SMB outage; server truth (Get-SmbSession) showed 7 live users + 30 open files + new sessions. VALIDATE SMB with Get-SmbSession server-side or a REAL interactive test, never RMM-dispatched client cmds. [ctx: host=CS-SERVER client=cascades ref=drive-map-verify]
2026-06-26 | GURU-5070 | agy/gemini | gemini CLI headless failed: throwIneligibleOrProjectIdError / _doSetupUser (auth-eligibility, needs interactive re-login) [ctx: task=verify-gws-migration-scopes]
2026-06-26 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err= at process.processTicksAndRejections (node:internal/process/task_queues:104:]
2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: grant_app_role appRoleAssignment failed [ctx: role=bf394140-e372-4bf9-a898-299cfc7564e5 msg=Resource '161b8f61-5c16-4e1a-9a23-4bb7076b0946' does not exist or one of its que]
2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: grant_app_role appRoleAssignment failed [ctx: role=6931bccd-447a-43d1-b442-00a195474933 msg=Resource 'bab4699b-32a3-4434-9cad-7a4a08cc4d9e' does not exist or one of its que]
2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: grant_app_role appRoleAssignment failed [ctx: role=df021288-bdef-4463-88db-98f22de89214 msg=Resource 'bab4699b-32a3-4434-9cad-7a4a08cc4d9e' does not exist or one of its que]
2026-06-26 | GURU-5070 | remediation-tool | onboard-tenant: failed to acquire Tenant Admin token [ctx: tenant=19a568e8-9e88-413b-9341-cbc224b39145 exit=3]
2026-06-26 | Howard-Home | rmm/cascades-cs-server | [correction] assumed CS-SERVER AV was GravityZone Bitdefender (used bitdefender skill, chased tamper password); actually DattoAV / Endpoint Protection SDK at C:Program Filesinfocytegentdattoav, managed by Datto RMM (CagService) + HUNTAgent. GravityZone removal did nothing; rtp1/rtp2 minifilters re-arm on boot (reverted Start=4->1). rtp1 attached to DeviceNamedPipe = breaks SMB IPC$/RPC 1702. [ctx: host=CS-SERVER client=cascades]
2026-06-26 | Howard-Home | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}]
2026-06-26 | Howard-Home | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#dev-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}]
2026-06-26 | Howard-Home | drive-map | drive-map verify failed on DESKTOP-LPOPV30 [ctx: cmd=e932bc94-0557-4913-a0b1-c97c1aa5da26]
2026-06-26 | Howard-Home | drive-map | drive-map verify failed on DESKTOP-LPOPV30 [ctx: cmd=18fec38b-8fae-4a1b-a3d8-5b90b124dbc2]
2026-06-26 | Howard-Home | drive-map | drive-map verify failed on DESKTOP-LPOPV30 [ctx: cmd=82aa3177-558e-464e-ab75-81f8f7d7f3cc]
2026-06-26 | GURU-5070 | remediation-tool | [correction] claimed no tier has mail read/write and reached for an EWS workaround; correct: exchange-op (Exchange Operator app) = Exchange Administrator role + full_access_as_app + Exchange.ManageAsApp = full all-access for ANY mailbox/Exchange op including moving mail [ctx: tenant=tedards.net recurring=true ref=feedback_exchange_op_all_access]
2026-06-26 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120]
2026-06-26 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml]
2026-06-26 | Howard-Home | rmm/bash-quoting | [friction] doubled single-quotes ('') inside a single-quoted bash $SCRIPT collapse the string, leaving a PowerShell registry path with a space unquoted (Windows NT) -> read fails, ErrorActionPreference=Stop aborts before changepk. Fix: use double-quotes for paths inside the single-quoted bash heredoc, never doubled single-quotes. [ctx: ref=feedback_windows_quote_stripping]
2026-06-25 | GURU-5070 | vault/display | [friction] echoing a vault entry, sed line-redaction missed the multi-line JSON private_key (matched 'key:' not 'private_key": "') and printed the full SA private key; when displaying vault entries use vault.sh get-field for named fields or drop the entire credentials: block, never a line-regex over JSON credential blobs
2026-06-29 | GURU-BEAST-ROG | mailprotector | HTTP 404 POST https://emailservice.io/api/v1/users/find_by_address: "Not found" [ctx: cmd=find-user]
2026-06-26 | GURU-BEAST-ROG | email-investigation | [correction] assumed tedards.net also uses GuruProtect/Inky; correct: only ACG uses Inky for inbound. Tedards routes directly to Exchange Online.
2026-06-26 | Howard-Home | rmm/acl | [friction] Set-Acl/icacls ACL propagation on a large folder tree (Carrie Documents) exceeded the RMM command timeout twice; because stdout is dropped on timeout, a randomly-generated password printed in the same script was lost each time. Fix: generate the password LOCALLY (retain it) and inject via placeholder, and run ACL propagation as a separate long-timeout (>=600s) command isolated from any value you need back. [ctx: host=REDNOURCARRIEVI skill=rmm op=Set-Acl]
2026-06-25 | Howard-Home | wiki-compile | [friction] Sonnet subagent hit 32k output-token cap regenerating full ~600-line article via Write; wrote nothing [ctx: fix=targeted staged edits of deltas for large existing articles, not full regen]
2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=raw]
2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=agent]
2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=agent]
2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 412: {"error":{"statusCode":412,"message":"column reference "id" is ambiguous"}} [ctx: cmd=scan]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml]
2026-06-25 | Howard-Home | datto-edr | [friction] EDR scan endpoints from Infocyte module (targets/{id}/scan, targets/scan, scans) all 404 on Datto EDR tenant; working trigger is POST /Agents/scan {ids:[...]} but 'Scan - EDR' is TENANT-WIDE (empty/ids body scanned 156 hosts); cancel via POST /userTasks/{id}/cancel (204) [ctx: skill=datto-edr tenant=azcomp4587]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=255) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=255) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'groups' failed (rc=127) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'users' failed (rc=127) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=255) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno SSH connect/auth failed (rc=255) [ctx: host=192.168.0.120 vp=clients/cascades-tucson/synology-cascadesds.sops.yaml]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=1) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'users' failed (rc=127) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'shares' failed (rc=1) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=1) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'acl' failed (rc=1) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'groups' failed (rc=127) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'users' failed (rc=127) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'shares' failed (rc=1) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | memory-dream | orphan detector mis-parses index lines containing [[wikilink]] text: flags feedback_broken_backlinks_are_writeme_markers.md as orphan despite being indexed (L174), so --apply-safe appends duplicate index lines every run. Fix: match orphan on the ](<filename>.md) link target, not the rendered link text. [ctx: skill=memory-dream file=scripts/memory_dream.py recurring=yes]
2026-06-25 | GURU-5070 | remediation-tool/EOP | [friction] checking ACG own-tenant EOP quarantine: reached for investigator-exo (401 - Exchange Admin role only on Exchange OPERATOR SP, not Investigator), then RecipientAddress needs JSON array not string (400); skill has no EOP/quarantine section at all [ctx: ref=feedback_exchange_role_recurring_gap]
2026-06-25 | GURU-5070 | sync/tailscale | [correction] diagnosed 172.16.3.x unreachable as transient blip; real cause was Tailscale node KEY EXPIRY on the subnet-router node (pfSense advertising 172.16.0.0/22) dropping it off the tailnet [ctx: fix=disabled key expiration on the node; symptom=internet OK but whole 172.16.3.x dead]
2026-06-25 | GURU-5070 | sync/gitea | fetch failed: could not connect to 172.16.3.20:3000 (Gitea unreachable, exit 128) [ctx: host=172.16.3.20:3000 machine=GURU-5070]
2026-06-25 | Howard-Home | remediation-tool/reset-password.sh | JIT cleanup cannot self-remove: after elevating the Tenant Admin SP to Privileged Authentication Administrator to reset a password, the DELETE of that role assignment is performed BY the same SP and Graph blocks it (HTTP 400 'Removing self from built-in role is not allowed'), leaving a STANDING PAA role on the SP - needs a Global Admin/portal removal; script should detect this and surface portal steps instead of a bare WARNING [ctx: tenant=cascadestucson SP=ComputerGuru-Tenant-Admin role=PrivilegedAuthAdmin]
2026-06-25 | Howard-Home | rmm/dispatch | [friction] embedded escaped quotes " , " in a PowerShell -join inside the jq/heredoc dispatch chain caused a parse error (script failed pre-exec, wasted one dispatch); fix: build strings with + concatenation or [char]44, never escaped quotes in RMM PowerShell payloads [ctx: ref=feedback_windows_quote_stripping]
2026-06-25 | Howard-Home | wiki-compile/gururmm | [correction] characterized SPEC-030 software uninstall as SHIPPED/working capability; correct is BETA, merged+deployed but NOT guaranteed to work (many uninstallers fail: AV, Launchy/AIMP, drivers)
2026-06-25 | Howard-Home | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=207fa277-e9d8-4eb7-ada1-1064d2221498 assignment=ikzke6-tKk6E1qsmSeCKE6mJ-qU1txBOtmTwQuJl0Tc-1 http=400]
2026-06-25 | Howard-Home | synology/ls | [friction] ls <path> arg mangled by MSYS path-conversion (/Public -> C:/Program Files/Git/Public) before Python sees it; FileStation list also 407-denied for admin anyway. Fix: use call folder_path=/x (= form not converted) or MSYS_NO_PATHCONV=1; real file browsing via SSH backend. [ctx: ref=feedback_tmp_path_windows os=windows]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology/ssh | syno-ssh recipe 'run' failed (rc=2) [ctx: host=192.168.0.120]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 401) [ctx: err={"code": 401}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.CheckExist.check failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.CheckExist.check failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.FileStation.List.list failed (code 400) [ctx: err={"code": 400}]
2026-06-25 | Howard-Home | synology | SYNO.Core.Service.list failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | synology | SYNO.Core.Service.query failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | synology | SYNO.Core.Service.get_service failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | synology | SYNO.Core.Service.list_service failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | synology | SYNO.Core.Service.enum failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | synology | SYNO.Core.Service.list failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | bash/reachability-probe | [friction] /dev/tcp TCP probe falsely reported host DOWN on Windows MSYS while device was UP; wasted a cycle. Fix: don't trust /dev/tcp on Git-bash Windows for reachability — use the actual client (python urllib) or curl --max-time.
2026-06-25 | Howard-Home | synology | SYNO.Core.QuickConnect.get failed (code 103) [ctx: err={"code": 103}]
2026-06-25 | Howard-Home | bash/background | [friction] run_in_background shell does not inherit $TMPDIR -> empty path, exit 127; use absolute paths in detached scripts [ctx: ref=feedback_tmp_path_windows]
2026-06-24 | Howard-Home | unifi-wifi/live-stats | [friction] rapid successive controller logins -> HTTP 403 lockout; reuse one session/save JSON instead of re-auth per query [ctx: host=172.16.3.29:11443 site=va6iba3v]
2026-06-24 | Howard-Home | rmm/cascades-cs-server | [correction] led with a 9-day-stale wiki '[CRITICAL] degraded RAID / failing drive' flag and recommended drive replacement (SSDs were purchased, tech went onsite to hot-swap); a LIVE Dell OMSA omreport query then showed the OS mirror had self-recovered and is healthy (all 5 disks Online, all LEDs green), and the '5th unused drive' was actually the global hot spare. Always pull live OMSA/iDRAC before acting on a stale hardware flag; Windows Get-PhysicalDisk cannot see RAID member health. [ctx: ref=feedback_verify_live_before_acting host=CS-SERVER tag=9MQFTK1]
2026-06-24 | Howard-Home | process/client-deliverables | [correction] did not gate outbound client/vendor deliverables through the impeccable skill; rule: run impeccable on anything sent externally
2026-06-24 | Howard-Home | syncro/ticket-create | [correction] created #32193/#32194 with priority 'Normal' instead of Syncro's canonical number-prefixed '2 Normal'; the value did not match the priority dropdown so it displayed blank (Winter flagged it). Always set priority as 'N Name' (e.g. '2 Normal','4 Urgent') AND a valid problem_type (Onsite/Remote/etc.) on every ticket create via the syncro skill. [ctx: ref=syncro-skill priority-format]
2026-06-24 | Howard-Home | rmm/dispatch | [friction] UNC double-backslash in heredoc+jq RMM command got mangled to single backslash (cs-server -> cs-server), causing net use error 67 and net-use hangs that looked like a missing/broken share; single-backslash local paths (D:Shares) were unaffected. Fix: build UNC from [char]92 at runtime ($bs=[char]92; $unc="{0}{0}server{0}share" -f $bs) so no literal backslash traverses the dispatch chain. [ctx: ref=feedback_windows_quote_stripping]
2026-06-24 | GURU-5070 | syncro/billing-prepay | [friction] customer SEARCH endpoint returned prepay_hours=null so preview wrongly said 'no block / $300'; the customer actually had a 20.5h block. ALWAYS read prepay via GET /customers/{id} (full record), never the search-list field [ctx: cust=14232794 ticket=32455]
2026-06-24 | GURU-5070 | unifi-wifi/controller-rest | [friction] CSRF token missed because read via dict(resp.headers) (case-sensitive); UniFi returns X-Csrf-Token mixed-case -> PUT got 403. Use resp.headers.get() (case-insensitive) to capture X-CSRF-Token/X-Updated-Csrf-Token
2026-06-24 | GURU-5070 | unifi-wifi/gw-control block-ips | [friction] block-ips clones an existing WAN_IN rule's schema; if it clones the PPTP GRE rule it creates a DROP rule with proto=gre -> ineffective against TCP/UDP brute-force. Had to PUT protocol=all. Fix: block-ips should force protocol=all on the new rule
2026-06-24 | GURU-5070 | vault/get-field | [friction] get-field <path> password returned a wrong 4-char value (not credentials.password) -> caused 401 login; always use the FULL dotted path credentials.password, don't rely on bare key [ctx: ref=errorlog 2026-06-22 gitea same class; entry=uos-server-network-api-rw]
2026-06-24 | GURU-5070 | agy/ask-gemini | gemini CLI auth/setup failure (throwIneligibleOrProjectIdError, _doSetupUser) - empty response after 3 attempts; needs interactive 'gemini' re-login [ctx: task=factorio-research]
2026-06-24 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err= at process.processTicksAndRejections (node:internal/process/task_queues:104:]
2026-06-23 | Howard-Home | unifi-wifi/gw-sitemanager | Site Manager API call failed (HTTP 403) [ctx: path=/v1/connector/consoles/1C6A1B1BC2470000000008B8D1B50000000009302B160000000067A67E3A:1341833834/proxy/network/integration/v1/sites]
2026-06-23 | Howard-Home | unifi-wifi/gw-sitemanager | Site Manager API call failed (HTTP 403) [ctx: path=/v1/connector/consoles/1C6A1B1BC2470000000008B8D1B50000000009302B160000000067A67E3A:1341833834/proxy/network/self/sites]
2026-06-23 | Howard-Home | unifi-wifi/gw-sitemanager | Site Manager API call failed (HTTP 403) [ctx: path=/v1/connector/consoles/1C6A1B1BC2470000000008B8D1B50000000009302B160000000067A67E3A:1341833834/proxy/network/api/s/default/stat/device]
2026-06-23 | GURU-BEAST-ROG | syncro-emergency-billing | [correction] used onsite emergency rate (62.50) instead of in-shop emergency rate (25.00); correct rates: in-shop=25.00/hr, onsite=62.50/hr
2026-06-23 | GURU-BEAST-ROG | syncro/billing | Syncro API has no delete or update endpoint for line items — add_line_item is the only confirmed write method. Cannot correct a line item price via API; requires manual UI deletion. [ctx: ticket=32447 line_item_id=42988553]
2026-06-23 | GURU-5070 | rmm/vwp-qbs-firewall | [correction] treated VWP-QBS firewall-disabled as an oversight to re-enable promptly; correct: it's intentionally OFF until VWP testing completes - leave it, do not re-flag [ctx: client=valleywide host=VWP-QBS]
2026-06-23 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run]
2026-06-23 | Howard-Home | bash/json-test-data | [friction] Git-Bash heredoc (even quoted <<'EOF') wrote C: as single backslash -> invalid JSON -> PS engine threw 'Unrecognized escape sequence' exit 3; fix: build JSON test files via PowerShell ConvertTo-Json, not bash heredocs [ctx: ref=feedback_tmp_path_windows]
2026-06-23 | GURU-5070 | vault/sops | [friction] sops -e -i run from repo dir not vault dir -> 'no creation rules', wrote SECRET in PLAINTEXT to vault file; fix: cd into vault root (or use --config) before sops -e so .sops.yaml path_regex matches [ctx: ref=vault skill]
2026-06-23 | GURU-5070 | mailbox/graph | POST messageRules 403 ErrorAccessDenied - ComputerGuru Mailbox app (1873b1b0) has Mail.ReadWrite but not MailboxSettings.ReadWrite; inbox-rule creation needs MailboxSettings.ReadWrite [ctx: mbx=rua@azcomputerguru.com]
2026-06-23 | GURU-5070 | discord-dm/screenconnect-ps | [friction] handed Mike a PowerShell one-liner with embedded double-quotes to paste into ScreenConnect's command runner; SC strips the quotes (same CommandLineToArgvW class as curl.exe/plink) so 'native' parsed as a cmdlet and the quoted exe path broke. Fix: for any PS command delivered through a quote-mangling layer (ScreenConnect cmd box, curl.exe, plink), use -EncodedCommand (UTF-16LE base64) — no quotes to strip. [ctx: ref=feedback_windows_quote_stripping]
2026-06-23 | Howard-Home | gururmm/uninstall-engine | [friction] live-tested with -List-shaped targets (which include install_location) -> masked a StrictMode crash that only occurs with the server's UninstallTarget shape (no install_location); always re-test the destructive path with the ACTUAL caller/serialized shape
2026-06-22 | Howard-Home | gururmm/uninstall-engine | [correction] assumed AnyDesk needs remote removal; it has UninstallString '...AnyDesk.exe --uninstall' and supports --silent, so it is silently removable -- added vendor rule
2026-06-22 | Howard-Home | bash/json | [friction] hand-built JSON literal with C: backslashes collapsed to single backslash in Git-Bash (invalid JSON, ConvertFrom-Json failed); fix: build JSON with jq --arg / extract from existing valid json
2026-06-22 | Howard-Home | gitea/pr-api | PR create returned 'invalid token'; vault.sh get-field services/gitea credentials.api-token returned 4 chars (wrong field resolution) [ctx: repo=gururmm endpoint=172.16.3.20:3000]
2026-06-22 | Howard-Home | sync/submodules | [friction] Phase-3 'git submodule update --init --recursive' reset guru-rmm submodule to pinned commit, discarding feature branch + commits mid-build; fix: submodule_update_safe() skips branch/dirty submodules [ctx: ref=sync.sh:525 fixed]
2026-06-22 | Howard-Home | save/wiki-compile | [friction] /save Phase 3 emits 'project:guru-rmm' (from submodule dir name) but canonical wiki article is 'gururmm'; guru-rmm.md is a tombstone redirect. Map guru-rmm -> gururmm in the slug derivation. [ctx: ref=wiki-slug-tombstone proj=guru-rmm]
2026-06-22 | Howard-Home | gururmm/product-direction | [correction] assumed RMM should build native virus/malware removal; correct is: AV products do removal, RMM only monitors AV reports + sends commands to AV products, and RMM's own built-in value is helping techs find issues
2026-06-22 | Mikes-MacBook-Air.local | discord-dm/bot-alerts | [correction] used discord-dm for non-sensitive notification; correct approach: tag users in bot-alerts message (<@userid>) for team notifications, reserve DMs for sensitive info only
2026-06-22 | GURU-5070 | packetdial/vendor-model | [correction] conflated PacketDial/NetSapiens/OIT; correct: PacketDial = ACG's VoIP-dept brand, NetSapiens = the PBX platform, OIT/OITVOIP = white-label wholesaler running NetSapiens (api.ucaasnetwork.com)
2026-06-22 | GURU-5070 | packetdial | HTTP 400 DELETE https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/number-filters: {"code":400,"message":"The default answering rule cannot be deleted."} [ctx: cmd=unblock-numbers]
2026-06-22 | GURU-5070 | packetdial | HTTP 400 DELETE https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/number-filters: {"code":400,"message":"The default answering rule cannot be deleted."} [ctx: cmd=unblock-numbers]
2026-06-22 | GURU-5070 | packetdial | HTTP 400 GET https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/smsnumbers: {"code":400,"message":"Please include "domain" and "dest" or "number" fields"} [ctx: cmd=smsnumbers]
2026-06-22 | GURU-5070 | packetdial | HTTP 400 GET https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/smsnumbers: {"code":400,"message":"Please include "domain" and "dest" or "number" fields"} [ctx: cmd=smsnumbers]
2026-06-22 | GURU-5070 | packetdial | HTTP 400 POST https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/timeframes: {"code":400,"message":"All Days of Week timeframes should have at most 1 days of week entry."} [ctx: cmd=create-timeframe]
2026-06-22 | GURU-5070 | packetdial | HTTP 404 GET https://pbx.packetdial.com/ns-api/v2/domains/arizonacomputerguru/devices: {"code":404,"message":"No Route Found [92]"} [ctx: cmd=raw]
2026-06-22 | Howard-Home | guruscan-test | upload failed [ctx: file=GuruScan.psm1 host=DESKTOP-MS42HNC]
2026-06-22 | Howard-Home | guruscan/GuruScan.psm1 | reboot-cleanup task registration fails: -DeleteExpiredTaskAfter on an AtLogOn trigger (no EndBoundary) => task XML invalid HRESULT 0x80041319; also non-terminating CIM error fell through to a false '[OK] task registered'. Fixed: removed DeleteExpiredTaskAfter, added -ErrorAction Stop + post-register verification [ctx: host=DESKTOP-MS42HNC fn=Register-ScannerCleanupTask]
2026-06-22 | Howard-Home | build/pipeline-status | [friction] reported BUG-021 Windows build as still-failing from a build-log snapshot; it had already been fixed (1dce66d) + gone green (v0.6.67) by report time. Re-check the LIVE last-built-commit marker vs origin/main (and the most recent build SUCCESS line, not just the last FAILED line) before asserting build status or escalating a build bug. [ctx: ref=stale-audit-base-friction proj=guru-rmm]
2026-06-22 | Howard-Home | guruscan/GuruScan.psm1 | HitmanPro exit-code misparse: real HitmanPro returns bitmask (exit 5 = 36 threats quarantined + reboot required) but code mapped only {1,2}; reported total_threats=0 reboot_required=False on a real 36-threat removal, so reboot-cleanup lifecycle never fired. Fixed: bit0=threats, bit4=reboot [ctx: host=DESKTOP-MS42HNC engine=HitmanPro-3.8.50]
2026-06-22 | Howard-Home | screenconnect/browser-automation | [friction] HOWARD-HOME: ff.py Firefox daemon won't launch (port 9333 dead, silent 60s timeout) AND cdp.py ModuleNotFoundError 'websocket' (websocket-client not installed) -> can't drive the SC website to build the access installer. Fix: pip install websocket-client; verify playwright firefox installed for ff.py. [ctx: machine=HOWARD-HOME tool=ff.py,cdp.py]
2026-06-22 | Howard-Home | deploy/cpanel | [friction] cPanel deploy served STALE files post-upload (opcache) - page showed only top buttons + api.php 403; fix: opcache_reset via one-off _oc.php hit through external-IP origin path (127.0.0.1 vhost 404s) then browser hard-reload
2026-06-22 | GURU-5070 | bash/cargo-windows | [friction] cargo check on Windows from Git-bash fails to LINK: GNU coreutils link.exe (MSYS) shadows MSVC link.exe on PATH -> 'link: extra operand' on build scripts. Not a code/dep issue. Prepend MSVC bin to PATH or build on the build host. [ctx: ref=windows-msys-path host=GURU-5070]
2026-06-22 | Howard-Home | ssh/windows | [friction] native Windows OpenSSH (System32 ssh.exe) SSH_ASKPASS fails 'CreateProcessW error:193' on a .sh askpass; for non-interactive password auth use MSYS bare 'ssh' (Git-for-Windows) which execs the shell askpass (as pfsense-ssh.sh does)
2026-06-22 | Howard-Home | ssh/php-cli | [friction] inline 'ssh root@host "php -r ..."' mangled (printed PHP usage) — nested bash->ssh->single-quote escaping strips the -r script; ship a base64'd .php file and run 'php file.php' instead [ctx: ref=feedback_windows_quote_stripping]
2026-06-22 | GURU-5070 | coord/purge-bash | [friction] jq-on-Windows emits CRLF: message IDs fed to a curl DELETE loop had trailing CR -> all 208 DELETEs returned HTTP 000 (broken URL). Fixed with tr -d CR + read trim. Repeat of documented gotcha. [ctx: ref=feedback_jq_crlf_windows]
2026-06-22 | GURU-5070 | coord/gururmm-merge-authority | [correction] assumed GuruRMM merges/deploys are Mike-only (held BUG-018 for Mike's go); correct is Howard can handle merges himself
2026-06-22 | Mikes-MacBook-Air.local | coord/check-messages.sh | [correction] broadcasts never marked read on server, only in local seen-file -> repeat on every session [ctx: fix: mark broadcasts read on server like personal messages]
2026-06-21 | Howard-Home | git/submodule | [friction] Did feature work directly in the SHARED guru-rmm submodule working tree while a CONCURRENT Claude session was active in it. The other session switched branches (fix/audit-cleanup -> bugfix/bug-019 -> detached) and repointed my branch ref mid-work, and the working tree ended up with BOTH sessions' uncommitted changes mixed together. Wasted a recovery cycle. FIX: when doing submodule feature work and other sessions may be live (the /save note warns 3-4 sessions share one tree), create an isolated 'git worktree add <path> origin/main' FIRST, do all edits + commit + push-by-SHA there, then 'worktree remove' — never rely on the shared checkout's branch/HEAD surviving. Do NOT 'git checkout --' shared files to clean up (clobbers the other session's uncommitted work). [ctx: ref=git/submodule detached-HEAD + stale-audit friction]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.deletePackage]: The required parameter is missing : packageId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.deletePackage]: One or more parameters are not expected: packageName, companyId [ctx: cmd=delete-package]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: Missing name 'reportingInterval' in 'options' object [ctx: cmd=report-create]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createCustomRule]: Invalid value provided for "settings.target" field [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: The required parameter is missing : targetIds [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: The required parameter is missing : type [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone HTTP 429: <html> <head><title>429 Too Many Requests</title></head> <body> <center><h1>429 Too Many Requests</h1></center> <hr><center>nginx</center> </body> </html> [ctx: cmd=blocklist-remove]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createRestoreEndpointFromIsolationTask]: This endpoint cannot be restored from isolation. It is either not isolated, cannot be isolated or a isolation task is already in progress. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createRestoreEndpointFromIsolationTask]: The required parameter is missing : endpointId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createIsolateEndpointTask]: The required parameter is missing : endpointId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createRestoreEndpointFromIsolationTask]: One or more parameters are not expected: endpointIds [ctx: cmd=unisolate]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createIsolateEndpointTask]: One or more parameters are not expected: endpointIds [ctx: cmd=isolate]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: You must specify a value for 'policyId' parameter. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.assignPolicy]: The 'inheritFromAbove' parameter should not be used with 'policyId' or 'forcePolicyInheritance' parameter. [ctx: cmd=assign-policy]
2026-06-21 | Howard-Home | rmm-audit/submodule | [friction] Audit agents read the guru-rmm WORKING TREE which the background auto-sync had pinned at a stale gitlink (2e469f1, 5 commits behind origin/main). One MEDIUM finding (500-body info-disclosure, 17 sites) was ALREADY FIXED in main (commit 58c1a96) — wasted a fix attempt on already-fixed code. FIX: before any audit/analysis that reads the working tree, assert the submodule HEAD == origin/main (git rev-parse HEAD vs origin/main); if behind, checkout origin/main first OR have agents read 'git show origin/main:<file>'. Always re-verify a finding against the real target ref before fixing. Root cause shared with the detached-HEAD friction: submodule pinned behind main + auto-sync resets the working tree to the stale gitlink. [ctx: ref=git/submodule detached-HEAD friction]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallSecurityAgentTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getTasksList]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.createUninstallTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createRemoveTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.removeClient]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.uninstallEndpoint]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createAgentUninstallTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallClientTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | git/submodule | [friction] Commits in the guru-rmm submodule landed on a DETACHED HEAD: a feature branch created via 'git switch -c' kept getting reset to the recorded gitlink commit (likely background auto-sync running submodule checkout in the superproject), so the branch never advanced and 'git push -u origin <branch>' pushed the stale ref. Wasted a full re-diagnose+rebuild cycle. FIX: in submodules under auto-sync, don't trust local branch refs survive across tool calls. Commit, capture sha=$(git rev-parse HEAD), cherry-pick onto the known base if detached, and push by EXPLICIT sha: 'git push origin <sha>:refs/heads/<branch>'; then VERIFY with 'git ls-remote origin <branch>' and a server-side worktree build.
2026-06-21 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=clients/cascades-tucson/pfsense-firewall act=showblock]
2026-06-21 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:9999 slug=cascades-tucson act=showblock]
2026-06-21 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=showblock]
2026-06-21 | Howard-Home | guruscan/whitelist-design | [correction] over-engineered whitelist as dynamic service-discovery; correct approach is a simple static hard list of install folders (scanners that support exclude-lists ignore listed folders; RKill won't, accepted)
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createCustomGroup]: The required parameter is missing : groupName [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createCustomGroup]: One or more parameters are not expected: name [ctx: cmd=make-group]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [push.sendTestPushEvent]: The required parameter is missing : eventType [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.updateIncidentNote]: The required parameter is missing : type [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.changeIncidentStatus]: The required parameter is missing : type [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.deleteCustomRule]: The required parameter is missing : ruleId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createCustomRule]: The required parameter is missing : name [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRestoreQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRemoveQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.getPackageDetails]: The required parameter is missing : packageId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [integrations.getIntegrationsList]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [licensing.getMonthlyUsagePerCompany]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [push.sendTestPushEvent]: The required parameter is missing : eventType [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.updateIncidentNote]: The required parameter is missing : type [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.changeIncidentStatus]: The required parameter is missing : type [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [incidents.createCustomRule]: The required parameter is missing : name [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRestoreQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [quarantine/computers.createRemoveQuarantineItemTask]: The required parameter is missing : quarantineItemsIds [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.getReportConfiguration]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.deleteReport]: The required parameter is missing : reportId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.getDownloadLinks]: The required parameter is missing : reportId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [reports.createReport]: The required parameter is missing : name [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [packages.getPackageDetails]: The required parameter is missing : packageId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.setEndpointLabel]: The required parameter is missing : label [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.uninstallClientTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallRoleTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallClientTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createReconfigureClientTask]: The required parameter is missing : targetIds [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createUninstallTask]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.createScanTaskByMailboxes]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetailsByIp]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsByPolicy]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.setEndpointLabel]: The required parameter is missing : endpointId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.createCompany]: The required parameter is missing : name [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.activateCompany]: The required parameter is missing : companyId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.deleteCompany]: The required parameter is missing : companyId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.getCompaniesList]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.getCompanyDetailsByUser]: The required parameter is missing : username [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.suspendCompany]: The required parameter is missing : companyId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.updateCompany]: The requested API method not found. [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [companies.createCompany]: The required parameter is missing : type [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | guruscan/Download-Scanners.ps1 | exit 1: 'The property Count cannot be found' under Set-StrictMode when $manual/$failed summary has a single row (.Count on scalar) [ctx: host=DESKTOP-MS42HNC stage=download-summary]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [accounts.deleteAccount]: The required parameter is missing : accountId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [accounts.updateAccount]: The required parameter is missing : accountId [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [accounts.createAccount]: The required parameter is missing : email [ctx: cmd=raw]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [policies.getPolicyDetails]: Invalid value for 'policyId' parameter. [ctx: cmd=policy]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getManagedEndpointDetails]: Invalid value for 'endpointId' parameter. Expected format: 24-char hex ID [ctx: cmd=endpoint]
2026-06-21 | Howard-Home | bitdefender | GravityZone API error [network.getEndpointsList]: Invalid value for 'parentId' parameter. [ctx: cmd=endpoints]
2026-06-21 | GURU-KALI | remediation-tool/docs-drift | [friction] Mail.Send-already-in-suite kept resurfacing as 'broken/decision-needed' for 4 asks — root cause was gotchas.md saying 'suite has no mail scopes / mailbox BLOCKED' + a 'Decision 2026-06-15 NOT yet executed' block, contradicting feedback-memory line that the suite (exchange-op b43e7342) already holds Mail.Send. Fix: single authoritative truth across all live docs + headline in the feedback memory [ctx: ref=feedback_365_remediation_tool.md commit=f55b8d2]
2026-06-21 | GURU-KALI | mailbox/remediation-tool | [correction] assumed Mail.Send needs a separate app (fabb3421/Claude-MSP-Access); correct is Mail.Send ALREADY EXISTS in the 365 remediation app suite — docs hardwiring the deleted fabb3421 must be purged everywhere [ctx: ref=4th-time-asked]
2026-06-21 | HOWARD-HOME | bitdefender/selftest | [friction] gz.py main() logs EVERY GravityZoneError to errorlog, so selftest bad-id cases + discovery validation-probes (empty/invalid params) auto-spam ~20 expected "errors" per run. Fix: skip _log_skill_error for expected validation/not-found responses, or have selftest/raw set an env flag to suppress logging. [ctx: ref=do-not-log-expected-conditions]
2026-06-20 | Howard-Home | discord-dm/file-upload | [friction] Discord multipart attachment upload: (1) inline -F payload_json={json} -> 400 PAYLOAD_JSON_INVALID; (2) payload_json written to mktemp /tmp file -> Windows curl can't open MSYS /tmp path -> HTTP 000. Fix: write payload_json to a RELATIVE ./file and use -F 'payload_json=<./file;type=application/json' + -F 'files[N]=@path'. discord-dm.sh is text-only; consider adding an --attach flag. [ctx: ref=msys-tmp-path-mismatch tool=curl machine=HOWARD-HOME]
2026-06-20 | Mikes-MacBook-Air.local | harness-guard | [friction] mapfile not available on macOS bash 3.2; guard silently skips all checks [ctx: ref=.claude/scripts/harness-guard.sh line 28; bash 3.2 predates mapfile (bash 4.0); replace with bash 3.2-compatible while-read loop]
2026-06-19 | GURU-5070 | rmm/mspbackups cbb delete | cbb delete -g (generation purge) on Blaster2 Local destination is blocked: 'File deletion on backup storage is restricted due to your service provider policy'. Agent-side deletion of MSP360 backup data is disabled by the provider policy; MBS REST API (api.mspbackups.com) is monitoring-only (no plan/storage delete endpoints, probed 404). Reclaiming local backup space must be done in the MSP360 management console (lift the restrict-deletion policy and let 90-day retention purge, or delete old generations/legacy bunches there). 90-day retention WAS set successfully via cbb editBackupPlan/editBackupIBBPlan. [ctx: machine=GURU-5070 client=jimmy host=Blaster2]
2026-06-19 | GURU-5070 | rmm/onboard vault | [friction] stashed onboard vars in a scratch .env and sourced it; NAME=Jimmy Company (unquoted space) made 'source' exec the 2nd word as a command and left NAME unset -> vault file written with client: null. Fix: quote values when writing the env (printf '%s=%q'), or read back with grep|cut not source. [ctx: machine=GURU-5070 client=jimmy]
2026-06-19 | Howard-Home | ix/whm-api | [friction] WHM /json-api/cpanel UAPI Fileman get_file_content returned empty 'file' param (error: file does not exist); wasted calls. Fix: for IX cPanel file reads/edits use paramiko SFTP with root creds from vault infrastructure/ix-server, not the WHM UAPI file wrapper
2026-06-19 | GURU-5070 | coord/self-check publish | [friction] coord-queue.jsonl queued a census with an MSYS-mangled URL path (/api/coord/... -> C:/Program Files/Git/api/coord/...) AND was git-tracked (not gitignored), so a stale RED census propagated to the repo and could clobber a published GREEN if drained. Fix: gitignore .claude/coord-queue.jsonl; the queue writer must prefix the curl path with the full coord_api base or set MSYS2_ARG_CONV_EXCL/MSYS_NO_PATHCONV to stop path conversion. [ctx: machine=GURU-5070 ref=CLAUDE.md-softfail-queue]
2026-06-19 | Howard-Home | unifi-wifi/gw-sitemanager | find subcommand crashed: GET /v1/hosts -> HTTP 500, then JSON decode traceback (no graceful handling of non-JSON error body) [ctx: client=khalsa cmd=find]
2026-06-19 | Howard-Home | discord-dm | Discord send to howard (DM) failed [ctx: http=400 resp={"message": "Invalid Form Body", "code": 50035, "errors": {"content": {"_errors"]
2026-06-19 | GURU-BEAST-ROG | rmm-search | [friction] rmm-search.sh invoked bare python3 -> MS Store stub on Windows; fixed to use py.sh resolver [ctx: ref=py.sh-broadcast-9b1c5c39]
2026-06-19 | GURU-KALI | git/submodules | [friction] fresh claudetools re-clone: 'git submodule update --init --recursive' failed with 'could not read Username / terminal prompts disabled' for all https://git.azcomputerguru.com submodules; fix = set credential.helper=store GLOBALLY (local-on-superproject does NOT propagate to per-submodule child clone processes). ~/.git-credentials already had the cred. [ctx: ref=reclone-submodule-creds event=2026-06-18-restructure]
2026-06-18 | GURU-5070 | agy/search | gemini CLI threw ineligible/projectId setup error (throwIneligibleOrProjectIdError), empty response after 3 attempts [ctx: mode=search host=GURU-5070]
2026-06-18 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err= at process.processTicksAndRejections (node:internal/process/task_queues:104:]
2026-06-18 | Howard-Home | git/sync-temp-files | [friction] controller-query scratch (.sta.json/.dev.json/.q*) written to repo CWD got swept into the commit by sync.sh 'git add -A', then a stray locked .sta.json blocked the rebase. Fix: write API scratch OUTSIDE the repo (or use the already-ignored .tmp- prefix); gitignored the patterns [ctx: ref=howard-home /tmp friction family]
2026-06-18 | Howard-Home | rmm | [friction] agent returns exit -1 'Failed to execute command' on a ~7KB multi-line powershell body sent as one command; split into <2KB section scripts and each ran fine [ctx: host=DESKTOP-TRCIEJA agent=0.6.66]
2026-06-18 | GURU-5070 | coord/ad2-comms | [correction] tried to coordinate with the AD2 session via coord API msg+lock; AD2 is network-isolated (Gitea only, no coord API) so those were no-ops. ALL inter-session comms with AD2 must go via git /sync (committed notes/docs).
2026-06-18 | GURU-5070 | syncro | comment POST piped straight to jq failed with 'jq: parse error: Invalid numeric literal at line 1 col 10' and left it AMBIGUOUS whether the note posted (GET-verify showed it had NOT); per no-retry rule had to GET first, then re-post. Robust pattern that worked: jq -n payload to a file, POST with --data-binary @file, capture response to a file, then GET-verify by subject. Skill's curl|jq comment pattern should adopt this. [ctx: ticket=32441 skill=syncro pattern=curl-pipe-jq]
2026-06-18 | GURU-5070 | post-bot-alert | Discord POST failed (non-200/unreachable) [ctx: channel=#bot-alerts http=400 resp={"message": "The request body contains invalid JSON.", "code": 50109}]
2026-06-18 | GURU-5070 | ssh/ad2 | [correction] attributed AD2 SSH timeouts to a flaky VPN tunnel + my rapid scp/ssh bursts; real cause = OpenVPN adapter MTU 1500 vs tunnel PMTU ~1424 -> TCP MSS blackhole that drops bulk/scp segments (DF set) while small cmds pass. Fix: tunnel adapter MTU 1400 [ctx: ref=feedback_prefer_ssh_over_rmm]
2026-06-18 | GURU-5070 | bash/env | [friction] /tmp curl-write then Windows-python read mismatch; wrote .claude/tmp + absolute path fixed it [ctx: ref=feedback_tmp_path_windows]
2026-06-18 | Howard-Home | pfsense-ssh/logs | [friction] used clog on pfSense 25.07 logs (now plain-text ASCII) -> empty output -> wrongly concluded DHCP log was empty / dhcpd not serving; cost a hypothesis. Read pfSense 25.07 logs with tail/grep/cat directly, NOT clog [ctx: ref=reference_pfsense_25_07_ops client=cascades-tucson]
2026-06-18 | AD2 | vault | real vault.sh not found at resolved vault_path; vault read failed [ctx: path=D:/vault/scripts/vault.sh]
2026-06-18 | AD2 | vault | real vault.sh not found at resolved vault_path; vault read failed [ctx: path=D:/vault/scripts/vault.sh]
2026-06-17 | GURU-5070 | mailbox/365-mail | [correction] claimed in a prior session that /mailbox skill + memories were repointed off the deleted fabb3421 to the 365-mail suite, but mailbox.md still hardwired fabb3421 (token 401 AADSTS700016). Correct app is the dedicated ComputerGuru Mailbox app 1873b1b0 via get-token.sh 'mailbox' tier (cert auth); repointed mailbox.md + feedback_365_remediation_tool.md 2026-06-17. Lesson: verify the edit actually landed before reporting it done.
2026-06-17 | Howard-Home | wiki-compile/coord | [friction] skill doc Phase 6 shows 'lock release claudetools wiki/<type>/<slug>' but coord.py takes 'lock release <id>'; wasted a round-trip. Capture the lock id from claim output and release by id. [ctx: ref=wiki-compile-skill]
2026-06-17 | Howard-Home | unifi/controller-write | [friction] UniFi OS controller PUT (rest/device port_overrides) returned 403 without CSRF. Fix: login with -D headers, read 'x-updated-csrf-token' (or decode csrfToken from TOKEN cookie JWT), send as X-CSRF-Token on PUT/POST/DELETE
2026-06-17 | Howard-Home | bash/env | [friction] Git-Bash /tmp path mismatch again: msys curl -o /tmp/x.json wrote where Windows python could not read it (FileNotFoundError). Fix: write API JSON to CWD-relative ./.x.json so curl+python share the path [ctx: ref=howard-home known /tmp friction]
2026-06-17 | Howard-Home | pfsense/cascades-voice-vlan | [correction] assumed new RFC1918 alias + DNS-to-firewall:53/123 rules + clone VLAN20 for VOICE isolation; correct is clone the GUEST VLAN (VLAN50/igc1.50, the only actually-isolated net: 3x literal-CIDR quick blocks + pass any) and hand out PUBLIC DNS 8.8.8.8/1.1.1.1 via DHCP. VLAN20 is NOT isolated; config.xml rules were mismapped/not matching live pfctl -sr [ctx: ref=voice-vlan-cutover.md; lesson=read pfctl -sr not just config.xml]
2026-06-17 | GURU-5070 | ssh/plink-windows | [friction] plink -pw with a special-char password through Git-bash -> native plink.exe got MANGLED (CommandLineToArgvW) -> 'Access denied', led to a wrong 'stale cred' conclusion + wasted DMs. The pw was correct. Use system OpenSSH KEY auth (or pass pw via stdin/file), never plink -pw, for special-char passwords on Windows [ctx: ref=feedback_windows_quote_stripping;host=192.168.0.9]
2026-06-17 | GURU-5070 | vault/d2testnas-cred | [correction] CORRECTION: the d2testnas password is NOT stale - it worked for Mike. My plink '-pw' failure was special-char mangling through Git-bash -> native plink.exe (Windows CommandLineToArgvW). Use KEY auth (system OpenSSH) for password-special-char hosts [ctx: ref=feedback_windows_quote_stripping;host=192.168.0.9]
2026-06-17 | GURU-5070 | vault/d2testnas-cred | vaulted clients/dataforth/d2testnas credentials.password REJECTED by 192.168.0.9 (Access denied) - stale/wrong; needs update. Key auth is the reliable path [ctx: host=192.168.0.9]
2026-06-17 | GURU-5070 | agy | gemini returned no response (empty after 3 attempts) [ctx: mode=search err=Attempt 1 failed: You have exhausted your capacity on this model. Your quota wil]
2026-06-17 | GURU-5070 | agy | gemini auth/login failure [ctx: mode=search]
2026-06-17 | Howard-Home | wiki-compile | [friction] Phase 6 release cmd documented as 'coord.py lock release claudetools <resource-path>' but coord.py 'lock release' takes the LOCK ID, not the resource path -> inline release no-ops and strands the lock until TTL. Fix: capture lock id from claim and release by id. [ctx: skill=wiki-compile phase=6]
2026-06-17 | GURU-5070 | grok | grok xsearch incomplete (rc=124); auto-fell back to gemini [ctx: mode=xsearch]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | GURU-5070 | research-method | [correction] treated blind endpoint-probing as 'authoritative' over web search; Mike: web searches (grok/gemini) have been MORE valuable - they gave the real leads (connector proxy, teleport setting path), probing only confirmed and mostly 404s. Lead with web search; probe only to CONFIRM a search/doc-derived hypothesis [ctx: ref=feedback_interview_ai_read_docs]
2026-06-17 | GURU-5070 | bash/background-ai | [friction] mixing a backgrounded ask-grok/ask-gemini ('&' + wait) with foreground curl probes in ONE Bash command repeatedly yields an EMPTY output capture; run AI calls as separate run_in_background Bash tool calls, never '&'+wait inline with work to capture [ctx: ref=grok/gemini wrappers]
2026-06-17 | GURU-5070 | agy | gemini returned no response (empty after retry) [ctx: mode=search err=Ripgrep is not available. Falling back to GrepTool.]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | Howard-Home | unifi-wifi/apply-radio | [friction] per-AP --apply loop: each call re-logs-in to the controller; rapid succession throttles -> write silently skips (no [ok]). Fix: space calls (sleep 3-4) or add multi-AP/one-login support
2026-06-17 | Howard-Home | wiki-compile | [friction] full recompile Sonnet subagent ran ~54min then crashed on 32k output cap (tried to emit the ~490-line article despite being told to write-to-file and return only a summary); recovered via direct surgical Edits to the existing article. Fix: for --full on large existing articles, prefer targeted Edit integration over a subagent rewrite, or hard-cap/forbid article body in the subagent reply. [ctx: skill=wiki-compile target=client:cascades-tucson]
2026-06-17 | GURU-5070 | grok/ask-grok.sh | [correction] blindly probed grok with slow timed runs to find the xsearch syntax instead of reading its bundled docs (~/.grok/docs/user-guide/ + README.md) / interviewing the model first; the docs gave the root cause directly (web_search=grok-4.20-multi-agent multi-agent model, killed by --no-subagents) [ctx: ref=feedback_interview_ai_read_docs]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | GURU-5070 | grok/xsearch | xsearch returned empty (stopReason finalization quirk) on Grok-co-work research; fell back to text-mode design + Claude synthesis [ctx: topic=grok-as-claude-cowork]
2026-06-17 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-17 | GURU-5070 | syncro/customer-comment | [friction] posted a customer-facing emailed comment to #32333 WITHOUT previewing for human review first; preview-before-send is mandatory for ALL outgoing comms [ctx: ref=CLAUDE.md syncro 'Before any POST: Always show the full payload and wait for confirmation']
2026-06-17 | GURU-5070 | syncro/customer-comment | [correction] conflated Arizona Medical Transit (AMT-PC, Windows: Dell bloatware + misbehaving Syncro agent) cleanup into the Scileppi Mac (#32333) customer comment; Scileppi was a full-disk/Trash + Mail + Downloads-redesign job, no Dell/agent work [ctx: ticket=32333 mac=scileppi]
2026-06-16 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-16 | GURU-5070 | rmm/shell-quoting | [friction] shutdown /r /t 60 /c "comment" FAILED via command_type=shell: embedded double-quotes in the command got mangled through the agent cmd layer, shutdown rejected the args and dumped usage. Fix: avoid embedded double-quotes in RMM shell commands (drop /c, or build the quoted arg another way) [ctx: ref=bash/curl.exe-on-windows quote-stripping; agent=AMT-PC; cmd=shutdown]
2026-06-16 | GURU-5070 | syncro/billing | [friction] billed AMT as non-prepaid off the customer-SEARCH endpoint prepay=null; real prepay (detail endpoint) was 7.0 -> invoice correctly netted $0 via block, but I set the wrong (upsell) invoice note. Always read prepay from /customers/{id} detail, not the list/search [ctx: ref=syncro_invoice_verification_pattern;cust=7088349]
2026-06-16 | GURU-5070 | rmm/onboarding-diagnostic | onboarding-diagnostic.ps1 fails on Win7/PowerShell 2.0: uses [ordered] hashtables (PS3+) -> 'Unable to find type [ordered]', empty DIAG-JSON, no grade. Probe not PS2/legacy-compatible -> can't diagnose Win7/2008R2 legacy agents (first hit: AMT-PC)
2026-06-16 | GURU-5070 | rmm-diagnose | could not extract valid diagnostic JSON from probe output [ctx: host=AMT-PC status=completed exit=0]
2026-06-16 | GURU-5070 | mailprotector/starrpass | [correction] assumed starrpass.com was on Mailprotector; correct: starrpass.com is direct-to-MS (EOP/Defender) - Starr Pass MP account 16170 covers ONLY devconllc.com. Check @starrpass.com mail via remediation-tool/EOP
2026-06-16 | GURU-5070 | mailprotector | HTTP 404 POST https://emailservice.io/api/v1/users/find_by_address: "Not found" [ctx: cmd=find-user]
2026-06-16 | Howard-Home | bash/curl.exe-on-windows | [friction] PowerShell-invoked curl.exe strips embedded double-quotes from --data-urlencode args (CommandLineToArgvW), silently mangling POST bodies; pfSense PHP became 'echo PHPRUNS-OK' -> 'Undefined constant'. Fix: write payloads with single-quotes only, build $ via [char]36, keep one line. [ctx: ref=pfsense diag_command.php php-exec; cost=4 wasted RMM round-trips]
2026-06-16 | GURU-5070 | remediation-tool/get-token | [friction] get-token.sh reads vault_path from ~/.claude/identity.json (home), which lacks the field on this machine; repo identity.json (.claude/identity.json) has it. Fix: export VAULT_ROOT_ENV=$(jq -r .vault_path .claude/identity.json) before calling get-token [ctx: ref=remediation-tool;machine=GURU-5070]
2026-06-15 | GURU-5070 | rmm/quickbooks-folderbrowser | [correction] assumed F:FolderRedirection was a dead/missing drive (Test-Path F: = False under SYSTEM); correct: F: is a per-user NETWORK-mapped redirected folder, invisible to the SYSTEM context RMM runs in - must diagnose mapped-drive/redirect issues in user_session
2026-06-15 | GURU-5070 | rmm | ProfWiz Pro silent-install command returned 'Execution error: Failed to execute command' (status failed, no stdout) on SP-SharonW11 [ctx: agent=86de13d7 host=SP-SharonW11 task=upw-install]
2026-06-15 | GURU-5070 | remediation-tool (Starr Pass licensing) | [correction] reported Brian Shinn's account as DELETED (tied it to the recycle-bin bshinn@ from 6/10 onboarding); actually Mike UNLICENSED Brian in M365 - account not deleted. Don't conflate a soft-deleted recycle-bin entry with the user's recent action; check the ACTIVE account's assignedLicenses for an unlicense
2026-06-15 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=]
2026-06-15 | GURU-5070 | grok | grok xsearch returned no result [ctx: mode=xsearch stopReason=Cancelled]
2026-06-15 | GURU-5070 | graduation-pipeline (BEAST Ollama) | [friction] BEAST Ollama ran inference on CPU (api/ps showed qwen3:32b AND qwen3:14b with vram=0); 32b timed out at 240s, 14b at 175s. GPU not engaged - the 'use BEAST GPU' premise needs a BEAST-side Ollama GPU config/driver fix before large-model triage is practical
2026-06-15 | GURU-5070 | graduation-pipeline (BEAST env) | [friction] assumed BEAST uses WSL because 'bash' there resolved to the WindowsApps WSL stub (uname said WSL2). BEAST runs the harness under Git-for-Windows MSYS bash like other Windows boxes; reach its Ollama via localhost (Git-bash) or the Tailscale IP. REPEAT of the documented WSL-stub-vs-Git-bash gotcha [ctx: ref=feedback_windows_bash_mapping]
2026-06-15 | GURU-5070 | tmp-promotion-check (/save,/scc) | [friction] hung for minutes: line 51 ran 'grep -rqlF <f> projects/' per scratch file, recursing Rust target/, node_modules/, .git in the guru-rmm/guru-connect submodules. Fixed: --include='*.md' + --exclude-dir for heavy trees. Stalled the /save sync behind it
2026-06-15 | GURU-5070 | memory-dream (--apply-safe) | flagged feedback_broken_backlinks_are_writeme_markers.md as an orphan and appended a DUPLICATE index line though it already had one — orphan detector likely keys on the frontmatter name: slug, not the (file.md) link target. Fix the index-line matching to compare by filename [ctx: mode=apply-safe]
2026-06-15 | GURU-5070 | powershell/var-case | [friction] PowerShell vars are case-INSENSITIVE: $gUid silently overwrote $guid (GPO id), Set-ADObject hit a bad DN and left GPT.ini/AD versionNumber inconsistent until fixed. Never rely on case to distinguish PS variables
2026-06-15 | GURU-5070 | python/argv-limit | [friction] passed full /api/agents JSON (248 agents) as a python CLI arg -> 'Argument list too long' on Windows. Pipe large payloads via stdin, not argv
2026-06-15 | GURU-5070 | bash/env-persist | [friction] re-derived RMM token every call after $TOKEN/$RMM vanished between Bash tool calls - shell env does NOT persist across calls; must re-eval auth (or chain) in the same command
2026-06-15 | GURU-5070 | bash/tmp-path | [friction] wrote curl -o /tmp/x.json then jq read it back and failed (No such file) - Git-Bash vs Write/tool /tmp resolve differently. Pipe directly or use repo-relative paths. REPEAT of documented gotcha [ctx: ref=feedback_tmp_path_windows]
2026-06-15 | GURU-5070 | DMARC / DNS | [correction] assumed ACG's own INKY rua convention (reports-sg.inkydmarc.com) applied to a client domain; only use the INKY rua if THAT client is onboarded to INKY - otherwise plain p=none or a real mailbox
2026-06-15 | GURU-5070 | remediation-tool (sendMail) | [correction] assumed none of the consented apps could send mail and started granting Graph Mail.Send; the Exchange Operator app ALREADY had Graph Mail.Send - I was decoding the EXO-audience token, not a Graph-audience token. Mint a Graph token for the app before concluding a permission is missing
2026-06-15 | GURU-5070 | rmm-search | [correction] assumed the CLI search must replicate the UI Omnibox scoreMatch exactly; user wants a FLEXIBLE forgiving multi-field search optimized for first-try correctness, not UI parity
2026-06-15 | GURU-BEAST-ROG | /syncro (comment edit) | Syncro API does not expose a comment-edit or comment-delete endpoint — once posted, comments can only be modified via the GUI. Bot posted an internal resolution note with an unwanted "Performed by: ClaudeTools Discord Bot" line and could not remove it programmatically. Remediation needed: either suppress bot-attribution lines from internal notes by default, or add a GUI-edit step to the workflow when the note needs correction.
2026-06-14 | GURU-5070 | mailbox skill (Graph token) | FABB app `fabb3421` (Claude-MSP-Access / "Cloud MSP Access") token request returned AADSTS700016 — app/SP no longer present in azcomputerguru.com tenant (deleted; gotchas.md already marked it deprecated). Blocks /mailbox + the M365 contacts task. Verified the remediation suite (live, ACG tenant) carries NO Mail.Send/Mail.ReadWrite/Contacts scopes (investigator has Mail.Read only) — so a straight repoint can't restore mailbox-send/contacts. Pending Mike decision: stand up a single-tenant ACG-internal mailbox app vs. add scopes to a suite tier. [2026-06-15] Docs hardened — gotchas.md now marks fabb3421 DELETED with the Mail/Contacts-scope blast radius + flags the 3 legacy "old app only" tenants (Valleywide/Dataforth/Cascades) as now having NO working remediation app (migration URGENT); mailbox.md carries a BLOCKED/AADSTS700016 banner. DECISION 2026-06-15 (Mike): Mail.Send goes into the suite (Exchange Operator tier) since its real use is IR victim-notification during mailbox takeovers; add Mail.Send to the exchange-op manifest + consent, repoint mailbox.md to exchange-op. Implementation not yet executed (production app change, needs go).
2026-06-14 | GURU-KALI | coord skill (coord.py) | Documented invocation `py .claude/skills/coord/scripts/coord.py ...` failed exit 127 — `py` (the Windows py-launcher) does not exist on Linux. Worked around with `python3`. [RESOLVED 2026-06-14] Added `.claude/scripts/py.sh` (resolves the working interpreter: identity.json `python.command` -> py -> python3 -> python, skipping the MS Store shim) and repointed all skill/command DOC invocations from bare `py` to `bash "$CLAUDETOOLS_ROOT/.claude/scripts/py.sh"`. The `.sh` skill scripts already resolved internally — left untouched. Broadcast to fleet.
2026-06-14 | GURU-BEAST-ROG | coord skill (coord.py msg send) | `py "$CLAUDETOOLS_ROOT/.claude/skills/coord/scripts/coord.py"` failed — `$CLAUDETOOLS_ROOT` is not exported in fresh Git-bash shells here, so the path resolved under `C:\Program Files\Git\`. [RESOLVED 2026-06-14] Added `.claude/scripts/ensure-settings-env.py` (seeds `env.CLAUDETOOLS_ROOT` in per-machine `settings.local.json` from `identity.json`); Claude Code injects it into every Bash call. Wired into ONBOARDING.md + broadcast to fleet. Effective next session start.
2026-06-14 | GURU-BEAST-ROG | /sync (sync.sh Phase 3, submodule update) | submodule `projects/msp-tools/guru-rmm` checkout of f38da05 aborted: untracked `docs/RMM_THOUGHTS.md` would be overwritten. Parent repo synced fine; submodule pointer left lagging. Recurring transient. [RESOLVED 2026-06-15] sync.sh now has `resolve_submodule_collisions()` — on the abort it moves only the untracked files the incoming commit tracks aside to `<file>.synced-aside-<UTCstamp>` (content preserved, NOT --force) then retries once. Verified live: guru-rmm advanced ed92097->f38da05; the aside copy held 94 lines of un-committed 2026-06-08 thoughts (rescued, not lost — needs manual merge into canonical RMM_THOUGHTS.md).
2026-06-16 | HOWARD-HOME | unifi-wifi/device-control.sh provision | cmd/devmgr force-provision returned HTTP 400 (mac 0c:ea:14:3f:40:6d / AP 445); verb needs fix — likely wrong cmd name or requires device _id not mac. block/kick/locate via stamgr work; adopt/restart/upgrade unverified.