azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd30af6aba4e402fcc7a0a51fa3b5177798c6786
claudetools/.claude/bootstrap/RESTORE.md
Mike Swanson 974fb97f10 feat(bootstrap): set hostname in Phase 0 
Rename the machine to the name in the bundle's identity.json (default GURU-5070,
override with -Hostname) when run as admin, with an end-of-run reboot reminder.
Ensures scheduled tasks, coord session IDs, and log attribution line up. RESTORE.md
documents the step.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 12:17:11 -07:00

7.0 KiB
Raw Blame History

ClaudeTools Windows Bootstrap & Recovery Runbook

Rebuild this workstation (GURU-5070, Lenovo Legion Pro 7 16IAX10H) after a clean Windows reset. Everything here is driven by two scripts in this folder:

  • windows-bootstrap.ps1 — installs tools, restores secrets, clones repos, wires tasks
  • restore-secrets.ps1 — copies secrets/identity from the recovery bundle back into place

The recovery bundle lives on the removable drives:

Drive Label Holds
E: (FAT32) claudetools-recovery\ — secrets + identity + manifests (redundant copy)
F: Ventoy claudetools-recovery\ — same bundle plus data\ (large client data)

F: is also a bootable rescue stick (SystemRescue, Boot Repair) — keep it; it can help fix the machine. The bundle lives in F:\claudetools-recovery\, Ventoy is untouched.

What's in the bundle (and why it can't just be re-cloned)

claudetools-recovery\

  • secrets\
    • sops-age\keys.txtTHE most critical file. The SOPS age private key. Without it the entire vault (D:\vault) is permanently undecryptable. Not stored in any repo.
    • ssh\id_ed25519 (+pub), pst-cc-ucg (+pub), config, known_hosts
    • claude\.claude.json, .credentials.json (Claude Code login), settings, keybindings, statusline
    • grok\auth.json, config.toml, agent_id
    • gemini\oauth_creds.json, google_accounts.json, settings, installation_id
    • git\.gitconfig, powershell\Microsoft.PowerShell_profile.ps1
  • identity\ — repo-local gitignored files: identity.json, settings.local.json, current-mode, coord-broadcasts-seen, mcp.json, .claude/state\, ticktick tokens, dataforth oauth
  • config\ — Windows Terminal settings, fleet hosts file, quote-wizard .env.production
  • manifests\installed-tools.txt, ollama-models.txt, git-global-config.txt, repos.txt, user-environment.reg / .txt (incl. OLLAMA_MODELS/OLLAMA_HOST/PROTOC), scheduled-tasks\*.xml
  • at-risk-work\ — local-only WIP rescued from the submodules (not on any remote): guru-rmm stashes as .patch files + guru-connect tmp-spec018.diff. The bootstrap re-applies these automatically in Phase 6 (restore-at-risk-work.ps1) — the guru-rmm ones are put back as stashes (git stash list), the guru-connect diff is dropped back as its untracked working file. See RESTORE-at-risk-work.txt for manual steps.
  • data\ (F: only) — large non-Gitea client/project data, repo-relative paths

Everything else (all tracked code, skills, commands, docs, session logs, wiki) comes back from Gitea on clone — no need to back it up.

Fast path (one shot)

From an elevated PowerShell, with E: or F: plugged in:

# copy the script off the drive first (so it survives a re-clone)
Copy-Item F:\claudetools-recovery\bootstrap\windows-bootstrap.ps1 $env:TEMP\boot.ps1
& $env:TEMP\..  # or just run directly:
F:\claudetools-recovery\bootstrap\windows-bootstrap.ps1 -SkipModels

Run it from an elevated shell so Phase 0 can rename the machine to GURU-5070 (read from the bundle's identity.json; override with -Hostname <name>). The rename needs a reboot to take effect — the script reminds you at the end. Re-run after the reboot to finish any phases that depend on the hostname.

-SkipModels defers the ~50 GB Ollama downloads. Drop it (or run Phase 8 later) when you want them. Add -RestoreData to also pull back the large client data from F:\...\data.

The script is idempotent — safe to re-run; it skips anything already done. To run just part of it: -OnlyPhases "1,2,3".

Manual path (if you'd rather do it by hand)

  1. Set the hostname (elevated): Rename-Computer -NewName GURU-5070 -Restart. Do this first so scheduled tasks / coord session IDs line up after the reboot.
  2. Install App Installer (winget) from the Microsoft Store if missing.
  3. Core tools (winget ids): Git.Git, OpenJS.NodeJS.LTS, Python.Python.3.14, Rustlang.Rustup, Microsoft.VisualStudioCode, Ollama.Ollama, jqlang.jq, SecretsOPerationS.SOPS, FiloSottile.age, GitHub.cli, AgileBits.1Password.CLI, Microsoft.DotNet.SDK.8, Google.Protobuf, oschwartz10612.Poppler, Tailscale.Tailscale Then dotnet tool install --global wix (MSI builds). Set env: OLLAMA_MODELS=D:\OllamaModels, OLLAMA_HOST=0.0.0.0:11434, PROTOC=<protoc.exe>.
  4. AI CLIs:
    • Claude: irm https://claude.ai/install.ps1 | iex~/.local/bin/claude.exe
    • Gemini: npm install -g @google/gemini-cli
    • Grok: bash -c "curl -fsSL https://x.ai/cli/install.sh | bash" (Git Bash)
  5. Restore home secrets: F:\claudetools-recovery\bootstrap\restore-secrets.ps1 -Group home
  6. Clone repos: 
    git clone https://git.azcomputerguru.com/azcomputerguru/claudetools.git D:\claudetools
cd D:\claudetools; git submodule update --init --recursive
git clone https://git.azcomputerguru.com/azcomputerguru/vault.git D:\vault
    (On-network you can use http://172.16.3.20:3000/... to bypass the SSL-renewal blips.)
  7. Restore identity: restore-secrets.ps1 -Group repo
  8. Ollama models (proper set for this 12 GB-VRAM laptop): ollama pull nomic-embed-text:latest (GrepAI embeddings) and ollama pull qwen3:8b (prose_model). Models live on D:\OllamaModels (47.8 GB) — if D: survived the reset they're already there, skip this. Heavy extras (qwen3:14b, codestral:22b, qwen3.6:latest) are opt-in only; they over-saturate 12 GB VRAM.
  9. Scheduled tasks: import each XML in manifests\scheduled-tasks\ via Register-ScheduledTask -Xml (Get-Content x.xml -Raw) -TaskName "...".
  10. Verify: D:\claudetools\.claude\scripts\onboarding-diagnostic.ps1, then /self-check in Claude Code.

Post-install: things that need an interactive login

Auth tokens are backed up, but some expire. If a tool says it's unauthenticated:

  • Claude Code: run claude, then /login (browser).
  • GitHub CLI: gh auth login
  • 1Password: op signin
  • Gemini: launch gemini, complete the Google OAuth browser flow.
  • Grok: grok login (tokens expire after 7 days).
  • Gitea git push: uses the Windows Credential Manager (credential.helper=manager). First push prompts for the shared azcomputerguru account. Do NOT bake the password into the remote URL (the old D:\work\gururmm clone did — reset it to a clean URL).

Verify the vault decrypts (proves the age key restored correctly)

bash D:/claudetools/.claude/scripts/vault.sh list
bash D:/claudetools/.claude/scripts/vault.sh get-field projects/claudetools/database.sops.yaml credentials.password

If that returns the password, recovery succeeded. If it errors about decryption, the age key at %APPDATA%\sops\age\keys.txt and ~/.config/sops/age/keys.txt is missing/wrong.

Refreshing this bundle later

Re-run the backup any time (it's just file copies): D:\claudetools\.claude\bootstrap\backup-to-bundle.ps1 (writes to E: and F:).

Reference in New Issue View Git Blame Copy Permalink