azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

SPEC-018 review fixes: agent_id persistence, managed fallback, HKEY typing #9

Merged
azcomputerguru merged 1 commits from fix/spec018-review-bugs into main 2026-06-03 16:30:26 -07:00
Conversation 0 Commits 1 Files Changed 5 +212 -30
azcomputerguru commented 2026-06-03 16:29:44 -07:00
Owner
Copy Link

Addresses the SPEC-018 Phase 1 code review (reports/2026-06-03-spec018-review.md).

Fixes

  • Bug 2 (agent/src/config.rs) — agent_id persistence. The embedded-config path always wins in Config::load, so the saved agent_id was never read back, minting a new UUID on every restart (agent_id churn). Added Config::persisted_agent_id() to reuse a prior id from the on-disk TOML; only mint a new UUID when none exists.
  • Bug 1 (agent/src/main.rs) — managed fallback. Removed the non-functional in-process fallback in run_permanent_agent_managed. A managed agent's cak_ store is SYSTEM-only ACL'd, so a non-elevated in-process run cannot authenticate (load_cak permission-denied, or enroll C1 read-back failure). Now returns an actionable "install elevated" error instead of pretending to provide an agent; misleading comments updated.
  • Issue 6 (agent/src/startup.rs) — HKEY typing. Replaced the fragile transmute::<HANDLE, HKEY> with the windows crate's typed HKEY out-param; added SAFETY comments.

Reviewed; cargo check -p guruconnect --target x86_64-pc-windows-msvc clean. Related to #8 (deferred lower-severity items tracked there).

Addresses the SPEC-018 Phase 1 code review (`reports/2026-06-03-spec018-review.md`). ### Fixes - **Bug 2 (`agent/src/config.rs`) — agent_id persistence.** The embedded-config path always wins in `Config::load`, so the saved `agent_id` was never read back, minting a new UUID on every restart (agent_id churn). Added `Config::persisted_agent_id()` to reuse a prior id from the on-disk TOML; only mint a new UUID when none exists. - **Bug 1 (`agent/src/main.rs`) — managed fallback.** Removed the non-functional in-process fallback in `run_permanent_agent_managed`. A managed agent's `cak_` store is SYSTEM-only ACL'd, so a non-elevated in-process run cannot authenticate (`load_cak` permission-denied, or enroll C1 read-back failure). Now returns an actionable "install elevated" error instead of pretending to provide an agent; misleading comments updated. - **Issue 6 (`agent/src/startup.rs`) — HKEY typing.** Replaced the fragile `transmute::<HANDLE, HKEY>` with the `windows` crate's typed `HKEY` out-param; added SAFETY comments. Reviewed; `cargo check -p guruconnect --target x86_64-pc-windows-msvc` clean. Related to #8 (deferred lower-severity items tracked there).
azcomputerguru added 1 commit 2026-06-03 16:29:45 -07:00
fix(agent): SPEC-018 review fixes — agent_id persistence, managed fallback, HKEY typing
Some checks failed
Build and Test / Build Server (Linux) (pull_request) Failing after 7m12s
Details
Build and Test / Build Agent (Windows) (pull_request) Successful in 14m56s
Details
Build and Test / Security Audit (pull_request) Successful in 7m57s
Details
Build and Test / Build Summary (pull_request) Has been skipped
Details
9eaabdd6a5 
Address the SPEC-018 Phase 1 code review (reports/2026-06-03-spec018-review.md):

- Bug 2 (config.rs): stop agent_id churn on every restart. The embedded-config
  path always wins in Config::load, so the saved agent_id was never read back.
  Add Config::persisted_agent_id() and reuse a prior id from the TOML; only mint
  a new UUID when none exists.
- Bug 1 (main.rs): remove the non-functional in-process fallback in
  run_permanent_agent_managed. A managed agent's cak_ store is SYSTEM-only ACL'd,
  so a non-elevated in-process run cannot authenticate (load_cak permission-denied,
  or enroll C1 read-back failure). Return an actionable "install elevated" error
  instead of pretending to provide an agent; update the misleading comments.
- Issue 6 (startup.rs): replace the fragile transmute::<HANDLE, HKEY> with the
  windows crate's typed HKEY out-param; add SAFETY comments.

cargo check -p guruconnect --target x86_64-pc-windows-msvc passes clean.
Deferred lower-severity items tracked in #8.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
azcomputerguru merged commit 72835fa1b5 into main 2026-06-03 16:30:26 -07:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
component:agent
component:dashboard
component:server
security
severity:critical
severity:high
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
azcomputerguru
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: azcomputerguru/guru-connect#9
Delete Branch "fix/spec018-review-bugs"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?