azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
39e9ac4b752a853f5dd72159dbb8cc6a87751cdf
guru-connect/specs/native-remote-control/standards.md
Mike Swanson e3e95f8fa7
Some checks failed
Build and Test / Build Server (Linux) (push) Has been cancelled
Details
Build and Test / Build Agent (Windows) (push) Has been cancelled
Details
Build and Test / Security Audit (push) Has been cancelled
Details
Build and Test / Build Summary (push) Has been cancelled
Details
Run Tests / Test Server (push) Has been cancelled
Details
Run Tests / Test Agent (push) Has been cancelled
Details
Run Tests / Code Coverage (push) Has been cancelled
Details
Run Tests / Lint and Format Check (push) Has been cancelled
Details
chore: sync repository to current working state 
Brings azcomputerguru/guru-connect up to the authoritative working copy that
had been maintained in the claudetools monorepo: Phase 1 security and
infrastructure (middleware, metrics, utils, token blacklist, deployment
scripts, security audits) plus the native-remote-control integration spec.
Preserves the repo .gitignore, .cargo, and server/static/downloads.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 06:15:29 -07:00

89 lines
4.3 KiB
Markdown
Raw Blame History

# Native Remote Control — Applicable Standards
The following standards from `.claude/standards/` apply to this feature.
## security/credential-handling
No hardcoded credentials. The GuruRMM→guru-connect integration key (`CONNECT_INTEGRATION_KEY`),
per-machine agent keys, and viewer tokens come from env/SOPS — never source. Per-machine agent
keys and viewer tokens are **hashed/short-lived**; JWT for auth, Argon2id for any password
storage. Log all auth attempts and session brokering (timestamp, identity, agent_id).
Source: `.claude/standards/security/credential-handling.md`
## api/response-format
New endpoints (`POST /api/agents/:agent_id/remote-control`, GC `POST /api/sessions`,
`POST /api/sessions/:id/viewer-token`, `POST /api/agents/:agent_id/keys`) use RESTful plural
nouns, kebab-case multi-word segments (`/remote-control`), and the standard error envelope
`{ detail, error_code, status_code }`. Prefer `sqlx::query()` (runtime) over the `query!()`
macro for new queries.
Source: `.claude/standards/api/response-format.md`
## gururmm/sqlx-migrations
New migrations (`connect_agent_keys`, session `is_managed`/`source` columns,
`remote_control_sessions`) must be idempotent (`CREATE TABLE IF NOT EXISTS`,
`ADD COLUMN IF NOT EXISTS`). Let the server binary apply migrations on startup; never pre-apply
via psql without the `_sqlx_migrations` row. Run `cargo sqlx prepare` and commit `.sqlx/` if any
`query!()` macro changes.
Source: `.claude/standards/gururmm/sqlx-migrations.md`
## gururmm/platform-parity
The endpoint launch logic (Task 7) is Windows-only because the guru-connect agent is Windows-only.
This is allowed, but the non-Windows path must be a working stub with
`// TODO(platform): linux/macos — guru-connect agent not available`, not a silent no-op. Any new
`AppState` field added in `main.rs` must also be mirrored in `service.rs` (Windows-service entry).
Source: `.claude/standards/gururmm/platform-parity.md`
## gururmm/build-pipeline
Never run `build-agents.sh` / build scripts manually over SSH. All agent and server builds go
through the Gitea webhook pipeline (push to `main`). Deploy = stop → copy binary → start.
Source: `.claude/standards/gururmm/build-pipeline.md`
## conventions/no-emojis & conventions/output-markers
No emojis anywhere in code, logs, dashboard strings, or commit messages. Use ASCII status markers
`[OK] [ERROR] [WARNING] [SUCCESS] [INFO] [CRITICAL]` in any script or operator-facing output
(installer scripts, agent launch logs, dashboard toasts).
Source: `.claude/standards/conventions/no-emojis.md`, `.claude/standards/conventions/output-markers.md`
## git/commit-style
Conventional commit types (`feat:`, `fix:`, `spec:`, `build:`), and `Co-Authored-By` for
Claude-assisted commits. Never commit `.env`, keys, or unencrypted secrets.
Source: `.claude/standards/git/commit-style.md`
## Integration contract versioning (feature-specific rule)
Because GC and RMM ship on independent pipelines/cadences, the integration surface is **semver'd**
and namespaced (`/api/integration/v1/`). GC must not change a published contract version in a
breaking way without a major bump, and must keep `CONTRACT.md` in lockstep with the code (enforced
by the Task 11 contract test in each pipeline). RMM discovers support via
`GET /api/integration/capabilities` and version-gates — never assumes a feature exists. This is the
mechanism that keeps the two products "in-sync" without coupling their releases.
## Embedding / clickjacking (security, feature-specific)
The embedded viewer relaxes `frame-ancestors`/`X-Frame-Options` **only on the viewer route**, to an
explicit RMM-origin allowlist sourced from env. The global `frame-ancestors 'none'`
(`server/src/middleware/security_headers.rs:30`) and `X-Frame-Options` (`:37-39`) stay in force for
every other route. Never disable framing protection globally to enable the embed.
## guru-connect project conventions (`projects/msp-tools/guru-connect/CLAUDE.md`)
Not in `.claude/standards/` but binding for the GC repo: Rust uses `tracing` (not `println!`),
`anyhow` in binaries, `thiserror` for library errors, `async`/`await`, `cargo clippy` before
commits; protobuf is the source of truth (`proto/guruconnect.proto`); transport is protobuf over
`wss://`; Argon2id for passwords; agent stays a single static binary with no runtime deps.
Source: `projects/msp-tools/guru-connect/CLAUDE.md`
Reference in New Issue View Git Blame Copy Permalink