azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
4ddced1b9b3942918fb6b139b3d139703128d931
guru-connect/specs/native-remote-control/standards.md
Mike Swanson e3e95f8fa7
Some checks failed
Build and Test / Build Server (Linux) (push) Has been cancelled
Details
Build and Test / Build Agent (Windows) (push) Has been cancelled
Details
Build and Test / Security Audit (push) Has been cancelled
Details
Build and Test / Build Summary (push) Has been cancelled
Details
Run Tests / Test Server (push) Has been cancelled
Details
Run Tests / Test Agent (push) Has been cancelled
Details
Run Tests / Code Coverage (push) Has been cancelled
Details
Run Tests / Lint and Format Check (push) Has been cancelled
Details
chore: sync repository to current working state 
Brings azcomputerguru/guru-connect up to the authoritative working copy that
had been maintained in the claudetools monorepo: Phase 1 security and
infrastructure (middleware, metrics, utils, token blacklist, deployment
scripts, security audits) plus the native-remote-control integration spec.
Preserves the repo .gitignore, .cargo, and server/static/downloads.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 06:15:29 -07:00

4.3 KiB
Raw Blame History

Native Remote Control — Applicable Standards

The following standards from .claude/standards/ apply to this feature.

security/credential-handling

No hardcoded credentials. The GuruRMM→guru-connect integration key (CONNECT_INTEGRATION_KEY), per-machine agent keys, and viewer tokens come from env/SOPS — never source. Per-machine agent keys and viewer tokens are hashed/short-lived; JWT for auth, Argon2id for any password storage. Log all auth attempts and session brokering (timestamp, identity, agent_id).

Source: .claude/standards/security/credential-handling.md

api/response-format

New endpoints (POST /api/agents/:agent_id/remote-control, GC POST /api/sessions, POST /api/sessions/:id/viewer-token, POST /api/agents/:agent_id/keys) use RESTful plural nouns, kebab-case multi-word segments (/remote-control), and the standard error envelope { detail, error_code, status_code }. Prefer sqlx::query() (runtime) over the query!() macro for new queries.

Source: .claude/standards/api/response-format.md

gururmm/sqlx-migrations

New migrations (connect_agent_keys, session is_managed/source columns, remote_control_sessions) must be idempotent (CREATE TABLE IF NOT EXISTS, ADD COLUMN IF NOT EXISTS). Let the server binary apply migrations on startup; never pre-apply via psql without the _sqlx_migrations row. Run cargo sqlx prepare and commit .sqlx/ if any query!() macro changes.

Source: .claude/standards/gururmm/sqlx-migrations.md

gururmm/platform-parity

The endpoint launch logic (Task 7) is Windows-only because the guru-connect agent is Windows-only. This is allowed, but the non-Windows path must be a working stub with // TODO(platform): linux/macos — guru-connect agent not available, not a silent no-op. Any new AppState field added in main.rs must also be mirrored in service.rs (Windows-service entry).

Source: .claude/standards/gururmm/platform-parity.md

gururmm/build-pipeline

Never run build-agents.sh / build scripts manually over SSH. All agent and server builds go through the Gitea webhook pipeline (push to main). Deploy = stop → copy binary → start.

Source: .claude/standards/gururmm/build-pipeline.md

conventions/no-emojis & conventions/output-markers

No emojis anywhere in code, logs, dashboard strings, or commit messages. Use ASCII status markers [OK] [ERROR] [WARNING] [SUCCESS] [INFO] [CRITICAL] in any script or operator-facing output (installer scripts, agent launch logs, dashboard toasts).

Source: .claude/standards/conventions/no-emojis.md, .claude/standards/conventions/output-markers.md

git/commit-style

Conventional commit types (feat:, fix:, spec:, build:), and Co-Authored-By for Claude-assisted commits. Never commit .env, keys, or unencrypted secrets.

Source: .claude/standards/git/commit-style.md

Integration contract versioning (feature-specific rule)

Because GC and RMM ship on independent pipelines/cadences, the integration surface is semver'd and namespaced (/api/integration/v1/). GC must not change a published contract version in a breaking way without a major bump, and must keep CONTRACT.md in lockstep with the code (enforced by the Task 11 contract test in each pipeline). RMM discovers support via GET /api/integration/capabilities and version-gates — never assumes a feature exists. This is the mechanism that keeps the two products "in-sync" without coupling their releases.

Embedding / clickjacking (security, feature-specific)

The embedded viewer relaxes frame-ancestors/X-Frame-Options only on the viewer route, to an explicit RMM-origin allowlist sourced from env. The global frame-ancestors 'none' (server/src/middleware/security_headers.rs:30) and X-Frame-Options (:37-39) stay in force for every other route. Never disable framing protection globally to enable the embed.

guru-connect project conventions (projects/msp-tools/guru-connect/CLAUDE.md)

Not in .claude/standards/ but binding for the GC repo: Rust uses tracing (not println!), anyhow in binaries, thiserror for library errors, async/await, cargo clippy before commits; protobuf is the source of truth (proto/guruconnect.proto); transport is protobuf over wss://; Argon2id for passwords; agent stays a single static binary with no runtime deps.

Source: projects/msp-tools/guru-connect/CLAUDE.md

Reference in New Issue View Git Blame Copy Permalink