Mike Swanson
92bc522c3a
Ordered, execution-ready plan for SPEC-004 (stable machine identity + session reaping + operator removal). Works out the core integration: machine_uid = deterministic MachineGuid-based hardware identity (recomputable, so config loss can't duplicate); per-agent cak_ key stays the credential/trust boundary; they compose so one cak_ key per machine_uid = one key per real machine (the prerequisite the fleet key-migration #7 needs). Root cause grounded in code: agent_id is a random UUID (config.rs:90), connect_machines dedups on ON CONFLICT (agent_id), so config loss -> duplicate rows (DESKTOP-I66IM5Q x9 live). 5 ordered tasks (agent uid -> server dedup -> reconcile/age-out -> reaping -> operator removal). Unblocks #7 -> #5. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>