azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
9eaabdd6a58c1050da8614e037ea052a8a78fbbc
guru-connect/session-logs/2026-06-03-session.md
Mike Swanson 9eaabdd6a5
Some checks failed
Build and Test / Build Server (Linux) (pull_request) Failing after 7m12s
Details
Build and Test / Build Agent (Windows) (pull_request) Successful in 14m56s
Details
Build and Test / Security Audit (pull_request) Successful in 7m57s
Details
Build and Test / Build Summary (pull_request) Has been skipped
Details
fix(agent): SPEC-018 review fixes — agent_id persistence, managed fallback, HKEY typing 
Address the SPEC-018 Phase 1 code review (reports/2026-06-03-spec018-review.md):

- Bug 2 (config.rs): stop agent_id churn on every restart. The embedded-config
  path always wins in Config::load, so the saved agent_id was never read back.
  Add Config::persisted_agent_id() and reuse a prior id from the TOML; only mint
  a new UUID when none exists.
- Bug 1 (main.rs): remove the non-functional in-process fallback in
  run_permanent_agent_managed. A managed agent's cak_ store is SYSTEM-only ACL'd,
  so a non-elevated in-process run cannot authenticate (load_cak permission-denied,
  or enroll C1 read-back failure). Return an actionable "install elevated" error
  instead of pretending to provide an agent; update the misleading comments.
- Issue 6 (startup.rs): replace the fragile transmute::<HANDLE, HKEY> with the
  windows crate's typed HKEY out-param; add SAFETY comments.

cargo check -p guruconnect --target x86_64-pc-windows-msvc passes clean.
Deferred lower-severity items tracked in #8.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-03 16:27:27 -07:00

4.3 KiB
Raw Blame History

Session Log — 2026-06-03 — GuruConnect SPEC-018 review validation + fixes

User

  • User: Mike Swanson (mike)
  • Machine: GURU-5070
  • Role: admin

Session Summary

Mike forwarded a thorough external code review of GuruConnect SPEC-018 Phase 1 (managed agent as LocalSystem service host; merge 11af9df) performed by a Grok reviewer persona and written to D:\GrokTools\guru-connect-review-SPEC018.md. Task: look over the project and validate.

Independently validated the two flagged bugs and Issue 6 by reading the actual code (not just relaying). Confirmed all three as real. Added a refinement the review missed: the non-functional managed fallback (Bug 1) does still work for a deprecated legacy-api_key managed binary, but is broken specifically for the modern SPEC-016 enrollment path — sharpening the fix.

Copied the review into the project at reports/2026-06-03-spec018-review.md, claimed a coord lock on guruconnect, created branch fix/spec018-review-bugs, and had the Coding Agent implement the three fixes. cargo check -p guruconnect --target x86_64-pc-windows-msvc passes clean (no errors/warnings). Filed Gitea issue #8 for the deferred lower-severity items. Changes remain uncommitted on the branch pending Mike's PR-vs-direct-to-main decision.

Key Decisions

  • Validated, did not rubber-stamp. Read the code at each cited location to confirm Bug 1 (main.rs:496), Bug 2 (config.rs:392), Issue 6 (startup.rs transmute) before acting.
  • Bug 1 fix = remove the fallback, surface an elevation error (rather than build a degraded fallback). Matches install_managed_service docs; the managed model is elevated-install. The deprecated legacy-key edge case also errors now — acceptable and honest.
  • Bug 2 fix = read persisted agent_id from the TOML first, generate only if absent — stops agent_id churn on every restart while keeping machine_uid/cak_ as the stable keys.
  • Issue 6 fix = typed HKEY from the windows crate (no HANDLE+transmute). install.rs was already typed (no change).
  • Deferred Issues 3/4/5/7/8 (hot-path unwraps, panic-guard scope, nits) to Gitea #8 — lower severity, follow-ups.
  • No commit yet — branch held for human review of diffs + PR-vs-main choice.

Configuration Changes

In submodule projects/msp-tools/guru-connect (branch fix/spec018-review-bugs, UNCOMMITTED):

  • agent/src/config.rs — added Config::persisted_agent_id(); embedded branch now agent_id: Self::persisted_agent_id().unwrap_or_else(generate_agent_id); corrected comment.
  • agent/src/main.rsrun_permanent_agent_managed: removed run_agent_mode(None) fallback, now error! + Err(...) requiring elevation; updated doc/inline comments.
  • agent/src/startup.rs — replaced transmute::<HANDLE,HKEY> with HKEY::default() + &mut hkey; added SAFETY comments.
  • Created reports/2026-06-03-spec018-review.md (copy of the external review).
  • Stray untracked tmp-spec018.diff left untouched (from the Grok session).

Commands & Outputs

  • Validation greps/reads: run_permanent_agent_managed at main.rs:482, fallback at :496; Config::load embedded branch config.rs:382-409 (agent_id: generate_agent_id() unconditional, save() never read back); resolve_agent_credential main.rs:515 (load_cak permission_denied guard / enroll C1 read-back).
  • cargo check -p guruconnect --target x86_64-pc-windows-msvc → Finished clean, no warnings from the changes.
  • Coord lock id 0cfd6269-4548-46d4-8436-c829e42f79d8 (guruconnect / agent/src, ttl 2h, GURU-5070/claude-main).

Pending / Incomplete Tasks

  • Awaiting Mike's decision: push branch + open PR (recommended, matches SPEC-018 PR #7 convention) vs. commit straight to main.
  • On decision: commit the 3 fixes + the review report, push, (PR/merge), then bump the parent-repo submodule pointer on next /sync, update the coord guruconnect component, and release lock 0cfd6269.
  • Deferred hardening: Gitea guru-connect#8 (Issues 3/4/5/7/8).

Reference Information

  • External review: D:\GrokTools\guru-connect-review-SPEC018.md → copied to reports/2026-06-03-spec018-review.md.
  • Branch: fix/spec018-review-bugs (off main @ 11af9df).
  • Gitea issue: #8
  • Files: agent/src/{config.rs,main.rs,startup.rs}.
Reference in New Issue View Git Blame Copy Permalink