diff --git a/.claude/MEMORY.md b/.claude/MEMORY.md new file mode 100644 index 0000000..9bfbe1a --- /dev/null +++ b/.claude/MEMORY.md @@ -0,0 +1,14 @@ +# Memory Index + +## User +- [Filip Zubik - X9.cz](user_filip.md) - MSP owner/developer, Czech communication, pragmatic approach + +## Feedback +- [Communication preferences](feedback_preferences.md) - Czech, discussion first, interactive reviews, phased approach + +## Project +- [Xetup project state](project_xetup_state.md) - Current state, architecture decisions, what's next (as of 2026-04-15) +- [Technical findings](project_technical_findings.md) - Deep code analysis, UCPD issue, Win11 compatibility, tools research + +## Reference +- [Colleague specs and review](reference_colleague_specs.md) - Where to find colleague's input documents and review results diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md new file mode 100644 index 0000000..9bfbe1a --- /dev/null +++ b/.claude/memory/MEMORY.md @@ -0,0 +1,14 @@ +# Memory Index + +## User +- [Filip Zubik - X9.cz](user_filip.md) - MSP owner/developer, Czech communication, pragmatic approach + +## Feedback +- [Communication preferences](feedback_preferences.md) - Czech, discussion first, interactive reviews, phased approach + +## Project +- [Xetup project state](project_xetup_state.md) - Current state, architecture decisions, what's next (as of 2026-04-15) +- [Technical findings](project_technical_findings.md) - Deep code analysis, UCPD issue, Win11 compatibility, tools research + +## Reference +- [Colleague specs and review](reference_colleague_specs.md) - Where to find colleague's input documents and review results diff --git a/.claude/memory/feedback_preferences.md b/.claude/memory/feedback_preferences.md new file mode 100644 index 0000000..00d83a2 --- /dev/null +++ b/.claude/memory/feedback_preferences.md @@ -0,0 +1,15 @@ +--- +name: Communication and workflow preferences +description: How Filip wants to work - Czech communication, discussion before coding, interactive reviews +type: feedback +--- + +- Communicate in Czech (code/comments/logs stay English) +- When Filip says "nekodujme, udelame diskusi" - he wants discussion first, not jumping to code +- Prefers interactive HTML pages for reviews/decisions (not just markdown) +- Likes phased approaches - start simple, evolve +- Values colleague's field experience over theoretical best practices +- When specs conflict, ask rather than assume +- Filip appreciates out-of-the-box thinking (Go binaries, web platforms) but wants practical solutions +- Don't over-engineer for 20 machines/month scale +- Filip works on macOS, targets Windows - cross-compilation matters diff --git a/.claude/memory/project_technical_findings.md b/.claude/memory/project_technical_findings.md new file mode 100644 index 0000000..15cdc0f --- /dev/null +++ b/.claude/memory/project_technical_findings.md @@ -0,0 +1,57 @@ +--- +name: Technical findings from deep code analysis and research (2026-04-15) +description: Detailed technical analysis results - Win11 compatibility issues, UCPD driver, code quality assessment, and modernization opportunities +type: project +--- + +## Code quality assessment (all scripts in windows-deployment-new/scripts/) +- Overall: solid, production-ready for Win10/11 22H2 +- 3-level registry fallback in 03-system-registry.ps1: direct write → ACL fix (SeTakeOwnershipPrivilege) → SYSTEM scheduled task +- Proper hive handling: GC.Collect + WaitForPendingFinalizers + 500ms sleep before reg unload, always in finally block +- Error handling: $ErrorActionPreference = "Continue", try/catch everywhere, WARN level for non-critical failures +- Logging: every step to C:\Windows\Setup\Scripts\Deploy.log with color-coded console output + +## Critical issues found + +### 1. UCPD.sys (User Choice Protection Driver) +- Kernel-mode driver since Feb 2024, v4.3 as of early 2026 +- Blocks direct registry writes to UserChoice for .pdf, .htm, .html etc. +- Our HKCR approach works as system-wide fallback but isn't clean +- Fix: disable UCPD service + scheduled task during deployment, set associations, re-enable +- Or use SetUserFTA tool (~$20, kolbi.cz) + +### 2. System tray EnableAutoTray=0 broken on 24H2 +- Win11 23H2/24H2 ignores this registry key +- Icon stream cache clearing is a workaround but not 100% +- No reliable registry-only solution exists for 24H2 + +### 3. OneDrive removal too aggressive +- 03-system-registry.ps1 lines 244-273: uninstalls + deletes OneDriveSetup.exe +- 04-default-profile.ps1 lines 240-261: removes RunOnce keys + Explorer namespace +- Must remove these blocks entirely + +### 4. Edge policies incomplete +- Currently only: HideFirstRunExperience, CreateDesktopShortcutDefault +- Need to add: BrowserSignin=0, CopilotPageContext=0, NewTabPageContentEnabled=0, StandaloneHubsSidebarEnabled=0, ShowRecommendationsEnabled=0, DefaultBrowserSettingsCampaignEnabled=0, and ~10 more + +### 5. ConfigureStartPins applyOnce +- New in 24H2 (KB5062660): {"pinnedList":[], "applyOnce": true} +- Applies layout once, then users can customize +- Better than our current approach (XML lock + UnlockStartLayout task) + +## Win10/Win11 compatibility matrix +- All core registry keys work on both versions +- Win11-specific keys (TaskbarAl, ShowCopilotButton, TaskbarDa, TaskbarMn) harmlessly create empty keys on Win10 +- Scripts handle version differences through graceful degradation + +## Config.json issues +- desktopInfo settings (position, fontSize, color) are defined but ignored by 07-desktop-info.ps1 +- deployment.locale is not used anywhere +- Software list has only 3 packages (TODO in SPEC) + +## Tools landscape (researched 2026-04-15) +- Chris Titus WinUtil: PS-based, `irm christitus.com/win | iex`, has Win11 Creator tab +- Win11Debloat (Raphire): got GUI in Feb 2026, configurable via Apps.json +- Sophia Script: 150+ tweaks, most granular but slower +- Go binary advantages: bypasses execution policy, single file, no dependencies, cross-compile from macOS +- Charmbracelet stack (bubbletea/huh/lipgloss): best for TUI forms in Go diff --git a/.claude/memory/project_xetup_state.md b/.claude/memory/project_xetup_state.md new file mode 100644 index 0000000..99823ee --- /dev/null +++ b/.claude/memory/project_xetup_state.md @@ -0,0 +1,73 @@ +--- +name: Xetup project state as of 2026-04-15 +description: Current state of the xetup Windows deployment project - architecture decisions, what exists, what's planned +type: project +--- + +## What xetup is +Automated Windows 10/11 setup for X9.cz MSP clients. Replaces ~3 hours of manual work with a single script/tool. + +## Current repo structure (cleaned 2026-04-15) +``` +xetup/ +├── review.html ← interactive review page v2 (with colleague comments) +├── xetup-review.md ← exported review v1 results from colleague +├── xetup-win-setup-spec.md ← original spec from colleague +├── xetup-win-setup-novinky.md ← v2 additions from colleague (taskbar pins, explorer, network, admin desc) +├── W11.pdf ← reference PDF +└── windows-deployment-new/ ← the active codebase + ├── Deploy-Windows.ps1 ← master script + ├── CLAUDE.md / SPEC.md + ├── config/config.json + ├── assets/ + │ ├── Backinfo/ ← BackInfo.exe + ini + ps1 (ready to use) + │ └── Logo/ ← X9 ico + jpeg (moved here 2026-04-15) + └── scripts/ + ├── 00-admin-account.ps1 + ├── 01-bloatware.ps1 + ├── 02-software.ps1 + ├── 03-system-registry.ps1 + ├── 04-default-profile.ps1 + ├── 05-personalization.ps1 + ├── 06-scheduled-tasks.ps1 + ├── 07-desktop-info.ps1 ← TO BE REPLACED by BackInfo + └── 08-activation.ps1 +``` + +## Key decisions made (2026-04-15 session) +1. **BackInfo wins over custom DesktopInfo** - colleague prefers it (INI config, auto-update, centered text). Our 07-desktop-info.ps1 will be deleted. +2. **OneDrive must NOT be removed** - current code aggressively deletes it, breaks M365. Must fix 03-system-registry.ps1 and 04-default-profile.ps1. +3. **RDP must NOT be removed** - was in SPEC but never implemented (good). Remove from SPEC entirely. +4. **Colleague's spec has priority** over our implementation when they overlap. +5. **adminx9 account: no password** (changed from config-driven password), FullName = "X9.cz s.r.o." +6. **Nextcloud not needed** - assets are in repo, only Atera MSI downloads from web. +7. **Flash2 not integrated** - it's the old version of this tool, just for inspiration. +8. **Atera Agent**: curl from `https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337` then `msiexec /i setup.msi /qn` + +## Architecture direction (decided 2026-04-15) +- **Go TUI launcher** (xetup.exe) - single binary, embeds PS scripts + assets +- Charmbracelet stack: bubbletea, huh, lipgloss +- Self-update from web (version.json check) +- **Web platform** at xetup.x9.cz: + - Forgejo for git hosting + issues + CI + - Auto-generated documentation from spec.yaml + - Comments via Forgejo Issues API + - Landing page + download + changelog + - Deployment reporting dashboard (later) +- **spec.yaml** as single source of truth for both exe and docs + +## What needs to happen next +1. Create spec.yaml from all gathered specs + review +2. Initialize Go project structure +3. Fix PS scripts (OneDrive removal, admin password, BackInfo integration) +4. Set up repo (GitHub initially, Forgejo later) +5. First Go build with TUI form +6. CI pipeline (GitHub Actions) +7. Web landing page + +## Technical findings from deep analysis +- UCPD kernel driver (since Feb 2024) blocks PDF default association via UserChoice - need to disable UCPD during deployment +- System tray "show all icons" broken in Win11 24H2 - EnableAutoTray=0 ignored +- Edge needs ~15 more policy keys than we currently set +- ConfigureStartPins has new applyOnce property in 24H2 +- Current code quality is solid: 3-level registry fallback, proper hive handling with GC+finally diff --git a/.claude/memory/reference_colleague_specs.md b/.claude/memory/reference_colleague_specs.md new file mode 100644 index 0000000..bf201e0 --- /dev/null +++ b/.claude/memory/reference_colleague_specs.md @@ -0,0 +1,24 @@ +--- +name: Colleague spec documents and review results +description: Where to find colleague's input - specs, review comments, and novinky files in repo root +type: reference +--- + +## Input documents from colleague (in repo root) +- `xetup-win-setup-spec.md` - original full spec (15 sections covering directory structure, personalization, taskbar, power, proxy, PC rename, bloatware, SW install, BackInfo, Edge, bootstrap launcher) +- `xetup-win-setup-novinky.md` - v2 additions: A) taskbar pinned apps (admin vs user XML layout), B) Explorer settings (ShowRecent/Frequent off, FullPath), C) network discovery + private network, D) admin account FullName +- `xetup-review.md` - exported review v1 with colleague's comments +- `W11.pdf` - reference PDF from colleague + +## Key colleague comments from review v1 +- Nextcloud not needed for assets +- adminX9 without password +- Flash2 is just the old version, for inspiration only +- OneDrive and RDP problems reported from first version +- Atera: specific curl URL provided with cid=31 and aeid parameter +- Logo files added to repo (now in assets/Logo/) + +## Review v2 +- `review.html` in repo root - interactive review page with all steps organized into 9 groups +- Uses localStorage prefix `xr2-` for state +- 27 steps total, incorporates all colleague feedback + novinky diff --git a/.claude/memory/user_filip.md b/.claude/memory/user_filip.md new file mode 100644 index 0000000..cc9a2b8 --- /dev/null +++ b/.claude/memory/user_filip.md @@ -0,0 +1,17 @@ +--- +name: Filip Zubik - X9.cz +description: MSP owner/developer at X9.cz, builds Windows deployment automation, prefers Czech communication, pragmatic approach +type: user +--- + +- Runs X9.cz - MSP (Managed Service Provider) deploying ~20 Windows machines/month +- Developer + business owner - makes architectural decisions +- Works on macOS, deploys to Windows +- Prefers Czech for communication, English for code/comments/logs +- Pragmatic - wants working solutions, not over-engineering +- Open to modern approaches (Go binaries, TUI, web platforms) +- Has a colleague ("kolega") who is the hands-on technician doing the actual deployments +- Colleague provides real-world specs and feedback from field experience +- Filip values colleague's input - "spec kolegy ma prednost" +- Likes interactive review workflows (HTML review pages with approve/reject/discuss) +- Thinks long-term - wants living documentation, feedback loops, continuous improvement