Self-Service Fixes (Org Remediations)

Admin-defined diagnose + remediate scripts the TATER Agent surfaces to end users via the system tray menu. When the user clicks a fix, the agent runs the diagnose script; if a problem is found, it runs the remediate script and shows a Windows toast with the outcome. If the fix fails, the agent automatically opens an Ops task so IT picks up the manual follow-through.

What this is for

End users hit recurring issues that an admin already knows how to fix - OneDrive gets stuck, a mapped drive disappears after a network blip, a startup script needs to be re-run. Instead of:

The user filing a ticket and waiting,
Or the admin pushing a one-off remote command,
Or rolling a custom-built helper tool,

you author a one-line tray menu item in TATER Manage that does the diagnose, runs the fix, and tells the user what happened. If the script works, the user is unblocked in seconds with no help-desk involvement. If it fails, a task gets opened for IT with the full run output already attached.

Mental model

Where	What it does	Role
TATER Manage → Endpoint Fleet → Self-Service Fixes	Admin defines the catalog (name, scripts, user messages, task-on-failure)	Admin
`GET /api/agents/{host}/remediations`	Agent fetches its org's enabled, platform-matched catalog every 15 min	Agent (X-Api-Key)
Agent tray menu - "🔧 Self-Service Fixes"	Dynamic submenu; each entry shows the icon + name	End user
Diagnose → Consent (optional) → Remediate	Runs locally with the agent's runAs context (system or interactive user)	End user
Windows toast notification	"Checking…" → "Fixed" / "Couldn't fix - IT has been notified"	End user
`POST /api/agents/{host}/remediation-results`	Agent reports the full outcome (exit codes, durations, stdout/stderr)	Agent (X-Api-Key)
If failure + taskOnFailure.enabled → `POST /api/tasker/tasks`	Auto-opens an Ops ticket with the run output linked	Agent → IT

Authoring a remediation

Open TATER Manage → Endpoint Fleet → Self-Service Fixes → + New Remediation. You'll fill in:

Name + icon + category. "Reset OneDrive Sync" / ☁ / OneDrive. These show up in the tray menu and group entries visually.
Platforms. Which OSes to expose the fix on. The agent only sees entries that match its current platform.
Diagnose script. Exit 0 = healthy (nothing to do); non-zero = problem detected. Use Write-Output / echo to capture evidence for the run log.
Remediate script. Exit 0 = success. Only runs if diagnose returned non-zero. ASCII-only - per §12co, non-ASCII characters corrupt under PS5.1 codepage handling.
runAs. user for HKCU / profile / per-user filesystem state; system for service-level state. Default system in the Go agent's service context. Tray-mode invocations run as the interactive user regardless.
requireConsent. When true, the agent shows a Yes/No MessageBox describing the action before running remediate. Recommended for anything that restarts a service or changes user files.
User messages. Five short strings shown via Windows toast: while checking, if healthy, while fixing, if fixed, if failed. Friendly, action-oriented copy - the user is your audience here.
Task on failure. When the remediate script exits non-zero, the agent calls POST /api/tasker/tasks with priority + category + title template. The task is linked back to the remediation via linkedTaterEntityType: 'org-remediation' so admins can see all the failed runs from one place.

Seed the starter catalog

Click + Seed Defaults to add two pre-built remediations covering the original two use cases that motivated this feature:

Reset OneDrive Sync - checks the cldflt service + Business1 UserFolder, attempts a safe restart of the OneDrive client. Does NOT run /reset (that's destructive - admin-dispatched via the existing REM_OD_* scripts only).
Refresh Drive Mappings - re-runs the user's CB-DriveLetters.cmd from their Startup folder. Useful when a mapped drive went missing after a network blip.

Seeding is idempotent - already-present entries are skipped, so you can re-seed safely after agent updates.

Agent behavior in detail

The agent's internal/orgremediations package runs an init pull at startup and a refresh every 15 minutes. The catalog is cached in memory; transient network errors retain the previous catalog so the tray menu doesn't go empty.

When a user clicks an entry, the agent:

Shows the userMsgChecking toast.
Writes the diagnose script body to a temp .ps1 / .sh file (ASCII-only - see §12co pitfall), runs with HideWindow + timeout cap.
If diagnose exits 0 → shows userMsgHealthy, POSTs result with outcome: 'healthy', stops.
If requireConsent → asks the user via PowerShell MessageBox; if No, POSTs outcome: 'consent-denied', stops.
Shows userMsgFixing, runs the remediate script with timeout.
If remediate exits 0 → shows userMsgFixed, POSTs outcome: 'fixed'.
If remediate fails → shows userMsgFailed, opens the Tasker task if configured, POSTs outcome: 'failed' with the task id captured.

All script execution is bounded by timeoutSec (5–900s, default 120). All stdout/stderr is captured up to maxOutputBytes (default 16 KB, max 64 KB) and truncated with a "[truncated]" marker if exceeded.

End-user flow

On a Windows endpoint with v2.4.20+ of the TATER Agent, the user sees:

Right-click the TATER tray icon → Self-Service Fixes submenu → click "Reset OneDrive Sync".
Toast: Checking your OneDrive…
If the diagnose script finds the cldflt service stopped → consent MessageBox: "About to run: Reset OneDrive Sync. Continue?"
User clicks Yes → Toast: Restarting OneDrive…
Remediate succeeds → Toast: OneDrive has been restarted. Give it a minute to reconnect. Done.
Remediate fails → Toast: Could not restart OneDrive. IT has been notified and will follow up. A task appears in TATER Ops for the assigned IT pool with the full run output.

API reference

Method	Path	Auth	Notes
GET	`/api/org-remediations`	Auditor+	List the catalog for the caller's org.
GET	`/api/org-remediations/{id}`	Auditor+	Single entry.
POST	`/api/org-remediations`	Admin	Create.
PUT	`/api/org-remediations/{id}`	Admin	Update.
DELETE	`/api/org-remediations/{id}`	Admin	Soft delete.
POST	`/api/org-remediations/{id}/toggle`	Admin	Flip the enabled flag.
POST	`/api/org-remediations/seed-defaults`	Admin	Idempotent - adds OneDrive Reset + Drive Mappings starters if absent.
GET	`/api/agents/{host}/remediations`	X-Api-Key	Agent poll. Optional `?platform=windows\|macos\|linux`.
POST	`/api/agents/{host}/remediation-results`	X-Api-Key	Agent reports outcome.
GET	`/api/org-remediations/results`	Auditor+	Result history. Filter via `?remediationId=` or `?hostname=`.

MCP tools

Available on both HTTP and stdio MCP:

list_org_remediations - inventory (Viewer+).
create_org_remediation - author from an MCP conversation (Admin).
update_org_remediation - modify an existing entry (Admin).
toggle_org_remediation - enable/disable (Admin).

Safety notes

ASCII-only scripts. Per §12co, non-ASCII chars (em-dash, smart quotes, arrows) get mangled under PS 5.1's ANSI codepage when the agent writes the script to a temp file. The UI strips obvious culprits during save, but author your scripts ASCII-clean.
No destructive actions. The seeded OneDrive Reset only does the cheap restart path - NOT /reset or CfUnregisterSyncRoot. Destructive heals stay on the admin-dispatched path (execute_script with the REM_OD_* scripts) where they're version-gated against buggy OneDrive builds.
requireConsent is enforced on Windows + macOS only. Linux headless agents don't have a GUI prompt path - the consent flag is ignored there, so don't ship Linux remediations that ought to be confirmed.
Audit trail. Every save/toggle/delete is logged. Every agent-side result POST is logged with via='agent' and the device hostname so the activity log shows self-service usage at a glance.

Last updated: 2026-06-04. Feature ships in agent v2.4.20+.