Session log — Zoom Companion, DEVLOG catch-up and v0.9.1 / v0.9.2 fixes

InternalView platform →
← Overview

Session log — Zoom Companion · Session, 16 May 2026, DEVLOG catch-up, OBF investigation, v0.9.1 leave-fix, v0.9.2 OBF→ZAK fallback

16 May 2026 · Hasmukh with Claude · auto-published from the local journal entry. A polished narrative version can be requested in any future Claude session.

Summary

  • Hasmukh asked to resume work on Camera Monitor, noting that the latest was v0.9.0.
  • On opening the project, package.json confirmed v0.9.0 and a v0.9.0 DMG was already built in dist/ (built earlier in the day), but DEVLOG.md and CLAUDE.md were both still stuck at v0.3.1 from 2026-05-11. The cross-machine handoff convention had broken across six version bumps.
  • First doc pass was made from source alone and produced a single-blob catch-up entry. Hasmukh then pointed at an authoritative project memory file at ~/.claude/projects/-Users-hasmukhgajjar-Library-Mobile-Documents-com-apple-CloudDocs-44-CLAUDE-Zoom-Apps/memory/project_camera_status_app.md, which lives under a different auto-memory directory key (Zoom-Apps) than this project's CWD (Zoom-Companion). That memory file held the full version history and the genuine open question from end of last session.
  • Reworked the doc catch-up using the memory file as source of truth: six summary-level per-version DEVLOG entries (v0.4 to v0.9), tightened CLAUDE.md with the Shape A + OBF + ZAK fallback framing, Marketplace app details, errorCode 3051 disambiguation, and concrete OAuth token storage path.
  • Wrote a reference memory under this project's own auto-memory directory pointing at the Zoom-Apps location, so future sessions on this project find the project memory at session start.
  • Then drove the OBF investigation with three live test runs against a Mobilearn-hosted meeting, OAuth user hasmukh@os.org.za, host hello@mobilearn.africa. Tests A, B, C documented below.
  • During Test B's reset, discovered a regression: client.leave() does not exist on the @zoom/meetingsdk Embedded client, throws a silently-caught TypeError, and the system has been falling through to the slower location.reload() fallback for the whole v0.9.0 release. Patched to client.leaveMeeting(), bumped to v0.9.1, built new DMG.

Decisions

  • Reset the doc work using the memory file as the source of truth rather than guessing from source. Split a single catch-up DEVLOG entry into six per-version summaries because the user prefers per-version detail to live in the published session logs rather than be duplicated in DEVLOG.
  • Did not touch [OPERATOR-GUIDE.md](../OPERATOR-GUIDE.md) or [OPERATOR-GUIDE.html](../OPERATOR-GUIDE.html) in the first pass because they already referenced v0.9.0 correctly. Later, both were bumped to v0.9.1 to match the bug-fix release.
  • Verified Test A baseline first (OBF + auth OFF + operator present) before progressing to the harder cases, because we needed to know OBF could succeed at all in the current setup before drawing conclusions from failures.
  • After Test C produced the same errorCode 3051 as the earlier ambiguous test had, decided NOT to remove OPERATOR-GUIDE Rule 2a. The rule documents an actual Zoom-side limitation, not a workaround for an in-flight bug.
  • For the leave bug: chose the minimal fix (one-line rename to client.leaveMeeting()) rather than restructuring the teardown logic. The reload-based fallback stays in place as a defence in depth.
  • Bumped only the patch version (0.9.0 to 0.9.1) since this is a pure bug fix with no behaviour change for the operator beyond a more reliable Leave button.

Changes made

Documentation

  • Updated [CLAUDE.md](../CLAUDE.md): current version line bumped to v0.9.1 with note about the leave-teardown fix; OBF flow section rewritten to call out the new "no impersonation in roster" finding and the corrected client.leaveMeeting() API; added Marketplace apps section with both Camera Status Companion and Camera Monitor S2S details; added errorCode 3051 disambiguation entry; concrete OAuth token storage path written as ~/Library/Application Support/Camera Monitor/oauth-tokens.enc; file map updated for sessions-log and OPERATOR-GUIDE.
  • Updated [DEVLOG.md](../DEVLOG.md): six per-version summary entries for v0.4 to v0.9 (per-version detail lives in published session logs on documentation.mobilearn.africa); new v0.9.1 entry covering the OBF test matrix and the leave bug fix.
  • Updated [OPERATOR-GUIDE.md](../OPERATOR-GUIDE.md) and [OPERATOR-GUIDE.html](../OPERATOR-GUIDE.html): all v0.9.0 references replaced with v0.9.1.
  • Created [~/.claude/projects/-Users-hasmukhgajjar-Library-Mobile-Documents-com-apple-CloudDocs-44-CLAUDE-Zoom-Companion/memory/reference_camera_monitor_project_memory.md](~/.claude/projects/-Users-hasmukhgajjar-Library-Mobile-Documents-com-apple-CloudDocs-44-CLAUDE-Zoom-Companion/memory/reference_camera_monitor_project_memory.md) (and the matching MEMORY.md index) pointing at the authoritative project memory file under the Zoom-Apps directory key.
  • Updated the project memory file at Zoom-Apps: frontmatter description, status section, version history (v0.9.1 added), critical lesson #3 (client.leave clarified), critical lesson #18 (errorCode 3051 disambiguated with live evidence), DMG filename reference, "how to resume" section.

Code

  • Patched [renderer/renderer.js](../renderer/renderer.js) at line 815: client.leave()client.leaveMeeting() (with surrounding log lines updated to match). Added a code comment noting the previous regression so future readers understand the fix.
  • Bumped [package.json](../package.json) version to 0.9.1.

Build

  • Ran npm run dist:dmg and produced dist/Camera Monitor-0.9.1-arm64.dmg (130 MB, exit code 0, electron-builder 25.1.8 + electron 33.4.11). DMG is unsigned as designed (identity null for internal distribution).

OBF test matrix (the heart of the session)

Against a Mobilearn-hosted meeting; OAuth user hasmukh@os.org.za; host hello@mobilearn.africa:

| Test | Meeting auth | Operator (hasmukh@os.org.za) present at Join click | OBF outcome | Bot in host roster | |---|---|---|---|---| | A | OFF | Yes | Joined cleanly | "Camera Monitor" (not impersonated) | | B | OFF | No | Joined cleanly (presence check not enforced when auth is OFF) | "Camera Monitor" | | C | ON | Yes | Rejected with errorCode 3051 — Require login | n/a |

The end-of-prior-session "mystery join" was Test B's behaviour: OBF was genuinely used, no silent ZAK fallback. The silent ZAK fallback path in code only fires when getOBFToken() itself returns null, not when client.join({ obfToken }) rejects.

Side-finding: the displayName fallback in upsertUser fired during both A and B, filtering the bot out of its own roster. The bot showed up in roster events with a userId different from what getCurrentUser() returned. Lesson 7 in the memory file is load-bearing.

v0.9.2 — OBF→ZAK fallback (later the same evening)

After v0.9.1 verification, Hasmukh tested the production scenario of "Mobilearn-hosted + auth ON + operator authorised via OAuth" in the v0.9.1 packaged app. The join failed with errorCode 3051 because OBF is preferred over ZAK when authorised, and OBF + auth-required rejects (as Test C had already shown). So any operator who had authorised OAuth had lost access to auth-required Mobilearn meetings — a regression introduced by v0.8's OBF support that wasn't apparent until this session.

To confirm ZAK was still functional for auth-required Mobilearn meetings, Hasmukh signed out of OAuth in v0.9.1 and re-joined the same meeting. It worked. So the issue was purely the join logic preferring OBF when ZAK would have worked.

Fix in [renderer/renderer.js:715](../renderer/renderer.js:715): wrap client.join() in a try/catch; if OBF was used and the error has errorCode === 3051, fetch ZAK and retry once with zak instead. About 20 lines. The same client instance is reused for the retry (the SDK accepts a second join() after a rejected one, no re-init() needed in practice). Added explicit log lines and a UI status Retrying with Mobilearn identity (ZAK)… so the path is visible.

Bumped to v0.9.2. OPERATOR-GUIDE version references updated. Built dist/Camera Monitor-0.9.2-arm64.dmg (130 MB, exit code 0).

v0.9.2 live verification (later still the same evening)

Installed dist/Camera Monitor-0.9.2-arm64.dmg, re-authorised OAuth as hasmukh@os.org.za, clicked Join on the auth-on Mobilearn-hosted meeting. User-visible sequence was "joined, then said failed briefly, then retried and joined" — the expected signature of the OBF → ZAK fallback path firing. The "failed" message Hasmukh saw was the transient catch-block state before the retry's success replaced it. Confirms the SDK accepts a second client.join() on the same client instance after a rejected one, so no client.init() reset is needed in the catch handler.

v0.9.2 is the shippable build. All three of v0.9.0, v0.9.1, v0.9.2 DMGs are in dist/. v0.9.2 supersedes the others.

End-of-session conundrum (deferred to next session as v0.10.0)

While Hasmukh was working through the join-rule taxonomy with me, he realised that he runs TWO Zoom accounts — mobilearn.africa AND medilearn.africa. Camera Monitor is currently mono-tenant against mobilearn (the bot user is cameramonitor@mobilearn.africa, the S2S OAuth app is on the Mobilearn account). So for a meeting hosted on the medilearn.africa account with auth ON, neither path works — no medilearn identity is available to satisfy the auth requirement.

Agreed fix is dual-tenant ZAK: provision a cameramonitor@medilearn.africa bot user + a Medilearn-side S2S OAuth app, add a second ZAK fetch path in main.js, and extend the renderer's fallback chain to OBF → Mobilearn ZAK → Medilearn ZAK → guest. This will ship as v0.10.0 (feature release, not patch).

Deferred to tomorrow because it's late. Step-by-step setup guide drafted at [../NEXT-SESSION-medilearn-setup.md](../NEXT-SESSION-medilearn-setup.md):

  • Phase A — Hasmukh provisions the bot user + Server-to-Server OAuth app on the medilearn.africa Zoom account (about 20 min admin work).
  • Phase B — manual curl test to confirm the new credentials successfully fetch a ZAK for the medilearn bot.
  • Phase C — code changes (we do this together once A and B are confirmed).

DEVLOG and project memory both flagged so tomorrow's session opens straight into this task.

Follow-ups

  • v0.10.0 dual-tenant ZAK as per the guide above (PRIMARY task for next session).
  • The leave fix from v0.9.1 carries through to v0.9.2 (same code, no changes in that area). Worth a quick confirmation in operator use that Leave is still snappy after the v0.9.2 join changes.
  • Re-authorisation is needed on every upgrade because packaged-app userData dir is per-install. Worth a note in the operator announcement.
  • The "OBF + auth-required external host" combination is still unsupported (no ZAK is available for external accounts). This is a fundamental Zoom-side limitation; OPERATOR-GUIDE Rule 2a stays.
  • Process: DEVLOG slipped for six versions before this session. Consider either automating the append via a SessionStop hook, or demoting DEVLOG to a once-per-release changelog with sessions-log/ carrying the per-session detail.
  • All OBF investigation questions are closed. Next direction is for Hasmukh to decide: Shape B (server-side bot via Recall.ai or self-hosted), further polish (cosmetic txt-log alignment, adding user:read scope for a nicer operator banner), publishing the Marketplace app for non-Mobilearn organisations to use it, or returning to studio production use of v0.9.1 as-is.
  • Process: DEVLOG slipped for six versions before this session. Consider automating the append via a SessionStop hook, or demoting DEVLOG to a once-per-release changelog with sessions-log/ carrying the per-session detail (it already has a publish hook).