From 174d4f7806a00fc66843aa7e89eab0a9d489d773 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Wed, 17 Jun 2026 13:44:52 -0700 Subject: [PATCH] dataforth: preserve fork operational context as clients/dataforth/CLAUDE.dataforth.md Relocated verbatim from .claude/CLAUDE.md so the ad2 fork stops editing the shared fleet harness doc. After rebase onto main, .claude/CLAUDE.md = the lean fleet version; Dataforth ops context lives here. Keeps future ad2 syncs clean. Co-Authored-By: Claude Opus 4.8 (1M context) --- clients/dataforth/CLAUDE.dataforth.md | 246 ++++++++++++++++++++++++++ 1 file changed, 246 insertions(+) create mode 100644 clients/dataforth/CLAUDE.dataforth.md diff --git a/clients/dataforth/CLAUDE.dataforth.md b/clients/dataforth/CLAUDE.dataforth.md new file mode 100644 index 00000000..059aed91 --- /dev/null +++ b/clients/dataforth/CLAUDE.dataforth.md @@ -0,0 +1,246 @@ +# ClaudeTools on AD2 (Dataforth Domain Controller) + +## Identity + +This is the AD2 workstation instance of ClaudeTools. This machine is a Windows Server on the Dataforth LAN (192.168.0.6). Your scope is Dataforth-only -- you do not need context about other clients. + +## NO EMOJIS + +Use ASCII markers: [OK], [ERROR], [WARNING], [SUCCESS], [INFO] + +--- + +## Git & Sync + +### Gitea Credentials (no 1Password on this machine) +- URL: https://git.azcomputerguru.com +- Username: mike@azcomputerguru.com +- Password: Gptf*77ttb123!@#-git +- URL-encoded password: Gptf%2A77ttb123%21%40%23-git +- API Token: 9b1da4b79a38ef782268341d25a4b6880572063f +- Remote: https://mike%40azcomputerguru.com:Gptf%2A77ttb123%21%40%23-git@git.azcomputerguru.com/azcomputerguru/claudetools.git + +### Branch: ad2 +This machine operates on the `ad2` branch. The main workstation merges into main. + +### /save behavior +Save session logs to `session-logs/YYYY-MM-DD-session-ad2.md` (note the -ad2 suffix). +After saving, commit and push to origin/ad2. + +### /sync behavior +``` +git fetch origin +git rebase origin/main +git push origin ad2 +``` + +--- + +## Dataforth Network + +| Host | IP | Role | Notes | +|------|-----|------|-------| +| AD1 | 192.168.0.27 | Primary DC | Disk at 90%, C:\Engineering = 787 GB | +| **AD2** | **192.168.0.6** | **This machine** | Secondary DC, TestDataDB, file shares | +| D2TESTNAS | 192.168.0.9 | SMB1 proxy for DOS | Debian 13, Samba, SSH root/Paper123!@#-nas | +| UDM | 192.168.0.254 | Gateway/Router | UniFi Dream Machine | +| ESXi-122 | 192.168.0.122 | Hypervisor | ESXi | +| ESXi-124 | 192.168.0.124 | Hypervisor | ESXi | +| DOS stations | TS-01 to TS-30+ | Test stations | DOS 6.22, QuickBASIC ATE software | + +### Credentials +- AD Sysadmin: INTRANET\sysadmin / Paper123!@# +- D2TESTNAS SSH: root@192.168.0.9 / Paper123!@#-nas +- D2TESTNAS Samba: guest access (no password) +- WINS/NPS: 192.168.0.27:1812/1813 +- M365 Tenant: 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584 +- Rsync daemon (NAS): port 873, module "test", user rsync / IQ203s32119 + +--- + +## Local Resources + +| Resource | Path | +|----------|------| +| TestDataDB app | C:\Shares\testdatadb\ | +| Test database | C:\Shares\testdatadb\database\testdata.db (SQLite, 2.2M+ records) | +| TestDataDB API | http://localhost:3000 | +| Parsers | C:\Shares\testdatadb\parsers\ (multiline.js, csvline.js, shtfile.js, spec-reader.js) | +| Templates | C:\Shares\testdatadb\templates\datasheet-exact.js | +| Import script | C:\Shares\testdatadb\database\import.js | +| Export script | C:\Shares\testdatadb\database\export-datasheets.js | +| Stage import | C:\Shares\testdatadb\import-all-stage.js | +| NAS share | \\D2TESTNAS\test (mapped as T:) | +| Datasheets share | X:\For_Web | +| ProdSW (BAT files) | C:\Shares\test\COMMON\ProdSW\ | +| Sync script | C:\Shares\test\scripts\Sync-FromNAS.ps1 (bidirectional, 15-min schedule) | + +--- + +## DOS Update System - Batch Files + +### Boot Sequence on DOS Machines +``` +AUTOEXEC.BAT (v4.1) + -> STARTNET.BAT (v2.0) -- init network, map T: and X: drives + -> ATESYNC.BAT + -> CTONW.BAT (v5.0) -- upload test data to network + -> CTONWTXT.BAT (v2.3) -- upload C:\STAGE\*.TXT to T:\STAGE\%MACHINE% + -> NWTOC.BAT (v5.0) -- download updates from network +``` + +### Current Production Versions (on AD2 & NAS) +| File | Version | Last Update | Purpose | +|------|---------|-------------|---------| +| AUTOEXEC.BAT | v4.1 | 2026-03-12 | Startup config | +| STARTNET.BAT | v2.0 | 2026-01-20 | Network init | +| NWTOC.BAT | v5.0 | 2026-03-16 | Download updates from network | +| CTONW.BAT | v5.0 | 2026-03-28 | Upload test data (5 steps with echo) | +| CTONWTXT.BAT | v2.3 | 2026-03-28 | Upload Stage TXT files (no MD, dirs pre-created) | +| CHECKUPD.BAT | v1.3 | 2026-01-20 | Check for updates | +| UPDATE.BAT | v2.3 | 2026-01-20 | Full system backup | +| STAGE.BAT | v1.0 | Original | Stage system file updates | +| DEPLOY.BAT | v1.0 | 2026-01-20 | One-time deployment installer | + +### DOS 6.22 Compatibility Rules +- NO `IF NOT` -- unreliable on DOS 6.22. Use positive `IF EXIST` with GOTO +- NO `IF /I` (case-insensitive compare) +- NO `FOR /F` loops +- NO `%COMPUTERNAME%` -- use `%MACHINE%` (set during DEPLOY) +- `XCOPY /D` requires date parameter (`/D:mm-dd-yy`) +- `MD` fails with error on existing directories -- pre-create dirs server-side +- `COPY` without `/Y` hangs on overwrite prompts +- All paths UPPERCASE for Samba compatibility +- Line endings MUST be CRLF (0D 0A) + +--- + +## Serial Number Encoding (DOS 8.3 filenames) + +QuickBASIC ATE encodes long serial numbers for 8.3 filenames: +``` +First 2 digits replaced with hex letter if serial too long: + 178236-12 -> H8236-12.TXT (17 -> H, charCode 72 - 55 = 17) + 10819-1 -> A819-1.TXT (10 -> A, charCode 65 - 55 = 10) + +Decode: letter.charCodeAt(0) - 55 = numeric prefix +Only applies when filename starts with [A-Z] followed by digits. + +H-prefix files have decoded SN inside the file (SN: 178236-12) +A-prefix files have encoded SN inside the file (SN: A819-1) -- must decode to 10819-1 +``` + +--- + +## Test Datasheet Pipeline + +### 5-Stage Architecture +1. **DOS Test Programs** -> Write DAT files to C:\ATE\*LOG\ and TXT to C:\STAGE\ +2. **Boot Upload** -> CTONW.BAT copies DAT to T:\%MACHINE%\LOGS\, CTONWTXT copies TXT to T:\STAGE\%MACHINE% +3. **NAS <-> AD2 Sync** -> Rsync every 15 min (Sync-FromNAS.ps1 scheduled task) +4. **TestDataDB Import** -> import.js parses DAT into SQLite; export-datasheets.js generates TXT to X:\For_Web +5. **Web Share** -> X:\For_Web\ holds validated datasheets (501K+ files) + +### import-all-stage.js (ready to run) +Located at `C:\Shares\testdatadb\import-all-stage.js`. Processes ~8,100 TXT files: +- Scans \\D2TESTNAS\test\STAGE\TS-*\*.TXT +- Decodes hex-prefix serial numbers +- Cross-references testdata.db by (serial_number, model_number) +- Inserts missing records as log_type='SHT' +- Copies to X:\For_Web\{decoded_serial}.TXT + +``` +cd C:\Shares\testdatadb +node import-all-stage.js +``` + +### Machine data volumes in STAGE +| Machine | Files | +|---------|-------| +| TS-4L | 3,082 | +| TS-4R | 2,741 | +| TS-1R | 509 | +| TS-8R | 478 | +| TS-3R | 435 | +| TS-11R | 325 | +| TS-8L | 285 | +| TS-11L | 248 | +| TS-27 | 10 (already imported) | +| TS-1L | 1 | + +### Web Share Layout (X:\) +- X:\For_Web -- Validated datasheets (production) +- X:\For_Web_PDF -- PDF versions (4.7K files) +- X:\Test_Datasheets -- Incoming/staging +- X:\Bad_Datasheets -- Invalid files (18K) +- X:\Datasheets_Log -- Processing logs + +--- + +## Known Issues & Pending Work + +### HIGH PRIORITY +1. **Run import-all-stage.js** -- 8,100 TXT files need cross-referencing and ingestion +2. **Website Upload Replacement** -- Old ASP.NET endpoints (Uploader.aspx) return 404. Need new approach. +3. **7B Series Datasheets** -- ~830K records can't generate datasheets (missing 7BMAIN.DAT spec file). Check ENGR share. +4. **Service Permissions** -- testdatadb runs as SYSTEM, causing file permission issues. Change to INTRANET\sysadmin. + +### MEDIUM PRIORITY +5. **C2 IP Blocking** -- iptables rules added to UDM for 80.76.49.18 and 45.88.91.99. Need permanent rules in UniFi UI. +6. **MFA Enforcement** -- 19/38 users ready. Report-only until April 4, 2026. Monitor registration. +7. **Joel Lohr Account** -- Retiring March 31. Disable account post-retirement. Auto-reply set to Dan Center. + +--- + +## Security Incident (2026-03-27) + +**DF-JOEL2 (192.168.0.143) compromised via phishing:** +- Joel Lohr clicked phishing link in personal Yahoo email +- ScreenConnect C2 installed, "Angel Raya" connected remotely +- Two C2 backdoors deployed via PowerShell +- C2 IPs: 80.76.49.18, 45.88.91.99 (AS399486, suspended by host) +- IC3 Complaint: 1c32ade367084be9acd548f23705736f +- ConnectWise Case: 03464184 +- **Remediation complete:** IPs blocked, 3 rogue clients removed, password reset, sessions revoked +- **No lateral movement detected** (32 machines scanned clean) + +--- + +## Key Contacts + +| Person | Email | Role | +|--------|-------|------| +| John Lehman | jlehman@dataforth.com | Engineering, QB code, test specs | +| Dan Center | dcenter@dataforth.com | Operations (replacing Joel) | +| Peter Iliya | pIliya@dataforth.com | Applications Engineer | +| AJ | dataforthgit@... | Engineering contact | +| Ken Hoffman | (unresponsive) | TestDataSheetUploader author | +| Georg Haubner | ghaubner@dataforth.com | Has pre-crypto backup on D: drive | + +--- + +## Quick Reference Commands + +```powershell +# Check BAT files on NAS +ssh root@192.168.0.9 'ls -la /data/test/COMMON/ProdSW/' + +# Trigger NAS sync +Start-ScheduledTask -TaskName 'Sync-FromNAS' + +# Check sync log +Get-Content 'C:\Shares\test\scripts\sync-from-nas.log' -Tail 20 + +# Check TestDataDB health +curl http://localhost:3000/health + +# Query test records +node -e "const db=require('better-sqlite3')('C:\\Shares\\testdatadb\\database\\testdata.db',{readonly:true});console.log(db.prepare('SELECT COUNT(*) as cnt FROM test_records').get())" + +# Check Stage files on NAS +ssh root@192.168.0.9 'find /data/test/STAGE -name "*.TXT" | wc -l' +``` + +--- + +**Last Updated:** 2026-03-29