diff --git a/.claude/commands/mailbox.md b/.claude/commands/mailbox.md index 8b53a9a3..db5e3d8e 100644 --- a/.claude/commands/mailbox.md +++ b/.claude/commands/mailbox.md @@ -21,7 +21,7 @@ Read and send mail for an Arizona Computer Guru mailbox via Microsoft Graph, usi Microsoft Graph access to ACG's own mailboxes (azcomputerguru.com tenant). Reading is unrestricted; **sending and replying are always gated** behind a full draft preview + explicit confirmation. Sends go out *as* the mailbox owner (your `From:`), saved to your Sent Items. -**Scope boundary:** this is for ACG's OWN mailboxes (the dedicated mailbox app, azcomputerguru.com only). For reading a CLIENT tenant's mailboxes (breach checks, rule audits), use `/remediation-tool` — the tiered Security Investigator / Exchange Operator apps, different apps and purpose. +**Scope boundary (by design — kept split, decided 2026-06-21):** this is for ACG's OWN mailboxes only. The ComputerGuru Mailbox app (`1873b1b0`) is **single-tenant (azcomputerguru.com)** — it has no service principal in client tenants, so `/mailbox` structurally cannot read or send for clients. For a CLIENT tenant's mail (breach checks, rule audits, IR victim-notification sends), use `/remediation-tool` — the multi-tenant suite, where **Exchange Operator (`b43e7342`) holds `Mail.Send`**. The two stay separate on purpose: own-mail rides a least-privilege ACG-only app, not the suite's tenant-wide EXO-write app. ## API Configuration diff --git a/.claude/memory/feedback_365_remediation_tool.md b/.claude/memory/feedback_365_remediation_tool.md index 0e626efc..0c5f0a0d 100644 --- a/.claude/memory/feedback_365_remediation_tool.md +++ b/.claude/memory/feedback_365_remediation_tool.md @@ -10,6 +10,8 @@ When the user says "365 remediation tool" or "remediation tool", they mean ACG's **DELETED — gone, do not reference:** `fabb3421` ("AI Remediation" / "Claude-MSP-Access", secret `msp-tools/claude-msp-access-graph-api.sops.yaml`). Removed from the azcomputerguru.com tenant **2026-06-14**; every token request now returns **AADSTS700016**. It previously had ~159 perms incl. Defender ATP (admin consent broke with AADSTS650052 on no-MDE tenants). Any skill still pointing at it is broken — repoint to the suite. (Original deprecation: 2026-05-27 Quantum onboarding.) +**ARCHITECTURE — two mail paths, kept SPLIT on purpose (decided 2026-06-21, Mike).** `/mailbox` (ACG own-mail) uses the single-tenant `1873b1b0` app; CLIENT mail send uses the suite's Exchange Operator `b43e7342`. They CANNOT be merged onto `/mailbox` because `1873b1b0` is single-tenant (azcomputerguru.com only) — it has no SP in client tenants. The reverse merge (everything on exchange-op, which IS multi-tenant + already has Mail.Send + consented in the ACG home tenant since 2026-06-05) was considered and rejected: it would put casual own-mail on a tenant-wide EXO-write remediation app (privilege creep) and lose `Contacts.ReadWrite` (exchange-op doesn't have it). Least-privilege wins — keep the split. + **MAIL.SEND ALREADY EXISTS IN THE SUITE — settled, NOT an open decision (do not re-raise).** The **Exchange Operator** tier (`exchange-op`, `b43e7342-5b4b-492f-890f-bb5a4f7f40e9`) holds Graph **`Mail.Send` + `Mail.ReadWrite` + `MailboxSettings.ReadWrite`**. The suite CAN send mail in any consented tenant via Graph `POST /users//sendMail` (IR victim-notification). No separate app to provision, nothing "blocked", no pending click-through. Watch the token-audience gotcha below (line on Exchange-Online vs Graph audience). This replaced the deleted `fabb3421` for IR mail; `/mailbox` (ACG own-mail) separately uses the dedicated app `1873b1b0` (next paragraph). **ACG OWN-mailbox reads/sends (`/mailbox`) — dedicated app `1873b1b0-3377-485c-a848-bae9b2f8f1f5`** ("ComputerGuru Mailbox", vault `msp-tools/computerguru-mailbox.sops.yaml`, Mail.ReadWrite + Mail.Send + Contacts.ReadWrite, azcomputerguru.com single-tenant). Token via `get-token.sh azcomputerguru.com mailbox` (a tier in get-token.sh; cert-preferred). This is what REPLACED fabb3421 for `/mailbox`. Its SP is **disabled when idle** → a token 401 "account is disabled" means enable the SP first. (`/mailbox` command doc repointed to it 2026-06-17 — it had been left on the dead fabb3421.)