From 21417c6c2016389f70370d345e5acfc0ce77726d Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Mon, 20 Apr 2026 11:47:10 -0700 Subject: [PATCH] sync: auto-sync from DESKTOP-0O8A1RL at 2026-04-20 11:47:09 Author: Mike Swanson Machine: DESKTOP-0O8A1RL Timestamp: 2026-04-20 11:47:09 --- clients/azcomputerguru-site/PROJECT_STATE.md | 73 ++++ clients/azcomputerguru-site/privacy.html | 404 +++++++++++++++++++ clients/azcomputerguru-site/terms.html | 386 ++++++++++++++++++ projects/msp-tools/guru-rmm | 2 +- 4 files changed, 864 insertions(+), 1 deletion(-) create mode 100644 clients/azcomputerguru-site/PROJECT_STATE.md create mode 100644 clients/azcomputerguru-site/privacy.html create mode 100644 clients/azcomputerguru-site/terms.html diff --git a/clients/azcomputerguru-site/PROJECT_STATE.md b/clients/azcomputerguru-site/PROJECT_STATE.md new file mode 100644 index 0000000..1428187 --- /dev/null +++ b/clients/azcomputerguru-site/PROJECT_STATE.md @@ -0,0 +1,73 @@ +# Arizona Computer Guru — Website & Hosting + +> Last updated: 2026-04-20 + +**Status:** ACTIVE + +--- + +## Infrastructure + +| Resource | Details | Vault path | +|----------|---------|------------| +| Website | https://azcomputerguru.com | — | +| Hosting | IX Web Hosting (ixwebhosting.com) | `infrastructure/ix-server.sops.yaml` | +| Control panel | cPanel | Login: `azcomputerguru` user via WHM create_user_session API (root creds in vault) | +| CMS/Platform | WordPress | DB: `azcomputerguru_acg2025`, table prefix: `Lvkai5BQ_` | +| Server | 172.16.3.10 (external: 72.194.62.5) | Rocky Linux, WHM port 2087 | + +**Accessing cPanel (workaround — forced password change loop on browser):** +```bash +ROOT_PASS=$(bash D:/vault/scripts/vault.sh get-field infrastructure/ix-server.sops.yaml credentials.password) +# Clear forced password change +curl -sk -u "root:$ROOT_PASS" "https://172.16.3.10:2087/json-api/modifyacct?api.version=1&user=azcomputerguru&FORCE_PASSWORD_CHANGE=0" +# Get fresh session URL +curl -sk -u "root:$ROOT_PASS" "https://172.16.3.10:2087/json-api/create_user_session?api.version=1&user=azcomputerguru&service=cpaneld" | jq -r '.data.url' +``` + +**cPanel notes:** +- cPanel Fileman UAPI `save_file_content` works with `dir` (relative to homedir) + `file` params +- SSH from Windows: Windows id_ed25519 key NOT in authorized_keys; use WHM API as workaround +- WP admin user: `mike` (password TempWP2026! — temp, vault at reset) +- WP previous password was `Paper123!@#` (seen in browser autofill) + +**Design notes:** +- Primary color: orange `#F5821F` +- Secondary: dark charcoal/navy `#2B3A4A` +- Orange horizontal rule lines as section dividers +- Barlow / Barlow Condensed font family +- Mobile-first with hamburger nav + +--- + +## Live Files + +| URL | Server path | Status | +|-----|-------------|--------| +| https://azcomputerguru.com/privacy/ | `/public_html/privacy/index.html` | LIVE | +| https://azcomputerguru.com/terms/ | `/public_html/terms/index.html` | LIVE | + +Local copies: `clients/azcomputerguru-site/privacy.html`, `clients/azcomputerguru-site/terms.html` + +**Note:** `/privacy` (no trailing slash) 301-redirects to `/privacy/` — Apache serves these as static files, bypassing WordPress routing entirely. + +--- + +## Pending / Next Up + +- [x] Deploy privacy.html → https://azcomputerguru.com/privacy/ +- [x] Deploy terms.html → https://azcomputerguru.com/terms/ +- [ ] Add URLs to ComputerGuru AI Remediation app registration (portal.azure.com → App registrations → Branding & properties → Terms of service URL + Privacy statement URL) +- [ ] Vault cPanel credentials at `clients/azcomputerguru/cpanel.sops.yaml` +- [ ] Add Windows SSH key to authorized_keys on 172.16.3.10 (root@) +- [ ] Reset mike WP password to something permanent and vault it + +--- + +## Recent Changes + +| Date | By | Change | Status | +|------|-----|--------|--------| +| 2026-04-20 | Mike | Created privacy.html + terms.html for ComputerGuru AI Remediation Entra app | COMPLETE | +| 2026-04-20 | Claude | Deployed as static dirs `/public_html/privacy/index.html` + `/public_html/terms/index.html` | COMPLETE | +| 2026-04-20 | Claude | Publisher verification applied to Entra app (MPN 6149186 → Arizona Computer Guru LLC) | COMPLETE | diff --git a/clients/azcomputerguru-site/privacy.html b/clients/azcomputerguru-site/privacy.html new file mode 100644 index 0000000..c00396f --- /dev/null +++ b/clients/azcomputerguru-site/privacy.html @@ -0,0 +1,404 @@ + + + + + + Privacy Policy — Arizona Computer Guru LLC + + + + + + + +
+
+ + +
+
+
+ +
+
Legal & Compliance
+

Privacy Policy

+

ComputerGuru — AI Remediation Application  •  Effective April 20, 2026

+
+
+ +
+ +
+

This Privacy Policy describes how Arizona Computer Guru LLC ("ACG," "we," "us") accesses and handles Microsoft 365 tenant data through our internal security tool, the ComputerGuru — AI Remediation application (Microsoft Entra App ID: fabb3421-8b34-484b-bc17-e46de9703418). This application is a multi-tenant Microsoft Graph API application used exclusively by authorized ACG technicians.

+
+ +
+
+ 01 +

What This Application Is

+
+
+

The ComputerGuru AI Remediation application is an internal MSP security tool used by Arizona Computer Guru LLC technicians to perform point-in-time security investigations on client Microsoft 365 tenants. It is not a commercial software product and is not available to the general public.

+

The application accesses client tenants exclusively through Microsoft admin consent, granted by the client organization's global administrator. Access is never obtained without explicit, verified authorization from the client organization.

+
+ +
+
+ 02 +

What Data Is Accessed

+
+
+

When performing a security investigation, the application may read the following data from the client Microsoft 365 tenant via Microsoft Graph API and Exchange REST API:

+
    +
  • Sign-in logs and authentication history (interactive sign-ins, 30-day window)
    • +
  • Mailbox inbox rules, including rules not visible through standard Outlook interfaces
    • +
  • Mailbox forwarding configuration (ForwardingAddress, ForwardingSmtpAddress)
    • +
  • Mailbox delegate permissions and SendAs grants
    • +
  • OAuth2 permission grants and application role assignments for individual users
    • +
  • Registered authentication methods (MFA methods, creation dates)
    • +
  • Directory audit logs (30-day window, scoped to the investigated user)
    • +
  • Identity Protection risky user signals and risk detections
    • +
  • Recent sent items and deleted items (read for anomaly detection; limited to 25 items)
    • +
  • Basic user profile attributes (display name, UPN, account status, password change dates)
    • +
+
+ +
+
+ 03 +

How Data Is Used

+
+
+

Data accessed through this application is used solely for the following purposes:

+
    +
  • Identifying indicators of account compromise, unauthorized access, or credential theft
    • +
  • Detecting malicious inbox rules, unauthorized forwarding, or suspicious OAuth grants
    • +
  • Producing a written security investigation report delivered to the client organization
    • +
  • Performing authorized remediation actions (session revocation, forwarding removal, etc.) at the client's explicit request
    • +
+ +
+

Data is not stored. All data accessed through this application remains within the technician's active work session. Raw API responses are written to temporary local storage (/tmp/remediation-tool/) and are not transmitted to any external server, database, or third-party service. Temporary files are not retained beyond the work session.

+
+
+ +
+
+ 04 +

Data Retention & Storage

+
+
+

Arizona Computer Guru LLC does not maintain a persistent database of client Microsoft 365 data obtained through this application. Specifically:

+
    +
  • No client mailbox content is retained after the investigation session
    • +
  • No sign-in log data is stored in ACG systems beyond the session
    • +
  • Investigation reports are retained in ACG's secure, encrypted internal systems as part of the client service record, consistent with standard MSP documentation practices
    • +
  • Client data is never sold, licensed, or shared with any third party
    • +
+
+ +
+
+ 05 +

Authorization & Access Control

+
+
+

This application operates exclusively under the following access controls:

+
    +
  • Admin consent required: The application cannot access any tenant without a global administrator explicitly approving access through Microsoft's admin consent flow
    • +
  • Authorized technicians only: Only credentialed Arizona Computer Guru LLC staff members have access to the application credentials and tooling
    • +
  • On-demand only: The application does not run continuously or on a schedule. It is invoked only when an authorized investigation is in progress
    • +
  • Consent revocable: Client organizations may revoke access at any time through their Microsoft Entra admin center (Enterprise Applications → ComputerGuru AI Remediation → Delete)
    • +
+
+ +
+
+ 06 +

Contact & Consent Revocation

+
+
+

For questions about this privacy policy, to request information about what data was accessed during an investigation, or to revoke consent:

+
+

Arizona Computer Guru LLC

+

Email: mike@azcomputerguru.com

+

Phone: (520) 526-9974

+

Website: azcomputerguru.com

+

To revoke application access directly: Microsoft Entra admin center → Enterprise Applications → ComputerGuru AI Remediation → Properties → Delete

+
+
+ +
+
+ 07 +

Changes to This Policy

+
+
+

Arizona Computer Guru LLC may update this privacy policy as the application's capabilities or our data practices change. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated to active clients.

+
+ +
+ +
+ + + + diff --git a/clients/azcomputerguru-site/terms.html b/clients/azcomputerguru-site/terms.html new file mode 100644 index 0000000..036f209 --- /dev/null +++ b/clients/azcomputerguru-site/terms.html @@ -0,0 +1,386 @@ + + + + + + Terms of Service — Arizona Computer Guru LLC + + + + + + + +
+
+ + +
+
+
+ +
+
Legal & Compliance
+

Terms of Service

+

ComputerGuru — AI Remediation Application  •  Effective April 20, 2026

+
+
+ +
+ +
+

These Terms of Service govern access to and use of the ComputerGuru — AI Remediation application (Microsoft Entra App ID: fabb3421-8b34-484b-bc17-e46de9703418), a multi-tenant Microsoft Graph API application operated by Arizona Computer Guru LLC ("ACG"). By granting admin consent to this application, the consenting organization agrees to these terms.

+
+ +
+
+ 01 +

Authorized Use Only

+
+
+

This application is an internal MSP security tool operated exclusively by Arizona Computer Guru LLC. It is not a commercial product and is not licensed to third parties. Access to the application's credentials, tooling, and client session data is restricted to credentialed ACG technicians.

+
+

Unauthorized use is prohibited. Any attempt to access, replicate, reverse-engineer, or misuse this application outside of an authorized ACG service engagement is a violation of these terms and may violate applicable computer fraud and data protection laws.

+
+
+ +
+
+ 02 +

Client Admin Consent

+
+
+

The application accesses client Microsoft 365 tenants exclusively through Microsoft admin consent, granted by the client organization's global administrator through the standard Microsoft Entra admin consent flow. By completing the consent process, the consenting organization:

+
    +
  • Confirms they are a global administrator or have been delegated authority to grant admin consent on behalf of their organization
    • +
  • Authorizes ACG technicians to access the data types listed in the Privacy Policy for the purpose of security investigation and authorized remediation
    • +
  • Understands that this authorization may be revoked at any time through the Microsoft Entra admin center
    • +
+

ACG will not access a client tenant through this application without a prior service agreement or explicit client request for a security investigation.

+
+ +
+
+ 03 +

Scope of Use

+
+
+

ACG agrees to use this application only for the following purposes on behalf of the consenting organization:

+
    +
  • Performing security investigations to identify account compromise, unauthorized access, or malicious configuration changes
    • +
  • Detecting and documenting malicious inbox rules, forwarding, OAuth grants, or other indicators of breach
    • +
  • Executing authorized remediation actions (such as session revocation or rule removal) at the explicit request of the client organization
    • +
  • Producing written investigation reports for delivery to the client
    • +
+

ACG will not use this application to access tenant data for any purpose outside of an active, authorized service engagement with the consenting organization.

+
+ +
+
+ 04 +

Data Handling & Third Parties

+
+
+

ACG does not share, sell, license, or transmit client Microsoft 365 data obtained through this application to any third party. Specifically:

+
    +
  • Raw API data is processed locally within the ACG technician's session and is not uploaded to any external platform
    • +
  • Investigation reports may be stored in ACG's secure internal systems as part of the client service record
    • +
  • No client tenant data is used for any purpose other than the service engagement for which consent was granted
    • +
  • ACG's internal data handling practices are governed by our broader client service agreement and applicable data protection obligations
    • +
+
+ +
+
+ 05 +

Revoking Access

+
+
+

The consenting organization may revoke this application's access to their tenant at any time without notice to ACG. To revoke:

+
    +
  • Sign in to the Microsoft Entra admin center (entra.microsoft.com) as a global administrator
    • +
  • Navigate to Enterprise Applications
    • +
  • Search for ComputerGuru AI Remediation
    • +
  • Select the application and click Delete or Disable
    • +
+

Revocation takes effect immediately. ACG will no longer be able to obtain tokens for the tenant after consent is revoked.

+
+ +
+
+ 06 +

Disclaimer of Warranties

+
+
+
+

The ComputerGuru AI Remediation application is provided "as-is" for MSP security operations. Arizona Computer Guru LLC makes no warranty, express or implied, regarding the completeness, accuracy, or fitness for a particular purpose of any investigation findings produced by this tool.

+

Security investigations reflect data available at the time of the investigation. ACG is not liable for security incidents that occur before, during, or after an investigation, or for any damages arising from reliance on investigation findings.

+
+
+ +
+
+ 07 +

Governing Law

+
+
+

These terms are governed by the laws of the State of Arizona. Any disputes arising from the use of this application shall be subject to the jurisdiction of the courts of Pima County, Arizona.

+
+ +
+
+ 08 +

Contact

+
+
+

Questions about these terms or about how this application is used on your behalf:

+
+

Arizona Computer Guru LLC

+

Email: mike@azcomputerguru.com

+

Phone: (520) 526-9974

+

Website: azcomputerguru.com

+
+
+ +
+ +
+ + + + diff --git a/projects/msp-tools/guru-rmm b/projects/msp-tools/guru-rmm index 81eecdd..293fa53 160000 --- a/projects/msp-tools/guru-rmm +++ b/projects/msp-tools/guru-rmm @@ -1 +1 @@ -Subproject commit 81eecddf3a41381bb8edbc7f0e1a97fc563c0734 +Subproject commit 293fa5334493f47824800953114b8b6596f1dd37