From 28af9523438517b9fabffd150f4eef64687c31fd Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Sun, 21 Jun 2026 21:26:26 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-21 21:26:00 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-21 21:26:00 --- ...06-21-howard-security-assessment-deploy.md | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/session-logs/2026-06/2026-06-21-howard-security-assessment-deploy.md b/session-logs/2026-06/2026-06-21-howard-security-assessment-deploy.md index 30c4e703..c0485b9c 100644 --- a/session-logs/2026-06/2026-06-21-howard-security-assessment-deploy.md +++ b/session-logs/2026-06/2026-06-21-howard-security-assessment-deploy.md @@ -189,3 +189,49 @@ Two issues Howard found while using the live site, both fixed + deployed + verif ### Net Phone search works correctly (verified by Howard), wrong-customer risk eliminated, and the + New button prevents cross-record contamination. Site fully functional. + +--- + +## Update: 21:25 PT — onboarding/upsell questions + opportunity engine + Save-quote + quote delete + +Expanded the assessment per Howard ("what other questions to better integrate clients + gather upsell +data") plus quote lifecycle controls. All deployed to IX + verified live. + +### Save-quote + status +- Added a top-bar **Save quote** button + QUOTE badge; added a `status` column (default `quote`) to the + `assessments` table (ALTER on live DB + schema.sql). New saves are `quote` (unverified, never auto-synced); + UPDATE leaves status (preserves a future promotion). `list` returns status; Assessments list shows it. + +### New questions (Howard's "go with recommendations") +- Security-scored: **M365 license tier** (Basic/Standard -> upgrade to Business Premium; it unlocks MFA/CA/Intune/Defender). +- New **Other Services** section: VoIP (PacketDial), managed print, surveillance, web hosting. +- New **Onboarding & Sales Context** section (internal-only): current support model, existing agents to remove, + admin-access readiness, hardware age, cyber-insurance renewal timing, decision-maker, biggest frustration, planned changes. +- Plus WiFi coverage, internet failover, UPS. + +### Opportunity engine (the key design) +- New field-level `opportunity` block (parallel to `risk`): non-security upsells that fire on a `when` + trigger ({equals|in|includes|notIncludes}) and surface for SALES WITHOUT affecting the security grade. +- Engine mirrored JS (`computeScores` returns `opportunities`) + PHP (`score_assessment` + `opp_fires`). +- Export: INTERNAL shows an "Upsell opportunities" section (each -> ACG service); CLIENT view hides them + entirely. Wizard internal view shows them; client toggle hides. Verified: 6 opportunities fire on a weak + sample, security findings stay separate (2). + +### Quote lifecycle +- api `promote` (quote->active) + `delete` actions (ACG-gated). Assessments list: **Delete** works + (confirm + clears the loaded record if it's the one deleted); **Activate/make-live button DISABLED** per + Howard (live import to Syncro/RMM stays manual until wired; promote API is dormant/ready). + +### Problem hit +- First deploy shipped api.php + index.php but NOT the new questions.json -> opportunities/new questions didn't + appear live (OPPS=0). Root-caused via a CLI opp-debug (server questions.json was old). Deployed questions.json + (lint-gated) -> verified opportunities fire + new sections live. Lesson: deploy ALL changed files, incl. data. + +### Commits / state +- Submodule `0f6927b` (questions+engine+delete) on main; earlier this session `66eb7cb`/`3a2301b`/`3e3a9ab`/ + `f246091`/`a9c85a7`/`7a3dfb8`. claudetools pin `0f6927b` (HEAD `8713b46`). All live on IX, opcache flushed. +- Concurrent screenconnect WIP in the shared tree preserved through the pin rebases. + +### Still open +- Activate/promote UI intentionally disabled (wire live import later). FR-1 portal still deferred (auth decision). +- #1 RMM prefill deferred (infra). Optional: extend fieldcheck.cjs to validate `opportunity` fields.