sync: auto-sync from GURU-5070 at 2026-06-05 16:44:08

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-05 16:44:08

.claude/memory/MEMORY.md

@@ -53,6 +53,7 @@
 - [Check patterns before asking](feedback_check_patterns_before_asking.md) — Before asking how to do something repeat-style (sync, save, sweep, billing), study existing artifacts and workflow docs first; reach for similar past artifacts as the template.
 - [Pricing verification — no guessing](policy_pricing_verification.md) — ANY cost presented to the team or a client MUST be verified via live web lookup (WebFetch/WebSearch, fallback to headless Chrome). Never estimate from training data. Cite source + date inline. If unreachable, say so — do NOT substitute a guess.
 - [Client communication tone](feedback_client_tone.md) — How to write client-facing Syncro comments — expert partner, not intake questionnaire.
+- [Default to inline links](feedback_inline_links.md) — Use `[text](url)` inline markdown links (clickable, wrap-safe) not bare URLs in code fences; exception = raw URL the user must copy/paste.
 - [Add Mike as owner on all Entra apps](feedback_entra_app_owner.md) — Apps created via management SP have no user owner — must add Mike manually or publisher verification fails.
 - [No TOML/config file approach for endpoints](feedback_no_toml_config_endpoints.md) — User explicitly prohibits TOML or config-file-based endpoint configuration — this will never be approved.
 - [Python on Windows — use py launcher](feedback_python_windows.md) — Windows Store python/python3 aliases disabled; always use py or jq on DESKTOP-0O8A1RL.

.claude/memory/feedback_inline_links.md

@@ -0,0 +1,12 @@
+---
+name: feedback_inline_links
+description: Default to inline markdown links [text](url) in responses, not bare URLs in code fences (they wrap unclickably in the terminal)
+metadata:
+  type: feedback
+---
+
+Default to inline markdown links — `[short descriptive text](https://full-url)` — in terminal responses. The Claude Code terminal renders these as OSC 8 hyperlinks: only the short anchor shows and it stays clickable regardless of terminal width. Bare URLs inside code fences are NOT hyperlinked and hard-wrap into unselectable fragments.
+
+**Why:** Mike asked (2026-06-05) to stop breaking long links (e.g. M365 admin-consent URLs) on linewrap.
+
+**How to apply:** Use `[text](url)` by default. Exception — when the user needs to COPY a raw URL (paste into an email, hand to a client GA, etc.), put it in a code block instead, since inline links hide the raw target (clickable vs. copyable tradeoff). Raw URLs printed by a script's stdout that I'm merely relaying can't be marked up and will still wrap.

.claude/skills/remediation-tool/references/tenants.md

@@ -52,6 +52,7 @@ After full onboarding, update the Onboarded column below.
 | Tucson Mountain Motors | tucsonmountainmotors.com | ffdabd05-236b-4666-a7f5-cc40ae9f9122 | NO | |
 | Valley Wide Plastering | valleywideplastering.com | 5c53ae9f-7071-4248-b834-8685b646450f | NO | Old app only |
 | Von's Carstar | vonscarstar.com | 53de51b9-a063-4f46-88ff-7c3468828ed9 | NO | |
+| Wolkin, Robert | rswolkin.com | ceb6dbe7-82c8-4d8f-9c6b-49aa26208e9b | YES | All apps consented + roles assigned 2026-06-05 (Tenant Admin CA Admin; Sec Inv + Exch Op Exchange Admin; User Mgr User Admin + Auth Admin); no MDE; 2 users |
 
 ## Tenant Admin Consent URLs (batch)
 

clients/rswolkin/session-logs/2026-06-05-julie-guda-provisioning.md

@@ -0,0 +1,41 @@
+# rswolkin.com — Tenant Onboarding + Julie Guda Provisioning
+
+## User
+- **User:** Mike Swanson (mike)
+- **Machine:** GURU-5070
+- **Role:** admin
+- **Date:** 2026-06-05
+
+## Summary
+Onboarded the rswolkin.com M365 tenant into ACG's ComputerGuru app suite (365 tools), then provisioned a new user — Julie Guda — as Robert Wolkin's executive assistant, at Winter's request.
+
+## Tenant
+- **Org:** Wolkin, Robert
+- **Domain:** rswolkin.com (primary, verified) / rswolkin.onmicrosoft.com
+- **Tenant ID:** ceb6dbe7-82c8-4d8f-9c6b-49aa26208e9b
+- **Onboarded:** 2026-06-05 — all 5 apps consented, directory roles assigned (Tenant Admin = Conditional Access Administrator; Security Investigator + Exchange Operator = Exchange Administrator; User Manager = User Administrator + Authentication Administrator). No MDE license → Defender Add-on skipped. Recorded in `.claude/skills/remediation-tool/references/tenants.md`.
+- **Existing users (pre-Julie):** Mike Swanson `admin@rswolkin.onmicrosoft.com` (ACG admin, unlicensed); Robert Wolkin `robert@rswolkin.com` (Exchange Standard).
+- **Licenses:** O365 Business Premium had 1 free seat (now used by Julie); Exchange Standard fully consumed.
+
+## Julie Guda — account
+- **UPN / sign-in:** julie@rswolkin.com
+- **Object ID:** acaeb49c-6264-4d7e-bf10-d1cda6049b10
+- **Initial password (customer-requested):** Jaylen0607!  (forceChangeAtNextSignIn = false)
+- **License:** O365 Business Premium (skuId f245ecc8-75af-4f8e-b61f-27d8114de5f3)
+- **Usage location:** US
+- **Recovery email (otherMails):** JulieAnneGuda@gmail.com
+- **Mobile:** 702-624-3765 (also pre-registered as MFA phone method, id 3179e48a-750b-4051-897c-87b9720928f7)
+
+## Access granted (EA for Robert Wolkin)
+- **Robert's Calendar:** Julie = Editor + Delegate (receives/manages meeting requests)
+- **Robert's Contacts:** Julie = Editor
+- **Send-on-Behalf:** robert@rswolkin.com GrantSendOnBehalfTo includes Julie (messages appear "Julie Guda on behalf of Robert Wolkin")
+
+## Pending / tomorrow
+- Confirm with Winter/Robert whether EA should have **Send As** (appear purely as Robert) instead of/in addition to Send-on-Behalf, and whether she needs **Full Access** to triage Robert's inbox.
+- Optional baseline breach/hygiene sweep of the tenant (inbox rules, forwarding, OAuth consents, risky sign-ins) now that it's onboarded.
+- Verify Julie's first sign-in + MFA enrollment went smoothly.
+
+## Reference
+- Apps/tiers + scripts: `.claude/skills/remediation-tool/` (get-token.sh, onboard-tenant.sh). Tenant tracker: `references/tenants.md`.
+- Tools used: User Manager (create/license/MFA), Exchange Operator (folder perms, send-on-behalf), Security Investigator (read/verify).