syncro: post a summary + link to #bot-alerts after every write

Add .claude/scripts/post-bot-alert.sh — reusable, soft-failing Discord
poster that reads the bot token from the SOPS vault (bot-token.sops.yaml,
credentials.bot_token) with a .env fallback, so it works from any machine.

Wire it into the /syncro skill: a Hard Rules pointer, a billing-workflow
step (17), and a "Post to #bot-alerts" reference section with the message
format and ticket/invoice/customer link mapping (computerguru.syncromsp.com).
Scoped to write ops (create/update/close/comment/bill/customer); reads post
nothing. Best-effort — never fails the Syncro write it follows.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.claude/scripts/post-bot-alert.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+# post-bot-alert.sh — post a one-line message to the Discord #bot-alerts channel.
+#
+# Usage:
+#   bash post-bot-alert.sh "message text"
+#   echo "message text" | bash post-bot-alert.sh
+#
+# Token resolution (first hit wins):
+#   1. SOPS vault: projects/discord-bot/bot-token.sops.yaml  field credentials.bot_token
+#   2. projects/discord-bot/.env                              key  DISCORD_TOKEN
+# Reading from the vault means this works from any machine, not just BEAST.
+#
+# Soft-fail by design: if the message is empty, the token is missing, or Discord is
+# unreachable, it prints a [WARNING] and exits 0 so it NEVER breaks the caller
+# (e.g. the /syncro billing workflow). The alert is best-effort, not load-bearing.
+
+set -u
+
+CHANNEL_ID="624710699771232265"   # #bot-alerts (Arizona Computer Guru guild)
+ROOT="${CLAUDETOOLS_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}"
+
+# --- message (arg or stdin) ---
+MSG="${1:-}"
+if [ -z "$MSG" ] && [ ! -t 0 ]; then MSG="$(cat)"; fi
+if [ -z "$MSG" ]; then
+  echo "[WARNING] post-bot-alert: empty message — nothing sent" >&2
+  exit 0
+fi
+
+# --- token: vault first, then .env ---
+TOKEN="$(bash "$ROOT/.claude/scripts/vault.sh" get-field \
+  projects/discord-bot/bot-token.sops.yaml credentials.bot_token 2>/dev/null)"
+if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
+  ENV_FILE="$ROOT/projects/discord-bot/.env"
+  if [ -f "$ENV_FILE" ]; then
+    TOKEN="$(grep -iE '^[[:space:]]*DISCORD_TOKEN[[:space:]]*=' "$ENV_FILE" | head -1 \
+      | sed -E 's/^[^=]*=[[:space:]]*//; s/^["'"'"']//; s/["'"'"'][[:space:]]*$//')"
+  fi
+fi
+if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
+  echo "[WARNING] post-bot-alert: no bot token (vault + .env both empty) — alert skipped" >&2
+  exit 0
+fi
+
+# --- post (jq builds JSON so the message is safely escaped) ---
+PAYLOAD="$(jq -nc --arg c "$MSG" '{content: $c}')"
+RESP="$(curl -s -m 15 -w $'\n%{http_code}' \
+  -X POST "https://discord.com/api/v10/channels/${CHANNEL_ID}/messages" \
+  -H "Authorization: Bot ${TOKEN}" \
+  -H "Content-Type: application/json" \
+  -H "User-Agent: ClaudeToolsBot (claudetools, 1.0)" \
+  --data-binary "$PAYLOAD" 2>/dev/null)"
+
+HTTP="$(printf '%s' "$RESP" | tail -n1)"
+BODY="$(printf '%s' "$RESP" | sed '$d')"
+
+if [ "$HTTP" = "200" ]; then
+  MID="$(printf '%s' "$BODY" | jq -r '.id // empty' 2>/dev/null)"
+  echo "[OK] post-bot-alert: posted to #bot-alerts (message_id=${MID})"
+  exit 0
+fi
+
+echo "[WARNING] post-bot-alert: Discord returned ${HTTP:-no-response} — ${BODY}" >&2
+exit 0