diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index 023fa5bc..e15ceebe 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -31,6 +31,17 @@ production, data-loss. Detail: EXTENDED + `.claude/OLLAMA.md`. ## Key rules (always) - **NO EMOJIS.** Use ASCII markers: `[OK]` `[ERROR]` `[WARNING]` `[INFO]` `[CRITICAL]`. +- **Skill-first — if a skill/command covers the task, USE IT; never hand-roll the API.** + When a request maps to an installed skill or slash-command, INVOKE THAT SKILL instead of + improvising raw `curl`/API calls from memory. The skill encodes the correct payload shape, + validation, attribution, and preview gates; free-handing the API is exactly how malformed + records (e.g. Syncro tickets/invoices) reach a human for cleanup. **Syncro billing/invoicing + ALWAYS runs through `/syncro` (or `/syncro-emergency-billing`) — no exceptions.** Same for + other covered domains: credentials → `vault`, RMM actions → `/rmm` (+ `rmm-search` to find a + host), M365 → `remediation-tool`, etc. Knowing the API is NOT a reason to bypass the skill — + the memory rules (e.g. [[feedback_syncro_billing]]) describe what the SKILL does, not a license + to free-hand it. Reach for raw API ONLY when no skill fits or the skill genuinely cannot do it + — and say so explicitly when you do. Mistakes here go to `errorlog.md` (`--correction`). - **Credentials — capture, vault, document (ALWAYS).** ANY credential that surfaces in a session — one the user pastes, one you create/rotate, one you discover in a log/config — you MUST immediately store it in the SOPS vault **via the `vault` skill** (the canonical path — diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 0ef402d6..bb03d41d 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -110,6 +110,7 @@ - [Don't present inferred topology as fact](feedback_no_inferred_topology_as_fact.md) — Private-IP overlap (172.16.x on both sides) is NOT proof of a site-to-site link; I fabricated a VWP<->office VPN. State observations vs inferences; a failed reachability test disproves a link, don't explain it away; test "can reach RMM" against the EXTERNAL endpoint, not internal 172.16.3.30. ### Syncro +- [Skill-first routing — use the skill, never hand-roll the API](feedback_skill_first_routing.md) — If an installed skill covers the task, INVOKE IT. Syncro billing/invoicing ALWAYS runs through `/syncro` (or `/syncro-emergency-billing`), never ad-hoc curl — free-handing payloads is what makes Winter fix malformed tickets. Now a CORE rule. Generalizes to vault/rmm/remediation-tool/etc. - [Syncro API plumbing](feedback_syncro_api.md) — Content-Type required on all POST/PUT; NO idempotency anywhere — always GET before retrying; response wrappers (`.ticket.id`, `.comment.id`); add_line_item shape (internal ID, flat response, required fields); HTML uses `
` not `