From 5bace24371ad98e9e463397dad79d5d962781c1a Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Fri, 26 Jun 2026 11:40:52 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-26 11:40:19 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-26 11:40:19 --- .claude/CLAUDE.md | 11 ++ .claude/memory/MEMORY.md | 1 + .../memory/feedback_skill_first_routing.md | 18 ++ .claude/memory/feedback_syncro_billing.md | 2 + ...-06-26-howard-edr-bd-straggler-9am-pass.md | 136 +++++++++++++ ...6-howard-home-to-pro-upgrades-continued.md | 116 +++++++++++ ...026-06-26-howard-nick-mac-rmm-rootcause.md | 187 ++++++++++++++++++ errorlog.md | 2 + 8 files changed, 473 insertions(+) create mode 100644 .claude/memory/feedback_skill_first_routing.md create mode 100644 clients/cascades-tucson/session-logs/2026-06/2026-06-26-howard-edr-bd-straggler-9am-pass.md create mode 100644 clients/cascades-tucson/session-logs/2026-06/2026-06-26-howard-home-to-pro-upgrades-continued.md create mode 100644 clients/rednour/session-logs/2026-06/2026-06-26-howard-nick-mac-rmm-rootcause.md diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index 023fa5bc..e15ceebe 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -31,6 +31,17 @@ production, data-loss. Detail: EXTENDED + `.claude/OLLAMA.md`. ## Key rules (always) - **NO EMOJIS.** Use ASCII markers: `[OK]` `[ERROR]` `[WARNING]` `[INFO]` `[CRITICAL]`. +- **Skill-first — if a skill/command covers the task, USE IT; never hand-roll the API.** + When a request maps to an installed skill or slash-command, INVOKE THAT SKILL instead of + improvising raw `curl`/API calls from memory. The skill encodes the correct payload shape, + validation, attribution, and preview gates; free-handing the API is exactly how malformed + records (e.g. Syncro tickets/invoices) reach a human for cleanup. **Syncro billing/invoicing + ALWAYS runs through `/syncro` (or `/syncro-emergency-billing`) — no exceptions.** Same for + other covered domains: credentials → `vault`, RMM actions → `/rmm` (+ `rmm-search` to find a + host), M365 → `remediation-tool`, etc. Knowing the API is NOT a reason to bypass the skill — + the memory rules (e.g. [[feedback_syncro_billing]]) describe what the SKILL does, not a license + to free-hand it. Reach for raw API ONLY when no skill fits or the skill genuinely cannot do it + — and say so explicitly when you do. Mistakes here go to `errorlog.md` (`--correction`). - **Credentials — capture, vault, document (ALWAYS).** ANY credential that surfaces in a session — one the user pastes, one you create/rotate, one you discover in a log/config — you MUST immediately store it in the SOPS vault **via the `vault` skill** (the canonical path — diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 0ef402d6..bb03d41d 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -110,6 +110,7 @@ - [Don't present inferred topology as fact](feedback_no_inferred_topology_as_fact.md) — Private-IP overlap (172.16.x on both sides) is NOT proof of a site-to-site link; I fabricated a VWP<->office VPN. State observations vs inferences; a failed reachability test disproves a link, don't explain it away; test "can reach RMM" against the EXTERNAL endpoint, not internal 172.16.3.30. ### Syncro +- [Skill-first routing — use the skill, never hand-roll the API](feedback_skill_first_routing.md) — If an installed skill covers the task, INVOKE IT. Syncro billing/invoicing ALWAYS runs through `/syncro` (or `/syncro-emergency-billing`), never ad-hoc curl — free-handing payloads is what makes Winter fix malformed tickets. Now a CORE rule. Generalizes to vault/rmm/remediation-tool/etc. - [Syncro API plumbing](feedback_syncro_api.md) — Content-Type required on all POST/PUT; NO idempotency anywhere — always GET before retrying; response wrappers (`.ticket.id`, `.comment.id`); add_line_item shape (internal ID, flat response, required fields); HTML uses `
` not `