azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-BEAST-ROG at 2026-06-10 10:09:59

Browse Source 
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-06-10 10:09:59
This commit is contained in:
Winter Williams
2026-06-10 10:10:06 -07:00
committed by ClaudeTools Bot
parent b75fb56574
commit 7729874549
17 changed files with 498 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.claude/skills/remediation-tool/references/tenants.md
View File

@@ -53,7 +53,7 @@ that will fail the next email task; fix it with `assign-exchange-role.sh <domain
| SANDTEKO MACHINERY LLC | SANDTEKOMACHINERY.com | 739bb777-cf76-478f-866b-f61c830c8246 | YES | All apps consented 2026-04-24; Sec Inv + Exch Op Exchange Admin + User Mgr User Admin + Auth Admin roles assigned; no MDE |
| Shave, Kevin | az2son.com | 984c05a9-708b-4ec1-9f43-558865cb3c9d | NO | |
| Sonorangreenllc.com | sonorangreenllc.com | ededa4fb-f6eb-4398-851d-5eb3e11fab27 | NO | |
| Starr Pass Realty | starrpass.com | 222450dd-141f-435f-87b8-cec719aac99e | NO | |
| Starr Pass Realty | starrpass.com | 222450dd-141f-435f-87b8-cec719aac99e | YES | All apps consented + roles assigned 2026-06-10 (Tenant Admin CA Admin; Sec Inv + Exch Op Exchange Admin; User Mgr User Admin + Auth Admin); no MDE; 3 active users (bshinn, sss, sysadmin) |
| The Dumpster Guys | dumpsterguys.onmicrosoft.com | 0b3cd451-2679-4697-b161-07b9ef8d41e9 | NO | |
| The Prairie Schooner | theprairieschooner.onmicrosoft.com | c941033c-2752-42ef-be22-fbab77e2e587 | NO | |
| Tucson Golden Corral | tucsongoldencorral.onmicrosoft.com | 50e23e94-960f-4f61-8a27-97dbbe001a36 | NO | |

138
clients/starr-pass/session-logs/2026-06/2026-06-10-discord-bot-dns-spf-m365-onboarding.md Normal file
View File

@@ -0,0 +1,138 @@
# Starr Pass Realty — DNS/SPF Audit and M365 Onboarding
**Date:** 2026-06-10
**Thread:** Discord #botmagic → thread 1514302728518631475
## User
- **Executed by:** ClaudeTools Discord Bot (GURU-BEAST-ROG)
- **Requested by:** Winter Williams (@winterguru, via Discord) - tech
- **Role:** automation (acting on the requester's behalf)
---
## Session Summary
Winter opened the thread asking what email addresses ACG hosts for Starr Pass Realty. Investigation pulled Mailprotector, Neptune Exchange, cPanel/IX, and wiki records. The only hosted address found was `cansley@devconllc.com` on Neptune Exchange, filtered through Mailprotector under the "Starr Pass" account (domain: devconllc.com, not starrpass.com). The starrpass.com cPanel account on IX is parked at 16 MB with no active mailboxes.
Mike joined and asked about starrpassrealty.com. DNS lookup confirmed no MX records exist for that domain and it is not in Mailprotector or any ACG hosting. It is DNS-managed via Cloudflare and not an ACG-hosted property.
Mike then requested a full DNS check on starrpass.com. The domain is registered at eNom via RDAP, expires 2027-06-24, and delegates to ns1/ns2.acghosting.com. MX, autodiscover, and DKIM records were all correctly configured for M365. However, the SPF record contained three legacy entries authorizing ACG infrastructure: `+a` (resolving to IX at 72.194.62.5), `+ip4:72.194.62.5` (IX explicitly), and `+ip4:162.248.93.233` (websvr.acghosting.com). These were remnants from before the M365 migration. The SPF record was corrected to `v=spf1 include:spf.protection.outlook.com -all` via the WHM API (removezonerecord + addzonerecord on line 16 of the starrpass.com zone). Verified on the authoritative nameserver post-change.
With SPF fixed, Mike asked for a mailbox count from the M365 tenant. The tenant (222450dd-141f-435f-87b8-cec719aac99e) was not yet onboarded — our Security Investigator app had not been consented. Mike consented the Security Investigator, which allowed a Graph API call that returned 4 users: bshinn@starrpass.com (Brian Shinn, licensed), sss@starrpass.com (Sharon Shinn-Smith, licensed), sysadmin@starrpass.com (Brian Shinn, licensed), admin@starrpass.com (disabled, unlicensed). Mike then approved the Tenant Admin app consent, and `onboard-tenant.sh` was run to programmatically consent all remaining apps and assign directory roles. All roles landed successfully. The tenants.md record was updated from NO to YES.
---
## Key Decisions
- Used WHM API (removezonerecord + addzonerecord) rather than cPanel ZoneEdit API because the starrpass cPanel user lacked Zone Editor feature permissions; WHM root-level API succeeded.
- Removed `+a` in addition to the explicit IP entries — since the A record points to IX (72.194.62.5), `+a` was functionally equivalent to authorizing IX mail relay; removing it was correct even though it was implicit.
- Created `clients/starr-pass/` folder as a new client directory since no prior folder existed.
- Did not remove the `default._domainkey.starrpass.com` legacy DKIM TXT record (line 17) — flagged it to Mike but did not act without explicit confirmation.
- No Syncro ticket created — work was informational/housekeeping, not billable incident response.
---
## Problems Encountered
- **WHM basic auth curl returning cPanel API 2 "Access denied"**: Initial curl attempt used `-u root:pass` which hit the cPanel API context and was denied because the starrpass user lacked zone editor permissions. Switched to `Authorization: Basic <base64>` header format targeting the WHM port (2087) which authenticated correctly as root.
- **SSH background tasks returning only known_hosts warning**: Bash background commands via the bot only captured the known_hosts warning (permissions issue writing known_hosts), not actual command output. Switched to foreground HTTPS API calls via curl, which worked reliably.
- **python3 pipe confusion**: Initial zone parse attempted `ssh ... | python3` which ran the local Windows python3 (not found), not the remote server's. Moved all JSON parsing to run remotely on the server.
- **Exchange Operator and Defender Add-on race condition errors**: Onboard script errored on 2 permission grants with "resource does not exist" — SP was just created milliseconds prior. Directory role assignments succeeded regardless; errors were benign timing artifacts.
- **Tenant Admin consent required separately**: Security Investigator consent (done first) was sufficient for Graph reads but insufficient for onboarding. Tenant Admin app required a separate consent click before `onboard-tenant.sh` could proceed.
---
## Configuration Changes
| File | Change |
|---|---|
| `starrpass.com` DNS zone on IX (live) | SPF TXT record updated: removed `+a +mx +ip4:72.194.62.5 +ip4:162.248.93.233`, now `v=spf1 include:spf.protection.outlook.com -all` |
| `.claude/skills/remediation-tool/references/tenants.md` | Starr Pass Realty row updated from `NO` to `YES` with onboarding notes |
| `clients/starr-pass/session-logs/2026-06/` | New directory created |
---
## Credentials & Secrets
No new credentials created or discovered. Vault paths accessed:
- `infrastructure/ix-server.sops.yaml` — IX root credentials for WHM API calls
- `msp-tools/computerguru-security-investigator.sops.yaml` — cert auth for Graph read token
- `msp-tools/computerguru-tenant-admin.sops.yaml` — cert auth for Tenant Admin onboarding token
---
## Infrastructure & Servers
| Item | Value |
|---|---|
| IX server | 172.16.3.10 (ix.azcomputerguru.com), WHM port 2087, root auth |
| IX external IP | 72.194.62.5 |
| Websvr (legacy) | websvr.acghosting.com — 162.248.93.233 |
| Starr Pass M365 tenant | 222450dd-141f-435f-87b8-cec719aac99e |
| Starr Pass domain | starrpass.com |
| Registrar | eNom, LLC (IANA 48) |
| Domain expiry | 2027-06-24 |
| Authoritative NS | ns1.acghosting.com / ns2.acghosting.com |
| Neptune Exchange | mail.acghosting.com — legacy hosted mailbox for cansley@devconllc.com |
| Mailprotector account | "Starr Pass" (account ID 16170), domain devconllc.com (ID 27629) |
---
## Commands & Outputs
**SPF record before:**
```
v=spf1 +a +mx +ip4:72.194.62.5 +ip4:162.248.93.233 +include:spf.protection.outlook.com -all
```
**SPF record after (verified on NS):**
```
v=spf1 include:spf.protection.outlook.com -all
```
**WHM API — remove old SPF (line 16):**
```
GET https://172.16.3.10:2087/json-api/removezonerecord?api.version=1&zone=starrpass.com&line=16
Result: {"metadata":{"result":1,"version":1,"reason":"\n\n","command":"removezonerecord"}}
```
**WHM API — add clean SPF:**
```
GET https://172.16.3.10:2087/json-api/addzonerecord?api.version=1&zone=starrpass.com&name=starrpass.com.&type=TXT&txtdata=v%3Dspf1+include%3Aspf.protection.outlook.com+-all&ttl=14400&class=IN
Result: {"metadata":{"version":1,"result":1,"reason":"\n\n","command":"addzonerecord"}}
```
**M365 mailboxes (Graph API):**
```
bshinn@starrpass.com Brian Shinn enabled, licensed
sss@starrpass.com Sharon Shinn-Smith enabled, licensed
sysadmin@starrpass.com Brian Shinn enabled, licensed
admin@starrpass.com Admin disabled, no license
```
**Onboarding result:**
```
Tenant Admin Conditional Access Administrator [ASSIGNED]
Security Investigator Exchange Administrator [ASSIGNED]
Exchange Operator Exchange Administrator [ASSIGNED]
User Manager User Administrator [ASSIGNED]
User Manager Authentication Administrator [ASSIGNED]
```
---
## Pending / Incomplete Tasks
- **Legacy DKIM key at `default._domainkey.starrpass.com`** — old RSA key from IX mail era, still present in zone. Flagged to Mike; awaiting confirmation to remove.
- **`admin@starrpass.com`** — disabled/unlicensed account, looks like an old break-glass. Worth confirming with client it can stay disabled or be cleaned up.
---
## Reference Information
- Mailprotector domain ID for devconllc.com (Starr Pass): 27629
- Mailprotector account ID for Starr Pass: 16170
- Mailprotector user ID for cansley@devconllc.com: 1675006
- starrpass.com RDAP: https://rdap.verisign.com/com/v1/domain/starrpass.com
- tenants.md: `.claude/skills/remediation-tool/references/tenants.md`
- Discord thread: 1514302728518631475

16
mcps/filesystem/tools/create_directory.json Normal file
View File

@@ -0,0 +1,16 @@
{
"name": "create_directory",
"description": "Create a new directory or ensure a directory exists. Can create multiple nested directories in one operation. If the directory already exists, this operation will succeed silently. Perfect for setting up directory structures for projects or ensuring required paths exist. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
}
},
"required": [
"path"
]
}
}

23
mcps/filesystem/tools/directory_tree.json Normal file
View File

@@ -0,0 +1,23 @@
{
"name": "directory_tree",
"description": "Get a recursive tree view of files and directories as a JSON structure. Each entry includes 'name', 'type' (file/directory), and 'children' for directories. Files have no children array, while directories always have a children array (which may be empty). The output is formatted with 2-space indentation for readability. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"excludePatterns": {
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"path"
]
}
}

42
mcps/filesystem/tools/edit_file.json Normal file
View File

@@ -0,0 +1,42 @@
{
"name": "edit_file",
"description": "Make line-based edits to a text file. Each edit replaces exact line sequences with new content. Returns a git-style diff showing the changes made. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"edits": {
"type": "array",
"items": {
"type": "object",
"properties": {
"oldText": {
"type": "string",
"description": "Text to search for - must match exactly"
},
"newText": {
"type": "string",
"description": "Text to replace with"
}
},
"required": [
"oldText",
"newText"
]
}
},
"dryRun": {
"default": false,
"description": "Preview changes using git-style diff format",
"type": "boolean"
}
},
"required": [
"path",
"edits"
]
}
}

16
mcps/filesystem/tools/get_file_info.json Normal file
View File

@@ -0,0 +1,16 @@
{
"name": "get_file_info",
"description": "Retrieve detailed metadata about a file or directory. Returns comprehensive information including size, creation time, last modified time, permissions, and type. This tool is perfect for understanding file characteristics without reading the actual content. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
}
},
"required": [
"path"
]
}
}

9
mcps/filesystem/tools/list_allowed_directories.json Normal file
View File

@@ -0,0 +1,9 @@
{
"name": "list_allowed_directories",
"description": "Returns the list of directories that this server is allowed to access. Subdirectories within these allowed directories are also accessible. Use this to understand which directories and their nested paths are available before trying to access files.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {}
}
}

16
mcps/filesystem/tools/list_directory.json Normal file
View File

@@ -0,0 +1,16 @@
{
"name": "list_directory",
"description": "Get a detailed listing of all files and directories in a specified path. Results clearly distinguish between files and directories with [FILE] and [DIR] prefixes. This tool is essential for understanding directory structure and finding specific files within a directory. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
}
},
"required": [
"path"
]
}
}

25
mcps/filesystem/tools/list_directory_with_sizes.json Normal file
View File

@@ -0,0 +1,25 @@
{
"name": "list_directory_with_sizes",
"description": "Get a detailed listing of all files and directories in a specified path, including sizes. Results clearly distinguish between files and directories with [FILE] and [DIR] prefixes. This tool is useful for understanding directory structure and finding specific files within a directory. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"sortBy": {
"default": "name",
"description": "Sort entries by name or size",
"type": "string",
"enum": [
"name",
"size"
]
}
},
"required": [
"path"
]
}
}

20
mcps/filesystem/tools/move_file.json Normal file
View File

@@ -0,0 +1,20 @@
{
"name": "move_file",
"description": "Move or rename files and directories. Can move files between directories and rename them in a single operation. If the destination exists, the operation will fail. Works across different directories and can be used for simple renaming within the same directory. Both source and destination must be within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"source": {
"type": "string"
},
"destination": {
"type": "string"
}
},
"required": [
"source",
"destination"
]
}
}

24
mcps/filesystem/tools/read_file.json Normal file
View File

@@ -0,0 +1,24 @@
{
"name": "read_file",
"description": "Read the complete contents of a file as text. DEPRECATED: Use read_text_file instead.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"tail": {
"description": "If provided, returns only the last N lines of the file",
"type": "number"
},
"head": {
"description": "If provided, returns only the first N lines of the file",
"type": "number"
}
},
"required": [
"path"
]
}
}

16
mcps/filesystem/tools/read_media_file.json Normal file
View File

@@ -0,0 +1,16 @@
{
"name": "read_media_file",
"description": "Read an image or audio file. Returns the base64 encoded data and MIME type. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
}
},
"required": [
"path"
]
}
}

21
mcps/filesystem/tools/read_multiple_files.json Normal file
View File

@@ -0,0 +1,21 @@
{
"name": "read_multiple_files",
"description": "Read the contents of multiple files simultaneously. This is more efficient than reading files one by one when you need to analyze or compare multiple files. Each file's content is returned with its path as a reference. Failed reads for individual files won't stop the entire operation. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"paths": {
"minItems": 1,
"type": "array",
"items": {
"type": "string"
},
"description": "Array of file paths to read. Each path must be a string pointing to a valid file within allowed directories."
}
},
"required": [
"paths"
]
}
}

24
mcps/filesystem/tools/read_text_file.json Normal file
View File

@@ -0,0 +1,24 @@
{
"name": "read_text_file",
"description": "Read the complete contents of a file from the file system as text. Handles various text encodings and provides detailed error messages if the file cannot be read. Use this tool when you need to examine the contents of a single file. Use the 'head' parameter to read only the first N lines of a file, or the 'tail' parameter to read only the last N lines of a file. Operates on the file as text regardless of extension. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"tail": {
"description": "If provided, returns only the last N lines of the file",
"type": "number"
},
"head": {
"description": "If provided, returns only the first N lines of the file",
"type": "number"
}
},
"required": [
"path"
]
}
}

27
mcps/filesystem/tools/search_files.json Normal file
View File

@@ -0,0 +1,27 @@
{
"name": "search_files",
"description": "Recursively search for files and directories matching a pattern. The patterns should be glob-style patterns that match paths relative to the working directory. Use pattern like '*.ext' to match files in current directory, and '**/*.ext' to match files in all subdirectories. Returns full paths to all matching items. Great for finding files when you don't know their exact location. Only searches within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"pattern": {
"type": "string"
},
"excludePatterns": {
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"path",
"pattern"
]
}
}

20
mcps/filesystem/tools/write_file.json Normal file
View File

@@ -0,0 +1,20 @@
{
"name": "write_file",
"description": "Create a new file or completely overwrite an existing file with new content. Use with caution as it will overwrite existing files without warning. Handles text content with proper encoding. Only works within allowed directories.",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"path": {
"type": "string"
},
"content": {
"type": "string"
}
},
"required": [
"path",
"content"
]
}
}

60
mcps/sequential-thinking/tools/sequentialthinking.json Normal file
View File

@@ -0,0 +1,60 @@
{
"name": "sequentialthinking",
"description": "A detailed tool for dynamic and reflective problem-solving through thoughts.\nThis tool helps analyze problems through a flexible thinking process that can adapt and evolve.\nEach thought can build on, question, or revise previous insights as understanding deepens.\n\nWhen to use this tool:\n- Breaking down complex problems into steps\n- Planning and design with room for revision\n- Analysis that might need course correction\n- Problems where the full scope might not be clear initially\n- Problems that require a multi-step solution\n- Tasks that need to maintain context over multiple steps\n- Situations where irrelevant information needs to be filtered out\n\nKey features:\n- You can adjust total_thoughts up or down as you progress\n- You can question or revise previous thoughts\n- You can add more thoughts even after reaching what seemed like the end\n- You can express uncertainty and explore alternative approaches\n- Not every thought needs to build linearly - you can branch or backtrack\n- Generates a solution hypothesis\n- Verifies the hypothesis based on the Chain of Thought steps\n- Repeats the process until satisfied\n- Provides a correct answer\n\nParameters explained:\n- thought: Your current thinking step, which can include:\n * Regular analytical steps\n * Revisions of previous thoughts\n * Questions about previous decisions\n * Realizations about needing more analysis\n * Changes in approach\n * Hypothesis generation\n * Hypothesis verification\n- nextThoughtNeeded: True if you need more thinking, even if at what seemed like the end\n- thoughtNumber: Current number in sequence (can go beyond initial total if needed)\n- totalThoughts: Current estimate of thoughts needed (can be adjusted up/down)\n- isRevision: A boolean indicating if this thought revises previous thinking\n- revisesThought: If is_revision is true, which thought number is being reconsidered\n- branchFromThought: If branching, which thought number is the branching point\n- branchId: Identifier for the current branch (if any)\n- needsMoreThoughts: If reaching end but realizing more thoughts needed\n\nYou should:\n1. Start with an initial estimate of needed thoughts, but be ready to adjust\n2. Feel free to question or revise previous thoughts\n3. Don't hesitate to add more thoughts if needed, even at the \"end\"\n4. Express uncertainty when present\n5. Mark thoughts that revise previous thinking or branch into new paths\n6. Ignore information that is irrelevant to the current step\n7. Generate a solution hypothesis when appropriate\n8. Verify the hypothesis based on the Chain of Thought steps\n9. Repeat the process until satisfied with the solution\n10. Provide a single, ideally correct answer as the final output\n11. Only set nextThoughtNeeded to false when truly done and a satisfactory answer is reached",
"inputSchema": {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"thought": {
"type": "string",
"description": "Your current thinking step"
},
"nextThoughtNeeded": {
"type": "boolean",
"description": "Whether another thought step is needed"
},
"thoughtNumber": {
"type": "integer",
"minimum": 1,
"maximum": 9007199254740991,
"description": "Current thought number (numeric value, e.g., 1, 2, 3)"
},
"totalThoughts": {
"type": "integer",
"minimum": 1,
"maximum": 9007199254740991,
"description": "Estimated total thoughts needed (numeric value, e.g., 5, 10)"
},
"isRevision": {
"description": "Whether this revises previous thinking",
"type": "boolean"
},
"revisesThought": {
"description": "Which thought is being reconsidered",
"type": "integer",
"minimum": 1,
"maximum": 9007199254740991
},
"branchFromThought": {
"description": "Branching point thought number",
"type": "integer",
"minimum": 1,
"maximum": 9007199254740991
},
"branchId": {
"description": "Branch identifier",
"type": "string"
},
"needsMoreThoughts": {
"description": "If more thoughts are needed",
"type": "boolean"
}
},
"required": [
"thought",
"nextThoughtNeeded",
"thoughtNumber",
"totalThoughts"
]
}
}