diff --git a/.claude/TEST-vault-and-tokens.md b/.claude/TEST-vault-and-tokens.md deleted file mode 100644 index 917a60e..0000000 --- a/.claude/TEST-vault-and-tokens.md +++ /dev/null @@ -1,178 +0,0 @@ -# TEST: Vault Sync & Token Acquisition (DESKTOP-0O8A1RL) - -**Priority:** MEDIUM - Validate vault sync completed successfully -**Estimated time:** 2-3 minutes -**Created:** 2026-04-21 Mac session -**Purpose:** Confirm vault sync worked and Howard can be notified - ---- - -## What to Test - -Validate that the 5 new-tier SOPS files are in the vault repo and token acquisition works. - ---- - -## Test Steps - -### 1. Pull Latest Vault Changes - -```bash -cd D:\vault -git pull origin main -``` - -**Expected:** Should pull cleanly (or say "Already up to date") - -### 2. Verify 5 New-Tier SOPS Files Exist - -```bash -dir D:\vault\msp-tools\computerguru-*.sops.yaml -``` - -**Expected output - 5 files:** -``` -computerguru-security-investigator.sops.yaml -computerguru-exchange-operator.sops.yaml -computerguru-user-manager.sops.yaml -computerguru-tenant-admin.sops.yaml -computerguru-defender-addon.sops.yaml -``` - -**If any are missing:** Stop and tell me which files are missing. - -### 3. Test Token Acquisition - Security Investigator - -```bash -cd D:\ClaudeTools\.claude\skills\remediation-tool\scripts -bash get-token.sh grabblaw.com investigator -``` - -**Expected:** JWT token (long string starting with `eyJ...`) - -**If you see an error instead:** Copy the exact error message - I'll need to see it. - -### 4. Test Token Acquisition - Exchange Operator (Optional) - -```bash -bash get-token.sh grabblaw.com investigator-exo -``` - -**Expected:** JWT token for Exchange Online access - -### 5. Test All 5 Tiers (Quick Loop) - -```bash -for tier in investigator investigator-exo user-manager tenant-admin defender; do - echo "Testing tier: $tier" - bash get-token.sh grabblaw.com $tier 2>&1 | head -1 - echo "---" -done -``` - -**Expected:** Each tier should return a JWT token (or at least not error about missing SOPS files) - ---- - -## What Success Looks Like - -**All tests pass means:** -1. ✓ Vault sync from Windows completed successfully -2. ✓ All 5 SOPS files are in the shared vault repo -3. ✓ get-token.sh bug fixes are working -4. ✓ Howard can pull vault on ACG-Tech03L and be unblocked -5. ✓ Remediation-tool is ready for production use - ---- - -## If Tests Fail - -### Error: "vault not found at D:/vault" -**Problem:** Vault path in identity.json is wrong or vault repo moved -**Check:** `cat D:\ClaudeTools\.claude\identity.json | grep vault_path` - -### Error: "vault file not found: D:/vault/msp-tools/computerguru-*.sops.yaml" -**Problem:** SOPS files weren't committed/pushed to vault repo -**Check:** `git log --oneline --all -10` in vault repo to see recent commits - -### Error: "failed to decrypt" -**Problem:** SOPS age key issue -**Check:** `test -f C:\Users\\.config\sops\age\keys.txt` - -### Error: "VAULT_ROOT_ENV env var not set" -**This is wrong** - means get-token.sh is still broken -**Check:** `grep VAULT_ROOT_ENV D:\ClaudeTools\.claude\skills\remediation-tool\scripts\get-token.sh` - ---- - -## After Tests Pass - Notify Howard - -Send Howard this message (Slack/Teams/Email): - -``` -Howard, - -Vault is synced and tested. Pull both repos on ACG-Tech03L: - -# Pull vault (gets the 5 new SOPS files) -cd D:/vault -git pull origin main - -# Pull ClaudeTools (gets get-token.sh fixes) -cd C:/claudetools -git pull origin main - -Test token acquisition: -bash C:/claudetools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator - -If that returns a JWT token (eyJ...), you're fully unblocked. - -You can now: -- Complete the Cascades spoofing hunt -- Run remediation-tool against any consented tenant -- Use all 5 tiers (investigator, investigator-exo, user-manager, tenant-admin, defender) - -The get-token.sh had two bugs (variable collision + wrong directory depth) that would have blocked you - both fixed in commit 90f9d9e. - -Let me know if you hit any issues. - -- Mike -``` - ---- - -## Quick Checklist - -- [ ] Navigate to D:\vault -- [ ] Pull latest changes -- [ ] Verify 5 SOPS files exist -- [ ] Test token acquisition (investigator tier) -- [ ] Test all 5 tiers (optional but recommended) -- [ ] If all pass, notify Howard -- [ ] Delete this TODO file after completion - ---- - -## Background Context - -**From Mac session:** -- Discovered vault path variable collision bug in get-token.sh -- Fixed on Windows (commit 90f9d9e) -- Mac cannot test because vault clone needs authentication -- Windows already has vault configured - best place to validate - -**What was synced:** -- 5 new-tier app SOPS files (Security Investigator, Exchange Operator, User Manager, Tenant Admin, Defender) -- Enables tiered privilege remediation-tool usage -- Unblocks Howard's Cascades spoofing hunt - -**Status before this test:** -- Vault sync appears complete (message in for-howard.md said it was done) -- get-token.sh bugs are fixed -- Just need validation that everything works end-to-end - ---- - -**Status:** Ready for Windows testing -**Expected duration:** 2-3 minutes -**Next action:** Run through the test checklist above