azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup: remove vault test checklist (all 5 tiers validated on DESKTOP-0O8A1RL)

Browse Source
This commit is contained in:
Mike Swanson
2026-04-21 19:32:16 -07:00
parent 2484075f6f
commit a5b87e324d
1 changed files with 0 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
.claude/TEST-vault-and-tokens.md
View File

@@ -1,178 +0,0 @@
# TEST: Vault Sync & Token Acquisition (DESKTOP-0O8A1RL)
**Priority:** MEDIUM - Validate vault sync completed successfully
**Estimated time:** 2-3 minutes
**Created:** 2026-04-21 Mac session
**Purpose:** Confirm vault sync worked and Howard can be notified
---
## What to Test
Validate that the 5 new-tier SOPS files are in the vault repo and token acquisition works.
---
## Test Steps
### 1. Pull Latest Vault Changes
```bash
cd D:\vault
git pull origin main
```
**Expected:** Should pull cleanly (or say "Already up to date")
### 2. Verify 5 New-Tier SOPS Files Exist
```bash
dir D:\vault\msp-tools\computerguru-*.sops.yaml
```
**Expected output - 5 files:**
```
computerguru-security-investigator.sops.yaml
computerguru-exchange-operator.sops.yaml
computerguru-user-manager.sops.yaml
computerguru-tenant-admin.sops.yaml
computerguru-defender-addon.sops.yaml
```
**If any are missing:** Stop and tell me which files are missing.
### 3. Test Token Acquisition - Security Investigator
```bash
cd D:\ClaudeTools\.claude\skills\remediation-tool\scripts
bash get-token.sh grabblaw.com investigator
```
**Expected:** JWT token (long string starting with `eyJ...`)
**If you see an error instead:** Copy the exact error message - I'll need to see it.
### 4. Test Token Acquisition - Exchange Operator (Optional)
```bash
bash get-token.sh grabblaw.com investigator-exo
```
**Expected:** JWT token for Exchange Online access
### 5. Test All 5 Tiers (Quick Loop)
```bash
for tier in investigator investigator-exo user-manager tenant-admin defender; do
echo "Testing tier: $tier"
bash get-token.sh grabblaw.com $tier 2>&1 | head -1
echo "---"
done
```
**Expected:** Each tier should return a JWT token (or at least not error about missing SOPS files)
---
## What Success Looks Like
**All tests pass means:**
1. ✓ Vault sync from Windows completed successfully
2. ✓ All 5 SOPS files are in the shared vault repo
3. ✓ get-token.sh bug fixes are working
4. ✓ Howard can pull vault on ACG-Tech03L and be unblocked
5. ✓ Remediation-tool is ready for production use
---
## If Tests Fail
### Error: "vault not found at D:/vault"
**Problem:** Vault path in identity.json is wrong or vault repo moved
**Check:** `cat D:\ClaudeTools\.claude\identity.json | grep vault_path`
### Error: "vault file not found: D:/vault/msp-tools/computerguru-*.sops.yaml"
**Problem:** SOPS files weren't committed/pushed to vault repo
**Check:** `git log --oneline --all -10` in vault repo to see recent commits
### Error: "failed to decrypt"
**Problem:** SOPS age key issue
**Check:** `test -f C:\Users\<username>\.config\sops\age\keys.txt`
### Error: "VAULT_ROOT_ENV env var not set"
**This is wrong** - means get-token.sh is still broken
**Check:** `grep VAULT_ROOT_ENV D:\ClaudeTools\.claude\skills\remediation-tool\scripts\get-token.sh`
---
## After Tests Pass - Notify Howard
Send Howard this message (Slack/Teams/Email):
```
Howard,
Vault is synced and tested. Pull both repos on ACG-Tech03L:
# Pull vault (gets the 5 new SOPS files)
cd D:/vault
git pull origin main
# Pull ClaudeTools (gets get-token.sh fixes)
cd C:/claudetools
git pull origin main
Test token acquisition:
bash C:/claudetools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator
If that returns a JWT token (eyJ...), you're fully unblocked.
You can now:
- Complete the Cascades spoofing hunt
- Run remediation-tool against any consented tenant
- Use all 5 tiers (investigator, investigator-exo, user-manager, tenant-admin, defender)
The get-token.sh had two bugs (variable collision + wrong directory depth) that would have blocked you - both fixed in commit 90f9d9e.
Let me know if you hit any issues.
- Mike
```
---
## Quick Checklist
- [ ] Navigate to D:\vault
- [ ] Pull latest changes
- [ ] Verify 5 SOPS files exist
- [ ] Test token acquisition (investigator tier)
- [ ] Test all 5 tiers (optional but recommended)
- [ ] If all pass, notify Howard
- [ ] Delete this TODO file after completion
---
## Background Context
**From Mac session:**
- Discovered vault path variable collision bug in get-token.sh
- Fixed on Windows (commit 90f9d9e)
- Mac cannot test because vault clone needs authentication
- Windows already has vault configured - best place to validate
**What was synced:**
- 5 new-tier app SOPS files (Security Investigator, Exchange Operator, User Manager, Tenant Admin, Defender)
- Enables tiered privilege remediation-tool usage
- Unblocks Howard's Cascades spoofing hunt
**Status before this test:**
- Vault sync appears complete (message in for-howard.md said it was done)
- get-token.sh bugs are fixed
- Just need validation that everything works end-to-end
---
**Status:** Ready for Windows testing
**Expected duration:** 2-3 minutes
**Next action:** Run through the test checklist above