sync: auto-sync from GURU-5070 at 2026-07-01 20:07:01
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-07-01 20:07:01
This commit is contained in:
@@ -58,6 +58,14 @@ case "$TIER" in
|
||||
VAULT_PATH="msp-tools/computerguru-exchange-operator.sops.yaml"
|
||||
SCOPE_URL="https://outlook.office365.com/.default"
|
||||
;;
|
||||
exchange-op-graph)
|
||||
# Same Exchange Operator app, GRAPH audience. The app holds Graph Mail.ReadWrite,
|
||||
# MailboxSettings.ReadWrite, Mail.Send — mailbox/folder writes via Graph REST
|
||||
# (mailFolders create/move/rename) without dropping to EWS.
|
||||
CLIENT_ID="b43e7342-5b4b-492f-890f-bb5a4f7f40e9"
|
||||
VAULT_PATH="msp-tools/computerguru-exchange-operator.sops.yaml"
|
||||
SCOPE_URL="https://graph.microsoft.com/.default"
|
||||
;;
|
||||
user-manager)
|
||||
CLIENT_ID="64fac46b-8b44-41ad-93ee-7da03927576c"
|
||||
VAULT_PATH="msp-tools/computerguru-user-manager.sops.yaml"
|
||||
@@ -110,7 +118,7 @@ case "$TIER" in
|
||||
;;
|
||||
*)
|
||||
echo "ERROR: unknown tier '$TIER'." >&2
|
||||
echo "Valid tiers: investigator | investigator-exo | exchange-op | user-manager | tenant-admin | tenant-admin-onboard | defender | intune-manager | mailbox | sharepoint | sharepoint-admin" >&2
|
||||
echo "Valid tiers: investigator | investigator-exo | exchange-op | exchange-op-graph | user-manager | tenant-admin | tenant-admin-onboard | defender | intune-manager | mailbox | sharepoint | sharepoint-admin" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
# BirthBio — Gmail migration folder cleanup (bburgess + mster)
|
||||
|
||||
**Date:** 2026-07-01 (UTC)
|
||||
**Tenant:** birthbiologic.com (19a568e8-9e88-413b-9341-cbc224b39145)
|
||||
**Performed by:** Mike Swanson via remediation-tool (Exchange Operator app, Graph
|
||||
`Mail.ReadWrite`, new `exchange-op-graph` token tier)
|
||||
**Authorization:** Mike, in-chat YES 2026-07-01
|
||||
|
||||
## Problem
|
||||
|
||||
The Google Workspace -> M365 mail import left Gmail label paths flattened into
|
||||
literal folder names: 30 top-level folders named `INBOX/<label path>` (slashes
|
||||
inside the display name, some also carrying real child subtrees) plus
|
||||
`[Gmail]/...` and `[Imap]/...` system-folder artifacts.
|
||||
|
||||
Swept all 21 licensed mailboxes. Affected: **bburgess** (30 INBOX-flat + 5
|
||||
Gmail/Imap artifacts), **mster** (1 empty `[Imap]/Drafts`). NOT touched:
|
||||
ksteen's `AATB/EBAA`, `Fax/Scan`, `PTO/Payroll Info`, `Shipping/Couriers` and
|
||||
ameneely's `Amnion/Chorion Video` — slashes are part of the real label names.
|
||||
|
||||
## Actions (39 total, 0 failed)
|
||||
|
||||
bburgess:
|
||||
- Created parents: `Consultants & Vendors`, `Consultants & Vendors > Medline`,
|
||||
`Consultants & Vendors > SBDC at JCCC`.
|
||||
- Moved + renamed all 30 `INBOX/...` folders into the real hierarchy
|
||||
(folder-level Graph move — mail items and child subtrees rode along; ~700
|
||||
items total). Single-segment names became clean top-level folders (`Archived
|
||||
Labs`, `SBDC`, `Consultants` with its 44-child subtree, etc.); multi-segment
|
||||
names nested under `Consultants & Vendors` (9 folders incl. `Kintone` 334
|
||||
items, `Medline > Help Line/MedPack`, `SBDC at JCCC > Classes`).
|
||||
- `[Gmail]/Fire Inspectin` (4 items) renamed to top-level `Fire Inspectin`
|
||||
(rename instead of move+delete — same folder, zero item handling).
|
||||
- Deleted after live empty-verification: `[Gmail]/Arvest Banking`,
|
||||
`[Gmail]/Kintone`, `[Gmail]/Trash/Insurance.Birth Biologic`, `[Imap]/Drafts`.
|
||||
(`[Gmail]/Trash/Insurance`, seen empty in the initial sweep, was already gone
|
||||
at execution time.)
|
||||
|
||||
mster:
|
||||
- Deleted empty `[Imap]/Drafts`.
|
||||
|
||||
## Verification
|
||||
|
||||
Post-run enumeration of both mailboxes: zero top-level folders matching
|
||||
`INBOX/`, `[Gmail]/`, or `[Imap]/`. `Consultants & Vendors` children confirmed:
|
||||
Attic Storage, Dan Sight, Eurofins, Healthtrust, Kintone, Medline, SBDC at
|
||||
JCCC, SHRM, ShredIt. No name collisions with the 16 pre-existing clean folders.
|
||||
|
||||
## Notes
|
||||
|
||||
- Method: Graph v1.0 `mailFolders` POST (create), POST `{id}/move` (re-parent,
|
||||
subtree + items intact), PATCH (rename), DELETE (empty only). No per-item
|
||||
mail moves except none needed; nothing deleted that contained mail.
|
||||
- Outlook/OWA may take a sync cycle to reflect the new tree on Brandy's client.
|
||||
- `exchange-op-graph` tier added to remediation-tool get-token.sh (Exchange
|
||||
Operator app, Graph audience) — reusable for future mailbox-folder work.
|
||||
@@ -253,3 +253,103 @@ with a key-path listing (keys only, values never printed).
|
||||
- RMM dispatch shape: POST $RMM/api/agents/{id}/command {command_type, command,
|
||||
timeout_seconds[, context]}; poll GET $RMM/api/commands/{command_id}.
|
||||
- Discord test message id 1522005953896120494 (mike DM, non-ASCII survival test).
|
||||
|
||||
## Update: 20:06 PT — BirthBio Gmail folder cleanup + Discord bot to Fable 5
|
||||
|
||||
### Session Summary
|
||||
|
||||
Two client/infra tasks after the harness work. First, BirthBio (birthbiologic.com,
|
||||
tenant 19a568e8-9e88-413b-9341-cbc224b39145): Mike reported Gmail-import folders named
|
||||
"INBOX\<FolderName>". Swept all 21 licensed mailboxes via remediation-tool (investigator
|
||||
tier): the artifact was concentrated in bburgess (30 top-level folders literally named
|
||||
with flattened label paths like "INBOX/Consultants & Vendors/Kintone", some carrying real
|
||||
child subtrees, plus 5 [Gmail]/[Imap] leftovers) and one empty [Imap]/Drafts on mster.
|
||||
ksteen's AATB/EBAA + Fax/Scan + PTO/Payroll Info + Shipping/Couriers and ameneely's
|
||||
Amnion/Chorion Video are REAL label names containing slashes - left untouched.
|
||||
|
||||
Enabler work: Graph v1.0 metadata confirmed a native mailFolder move action; the Exchange
|
||||
Operator SP holds Graph Mail.ReadWrite in-tenant (verified via appRoleAssignments after
|
||||
fixing JWT base64url decode + URL-encoding the $filter), but get-token.sh had no
|
||||
exchange-op-to-Graph tier - added `exchange-op-graph` tier (same app b43e7342, Graph
|
||||
audience) to the skill permanently. On Mike's YES: created 3 intermediate parents, moved+
|
||||
renamed all 30 INBOX/ folders into their real hierarchy (subtrees + ~700 items rode along),
|
||||
renamed [Gmail]/Fire Inspectin -> Fire Inspectin (4 items kept), deleted 4+1 verified-empty
|
||||
artifacts. 39 actions, 0 failures; both mailboxes verify clean. Report:
|
||||
clients/birth-biologic/reports/2026-07-01-bburgess-gmail-folder-cleanup.md. Ticket #32451
|
||||
(the email-migration ticket; #32187 is the SharePoint one) got a public emailed comment
|
||||
(id 421704524, GET-verified) + [SYNCRO] bot-alert with link.
|
||||
|
||||
Second, Mike asked to put "the bot" on Fable 5: the ClaudeTools Discord Bot (NSSM service
|
||||
ClaudeToolsDiscordBot on GURU-BEAST-ROG, Claude Agent SDK + OAuth subscription, Claude Code
|
||||
2.1.183). Flipped CLAUDE_MODEL=claude-sonnet-4-6 -> claude-fable-5 in
|
||||
C:\Users\guru\ClaudeTools\projects\discord-bot\.env via RMM, restarted the service, and
|
||||
verified the startup log line "Claude model: claude-fable-5" + "Bot is ready". Updated the
|
||||
repo defaults (bot/config.py + .env.example) in the acg-discord-bot submodule, commit
|
||||
a35bd1bf pushed to main via the internal Gitea URL (external hostname auth failed - known
|
||||
GCM shadowing); parent gitlink advances with this /save.
|
||||
|
||||
### Key Decisions
|
||||
|
||||
- bburgess restructure via Graph folder MOVE (subtree+items intact) not per-message moves;
|
||||
verified move action exists in $metadata before proposing.
|
||||
- Deletes gated on live empty re-verification at execution time; [Gmail]/Fire Inspectin
|
||||
renamed in place instead of move+delete (same result, zero item handling).
|
||||
- Ticket routing: #32451 chosen because Mike's prior email-migration status comments live
|
||||
there; #32187 is Datto->SharePoint. Posted public+emailed per Mike's explicit choice.
|
||||
- Added exchange-op-graph tier to get-token.sh rather than free-handing a token mint -
|
||||
skill-first, durable for future mailbox-folder work.
|
||||
- Discord bot: .env override + service restart for the live change; repo defaults changed
|
||||
too so redeploys match. Bot uses Agent SDK/Claude Code runtime, so Fable API quirks
|
||||
(always-on thinking, no sampling params, refusal fallbacks) are handled by the runtime.
|
||||
|
||||
### Problems Encountered
|
||||
|
||||
- exchange-op default token is EXO-audience; decoding roles with plain base64 -d failed
|
||||
(JWT base64url) and nearly produced a wrong "no Mail roles" conclusion - fixed decode
|
||||
(tr '_-' '/+' + padding) per the errorlog lesson, then read SP appRoleAssignments.
|
||||
- Graph $filter with unencoded spaces returned empty via curl - use curl -G --data-urlencode.
|
||||
- [Gmail]/Trash/Insurance seen in the first sweep was already gone at execution (evidently
|
||||
Outlook-side cleanup); executor enumerates live so it skipped harmlessly.
|
||||
- Submodule push to git.azcomputerguru.com failed auth (GCM shadowing) - pushed by explicit
|
||||
SHA to internal http://172.16.3.20:3000 and ls-remote verified (a35bd1bf).
|
||||
- nssm/claude not on SYSTEM PATH via RMM - used Get-Service/Restart-Service and the
|
||||
user-profile claude.exe path instead.
|
||||
|
||||
### Configuration Changes
|
||||
|
||||
- .claude/skills/remediation-tool/scripts/get-token.sh: + exchange-op-graph tier (repo +
|
||||
~/.claude copies).
|
||||
- clients/birth-biologic/reports/2026-07-01-bburgess-gmail-folder-cleanup.md: created.
|
||||
- BEAST C:\Users\guru\ClaudeTools\projects\discord-bot\.env: CLAUDE_MODEL=claude-fable-5
|
||||
(machine-local, not in git).
|
||||
- projects/discord-bot submodule: bot/config.py default + .env.example -> claude-fable-5
|
||||
(commit a35bd1bf, pushed to main; .env.example auth comments also tidied).
|
||||
|
||||
### Infrastructure & Servers
|
||||
|
||||
- BirthBio tenant 19a568e8-9e88-413b-9341-cbc224b39145; Exchange Operator SP in-tenant
|
||||
id bab4699b-32a3-4434-9cad-7a4a08cc4d9e (Graph roles: Mail.ReadWrite,
|
||||
MailboxSettings.ReadWrite, User.Read.All, User.RevokeSessions.All, Organization.Read.All).
|
||||
- Discord bot: GURU-BEAST-ROG (RMM agent 5233d75b-f589-43c4-b96e-cfa75365a78d), NSSM
|
||||
service ClaudeToolsDiscordBot, log C:\Users\guru\ClaudeTools\projects\discord-bot\logs\bot.log.
|
||||
|
||||
### Commands & Outputs
|
||||
|
||||
- Folder executor + read-only mapper in session scratchpad (bb_folder_fix.py /
|
||||
bb_folder_map.py); action log bb_actions.json (scratchpad).
|
||||
- Graph-audience exchange-op token: get-token.sh <tenant> exchange-op-graph.
|
||||
- Syncro comment POST via jq-file + --data-binary + GET-verify pattern; alert via
|
||||
post-bot-alert.sh (new stdin payload path worked in production).
|
||||
|
||||
### Pending / Incomplete Tasks
|
||||
|
||||
- Watch Fable 5 usage burn on the shared Max subscription (bot + interactive share limits);
|
||||
fallback is a one-line .env change to claude-opus-4-8 + service restart.
|
||||
- BirthBio: ksteen/ameneely slash-named folders are intentional - documented in the report
|
||||
so nobody "fixes" them later.
|
||||
|
||||
### Reference Information
|
||||
|
||||
- Syncro #32451 internal id 112986219, comment 421704524; customer Birth Biologic 17983014.
|
||||
- Submodule commit a35bd1bf1758ac462abdf05bdd9ee6a1c7b427ee (acg-discord-bot main).
|
||||
- Bot model verification log lines: 2026-07-01 20:01:07 "Claude model: claude-fable-5".
|
||||
|
||||
Reference in New Issue
Block a user