diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 3798ef5d..8a6ed434 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -148,6 +148,7 @@ - [Autonomy scope](feedback_autonomy_scope.md) — confirm only for client-affecting actions; internal docs/wiki/ClaudeTools = act autonomously - [Check for client-slug fragmentation](feedback_client_slug_fragmentation.md) — Before concluding a client has no records, grep broadly (company/owner/initials/hostname/"Last, First") across clients/, wiki/, session-logs/, vault — one client gets split across slug variants (Wolkin was 4: wolkin/wolkin-law/rswolkin/robert-wolkin). Consolidate to one canonical slug; action prior logs' Pending items. - [RMM user_session = false SMB failures](feedback_rmm_user_session_smb_false_negative.md) — GuruRMM net use/net view/Add-Printer to a remote \HOST fail with error 67 / RPC 1702 (even with valid creds) because user_session is a WTS-impersonated non-interactive token that can't do authenticated SMB. The share/printer may work fine interactively. Treat RMM SMB results as "can't tell"; verify via ScreenConnect. +- [Prefer SSH over RMM](feedback_prefer_ssh_over_rmm.md) — when a target has SSH (key auth) and it's easier, drive it via system OpenSSH (scp+ssh) instead of the GuruRMM agent; RMM runs as SYSTEM + is bound by the server-side timeout reaper + forces base64/quoting gymnastics. Reserve RMM as the fallback when SSH/VPN is down. - [Broken [[backlinks]] = write-me-later markers](feedback_broken_backlinks_are_writeme_markers.md) — A [[name]] with no matching file is an intentional "worth writing" marker, not breakage. Flesh the missing memory out from session history/logs and index it; never strip the link to silence the warning. memory-dream reports these as INFO candidates, not errors. - [gururmm session-logs are in a submodule](gururmm-session-logs-submodule-save.md) — commit in the submodule + `git push origin HEAD:main` (GURU-5070 CAN push over HTTP now); then advance the parent gitlink - [Use `python` not `python3` on GURU-5070](python3-shim-use-python.md) — `python3` in Git bash hits the flaky MS Store shim; real interpreters are `python` (3.12) / `py` (3.14). coord.py + wiki-compile work via `python`; the coord lock IS claimable here diff --git a/.claude/skills/agy/SKILL.md b/.claude/skills/agy/SKILL.md index 0d305e42..11bb88b8 100644 --- a/.claude/skills/agy/SKILL.md +++ b/.claude/skills/agy/SKILL.md @@ -1,14 +1,12 @@ --- name: agy description: > - Route a task to the official Google Gemini CLI for an independent second - model — a sibling of the `grok` second-opinion router. Use for: an - independent, different-vendor SECOND OPINION or adversarial VERIFICATION of a - Claude finding/design before acting on it, a Gemini code REVIEW of a file / - set of files / git diff, and one-shot Gemini TEXT answers. Invoke on: - "ask gemini", "gemini verify", "second opinion from gemini", "gemini review", - "agy ...". Gemini is an independent second model (and Google-ecosystem reach), - NOT a replacement for Claude's own codebase work. + Route a task to the official Google Gemini CLI for an independent second model — a + sibling of the `grok` second-opinion router. Use for a different-vendor SECOND OPINION + or adversarial VERIFICATION of a Claude finding/design, a Gemini code REVIEW of files / + a git diff, and one-shot Gemini TEXT answers. Triggers: ask gemini, gemini verify, + second opinion from gemini, gemini review, agy ... A second model, NOT a replacement + for Claude's own codebase work. --- # AGY — Gemini capability router diff --git a/.claude/skills/b2/SKILL.md b/.claude/skills/b2/SKILL.md index da57bc4b..2552e9e4 100644 --- a/.claude/skills/b2/SKILL.md +++ b/.claude/skills/b2/SKILL.md @@ -1,15 +1,12 @@ --- name: b2 description: >- - Manage Arizona Computer Guru's (ACG) Backblaze B2 storage account via the B2 - Native API v3. Talks to the LIVE production B2 account (accountId 46f69bc61163, - region us-west-001) that holds the per-client MSP360/CloudBerry backup - destinations. List buckets and application keys, list files / file versions, - compute per-bucket stored size, and produce the headline storage-cost report - (the mspbackups storage-cost calc). Provision buckets and scoped backup keys - and delete buckets/keys (all destructive ops are gated behind --confirm). - Read-only by default. Invoke for: "backblaze", "b2", "b2 storage", "bucket", - "storage cost", "backup storage", "mspbackups storage", "list buckets b2". + Manage ACG's Backblaze B2 storage account (Native API v3) — the LIVE production + account (accountId 46f69bc61163, us-west-001) holding per-client MSP360/CloudBerry + backup destinations. List buckets/keys/files, compute per-bucket size, run the + headline storage-cost report (mspbackups calc); provision/delete buckets and scoped + keys (destructive ops gated behind --confirm). Read-only by default. Triggers: + backblaze, b2, b2 storage, bucket, storage cost, backup storage, mspbackups storage. --- # Backblaze B2 Skill diff --git a/.claude/skills/bitdefender/SKILL.md b/.claude/skills/bitdefender/SKILL.md index 559f152a..21f95985 100644 --- a/.claude/skills/bitdefender/SKILL.md +++ b/.claude/skills/bitdefender/SKILL.md @@ -1,17 +1,13 @@ --- name: bitdefender description: >- - Manage the Arizona Computer Guru (ACG) Bitdefender GravityZone Cloud MSP - tenant via the Public JSON-RPC API. Inventory and audit endpoints, run live - security sweeps (infected / outdated-signature / outdated-product), list - client companies, build and fetch installation packages, manage custom groups, - start scans, move/delete endpoints (gated), inspect policies (read-only, - shallow), and review quarantine. Invoke for: "bitdefender", "gravityzone", - "gravity zone", "add machine to bitdefender", "install bitdefender on", - "list endpoints", "infected machines", "av coverage", "security sweep", - "endpoint protection", "policy assignment", "quarantine". This skill talks to - the real production ACG GravityZone partner tenant — treat destructive actions - conservatively. + Manage the ACG Bitdefender GravityZone Cloud MSP tenant (Public JSON-RPC API): + inventory/audit endpoints, live security sweeps (infected / outdated-signature / + outdated-product), client companies, install packages, custom groups, scans, + move/delete endpoints (gated), policies (read-only), quarantine. Live production + partner tenant — treat destructive actions conservatively. Triggers: bitdefender, + gravityzone, install bitdefender on, list endpoints, infected machines, av coverage, + security sweep, endpoint protection, quarantine. --- # Bitdefender GravityZone Skill diff --git a/.claude/skills/coord/SKILL.md b/.claude/skills/coord/SKILL.md index 399bc4cf..b974d00a 100644 --- a/.claude/skills/coord/SKILL.md +++ b/.claude/skills/coord/SKILL.md @@ -2,13 +2,11 @@ name: coord description: > Talk to the ClaudeTools coordination API (inter-session messaging, fleet todos, - resource locks, component/status) without re-deriving the schema each time. Use - for: sending a message to another machine's Claude session or BROADCASTING to the - whole fleet; checking/reading your own unread coord messages; creating/listing/ - completing coord todos; claiming/releasing work locks; reading coord status. - Invoke on: "send a coord message", "message /", "broadcast to the - fleet", "tell the other sessions", "coord todo", "claim a lock", "coord status", - "any unread coord messages". + resource locks, component/status) without re-deriving the schema. Send/read messages + to another machine's session or BROADCAST to the fleet; create/list/complete coord + todos; claim/release work locks; read coord status. Triggers: send a coord message, + message /, broadcast to the fleet, coord todo, claim a lock, + coord status, any unread coord messages. --- # coord — coordination API helper diff --git a/.claude/skills/discord-dm/SKILL.md b/.claude/skills/discord-dm/SKILL.md index 16c45d62..ce94a8bd 100644 --- a/.claude/skills/discord-dm/SKILL.md +++ b/.claude/skills/discord-dm/SKILL.md @@ -1,16 +1,11 @@ --- name: discord-dm description: > - Send a Discord message to an org member's DMs or to a team channel via the - ClaudeTools bot. Use this whenever you need to hand a person something - copy-paste-friendly that the terminal would wrap or mangle — consent links, - long single-line commands, URLs, tokens-to-rotate notices — or to ping someone - directly. Prepopulated with every org member's user ID and the team channel IDs, - so you address people by name (mike/howard/rob/winter) not raw snowflakes. - Invoke on: "DM me/ in discord", "send a discord message", - "message on discord", "discord DM", "send that link to my discord", - "ping ". For one-line [SYNCRO]/[RMM] status alerts to the alert channels, - prefer post-bot-alert.sh; use this for direct/person-targeted delivery. + Send a Discord message to an org member's DMs or a team channel via the ClaudeTools + bot — for handing a person copy-paste-friendly content the terminal would mangle + (consent links, long commands, URLs, tokens-to-rotate) or to ping someone. Addresses + people by name (mike/howard/rob/winter), not raw snowflakes. Triggers: DM/message + in discord, discord DM, send that link to my discord, ping . --- # discord-dm — direct Discord messaging to the org diff --git a/.claude/skills/frontend-design/SKILL.md b/.claude/skills/frontend-design/SKILL.md index d0919aad..552c2a6e 100644 --- a/.claude/skills/frontend-design/SKILL.md +++ b/.claude/skills/frontend-design/SKILL.md @@ -1,6 +1,6 @@ --- name: frontend-design -description: Create distinctive, production-grade frontend interfaces with high design quality. MANDATORY AUTOMATIC INVOCATION: Use this skill whenever ANY action affects a UI element to validate visual correctness, functionality, and user experience. Also use when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics. +description: Create distinctive, production-grade frontend interfaces with high design quality. MANDATORY AUTOMATIC INVOCATION: use whenever ANY action affects a UI element, or when the user asks to build web components, pages, artifacts, posters, or applications (websites, landing pages, dashboards, React components, HTML/CSS layouts, styling any web UI). Generates creative, polished UI that avoids generic AI aesthetics. license: Complete terms in LICENSE.txt --- diff --git a/.claude/skills/grok/SKILL.md b/.claude/skills/grok/SKILL.md index eea1e1da..f4ba86a5 100644 --- a/.claude/skills/grok/SKILL.md +++ b/.claude/skills/grok/SKILL.md @@ -1,15 +1,13 @@ --- name: grok description: > - Route a task to the Grok CLI (xAI Grok 4.3) for capabilities Claude lacks or - for an independent second model. Use for: IMAGE generation/editing, VIDEO - generation (image->video), live WEB + X/TWITTER search (current/real-time - data past Claude's cutoff), and adversarial second-opinion VERIFICATION or - drafts. Invoke on: "ask grok", "grok image", "generate/make an image", - "make a video / animate this", "grok verify / second opinion from grok", - "search X / twitter", "what's the latest ". Grok is a - capability EXTENSION (image/video/live-data), not a replacement for Claude's - own coding/editing. + Route a task to the Grok CLI (xAI Grok 4.3) for capabilities Claude lacks or an + independent second model: IMAGE generation/editing, VIDEO (image->video), live + WEB + X/TWITTER search (real-time data past Claude's cutoff), adversarial + second-opinion VERIFICATION. Triggers: ask grok, grok image, generate/make an image, + make a video / animate this, grok verify / second opinion, search X / twitter, + what's the latest . A capability EXTENSION, not a replacement for + Claude's own coding/editing. --- # Grok capability router diff --git a/.claude/skills/mailprotector/SKILL.md b/.claude/skills/mailprotector/SKILL.md index c3f8f4b0..6798f63d 100644 --- a/.claude/skills/mailprotector/SKILL.md +++ b/.claude/skills/mailprotector/SKILL.md @@ -1,6 +1,6 @@ --- name: mailprotector -description: "Manage the ACG Mailprotector CloudFilter email-security gateway (emailservice.io). Search/release held/quarantined mail (in+outbound), pull mail-flow logs (why a message did/did not deliver), inspect + manage allow/block rules. Read-only default; releases/rule-changes gated --confirm. Triggers: mailprotector, cloudfilter, held/quarantined mail, release email, allow/block rule, INKY. Live production." +description: "Manage the ACG Mailprotector CloudFilter email-security gateway (emailservice.io). Search/release held/quarantined mail (in+outbound), pull mail-flow logs (why a message did/didn't deliver), inspect + manage allow/block rules. Read-only default; releases/rule-changes gated --confirm. Triggers: mailprotector, cloudfilter, held/quarantined mail, release email, allow/block rule, INKY." --- diff --git a/.claude/skills/onboard365/SKILL.md b/.claude/skills/onboard365/SKILL.md index c4215063..52dc5afc 100644 --- a/.claude/skills/onboard365/SKILL.md +++ b/.claude/skills/onboard365/SKILL.md @@ -1,6 +1,6 @@ --- name: onboard365 -description: "Single-consent onboarding of a customer Microsoft 365 tenant to the ComputerGuru remediation app suite (Security Investigator / Exchange Operator / User Manager / Tenant Admin / Defender). The customer Global Admin clicks ONE admin-consent link (Tenant Admin); everything else — service principals, Graph/EXO/Defender permissions, and Entra directory roles — is provisioned automatically, no further clicks. Triggers: onboard 365, onboard a tenant, add tenant to remediation tools, single consent, consent link for new client, provision tenant apps, new M365 client onboarding, get a tenant ready for breach checks." +description: "Single-consent onboarding of a customer Microsoft 365 tenant to the ComputerGuru remediation app suite. The customer Global Admin clicks ONE admin-consent link (Tenant Admin); service principals, Graph/EXO/Defender permissions, and Entra roles are then provisioned automatically. Triggers: onboard 365, onboard a tenant, add tenant to remediation tools, single consent, consent link for new client, provision tenant apps, get a tenant ready for breach checks." --- # Onboard365 — Single-Consent M365 Tenant Onboarding diff --git a/.claude/skills/rmm-audit/SKILL.md b/.claude/skills/rmm-audit/SKILL.md index 2c9101ef..82cef950 100644 --- a/.claude/skills/rmm-audit/SKILL.md +++ b/.claude/skills/rmm-audit/SKILL.md @@ -1,17 +1,11 @@ --- name: rmm-audit description: | - Periodic end-to-end verification of the GuruRMM codebase and build infrastructure. - Runs 5 parallel audit passes: (1) API/route inventory cross-reference, (2) UI - coverage and gap update, (3) Rust code quality and standards compliance, - (4) TypeScript/frontend quality, (5) security and data integrity. A 6th sequential - pass audits build pipeline health (logs, artifacts, change gates, script integrity). - Produces a timestamped audit report and updates the living docs (UI_GAPS.md, - FEATURE_ROADMAP.md). Takes 10-20 minutes. - - Invoke explicitly only — no auto-trigger. Use /rmm-audit for a full audit. - Optional arg: --pass= to run a single pass (api, ui, rust, ts, security, pipeline, roadmap). - The roadmap pass reconciles FEATURE_ROADMAP.md checkboxes against the code and cleans up stale ones. + Periodic end-to-end verification of the GuruRMM codebase + build infra: 5 parallel + audit passes (API/route, UI coverage, Rust, TypeScript, security) plus a sequential + pipeline-health pass; writes a timestamped report and updates UI_GAPS.md and + FEATURE_ROADMAP.md. Explicit only — /rmm-audit, optional + --pass=. Detail in the SKILL body. --- # GuruRMM End-to-End Audit diff --git a/.claude/skills/rmm-search/SKILL.md b/.claude/skills/rmm-search/SKILL.md index 141609d6..49411058 100644 --- a/.claude/skills/rmm-search/SKILL.md +++ b/.claude/skills/rmm-search/SKILL.md @@ -1,15 +1,12 @@ --- name: rmm-search description: > - Find machines/agents in the GuruRMM fleet cleanly and on the first try. Use - this ANY time you need to locate an RMM agent by name, role, client, site, or - OS before acting on it — instead of pulling /api/agents and grepping (which - bleeds across clients and picks the wrong box). Flexible, forgiving, multi-field - search with a client filter so a query like "hyperv valleywide" returns ONLY - Valley Wide's hyperv host, never Dataforth's. Invoke on: "find the X machine", - "which agent is", "look up in RMM", "'s server/DC/hyperv/file - server", "search RMM for", "what's the agent id for". After finding the agent, - hand its hostname/id to the `rmm` skill to run commands. + Find machines/agents in the GuruRMM fleet cleanly and on the first try — locate an + RMM agent by name, role, client, site, or OS before acting on it, instead of pulling + /api/agents and grepping (which bleeds across clients). Forgiving multi-field search + with a client filter so "hyperv valleywide" returns ONLY Valley Wide's host. Triggers: + find the X machine, which agent is, look up in RMM, 's server/DC/hyperv, + search RMM for, what's the agent id for. Hand the result to the `rmm` skill to run commands. --- # rmm-search — clean machine lookup in GuruRMM diff --git a/.claude/skills/stop-slop/SKILL.md b/.claude/skills/stop-slop/SKILL.md index c95ced2d..f0857c38 100644 --- a/.claude/skills/stop-slop/SKILL.md +++ b/.claude/skills/stop-slop/SKILL.md @@ -2,10 +2,8 @@ name: stop-slop description: | Enforce high-quality, slop-free output in all Claude responses. MANDATORY AUTOMATIC INVOCATION: - This skill is always active. It governs how Claude writes text, code comments, commit messages, - documentation, and any other output. Detects and eliminates generic AI filler, hollow phrases, - unnecessary verbosity, and performative enthusiasm. Applies to all output — conversation, code, - docs, and generated content. + always active. Governs how Claude writes text, code comments, commit messages, and docs — + detects and eliminates generic AI filler, hollow phrases, verbosity, and performative enthusiasm. --- # Stop Slop diff --git a/.claude/skills/unifi-wifi/SKILL.md b/.claude/skills/unifi-wifi/SKILL.md index 14b3e1f0..1df99f04 100644 --- a/.claude/skills/unifi-wifi/SKILL.md +++ b/.claude/skills/unifi-wifi/SKILL.md @@ -1,6 +1,6 @@ --- name: unifi-wifi -description: "Analyze and tune UniFi WiFi for performance + stability, especially in dense/congested environments. Audits AP/radio config and the neighbor-interference map from the UOS controller, flags issues (2.4GHz over-provisioning, channel width, min-RSSI/sticky clients, channel plan), and recommends prioritized changes. Works for any UniFi site on the UOS (172.16.3.29); Cascades is the hard case. Triggers: unifi wifi tuning, RF/airtime/channel analysis, 2.4GHz congestion, AP channel plan, sticky clients, wireless performance." +description: "Analyze and tune UniFi WiFi for performance + stability in dense/congested environments. Audits AP/radio config and the neighbor-interference map from the UOS controller, flags issues (2.4GHz over-provisioning, channel width, min-RSSI/sticky clients, channel plan), recommends prioritized changes. Any UniFi site on the UOS (172.16.3.29); Cascades is the hard case. Triggers: unifi wifi tuning, RF/airtime/channel analysis, 2.4GHz congestion, AP channel plan, sticky clients, wireless performance." --- # UniFi WiFi tuning (UOS sites) diff --git a/.claude/skills/vault/SKILL.md b/.claude/skills/vault/SKILL.md index 98f53fa9..e9c21114 100644 --- a/.claude/skills/vault/SKILL.md +++ b/.claude/skills/vault/SKILL.md @@ -1,6 +1,6 @@ --- name: vault -description: "The ONE canonical way to use the ClaudeTools SOPS+age secret vault — read, store, update, and verify credentials. Use this whenever a task involves a password, API key, token, secret, connection string, SSH key, or any credential: retrieving one to use it, storing a newly created/discovered one, or checking what's vaulted. Stops the per-session improvising (raw sops, guessed paths, VAULT_ROOT_ENV hacks, plaintext-field mistakes). Triggers: vault, store/save a secret, add to vault, get the password/api key for X, where is the credential for X, sops, encrypt this secret, decrypt, rotate a credential, 1password fallback, vault a new key." +description: "The ONE canonical way to use the ClaudeTools SOPS+age secret vault — read, store, update, and verify credentials. Use whenever a task involves a password, API key, token, secret, connection string, SSH key, or any credential: retrieving, storing a new/discovered one, or checking what's vaulted. Stops per-session improvising (raw sops, guessed paths, plaintext-field mistakes). Triggers: vault, store/save a secret, add to vault, get the password/api key for X, where is the credential for X, sops, encrypt, decrypt, rotate a credential, 1password fallback." --- # Vault — one consistent way to handle secrets