From b9474ff286be464c8d88491568e172f7d4cf4395 Mon Sep 17 00:00:00 2001
From: Mike Swanson <mike@azcomputerguru.com>
Date: Fri, 5 Jun 2026 12:18:00 -0700
Subject: [PATCH] remediation-tool skill: enforce required Syncro ticket fields
 (priority, user_id, problem_type)

Adds explicit Syncro ticket creation section to remediation-tool.md.
Ticket #32387 was created without priority, assignee, or a valid issue type.
Now specifies required fields, valid problem_type values, and an enforcement
checklist to prevent null fields in any POST payload.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .claude/commands/remediation-tool.md | 38 ++++++++++++++++++++++++++++
 session-logs/2026-06-05-session.md   | 34 +++++++++++++++++++++++++
 2 files changed, 72 insertions(+)

diff --git a/.claude/commands/remediation-tool.md b/.claude/commands/remediation-tool.md
index e2332e3..11c7f10 100644
--- a/.claude/commands/remediation-tool.md
+++ b/.claude/commands/remediation-tool.md
@@ -184,6 +184,44 @@ If the user's phrasing is loose ("check john's box at cascades", "who's being at
 
 ---
 
+## Syncro Ticket Creation (after remediation or check)
+
+When creating a Syncro ticket to log remediation or breach-check work — whether via `/syncro` at the end of the session or inline during the workflow — the following fields are **REQUIRED** and must always be present in the POST payload. Omitting any of them leaves the ticket unusable in the queue.
+
+**Required fields — no exceptions:**
+
+| Field | Rule |
+|---|---|
+| `priority` | Always `"2 Normal"` unless the incident is active/emergency, in which case `"4 Urgent"` |
+| `user_id` | Always the API key owner's user ID: `mike` → `1735`, `howard` → `1750`, `winter` → `1737`. Never omit — never null |
+| `problem_type` | Use `"Security"` for breach checks, tenant sweeps, MFA enforcement, account compromise. Use `"Remote"` for general M365 remote support. Never use `"Remote Support"` — it is not a valid Syncro dropdown value and will appear blank in the GUI |
+
+**Payload template for POST /tickets:**
+
+```bash
+curl -s -X POST "${BASE}/tickets?api_key=${API_KEY}" \
+  -H "Content-Type: application/json" \
+  --data-binary @- <<JSON
+{
+  "customer_id": ${CUST_ID},
+  "subject": "<subject>",
+  "problem_type": "Security",
+  "status": "New",
+  "priority": "2 Normal",
+  "user_id": ${TECH_USER_ID}
+}
+JSON
+```
+
+**Enforcement checklist — verify before POSTing:**
+1. `priority` is set (not null, not omitted)
+2. `user_id` is set to the correct tech ID (not null, not omitted)
+3. `problem_type` is one of the valid Syncro dropdown values listed above
+
+If any check fails, fix the payload before sending. Do not POST a ticket with missing required fields.
+
+---
+
 ## Scope and references
 
 - Detailed check rubric: `.claude/skills/remediation-tool/references/checklist.md`
diff --git a/session-logs/2026-06-05-session.md b/session-logs/2026-06-05-session.md
index 656d620..ca36fd8 100644
--- a/session-logs/2026-06-05-session.md
+++ b/session-logs/2026-06-05-session.md
@@ -130,3 +130,37 @@ Held message MessageId: `<SN4PR0201MB3613C475FC8175669B30464AC2112@SN4PR0201MB36
 - **Demo project source:** `clients/dataforth/ExternalCodeReview.zip` (115 files; vanilla-JS SPA + `dev_server.py` proxy; built by Google Antigravity/Gemini under `ghaubner`, 8000+ step transcript). Proposed demo domain: `PWM.dataforth.com`.
 - **Mailprotector API doc:** `C:\Users\guru\Downloads\MailProtectorAPI.pdf` (74 pp). Public mirror: https://api.mailprotector.com/ ; help center: https://support.mailprotector.com/hc/en-us/articles/200156105-Mailprotector-API-Documentation
 - **Georg Haubner:** ghaubner@dataforth.com (Dataforth).
+
+---
+
+## Update: 12:17 — Discord Bot Session (Winter + Mike) — GURU-BEAST-ROG
+
+### Part 1 — Ticket #32387 field audit (Winter)
+
+Winter flagged that Syncro ticket #32387 had priority, assignee, and issue type left blank.
+
+**Investigation:**
+- Ticket #32387 (internal ID 112248434): "Microsoft 365 sign-in issues - account secured (MFA enabled)"
+- Created 2026-06-05 at 11:55 AM by the Discord bot during a remediation session
+- `priority`: null, `user_id`: null, `problem_type`: "Remote Support" (invalid — not a Syncro dropdown value, renders as blank in GUI)
+
+**Root cause:** The remediation tool skill had no Syncro ticket creation section. When the Discord task loop offered to log work in Syncro, the ticket was created without enforcing required fields.
+
+**Fix applied to ticket:**
+- `priority` set to `"2 Normal"`
+- `user_id` set to `1735` (Mike)
+- `problem_type` set to `"Remote"` (valid Syncro dropdown value)
+
+**Todo created:** Coord todo `007ca9d8-d414-45a4-af90-c6ec99ef2136` — fix remediation tool Syncro ticket creation, assigned to Mike.
+
+### Part 2 — Remediation tool skill fix (Mike)
+
+Mike requested the skill be modified to enforce required fields going forward.
+
+**Change:** Added "Syncro Ticket Creation" section to `.claude/commands/remediation-tool.md` specifying:
+- `priority`: always `"2 Normal"` (or `"4 Urgent"` for active emergency)
+- `user_id`: always required — `mike` → 1735, `howard` → 1750, `winter` → 1737
+- `problem_type`: `"Security"` for breach/M365 work, `"Remote"` for general remote support. `"Remote Support"` explicitly called out as invalid.
+- Enforcement checklist added to prevent null fields in POST payload
+
+**Files changed:** `.claude/commands/remediation-tool.md`