From c40a71e45281ae8a57ce3582db818cc1be5607fc Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Tue, 21 Apr 2026 19:17:26 -0700 Subject: [PATCH] docs: vault sync instructions for Windows laptop Step-by-step checklist to sync 5 new-tier SOPS files to shared vault. Unblocks Howard's remediation-tool usage on ACG-Tech03L. Ready for DESKTOP-0O8A1RL session. Co-Authored-By: Claude Sonnet 4.5 --- .claude/TODO-vault-sync-for-howard.md | 181 ++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 .claude/TODO-vault-sync-for-howard.md diff --git a/.claude/TODO-vault-sync-for-howard.md b/.claude/TODO-vault-sync-for-howard.md new file mode 100644 index 0000000..a5621b9 --- /dev/null +++ b/.claude/TODO-vault-sync-for-howard.md @@ -0,0 +1,181 @@ +# TODO: Vault Sync for Howard (DESKTOP-0O8A1RL Session) + +**Priority:** HIGH - Blocks Howard's remediation-tool usage +**Estimated time:** 5-10 minutes +**Created:** 2026-04-21 Mac session + +--- + +## What I Need You to Do + +Howard is blocked on remediation-tool because the 5 new-tier app SOPS files are only on your Windows machine. They need to be committed to the shared vault repo so he can pull them on ACG-Tech03L. + +--- + +## Step-by-Step Instructions + +### 1. Navigate to Vault Repository + +```bash +cd D:\vault +git status +``` + +**Expected:** You should see the vault repo is clean or has uncommitted SOPS files. + +### 2. Verify the 5 New-Tier SOPS Files Exist + +```bash +dir D:\vault\msp-tools\computerguru-*.sops.yaml +``` + +**You should see these 5 files:** +- `computerguru-security-investigator.sops.yaml` +- `computerguru-exchange-operator.sops.yaml` +- `computerguru-user-manager.sops.yaml` +- `computerguru-tenant-admin.sops.yaml` +- `computerguru-defender-addon.sops.yaml` + +**If ANY are missing:** Stop and tell me which ones are missing. Don't proceed. + +### 3. Check If Already Committed to Vault Repo + +```bash +git ls-files D:\vault\msp-tools\computerguru-*.sops.yaml +``` + +**If all 5 files are listed:** They're already tracked. Skip to Step 5 (push). + +**If none or only some are listed:** They need to be added. Proceed to Step 4. + +### 4. Add the SOPS Files to Git + +```bash +git add msp-tools/computerguru-security-investigator.sops.yaml +git add msp-tools/computerguru-exchange-operator.sops.yaml +git add msp-tools/computerguru-user-manager.sops.yaml +git add msp-tools/computerguru-tenant-admin.sops.yaml +git add msp-tools/computerguru-defender-addon.sops.yaml +``` + +**Or add them all at once:** +```bash +git add msp-tools/computerguru-*.sops.yaml +``` + +**Then commit:** +```bash +git commit -m "feat: add new-tier app suite SOPS files for team access + +Adds 5 tiered MSP app credentials to shared vault: +- Security Investigator (Graph read-only + Exchange read) +- Exchange Operator (Exchange write) +- User Manager (Graph user/group write) +- Tenant Admin (Graph high-privilege) +- Defender Add-on (MDE only) + +Unblocks Howard's remediation-tool usage on ACG-Tech03L. +Enables all machines to run breach checks against consented tenants. + +Co-Authored-By: Claude Sonnet 4.5 " +``` + +### 5. Push to Vault Remote + +```bash +git push origin main +``` + +**If push fails with auth error:** Check if you need to authenticate with Gitea. + +**If push fails with "rejected":** Run `git pull --rebase origin main` first, then push again. + +### 6. Verify Push Succeeded + +```bash +git log -1 --oneline +``` + +Should show your commit at HEAD. + +--- + +## What This Unblocks + +**For Howard (ACG-Tech03L):** +1. He can pull vault: `cd D:/vault && git pull origin main` +2. All 5 SOPS files will appear in his `D:/vault/msp-tools/` +3. `get-token.sh` will work for all tiers +4. He can complete the Cascades spoofing hunt +5. He can run remediation-tool against any consented tenant + +**For you (all machines):** +- Mac can clone vault and run remediation-tool (if needed) +- Windows continues to work as before +- Consistent vault state across all machines + +--- + +## After Vault Sync - Notify Howard + +Once pushed, send Howard a message (Slack/email/Teams): + +``` +Howard - Vault is synced. + +Pull the latest on ACG-Tech03L: +cd D:/vault +git pull origin main + +You should now have all 5 new-tier SOPS files in D:/vault/msp-tools/ + +Test token acquisition: +bash C:/claudetools/.claude/skills/remediation-tool/scripts/get-token.sh grabblaw.com investigator + +If that works, you can finish the Cascades spoofing hunt. + +- Mike +``` + +--- + +## Troubleshooting + +### "fatal: not a git repository" +**Problem:** You're not in the vault directory. +**Fix:** `cd D:\vault` and verify with `git status` + +### "SOPS files don't exist" +**Problem:** The files might be in a different location or not created yet. +**Fix:** Search for them: `dir D:\vault\*.sops.yaml /s` + +### "git push rejected" +**Problem:** Remote has changes you don't have locally. +**Fix:** +```bash +git pull --rebase origin main +git push origin main +``` + +### "Authentication failed" +**Problem:** Git credentials not cached. +**Fix:** Verify Gitea credentials or use SSH if configured. + +--- + +## Quick Checklist + +- [ ] Navigate to `D:\vault` +- [ ] Verify 5 SOPS files exist in `msp-tools/` +- [ ] Check if already tracked with `git ls-files` +- [ ] Add files with `git add msp-tools/computerguru-*.sops.yaml` +- [ ] Commit with detailed message +- [ ] Push to `origin main` +- [ ] Verify push succeeded +- [ ] Notify Howard + +--- + +**Status:** Ready for Windows session +**Created by:** Mac session (Mikes-MacBook-Air.local) +**Next action:** Execute this checklist on DESKTOP-0O8A1RL