azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-14 20:04:14

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-14 20:04:14
This commit is contained in:
Mike Swanson
2026-06-14 20:05:02 -07:00
parent 30933bd35d
commit c5d4d3527c
119 changed files with 5204 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.claude/memory/MEMORY.md
View File

@@ -140,5 +140,6 @@
- [Vault EVERY credential surfaced in-session](feedback-vault-every-credential.md) — any cred (pasted/created/discovered) -> store via the vault skill + document purpose & exact usage immediately; it's a standing job rule (reinforced in CORE CLAUDE.md). Lost IX creds wasted ~1h on 2026-06-12.
- [GuruRMM install-report v1: reuse endpoint + failed-install agent](gururmm-install-report-failed-agent-v1.md) — legacy NSIS installer reuses /api/install-report (machine info + logs, success+fail); server upserts a visible "failed-install" device on failure reports (Mike: in v1); verify-connect-before-success; trend/near-fail analytics. Server side is a separate sequential SPEC after the legacy-agent branch lands.
- [DM wrapping commands to Mike in Discord](feedback_dm_wrapping_commands_to_mike.md) — long/wrapping one-liners go via Discord DM (code block copies clean), not just chat; bot token vault projects/discord-bot/bot-token, Mike uid 264814939619721216, MUST set User-Agent header or Cloudflare 403 errcode 1010; helper .claude/tmp/discord-dm.py
- [Physical access codes -> vault + wiki pointer](feedback_physical_access_codes.md) — alarm/lockbox/door codes go in vault clients/<slug>/physical-access-<location>.sops.yaml (kind: physical-access) + a `## Physical Access` pointer section in the client wiki; never plaintext. First entry: Peaceful Spirit NW.
- [CT Thoughts backlog](feedback_ct_thoughts_backlog.md) — ClaudeTools harness ideas go in docs/CT_THOUGHTS.md (trigger "ct thought:"); CT analogue of RMM_THOUGHTS. Don't build until explicit go. First entry = ClaudeTools 3.0 web co-work vision.
- [AI-auth product boundary](project_ai_auth_product_boundary.md) — ClaudeTools/ClaudeTools 3.0 = internal-only, per-person subscription OAuth ok; GuruRMM = sellable, customer brings own API key (never ACG's subscription); backend dev = internal. Anthropic ToS bans subscription auth in third-party products.

25
.claude/memory/feedback_physical_access_codes.md Normal file
View File

@@ -0,0 +1,25 @@
---
name: feedback_physical_access_codes
description: How to capture physical site-access codes (alarm/lockbox/door) — vault physical-access entry + wiki pointer
metadata:
type: feedback
---
Physical site-access codes (alarm, lockbox, door/gate keypad, safe) are credentials — capture
them like any other secret (see [[feedback-vault-every-credential]]), but with this shape:
- **Vault:** `clients/<slug>/physical-access-<location>.sops.yaml`, `kind: physical-access`,
codes under the encrypted `credentials:` block (`lockbox_code`, `main_door_code`,
`alarm_code`, etc.), `location:` set, and a `notes:` line documenting what each code opens +
who it belongs to (flag personal vs shared, e.g. "Mike's personal alarm code"). One entry per
site/location when a client is multi-site.
- **Wiki:** add a `## Physical Access` section in `wiki/clients/<slug>.md` that POINTS to the
vault path + the `vault get-field` command — never the raw codes. Add the vault file to the
doc's `sources:` frontmatter.
- Never echo codes in chat/logs or commit plaintext.
**Why:** Mike floated a "notes section for alarm/lockbox codes" that was never built; the vault
`physical-access` kind + wiki pointer IS that implementation. First entry: Peaceful Spirit NW
(2026-06-14). **How to apply:** when any physical code surfaces, vault it this way + add the
wiki pointer; don't improvise a new location for it. If Mike wants a richer structured
site-notes UI later, that's a [[feedback_ct_thoughts_backlog]] item.

11
.claude/skills/remediation-tool/scripts/get-token.sh
View File

@@ -82,9 +82,18 @@ case "$TIER" in
VAULT_PATH="msp-tools/computerguru-intune-manager.sops.yaml"
SCOPE_URL="https://graph.microsoft.com/.default"
;;
mailbox)
# ACG-INTERNAL ONLY. Single-tenant app (azcomputerguru.com) for /mailbox + contacts.
# Mail.ReadWrite + Mail.Send + Contacts.ReadWrite. Replaces the dead FABB app.
# SP accountEnabled is toggled OFF when idle (see mailbox-app-toggle.sh) — if a token
# request 401s with "account is disabled", turn it on first.
CLIENT_ID="1873b1b0-3377-485c-a848-bae9b2f8f1f5"
VAULT_PATH="msp-tools/computerguru-mailbox.sops.yaml"
SCOPE_URL="https://graph.microsoft.com/.default"
;;
*)
echo "ERROR: unknown tier '$TIER'." >&2
echo "Valid tiers: investigator | investigator-exo | exchange-op | user-manager | tenant-admin | tenant-admin-onboard | defender | intune-manager" >&2
echo "Valid tiers: investigator | investigator-exo | exchange-op | user-manager | tenant-admin | tenant-admin-onboard | defender | intune-manager | mailbox" >&2
exit 2
;;
esac