diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index fc6a341..cd3a58b 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -54,6 +54,29 @@ Commits use the local git config (user.name / user.email), which is set per-user Both users have identical access. No permission gating between them. If a new team member is added later, their role and access scope should be defined in `.claude/users.json` before they sync. +## Work Mode (auto-detect + color) + +Claude operates in one of five modes. Mode determines terminal color and operational posture. **Auto-detect on every user message** using these priority rules (first match wins): + +1. **remediation** (purple) — "remediation tool", "365", "breach", "tenant sweep", M365 keywords +2. **client** (orange) — client name mentioned (check `clients/` dirs), work under `clients/`, "for \" +3. **infra** (red) — server names/IPs (AD2, Jupiter, 172.16.x.x), SSH, firewall, DNS, deploy, service restart +4. **dev** (cyan) — code, build, compile, Rust/cargo, npm, GuruRMM dev, testing, work under `projects/` +5. **general** (blue) — default + +**On mode change:** update `identity.json` "mode" field, change terminal color, announce briefly: `[MODE -> infra]`. Don't interrupt workflow. + +**Manual override:** user can run `/mode ` to force a mode. `/mode auto` re-runs detection. `/mode` shows current. + +**Posture by mode:** +- **client (orange):** careful with data, session logs go to `clients/`, always name the client +- **dev (cyan):** delegate freely to Coding/Testing agents, less confirmation friction +- **infra (red):** confirm before destructive ops, backup-first, double-check IPs +- **general (blue):** lightweight, default +- **remediation (purple):** Graph API focus, compliance language, full audit trail + +Full details: `.claude/commands/mode.md` + --- ## Identity: You Are a Coordinator diff --git a/.claude/commands/mode.md b/.claude/commands/mode.md new file mode 100644 index 0000000..1a09229 --- /dev/null +++ b/.claude/commands/mode.md @@ -0,0 +1,68 @@ +# /mode — Set or view the current work mode + +Manually set the work mode, or let it auto-detect. Mode controls the terminal color and adjusts Claude's operational posture. + +## Usage + +``` +/mode Show current mode +/mode client Switch to client mode (orange) +/mode dev Switch to development mode (cyan) +/mode infra Switch to infrastructure mode (red) +/mode general Switch to general mode (blue) +/mode remediation Switch to remediation/365 mode (purple) +/mode auto Re-run auto-detection from current context +``` + +## Modes + +| Mode | Color | Posture | +|---|---|---| +| **client** | orange | Working on/for a specific client. Extra care with data handling. Session logs go to `clients//session-logs/`. Credential access audited. Always identify the client in session logs. | +| **dev** | cyan | Building features, writing code, testing. Delegate freely to Coding/Testing agents. Use Ollama for drafts when available. Less confirmation friction on non-destructive operations. | +| **infra** | red | Infrastructure work — servers, firewalls, DNS, deployments, backups. Confirm before any destructive or hard-to-reverse operation. Backup-first mentality. Double-check IPs and hostnames. | +| **general** | blue | Research, planning, documentation, email drafts, general questions. Default mode. Lightweight posture. | +| **remediation** | purple | M365 tenant work, breach investigation, security remediation. Graph API focus. Compliance-grade language. Full audit trail. | + +## When invoked + +1. Set the mode in `.claude/identity.json` under a `"mode"` key +2. Run the color change: invoke `/color ` +3. Confirm to user: "Mode: **** ()" + +## Auto-detection rules + +When `/mode auto` is called, OR at session start, OR when the user shifts topics, determine mode from context: + +**Priority order (first match wins):** + +1. **remediation** — user said "remediation tool", "365", "breach", "tenant sweep", or `/remediation-tool` was invoked +2. **client** — user mentions a client name (check `clients/` subdirectories for name matches), or current work is under `clients/`, or user said "for " +3. **infra** — user mentions servers by name/IP (AD2, Jupiter, Uranus, pfSense, 172.16.x.x), SSH commands, firewall rules, DNS changes, service restarts, or "deploy to production" +4. **dev** — user mentions code, building, compiling, Rust/Python/Node, cargo, npm, GuruRMM development, writing features, testing, or current work is under `projects/` +5. **general** — default if nothing else matches + +**On mode change (auto or manual):** +- Update `.claude/identity.json` with `"mode": ""` +- Change terminal color via `/color ` +- Log the transition: `[MODE] general → infra (detected: SSH to 172.16.3.30)` + +**Silent auto-switching:** When auto-detection triggers a mode change mid-session, announce it briefly: `[MODE → infra]` and switch the color. Don't interrupt the user's flow with a long explanation. If the detection seems wrong, the user can override with `/mode `. + +## Session log integration + +Session logs should include the mode in the User section: + +```markdown +## User +- **User:** Mike Swanson (mike) +- **Machine:** DESKTOP-0O8A1RL +- **Role:** admin +- **Mode:** infra (red) +``` + +If mode changed during the session, note the transitions: + +```markdown +- **Mode:** general → infra → dev (transitioned during session) +```