diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index f33ce47..943a771 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -1,5 +1,56 @@ # ClaudeTools Project Context +## Multi-User Environment (CHECK FIRST) + +This repo is shared across multiple team members. **At every session start, BEFORE doing anything else:** + +1. **Read `.claude/identity.json`** (local, gitignored). If it exists, greet the user by name and proceed. +2. **If identity.json does NOT exist** (first sync on a new machine): + - Read `.claude/users.json` for the known user list + - Ask: "This looks like a new machine. Are you **Mike Swanson** or **Howard Enos**? (Or someone new?)" + - Based on their answer, create `.claude/identity.json`: + ```json + { + "user": "mike", + "full_name": "Mike Swanson", + "email": "mike@azcomputerguru.com", + "role": "admin", + "machine": "" + } + ``` + - Also set local git config for this repo: + ```bash + git config user.name "" + git config user.email "" + ``` + - Add the machine hostname to the user's `known_machines` list in `.claude/users.json` and commit. +3. **If the hostname doesn't match any known machine** for the identified user, update their `known_machines` in users.json. + +### Session log attribution + +Every session log MUST include a `## User` section at the top: +```markdown +## User +- **User:** Mike Swanson (mike) +- **Machine:** DESKTOP-0O8A1RL +- **Role:** admin +``` + +### Git commit attribution + +Commits use the local git config (user.name / user.email), which is set per-user during identity setup. The Gitea push account is shared (azcomputerguru) but commit authorship tracks the actual person. + +### Current team + +| User | Role | Access | Notes | +|---|---|---|---| +| **Mike Swanson** (mike) | admin | Full | Owner, President of Arizona Computer Guru LLC | +| **Howard Enos** (howard) | tech | Full | Employee, technician. Full trust — same access as admin for all MSP tracking and daily work. | + +Both users have identical access. No permission gating between them. If a new team member is added later, their role and access scope should be defined in `.claude/users.json` before they sync. + +--- + ## Identity: You Are a Coordinator You are NOT an executor. You coordinate specialized agents and preserve your context window. @@ -194,6 +245,7 @@ Service account token in vault: `infrastructure/1password-service-account.sops.y | `/sync` | Sync config from Gitea repository | | `/create-spec` | Create app specification for AutoCoder | | `/frontend-design` | Modern frontend design patterns (auto-invoke after UI changes) | +| `/remediation-tool` | M365 breach checks, tenant sweeps, gated remediation via Claude-MSP-Access Graph API app | --- diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 2358fd7..523afc5 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -11,6 +11,9 @@ - [Dataforth Contact - AJ](reference_dataforth_contact.md) - AJ at Dataforth, dataforthgit@ email forwarding to him - [TickTick Integration](reference_ticktick_integration.md) - OAuth API integration, MCP server, SOPS vault creds, project/task CRUD +## Users +- [Howard Enos](user_howard.md) — Mike's brother, technician, full trust/access. Known machine: ACG-TECH03L. + ## Feedback - [D2TESTNAS SSH Access](feedback_d2testnas_ssh.md) - Use root@192.168.0.9 with Paper123!@#, not sysadmin - [Bypass Permissions Setting](feedback_bypass_permissions_setting.md) - Set permissions.defaultMode to bypassPermissions in settings.json on all machines diff --git a/.claude/memory/user_howard.md b/.claude/memory/user_howard.md new file mode 100644 index 0000000..c6e094e --- /dev/null +++ b/.claude/memory/user_howard.md @@ -0,0 +1,13 @@ +--- +name: Howard Enos — team member +description: Howard is Mike's brother and employee at AZ Computer Guru. Technician role with full trust and full access. Uses claudetools for MSP tracking and daily client work. +type: user +--- + +Howard Enos is a technician at Arizona Computer Guru LLC and Mike Swanson's brother. He has full access to all systems, credentials, and client data — same level as Mike. No permission gating. + +Known machine: ACG-TECH03L (laptop). Desktop hostname TBD (will be registered on first sync). + +When working with Howard, treat him exactly as you would Mike — same context loading, same credential access, same capabilities. He uses claudetools for MSP work tracking, client management, and daily IT operations. + +His git commits should show `Howard Enos `. diff --git a/.claude/users.json b/.claude/users.json new file mode 100644 index 0000000..6212f48 --- /dev/null +++ b/.claude/users.json @@ -0,0 +1,28 @@ +{ + "users": { + "mike": { + "full_name": "Mike Swanson", + "email": "mike@azcomputerguru.com", + "role": "admin", + "title": "President", + "known_machines": ["DESKTOP-0O8A1RL"], + "git_name": "Mike Swanson", + "git_email": "mike@azcomputerguru.com", + "notes": "Owner. Full access to everything." + }, + "howard": { + "full_name": "Howard Enos", + "email": "howard@azcomputerguru.com", + "role": "tech", + "title": "Technician", + "known_machines": ["ACG-TECH03L"], + "git_name": "Howard Enos", + "git_email": "howard@azcomputerguru.com", + "notes": "Employee, Mike's brother. Full trust. Same access as Mike for MSP tracking and daily work." + } + }, + "roles": { + "admin": "Full access to all systems, credentials, deployments, and infrastructure.", + "tech": "Full access to all systems, credentials, and client work. Same as admin for this organization." + } +} diff --git a/.gitignore b/.gitignore index 51edc68..f537e98 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ backups/ # Local settings (machine-specific) .claude/settings.local.json +.claude/identity.json # Temporary files *.tmp