azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-06-21 19:32:30

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-21 19:32:30
This commit is contained in:
Howard Enos
2026-06-21 19:32:57 -07:00
parent 5b44a3e619
commit f4296f2d9e
4 changed files with 103 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
session-logs/2026-06/2026-06-21-howard-security-assessment-deploy.md
View File

@@ -151,3 +151,41 @@ buttons at the top." Diagnosed and resolved.
### Net state
security.azcomputerguru.com is LIVE and working (new scoring wizard + larger UI + dual export + fixed backend),
verified server-side and confirmed loading in Howard's browser. Remaining: #1 RMM prefill (deferred, infra), FR-1 portal (deferred, auth decision).
---
## Update: 19:31 PT — post-deploy live fixes (wrong-customer lookup bug + New/clear button)
Two issues Howard found while using the live site, both fixed + deployed + verified.
### Bug: phone lookup returned the WRONG customer
- Symptom: entering `5205851310` pulled up "Marjolaine Deslauriers" (an unrelated record).
- Root cause: Syncro's `GET /customers?phone=<n>` param does NOT filter — it returns the full customer
list (5079 across 51 pages); the code took `customers[0]` (Marjolaine, phone 5203310273). Reproduced
via the Syncro API (vault `msp-tools/syncro-howard` cred field `credentials.credential`): `?phone=`
count 100 unfiltered; `?query=5205851310` → count 0 (number not in Syncro); `?query=5208880000`
(Insty-Prints' real number) → count 1 (so `?query=` DOES search phone by digits).
- Fix (api.php lookup): use `?query=<digits>` and VERIFY a candidate's phone digit-tail matches the
entered digits before prefilling (handles leading-1 / 7-vs-10 digits). No match → return a clear
"No customer matches that phone number" + suggestions, and prefill NOTHING. index.php doLookup updated
to show the message/suggestions and not prefill on no-match. Format was never the issue (input is
digit-normalized, so 5205851310 == (520) 585-1310).
- Verified live (web POST via the external-IP path): `5205851310` → no-match; `5208880000` → Insty-Prints
full prefill; `(520) 585-1310` → no-match (same as digits).
### Feature: "+ New" button (Howard's request)
- After loading a client, `state.id` persisted, so a fresh lookup + save could overwrite the previous
client's record. Added a top-bar **+ New** button -> `clearAll()` resets id/data/consent/sec/view +
URL + topbar, so the next save INSERTs a new record. Confirms before clearing if work is in progress.
### Deploy mechanics (each fix)
- Upload changed file(s) to `.new` -> `php -l` -> atomic `mv` -> flush opcache via a one-off `_oc.php`
hit through `--resolve ...:443:72.194.62.5` (external IP; 127.0.0.1 vhost 404s) -> verify served HTML.
Backups `*.bak-<ts>` in the docroot. Browser needs Ctrl+Shift+R to pick up index.php changes.
### Commits
- `ef03b4e` lookup phone-match fix; `a9c85a7` + New button. claudetools pins advanced (`c462f50`, `5b44a3e`).
### Net
Phone search works correctly (verified by Howard), wrong-customer risk eliminated, and the + New button
prevents cross-record contamination. Site fully functional.