Commit Graph

4 Commits

Author SHA1 Message Date
2f35163866 harness: read Syncro keys from vault, stop hardcoding the repo root
Two defects found while running /wiki-compile, both from tooling assuming
a path instead of resolving it.

1. Plaintext Syncro API keys. Mike's and Howard's live PSA keys were
   copy-pasted into three command files, a script, and two catalog docs --
   despite both already being vaulted at msp-tools/syncro and
   msp-tools/syncro-howard. Replaced with reads from the SOPS vault via a
   new sourced helper, .claude/scripts/syncro-env.sh. Write paths fail
   closed; read-only paths degrade to skipped enrichment rather than a
   wrong key. Per-user mapping is unchanged, so Syncro attribution is too.

2. Hardcoded repo root. wiki-compile/wiki-lint/inject-standards and
   gen_b64.py hardcoded D:/claudetools; this machine is C:/claudetools.
   syncro.md also read ~/.claude/identity.json before the repo copy -- the
   same bug that made remediation-tool's consent-audit report a fully
   consented tenant as RED. Root now resolves from the script's own
   location, with identity.json claudetools_root as the override.

get-identity.sh had a chicken-and-egg bug: it read ${CLAUDETOOLS_ROOT:-.}
but never set it, so every caller had to already know the root. It now
self-resolves and exports CLAUDETOOLS_ROOT + VAULT_ROOT.

Verified: all three command setup blocks authenticate against live Syncro;
get-identity.sh works from any cwd and honors a pre-set root; gps-rmm
autoenroll resolves its key from the vault. security-review: no findings.

NOTE: both keys remain valid in git history. Rotation in the Syncro portal
is the required follow-up -- this commit does not resolve that exposure.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:56:33 -07:00
a44d3579ba feat: add /wiki-compile skill + Syncro live-check in /wiki-lint
/wiki-compile: new skill that seeds or refreshes wiki client articles
from session logs and live Syncro PSA data.

- Three modes: seed (new article), refresh (surgical update), full (--full flag)
- Syncro enrichment for client targets: customer profile, contacts,
  open tickets, recent invoices, asset count
- Ambiguous customer search: pause and ask user to pick
- Customer not found: graceful warn + continue with session logs only
- Syncro is authoritative for all billing fields (hours, rate, contract type)
- Refresh mode: surgical edits only (hours, active tickets, frontmatter)
- Seed/full: Ollama qwen3:14b synthesis; Claude-direct fallback
- Asset count in Profile only — no asset detail tables in wiki
- Commits and pushes after write

/wiki-lint: add Step 6 — Syncro Live-Check
- Pulls live prepay_hours for every client article with a Syncro customer ID
- Auto-fixes stale hours in place; commits fixes in one batch
- Flags articles with open tickets and stale compiled date for review
- Adds Syncro section to lint report output

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-26 11:45:44 -07:00
3ed768316f wiki-lint: improve backlink checker to normalize slugs before validation 2026-05-25 06:38:05 -07:00
c02d1ad584 wiki: recompile overview.md + add /wiki-lint skill + /save unseeded check
overview.md recompiled with all 24 client articles and 7 project articles.
Captures ~80 action items sorted by priority; top urgent items: Neptune
cert (2026-05-31), Western Tire SSL (2026-05-30), Kittle eval license.

.claude/commands/wiki-lint.md: new skill — scans clients/ and projects/
for directories with session-logs but no wiki article, checks broken
[[backlinks]], stale last_compiled dates, index gaps, and stale queue
entries. Emits a structured lint report.

.claude/commands/save.md: added Phase 4 unseeded-wiki check — after sync,
if the session log was written for a client/project with no wiki article,
emit a /wiki-compile reminder. Informational only, no blocking behavior.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 06:13:22 -07:00