Commit Graph

58 Commits

Author SHA1 Message Date
ae2ee346b5 syncro: Phase-2 deploy-agent + asset/RMM verified on a real device
deploy-agent proven end-to-end on RMM-TEST-MACHINE: vaulted Howard Test MSI URL -> GuruRMM
push (msiexec /qn, SYSTEM) -> Syncro service Running -> auto-enrolled as asset 12676769 under
the client + the policy folder embedded in the installer token (5092561) in ~1 min.
installed_applications populates fast; patches lag. POST /policy_folders {policy_folder}
requires parent_id (null->422); move-asset flip-restore verified on the real asset; DELETE
policy_folder works. Shapes + findings recorded.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 17:09:47 -07:00
1fa1a42092 syncro: Phase-1b breadth findings (leads/vendors/products/PO/worksheets)
Live-tested the remaining write resources on Howard Test. Recorded:
- wrapped response shapes (.lead.id/.vendor.id/.product.id/.purchase_order.id/
  .po_line_item.id/.worksheet_result.id) added to Verified Response Shapes.
- create_po_line_item requires product maintain_stock:true.
- worksheet templates live in GET /tickets/settings (.worksheet_templates[]), no standalone
  endpoint; need a valid worksheet_template_id.
- PUT /products requires name+description; leads/vendors/products/POs have NO DELETE (global
  test records persist -> GUI cleanup).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:46:47 -07:00
555e1ffd5a syncro: finalize deploy-agent (installer URL = per-client vaulted secret, MSI)
Decoded the Syncro RMM installer URL from 4 client samples:
base64(v1-{customer_id}-{A}-48753-{policy_folder_id}). 48753 = our account id (constant);
customer_id + policy_folder_id are API-readable; A is an unguessable per-client security token
NOT exposed anywhere in the API -> the URL is NOT constructible and must be harvested per client
and vaulted. Installer is an MSI -> deploy uses msiexec /qn /norestart.

deploy-agent now reads clients/<slug>/syncro-agent-installer (credentials.installer_url) from
the vault (cascades-tucson, grabb-durando, reliant, howard-test seeded) and pushes via GuruRMM.
Findings recorded in test-findings.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:46:47 -07:00
12bb9f1544 syncro: capture Phase-1 live-test findings (email-delivery trap + response shapes)
Test campaign on Howard Test sandbox (customer 36118743) surfaced traps the skill must not
re-learn:
- invoice/estimate email endpoints return 200 "Email sent" even with NO recipient
  (customer.email null) -> never report delivery from the 200; verify customer.email first.
- customer.email is UNIQUE tenant-wide; PUT /customers failure returns
  {success:false,message:[...]} not {customer:{...}} -> check .success.
- POST/PUT /contacts return a FLAT object (.id), not {contact:{...}}; contact recipient
  flags (primary/receives_invoices) are ignored via API.
- POST /contracts write succeeds but body doesn't echo the object; /contracts?customer_id
  doesn't filter server-side -> GET-verify + client-filter.

New living log .claude/standards/syncro/test-findings.md; critical items folded into
syncro.md Hard Rules + Verified Response Shapes. Correction logged to errorlog.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 16:46:46 -07:00
1f56098652 syncro: expand skill to full Syncro API surface (assets/RMM/deploy) + verified capability model
Add comprehensive Syncro coverage beyond PSA core:
- New .claude/standards/syncro/api-reference.md: complete verified inventory of ~180
  endpoints across 38 resource types (generated from live OpenAPI 3.0 spec + tenant
  probe 2026-07-10), with worked GET/POST/PUT/DELETE templates and token-capability matrix.
- /syncro: asset read intelligence (patches, installed_applications), asset create/update,
  policy-folder move (move-asset), RMM alerts, and deploy-agent (hybrid installer push via
  GuruRMM using SyncroSetup --console --allow-force-reboot).
- move-asset ships a capability preflight (GET /policy_folders?customer_id -> 401 = missing
  Assets-Policy-Change) + mandatory post-write verify, because an under-scoped token returns
  HTTP 200 and silently no-ops the move.

Correct the "Syncro RMM is API-impossible" belief: it was a token-scope gap, not an API
limit. Live-verified the asset move (flip-and-restore 692253->692278->692253). Token scope
today: Howard + Winter full; Mike (vaulted ...ebbeb3) still 401 pending re-vault.

Corrects memory reference-syncro-rmm-api-gui-only; correction logged to errorlog.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 15:45:26 -07:00
Winter Williams
07404759f3 sync: auto-sync from GURU-BEAST-ROG at 2026-07-10 10:06:22
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-07-10 10:06:22
2026-07-10 10:07:09 -07:00
2f35163866 harness: read Syncro keys from vault, stop hardcoding the repo root
Two defects found while running /wiki-compile, both from tooling assuming
a path instead of resolving it.

1. Plaintext Syncro API keys. Mike's and Howard's live PSA keys were
   copy-pasted into three command files, a script, and two catalog docs --
   despite both already being vaulted at msp-tools/syncro and
   msp-tools/syncro-howard. Replaced with reads from the SOPS vault via a
   new sourced helper, .claude/scripts/syncro-env.sh. Write paths fail
   closed; read-only paths degrade to skipped enrichment rather than a
   wrong key. Per-user mapping is unchanged, so Syncro attribution is too.

2. Hardcoded repo root. wiki-compile/wiki-lint/inject-standards and
   gen_b64.py hardcoded D:/claudetools; this machine is C:/claudetools.
   syncro.md also read ~/.claude/identity.json before the repo copy -- the
   same bug that made remediation-tool's consent-audit report a fully
   consented tenant as RED. Root now resolves from the script's own
   location, with identity.json claudetools_root as the override.

get-identity.sh had a chicken-and-egg bug: it read ${CLAUDETOOLS_ROOT:-.}
but never set it, so every caller had to already know the root. It now
self-resolves and exports CLAUDETOOLS_ROOT + VAULT_ROOT.

Verified: all three command setup blocks authenticate against live Syncro;
get-identity.sh works from any cwd and honors a pre-set root; gps-rmm
autoenroll resolves its key from the vault. security-review: no findings.

NOTE: both keys remain valid in git history. Rotation in the Syncro portal
is the required follow-up -- this commit does not resolve that exposure.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-10 07:56:33 -07:00
a2a277ab67 sync: auto-sync from HOWARD-HOME at 2026-07-07 20:31:16
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-07-07 20:31:16
2026-07-07 20:31:47 -07:00
51335db124 sync: auto-sync from HOWARD-HOME at 2026-06-30 11:27:16
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-30 11:27:16
2026-06-30 11:27:47 -07:00
7b252335cc sync: auto-sync from GURU-5070 at 2026-06-23 21:14:42
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-23 21:14:42
2026-06-23 21:15:42 -07:00
cc15177ce3 syncro: invoice-note policy — block hours remaining, low-block (<4hr) renew + Winter tag, recurring sweep
Extends the invoice Message (note) automation into a single reusable helper
set_invoice_note <invoice_id> <customer_id> [pre_billing_prepay]:
  - no block (prepay_hours==0)  -> "Interested in discounted labor? Ask us about block-rate pricing."
  - block, >=4 hrs left         -> "Block hours remaining: N."
  - block, <4 hrs left          -> remaining + renew line, AND tags Winter (<@624666486362996755>)
                                   in #bot-alerts (low-block heads-up; mentions ping, no allowed_mentions)
Pre-billing prepay arg keeps a just-depleted block counted as a block customer (shows renew, not upsell).
Never clobbers a non-empty note.

Wired into billing Step 3 (set_invoice_note "$INVOICE_ID" "$CUST_ID" "$PREPAY"), and a new
"Recurring invoice note sweep" applies the same policy to Syncro's auto-generated recurring invoices
(schedule_id != null, recent, current balance) — idempotent, run after each recurring run.

Branch logic + a real e2e note set/restore validated on the ACG internal test account (#67741); the
<4hr Winter alert was stubbed in testing so no real ping fired.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 08:56:42 -07:00
f5c284444b syncro: document Invoice Message (note field) + auto block-rate hint for non-block customers
The on-screen "Invoice Message" text block IS the invoice `note` field, editable via
PUT /invoices/{id} {"note": "..."} (response {"invoice": {...}}). Verified on the ACG
internal test account (#67741: set/verify/restore).

Billing flow now sets a one-line upsell hint on the invoice note — "Interested in
discounted labor? Ask us about block-rate pricing." — ONLY for customers with no prepaid
block (prepay_hours == 0). Block customers (prepay_hours > 0) get no hint; never clobber
a non-empty note.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 08:48:25 -07:00
54a415fd4b fix(syncro): resolve billing SSOT — add_line_item is normal, timers outlier-only
Task 3/3a of the harness-optimization spec. Mike confirmed normal billing uses
add_line_item; timers stay available only for explicit outlier requests, never the
normal loop. Rewrote time-entry-protocol.md to defer to the /syncro command (SSOT for
billing mechanics) and state timers are outlier-only; aligned the command's two
absolute "no timers" lines. Contradiction removed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 07:37:36 -07:00
25edcd0d2f syncro skill: require [TEST] prefix on all test article subjects
Any ticket, estimate, appointment, or schedule created for testing or API
research must have its subject/name prefixed with [TEST]. Added as a Hard
Rule and cross-referenced in the recurring schedules section.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 14:32:12 -07:00
24df156d4a sync: auto-sync from GURU-5070 at 2026-05-28 10:18:36
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-28 10:18:36
2026-05-28 10:18:43 -07:00
4b78366809 syncro: require delivery channel for emergency billing
"Emergency" is a billing modifier, not a delivery channel. Added explicit
hard rule that Remote/Onsite/In-Shop must be confirmed separately when billing
emergency — the delivery channel determines price_retail and cannot be guessed.

Updated both the Hard Rules section and the Billing workflow Step 1 gather prompt.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-27 16:26:30 -07:00
ba90915da5 docs(session)+rules: 2026-05-27 — Quantum M365 onboarding, IX autodiscover fix, Syncro emergency/labor/attribution rules
Session logs: root (Michael #32329 hosting offer + IX simplehost.email autodiscover DNS fix + Cascades #32332 emergency correction) + Quantum client log (M365 tenant 2fd0092b onboarding, break-glass GA, CA report-only).

Syncro rule overhaul:
- Emergency billing: prepaid -> 26184 @ hours x1.5 (was 26118); non-prepaid -> 26184 with channel rate (onsite $262.50 / remote+inshop $225)
- Never make up labor items (existing product + real name; QuickBooks sync)
- Corrections preserve original tech's user_id (commission); adding notes/labor never changes ticket owner

/remediation-tool: Conditional Access may be managed programmatically (report-only first + exclude break-glass + confirm before enforce); fabb3421 deprecated for customer tenants; Quantum tenant onboarded (gotchas table).

Memory: 4 new (no-madeup-labor, corrections-preserve-tech, ca-programmatic, quantum-godaddy-tenant) + updates.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 14:57:55 -07:00
51a7d55b87 feat(identity): sync.sh and syncro.md read from identity.json
Phase 2 migration complete:

sync.sh:
- Read Python command from identity.json first (.python.command)
- Fall back to auto-detection for legacy machines
- Eliminates per-session detection overhead

syncro.md:
- Read Ollama endpoint from identity.json (.ollama.endpoint // .ollama.fallback)
- Read Python command from identity.json (.python.command)
- Both sections have legacy fallbacks with detection
- Eliminates 2-second curl probe on every write operation
- Updated day-of-week verification code example
- Updated Ollama draft call section

Impact: All scripts now read machine-specific config from identity.json
(populated by migrate-identity.sh). Faster, explicit, offline-safe.
2026-05-26 20:12:33 -07:00
4d602a6b2e feat(identity): read claudetools_root from identity.json
- Updated sync.sh to read claudetools_root from identity.json
- Updated syncro.md skill to use identity.json for repo path
- Updated CLAUDE.md onboarding to include claudetools_root field
- Eliminates cross-architecture path detection issues
- Fallback to git rev-parse for legacy machines

Each machine sets claudetools_root during onboarding, just like vault_path.
2026-05-26 18:44:47 -07:00
30fdf3986c sync: auto-sync from GURU-5070 at 2026-05-26 07:25:37
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-26 07:25:37
2026-05-26 07:25:41 -07:00
4e231ee113 Add ticket subject prefix check to estimate success criteria
The linked ticket subject must start with "Estimate - " before an estimate
task is considered complete. Added as criterion [4] in both the hard rules
block and the workflow success criteria block, with a self-correction step
(PUT /tickets/{id}) if the check fails.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 15:27:47 -07:00
59fb2c8ee2 Update estimate ticket subject prefix from colon to dash
Change the linked ticket subject format from "Estimate: <subject>" to
"Estimate - <subject>" per Winter's request for consistent formatting.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 15:23:17 -07:00
4c86e4d7e1 sync: auto-sync from GURU-BEAST-ROG at 2026-05-22 15:18:36
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-05-22 15:18:36
2026-05-22 15:18:37 -07:00
f638b3b137 sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-22 13:42:56
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-22 13:42:56
2026-05-22 13:46:47 -07:00
ac25fc69a8 sync: auto-sync from GURU-BEAST-ROG at 2026-05-22 13:13:08
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-05-22 13:13:08
2026-05-22 13:13:09 -07:00
ec51a06a0d sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-22 12:08:26
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-22 12:08:26
2026-05-22 12:08:31 -07:00
aa5f15340c sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-22 12:06:06
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-22 12:06:06
2026-05-22 12:06:11 -07:00
3ad96ac7b9 sync: auto-sync from GURU-BEAST-ROG at 2026-05-22 11:46:56
Author: Mike Swanson
Machine: GURU-BEAST-ROG
Timestamp: 2026-05-22 11:46:56
2026-05-22 11:46:58 -07:00
280428b68b sync: auto-sync from HOWARD-HOME at 2026-05-22 09:03:36
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-22 09:03:36
2026-05-22 09:03:39 -07:00
55d1c9f420 sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-21 16:54:00
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-21 16:54:00
2026-05-21 16:54:04 -07:00
347749e72c fix(syncro): appointment_type_id optional; omit unless explicitly specified
Per Winter: leave appointment type blank unless user names one of the known
types. If omitting, include delivery method in ticket subject for calendar
visibility. Applies to both the gather-inputs table and the appointment POST.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 10:06:16 -07:00
59ea650865 fix(syncro): omit contact_id by default; Syncro assigns primary automatically
Only set contact_id when ticket is opened by/regarding a named contact.
Removed address_id, appointment_owner, and do_not_invite fields from the
default gather step — these are edge cases, not routine inputs.
Updated preview template to reflect default primary contact behavior.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 10:04:45 -07:00
04c7bf7564 refactor(syncro): replace timer workflow with add_line_item, lock API sequences
- Billing now uses add_line_item directly; timer_entry/charge_timer_entry removed
- Added Verified Response Shapes table for all endpoints (tested live against ACG internal customer)
- Billing workflow rewritten as strict 5-step locked script with no branches
- Added STOP rule: never try alternative endpoints/formats on unexpected responses
- bot-alerts section: explicit success ([OK] + message_id) and failure ([WARNING]) criteria
- Updated feedback memory to supersede the old timer-first rule

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 10:04:45 -07:00
c4b0614063 sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-20 19:14:31
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-20 19:14:31
2026-05-20 19:17:13 -07:00
7b63757bbe syncro: post a summary + link to #bot-alerts after every write
Add .claude/scripts/post-bot-alert.sh — reusable, soft-failing Discord
poster that reads the bot token from the SOPS vault (bot-token.sops.yaml,
credentials.bot_token) with a .env fallback, so it works from any machine.

Wire it into the /syncro skill: a Hard Rules pointer, a billing-workflow
step (17), and a "Post to #bot-alerts" reference section with the message
format and ticket/invoice/customer link mapping (computerguru.syncromsp.com).
Scoped to write ops (create/update/close/comment/bill/customer); reads post
nothing. Best-effort — never fails the Syncro write it follows.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 16:43:23 -07:00
895b1805d1 Session log: GuruRMM 4-bug fix + MSP360 backup integration 2026-05-19
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 16:54:06 -07:00
999f3334a3 fix(syncro): correct billing rules for prepaid customers and ticket creation defaults
- Add hard rule: 9269129 (Prepaid Project Labor) is Exempt and does NOT deduct
  from prepay_hours block — never use for normal work (verified 2026-05-04)
- Expand prepay_hours check from emergency-only to ALL billing workflows
- Fix emergency/prepaid branching table to use delivery-channel product instead
  of hardcoding 26118 (Onsite) for remote and other labor types
- Clarify invoice step 15: $0.00 invoice total is correct for prepaid customers;
  verify by checking customer.prepay_hours dropped by quantity
- Field 7 (Assigned Tech): add explicit default to API key owner; mark as MUST
  always be included in POST payload to prevent null user_id on ticket create
- Add billing workflow hard rule: read prepay_hours before any billing, not just
  emergency, so prepaid invoice behavior is known before execution begins

Triggered by ticket #32265 (Russo Law Firm) missing assignee/priority/billing.
Russo Law has 12.5 prepaid hrs — 0.5 hrs correctly deducted via invoice #67578.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-08 12:16:48 -07:00
636281da5f sync: auto-sync from HOWARD-HOME at 2026-05-06 15:10:59
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-06 15:10:59
2026-05-06 15:11:04 -07:00
a785293318 sync: auto-sync from HOWARD-HOME at 2026-05-05 16:47:31
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-05 16:47:31
2026-05-05 16:47:31 -07:00
2ec07ea409 syncro skill: timer-entry-first workflow + heredoc payloads
- Promote timer_entry → charge_timer_entry to default billing path; demote
  bare add_line_item to a clearly-labeled fallback for non-time items only.
  Mike caught the bare-add_line_item bug across 31 tickets on 2026-04-30;
  repeated on 3 tickets 2026-05-01. Time entries are required for Syncro
  reporting (hours per client, tech productivity, prepay burn).
- Replace /tmp/*.json payload pattern with heredoc throughout. /tmp resolves
  to C:\tmp\ in the Write tool but %LOCALAPPDATA%\Temp\ in Git Bash on
  Windows — different real directories. Caused a wrong-comment incident on
  ticket #32225 2026-05-01 (rogue payload from prior session). Heredoc
  avoids the file handoff entirely.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 10:58:20 -07:00
557c174ce9 syncro skill: document appointment move/edit — PUT /appointments/{id} verified
Added /syncro move-appointment to usage table; added Appointments CRUD section
to endpoints reference documenting GET/PUT/DELETE with verified move workflow
(verified 2026-04-24).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 20:13:20 -07:00
401dd0082e syncro skill: add Ollama drafting with Claude review + fallback
Write operations (bill, comment, create) now send a prompt to Ollama
(qwen3:14b) for comment body and billing description drafting. Claude
reviews the output against the rate/prepaid/formatting checklist before
presenting the preview. If neither Ollama endpoint is reachable, Claude
drafts directly — same review and confirmation flow either way.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 07:20:20 -07:00
8f6b45ef32 syncro skill: bake in labor rates and API keys
- Add local rate table (pulled 2026-04-24) for all 7 labor products; always
  set price_retail explicitly — Syncro API does not auto-apply product rates
- Replace vault-based key fetch with inline case block on identity.json user;
  both Mike and Howard keys included for correct per-user attribution

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 07:14:13 -07:00
24b6bf65e6 syncro: expand ticket creation to full 19-field workflow
Documents the 3-call create pattern (ticket → Initial Issue comment →
appointment), adds problem type and appointment type dropdowns with IDs,
fixes priority format to number-prefixed strings ("2 Normal"), adds Howard
to tech user ID table, and adds asset/contact lookup steps.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 07:13:16 -07:00
03636f2878 sync: auto-sync from HOWARD-HOME at 2026-04-23 13:34:46
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-23 13:34:46
2026-04-23 13:34:48 -07:00
4ddc3a0a1f session log: Dataforth SMTP fix, GuruRMM GAGETRAK onboarding, Cloudflare grey-cloud, ticket #32142 billed
- Resolved calibration@dataforth.com SMTP AUTH per-mailbox block in Exchange Online
- Full Dataforth tenant onboarding (all 5 ComputerGuru apps consented)
- GuruRMM agent deployed on DF-GAGETRAK; diagnosed and fixed two issues:
  - rmm-api.azcomputerguru.com grey-clouded (Cloudflare was blocking WSS)
  - enrolled_agents auth gap workaround (site API key in AgentKey registry)
- Syncro ticket #32142 billed: 2 hrs prepaid, invoice #67447, status Invoiced
- syncro.md: fix .comment.id jq path (was .id, caused duplicate comments twice)
- tenants.md: Dataforth marked fully onboarded

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 09:20:00 -07:00
bb8a462641 syncro: add hard rules block for POST idempotency and preview enforcement
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-22 20:37:37 -07:00
0895af03e3 sync: auto-sync from HOWARD-HOME at 2026-04-22 11:48:29
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 11:48:29
2026-04-22 11:48:29 -07:00
2c9c5c851d docs: remove hardcoded labor rates from syncro.md; message Howard re rates + vault fix
Syncro auto-calculates price from the product's configured rate — omit price_retail.
Cleared Howard's messages from for-mike.md (both items addressed).
Left reply for Howard in for-howard.md confirming fix is live.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 20:25:48 -07:00
fcb5bebf5b fix: vault path from per-machine identity.json, not hardcoded paths
- Add .claude/scripts/vault.sh wrapper (reads vault_path from identity.json)
- get-token.sh + patch-tenant-admin-manifest.sh read identity.json for vault root
- syncro.md uses wrapper via CLAUDETOOLS_ROOT
- CLAUDE.md + ONBOARDING.md document the pattern and prompt for vault_path on onboarding
- identity.json now includes vault_path (D:/vault on DESKTOP-0O8A1RL)

Howard and Mac need vault_path added to their identity.json after pulling.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 19:01:27 -07:00