IC3 filed 2026-06-09 12:46 EST. Stamped the submission ID on the report; bank freeze letters
(Truist/First State/Chase) updated with the IC3 # and real Kittle/ACG contacts - now turnkey to send.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Per Kittle bookkeeper (2026-06-09): City of Tucson stopped the payment before any funds reached
the attacker (no completed loss; attempted $130k+). Kittle confirms no Foam Factory relationship,
confirming both receiving accounts are mules. Also: Ken un-restricted from sending (Outbox/Drafts
verified empty first); Lori was never restricted.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Inv #31468 $123,776.75 (confirmed), Inv #31400 ~$8,818, Inv #31453 $41,231 (open);
total identified exposure $130,000+ since the ACH change redirects all City->Kittle payments.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Double-checked the 2026-06-08 BEC remediation for missed EXO-dependent items now that
the Exchange role is confirmed. Findings: malicious inbox rules gone (cleanup stuck);
all 14 mailboxes clean of fwd/redirect/delete/move rules; no mailbox forwarding; no
transport rules; no rogue delegates. Open (need Ken): Christina-Micek StopProcessing rule
+ Ken FullAccess to Accounting. Corrected stale 'Exchange Admin NOT assigned' note (it IS).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
client.py: send() falls back to ResultMessage.result when no TextBlock streams
(the "(no response)" bug) and reconnects+retries once on a closed SDK session.
message_handler.py: per-thread turn lock so messages arriving mid-turn or from a
second user queue in order (nothing dropped); per-session requester-attribution
env (discord_id -> users.json key), pinned to the thread opener; _USER_MAP caches
only on a successful load; final answer posts as a fresh message at the BOTTOM
(no edit-in-place); a <@id> tag goes out as a fresh send so it actually pings.
main.py: allowed_mentions permits user pings, blocks @everyone/@here/roles.
DISCORD_CLAUDE.md: no thread auto-delete; tiered close-out (Q&A -> one-line rolling
log, substantive -> /save); @mention guidance; opener-pinned attribution note.
whoami-block.sh / sync.sh: bot-context attribution (Executed by ClaudeTools Bot /
Requested by <person>; git author = mapped requester, committer = bot). Strict
no-op for interactive sessions.
users.json: discord_id for Mike/Howard; added Winter Williams (bot-only, full trust).
Reviewed by Code Review Agent + Grok + Gemini (Gemini's "malformed email" finding
verified as a false positive).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
EXO email-cleanup tasks (Search-UnifiedAuditLog, Get-MessageTrace, inbox rules) kept
401/403-ing per tenant because the Exchange Operator SP was missing the Exchange Admin
directory role — admin consent grants Exchange.ManageAsApp but never the directory role.
onboard-tenant.sh assigns it, but tenants consented before that step / by hand never got
it, and nothing audited for it. Hence the recurring 'next onboarding will fix it' (false
for already-onboarded tenants).
- NEW assign-exchange-role.sh: idempotent role assignment via the authoritative
roleManagement/directory/roleAssignments API (the legacy directoryRoles/members list
reads back unreliably). <domain|--all> + --verify/--dry-run.
- Backfilled the whole fleet (--all): 13 stragglers ASSIGNED, 12 already OK, 20 skipped
(tenant-admin not consented), 0 errors. Safe Site included.
- Standing audit documented (assign-exchange-role.sh --all --verify) + memory so no future
session repeats the empty promise.
- Adds wiki/clients/safesite.md (tenant + 4-source endpoint inventory + investigation).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Live-verified 2026-06-08: Security Investigator + User Manager + Tenant Admin Graph
tiers all consented and reading (subscribedSkus/organization HTTP 200) on
safesitellc.com (71b4e637-...). The reference's 'NO' was stale (last touched 2026-04-20).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Builds the false-positive/true-positive proof the plan requires before the guard can be
promoted to blocking, and fixes the one false-positive it surfaced.
- test-harness-guard.sh: 12-case matrix in a throwaway repo, runs the REAL guard, asserts
WARN/clean for real conflicts/secrets/keys vs legit content (setext underlines, dividers,
docs that mention a marker, encrypted sops, public keys, .example templates).
- harness-guard.sh: conflict rule now requires a real hunk (BOTH ^<<<<<<< AND ^>>>>>>>),
dropping the lone =======$ trigger that false-positived on a 7-char setext underline /
divider. Identical true-positive power (git writes all three markers); FP surface -> 0.
- /self-check: new harness.guard_selftest runs the matrix in an isolated temp repo (read-only
vs the real tree) so guard correctness is continuously proven.
Verified 12/12 pass, true positives intact, real-tree FP surface = 0. FATAL flip (todo
f1c11d0d, on/after 2026-06-22) is now evidence-backed + one-step.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Task 3 leftover. Adds a 'consistency' category to /self-check that catches a standard
drifting back into restating/contradicting the command that owns the rule -- the Syncro
timers failure mode (standard said 'always timer' while /syncro said 'outlier only').
Deterministic half: each manifest.command_standard_links pair's standard must still carry
its defer-to-SSOT pointer (must_reference regex). Lost pointer = WARN. Seeded with
syncro-billing (time-entry-protocol.md -> /syncro). Semantic contradiction pass delegated
to the model in SKILL.md, mirroring check_memory. Verified PASS; negative-tested.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds a 'harness' category to /self-check (Task 12, self-check half) so the harness-
optimization gains can't silently regress. All read-only / non-invasive:
- VERSION marker present + not older than manifest.harness.min_version
- skill-registry description budget (sum of all SKILL.md description: fields under
registry_desc_budget_chars) -- the metric that catches Task 5 bloating back
- global deploy targets ~/.claude/skills + ~/.claude/commands populated (Mac-wipe failure)
- harness-guard.sh present + wired into sync.sh
- core scripts parse (bash -n on sync/guard/now-phoenix); now-phoenix.sh emits a valid date
Tunables in baseline/manifest.json 'harness' block. Verified 9/9 PASS; budget WARN
negative-tested at a synthetic over-budget value.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The context-lookup standard + CODING_GUIDELINES still said 'GrepAI First' unconditionally.
Updated both to: wiki first for known-entity facts; GrepAI/Grep-before-read for code+discovery.
Keeps the search-before-read token discipline; removes the wiki overlap. Completes the
positioning fix started in e8a689b0 (all 4 sources now consistent: CORE, EXTENDED, standard,
guidelines).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Resolves the contradiction between CORE (wiki-first) and EXTENDED (which said
'use GrepAI first for any context lookup'). New order: wiki for known entities ->
GrepAI for code call-graphs / discovery / un-compiled detail -> raw reads. Keeps
GrepAI's irreplaceable code-search value; removes the redundant wiki overlap.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Safety prerequisites for the P0 rollout, landed BEFORE any sync.sh change so a bad
harness change cannot strand a node. .claude/harness/VERSION (1.0.0) lets a session
detect partial rollout; .claude/scripts/force-pull-raw.sh is a hook-free git rescue
(dry-run by default; --confirm hard-resets to origin/main, saving prior HEAD to a
recovery branch).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Task 3/3a of the harness-optimization spec. Mike confirmed normal billing uses
add_line_item; timers stay available only for explicit outlier requests, never the
normal loop. Rewrote time-entry-protocol.md to defer to the /syncro command (SSOT for
billing mechanics) and state timers are outlier-only; aligned the command's two
absolute "no timers" lines. Contradiction removed.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Optimize the harness (not projects) for accuracy/completeness with context pressure
as a first-class constraint; token efficiency secondary. Authored as a Claude+Grok+
Gemini review (see review-3way.md): P0 reliability footguns (submodule-safe sync,
serialized/staged wiki synthesis, syncro SSOT, warn-only guard), P1 context diet
(one-line registry descriptions, CLAUDE CORE/EXTENDED, thin save/sync), P2 delegation
re-tune, P3 knowledge tiering. Adds harness VERSION marker + OOB recovery as rollout
safety. Python port split to a separate future spec.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
