- tenants.md: updated status to PARTIAL with full detail note
- clients/sandteko-machinery/: new client directory with reports/ and session-logs/ scaffolding
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Index was dead since 2026-04-19 (watcher not running). Fixes:
- Watcher restarted; scheduled task registered for login persistence
- Removed .md 0.6x penalty — markdown is primary content in this repo
- Added session-logs/ 1.3x, .claude/ 1.2x, /clients/ 1.1x relevance bonuses
- CLAUDE.md: grepai_search is now the first step for any context lookup
- OLLAMA.md: documents config overrides + watcher setup for new machines
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Write operations (bill, comment, create) now send a prompt to Ollama
(qwen3:14b) for comment body and billing description drafting. Claude
reviews the output against the rate/prepaid/formatting checklist before
presenting the preview. If neither Ollama endpoint is reachable, Claude
drafts directly — same review and confirmation flow either way.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add local rate table (pulled 2026-04-24) for all 7 labor products; always
set price_retail explicitly — Syncro API does not auto-apply product rates
- Replace vault-based key fetch with inline case block on identity.json user;
both Mike and Howard keys included for correct per-user attribution
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- tenant-sweep.sh line 12: renamed tier `graph` to `investigator` to match
the valid tier name expected by get-token.sh
- tenants.md: updated Kittle Design & Construction consent status from NO
to PARTIAL with notes on what was consented and what remains pending
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Documents the 3-call create pattern (ticket → Initial Issue comment →
appointment), adds problem type and appointment type dropdowns with IDs,
fixes priority format to number-prefixed strings ("2 Normal"), adds Howard
to tech user ID table, and adds asset/contact lookup steps.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Intune Manager (46986910-...) registered as AzureADMyOrg instead of
AzureADMultipleOrgs, blocking consent in any external tenant. Includes
evidence, PATCH command, and portal steps. Blocks Cascades MDM Phase B.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- intune-manager SOPS file is present; Howard needs to pull vault (2 commits behind)
- Directed Howard to check Syncro for current labor rates
- Cleared addressed items from for-mike.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Syncro auto-calculates price from the product's configured rate — omit price_retail.
Cleared Howard's messages from for-mike.md (both items addressed).
Left reply for Howard in for-howard.md confirming fix is live.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Python open() can't read MSYS-style paths (/c/claudetools/...).
Fix: try jq first (handles Unix paths cleanly on all platforms),
fall back to Python with cygpath -m conversion to mixed Windows paths.
Matches the same fix already applied to get-token.sh.
Bug reported by Howard (HOWARD-HOME, 2026-04-21).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Complete reference for setting up vault access on Mac/Windows/Linux.
Covers all issues encountered during Mac setup:
- Line ending fixes (CRLF → LF)
- SOPS_AGE_KEY_FILE environment configuration
- Age key installation and permissions
- Common errors and solutions
Includes quick setup for Howard's machines (ACG-Tech03L, HOWARD-HOME).
Successfully validated on Mikes-MacBook-Air - all 4 tiers working.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Tested vault access capability on Mac. Found multiple blockers:
- SOPS not installed
- age not installed
- age key not configured
- vault repo not cloned (git auth blocked)
Documents what would be required vs. recommendation to skip Mac setup.
Windows already validated - all 5 tiers working.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Step-by-step test to validate:
- 5 SOPS files are in vault repo
- Token acquisition works for all tiers
- Howard can be notified to pull
Includes Howard notification message template.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Documents authentication blocker for vault clone on Mac.
Provides step-by-step setup instructions for future vault access.
Vault sync from Windows is complete - Mac setup is optional.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1. Variable name collision: VAULT_PATH was used for both the SOPS file
relative path (set by case statement) and the vault root override env
var. Renamed env var override to VAULT_ROOT_ENV to avoid collision.
2. Wrong directory depth: CLAUDETOOLS_ROOT was navigating 3 levels up
from scripts/ landing at .claude/ instead of repo root. Fixed to 4
levels (scripts -> remediation-tool -> skills -> .claude -> repo root).
Also added jq as primary vault_path reader (handles Unix paths on Windows),
with cygpath-converted Python fallback.
Bugs discovered during Mac testing 2026-04-21. Windows worked only because
tokens were served from /tmp cache after first acquisition.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Critical bug discovered during Mac vault testing. Variable name collision
breaks token acquisition on all machines.
Fix required before proceeding with Howard's vault sync task.
Read .claude/URGENT-vault-path-bug.md on Windows laptop for remediation steps.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
sync.sh: after pull, scan changed session logs for "## Note for" /
"## Message for" sections and print them in a highlighted block
before the sync summary. Forces attention on inter-team messages.
CLAUDE.md: document mandatory behavior — cross-user notes displayed
at top of response with full content, action items addressed before
continuing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add .claude/scripts/vault.sh wrapper (reads vault_path from identity.json)
- get-token.sh + patch-tenant-admin-manifest.sh read identity.json for vault root
- syncro.md uses wrapper via CLAUDETOOLS_ROOT
- CLAUDE.md + ONBOARDING.md document the pattern and prompt for vault_path on onboarding
- identity.json now includes vault_path (D:/vault on DESKTOP-0O8A1RL)
Howard and Mac need vault_path added to their identity.json after pulling.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace hardcoded D:/vault references with candidate-list pattern
that also checks $HOME/vault, ~/.vault, and respects VAULT_PATH
env var override. Fixes vault.sh lookup failures on Mac and
Howard's machine.
Affected: CLAUDE.md, syncro.md, get-token.sh, patch-tenant-admin-manifest.sh
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
