Updated Howard's note with correct analysis after Mike's clarification:
BUSINESS RULE (from Mike):
- ALL tickets need time entries (except cancelled)
- Even warranty/free work logs time
- Time tracking separate from billing decisions
FINDINGS:
- Billing: ✅ Working (29 invoices exist, 2 correctly non-billed)
- Time tracking: ❌ Bypassed (all 31 show 00:00:00)
ROOT CAUSE:
- Manual invoice line items used instead of time tracking
- Hours typed in descriptions ("Applied X.0 Prepay Hours")
- Prevents productivity/utilization reporting
Pattern: 20 prepay deductions + 16 direct charges, all via manual
line items. Workflow skips Syncro time tracking system entirely.
Examples included with hours that should have been logged.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Previous commits falsely claimed 31 tickets had no invoices. This was based on
a fundamentally flawed verification script that:
- Used list endpoint instead of individual invoice details
- Failed to check invoice-level ticket_id field
- Had type comparison errors (string vs int)
CORRECTED FACTS:
- 29 out of 31 tickets DO have proper invoices (93.5% success)
- 2 tickets correctly have no invoices (marked Non-Billable)
- #32083 (DAnaise.com): Non-Billable status
- #32022 (Michael Johnson): Cancelled, Non-Billable
NO ACTION REQUIRED - Howard's billing workflow is working correctly.
Sincere apologies for the false alarm. Mike caught the error immediately.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Pattern analysis reveals:
- 31 tickets span March 3 - April 28 (not one-time event)
- Multiple update date clusters (batch processing pattern)
- All missing normal invoice workflow steps
- Tickets changed to 'Invoiced' status without:
* Time entries
* Invoice generation
* Workflow comments
NOT a Claude/API integration issue - Claude doesn't change ticket statuses.
Likely causes:
1. Manual bulk status updates to clear queue
2. Misconfigured Syncro automation/workflow
3. Periodic batch status changes
Urgent: Need to review Syncro automation rules and prevent future revenue loss
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Deep verification performed:
- Checked customer invoice records for all 31 tickets
- ZERO invoices found matching these tickets
- Cascades confirmed to have NO contract (11 tickets affected)
- Example: Kittle #32223 marked 'Invoiced' but no invoice exists
- This is genuine lost revenue, not contract-covered work
Estimated impact: 31 billable tickets with no revenue captured
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Major billing gap identified:
- 39 tickets closed/invoiced today
- 31 have ZERO time logged (00:00:00)
- Many marked 'Invoiced' but sent with no time
- Detailed list provided for review and correction
Sombra RMM enrollment: no billing needed per Mike
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Ticket #32225 exists but has no time logged
- Today's GuruRMM enrollment work is unbilled
- Needs either ticket update or new ticket creation
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Both servers were already patched (11.110.0.97 and 11.134.0.20) via
daily auto-update. IOC scan found 16 flagged sessions across both
plus 4 uncommented SSH keys on IX.
Critical remediation:
- Forensic evidence preserved before any deletion
- 4 uncommented SSH keys removed from IX (server-side backup retained)
- 16 flagged sessions purged across both servers
- Root passwords rotated via chpasswd
- New WHM API tokens created; 3 stale transfer-* tokens revoked
- Vault entries + 1Password Infrastructure items updated
Forensic deep-dive verdict: patch held. All 7 actual CVE exploit
attempts (botnet IPs hitting /json-api/version) returned HTTP 403.
The "multi-line pass" IOC hits on user sessions were false positives.
Unidentified 76.18.103.222 root session traced to routine SSL
maintenance (zero sensitive endpoints touched).
Skill hardening:
- Added MANDATORY service-token directive to .claude/commands/1password.md
enforcing OP_SERVICE_ACCOUNT_TOKEN from SOPS for all op CLI calls
- Per Mike: memory files alone don't reliably bind agent behavior;
baking governance into skill content loaded at moment of use.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
