Triggered by John Trozzi reporting a spoof email. Single-user check
confirmed him clean (reported, not compromised). Tenant-wide sweep
found a sustained ~1 month campaign from 4 external IPs (UA/US/DE/AT
- deltahost + ColoCrossing) plus a compromised-M365-tenant relay
vector. Deleted 14 messages (Groups A+B) per Mike's explicit
authorization. Preserved legitimate HR thread (HRPYDBRUN xlsx) and
user outbound forwards as evidence.
Recommendations in report: DMARC p=quarantine/reject for
cascadestucson.com (biggest leverage), TABL IP blocks, zoom.nl
URL block, Defender impersonation protection.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Tier 0 (Ollama): summarize, classify, extract, draft, format — free/fast/private
- qwen3:14b for general tasks; codestral:22b for code suggestions
- Falls back to Haiku if Ollama unreachable or task needs agent tool use
- Bump rule extended: Ollama → Haiku on security/auth/migration/production
- Delegation pattern: direct Bash curl, not an agent spawn
- Per-task model guidance and review policy documented
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Establishes inter-session coordination for 29 projects/clients:
- Full lock/component format for active projects (dataforth-dos,
radio-show, cascades-tucson, valleywide, instrumental-music-center,
lens-auto-brokerage, msp-audit-scripts)
- Light format for complete/stalled/planning (msp-pricing, pavon,
wrightstown-*, gururmm-agent, community-forum, glaztech, etc.)
- Onboarding stubs for recently added clients
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Formalizes the read → lock → act → release cycle for any project
that has a PROJECT_STATE.md. Every Claude instance must:
- Re-read state before any action (not just at session start)
- Claim a lock row before touching any component
- Release lock + log result on completion or failure
- Clear stale locks (>2h) before proceeding
Applies to code edits, git ops, SSH/deploy, DB migrations, builds.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Restored the complete 504-line sync.md documentation from global
commands directory to the repo version. This ensures:
- Single source of truth for /sync documentation
- Documentation syncs across all machines
- PC and Mac have identical command reference
Previous simplified 39-line stub has been replaced with full
documentation including phases, examples, conflict resolution,
and troubleshooting.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Cloned gururmm repo as submodule at projects/msp-tools/guru-rmm
Now tracking commit f804983 (hooks + migration verification)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added fresh radio show prep HTML (April 18, 2026 broadcast)
- Created vanilla cake recipe HTML for web publishing
- Removed guru-rmm submodule (migration incomplete, needs gururmm repo)
Machine: Mikes-MacBook-Air.local
Timestamp: 2026-04-19 08:09:00
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Memory entry prompts Mac session to run scripts/install-hooks.sh
before any GuruRMM work. Syncs via Gitea on next pull.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Points to commit that adds .gitattributes, install-hooks.sh, verify-migrations.sh,
009_add_missing_indexes.sql, and resolves sqlx checksum drift.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Documents bash scripts/install-hooks.sh requirement after cloning gururmm.
Explains the sqlx migration checksum / CRLF root cause so the step makes
sense and doesn't get skipped.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removes the stale copy of gururmm source from claudetools tracking and
replaces it with a submodule pointing to the live gururmm Gitea repo.
Fixes context drift between session logs and actual codebase state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
