azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
260be8c2ad70c6b6a849bad06ce2a5a84b753f29
claudetools/projects/msp-tools/security-assessment/app/config.sample.php
Mike Swanson 260be8c2ad security.azcomputerguru.com: scaffold the client security-assessment intake app 
New MSP tool — single-assessor consult intake. Stack: PHP + MySQL on the IX cPanel
host, gated by Cloudflare Access (only mike@azcomputerguru.com; app re-checks the
Cf-Access-Authenticated-User-Email header).

- app/questions.json — risk-ordered question framework (9 sections); each field tagged
  source=syncro/rmm/scan/ask so the consult asks only what a human knows and the
  post-meeting scan fills the technical reality.
- app/index.php — wizard UI: Syncro phone lookup -> prefill, section rail with live
  progress, importance-colored question cards, in-meeting 365/Google consent links,
  review + export.
- app/api.php — Syncro lookup-by-phone, save/load/list, consent-URL generation (reuses
  the read-only Security Investigator app bfbc12a4-...), HTML export.
- app/schema.sql, config.sample.php, DEPLOY.md, README.md.

Consent links let the client approve read-only 365/Google access during the consult so
the audit scan runs afterward. Read-only by design (reads Syncro, generates consent; no
tenant writes).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 14:20:05 -07:00

16 lines
1.2 KiB
PHP
Raw Blame History

<?php
// Copy to config.php on the server (config.php is gitignored). Secrets live in the SOPS vault.
define('ALLOWED_EMAIL', 'mike@azcomputerguru.com'); // defense-in-depth; Cloudflare Access is the primary gate
define('DB_HOST', 'localhost');
define('DB_NAME', 'acgsec_assess');
define('DB_USER', 'acgsec_app');
define('DB_PASS', 'CHANGE_ME'); // vault: msp-tools/security-assessment-db
define('SYNCRO_BASE', 'https://computerguru.syncromsp.com/api/v1');
define('SYNCRO_KEY', 'CHANGE_ME'); // vault: msp-tools/syncro-mike (Mike's per-user key)
// Read-only "ComputerGuru Security Investigator" multi-tenant app (from the remediation tool):
define('M365_INVESTIGATOR_APP_ID', 'bfbc12a4-f0dd-4e12-b06d-997e7271e10c');
define('CONSENT_REDIRECT', 'https://security.azcomputerguru.com/consent-callback.php');
define('GOOGLE_CLIENT_ID', ''); // set once a Workspace read-only OAuth client exists
define('GOOGLE_SCOPES', 'https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.reports.audit.readonly');
define('GOOGLE_REDIRECT', 'https://security.azcomputerguru.com/google-callback.php');
Reference in New Issue View Git Blame Copy Permalink