azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
26dbe2327fae8bcbca4830001c5e1eea2f6ab751
claudetools/session-logs/2026-03-31-session.md
Mike Swanson a47a97219c Session log: M365 remediation (MVAN, grabblaw, cascades), data recovery discussion 
- MVAN: investigated credential stuffing on Mitch VanDeveer, enforced MFA CA policy
- Grabblaw: consent flow failed, needs alternative approach
- Cascades Tucson: onboarded to remediation tool successfully
- Memory: "365 remediation tool" = Graph API app fabb3421
- Data recovery: Hitachi Deskstar firmware/service area diagnosis

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 10:23:35 -07:00

12 KiB
Raw Blame History

Session Log: 2026-03-31 - TickTick Integration & Dev Project Tracking

Session Summary

Built a complete TickTick integration for ClaudeTools, including OAuth authentication, MCP server with 9 tools, FastAPI service+router, and a dev project tracking system that syncs between the ClaudeTools database and TickTick.

Key Decisions

  • Hybrid approach (Option 3): TickTick for mobile/cross-device visibility of active dev projects, ClaudeTools DB for granular tracking (sessions, notes, timestamps)
  • MCP server + API service: Both access paths -- MCP tools for Claude Code direct use, REST API for external access
  • SOPS vault for credentials: Consistent with project standards, no env vars
  • JWT auth on all router endpoints: Matches existing security pattern

Problems Encountered & Resolutions

  1. "Guru" not appearing in API results: It's a TickTick folder, not a list. The API only returns lists. "Tasks" and "Call Back List" are the actual lists inside the Guru folder.
  2. Bash not found from PowerShell: The auth script uses subprocess.run(["bash", ...]) for vault access. Must run from bash/Claude Code terminal, not PowerShell directly.
  3. DB server unreachable: 172.16.3.30 not reachable from ACG-5070 without Tailscale. Installed Tailscale via winget, connected, then ran migration.
  4. mcp package not installed: Installed mcp and httpx via pip for Python 3.14.
  5. Code review found 4 issues: All fixed before proceeding -- gitignore, token permissions, JWT auth, SOPS vault credentials.

Credentials

TickTick API (OAuth 2.0)

  • Developer Portal: https://developer.ticktick.com/
  • App Name: ClaudeTools
  • Client ID: 1J86gMsTJ0JH63gtf0
  • Client Secret: pI4U78vtLQrZwcW5MmdNFdxA0eeoy7GJ
  • OAuth Redirect URL: http://localhost:9876/callback
  • Scopes: tasks:read tasks:write
  • SOPS Vault: services/ticktick.sops.yaml (client_id, client_secret, oauth_redirect_url)
  • Token File: mcp-servers/ticktick/.tokens.json (gitignored, auto-refreshes)

TickTick API Endpoints

Database

  • Host: 172.16.3.30:3306
  • DB: claudetools
  • User: claudetools
  • Password: CT_e8fcd5a3952030a79ed6debae6c954ed

Infrastructure & Servers

Tailscale

  • Installed on ACG-5070 via winget install Tailscale.Tailscale (v1.96.3)
  • Required to reach 172.16.3.30 from home network
  • Tailscale must be connected before DB/API access works

TickTick IDs

  • Dev Projects list ID: 69cbd7138f0826bd72746074
  • TickTick Integration task ID: 69cbe8ca8f0898cc050064e5
  • DB dev_projects row UUID: 65783890-2d12-11f1-ae01-52540020ee14

User's TickTick Projects (16 total)

  • Call Back List, COSTCO, Private, Capacitance, Website Department, Household Tasks & Projects, PacketDial, Tasks, Grocery, Kitchen Decon, Camper Packing, MOVE 2024, Photography Challenge, Business Planning, Libations shopping, Da Move
  • "Guru" is a folder containing "Tasks" (21 items) and "Call Back List"
  • "HomeStuff" is another folder (15 items)

Files Created

MCP Server

  • mcp-servers/ticktick/ticktick_auth.py - One-time OAuth browser auth flow (localhost:9876 callback, CSRF protection, vault credential retrieval)
  • mcp-servers/ticktick/ticktick_mcp.py - MCP server with 9 tools: ticktick_list_projects, ticktick_get_project, ticktick_create_project, ticktick_update_project, ticktick_delete_project, ticktick_create_task, ticktick_update_task, ticktick_complete_task, ticktick_delete_task

API Integration

  • api/services/ticktick_service.py - Async service class with SOPS vault credentials, auto token refresh on 401, httpx client
  • api/routers/ticktick.py - REST endpoints at /api/ticktick/, JWT-protected, 9 endpoints matching MCP tools

Database

  • migrations/add_dev_projects_table.sql - Migration SQL for dev_projects table (14 columns, status index)

Configuration

  • .mcp.json - MCP server registration (ticktick server using python)
  • vault/services/ticktick.sops.yaml - SOPS-encrypted TickTick credentials

Files Modified

  • api/main.py - Added ticktick router import and registration at /api/ticktick/
  • .gitignore - Added **/.tokens.json to prevent token leakage
  • .claude/memory/MEMORY.md - Added TickTick integration reference
  • .claude/memory/reference_ticktick_integration.md - New memory file with full integration details

Database Changes

  • New table: dev_projects (14 columns) with index on status
  • First row inserted: "TickTick Integration" project, status=active, linked to TickTick task

Packages Installed

  • mcp (v1.26.0) - MCP protocol library for Python
  • httpx (v0.28.1) - Async HTTP client
  • pydantic (v2.12.5) - Data validation (mcp dependency)
  • Tailscale (v1.96.3) - VPN/mesh networking via winget
  • Plus ~25 transitive dependencies

Pending/Incomplete Tasks

  1. Dev projects API service + router - Need api/services/dev_project_service.py and api/routers/dev_projects.py for CRUD on dev_projects table
  2. Bidirectional sync logic - Auto-update TickTick when DB status changes and vice versa
  3. MCP server testing - Need to restart Claude Code session to load the TickTick MCP server and test tools
  4. TickTick folder placement - API can't place "Dev Projects" list inside the "Guru" folder (no folder API). It appears at top level.
  5. Existing project backfill - Could add existing dev projects (like the TickTick integration itself) to track history

Reference

TickTick API Gotchas

  • No webhooks (must poll for changes)
  • No search endpoint (filter client-side)
  • No folder management API
  • Priority values non-sequential: 0=none, 1=low, 3=medium, 5=high
  • Task update may need POST or PUT (code tries POST first, falls back to PUT)
  • Deletions are permanent via API
  • Date format: ISO 8601 with timezone offset

Re-authentication

If tokens expire completely: python mcp-servers/ticktick/ticktick_auth.py (run from bash, not PowerShell)

MCP Tools Available (after session restart)

All prefixed with ticktick_: list_projects, get_project, create_project, update_project, delete_project, create_task, update_task, complete_task, delete_task

Update: 10:10 AM - M365 Remediation & Data Recovery Discussion

Session Summary

Mixed session covering data recovery discussion, M365 tenant investigations via Graph API (remediation tool), and cross-tenant consent troubleshooting.

Key Decisions & Learnings

  • "365 remediation tool" = Graph API app fabb3421-8b34-484b-bc17-e46de9703418 (NOT CIPP). Memory saved for future sessions.
  • CIPP API (420cb849) returning 403 on all endpoints -- API client permissions need updating
  • Admin consent URL with tenant-specific path works for some tenants but failed for grabblaw.com (redirected to "wrongplace")

Work Performed

1. Data Recovery Discussion (Hitachi Deskstar HDS721010KLA330)

  • User has a failed 1TB Hitachi Deskstar 7K1000 (June 2008, P/N 0A37239, MLC BA2720, S/N PAK590UF)
  • Symptoms: spins up, 5-7 read attempts, heads park, platter keeps spinning
  • Diagnosis: firmware/service area corruption (not head crash, not platter damage)
  • Discussed Pi-based DIY recovery via serial diagnostic port (4-pin header, 38400 baud 8N1, T> prompt)
  • Discussed PC-3000 internals and HDDSuperTool/OpenSuperClone open source alternatives
  • Data likely intact on platters -- drive can't boot its own firmware

2. MVAN Enterprises (mvaninc.com) - M365 Investigation

  • Tenant ID: 5affaf1e-de89-416b-a655-1b2cf615d5b1
  • Domains: mvaninc.com, modernstile.com, m.mvaninc.com
  • 14 users, all enabled
  • Secure Score: 15.43 / 64.0 (24%)
  • [WARNING] Mitch VanDeveer under active credential stuffing attack -- 48/50 sign-ins are failures from malicious IPs (Luxembourg, Frankfurt, LA, Tokyo, Lima, Camden). Running since at least March 3. Account locking and IP blocking working correctly.
  • sysadmin@mvaninc.com -- clean, 8 sign-ins all from expected locations (Phoenix, Oklahoma City)
  • MFA CA policy switched from report-only to ENFORCED (policy ID: a5d04d44-c6d8-4b40-a37a-0ef16eaa3678)
  • MFA Registration: Both Mitch and sysadmin have MFA registered (Authenticator push, phone, TOTP)

3. Grabb & Durando (grabblaw.com) - Consent Failed

  • Tenant ID: 032b383e-96e4-491b-880d-3fd3295672c3
  • Admin consent URL redirected to "wrongplace" after login
  • ROPC flow also failed (consent_required)
  • Entra admin center approach hit browser extension isolation issues
  • Status: BLOCKED -- needs manual consent or alternative approach

4. Cascades Tucson (cascadestucson.com) - Onboarded Successfully

  • Tenant ID: 207fa277-e9d8-4eb7-ada1-1064d2221498
  • Domain note: User said "castadestucson.com" but actual domain is "cascadestucson.com"
  • Admin consent URL worked for this tenant
  • 50 users (5 disabled), 33/34 M365 Business Premium licenses used
  • Secure Score: 93.78 / 273.0 (34%)
  • CA Policies: 8 policies, ALL enabled -- well configured (MFA all users, legacy auth blocked, risky sign-in detection)
  • [WARNING] Megan Hiatt -- blocked sign-ins from Hamburg, Germany (158.94.211.16) flagged as malicious IP
  • Awaiting details from Howard on what needs to be done in this tenant

Credentials

Claude-MSP-Access (Graph API) - Remediation Tool

  • App ID: fabb3421-8b34-484b-bc17-e46de9703418
  • App Name: ComputerGuru - AI Remediation
  • Client Secret: QJ8QNyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO
  • SOPS Vault: msp-tools/claude-msp-access-graph-api.sops.yaml
  • Consent URL pattern: https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient

CIPP

  • URL: https://cippcanvb.azurewebsites.net
  • Tenant ID: ce61461e-81a0-4c84-bb4a-7b354a9a356d
  • Client ID: 420cb849-542d-4374-9cb2-3d8ae0e1835b
  • Client Secret: MOn8QotmxJPLvmL_aCVTV8Va4t4~SrYrukGbJT
  • Status: Auth works but API returns 403 on all endpoints (permissions issue)

MVAN M365

Grabblaw M365

  • Admin: sysadmin@grabblaw.com / r3tr0gradE99!
  • Tenant ID: 032b383e-96e4-491b-880d-3fd3295672c3
  • Status: Consent not granted, remediation tool not functional for this tenant

Cascades Tucson M365

  • Admin: sysadmin@cascadestucson.com (password not provided this session)
  • Tenant ID: 207fa277-e9d8-4eb7-ada1-1064d2221498
  • Status: Consented and operational

Pending/Incomplete Tasks

  1. Grabblaw.com consent -- admin consent flow broken, need alternative approach (possibly PowerShell New-AzADServicePrincipal or manual Enterprise App registration in Entra)
  2. Grabblaw full access -- Reyna account needs full access to Jsosa mailbox (blocked by consent issue)
  3. Cascades Tucson -- awaiting details from Howard on what needs to be done
  4. CIPP API permissions -- 403 on all endpoints, needs API role/permission update
  5. MVAN recommendations:
    • Reset Mitch VanDeveer's password (credential stuffing ongoing)
    • Enable SSPR for sysadmin and mitch accounts
    • Clean up unused licenses (2x O365 Business Premium, 1x Cloud PC)
    • Address low secure score (24%)

Memory Updates This Session

  • New: feedback_365_remediation_tool.md -- "365 remediation tool" always means Graph API app fabb3421, not CIPP
Reference in New Issue View Git Blame Copy Permalink