add dolibarr api skills for read-only inspection

First two of an expected family of dolibarr-* skills: - dolibarr/: platform reference — DOLAPIKEY auth, the voir_tous ACL trap, endpoint catalogue, the dol-curl.sh wrapper, .env credentials layout (gitignored, mode 600). Every future workflow skill depends on this one. - dolibarr-invoice-audit/: first workflow — list KissMetrics invoices, audit one invoice end-to-end (JSON facts + PDF mandatory-mention checklist against the French legal corpus), audit the KissMetrics thirdparty record. Live captures in examples/ include real audit findings to surface to the Arcodange × KissMetrics cohort review: PDFs are missing capital social, L.441-10 penalties, 40 € indemnity, L.123-22 / R.123-237; KissMetrics thirdparty has no EIN (idprof1..6 all empty); static/config/company.json holds placeholder values and a wrong forme juridique (claims SAS, the real Dolibarr is SARL). .gitignore hardened with *.credentials, secrets/, *.key, and an explicit .claude/skills/**/.env pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-28 18:43:39 +02:00
parent e90ac2df80
commit bbfa50c3eb
18 changed files with 2811 additions and 1 deletions
--- a/.claude/skills/dolibarr/examples/acl_403_thirdparty.json
+++ b/.claude/skills/dolibarr/examples/acl_403_thirdparty.json
@@ -0,0 +1,25 @@
+{
+    "_captured_when": "2026-05-28, before the four voir_tous permission flags were ticked on ai_agent. Kept here as the reference signature of the ACL trap. Re-occurrence means the permissions regressed.",
+    "_curl": "curl -H 'DOLAPIKEY: <key>' https://erp.arcodange.lab/api/index.php/thirdparties/1",
+    "_http_status": 403,
+    "error": {
+        "code": 403,
+        "message": "Forbidden: Access not allowed for login ai_agent on this thirdparty"
+    },
+    "debug": {
+        "source": "api_thirdparties.class.php:2403 at call stage",
+        "stages": {
+            "success": [
+                "get",
+                "route",
+                "negotiate",
+                "authenticate",
+                "validate"
+            ],
+            "failure": [
+                "call",
+                "message"
+            ]
+        }
+    }
+}