feat(skills): dolibarr-sandbox-write — host-guarded write skill (V9) #21

Merged
arcodange merged 1 commits from claude/dolibarr-sandbox-write into main 2026-06-29 20:50:14 +02:00
Owner

Summary

The write-capable companion to the read-only dolibarr* skills, scoped to erp-sandbox. It lets an AI agent rehearse bookkeeping writes against a faithful copy of prod (ADR-0003) before a human promotes the reviewed change to prod.

The safety model

  • dol-write.sh host-guard — refuses to send any request unless DOLIBARR_SANDBOX_URL matches erp-sandbox.arcodange.lab. Pointed at prod it exits non-zero before the request (verified live). This is the structural reason the skill can't write prod.
  • Uses the ai_agent_sandbox key (sandbox-only, create+read scope) from a gitignored .env. Prod stays read-only via the separate dolibarr skill.
  • Promotion to prod is not in this skill — rehearse → snapshot-diff (dolibarr-data-snapshot) → human-approved replay under a separate prod-write credential.

Scripts (JSON on stdin)

script what
thirdparty-create.sh client/supplier fiches; codes auto-assign via the elephant mask (code:"-1")
invoice-create.sh customer/supplier invoices with product/service lines + ref_supplier, optional validate
payment-record.sh règlements (VIR/CB/CHQ/LIQ); customer = full + mark paid, supplier = explicit amount

Proven live against the sandbox

client → customer invoice (service 2×500 + product 1×100) validate → FAC004-CL0003001  HT 1100 / TTC 1320
       → payment (VIR) → paye=1, statut=2 (paid)
supplier → supplier invoice (ref_supplier=INV-2026-042) validate → FAF2026010  TTC 96
host-guard: refuses erp.arcodange.lab before sending ✓

Scope notes

  • Matches the requested scope: fiches client/fournisseur, factures with supplier refs + product/service lines, règlements.
  • Follow-ups: avoirs (credit notes), bin/arcodange CLI wiring, and granting ai_agent_sandbox banque lire so it can list bank accounts (today account_id is passed in).
  • The .env (key) is gitignored; test ZZZ-V9-* records left in the sandbox are cleared by the next ops/sandbox refresh.

🤖 Generated with Claude Code

## Summary The write-capable companion to the read-only `dolibarr*` skills, scoped to **`erp-sandbox`**. It lets an AI agent rehearse bookkeeping writes against a faithful copy of prod ([ADR-0003](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/vibe/ADR/0003-sandbox-state-lifecycle.md)) before a human promotes the reviewed change to prod. ### The safety model - **`dol-write.sh` host-guard** — refuses to send any request unless `DOLIBARR_SANDBOX_URL` matches `erp-sandbox.arcodange.lab`. Pointed at prod it exits non-zero *before* the request (verified live). This is the structural reason the skill can't write prod. - Uses the `ai_agent_sandbox` key (sandbox-only, create+read scope) from a gitignored `.env`. Prod stays read-only via the separate `dolibarr` skill. - Promotion to prod is **not** in this skill — rehearse → snapshot-diff (`dolibarr-data-snapshot`) → human-approved replay under a separate prod-write credential. ### Scripts (JSON on stdin) | script | what | |---|---| | `thirdparty-create.sh` | client/supplier fiches; codes auto-assign via the elephant mask (`code:"-1"`) | | `invoice-create.sh` | customer/supplier invoices with product/service lines + `ref_supplier`, optional validate | | `payment-record.sh` | règlements (VIR/CB/CHQ/LIQ); customer = full + mark paid, supplier = explicit amount | ### Proven live against the sandbox ``` client → customer invoice (service 2×500 + product 1×100) validate → FAC004-CL0003001 HT 1100 / TTC 1320 → payment (VIR) → paye=1, statut=2 (paid) supplier → supplier invoice (ref_supplier=INV-2026-042) validate → FAF2026010 TTC 96 host-guard: refuses erp.arcodange.lab before sending ✓ ``` ### Scope notes - Matches the requested scope: fiches client/fournisseur, factures with supplier refs + product/service lines, règlements. - **Follow-ups:** avoirs (credit notes), `bin/arcodange` CLI wiring, and granting `ai_agent_sandbox` `banque lire` so it can list bank accounts (today `account_id` is passed in). - The `.env` (key) is gitignored; test `ZZZ-V9-*` records left in the sandbox are cleared by the next `ops/sandbox` refresh. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
arcodange added 1 commit 2026-06-29 20:49:54 +02:00
The write-capable companion to the read-only dolibarr* skills, scoped to the
erp-sandbox. Lets an AI agent rehearse bookkeeping writes against a copy of prod
(ADR-0003) before a human promotes the reviewed change to prod.

- scripts/dol-write.sh: write wrapper that REFUSES any host that is not
  erp-sandbox.arcodange.lab (the structural prod-safety guarantee) using the
  ai_agent_sandbox key from a gitignored .env.
- scripts/thirdparty-create.sh: create client/supplier fiches; codes auto-assign
  via the elephant mask (code="-1").
- scripts/invoice-create.sh: customer (/invoices) or supplier (/supplierinvoices)
  invoices with product/service lines + ref_supplier, optional validate.
- scripts/payment-record.sh: record a règlement (VIR/CB/CHQ/LIQ); customer pays
  full + marks paid, supplier needs an amount.
- SKILL.md (safety model + workflows + the human-gated promote flow), .env.example,
  example input.

Proven end-to-end live against the sandbox: client -> invoice (service+product
lines, HT 1100 / TTC 1320) -> validate -> payment (paid); supplier -> supplier
invoice (ref_supplier carried) -> validate. Host guard verified to refuse a prod
URL before sending.

Avoirs (credit notes) and bin/arcodange CLI wiring are planned follow-ups.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
arcodange merged commit 52f4d02722 into main 2026-06-29 20:50:14 +02:00
arcodange deleted branch claude/dolibarr-sandbox-write 2026-06-29 20:50:14 +02:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange-org/erp#21