arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add dolibarr api skills for read-only inspection #1

Merged
arcodange merged 1 commits from claude/dolibarr-skill into main 2026-05-28 18:47:30 +02:00
Conversation 0 Commits 1 Files Changed 18 +2811 -1
arcodange commented 2026-05-28 18:47:16 +02:00
Owner
Copy Link

Summary

First two of an expected family of dolibarr-* Claude Code skills under .claude/skills/:

  • dolibarr/ — platform reference skill. DOLAPIKEY auth, the silent voir_tous ACL trap, endpoint catalogue, dol-curl.sh wrapper, .env credentials layout (mode 600, gitignored). Every future workflow skill will depend on this one.
  • dolibarr-invoice-audit/ — V1 workflow. Three scripts: list-km-invoices.sh, audit-invoice.sh <id> (JSON facts + PDF mandatory-mention checklist), audit-km-thirdparty.sh.

Architecture decision: split now rather than grow a monolith. Future workflows follow dolibarr-<topic>/ and reuse the base skill's .env + dol-curl.sh.

.gitignore hardened with *.credentials, secrets/, *.key, and an explicit .claude/skills/**/.env pattern (defense-in-depth; the root .env rule already matches recursively).

Live findings surfaced by the audit

Captured in examples/ as the V1 baseline:

  • Invoice 12 (FAC002-CL0001002, 5 100 €, paid 2026-03-12) is missing 4 mandatory mentions on its PDF:
    • Capital social
    • L.441-10 — pénalités BCE+10 / 12,15 %
    • 40 € indemnité forfaitaire (Décret 2012-1115)
    • L.123-22 / R.123-237
    • Present: forme juridique (SARL), SIRET 99965745500013, TVA FR00999657455, R.C.S. Évry, NAF-APE 6201Z, TVA 259-1° CGI (autoliquidation correctly declared).
  • KissMetrics thirdparty (socid=1): address/email OK, but idprof1..6 all empty → EIN missing, plus no phone / no URL.
  • ai_agent permission setup: the voir_tous flags on Tiers and Factures had to be granted during this work (see dolibarr/README.md step 2). The exact 403 signature is preserved in dolibarr/examples/acl_403_thirdparty.json so we don't fall into the same trap again.

Out of scope here (V2 candidates)

  • dolibarr-payments-state — payment cross-reference, deferred-cycle tracking
  • dolibarr-tva-reconciliation — monthly TVA declaration preparation
  • dolibarr-recurring-templates — inspect the Kiss Metrics Invoice recurring template

Test plan

  • ./.claude/skills/dolibarr/scripts/dol-curl.sh /users/info | jq -r .loginai_agent
  • ./.claude/skills/dolibarr-invoice-audit/scripts/list-km-invoices.sh → 5-row KM invoice table
  • ./.claude/skills/dolibarr-invoice-audit/scripts/audit-invoice.sh 12 → exits 1 with 6 pass / 4 fail (current baseline)
  • ./.claude/skills/dolibarr-invoice-audit/scripts/audit-km-thirdparty.sh → exits 1 (EIN/phone/url missing)
  • git check-ignore .claude/skills/dolibarr/.env returns the path
## Summary First two of an expected family of `dolibarr-*` Claude Code skills under `.claude/skills/`: - **`dolibarr/`** — platform reference skill. DOLAPIKEY auth, the silent `voir_tous` ACL trap, endpoint catalogue, `dol-curl.sh` wrapper, `.env` credentials layout (mode 600, gitignored). Every future workflow skill will depend on this one. - **`dolibarr-invoice-audit/`** — V1 workflow. Three scripts: `list-km-invoices.sh`, `audit-invoice.sh <id>` (JSON facts + PDF mandatory-mention checklist), `audit-km-thirdparty.sh`. Architecture decision: split now rather than grow a monolith. Future workflows follow `dolibarr-<topic>/` and reuse the base skill's `.env` + `dol-curl.sh`. `.gitignore` hardened with `*.credentials`, `secrets/`, `*.key`, and an explicit `.claude/skills/**/.env` pattern (defense-in-depth; the root `.env` rule already matches recursively). ## Live findings surfaced by the audit Captured in `examples/` as the V1 baseline: - **Invoice 12 (FAC002-CL0001002, 5 100 €, paid 2026-03-12) is missing 4 mandatory mentions on its PDF:** - Capital social - L.441-10 — pénalités BCE+10 / 12,15 % - 40 € indemnité forfaitaire (Décret 2012-1115) - L.123-22 / R.123-237 - *Present:* forme juridique (SARL), SIRET `99965745500013`, TVA `FR00999657455`, R.C.S. Évry, NAF-APE 6201Z, **TVA 259-1° CGI** (autoliquidation correctly declared). - **KissMetrics thirdparty (socid=1):** address/email OK, but `idprof1..6` all empty → **EIN missing**, plus no phone / no URL. - **`ai_agent` permission setup:** the `voir_tous` flags on Tiers and Factures had to be granted during this work (see `dolibarr/README.md` step 2). The exact 403 signature is preserved in `dolibarr/examples/acl_403_thirdparty.json` so we don't fall into the same trap again. ## Out of scope here (V2 candidates) - `dolibarr-payments-state` — payment cross-reference, deferred-cycle tracking - `dolibarr-tva-reconciliation` — monthly TVA declaration preparation - `dolibarr-recurring-templates` — inspect the `Kiss Metrics Invoice` recurring template ## Test plan - [ ] `./.claude/skills/dolibarr/scripts/dol-curl.sh /users/info | jq -r .login` → `ai_agent` - [ ] `./.claude/skills/dolibarr-invoice-audit/scripts/list-km-invoices.sh` → 5-row KM invoice table - [ ] `./.claude/skills/dolibarr-invoice-audit/scripts/audit-invoice.sh 12` → exits 1 with 6 pass / 4 fail (current baseline) - [ ] `./.claude/skills/dolibarr-invoice-audit/scripts/audit-km-thirdparty.sh` → exits 1 (EIN/phone/url missing) - [ ] `git check-ignore .claude/skills/dolibarr/.env` returns the path
arcodange added 1 commit 2026-05-28 18:47:19 +02:00
add dolibarr api skills for read-only inspection bbfa50c3eb 
First two of an expected family of dolibarr-* skills:

- dolibarr/: platform reference — DOLAPIKEY auth, the voir_tous ACL
  trap, endpoint catalogue, the dol-curl.sh wrapper, .env credentials
  layout (gitignored, mode 600). Every future workflow skill depends
  on this one.
- dolibarr-invoice-audit/: first workflow — list KissMetrics invoices,
  audit one invoice end-to-end (JSON facts + PDF mandatory-mention
  checklist against the French legal corpus), audit the KissMetrics
  thirdparty record.

Live captures in examples/ include real audit findings to surface
to the Arcodange × KissMetrics cohort review: PDFs are missing
capital social, L.441-10 penalties, 40 € indemnity, L.123-22 / R.123-237;
KissMetrics thirdparty has no EIN (idprof1..6 all empty);
static/config/company.json holds placeholder values and a wrong
forme juridique (claims SAS, the real Dolibarr is SARL).

.gitignore hardened with *.credentials, secrets/, *.key, and an
explicit .claude/skills/**/.env pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
arcodange merged commit 00ddf41f5c into main 2026-05-28 18:47:30 +02:00
arcodange deleted branch claude/dolibarr-skill 2026-05-28 18:47:33 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
arcodange
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange-org/erp#1
Delete Branch "claude/dolibarr-skill"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?