# ERP

## CLI — `bin/arcodange`

Read-only operational CLI for the Arcodange Dolibarr at `erp.arcodange.lab`. One entry point, subcommands per domain:

```sh
bin/arcodange ping                          # Dolibarr version + liveness
bin/arcodange whoami                        # confirm auth as ai_agent
bin/arcodange invoice list                  # KissMetrics invoices with payment state
bin/arcodange invoice audit 12              # JSON facts + PDF mandatory-mention audit
bin/arcodange payments state                # per-invoice TTC vs payments reconciliation
bin/arcodange payments timeline --year 2026 # cash receipts with cumulative balance
bin/arcodange tva summary                   # CA3-ready collectée − déductible per month
bin/arcodange thirdparty audit-all          # completeness audit, country-aware
bin/arcodange templates inspect 1           # recurring template health (frequency, next fire, …)
bin/arcodange snapshot --out /tmp/erp.json  # full state dump with content_hash
bin/arcodange help                          # full command tree
```

**Read-only by design.** The underlying API key (`ai_agent`) has no write permissions; corrections go through the Dolibarr UI.

**Credentials.** Reads `.claude/skills/dolibarr/.env` (mode 600, gitignored). Setup instructions: [.claude/skills/dolibarr/README.md](.claude/skills/dolibarr/README.md).

**Source of behaviour.** Each subcommand delegates to a script under `.claude/skills/<skill>/scripts/`. The skills' `SKILL.md` files document the business logic and are also discoverable by Claude Code via skill triggers.

## Dolibarr

### Premiers démarrages

Si l'application log au démarrage l'erreur suivante:
```sh
Importing custom SQL from update_table_ownership.sql ...
sed: couldn't open temporary file /var/www/scripts/before-starting.d/sedwHcRlQ: Read-only file system
```
Il faudra prendre la main du shell du pod et executer:
```sh
kubectl exec -n erp `kubectl get pod -n erp -l app.kubernetes.io/name=erp -o=name` -c erp -- sh -c 'PGPASSWORD=${DOLI_DB_PASSWORD} psql -U ${DOLI_DB_USER} -h ${DOLI_DB_HOST} -p ${DOLI_DB_HOST_PORT} ${DOLI_DB_NAME} \
-f /var/www/scripts/before-starting.d/update_table_ownership.sql'
```

Sous peine de ne plus avoir les droits de consulter la base de données une fois les crédentials mis à jour par vault. Dans ce cas executer la commande mais avec les credentials d'admin postgres.