From 32e71a130041562caa3f8556f188a9a8006534a2 Mon Sep 17 00:00:00 2001
From: Mike Swanson <mike@azcomputerguru.com>
Date: Sat, 6 Jun 2026 15:37:00 -0700
Subject: [PATCH] docs(wiki): fill Robert Wolkin stub from GuruRMM scan + scope
 Tailscale

GuruRMM client Wolkin, Robert / site Main has 3 online Win11 Home agents
(DESKTOP-V1JT1SE, RSW-Laptop, front; agent v0.6.57, IDs recorded).
Tailscale scope is RSW-Laptop -> front only; DESKTOP-V1JT1SE is Bob's
personal machine, intentionally out of scope.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 wiki/clients/robert-wolkin.md | 37 ++++++++++++++++++++++++++---------
 wiki/index.md                 |  2 +-
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/wiki/clients/robert-wolkin.md b/wiki/clients/robert-wolkin.md
index fe81ede..d4e968d 100644
--- a/wiki/clients/robert-wolkin.md
+++ b/wiki/clients/robert-wolkin.md
@@ -21,16 +21,21 @@ backlinks:
 - **Company type:** [unverified]
 - **Contract type:** [unverified]
 - **Key contacts:** Robert Wolkin — [contact details unverified]
-- **Environment:** Very small office — **two Windows machines**. Users are non-technical
-  (enroll/manage everything for them; no self-service login expected).
+- **Environment:** Very small office, non-technical users (enroll/manage everything for
+  them; no self-service login expected). GuruRMM shows 3 Windows 11 Home agents, but only
+  **two are in the Tailscale scope: RSW-Laptop and front**. `DESKTOP-V1JT1SE` is Bob's
+  personal machine and is intentionally **not** part of the Tailscale setup.
 - **Syncro customer ID:** [unverified]
+- **GuruRMM client name:** `Wolkin, Robert` (Last, First) — note the form differs from
+  this article's display name.
 
 ## Infrastructure
 
 ### Tailscale (active rollout)
 
 Per [[patterns/tailscale-client-management]] — **dedicated client-owned tailnet, ACG holds
-Admin**. Minimum goal: the two machines reach each other.
+Admin**. **Goal: RSW-Laptop reaches `front` (the front-desk PC).** Only those two nodes are
+enrolled; Bob's personal `DESKTOP-V1JT1SE` is out of scope.
 
 | Field | Value |
 |---|---|
@@ -42,10 +47,11 @@ Admin**. Minimum goal: the two machines reach each other.
 | Auth key (reusable, pre-approved, tagged) | store in vault: `clients/robert-wolkin/tailscale-authkey.sops.yaml` |
 | Key rotation due | [to fill — ~90 days from issue] |
 
-| Machine | Hostname | Tailscale 100.x | Notes |
+| Scope | Hostname | Tailscale 100.x | Notes |
 |---|---|---|---|
-| 1 | [to fill] | [to fill] | [to fill] |
-| 2 | [to fill] | [to fill] | [to fill] |
+| **In scope** | RSW-Laptop | [after enroll] | Robert's laptop — connects out to `front` |
+| **In scope** | front | [after enroll] | Front-desk PC — the target the laptop reaches |
+| Out of scope | DESKTOP-V1JT1SE | — | Bob's personal machine; NOT enrolled in Tailscale |
 
 Enrollment: push [`patterns/tailscale-client-enroll.ps1`](../patterns/tailscale-client-enroll.ps1)
 from GuruRMM with the auth key as a masked parameter.
@@ -56,7 +62,18 @@ Not yet documented. [unverified]
 
 ## GuruRMM
 
-- **Client / site:** [unverified — create if/when agents are enrolled]
+- **Client name:** `Wolkin, Robert`
+- **Site name:** `Main`
+- **Site ID:** `2bb05f85-9fc8-4a7e-a5e5-ffe0c46431ac`
+- **Enrolled agents (3, all online as of 2026-06-06, Windows 11 Home 25H2 build 26200, agent v0.6.57):**
+
+| Hostname | Agent ID | Notes |
+|---|---|---|
+| DESKTOP-V1JT1SE | `30f6af79-ab19-4ed3-9ebc-71b2bffc2d27` | **Bob's personal machine — NOT in Tailscale scope** |
+| RSW-Laptop | `043fd673-35a2-4d3d-8f91-ed73ce70cc1e` | Robert's laptop — Tailscale node |
+| front | `877d311a-4b24-462c-97b1-d2a0f7730a71` | Front-desk PC — Tailscale node (laptop connects here) |
+
+- **Enrollment key:** [unverified — not located in vault during this pass; check `clients/robert-wolkin/` or regenerate]
 
 ## Access
 
@@ -67,14 +84,16 @@ Not yet documented. [unverified]
 
 - **Tailscale rollout (2026-06-06):** Stand up Robert's tailnet, assign ACG as Admin, set
   the `tag:wolkin` ACL + MagicDNS, generate a reusable/pre-approved tagged auth key, and
-  enroll both machines via the GuruRMM script. Goal: the two machines see each other.
-  Runbook in [[patterns/tailscale-client-management]].
+  enroll **RSW-Laptop + front** via the GuruRMM script (agent IDs above). Goal: RSW-Laptop
+  reaches `front`. Do NOT enroll DESKTOP-V1JT1SE (Bob's personal machine). Runbook in
+  [[patterns/tailscale-client-management]].
 
 ## History Highlights
 
 | Date | Event |
 |---|---|
 | 2026-06-06 | Tailscale client management pattern + enroll script authored; this client stub created to track the rollout. |
+| 2026-06-06 | GuruRMM scan: client `Wolkin, Robert` / site `Main` has 3 online Windows 11 Home agents (DESKTOP-V1JT1SE, RSW-Laptop, front), agent v0.6.57. Discrepancy flagged: expected 2 machines, found 3. |
 
 ## Backlinks
 
diff --git a/wiki/index.md b/wiki/index.md
index 72ba901..e8bd449 100644
--- a/wiki/index.md
+++ b/wiki/index.md
@@ -37,7 +37,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 | [Furrier / Desert Rat](clients/furrier.md) | Mike Furrier owner; desertrat.com on websvr/cPanel; DMARC p=reject + Mailprotector SBR fix applied 2026-04-21; tim@ is a forwarder (not a mailbox); Syncro ID 391491 | 2026-05-24 |
 | [Horseshoe Management](clients/horseshoe-management.md) | Property management; prepaid block 31.75 hrs remaining at $175/hr; APC Smart-UPS P.17 bypass relay fault cleared; repeat UPS failures suggest electrical issue; plaintext creds in Syncro notes — needs vault migration | 2026-05-24 |
 | [Kittle Design & Construction](clients/kittle-design.md) | Design & construction; M365 kittlearizona.com; breach confirmed (Alexis hidden inbox rule + duplicate Authenticator); broad OAuth consent revoked; Ken inbox rule unresolved; no Entra P1/P2 | 2026-05-24 |
-| [Robert Wolkin](clients/robert-wolkin.md) | STUB — very small office, 2 Windows machines, non-technical users; Tailscale rollout in progress (dedicated client tailnet, ACG holds Admin, `tag:wolkin`, goal = the two machines see each other); profile/Syncro unverified | 2026-06-06 |
+| [Robert Wolkin](clients/robert-wolkin.md) | STUB — small office, non-technical; GuruRMM client `Wolkin, Robert`/Main, 3 Win11 agents. Tailscale rollout (dedicated tailnet, ACG Admin, `tag:wolkin`): connect RSW-Laptop -> front; DESKTOP-V1JT1SE is Bob's personal machine, out of scope. Profile/Syncro unverified | 2026-06-06 |
 | [The Law Offices of Chris Scileppi](clients/scileppi-law.md) | Law firm; Syncro ID 9601863; Sylvia Mac mini (M2 8 GB) mail memory exhaustion; Mail disabled; on webmail; replacement Mac mini (M4 16/24 GB) pending order; GuruRMM enrollment blocked | 2026-05-24 |
 | [Western Tire](clients/western-tire.md) | Tire retail (jackfurriers.com brand); Mike Furrier owner (Syncro ID 391491); email migrated from websvr to IX 2026-04-22; 30 mailboxes; SSL cert expires 2026-05-30 | 2026-05-24 |
 | [Kittle (general contractor)](clients/kittle.md) | General contractor Tucson AZ; Syncro 32460233; HPE MicroServer Gen11 WS2025 EVAL at 10.0.0.5; no backups, no firewall; DKIM/DMARC missing; 3 plaintext creds in Syncro notes; GuruRMM onboarding 2026-05-08 | 2026-05-24 |