diff --git a/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-carf-technology-plan.md b/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-carf-technology-plan.md
new file mode 100644
index 00000000..91f2fe0d
--- /dev/null
+++ b/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-carf-technology-plan.md
@@ -0,0 +1,180 @@
+## User
+- **User:** Howard Enos (howard)
+- **Machine:** Howard-Home
+- **Role:** tech
+
+## Session Summary
+
+Produced a technology-plan deliverable for Cascades of Tucson in response to an email from
+Ashley Jensen requesting a meeting to review their technology plan. The request enumerated eight
+areas (hardware & software, communication technology, security for sensitive data, services
+purchased/contracted, assistive technology, disaster recovery & continuity, malware prevention/virus
+protection, use of AI). Initial work loaded full Cascades context from the wiki + PROJECT_STATE +
+the canonical REMAINING-WORK-PLAN, then compiled a first-pass internal technology-plan packet
+mapped to the eight areas with priorities, gaps, action steps, and timelines.
+
+Mid-session the user established a standing rule: any deliverable going to a client or vendor must
+be run through the `impeccable` skill before delivery. Saved this as feedback memory
+`feedback_impeccable_on_outbound` (+ MEMORY.md index + errorlog correction). The user then asked to
+rebuild the reply from updated wiki information, run it through `impeccable`, and produce a PDF.
+Re-read the 2026-06-24 wiki recompile which materially changed the picture: CS-SERVER RAID is
+HEALTHY not degraded (stale flag self-recovered; SSDs now a planned not emergency upgrade; PSU
+redundancy lost), cloud backup verified running (~576 GB baseline, file-level — image/system-state
+unconfirmed), 48.25 hrs / 6 open tickets, a new Helpany "Paul" resident radar fall-sensor system
+(no camera/mic — qualifies as assistive technology), and a revised voice fix (CSC ENT 5 GHz
+device-island plan replacing the impossible phone-side band lock). Built a polished client-facing
+PDF via the `impeccable` skill: loaded ACG's real design tokens from the website project (cream/ink/
+amber editorial brand, Barlow Condensed / Lexend / JetBrains Mono), authored a print-clean HTML
+document organized by the eight areas, and rendered it to PDF with headless Chrome. Audited the
+result visually via screenshots; tightened spacing (3 pages, clean breaks).
+
+The user then issued a major correction: the technology plan is for **CARF accreditation**
+(Commission on Accreditation of Rehabilitation Facilities, Aging Services). Verified the actual CARF
+Technology and System Plan standard via web research rather than memory — it is one of the five
+required Section 1 "CARF Plans," must address eight canonical areas (hardware, software, security,
+confidentiality, backup, assistive technology, disaster recovery, virus protection), must be an
+action document (per area: current tech + unmet/projected needs + timeline + vendor + estimated/
+actual cost + person responsible + target date + completion date), based on needs of persons served/
+personnel/stakeholders, aligned to the strategic plan, and reviewed/updated at least annually with
+dated leadership sign-off. Produced a CARF conformance gap analysis and saved project memory
+`project_cascades_carf_tech_plan`. The user chose to gather inputs before building the final plan
+and to brand it as Cascades' plan (ACG as preparer). Built a CARF intake worksheet pre-filled with
+known content and flagged input fields.
+
+Finally, per user direction, priced the open items via verified web lookups (M365 Business Premium,
+enterprise SSD, Windows Home→Pro, Azure Log Analytics retention, R610 PSU, PowerEdge T360, OptiPlex)
+and recorded a costed table in the worksheet. Surfaced the M365 nuance (31 Premium seats likely
+already owned/free → potentially $0 relicense). Explained the stale CA exclude-group bug on the
+"Require MFA for all users" policy in response to a direct question. The user is deploying AV
+themselves and deferred the backup restore test.
+
+## Key Decisions
+
+- **`impeccable` on all outbound deliverables** — standing rule saved as durable feedback memory;
+  internal drafts exempt. Rationale: client/vendor-facing artifacts must be polished/on-brand.
+- **Built the PDF from ACG's actual design tokens**, not a generic template — pulled cream/ink/amber
+  editorial brand + Barlow Condensed/Lexend/JetBrains Mono from `projects/acg-website-showcase` so the
+  document is genuinely on-brand and passes the impeccable slop test.
+- **Verified CARF requirements via web research** rather than memory — a certification deliverable;
+  a missed standard element can fail the survey. Flagged that exact standard citation + review cadence
+  must be confirmed against Cascades' specific Aging Services manual year (2025 vs 2026).
+- **Reframed ownership**: the plan is Cascades' (leadership-adopted), ACG is preparer/IT partner —
+  this is how CARF expects the facility to own its required plans.
+- **Gather inputs before building the final CARF plan** (user choice) — avoids a placeholder-laden
+  doc that reads as unfinished to a surveyor. Built an intake worksheet instead.
+- **Pricing verified, not estimated** (per `policy_pricing_verification`) — every cost backed by a
+  cited 2026-06-24 web source.
+- **M365 relicense likely $0** — records show 31 Business Premium seats already owned/free; reassign
+  the suspended-Standard users and drop Standard. $682/mo only applies if the Premium subscription is
+  not actually paid (flagged to verify).
+- **Deferred the restore test** (user) until after AV deployment + the basic open items.
+
+## Problems Encountered
+
+- **Headless Chrome PDF render returned exit 2 / appeared to no-op** — lingering Chrome processes held
+  the profile; a second render produced a byte-identical PDF (stale). Resolved by `taskkill //F //IM
+  chrome.exe //T`, deleting the target PDF, and re-rendering with a wait loop; confirmed fresh output
+  by byte-size change. The exit-2 on screenshot commands is a Chrome shutdown quirk — the output file
+  is still written; verify by `ls` not exit code.
+- **`--user-data-dir` cleanup failed ("Device or resource busy")** — Chrome still running when the
+  rm ran. Avoid unique-UDD + immediate rm; let the default render path complete instead.
+- **Stale wiki facts in the first-pass packet** — the 2026-06-23 packet had CS-SERVER "critical",
+  48.75 hrs / 0 tickets, no Helpany. Marked it `[SUPERSEDED]` pointing at the PDF + REMAINING-WORK-PLAN
+  rather than deleting, to preserve history without leaving contradictory facts.
+
+## Configuration Changes
+
+Created:
+- `clients/cascades-tucson/docs/proposals/2026-technology-plan-review.md` — first-pass internal packet
+  (later marked SUPERSEDED).
+- `clients/cascades-tucson/docs/proposals/cascades-technology-plan-2026-06-24.html` — client-facing
+  PDF source (ACG editorial brand, 8 areas).
+- `clients/cascades-tucson/docs/proposals/cascades-technology-plan-2026-06-24.pdf` — rendered PDF
+  (3 pages, Letter, ~294 KB).
+- `clients/cascades-tucson/docs/proposals/carf-technology-plan-intake.md` — CARF Technology & System
+  Plan input worksheet (governance header, needs basis, strategic alignment, 8 areas in CARF action
+  format, Part 5 evidence status, Part 6 verified cost estimates).
+- `.claude/memory/feedback_impeccable_on_outbound.md` — run `impeccable` on outbound deliverables.
+- `.claude/memory/project_cascades_carf_tech_plan.md` — the tech plan is a CARF deliverable.
+
+Modified:
+- `.claude/memory/MEMORY.md` — added index lines for the two new memories (impeccable-on-outbound,
+  cascades CARF tech plan).
+- `errorlog.md` — one `--correction` entry (process/client-deliverables: gate outbound through
+  impeccable).
+
+## Credentials & Secrets
+
+None discovered, created, or rotated this session. (The exposed Synology Cloud Signin Portal
+credential remains an open rotation item — vault `clients/cascades-tucson/synology-signin-portal`,
+historically committed plaintext at vault commit 1fbc0e1; not actioned this session.)
+
+## Infrastructure & Servers
+
+- **CS-SERVER** 192.168.2.254 (clients reach SMB at 192.168.2.248; .254 is the Hyper-V vEthernet NIC).
+  Dell PowerEdge R610, Service Tag 9MQFTK1. RAID HEALTHY per live OMSA (both mirrors Ok, 5 disks
+  Online, 1:0:4 = global hot spare). PSU redundancy LOST (one PSU not delivering). Cloud backup
+  (MSP360/CloudBerry) verified running 2026-06-24, ~576 GB baseline, file-level (image/system-state
+  unconfirmed).
+- **M365 tenant** cascadestucson.com, Tenant ID 207fa277-e9d8-4eb7-ada1-1064d2221498. 34 Business
+  Premium (SPB) seats enabled / 31 free; Business Standard SUSPENDED with 31 users still assigned.
+- **CA policy** "Require MFA for all users" (id `7e87a1c7...`) — excludeGroups incorrectly set to
+  `SG-Caregivers-Pilot` (`0674f0bc...`); should be live `SG-Caregivers` (`8b8d9222...`). Must fix
+  before caregiver go-live; harmless now (caregivers test-scoped).
+- **Helpany "Paul"** resident radar fall/motion sensors (Sedimentum backend), WPA2-only, 5 GHz-capable,
+  on SSID CSC ENT (key `Ftfd85710#`), rolling out floor-by-floor. No camera/mic.
+- Billing: 48.25 prepaid hrs (live Syncro 2026-06-24); 6 open tickets (#32194, #32230, #32254, #32319,
+  #32342, #32370). Syncro customer ID 20149445.
+
+## Commands & Outputs
+
+- ACG brand tokens: `projects/acg-website-showcase/css/styles.css` — paper #F7F3EB, ink #2A2521,
+  accent #F2922E / accent-ink #BD5A00, good #4F7A3F; fonts Barlow Condensed (display) / Lexend (body)
+  / JetBrains Mono (mono); since 2001; radius 0–2px.
+- PDF render (working invocation):
+  `taskkill //F //IM chrome.exe //T` then
+  `"/c/Program Files/Google/Chrome/Application/chrome.exe" --headless --disable-gpu --no-sandbox
+   --virtual-time-budget=8000 --print-to-pdf="OUT.pdf" "file:///ABS/IN.html"` — wait-loop on file
+  existence; verify by byte-size change, not exit code.
+- Page count check: `python -c "import re; d=open(r'OUT.pdf','rb').read();
+  print(re.findall(rb'/Count\s+(\d+)', d)[:1])"` → 3 pages.
+- impeccable context loader returned hasProduct:false / hasDesign:false — proceeded with brand
+  register + manually-pulled ACG tokens (did not run full `teach` for a one-off).
+
+## Pending / Incomplete Tasks
+
+CARF technology plan — awaiting inputs from Cascades/ACG before building the final PDF:
+- CARF program + manual year (Aging Services 2025 vs 2026) for exact standard citation.
+- Plan owner (Cascades), approver (ED name), adoption + annual-review dates.
+- Top 2–3 strategic goals (for the strategic-alignment paragraph).
+- Per-area responsible person + target/completion dates.
+- **Resident assistive-technology inventory** (biggest gap): nurse-call/pendant, assistive listening,
+  adaptive devices, resident/guest WiFi for telehealth — beyond Helpany.
+
+Basic open items proposed (awaiting user go-ahead; items 1–4 touch production):
+1. Fix CA exclude-group on MFA-all-users policy (SG-Caregivers-Pilot → SG-Caregivers).
+2. Rotate exposed Synology sign-in credential.
+3. Clean stale AD object DESKTOP-1ISF081.
+4. Re-enable 3 AM AP auto-upgrade.
+5. (Safe, doc-only) Package dated security risk assessment + draft written DR/BC plan w/ RTO/RPO.
+
+Other:
+- User (Mike) deploying managed AV across all devices, incl. CS-SERVER + remove legacy Datto agents.
+- Backup restore test deferred until after AV + basic items; confirm backup is image/system-state.
+- Verify whether the 34 M365 Business Premium seats are a paid subscription ($0 relicense vs $682/mo).
+- Offered to pull the live CA policy to confirm exclude list (incl. break-glass/GDAP) before changing.
+
+## Reference Information
+
+- Deliverables: `clients/cascades-tucson/docs/proposals/` (cascades-technology-plan-2026-06-24.pdf/.html,
+  carf-technology-plan-intake.md, 2026-technology-plan-review.md [SUPERSEDED]).
+- Canonical execution plan: `clients/cascades-tucson/docs/REMAINING-WORK-PLAN.md`.
+- Current truth: `wiki/clients/cascades-tucson.md` (compiled 2026-06-24).
+- Pricing sources (2026-06-24): M365 Business Premium $22/user/mo
+  (microsoft.com/microsoft-365/business/microsoft-365-plans-and-pricing); Samsung PM893 480 GB
+  ~$160–175 (marigoldsystems.com); Win 11 Home→Pro ~$99 (learn.microsoft.com); Azure Log Analytics
+  $2.30/GB ingest + ~$0.10/GB/mo retention + ~$0.02/GB/mo archive (learn.microsoft.com/azure/azure-
+  monitor/logs/cost-logs); R610 717W PSU refurb ~$99 (flagshiptech.com); Dell PowerEdge T360 from
+  ~$1,900 (dell.com); OptiPlex i5/16 GB business desktop (dell.com).
+- CARF: Technology and System Plan = one of five required Section 1 "CARF Plans"; Aging Services
+  Standards Manual (carf.org). 8 canonical areas + action-document fields + annual review.