chore: add PROJECT_STATE.md to all active projects and clients

Establishes inter-session coordination for 29 projects/clients: - Full lock/component format for active projects (dataforth-dos, radio-show, cascades-tucson, valleywide, instrumental-music-center, lens-auto-brokerage, msp-audit-scripts) - Light format for complete/stalled/planning (msp-pricing, pavon, wrightstown-*, gururmm-agent, community-forum, glaztech, etc.) - Onboarding stubs for recently added clients Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 18:53:34 -07:00
parent b28152a358
commit 492fbbf4c9
29 changed files with 1159 additions and 0 deletions
--- a/clients/ace-portables/PROJECT_STATE.md
+++ b/clients/ace-portables/PROJECT_STATE.md
@@ -0,0 +1,17 @@
 # Ace Portables — Project State
 > Last updated: 2026-04-20
 **Status:** MAINTENANCE
 **Last Activity:** Unknown (reports directory only)
 Minimal client presence — directory contains only a `reports/` subdirectory. No session logs, no infrastructure details, no active projects.
 ## What Was Done
 - Reports directory created
 ## If Resuming
 - Check `clients/ace-portables/reports/` for any generated reports
 - No infrastructure or contact details recorded — gather before starting any work
--- a/clients/anaise/PROJECT_STATE.md
+++ b/clients/anaise/PROJECT_STATE.md
@@ -0,0 +1,52 @@
 # Anaise — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ONBOARDING
 **Last Activity:** 2026-04-16
 New client. Standard directory template applied 2026-04-16. Onboarding not yet complete. Directory contains only a `docs/` subfolder — minimal information captured.
 ---
 ## Infrastructure / Access
 No infrastructure details recorded yet. Check `clients/anaise/docs/` for any notes captured during initial onboarding.
 ---
 ## Pending / Next Up
 - [ ] Complete onboarding — capture infrastructure details, contacts, credentials to vault
 - [ ] Populate `docs/` with client overview, network diagram, server inventory
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-16 | Howard | Standard client directory structure applied | IN PROGRESS |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/at-trebesch/PROJECT_STATE.md
+++ b/clients/at-trebesch/PROJECT_STATE.md
@@ -0,0 +1,56 @@
 # AT Trebesch — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ONBOARDING
 **Last Activity:** 2026-04-17
 New client. Standard directory structure applied 2026-04-17. Onboarding is in progress — initial files (overview.md, workstations.md) exist but onboarding tasks are not yet confirmed complete.
 ---
 ## Infrastructure / Access
 See `clients/at-trebesch/overview.md` for client overview.
 See `clients/at-trebesch/workstations.md` for workstation inventory.
 Other directories: `cloud/`, `issues/`, `network/`, `reports/`, `rmm/`, `security/`, `servers/`.
 ---
 ## Pending / Next Up
 - [ ] Complete onboarding — review `overview.md` and `workstations.md` for any gaps
 - [ ] Confirm infrastructure details (servers, network, credentials in vault)
 - [ ] Enroll in GuruRMM if applicable
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-17 | Howard | Standard client directory structure created; overview.md and workstations.md populated | IN PROGRESS |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/bg-builders/PROJECT_STATE.md
+++ b/clients/bg-builders/PROJECT_STATE.md
@@ -0,0 +1,20 @@
 # BG Builders — Project State
 > Last updated: 2026-04-20
 **Status:** MAINTENANCE
 **Last Activity:** 2026-03-09
 Microsoft 365 client. Most recent work (2026-03-09): employee offboarding for Lesley Roth — account disabled, sessions revoked, password reset, account-only wipe sent to two iPhones, mailbox access granted to Shelly and Barry, litigation hold confirmed. Scripts for the entire offboarding process are in `clients/bg-builders/scripts/`.
 ## What Was Done
 - Lesley Roth M365 offboarding: account disabled, wipe sent, mailbox handed off (2026-03-09)
 - Full suite of M365 management scripts in `scripts/` (assign roles, check ownership, terminate, reenable, mail reports)
 - Summary email drafted (`lesley-disable-summary.md`)
 ## If Resuming
 - Check `clients/bg-builders/session-logs/2026-03-09-session.md` for the full offboarding context
 - Scripts in `scripts/` cover account termination, Exchange Online role assignment, wipe verification, and re-enablement if needed
 - Contact: Shelly (primary) and Barry — no contact details recorded here
--- a/clients/cascades-tucson/PROJECT_STATE.md
+++ b/clients/cascades-tucson/PROJECT_STATE.md
@@ -0,0 +1,75 @@
 # Cascades of Tucson — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE
 **Last Activity:** 2026-04-17 (Howard)
 Senior living community. Active project: HIPAA-compliant folder redirection GPO rollout across all departments. Folder redirection pattern validated on one user (Sharon Edwards, Life Enrichment) — Documents and Downloads redirecting to `\\CS-SERVER\homes\<username>\`. Next: second LE machine end-to-end, then Desktop and other folders, then matching GPOs for other departments.
 ---
 ## Infrastructure / Access
 | Resource | Address | Vault path |
 |----------|---------|------------|
 | pfSense firewall | 192.168.0.1 | `clients/cascades-tucson/pfsense-firewall.sops.yaml` |
 | Synology NAS (cascadesds) | 192.168.0.120:5000 (DSM) | `clients/cascades-tucson/synology-cascadesds.sops.yaml` |
 | CS-SERVER (DC + file server) | 192.168.2.254, domain `cascades.local` | `clients/cascades-tucson/cs-server.sops.yaml` |
 **Syncro ID:** 20149445
 **Contact:** Meredith Kuhn — meredith.kuhn@cascadestucson.com — (520) 886-3171
 **GuruRMM:**
 - Client: Cascades of Tucson (`CASC`, id `42e1b0e3-f8b7-4fc5-86bd-06bdbb073b7f`)
 - Site: CascadesTucson (`GOLD-MOON-4620`, id `c157c399-82d3-4581-979a-b9fad70f4fef`)
 - Enrolled agents: DESKTOP-DLTAGOI (`0ed72c1c-40c7-4bd4-afed-e0bcb198936f`), CS-SERVER (`6766e973-e703-47c1-be56-76950290f87c`)
 **Known traps:**
 - ProfWiz-migrated users may have poisoned `User Shell Folders` — check/clean before testing redirection (`scripts/hive-cleanup-shellfolders.ps1`)
 - GPMC on Server 2019/2022 writes `fdeploy1.ini` incorrectly when adding + modifying in same session — one folder per save, close/reopen between adds
 - Explorer sidebar uses KnownFolder GUID form — mirror manually if sidebar doesn't resolve (`scripts/fix-live-shellfolders.ps1`)
 - Machines with OneDrive KFM must unlink OneDrive before applying GPO
 **GPO backup on CS-SERVER:** `C:\GPO-Backups\pre-fix-20260417-221701\` (backup ID `9c6ff7c9-0942-4cfb-b4a5-936913a3da87`)
 ---
 ## Pending / Next Up
 - [ ] EncryptData flag on `\\CS-SERVER\homes` share (HIPAA workitem — currently false)
 - [ ] Second Life Enrichment machine folder redirection end-to-end
 - [ ] Desktop + other folders redirection GPOs
 - [ ] Matching GPOs for remaining departments
 - [ ] Folder redirection GPO verification across all enrolled machines
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-17 | Howard | Folder redirection validated on DESKTOP-DLTAGOI (Sharon Edwards); GPO `CSC - Folder Redirection (LE)` active | DEPLOYED |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/dataforth/PROJECT_STATE.md
+++ b/clients/dataforth/PROJECT_STATE.md
@@ -0,0 +1,59 @@
 # Dataforth (Client) — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE
 **Last Activity:** 2026-04-14
 Client relationship record for Dataforth Corporation (legacy DOS hardware manufacturer). This directory tracks client-facing work. The actual DOS test pipeline development lives in `projects/dataforth-dos/` — see that project's `PROJECT_STATE.md` for full infrastructure, active work, and anti-patterns.
 ---
 ## Infrastructure / Access
 See `projects/dataforth-dos/CONTEXT.md` and `projects/dataforth-dos/PROJECT_STATE.md` for full infrastructure details.
 Key access: AD2 (192.168.0.6), AD1 (192.168.0.27), FortiClient VPN required.
 Credentials: `bash D:/vault/scripts/vault.sh get-field clients/dataforth/ad2.sops.yaml credentials.password | sed 's/\\//g'`
 Session manager was being developed for SAGE-SQL deployment — see `clients/dataforth/session-manager/`.
 ---
 ## Pending / Next Up
 - [ ] Deploy session manager to SAGE-SQL
 - [ ] Ongoing support as new product families require pipeline extensions
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-14 | Mike | Session log: follow-up work on datasheet pipeline | COMPLETE |
 | 2026-04-13 | Mike | Session log: pipeline verification | COMPLETE |
 | 2026-04-12 | Mike | SCMVAS/SCMHVAS pipeline deployed to production | DEPLOYED |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/evs/PROJECT_STATE.md
+++ b/clients/evs/PROJECT_STATE.md
@@ -0,0 +1,18 @@
 # EVS — Project State
 > Last updated: 2026-04-20
 **Status:** STALLED
 **Last Activity:** 2026-04-17 (one session log recorded)
 Minimal client presence — directory contains only `session-logs/` with a single entry from 2026-04-17. No infrastructure details, no active projects recorded.
 ## What Was Done
 - One session logged (2026-04-17) — contents unknown without review
 ## If Resuming
 - Read `clients/evs/session-logs/2026-04-17-session.md` to understand what was discussed
 - Determine if this is an active engagement or archived
 - Add infrastructure details and contacts if continuing
--- a/clients/glaztech/PROJECT_STATE.md
+++ b/clients/glaztech/PROJECT_STATE.md
@@ -0,0 +1,62 @@
 # Glaztech — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** DEPLOYMENT-READY
 **Last Activity:** 2026-03-30
 Manufacturing company. PDF preview broken on endpoints due to Windows KB5066791/KB5066835 Mark of the Web issue. Three fix methods prepared and ready to deploy. Scripts are sitting in the client directory — the fix just needs to be run on endpoints.
 ---
 ## Infrastructure / Access
 No dedicated infrastructure details recorded. Deploy via ScreenConnect or GuruRMM.
 Fix scripts in `clients/glaztech/`:
 - `Fix-PDFPreview-Glaztech-UPDATED.ps1` — updated remediation script
 - `Fix-PDFPreview-Glaztech.ps1` — original script
 - `Deploy-PDFFix-BulkRemote.ps1` — bulk remote deployment
 - `PDF-FIX.zip` — deployable package
 - `GPO-Configuration-Guide.md` — GPO-based deployment method
 - `QUICK-REFERENCE.md` — summary of all three methods
 ---
 ## Pending / Next Up
 - [ ] Deploy PDF preview fix to endpoints — scripts are ready, just needs to be run
  - Option A: Run `Fix-PDFPreview-Glaztech-UPDATED.ps1` locally on each machine via ScreenConnect
  - Option B: Bulk remote via `Deploy-PDFFix-BulkRemote.ps1`
  - Option C: GPO deployment per `GPO-Configuration-Guide.md`
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-03-30 | Mike | PDF fix scripts and GPO guide created, deployment-ready | READY |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed. Mark the PDF fix deployed when done.
--- a/clients/grabb-durando/PROJECT_STATE.md
+++ b/clients/grabb-durando/PROJECT_STATE.md
@@ -0,0 +1,19 @@
 # Grabb Durando — Project State
 > Last updated: 2026-04-20
 **Status:** STALLED
 **Last Activity:** Unknown
 Website migration project. Directory contains a single `website-migration/` subfolder with a `README.md`. No session logs recorded. Status and current state of the migration are unclear.
 ## What Was Done
 - `website-migration/` directory and README created
 - No further work recorded
 ## If Resuming
 - Read `clients/grabb-durando/website-migration/README.md` to understand scope
 - Determine migration target (what platform, what hosting)
 - No session logs or infrastructure details to reference
--- a/clients/gurushow/PROJECT_STATE.md
+++ b/clients/gurushow/PROJECT_STATE.md
@@ -0,0 +1,18 @@
 # GuruShow — Project State
 > Last updated: 2026-04-20
 **Status:** MAINTENANCE
 **Last Activity:** Unknown
 Archive player web application for the Computer Guru Show. Contains an `archive-player/` subdirectory with an `index.html` — a standalone HTML/JS player for browsing/playing archived show episodes.
 ## What Was Done
 - `archive-player/index.html` — web-based episode archive player
 ## If Resuming
 - Open `clients/gurushow/archive-player/index.html` to review the current state
 - No infrastructure dependencies — static HTML/JS file
 - Consider whether this belongs under `projects/radio-show/` rather than `clients/gurushow/`
--- a/clients/horseshoe-management/PROJECT_STATE.md
+++ b/clients/horseshoe-management/PROJECT_STATE.md
@@ -0,0 +1,18 @@
 # Horseshoe Management — Project State
 > Last updated: 2026-04-20
 **Status:** MAINTENANCE
 **Last Activity:** 2026-01-20
 Intuit/QuickBooks support client. Most recent issue (2026-01-20): Glance screen sharing version mismatch (Event 12 — no enabled servers found between versions 2.2.2 and 2.2.2). Resolved by updating Glance client and requesting fresh session link from Intuit support.
 ## What Was Done
 - Glance version mismatch issue diagnosed and resolved (2026-01-20)
 - Workarounds documented: update Glance, request fresh link, or use Quick Assist/Teams/Zoom as fallback
 ## If Resuming
 - Check `CLIENT_INFO.md` for contact information and recent issue log
 - No ongoing projects — support on-demand
--- a/clients/instrumental-music-center/PROJECT_STATE.md
+++ b/clients/instrumental-music-center/PROJECT_STATE.md
@@ -0,0 +1,73 @@
 # Instrumental Music Center (IMC) — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE
 **Last Activity:** 2026-04-13
 Music retail + repair shop running AIMsi POS on-prem. Primary server IMC1 (Dell R720, Windows Server 2016, DC for IMC.local). SQL Server 2019 Express (`IMC1\AIMSQL`). AIMsi DBs moved to dedicated SSD (`S:\SQL\Data\`). Local SQL backups running nightly; Cloudberry off-site backups configured. Known issue: component store corruption (0x80073701) blocking RDS role removal — Server 2019 migration decision pending.
 ---
 ## Infrastructure / Access
 | Resource | Address | Notes |
 |----------|---------|-------|
 | IMC1 (primary server) | 192.168.0.2 | Windows Server 2016, DC (IMC.local), Dell R720 |
 | SQL instance | IMC1\AIMSQL | MSSQL 2019 Express. DBs on S:\SQL\Data\ |
 **SSH:** `ssh IMC\guru@192.168.0.2` (ed25519 key, PowerShell default shell)
 **VPN:** OpenVPN (.ovpn profile) — disconnect Tailscale first (192.168.0.0/24 conflict)
 **Domain admin:** `IMC\guru` — also SQL sysadmin (added via single-user recovery 2026-04-12)
 **Credentials:** Vault entry needed (`clients/imc/` — not yet created as of 2026-04-13)
 **Disks:** C: (OS, 77% full), E: (SQL backups + installers), F: (Windows Image Backups), S: (SSD — AIMsi DBs)
 **Backup:** Nightly SQL at 22:00 to `E:\SQL\...\Backup\`; retention script `C:\Scripts\Clean-AimsiBackups.ps1` (14 dailies + 1st-of-month); Cloudberry at `C:\ProgramData\Online Backup\`
 **Known issues:**
 - Component store corrupted (0x80073701) — blocks RDS role removal; ETW manifest error on reboot
 - C: drive at ~77% full — monitor
 - SMB1 still enabled — disable when time permits
 - `TestConv61223` DB (leftover from 2023 migration test) safe to drop — verify first
 ---
 ## Pending / Next Up
 - [ ] Decide Server 2019 migration path (in-place upgrade vs. clean build + migrate)
 - [ ] Verify Cloudberry backup continuity
 - [ ] Drop `TestConv61223` DB after confirming nothing references it
 - [ ] Disable SMB1 on IMC1
 - [ ] Add IMC vault entry for SSH/SQL/domain credentials
 - [ ] Follow up on disk management items from 2026-04-13 session
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-12 | Mike | IMC1 cleanup and SQL move: AIMsi DBs moved to S: SSD, backup script + retention task deployed, sysadmin access restored | DEPLOYED |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/internal-infrastructure/PROJECT_STATE.md
+++ b/clients/internal-infrastructure/PROJECT_STATE.md
@@ -0,0 +1,54 @@
 # Internal Infrastructure (ACG) — Project State
 > READ THIS before starting work on internal infrastructure.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** MAINTENANCE
 **Last Activity:** 2026-04-16
 Arizona Computer Guru internal company infrastructure. Server monitoring, vendor tickets, internal systems. Includes ix-server issue tracking, vendor escalations, internal tooling. Work here is ad-hoc and reactive.
 ---
 ## Infrastructure / Access
 Primary internal server: AD2 (172.16.3.30) — GuruRMM server, ClaudeTools API, testdatadb, etc.
 Full infrastructure details in `.claude/CONTEXT.md` and `CONTEXT.md` (root of repo).
 ---
 ## Pending / Next Up
 - [ ] No active items tracked — reactive as issues arise
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-13 | Mike | Session: internal system work | COMPLETE |
 | 2026-04-11 | Mike | Smart Slider security scan | COMPLETE |
 | 2026-03-16 | Mike | IX account cleanup | COMPLETE |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/khalsa/PROJECT_STATE.md
+++ b/clients/khalsa/PROJECT_STATE.md
@@ -0,0 +1,52 @@
 # Khalsa — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ONBOARDING
 **Last Activity:** 2026-04-16
 New client. Standard directory template applied 2026-04-16. Onboarding not yet complete. Directory contains only a `docs/` subfolder — minimal information captured.
 ---
 ## Infrastructure / Access
 No infrastructure details recorded yet. Check `clients/khalsa/docs/` for any notes captured during initial onboarding.
 ---
 ## Pending / Next Up
 - [ ] Complete onboarding — capture infrastructure details, contacts, credentials to vault
 - [ ] Populate `docs/` with client overview, network diagram, server inventory
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-16 | Howard | Standard client directory structure applied | IN PROGRESS |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/kittle/PROJECT_STATE.md
+++ b/clients/kittle/PROJECT_STATE.md
@@ -0,0 +1,52 @@
 # Kittle — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ONBOARDING
 **Last Activity:** 2026-04-16
 New client. Standard directory template applied 2026-04-16. Onboarding not yet complete. Directory contains only a `docs/` subfolder — minimal information captured.
 ---
 ## Infrastructure / Access
 No infrastructure details recorded yet. Check `clients/kittle/docs/` for any notes captured during initial onboarding.
 ---
 ## Pending / Next Up
 - [ ] Complete onboarding — capture infrastructure details, contacts, credentials to vault
 - [ ] Populate `docs/` with client overview, network diagram, server inventory
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-16 | Howard | Standard client directory structure applied | IN PROGRESS |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/lens-auto-brokerage/PROJECT_STATE.md
+++ b/clients/lens-auto-brokerage/PROJECT_STATE.md
@@ -0,0 +1,62 @@
 # Lens Auto Brokerage — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE — PENDING DEPLOYMENT
 **Last Activity:** 2026-04-16
 Auto brokerage client. GuruRMM agent deployment planned for 10 endpoints via GPO. Scripts and documentation prepared in `docs/` — deployment has not yet been executed.
 ---
 ## Infrastructure / Access
 No server infrastructure details recorded. 10 Windows endpoints to enroll in GuruRMM.
 **GuruRMM deployment command (run via GPO or ScreenConnect):**
 ```powershell
 $u='https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-windows-amd64-latest.exe';
 $d='C:\Windows\Temp\gururmm-agent.exe';
 Invoke-WebRequest $u -UseBasicParsing -OutFile $d;
 & $d install --server-url 'wss://rmm-api.azcomputerguru.com/ws' --api-key '<SITE_KEY>'
 ```
 Note: site enrollment key must be generated for Len's site in GuruRMM dashboard first.
 ---
 ## Pending / Next Up
 - [ ] Generate GuruRMM site + enrollment key for Len's Auto Brokerage in RMM dashboard
 - [ ] Deploy GuruRMM agent to 10 endpoints via GPO
 - [ ] Verify all 10 endpoints enrolled and heartbeating in RMM console
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-16 | Mike | Client directory created, deployment planned | PENDING |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/clients/pavon/PROJECT_STATE.md
+++ b/clients/pavon/PROJECT_STATE.md
@@ -0,0 +1,23 @@
 # Pavon — Project State
 > Last updated: 2026-04-20
 **Status:** COMPLETE
 **Last Activity:** 2026-04-12
 Video archive management project. Cleaned 25 TB of old footage (184,124 files deleted), then integrated the remaining 35 TB with OwnCloud for organized archival access.
 ## What Was Done
 - Identified and deleted 184,124 redundant/old files totaling 25 TB
 - Infrastructure analysis of storage environment
 - Remaining 35 TB integrated with OwnCloud via external storage setup
 - Archive scan and cleanup completion documented
 - Final setup summary written
 ## If Resuming
 - Check `clients/pavon/owncloud-archive-setup.md` and `final-setup-summary.md` for the OwnCloud configuration
 - Storage layout documented in `infrastructure-analysis.md`
 - `cleanup-completion-report.md` confirms what was deleted and what was kept
 - Session logs in `clients/pavon/session-logs/`
--- a/clients/valleywide/PROJECT_STATE.md
+++ b/clients/valleywide/PROJECT_STATE.md
@@ -0,0 +1,63 @@
 # Valleywide (VWP) — Project State
 > READ THIS before starting work on this client.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE — POST-INCIDENT MONITORING
 **Last Activity:** 2026-04-16
 Financial services client, domain `vwp.local`. RDWeb was exposed to the internet via UDM port forward; distributed brute-force attack discovered 2026-04-13. Port forward removed same day. 30-day audit confirmed no successful external logons — no compromise. RDS deployment reconfigured 2026-04-16 to bypass gateway (direct VPN connect). RDS licensing pointer also fixed. Outstanding: RDS CAL purchase, UPnP audit, scanner account password rotation.
 ---
 ## Infrastructure / Access
 | Server | IP | Notes |
 |--------|-----|-------|
 | VWP_ADSRVR | 192.168.0.25 | Windows Server 2019 DC, domain `vwp.local`. SSH: `ssh vwp\guru@192.168.0.25` (ed25519 key) |
 | VWP-QBS | 172.16.9.169 | Windows Server 2022, QuickBooks + RDS host. Reach via VPN + double-hop: `Invoke-Command -ComputerName VWP-QBS` |
 | UDM | (gateway) | Static DNS: `vwp-qbs.vwp.us` → `172.16.9.169` |
 **Networks:** 172.16.9.0/24 (internal), 192.168.0.0/24 (conflicts with IMC — careful when switching VPN contexts).
 **VPN:** OpenVPN, pushes DNS=192.168.4.1 (UDM), routes for 172.16.9.0/24, 192.168.0.0/24, 192.168.3.0/24.
 **Credentials:** SOPS vault at `clients/vwp/` (adsrvr, dc1, udm, xenserver, quickbooks-server-idrac).
 ---
 ## Pending / Next Up
 - [ ] Purchase Windows Server 2022 RDS Per User CALs for VWP-QBS (sized to active user count — check distinct interactive logons last 30d via `licmgr.msc`)
 - [ ] Confirm UPnP state on UDM (prevent server from re-punching its own port-forward hole)
 - [ ] Rotate `scanner` AD account password (last set 2024-10-17; carried since 2026-04-13)
 - [ ] Formally document VPN-only RDWeb access decision
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-16 | Mike | RDS deployment set to bypass gateway (direct VPN connect); UDM DNS typo fixed; RDS licensing mode set Per User, pointed at VWP-QBS license server | DEPLOYED |
 | 2026-04-13 | Mike | RDWeb brute-force incident: UDM port forward removed, lockout policy restored, IIS reset, 30-day audit confirmed no compromise | RESOLVED |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/projects/community-forum/PROJECT_STATE.md
+++ b/projects/community-forum/PROJECT_STATE.md
@@ -0,0 +1,19 @@
 # Community Forum — Project State
 > Last updated: 2026-04-20
 **Status:** STALLED
 **Last Activity:** 2026-03-30
 Forum post themes and styling work. Contains `theme-v2.less` and a `forum-posts/` directory. Unclear whether this is an active forum product or one-off styling work.
 ## What Was Done
 - `theme-v2.less` — second-iteration forum theme stylesheet
 - `forum-posts/` — forum post content or templates
 ## If Resuming
 - Clarify which forum platform this targets (Discourse, NodeBB, custom?)
 - Review `theme-v2.less` for the current state of the design
 - Check `forum-posts/` for any content that may need updating
--- a/projects/dataforth-dos/PROJECT_STATE.md
+++ b/projects/dataforth-dos/PROJECT_STATE.md
@@ -0,0 +1,76 @@
 # Dataforth DOS — Project State
 > READ THIS before starting work on this project.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE / DEPLOYED
 **Last Activity:** 2026-04-14
 Legacy DOS hardware test pipeline for Dataforth Corporation. Node.js service (`testdatadb`) on AD2 (192.168.0.6) parses test log files from DOS-era test stations, stores 27k+ records in SQLite, and publishes datasheets to the web. As of 2026-04-12, pipeline was extended to support SCMVAS/SCMHVAS product families with a new VASLOG parser and accuracy-only datasheet template. 27,503 historical records backfilled; 434 Engineering-Tested .txt files imported. Service is production-deployed and running.
 Remaining work: deploy session manager to SAGE-SQL, verify historical backfill accuracy for edge cases, continue any new product family extensions.
 ---
 ## Infrastructure / Access
 | Component | IP/Location | Notes |
 |-----------|-------------|-------|
 | AD2 (primary) | 192.168.0.6 | Windows Server 2022, hosts testdatadb service on port 3000 |
 | AD1 | 192.168.0.27 | Hosts Engineering share at \\AD1\Engineering |
 | D2TESTNAS | 192.168.0.9 | SMB1 only — bridge for DOS test stations |
 | VPN required | FortiClient | Must be connected to reach 192.168.0.x |
 **Service:** `testdatadb` on AD2, account `INTRANET\svc_testdatadb`, working dir `C:\Shares\testdatadb`, API port 3000.
 **Database:** SQLite at `C:\Shares\testdatadb\database/testdata.db` (4.1 GB, not in git).
 **Web output:** `\\ad2\webshare\For_Web` (NOT `X:\For_Web` in SSH sessions).
 **Credentials:**
 ```bash
 # AD2 password (strip backslash escape)
 bash D:/vault/scripts/vault.sh get-field clients/dataforth/ad2.sops.yaml credentials.password | sed 's/\\//g'
 # AD1 password
 bash D:/vault/scripts/vault.sh get-field clients/dataforth/ad1.sops.yaml credentials.password
 ```
 **Anti-patterns:** See `CONTEXT.md` — especially: no X: drive in SSH, no 50+ args on PowerShell, no hardcoded passwords, no SMB1 on AD2.
 ---
 ## Pending / Next Up
 - [ ] Deploy session manager to SAGE-SQL
 - [ ] SCMVAS/SCMHVAS pipeline further extension (if new families identified)
 - [ ] Verify 27,503 historical records backfill accuracy (438 plain-decimal edge cases patched 2026-04-12)
 - [ ] Clean vault entry: ad2.sops.yaml has stale backslash in password (remove `\` escape)
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-12 | Mike | SCMVAS/SCMHVAS pipeline: new VASLOG parser, accuracy-only template, 27,503 records backfilled, 434 ENG txt files imported | DEPLOYED |
 | 2026-04-11 | Mike | Discovery session: explored VASLOG .DAT format, hvin.dat binary structure | RESEARCH |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks (Session = "User/Machine", e.g. "Mike/DESKTOP-0O8A1RL").
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/projects/gururmm-agent/PROJECT_STATE.md
+++ b/projects/gururmm-agent/PROJECT_STATE.md
@@ -0,0 +1,25 @@
 # GuruRMM Agent (Claude Integration) — Project State
 > Last updated: 2026-04-20
 **Status:** COMPLETE
 **Last Activity:** 2026-03-31
 Rust/Tokio integration layer enabling Main Claude to invoke Claude Code CLI on AD2 (Windows Server 2022) via the GuruRMM WebSocket API. Rate-limited (10 tasks/hr), 2 concurrent max, 300s timeout. Implementation is production-ready but integration into the live GuruRMM agent binary was the pending step.
 ## What Was Done
 - `agent/src/claude.rs` — 684-line Rust module: ClaudeExecutor struct, input sanitization, rate limiting, concurrency control, timeout management, unit tests
 - `commands_modifications.rs` — step-by-step integration guide for adding `claude_task` command type to GuruRMM agent dispatcher
 - `Cargo_dependencies.toml` — dependency spec (tokio 1.35, serde, serde_json, once_cell)
 - `TESTING_AND_DEPLOYMENT.md` — 497-line complete deployment and testing guide
 - `README.md` — full project documentation
 ## If Resuming
 1. Copy `agent/src/claude.rs` into the live GuruRMM agent project (`azcomputerguru/gururmm`)
 2. Follow `commands_modifications.rs` to wire up the `claude_task` command type
 3. Update `Cargo.toml` in the agent crate with required dependencies
 4. Build with `cargo build --release`, run `cargo test` and `cargo clippy`
 5. Deploy to AD2 per `TESTING_AND_DEPLOYMENT.md` (stop service, backup binary, deploy, restart, smoke test)
 6. Note: this was built against the GuruRMM API at 172.16.3.30:3001 — verify agent ID for AD2 before sending commands
--- a/projects/msp-pricing/PROJECT_STATE.md
+++ b/projects/msp-pricing/PROJECT_STATE.md
@@ -0,0 +1,23 @@
 # MSP Pricing — Project State
 > Last updated: 2026-04-20
 **Status:** COMPLETE (stable reference)
 **Last Activity:** 2026-02-01
 MSP pricing calculator, models, and HTML price sheets for Arizona Computer Guru. Covers GPS endpoint monitoring, support plans, VoIP, web/email hosting pricing structures. Price sheets are published HTML files. No active development — used as a reference and updated only when pricing changes.
 ## What Was Done
 - GPS price sheet (HTML): `GPS_Price_Sheet_12.html`
 - VoIP pricing sheet: `GPS_VoIP_Pricing.html`
 - VoIP tier comparison: `GPS_VoIP_Tier_Comparison.html`
 - Supporting calculators in `calculators/`
 - Documentation in `docs/`
 - Marketing materials in `marketing/`
 ## If Resuming
 - Update HTML price sheets when rates change
 - Session logs in `session-logs/` for historical pricing decisions
 - No infrastructure dependencies — all static files
--- a/projects/msp-tools/guru-connect/PROJECT_STATE.md
+++ b/projects/msp-tools/guru-connect/PROJECT_STATE.md
@@ -0,0 +1,25 @@
 # GuruConnect — Project State
 > Last updated: 2026-04-20
 **Status:** STALLED
 **Last Activity:** 2026-01-17 (planning), last session log 2025-12-29
 GuruConnect is an MSP remote desktop solution (ScreenConnect replacement) built in Rust/Axum with a PostgreSQL backend. 24 conversation log files exist. Phase 1 (Security & Infrastructure) was scoped in January 2026 but never started — the project has been stalled since initial planning.
 ## What Was Done
 - Full architecture designed: Rust agent (Windows), Rust relay server (Linux), WebSocket protocol, protobuf wire format
 - Security gap analysis completed: 5 critical issues identified (JWT hardcoded, rate limiting, SQL injection, agent validation, session takeover)
 - Phase 1-4 roadmap created (26-week timeline)
 - CLAUDE.md, MASTER_ACTION_PLAN.md, GAP_ANALYSIS.md, CHECKLIST_STATE.json all written
 - Server deploys to 172.16.3.30:3002, proxied via NPM to connect.azcomputerguru.com
 - Codebase: Rust workspace with agent/ and server/ crates, proto/ for protobuf definitions
 ## If Resuming
 1. Read `PHASE1_SECURITY_INFRASTRUCTURE.md` — 5 critical security fixes still outstanding
 2. Read `CHECKLIST_STATE.json` for current progress (0/147 Phase 1 items completed as of last update)
 3. Start with SEC-1 (JWT secret hardcoded) — highest priority blocker
 4. Server is at 172.16.3.30:3002; static dashboard files in `server/static/`
 5. Build: `cargo build -p guruconnect --release` (agent, Windows); cross-compile for Linux server
--- a/projects/msp-tools/howard-bootstrap/PROJECT_STATE.md
+++ b/projects/msp-tools/howard-bootstrap/PROJECT_STATE.md
@@ -0,0 +1,20 @@
 # Howard Bootstrap — Project State
 > Last updated: 2026-04-20
 **Status:** STALLED
 **Last Activity:** 2026-04-16
 Bootstrap/onboarding setup for Howard's workstation and ClaudeTools integration. The directory contains only a README.txt, keys.txt, and setup.bat — minimal scaffolding. No substantive development has occurred.
 ## What Was Done
 - Basic directory structure created
 - setup.bat and keys.txt staged for Howard's initial machine setup
 - No session logs recorded
 ## If Resuming
 - Check `README.txt` for any setup instructions captured
 - Determine what Howard still needs configured (vault access, git config, identity.json on his machine)
 - Follow ONBOARDING.md process in `.claude/` for any new-machine setup steps
--- a/projects/msp-tools/msp-audit-scripts/PROJECT_STATE.md
+++ b/projects/msp-tools/msp-audit-scripts/PROJECT_STATE.md
@@ -0,0 +1,51 @@
 # MSP Audit Scripts — Project State
 > READ THIS before starting work on this project.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** MAINTENANCE
 **Last Activity:** 2026-04-17 (estimated from directory contents)
 PowerShell audit scripts for MSP client environments. Two scripts: `server_audit.ps1` (server-side audit) and `workstation_audit.ps1` (workstation audit). Used ad-hoc during client engagements. No active development — maintained as stable reference scripts.
 ---
 ## Infrastructure / Access
 No dedicated infrastructure. Scripts run against client environments via SSH or remote PowerShell. Credentials come from vault per-client.
 ---
 ## Pending / Next Up
 - [ ] No active items — scripts are stable
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | (no logged changes) | | | |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes.
--- a/projects/newsletter/PROJECT_STATE.md
+++ b/projects/newsletter/PROJECT_STATE.md
@@ -0,0 +1,21 @@
 # Newsletter — Project State
 > Last updated: 2026-04-20
 **Status:** MAINTENANCE (ad-hoc)
 **Last Activity:** 2026-04-09
 HTML email newsletter templates for Arizona Computer Guru. Four variants maintained: flash-sale, clean, bold, and warm. Used as-needed for client or marketing emails.
 ## What Was Done
 - `flash-sale-newsletter.html` — promotional flash-sale layout
 - `variant-bold.html` — bold/high-contrast design variant
 - `variant-clean.html` — minimal clean design variant
 - `variant-warm.html` — warm/approachable design variant
 ## If Resuming
 - Copy the most appropriate variant for the email campaign
 - Customize copy and any promotional details
 - No infrastructure — pure HTML/CSS, send via whatever email platform is in use
--- a/projects/radio-show/PROJECT_STATE.md
+++ b/projects/radio-show/PROJECT_STATE.md
@@ -0,0 +1,61 @@
 # Computer Guru Radio Show — Project State
 > READ THIS before starting work on this project.
 > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes).
 > Last updated: 2026-04-20
 ---
 ## Active Session Locks
 | Session | Working On | Status | Started |
 |---------|-----------|--------|---------|
 | _(none active)_ | | | |
 **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.
 ---
 ## Current State
 **Status:** ACTIVE (recurring weekly)
 **Last Activity:** 2026-04-18 (most recent episode: "Tech That Makes Life Fun")
 Weekly radio show audio production project. Post-show workflow transforms recorded broadcasts into tiered content: debrief notes, article drafts, archive-ready files. Episodes are stored under `episodes/` by date and title. The `audio-processor/` directory contains processing tooling; `website/` holds show website assets.
 ---
 ## Infrastructure / Access
 - Episodes directory: `projects/radio-show/episodes/`
 - Workflow reference: `projects/radio-show/post-show-workflow.md`
 - Audio processor: `projects/radio-show/audio-processor/`
 - Website assets: `projects/radio-show/website/`
 No server infrastructure — all local processing.
 ---
 ## Pending / Next Up
 - [ ] Verify post-show processing complete for 2026-04-18 episode ("Tech That Makes Life Fun")
 - [ ] Process any queued episodes per `post-show-workflow.md`
 ---
 ## Recent Changes
 | Date | By | Change | Status |
 |------|-----|--------|--------|
 | 2026-04-18 | Mike | Episode: "Tech That Makes Life Fun" | RECORDED |
 | 2026-04-11 | Mike | Episode: "Hidden Price Tags" | RECORDED |
 | 2026-04-05 | Mike | Episode: "AI Gold Rush Warp Speed" | RECORDED |
 | 2026-03-21 | Mike | Episode: "Who Controls Your Tech" | RECORDED |
 | 2026-03-14 | Mike | Episode: "AI Misconceptions" | RECORDED |
 ---
 ## How to Update
 **When starting:** Add your session to Active Session Locks.
 **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.
--- a/projects/wrightstown-smarthome/PROJECT_STATE.md
+++ b/projects/wrightstown-smarthome/PROJECT_STATE.md
@@ -0,0 +1,22 @@
 # Wrightstown Smart Home — Project State
 > Last updated: 2026-04-20
 **Status:** PLANNING
 **Last Activity:** 2026-02-09
 Privacy-first smart home system for the Wrightstown property. Stack: Home Assistant Yellow + local LLM + hybrid Claude/Grok bridge. No cloud dependencies for core automation.
 ## What Was Done
 - Architecture decided: Home Assistant Yellow as hub
 - Local LLM integration planned
 - Hybrid Claude/Grok bridge designed for voice/AI features
 - No code written — blocked on hardware
 ## If Resuming
 - **Blocked by:** CM4/CM5 module not yet arrived (as of 2026-02-09 — verify current status)
 - On hardware arrival: begin HA Yellow initial configuration, install Home Assistant OS
 - Then: local LLM setup, then bridge integration
 - Check `projects/wrightstown-smarthome/docs/` and `session-logs/` for any design documents
--- a/projects/wrightstown-solar/PROJECT_STATE.md
+++ b/projects/wrightstown-solar/PROJECT_STATE.md
@@ -0,0 +1,23 @@
 # Wrightstown Solar — Project State
 > Last updated: 2026-04-20
 **Status:** PLANNING
 **Last Activity:** 2026-02-09
 DIY 48V LiFePO4 battery storage system (5-20 kWh) with Victron integration for the Wrightstown property. Components: EVE C40 cells, JK BMS, Victron MultiPlus II inverter/charger.
 ## What Was Done
 - System design: 48V LiFePO4, EVE C40 cells, JK BMS, Victron MultiPlus II
 - Capacity range defined: 5-20 kWh depending on cell count
 - Victron integration planned
 - No hardware procured yet
 ## If Resuming
 - Begin with hardware procurement (EVE C40 cells, JK BMS, Victron MultiPlus II)
 - Cell arrival: capacity test each cell individually before assembly
 - BMS configuration: program JK BMS for 48V LiFePO4 pack parameters
 - Victron setup: MultiPlus II commissioning, VE.Configure/VictronConnect
 - Check `projects/wrightstown-solar/docs/` and `session-logs/` for any notes