wiki: update PST (deletion-report location) + add fast wiki-compile 'update' mode

- peaceful-spirit: record the standing 'Mara audit log' (daily PST Deletion Report task,
  SACL 4660/4663 on G:\Shares\Scanned) and its new output location under the legal/
  partner-review folder (moved 2026-07-02). Surgical update, no full recompile.
- wiki-compile: add an incremental UPDATE mode (now the no-flag default) that folds only
  session logs newer than last_compiled via targeted section edits — no Sonnet subagent,
  no full-article regeneration. --full is now the explicit REBUILD; --syncro is the
  instant Syncro-only refresh. Addresses the slow-rebuild complaint.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 17:27:23 -07:00
parent 7ff092f7bb
commit 59b5f1f5f2
3 changed files with 95 additions and 13 deletions

View File

@@ -7,17 +7,29 @@ Seed new wiki articles or refresh existing ones from session logs, client docume
## Usage
```
/wiki-compile client:<slug> Seed or refresh a client wiki article
/wiki-compile client:<slug> --full Force full recompile of existing article (Sonnet synthesis)
/wiki-compile client:<slug> UPDATE an existing article (fast, incremental) or seed a new one
/wiki-compile client:<slug> --full REBUILD: full re-synthesis from ALL sources (Sonnet, slow)
/wiki-compile client:<slug> --syncro Syncro dynamic fields only (hours/tickets) — instant, no LLM
/wiki-compile project:<slug> Compile a project wiki article (no Syncro)
/wiki-compile system:<slug> Compile a system wiki article (no Syncro)
/wiki-compile all Process all missing + stale articles
```
**Mode auto-detection:**
- If `wiki/clients/<slug>.md` **does not exist****Seed mode** (full synthesis, Sonnet subagent)
- If `wiki/clients/<slug>.md` **exists** and no `--full` flag → **Refresh mode** (surgical update of dynamic fields only, no subagent)
- `--full` flag → **Full recompile** (Sonnet synthesis, preserves existing Patterns/History)
- If `wiki/clients/<slug>.md` **does not exist****Seed mode** (full synthesis, Sonnet subagent).
- If it **exists** and no flag → **Update mode** (fast, incremental — the default; see below).
- `--full` **Rebuild** (full Sonnet re-synthesis from ALL sources; preserves Patterns/History).
- `--syncro`**Syncro-only refresh** (dynamic fields only; instant, no LLM).
**Update vs Rebuild — why update is fast (this is the point).** A **Rebuild** (`--full`) reads
*every* session log for the client and regenerates the *entire* article with a Sonnet subagent —
correct, but slow and expensive, and wasteful when only one thing changed. **Update** reads ONLY
the session logs dated after the article's `last_compiled` (usually 13 files, often zero) plus the
current article, and applies a few **surgical section edits** — new History rows, and targeted
edits to any section a new log actually changes — leaving the rest of the article byte-for-byte
untouched. Small input + small output + no full-article Sonnet pass = typically many times faster.
Reach for `--full` only when the article structure has drifted, sections are stale/wrong, or you
want a periodic clean rebuild. For "I just did some work, capture it," use plain update.
---
@@ -65,12 +77,21 @@ esac
if [ ! -f "$CLAUDETOOLS_ROOT/$ARTICLE_PATH" ]; then
MODE="seed"
elif [ "$FULL_FLAG" = "--full" ]; then
MODE="full"
MODE="full" # rebuild — full Sonnet re-synthesis
elif [ "$FULL_FLAG" = "--syncro" ]; then
MODE="syncro" # Syncro dynamic fields only
else
MODE="refresh"
MODE="update" # default: fast incremental knowledge merge
fi
echo "[INFO] Mode: $MODE | Target: $TARGET_TYPE:$SLUG"
# For update mode, read the article's last_compiled so Phase 3 can select only newer logs.
LAST_COMPILED=""
if [ "$MODE" = "update" ]; then
LAST_COMPILED=$(sed -n 's/^last_compiled:[[:space:]]*//p' "$CLAUDETOOLS_ROOT/$ARTICLE_PATH" | head -1)
echo "[INFO] Update since last_compiled=${LAST_COMPILED:-unknown}"
fi
```
---
@@ -244,6 +265,28 @@ SOURCE_COUNT=$(echo "$ALL_SOURCES" | grep -c '^' || echo 0)
echo "[INFO] Found $SOURCE_COUNT source files"
```
**Update mode — narrow to NEW sources only (this is the speedup).** In update mode, do NOT read
the full source set. Select only the logs the article has not yet incorporated: a source is "new"
if its filename date is **after** `LAST_COMPILED`, **or** it is not already listed in the article's
frontmatter `sources:`. Read only those.
```bash
if [ "$MODE" = "update" ]; then
# existing sources already folded into the article
EXISTING_SRC=$(awk '/^sources:/{f=1;next} /^[^ -]/{f=0} f&&/^[[:space:]]*-/{sub(/^[[:space:]]*-[[:space:]]*/,"");print}' "$CLAUDETOOLS_ROOT/$ARTICLE_PATH")
NEW_SOURCES=$(echo "$ALL_SOURCES" | while read -r f; do
[ -z "$f" ] && continue
# (a) not yet in the article's sources list?
if ! grep -qxF "$f" <<<"$EXISTING_SRC"; then echo "$f"; continue; fi
# (b) filename carries a YYYY-MM-DD newer than last_compiled?
d=$(echo "$f" | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}' | head -1)
if [ -n "$d" ] && [ -n "$LAST_COMPILED" ] && [ "$d" \> "$LAST_COMPILED" ]; then echo "$f"; fi
done | sort -u | grep -v '^$')
NEW_COUNT=$(echo "$NEW_SOURCES" | grep -c '^' || echo 0)
echo "[INFO] Update: $NEW_COUNT new source(s) since ${LAST_COMPILED:-unknown}"
fi
```
If `SOURCE_COUNT == 0` and no Syncro data: warn and stop.
```
[ERROR] No session logs and no Syncro data found for '${SLUG}'. Cannot compile.
@@ -254,7 +297,40 @@ If `SOURCE_COUNT == 0` and no Syncro data: warn and stop.
## Phase 4 — Article Generation
### Refresh Mode (existing article, no --full)
### Update Mode (existing article, default) — fast incremental
Fold only what changed since the last compile. **Do NOT re-synthesize the whole article and do
NOT spawn a Sonnet subagent.** Two parts:
**Part A — Syncro dynamic fields** (the three surgical edits documented under *Syncro-only Refresh*
below): hours remaining, Active Work ticket list, and frontmatter (`last_compiled`, `compiled_by`).
**Part B — Incremental knowledge merge** — run ONLY if `NEW_COUNT > 0` (new logs from Phase 3):
1. Read the full text of the `NEW_SOURCES` logs **and the current article**. Do NOT read the full
historical log set — that is what makes this fast.
2. Apply **targeted edits** for what those new logs actually establish:
- **Always:** add one dated row per material change to **History Highlights** (chronological).
- **Infrastructure** — add/adjust a row for any new or removed host, IP, service, or key path.
- **Access** — add any new vault path or access route (vault path only, never the secret).
- **Patterns & Known Issues** — add a genuinely new recurring issue, or mark an existing one
resolved if a new log shows it fixed.
- Touch **only** the sections a new log changes; leave every other byte of the article intact.
3. The delta is small, so **the main agent applies these edits directly** (Edit tool), or delegates
only the prose wording to Ollama Tier-0 / `haiku` and reviews it. Follow the same Hard Rules
(Syncro authoritative for billing; never inline secrets; never invent vault paths).
4. Append the `NEW_SOURCES` paths to frontmatter `sources:` (dedup).
If `NEW_COUNT == 0`: there is nothing new to fold — Part A (Syncro refresh) is the whole update.
Emit:
```
[OK] Update complete for wiki/clients/<slug>.md
- New logs folded: <NEW_COUNT> (since <LAST_COMPILED>)
- Sections touched: History[, Infrastructure, Access, Patterns] | none (Syncro-only)
- Syncro: hours <PREPAY_HOURS>, tickets <TICKET_COUNT>
```
### Syncro-only Refresh (`--syncro`) — instant, no LLM
Perform surgical updates only. No Ollama call. Three edits:
@@ -298,7 +374,7 @@ After edits, emit:
- Sources: ${SOURCE_COUNT} files tracked
```
### Seed Mode / Full Recompile — Claude Synthesis (Sonnet subagent)
### Seed Mode / Rebuild (`--full`) — Claude Synthesis (Sonnet subagent)
Prepare the synthesis context by reading the most relevant source files. For session logs, read the full content of client-specific logs and the first 200 lines of root session logs (to avoid overwhelming the prompt). For full recompile, also read the existing article.
@@ -447,4 +523,7 @@ When invoked as `/wiki-compile all`:
- **Never invent vault paths.** If a credential is not mentioned in session logs, write "(verify)" in the Access section.
- **Never populate Infrastructure tables with placeholder rows.** Only include servers/services that appear in session logs or Syncro assets.
- **Syncro contacts are ground truth for the Profile section.** Do not override with session log guesses if the contact name differs.
- **Refresh mode never touches Patterns or History.** Those sections require human review or `--full`.
- **Syncro-only refresh (`--syncro`) never touches Patterns or History.** It edits dynamic fields only.
- **Update mode may ADD to History (always) and may add/adjust Infrastructure, Access, and Patterns**
strictly from the NEW logs — it never rewrites or removes existing prose. Wholesale re-synthesis
(rewriting existing sections, reconciling contradictions across the full history) is `--full` only.

View File

@@ -2,8 +2,8 @@
type: client
name: peaceful-spirit
display_name: Peaceful Spirit Therapeutic Massage
last_compiled: 2026-07-01
compiled_by: GURU-5070/claude-main
last_compiled: 2026-07-02
compiled_by: GURU-5070/claude-main (update: deletion-report location)
sources:
- clients/peaceful-spirit/session-logs/2026-05-10-recovered-setup-radius-authentication-for-vpn-access.md
- clients/peaceful-spirit/session-logs/2026-05-10-session.md
@@ -163,6 +163,8 @@ ACL root is `G:\Shares\Scanned`; permissions inherit to `@Clients` and subdirect
A report that client files disappeared (trigger: the "Glennda" folder) prompted a staged restore-and-diff investigation. The 6/24 10:05 AM restore point was staged to `C:\PST-Recovery\PreDelete-0624` (~99 GB). Authoritative diff: **47,749 files deleted from @Clients since 6/24 10:05**; ~93% intentional duplicate cleanup (33,711 in folders labeled "duplicate DO NOT USE or delete"; ~10,696 in nested misfile-buckets A\A, D\A, P\O, H\I whose canonical client folders remain live). Genuine loss estimate: **~3,342 files**, recoverable via no-overwrite copy-back from staging (not yet executed — awaiting Mike/Mara approval; writes to live HIPAA data). The 10:05->12:05 PM window had only 2 deletions (Ballard, Kathy and Rivera, Anthony SOAP PDFs) — mass deletion occurred later. Glennda trigger: `EDWARDS, GLENDA` (single-N, 79 files, deleted) was a misspelled duplicate of the active canonical `EDWARDS, GLENNDA VA REFERRAL` (double-N, 127 files, live and growing). Shelton report: only 6 old Shelton files exist (20112015), loose in `S\`, CreationTime 2025-06-02 (migration), unchanged since 6/24 — not a 2026 deletion; the 6/29/2025 restore point needed for further check has been purged. Staging artifacts (~200 GB, removable after recovery decision): `C:\PST-Recovery\{PreDelete-0624, PostDelete-0624, authdiff, incidentdiff, acl-backup-scanned-20260701-072725.txt}`.
**Standing deletion audit (the "Mara audit log").** Object-access auditing (SACL: Everyone / Delete+DC / Success on `G:\Shares\Scanned`) feeds a daily scheduled task **`PST Deletion Report (Daily)`** → `C:\PST-Tools\PST-DeletionReport.ps1` (runs as SYSTEM, 06:30). It harvests Security events 4660/4663 into a per-day HTML report of who deleted / renamed / moved files under `G:\Shares\Scanned` (server + backup activity excluded; 90-day retention). This is the ongoing record Mara reviews for further deletions. **Report output location: `G:\Shares\Private\Partner Review\Legal Documents - DO NOT DELETE\_Deletion Reports`** — moved there 2026-07-02 (from the original `G:\Shares\Scanned\_Deletion Reports`); pre-change script backup at `C:\PST-Tools\PST-DeletionReport.ps1.bak-20260702`. Only `$OutDir` was repointed; the monitored root (`$Root = G:\Shares\Scanned`) is unchanged. PST-SERVER is reachable for this kind of change via GuruRMM (agent `87293069-...`) when the site VPN is down.
---
## Access
@@ -266,6 +268,7 @@ As of 2026-07-01 session end:
| 2026-06-14 | SERVER2 static IP set (192.168.1.5/24); timezone -> Mountain; stale .127 DNS records cleaned. Gate 4 DFS-R rebuilt clean with PST-SERVER G:\Shares PRIMARY and SERVER2 C:\Shares receiver; ~221/265 GB replicated. Session ended blocked: SERVER2 began flapping (NW site stability, not DFS). Gate 4 finish deferred. |
| 2026-06-29 | File-deletion investigation initiated. Stopped MSP360 backup, staged the 6/24 10:05 AM restore point. Mtime heuristic ruled out; restore-and-local-diff adopted as authoritative. |
| 2026-07-01 | Deletion-scope analysis complete: 47,749 files deleted since 6/24 10:05, ~93% duplicate cleanup, ~3,342 genuine recoverable. Incident window (10:05->12:05) had only 2 deletions. Glennda trigger = misspelled duplicate; canonical folder intact. Shelton check blocked (6/29/2025 restore point purged). Admin1/Admin2 NTFS hardening: removed incorrect Admin2-in-Admin1 nesting; Admin1 -> allow RX,W + DENY D,DC; Admin2 retained Full Control. ACL backup saved. |
| 2026-07-02 | Standing deletion audit operationalized: daily `PST Deletion Report` task (SACL 4660/4663 on G:\Shares\Scanned -> per-person HTML). Report output relocated to the legal/partner-review folder `G:\Shares\Private\Partner Review\Legal Documents - DO NOT DELETE\_Deletion Reports` (backup of the script kept). Change made via GuruRMM (site VPN was down); validated by a test run (report written, 6 items). |
---

View File

@@ -32,7 +32,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 |
| [Rednour Law Offices](clients/rednour.md) | Law firm (break-fix/T&M, prepay 0); M365 rednourlaw.com (tenant 4a4ca18a) onboarded, 5 ComputerGuru SPs consented, no MDE license; 3 Win workstations GuruRMM-enrolled (all RED, prior MSP agents pending removal) — **all three now on Win 11** (LEGALASST + Carrie/REDNOURCARRIEVI upgraded 2026-06-29); REDNOURCARRIEVI hosts the firm's peer-to-peer SMB shares (Nick's Mac access done 2026-06-25); **Carrie's Win11 upgrade root cause = corrupt download (`ks.sys` 0x80070570 -> SAFE_OS 0x8007000D); fixed via fresh Media Creation Tool media — done in-shop, build 26200**; GuruRMM **works** on the Windows boxes (earlier "not working" disproved); macOS RMM agent still won't enroll (site code-vs-UUID bug, coord 6f2d22be); `endpointprotection.exe` = Datto AV (Defender RTP off by design); #32368 invoiced #67912 $669.55 (Nick = no charge); plaintext local-account creds from Syncro notes vaulted (clients/rednour/local-accounts) | 2026-06-30 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-01 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-02 |
| [Patriot Internal Medicine](clients/patriot-internal-medicine.md) | Medical practice, two locations (Tucson + Sonoita); GuruRMM client+sites provisioned 2026-06-18 (Tucson: NORTH-WOLF-6270, Sonoita: LIGHT-HARBOR-9617); no agents deployed yet; enrollment keys vaulted; infrastructure discovery pending | 2026-06-18 |
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |
| [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |