diff --git a/.claude/commands/wiki-compile.md b/.claude/commands/wiki-compile.md index 6d678b76..d4ba97da 100644 --- a/.claude/commands/wiki-compile.md +++ b/.claude/commands/wiki-compile.md @@ -7,17 +7,29 @@ Seed new wiki articles or refresh existing ones from session logs, client docume ## Usage ``` -/wiki-compile client: Seed or refresh a client wiki article -/wiki-compile client: --full Force full recompile of existing article (Sonnet synthesis) +/wiki-compile client: UPDATE an existing article (fast, incremental) or seed a new one +/wiki-compile client: --full REBUILD: full re-synthesis from ALL sources (Sonnet, slow) +/wiki-compile client: --syncro Syncro dynamic fields only (hours/tickets) — instant, no LLM /wiki-compile project: Compile a project wiki article (no Syncro) /wiki-compile system: Compile a system wiki article (no Syncro) /wiki-compile all Process all missing + stale articles ``` **Mode auto-detection:** -- If `wiki/clients/.md` **does not exist** → **Seed mode** (full synthesis, Sonnet subagent) -- If `wiki/clients/.md` **exists** and no `--full` flag → **Refresh mode** (surgical update of dynamic fields only, no subagent) -- `--full` flag → **Full recompile** (Sonnet synthesis, preserves existing Patterns/History) +- If `wiki/clients/.md` **does not exist** → **Seed mode** (full synthesis, Sonnet subagent). +- If it **exists** and no flag → **Update mode** (fast, incremental — the default; see below). +- `--full` → **Rebuild** (full Sonnet re-synthesis from ALL sources; preserves Patterns/History). +- `--syncro` → **Syncro-only refresh** (dynamic fields only; instant, no LLM). + +**Update vs Rebuild — why update is fast (this is the point).** A **Rebuild** (`--full`) reads +*every* session log for the client and regenerates the *entire* article with a Sonnet subagent — +correct, but slow and expensive, and wasteful when only one thing changed. **Update** reads ONLY +the session logs dated after the article's `last_compiled` (usually 1–3 files, often zero) plus the +current article, and applies a few **surgical section edits** — new History rows, and targeted +edits to any section a new log actually changes — leaving the rest of the article byte-for-byte +untouched. Small input + small output + no full-article Sonnet pass = typically many times faster. +Reach for `--full` only when the article structure has drifted, sections are stale/wrong, or you +want a periodic clean rebuild. For "I just did some work, capture it," use plain update. --- @@ -65,12 +77,21 @@ esac if [ ! -f "$CLAUDETOOLS_ROOT/$ARTICLE_PATH" ]; then MODE="seed" elif [ "$FULL_FLAG" = "--full" ]; then - MODE="full" + MODE="full" # rebuild — full Sonnet re-synthesis +elif [ "$FULL_FLAG" = "--syncro" ]; then + MODE="syncro" # Syncro dynamic fields only else - MODE="refresh" + MODE="update" # default: fast incremental knowledge merge fi echo "[INFO] Mode: $MODE | Target: $TARGET_TYPE:$SLUG" + +# For update mode, read the article's last_compiled so Phase 3 can select only newer logs. +LAST_COMPILED="" +if [ "$MODE" = "update" ]; then + LAST_COMPILED=$(sed -n 's/^last_compiled:[[:space:]]*//p' "$CLAUDETOOLS_ROOT/$ARTICLE_PATH" | head -1) + echo "[INFO] Update since last_compiled=${LAST_COMPILED:-unknown}" +fi ``` --- @@ -244,6 +265,28 @@ SOURCE_COUNT=$(echo "$ALL_SOURCES" | grep -c '^' || echo 0) echo "[INFO] Found $SOURCE_COUNT source files" ``` +**Update mode — narrow to NEW sources only (this is the speedup).** In update mode, do NOT read +the full source set. Select only the logs the article has not yet incorporated: a source is "new" +if its filename date is **after** `LAST_COMPILED`, **or** it is not already listed in the article's +frontmatter `sources:`. Read only those. + +```bash +if [ "$MODE" = "update" ]; then + # existing sources already folded into the article + EXISTING_SRC=$(awk '/^sources:/{f=1;next} /^[^ -]/{f=0} f&&/^[[:space:]]*-/{sub(/^[[:space:]]*-[[:space:]]*/,"");print}' "$CLAUDETOOLS_ROOT/$ARTICLE_PATH") + NEW_SOURCES=$(echo "$ALL_SOURCES" | while read -r f; do + [ -z "$f" ] && continue + # (a) not yet in the article's sources list? + if ! grep -qxF "$f" <<<"$EXISTING_SRC"; then echo "$f"; continue; fi + # (b) filename carries a YYYY-MM-DD newer than last_compiled? + d=$(echo "$f" | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}' | head -1) + if [ -n "$d" ] && [ -n "$LAST_COMPILED" ] && [ "$d" \> "$LAST_COMPILED" ]; then echo "$f"; fi + done | sort -u | grep -v '^$') + NEW_COUNT=$(echo "$NEW_SOURCES" | grep -c '^' || echo 0) + echo "[INFO] Update: $NEW_COUNT new source(s) since ${LAST_COMPILED:-unknown}" +fi +``` + If `SOURCE_COUNT == 0` and no Syncro data: warn and stop. ``` [ERROR] No session logs and no Syncro data found for '${SLUG}'. Cannot compile. @@ -254,7 +297,40 @@ If `SOURCE_COUNT == 0` and no Syncro data: warn and stop. ## Phase 4 — Article Generation -### Refresh Mode (existing article, no --full) +### Update Mode (existing article, default) — fast incremental + +Fold only what changed since the last compile. **Do NOT re-synthesize the whole article and do +NOT spawn a Sonnet subagent.** Two parts: + +**Part A — Syncro dynamic fields** (the three surgical edits documented under *Syncro-only Refresh* +below): hours remaining, Active Work ticket list, and frontmatter (`last_compiled`, `compiled_by`). + +**Part B — Incremental knowledge merge** — run ONLY if `NEW_COUNT > 0` (new logs from Phase 3): +1. Read the full text of the `NEW_SOURCES` logs **and the current article**. Do NOT read the full + historical log set — that is what makes this fast. +2. Apply **targeted edits** for what those new logs actually establish: + - **Always:** add one dated row per material change to **History Highlights** (chronological). + - **Infrastructure** — add/adjust a row for any new or removed host, IP, service, or key path. + - **Access** — add any new vault path or access route (vault path only, never the secret). + - **Patterns & Known Issues** — add a genuinely new recurring issue, or mark an existing one + resolved if a new log shows it fixed. + - Touch **only** the sections a new log changes; leave every other byte of the article intact. +3. The delta is small, so **the main agent applies these edits directly** (Edit tool), or delegates + only the prose wording to Ollama Tier-0 / `haiku` and reviews it. Follow the same Hard Rules + (Syncro authoritative for billing; never inline secrets; never invent vault paths). +4. Append the `NEW_SOURCES` paths to frontmatter `sources:` (dedup). + +If `NEW_COUNT == 0`: there is nothing new to fold — Part A (Syncro refresh) is the whole update. + +Emit: +``` +[OK] Update complete for wiki/clients/.md + - New logs folded: (since ) + - Sections touched: History[, Infrastructure, Access, Patterns] | none (Syncro-only) + - Syncro: hours , tickets +``` + +### Syncro-only Refresh (`--syncro`) — instant, no LLM Perform surgical updates only. No Ollama call. Three edits: @@ -298,7 +374,7 @@ After edits, emit: - Sources: ${SOURCE_COUNT} files tracked ``` -### Seed Mode / Full Recompile — Claude Synthesis (Sonnet subagent) +### Seed Mode / Rebuild (`--full`) — Claude Synthesis (Sonnet subagent) Prepare the synthesis context by reading the most relevant source files. For session logs, read the full content of client-specific logs and the first 200 lines of root session logs (to avoid overwhelming the prompt). For full recompile, also read the existing article. @@ -447,4 +523,7 @@ When invoked as `/wiki-compile all`: - **Never invent vault paths.** If a credential is not mentioned in session logs, write "(verify)" in the Access section. - **Never populate Infrastructure tables with placeholder rows.** Only include servers/services that appear in session logs or Syncro assets. - **Syncro contacts are ground truth for the Profile section.** Do not override with session log guesses if the contact name differs. -- **Refresh mode never touches Patterns or History.** Those sections require human review or `--full`. +- **Syncro-only refresh (`--syncro`) never touches Patterns or History.** It edits dynamic fields only. +- **Update mode may ADD to History (always) and may add/adjust Infrastructure, Access, and Patterns** + strictly from the NEW logs — it never rewrites or removes existing prose. Wholesale re-synthesis + (rewriting existing sections, reconciling contradictions across the full history) is `--full` only. diff --git a/wiki/clients/peaceful-spirit.md b/wiki/clients/peaceful-spirit.md index 009e66a5..4b34cd89 100644 --- a/wiki/clients/peaceful-spirit.md +++ b/wiki/clients/peaceful-spirit.md @@ -2,8 +2,8 @@ type: client name: peaceful-spirit display_name: Peaceful Spirit Therapeutic Massage -last_compiled: 2026-07-01 -compiled_by: GURU-5070/claude-main +last_compiled: 2026-07-02 +compiled_by: GURU-5070/claude-main (update: deletion-report location) sources: - clients/peaceful-spirit/session-logs/2026-05-10-recovered-setup-radius-authentication-for-vpn-access.md - clients/peaceful-spirit/session-logs/2026-05-10-session.md @@ -163,6 +163,8 @@ ACL root is `G:\Shares\Scanned`; permissions inherit to `@Clients` and subdirect A report that client files disappeared (trigger: the "Glennda" folder) prompted a staged restore-and-diff investigation. The 6/24 10:05 AM restore point was staged to `C:\PST-Recovery\PreDelete-0624` (~99 GB). Authoritative diff: **47,749 files deleted from @Clients since 6/24 10:05**; ~93% intentional duplicate cleanup (33,711 in folders labeled "duplicate DO NOT USE or delete"; ~10,696 in nested misfile-buckets A\A, D\A, P\O, H\I whose canonical client folders remain live). Genuine loss estimate: **~3,342 files**, recoverable via no-overwrite copy-back from staging (not yet executed — awaiting Mike/Mara approval; writes to live HIPAA data). The 10:05->12:05 PM window had only 2 deletions (Ballard, Kathy and Rivera, Anthony SOAP PDFs) — mass deletion occurred later. Glennda trigger: `EDWARDS, GLENDA` (single-N, 79 files, deleted) was a misspelled duplicate of the active canonical `EDWARDS, GLENNDA VA REFERRAL` (double-N, 127 files, live and growing). Shelton report: only 6 old Shelton files exist (2011–2015), loose in `S\`, CreationTime 2025-06-02 (migration), unchanged since 6/24 — not a 2026 deletion; the 6/29/2025 restore point needed for further check has been purged. Staging artifacts (~200 GB, removable after recovery decision): `C:\PST-Recovery\{PreDelete-0624, PostDelete-0624, authdiff, incidentdiff, acl-backup-scanned-20260701-072725.txt}`. +**Standing deletion audit (the "Mara audit log").** Object-access auditing (SACL: Everyone / Delete+DC / Success on `G:\Shares\Scanned`) feeds a daily scheduled task **`PST Deletion Report (Daily)`** → `C:\PST-Tools\PST-DeletionReport.ps1` (runs as SYSTEM, 06:30). It harvests Security events 4660/4663 into a per-day HTML report of who deleted / renamed / moved files under `G:\Shares\Scanned` (server + backup activity excluded; 90-day retention). This is the ongoing record Mara reviews for further deletions. **Report output location: `G:\Shares\Private\Partner Review\Legal Documents - DO NOT DELETE\_Deletion Reports`** — moved there 2026-07-02 (from the original `G:\Shares\Scanned\_Deletion Reports`); pre-change script backup at `C:\PST-Tools\PST-DeletionReport.ps1.bak-20260702`. Only `$OutDir` was repointed; the monitored root (`$Root = G:\Shares\Scanned`) is unchanged. PST-SERVER is reachable for this kind of change via GuruRMM (agent `87293069-...`) when the site VPN is down. + --- ## Access @@ -266,6 +268,7 @@ As of 2026-07-01 session end: | 2026-06-14 | SERVER2 static IP set (192.168.1.5/24); timezone -> Mountain; stale .127 DNS records cleaned. Gate 4 DFS-R rebuilt clean with PST-SERVER G:\Shares PRIMARY and SERVER2 C:\Shares receiver; ~221/265 GB replicated. Session ended blocked: SERVER2 began flapping (NW site stability, not DFS). Gate 4 finish deferred. | | 2026-06-29 | File-deletion investigation initiated. Stopped MSP360 backup, staged the 6/24 10:05 AM restore point. Mtime heuristic ruled out; restore-and-local-diff adopted as authoritative. | | 2026-07-01 | Deletion-scope analysis complete: 47,749 files deleted since 6/24 10:05, ~93% duplicate cleanup, ~3,342 genuine recoverable. Incident window (10:05->12:05) had only 2 deletions. Glennda trigger = misspelled duplicate; canonical folder intact. Shelton check blocked (6/29/2025 restore point purged). Admin1/Admin2 NTFS hardening: removed incorrect Admin2-in-Admin1 nesting; Admin1 -> allow RX,W + DENY D,DC; Admin2 retained Full Control. ACL backup saved. | +| 2026-07-02 | Standing deletion audit operationalized: daily `PST Deletion Report` task (SACL 4660/4663 on G:\Shares\Scanned -> per-person HTML). Report output relocated to the legal/partner-review folder `G:\Shares\Private\Partner Review\Legal Documents - DO NOT DELETE\_Deletion Reports` (backup of the script kept). Change made via GuruRMM (site VPN was down); validated by a test run (report written, 6 items). | --- diff --git a/wiki/index.md b/wiki/index.md index 70abb938..5474937e 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -32,7 +32,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 3–6 months | 2026-05-24 | | [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 | | [Rednour Law Offices](clients/rednour.md) | Law firm (break-fix/T&M, prepay 0); M365 rednourlaw.com (tenant 4a4ca18a) onboarded, 5 ComputerGuru SPs consented, no MDE license; 3 Win workstations GuruRMM-enrolled (all RED, prior MSP agents pending removal) — **all three now on Win 11** (LEGALASST + Carrie/REDNOURCARRIEVI upgraded 2026-06-29); REDNOURCARRIEVI hosts the firm's peer-to-peer SMB shares (Nick's Mac access done 2026-06-25); **Carrie's Win11 upgrade root cause = corrupt download (`ks.sys` 0x80070570 -> SAFE_OS 0x8007000D); fixed via fresh Media Creation Tool media — done in-shop, build 26200**; GuruRMM **works** on the Windows boxes (earlier "not working" disproved); macOS RMM agent still won't enroll (site code-vs-UUID bug, coord 6f2d22be); `endpointprotection.exe` = Datto AV (Defender RTP off by design); #32368 invoiced #67912 $669.55 (Nick = no charge); plaintext local-account creds from Syncro notes vaulted (clients/rednour/local-accounts) | 2026-06-30 | -| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **June–July 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-01 | +| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **June–July 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-02 | | [Patriot Internal Medicine](clients/patriot-internal-medicine.md) | Medical practice, two locations (Tucson + Sonoita); GuruRMM client+sites provisioned 2026-06-18 (Tucson: NORTH-WOLF-6270, Sonoita: LIGHT-HARBOR-9617); no agents deployed yet; enrollment keys vaulted; infrastructure discovery pending | 2026-06-18 | | [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 | | [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |