sync: auto-sync from GURU-5070 at 2026-05-24 19:43:29

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-24 19:43:29

session-logs/2026-05-24-wiki-layer.md

@@ -186,3 +186,102 @@ GuruRMM required significant corrections. The BB-SERVER and RECEPTIONIST-PC lagg
 - Wiki root: `wiki/`
 - GuruRMM API agents endpoint: `GET http://172.16.3.30:3001/api/agents` (JWT required)
 - Coord message to Howard: ID `33d1576d-02d2-4940-8e97-7d8c5140e8c0`
+
+---
+
+## Update: ~17:30 PT — Wiki seeding continued (Dataforth, 11 more clients)
+
+### Session Summary
+
+Continued wiki seeding pass. Verified all previously seeded articles against live data and Mike's corrections, then seeded 13 additional articles across clients and projects.
+
+Dataforth Corporation and the dataforth-dos project were seeded together via a single agent that read 23 client session logs, 15 docs, 10 project session logs, CONTEXT.md, and 7 memory files. The resulting articles are among the most detailed in the wiki: 278 lines for the client (64 DOS test stations, full contact table, all server IPs, M365/CA policy IDs, security incident history, GuruRMM enrollment workaround) and 474 lines for the project (pipeline architecture diagram, PostgreSQL schema, FAIL→PASS retest rule, H-prefix decode table, full security incident timeline with IC3 submission ID, D2TESTNAS role, Neptune SBR routing, Hoffman API endpoints). Mike reviewed both and confirmed they looked correct.
+
+Instrumental Music Center and Valley Wide Plastering were seeded in parallel. IMC surfaced a critical SQL instance naming trap (SQL Server 2019 Standard installed as `SQLEXPRESS` — not the Express edition) and a phantom DC (`ServerIMC` 192.168.0.63) causing intermittent slow logons. Valleywide surfaced a VB6/Access 97 app modernization project with 130 tables and 791 Crystal Reports, plus a certified payroll legal requirement that constrains the rewrite approach.
+
+Nine more client articles were seeded in a second parallel batch: internal-infrastructure, peaceful-spirit, cryoweave, glaztech, pavon, grabb-durando, stamback-septic, sombra-residential, birth-biologic. Several critical findings emerged: Neptune's Let's Encrypt cert expires 2026-05-31 and DkimSigner is currently disabled (unsigned outbound mail). Grabb & Durando's README contains a plaintext database password. Sombra Residential's "Server2013" is actually Windows Server 2012 (EOL Oct 2023), unpatched and on the network. Glaz-Tech had two phishing campaigns bypass MailProtector via a secondary MX record — both fixed, but no MFA enforcement is in place.
+
+### Key Decisions
+
+- **Live API verification before documenting fleet state** — queried `GET /api/agents` with JWT to get the authoritative agent list. Confirmed BB-SERVER and RECEPTIONIST-PC are on 0.6.38 (laggard note was stale within the same day). Full 12-client list written to gururmm.md from live data.
+- **Batch small clients into parallel agent runs** — clients with 1-3 session logs were grouped (3-4 per agent) to minimize total wall-clock time while keeping article quality high.
+- **Dataforth + dataforth-dos seeded as a single agent pass** — the two articles share heavy source overlap (same session logs, same memory files). One agent reading everything once is cheaper than two agents redundantly reading the same files.
+- **Neptune cert urgency flagged in commit message** — expiry 2026-05-31 is days away; surfaced in commit subject so it appears in git log without needing to open the article.
+
+### Problems Encountered
+
+- **Push rejected (fetch first) — 3 occurrences** — remote had incoming commits between local commit and push each time (sync from another session or machine). Resolved with `git pull --rebase && git push` each time.
+- **Coord message parse failure on em dash** — inline JSON with `—` in subject field caused "error parsing body". Resolved by writing JSON to `/tmp/coord_msg.json` and using `-d @/tmp/coord_msg.json`.
+
+### Configuration Changes
+
+**Created (wiki articles):**
+- `wiki/clients/dataforth.md` (278 lines)
+- `wiki/projects/dataforth-dos.md` (474 lines)
+- `wiki/clients/instrumental-music-center.md`
+- `wiki/clients/valleywide.md`
+- `wiki/clients/internal-infrastructure.md`
+- `wiki/clients/peaceful-spirit.md`
+- `wiki/clients/cryoweave.md`
+- `wiki/clients/glaztech.md`
+- `wiki/clients/pavon.md`
+- `wiki/clients/grabb-durando.md`
+- `wiki/clients/stamback-septic.md`
+- `wiki/clients/sombra-residential.md`
+- `wiki/clients/birth-biologic.md`
+
+**Modified:**
+- `wiki/index.md` — Clients and Projects tables expanded; Cross-Reference expanded; compilation queue updated
+- `wiki/projects/gururmm.md` — Fleet state corrected; enrolled client list expanded from 4 to 12 clients
+- `wiki/overview.md` — Fleet count and client table updated
+- `wiki/clients/cascades-tucson.md` — Syncro contact rule globalized
+- `.claude/memory/feedback_syncro_cascades_contact.md` — narrowed to incident detail only
+- `.claude/memory/MEMORY.md` — index entry updated
+
+### Credentials & Secrets
+
+- GuruRMM API JWT obtained from vault (`infrastructure/gururmm-server.sops.yaml`) for fleet verification. Not stored. No new credentials created.
+- **[ACTION]** Grabb & Durando: plaintext DB password found in `clients/grabb-durando/website-migration/README.md` — needs to be moved to vault.
+
+### Infrastructure & Servers
+
+**Dataforth (verified from session logs):**
+- AD1 192.168.0.27 (primary DC, C: at 90% — critical)
+- AD2 192.168.0.6 (testdatadb, PostgreSQL, firewall disabled)
+- D2TESTNAS 192.168.0.9 (SMB1 bridge, Neptune host)
+- SAGE-SQL 192.168.0.153 (Sage ERP + RDS)
+- UDM 192.168.0.254 (C2 iptables not persistent)
+- M365 tenant: dataforth.com, ID `7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584`
+
+**ACG Internal (from internal-infrastructure article):**
+- Neptune Exchange cert (Let's Encrypt) expires **2026-05-31** — urgent
+- Neptune DkimSigner currently DISABLED — outbound mail unsigned
+- Cloudflare tunnel deployed on Jupiter (Cox BGP workaround) — 9 hostnames tunneled
+- `rmm-api.azcomputerguru.com` must remain grey-cloud (WebSocket)
+
+**Peaceful Spirit:** PST-SERVER 192.168.0.2, UCG WAN 98.190.129.150
+**Glaztech:** M365 tenant ID `82931e3c-de7a-4f74-87f7-fe714be1f160`, Syncro ID 143932
+
+### Pending / Incomplete Tasks
+
+- **Neptune cert renewal — URGENT** — Let's Encrypt cert expires 2026-05-31. Days away.
+- **Neptune DkimSigner** — currently disabled; outbound mail unsigned. Re-enable after cert renewal.
+- **Grabb & Durando plaintext password** — vault it from `clients/grabb-durando/website-migration/README.md`
+- **C2 iptables on Dataforth UDM** — not persistent; add 80.76.49.18 and 45.88.91.99 to UniFi UI permanently
+- **Glaztech MFA rollout** — service account auth audit required first; do not enable Security Defaults yet
+- **Sombra Residential Server2013** — actually WS2012 EOL; present EOL recommendation to client
+- **Stamback Septic Syncro duplicate** — possible second record 34021422; investigate
+- **BirthBiologic SharePoint migration** — SPMT completion unconfirmed; check status
+- **Pavon Nextcloud migration** — deferred to 3–6 month window; OwnCloud data dir at 74% capacity
+- **NPM stale proxy** — `rmm-api.azcomputerguru.com → 172.16.3.20:3001` should be `.30:3001`
+- **Wiki — remaining unseeded clients:** kittle, anaise, khalsa, bg-builders, evs, furrier, horseshoe-management, kittle-design, scileppi-law, western-tire, lens-auto-brokerage, at-trebesch, sandteko-machinery, mvan-inc
+- **Wiki — unseeded projects:** discord-bot, radio-show, msp-pricing
+- **Wiki — systems:** neptune, d2testnas still in compilation queue
+
+### Reference Information
+
+- Commits this update: `85e8342`/`63109d9` (Dataforth), `da40eeb`/`b583aee` (IMC + Valleywide), `32f64a9` (9 clients)
+- GuruRMM live fleet: 55 agents, 12 clients, 40/55 on v0.6.38
+- Dataforth DOS pipeline stats: 469K records, 458.5K live, daily task 02:30 AM
+- Dataforth IC3 submission: `1c32ade367084be9acd548f23705736f`
+- Neptune cert expiry: 2026-05-31 (Let's Encrypt)