diff --git a/wiki/clients/robert-wolkin.md b/wiki/clients/robert-wolkin.md
new file mode 100644
index 0000000..fe81ede
--- /dev/null
+++ b/wiki/clients/robert-wolkin.md
@@ -0,0 +1,81 @@
+---
+type: client
+name: robert-wolkin
+display_name: Robert Wolkin
+last_compiled: 2026-06-06
+compiled_by: GURU-5070/claude-main
+sources:
+  - (stub — created 2026-06-06 during Tailscale planning; no session logs yet)
+backlinks:
+  - patterns/tailscale-client-management
+---
+
+# Robert Wolkin
+
+> **STUB** — created 2026-06-06 to track the Tailscale rollout. Most profile fields are
+> not yet captured; fill in from Syncro / first session log. Do not treat `[unverified]`
+> fields as fact.
+
+## Profile
+
+- **Company type:** [unverified]
+- **Contract type:** [unverified]
+- **Key contacts:** Robert Wolkin — [contact details unverified]
+- **Environment:** Very small office — **two Windows machines**. Users are non-technical
+  (enroll/manage everything for them; no self-service login expected).
+- **Syncro customer ID:** [unverified]
+
+## Infrastructure
+
+### Tailscale (active rollout)
+
+Per [[patterns/tailscale-client-management]] — **dedicated client-owned tailnet, ACG holds
+Admin**. Minimum goal: the two machines reach each other.
+
+| Field | Value |
+|---|---|
+| Tailnet identity (IdP / owner account) | [to fill — Robert's M365/Google or dedicated admin account] |
+| Plan | [to fill — free tier functional; Starter ~$6/user/mo for commercial footing] |
+| ACG admin identity (your seat) | [to fill] |
+| Device tag | `tag:wolkin` (suggested) |
+| MagicDNS | [enable] |
+| Auth key (reusable, pre-approved, tagged) | store in vault: `clients/robert-wolkin/tailscale-authkey.sops.yaml` |
+| Key rotation due | [to fill — ~90 days from issue] |
+
+| Machine | Hostname | Tailscale 100.x | Notes |
+|---|---|---|---|
+| 1 | [to fill] | [to fill] | [to fill] |
+| 2 | [to fill] | [to fill] | [to fill] |
+
+Enrollment: push [`patterns/tailscale-client-enroll.ps1`](../patterns/tailscale-client-enroll.ps1)
+from GuruRMM with the auth key as a masked parameter.
+
+### Servers & Services / Email & Identity / Network
+
+Not yet documented. [unverified]
+
+## GuruRMM
+
+- **Client / site:** [unverified — create if/when agents are enrolled]
+
+## Access
+
+- **Vault path:** `clients/robert-wolkin/` (no entries yet)
+- **Syncro:** [unverified]
+
+## Active Work
+
+- **Tailscale rollout (2026-06-06):** Stand up Robert's tailnet, assign ACG as Admin, set
+  the `tag:wolkin` ACL + MagicDNS, generate a reusable/pre-approved tagged auth key, and
+  enroll both machines via the GuruRMM script. Goal: the two machines see each other.
+  Runbook in [[patterns/tailscale-client-management]].
+
+## History Highlights
+
+| Date | Event |
+|---|---|
+| 2026-06-06 | Tailscale client management pattern + enroll script authored; this client stub created to track the rollout. |
+
+## Backlinks
+
+- [[patterns/tailscale-client-management]] — MSP Tailscale management pattern + enroll script
diff --git a/wiki/index.md b/wiki/index.md
index ede65c4..72ba901 100644
--- a/wiki/index.md
+++ b/wiki/index.md
@@ -37,6 +37,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 | [Furrier / Desert Rat](clients/furrier.md) | Mike Furrier owner; desertrat.com on websvr/cPanel; DMARC p=reject + Mailprotector SBR fix applied 2026-04-21; tim@ is a forwarder (not a mailbox); Syncro ID 391491 | 2026-05-24 |
 | [Horseshoe Management](clients/horseshoe-management.md) | Property management; prepaid block 31.75 hrs remaining at $175/hr; APC Smart-UPS P.17 bypass relay fault cleared; repeat UPS failures suggest electrical issue; plaintext creds in Syncro notes — needs vault migration | 2026-05-24 |
 | [Kittle Design & Construction](clients/kittle-design.md) | Design & construction; M365 kittlearizona.com; breach confirmed (Alexis hidden inbox rule + duplicate Authenticator); broad OAuth consent revoked; Ken inbox rule unresolved; no Entra P1/P2 | 2026-05-24 |
+| [Robert Wolkin](clients/robert-wolkin.md) | STUB — very small office, 2 Windows machines, non-technical users; Tailscale rollout in progress (dedicated client tailnet, ACG holds Admin, `tag:wolkin`, goal = the two machines see each other); profile/Syncro unverified | 2026-06-06 |
 | [The Law Offices of Chris Scileppi](clients/scileppi-law.md) | Law firm; Syncro ID 9601863; Sylvia Mac mini (M2 8 GB) mail memory exhaustion; Mail disabled; on webmail; replacement Mac mini (M4 16/24 GB) pending order; GuruRMM enrollment blocked | 2026-05-24 |
 | [Western Tire](clients/western-tire.md) | Tire retail (jackfurriers.com brand); Mike Furrier owner (Syncro ID 391491); email migrated from websvr to IX 2026-04-22; 30 mailboxes; SSL cert expires 2026-05-30 | 2026-05-24 |
 | [Kittle (general contractor)](clients/kittle.md) | General contractor Tucson AZ; Syncro 32460233; HPE MicroServer Gen11 WS2025 EVAL at 10.0.0.5; no backups, no firewall; DKIM/DMARC missing; 3 plaintext creds in Syncro notes; GuruRMM onboarding 2026-05-08 | 2026-05-24 |