docs(wiki): add Robert Wolkin client stub for Tailscale rollout

Stub client article (two-machine, non-technical office) tracking the
dedicated-tailnet rollout per the Tailscale client-management pattern.
Indexed under wiki Clients; profile/Syncro fields marked unverified.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

wiki/clients/robert-wolkin.md

@@ -0,0 +1,81 @@
+---
+type: client
+name: robert-wolkin
+display_name: Robert Wolkin
+last_compiled: 2026-06-06
+compiled_by: GURU-5070/claude-main
+sources:
+  - (stub — created 2026-06-06 during Tailscale planning; no session logs yet)
+backlinks:
+  - patterns/tailscale-client-management
+---
+
+# Robert Wolkin
+
+> **STUB** — created 2026-06-06 to track the Tailscale rollout. Most profile fields are
+> not yet captured; fill in from Syncro / first session log. Do not treat `[unverified]`
+> fields as fact.
+
+## Profile
+
+- **Company type:** [unverified]
+- **Contract type:** [unverified]
+- **Key contacts:** Robert Wolkin — [contact details unverified]
+- **Environment:** Very small office — **two Windows machines**. Users are non-technical
+  (enroll/manage everything for them; no self-service login expected).
+- **Syncro customer ID:** [unverified]
+
+## Infrastructure
+
+### Tailscale (active rollout)
+
+Per [[patterns/tailscale-client-management]] — **dedicated client-owned tailnet, ACG holds
+Admin**. Minimum goal: the two machines reach each other.
+
+| Field | Value |
+|---|---|
+| Tailnet identity (IdP / owner account) | [to fill — Robert's M365/Google or dedicated admin account] |
+| Plan | [to fill — free tier functional; Starter ~$6/user/mo for commercial footing] |
+| ACG admin identity (your seat) | [to fill] |
+| Device tag | `tag:wolkin` (suggested) |
+| MagicDNS | [enable] |
+| Auth key (reusable, pre-approved, tagged) | store in vault: `clients/robert-wolkin/tailscale-authkey.sops.yaml` |
+| Key rotation due | [to fill — ~90 days from issue] |
+
+| Machine | Hostname | Tailscale 100.x | Notes |
+|---|---|---|---|
+| 1 | [to fill] | [to fill] | [to fill] |
+| 2 | [to fill] | [to fill] | [to fill] |
+
+Enrollment: push [`patterns/tailscale-client-enroll.ps1`](../patterns/tailscale-client-enroll.ps1)
+from GuruRMM with the auth key as a masked parameter.
+
+### Servers & Services / Email & Identity / Network
+
+Not yet documented. [unverified]
+
+## GuruRMM
+
+- **Client / site:** [unverified — create if/when agents are enrolled]
+
+## Access
+
+- **Vault path:** `clients/robert-wolkin/` (no entries yet)
+- **Syncro:** [unverified]
+
+## Active Work
+
+- **Tailscale rollout (2026-06-06):** Stand up Robert's tailnet, assign ACG as Admin, set
+  the `tag:wolkin` ACL + MagicDNS, generate a reusable/pre-approved tagged auth key, and
+  enroll both machines via the GuruRMM script. Goal: the two machines see each other.
+  Runbook in [[patterns/tailscale-client-management]].
+
+## History Highlights
+
+| Date | Event |
+|---|---|
+| 2026-06-06 | Tailscale client management pattern + enroll script authored; this client stub created to track the rollout. |
+
+## Backlinks
+
+- [[patterns/tailscale-client-management]] — MSP Tailscale management pattern + enroll script