diff --git a/clients/cascades-tucson/session-logs/2026-06/2026-06-15-howard-cascades-wifi-rf-audit.md b/clients/cascades-tucson/session-logs/2026-06/2026-06-15-howard-cascades-wifi-rf-audit.md index c6c9a5e..479105f 100644 --- a/clients/cascades-tucson/session-logs/2026-06/2026-06-15-howard-cascades-wifi-rf-audit.md +++ b/clients/cascades-tucson/session-logs/2026-06/2026-06-15-howard-cascades-wifi-rf-audit.md @@ -612,3 +612,27 @@ is unchanged from earlier in this log. + `easyrule`-equivalent. 3. Live validation pending a reachable pfSense (stable site VPN; mind the home-LAN .0.x shadow that currently masks Cascades pfSense from Howard-Home). Coordinate the build with Mike (his §E). + +## Update: 14:30 PT (2026-06-16) — pfSense compat layer built, then put ON HOLD (pfSense too old) + +Built the pfSense gateway compatibility layer per Howard's decision (REST API package backend, dispatch +INSIDE the existing gateway verbs — Mike's §E lean): +- NEW `scripts/pfsense-backend.sh` — pfSense REST API driver (`pfSense-pkg-RESTAPI` v2, `X-API-Key`), + same verbs as gw-control (audit, pf-list/disable/enable/delete/set-ports, fw-list/disable/enable, + block-ips) + a `setup` helper. Writes `--apply`-gated, per-object rollback to `.claude/tmp/`, calls + `firewall/apply`. +- `gw-audit.sh` + `gw-control.sh` auto-dispatch to it when `num_gw=0` AND a `clients//pfsense-api` + cred is vaulted (or `--pfsense `). Minimal diff to Mike's files (he edits them concurrently). +- SKILL.md `[PROPOSED]`->`[SCAFFOLDED]`; ROADMAP §E open decisions marked resolved. Committed `1118594`, + lock released, Mike notified (msg `f0c442cf`). +- Tested: syntax + setup/BLOCKED/no-cred paths + live `gw-audit cascades` (num_gw=0 -> pfSense hint, + gating correct). NOT live-tested: the actual REST calls. + +**BLOCKER / ON HOLD (Howard):** the RESTAPI package is third-party and the **Cascades pfSense is too old +to install it** — it needs a **firmware upgrade first**. Live work is ON HOLD until the pfSense is upgraded. +Tried to vault the API key but none exists yet (package not installed); pfSense host = `192.168.0.1` +(web cred already at `clients/cascades-tucson/pfsense-firewall`). Also note `192.168.0.1` is shadowed from +Howard-Home by the home UniFi `.0.0/24` overlap, so first live validation must run from/through Cascades. + +Filed coord todo (project unifi-wifi): upgrade Cascades pfSense -> install RESTAPI -> mint key -> vault +`clients/cascades-tucson/pfsense-api` -> first live `gw-audit cascades`. Resume trigger + steps in ROADMAP §E.