diff --git a/wiki/index.md b/wiki/index.md
index 8e2ebdb..49e4315 100644
--- a/wiki/index.md
+++ b/wiki/index.md
@@ -12,7 +12,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 
 | Article | Summary | Last Compiled |
 |---|---|---|
-| [Overview](overview.md) | State of the business: team, all clients, all projects, key infra, tooling — cold-start orientation doc | *(not yet compiled — run `/wiki-compile overview`)* |
+| [Overview](overview.md) | State of the business: team, all clients, all projects, key infra, tooling — cold-start orientation doc | 2026-05-24 |
 
 ## Clients
 
@@ -56,7 +56,6 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 
 | Scope | Priority | Notes |
 |---|---|---|
-| `overview` | High | Compile after systems are seeded; reads other wiki articles, not raw logs |
 | `system:neptune` | Low | neptune.acghosting.com, 172.16.3.11 internal / 67.206.163.124 external — Exchange Server 2016; ACG infrastructure physically colocated at Dataforth D2 facility; active mail server for multiple ACG-hosted clients; internal access requires routing through D2TESTNAS because Dataforth UDM runs a subnet that duplicates/overlaps ACG office LAN (172.16.x.x) — TODO: resubnet Dataforth UDM to eliminate overlap |
 | `client:birthbiologic` | Medium | GuruRMM enrolled (site BRIGHT-PEAK-5980) |
 | `client:key-paul` | Low | GuruRMM enrolled (KEY-MEDIA) |
diff --git a/wiki/overview.md b/wiki/overview.md
new file mode 100644
index 0000000..d033929
--- /dev/null
+++ b/wiki/overview.md
@@ -0,0 +1,167 @@
+---
+type: overview
+name: overview
+display_name: ClaudeTools Overview
+last_compiled: 2026-05-24
+compiled_by: DESKTOP-0O8A1RL/claude-main
+sources:
+  - wiki/clients/cascades-tucson.md
+  - wiki/projects/gururmm.md
+  - wiki/systems/gururmm-build.md
+  - wiki/systems/jupiter.md
+  - wiki/systems/pluto.md
+  - wiki/systems/uranus.md
+  - .claude/CLAUDE.md
+---
+
+# ClaudeTools Overview
+
+Cold-start orientation for Arizona Computer Guru LLC. Read this first. Follow backlinks into individual wiki articles for depth.
+
+---
+
+## Business
+
+**Arizona Computer Guru LLC** — managed service provider based in Tucson, AZ. Two-person operation. Primary business model: monthly MSP contracts + prepaid hour blocks. Side track: internal tooling developed for external productization (GuruRMM, GuruPSA).
+
+---
+
+## Team
+
+| Person | Handle | Role | Notes |
+|---|---|---|---|
+| Mike Swanson | mike | Owner / President / admin | Primary developer; runs GuruRMM dev, ClaudeTools, infrastructure |
+| Howard Enos | howard | Technician / employee | Field work, Cascades onsite, billing, client tickets; full system trust |
+
+Shared Gitea push account: `azcomputerguru`. Commits tracked by author (git config per machine).
+
+---
+
+## Clients
+
+| Client | Type | Status | Primary Project |
+|---|---|---|---|
+| [Cascades of Tucson](clients/cascades-tucson.md) | Prepaid block $175/hr | Active — dept-by-dept domain migration ongoing | Entra Connect staging, domain join, HIPAA compliance, M365 licensing |
+| BirthBiologic | MSP contract (assumed) | Active | GuruRMM site BRIGHT-PEAK-5980; BB-SERVER on 0.6.37 straggler |
+| Paul Key | MSP contract (assumed) | Active | GuruRMM site IRON-WOLF-5819 |
+
+**Cascades** is the highest-complexity engagement: single DC on aging Dell R610 hardware, HIPAA obligation, active multi-phase domain migration, and multiple open blocking items. See [[clients/cascades-tucson]] for full detail.
+
+BirthBiologic and Paul Key are monitoring-only in the wiki as of 2026-05-24 — articles not yet seeded.
+
+---
+
+## Internal Projects
+
+### GuruRMM
+
+[[projects/gururmm]] — Remote Monitoring & Management platform. Rust/Axum server + React dashboard + cross-platform Rust agent. Production-deployed. ~55 enrolled agents across client sites and ACG internal machines. Current version: **0.6.38** (2026-05-24).
+
+| Layer | URL / Location | Tech |
+|---|---|---|
+| API server | http://172.16.3.30:3001 / https://rmm-api.azcomputerguru.com | Rust, Axum |
+| Dashboard | https://rmm.azcomputerguru.com | React, TypeScript, Vite, shadcn/ui, Tailwind v4 |
+| Database | postgres://localhost:5432/gururmm on 172.16.3.30 | PostgreSQL 14 |
+| Gitea repo | http://172.16.3.20:3000/azcomputerguru/gururmm | active; `D:\claudetools\projects\msp-tools\guru-rmm` is a stale reference copy |
+| Build webhook | 172.16.3.30:9000 | webhook-handler.py → per-platform build scripts |
+| Windows builds | Pluto (172.16.3.36) | Rust MSVC + WiX v4 |
+
+Active development focus: tray IPC peer authorization, auto-update reliability for agents with flaky WebSockets, watchdog alerts UI (2 missing server routes), MSP360 management phase.
+
+Critical security backlog: `credentials/:id/reveal` (horizontal privilege escalation, HIGH) and `internal_err()` (~130 raw DB error exposures, HIGH).
+
+### ClaudeTools
+
+MSP work-tracking system and internal tooling platform. Production-ready.
+
+| Layer | URL / Location | Tech |
+|---|---|---|
+| API | http://172.16.3.30:8001 | FastAPI / Python |
+| Coord API | http://172.16.3.30:8001/api/coord | FastAPI (within ClaudeTools API) |
+| Database | MariaDB 10.6.22 @ 172.16.3.30:3306, DB: claudetools | MariaDB |
+| Schema | 95+ endpoints, 38 tables, JWT auth, AES-256-GCM encryption | — |
+
+Coord API is the live inter-session coordination layer — tracks project locks, component states, and cross-session messages. All Claude sessions check and write to it.
+
+---
+
+## ACG Infrastructure
+
+All systems reside on ACG office LAN (`172.16.x.x`). pfSense at 172.16.0.1 is the router, DNS server, and Tailscale subnet router for remote access.
+
+| System | IP | Role | Article |
+|---|---|---|---|
+| Jupiter | 172.16.3.20 | Unraid primary NAS; virsh host for all VMs; Docker: Gitea (:3000), NPM (:7818), Seafile (:8082) | [[systems/jupiter]] |
+| gururmm-build | 172.16.3.30 | Linux VM on Jupiter; GuruRMM API :3001, ClaudeTools API :8001, MariaDB :3306, PostgreSQL :5432, build pipeline :9000 | [[systems/gururmm-build]] |
+| Pluto / Claude-Builder | 172.16.3.36 | Windows Server 2019 VM on Jupiter; sole Windows MSI + cargo build server for GuruRMM | [[systems/pluto]] |
+| Uranus | 172.16.3.21 | Unraid secondary (Dell R730xd); OwnCloud archive storage only; RAM too low for any VM hosting | [[systems/uranus]] |
+| Neptune | 172.16.3.11 / 67.206.163.124 | Exchange Server 2016; ACG mail server for hosted clients; physically colocated at Dataforth D2 | *(article not yet seeded)* |
+| OwnCloud VM | 172.16.3.22 | OwnCloud (cloud.acghosting.com); storage backed by Uranus SMB share `Storage` | *(article not yet seeded)* |
+| Saturn | DECOMMISSIONED | Was 172.16.3.21; IP reused by Uranus, Apr 2026. Any "Saturn" reference in GuruRMM fleet is stale or actually Uranus. | — |
+
+**Neptune note:** ACG infrastructure physically located at Dataforth D2. Dataforth's UDM uses an overlapping 172.16.x.x subnet. Internal access to Neptune from the ACG office requires routing through D2TESTNAS. **TODO:** resubnet Dataforth UDM to eliminate the overlap.
+
+**Gitea internal URL:** Always use `http://172.16.3.20:3000` for API calls and curl. `git.azcomputerguru.com` is Cloudflare-fronted and blocks direct curl.
+
+---
+
+## Tooling & Stack
+
+| Tool | Purpose | Where |
+|---|---|---|
+| SOPS vault | Encrypted secrets storage; wraps age-encrypted YAML files | `D:/vault/` on Windows; vault.sh wrapper reads machine path from `.claude/identity.json` |
+| 1Password | Secondary credential store (service account in vault) | `op://Infrastructure/...` references |
+| Gitea | Self-hosted Git; all active repos | http://172.16.3.20:3000 |
+| GuruRMM | Agent deployment, command execution, fleet monitoring | https://rmm.azcomputerguru.com |
+| Syncro | PSA / ticketing / billing | External SaaS; API base documented in `.claude/REFERENCE.md` |
+| GrepAI | Semantic search over session logs, wiki, `.claude/` | `grepai.exe search` / MCP tools; indexes auto on file change |
+| Ollama | Local LLM — prose, summaries, classification; Tier 0 model routing | localhost:11434 (DESKTOP-0O8A1RL) / 100.92.127.64:11434 (Tailscale) |
+| Tailscale | Remote access and cross-machine LAN | Subnet router on pfSense (172.16.0.1) |
+
+---
+
+## Key URLs Quick Reference
+
+| Resource | URL |
+|---|---|
+| GuruRMM dashboard | https://rmm.azcomputerguru.com |
+| GuruRMM API (internal) | http://172.16.3.30:3001 |
+| ClaudeTools API | http://172.16.3.30:8001 |
+| Coord API | http://172.16.3.30:8001/api/coord |
+| Gitea (internal) | http://172.16.3.20:3000 |
+| NPM admin | http://172.16.3.20:7818 |
+| Unraid (Jupiter) | http://172.16.3.20 |
+| Unraid (Uranus) | http://172.16.3.21 |
+| OwnCloud | https://cloud.acghosting.com |
+
+---
+
+## Cross-Cutting Open Action Items
+
+These are open items that span multiple systems or clients, as of 2026-05-24. See individual articles for full detail.
+
+| Item | Priority | Owner | Reference |
+|---|---|---|---|
+| Fix NPM proxy: `rmm-api.azcomputerguru.com` still points to 172.16.3.20:3001; should be 172.16.3.30:3001 | High | Mike | [[systems/jupiter]] |
+| Verify and clean up "Saturn" GuruRMM agent entry | Medium | Mike | [[systems/uranus]], [[projects/gururmm]] |
+| Resubnet Dataforth UDM (eliminate 172.16.x.x overlap with ACG office LAN) | Medium | Mike | [[systems/gururmm-build]] (Neptune note) |
+| Cascades: exit Entra Connect from staging mode | High | Mike/Howard | [[clients/cascades-tucson]] |
+| Cascades: M365 relicensing (31 SPB seats time-sensitive) | High | Mike | [[clients/cascades-tucson]] |
+| Cascades: ALIS SSO — blocked on Medtelligent | Medium | Mike | [[clients/cascades-tucson]] |
+| Cascades: break-glass accounts + YubiKeys | Medium | Howard | [[clients/cascades-tucson]] |
+| Cascades: audit retention infra (LAW 90d + Storage 6yr) | Medium | Mike | [[clients/cascades-tucson]] |
+| GuruRMM: fix `credentials/:id/reveal` privilege escalation | High | Mike | [[projects/gururmm]] |
+| GuruRMM: fix `internal_err()` at ~130 call sites | High | Mike | [[projects/gururmm]] |
+| GuruRMM: auto-update reliability for BB-SERVER + RECEPTIONIST-PC | Medium | Mike | [[projects/gururmm]] |
+| Seed wiki articles: system:neptune, client:birthbiologic, client:key-paul | Low | — | wiki/index.md |
+
+---
+
+## Backlinks
+
+- [[clients/cascades-tucson]] — primary active client
+- [[projects/gururmm]] — primary active project
+- [[systems/jupiter]] — Unraid primary, VM host
+- [[systems/gururmm-build]] — GuruRMM + ClaudeTools API host
+- [[systems/pluto]] — Windows build server
+- [[systems/uranus]] — OwnCloud storage node