sync: auto-sync from HOWARD-HOME at 2026-06-16 07:44:03

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-16 07:44:03

clients/cascades-tucson/session-logs/2026-06/2026-06-15-howard-cascades-wifi-rf-audit.md

@@ -502,3 +502,24 @@ NEW channel-plan.sh <site> ng|na [--apply] (NEIGHBOR_JSON + SURVEY_JSON):
 SKILL now: WiFi (monitor+tune+full apply+device-lock+client/device control+channel-plan) + switch/PoE
 audit + gateway/WAN/site-health + multi-client. ROADMAP nearly clear (deeper firewall/VPN policy +
 per-client AP creds/VPN remain). Coord: this msg.
+
+---
+
+## Update: 2026-06-16 07:44 PT — robustness (ROADMAP D): monitor-run.sh + per-AP retry; gw-audit pfSense fix
+
+Synced first to pick up Mike's gw-control.sh (eb87710, firewall/port-forward router actions — the
+"deeper firewall/VPN policy" item; no dup with my robustness work).
+
+NEW scripts/monitor-run.sh <site|all> — cron-friendly controller-side read-only fleet health digest:
+per site -> gateway/WAN flags + switch/PoE flags + WiFi config flag count. Validated Sonoran (healthy)
++ Cascades (flags 2 disc APs / 3 disc switches / underspeed / firmware). Cron 'all' nightly.
+
+VPN-flap resilience: neighbor-collect / survey-collect / dfs-check now RETRY per AP (3x, capture-to-var
+so a failed attempt never appends partial data; dfs-check distinguishes UNREACHABLE vs no-events).
+Validated neighbor-collect end-to-end (reachable 74/74, redundancy 73/74, JSON 74 APs - identical).
+
+Fix: gw-audit no longer false-flags internet status=unknown on third-party-firewall sites (gated on num_gw).
+
+SKILL.md + ROADMAP updated (D items done). Skill is feature-complete for monitoring+tuning+apply across
+WiFi/switch/gateway, multi-client, with scheduling + flap resilience. Remaining: per-client AP creds/VPN,
+read-only cred (Mike to create UI admin), gateway VPN-server/DHCP-DNS (Mike). Coord: this msg.