WRKLOG-2026-05-09

Summary

Saturday. Deep Don Quijote study session. Completed apertura study (opening paragraph anatomy — 5 sections, D2 diagram). Built contexto histórico (limpieza de sangre, el manco de Lepanto, mestizaje as novel’s DNA). Aristóteles retórica mapped to Quijote AND professional life. Expanded léxico cervantino to 12 categories. Narrative wrapping diagram for Chapters 23-35 (6 levels + collision). Active close reading of Chapter 33 (Curioso Impertinente) with inline grammatical and rhetorical analysis.

URGENT - All Domains

Professional Backlog

Carryover Backlog (CRITICAL)

Task	Details	Origin	Days	Status
MSCHAPv2 Migration Report	Report due. 6-sheet Standard Report (exec summary, trend, waves, device detail, stale, policy match). Sheet 6 added 05-14: policy match by protocol for removal planning + anonymous identity validation. Migration window 2026-05-04 to 2026-05-30. ~6,227 devices, 5 waves.	2026-04-17	49	P0 - DUE — run report this week
Abnormal Security — ✅ COMPLETE	CR-2026-05-07-abnormal-read-write. CAB approved 2026-05-12. Implemented successfully 2026-05-13. Read/write enabled for pilot group. Post-deployment validation pending.	2026-05-07	29	✅ IMPLEMENTED — post-validation pending
SIEM QRadar → Sentinel Migration	Lead role. Monad console error RESOLVED 2026-05-12 — secrets configured in CHLA production tenant. ISE secure syslog integration in progress — cert imported, remote logging target configured, streaming errors under investigation. Blocking: DCR not created (Rule ID + Stream Name). Azure private network policy unresolved. Victor + Mauricio action.	2026-04-10	56	P0 - ACTIVE — ISE syslog + DCR blocking
Monad Pipeline Evaluation	Sentinel output connector. Console error resolved. 3 of 6 values configured. Remaining: Endpoint URL (have it), Rule ID + Stream Name (need DCR). ISE Remote Logging Target configured 2026-05-18 — TLS cert imported, secure syslog target created. Streaming errors in Monad console under investigation.	2026-03-11	86	P0 - ACTIVE — ISE integration in progress
Guest Redirect ACL	Guest redirect ACL work needed. Related to Mandiant remediation findings.	2026-05-12	24	P0 - TODO
ISE Patch 10 (CVE-2026-20147 CVSS 9.9)	ISE 3.2 Patch 10. Supersedes Patch 9. 61 days on a CVSS 9.9 — schedule maintenance window. Write CR if needed.	2026-03-12	85	P0 - OVERDUE — schedule immediately
k3s NAT verification	NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity. 64 days — test this week or defer to Q3.	2026-03-09	88	P0 - BLOCKING — TRIAGE: schedule or defer
Wazuh indexer recovery	Restart pod after NAT confirmed working - SIEM visibility blocked. Blocked by k3s NAT — cannot proceed until above resolved.	2026-03-09	88	P0 - Blocked by k3s
Strongline Gateway VLAN fix	8 devices in wrong identity group (David Rukiza assigned)	2026-03-16	81	P0 - TODO
TCP Clocks deployment	ISE identity group validation, query outputs, comms with team. Active d001 data Apr 22-23.	2026-04-22	44	P0 - ACTIVE
IoT Dr. Kim — recurring	Sleep study devices (Apr 15-16), watches recurrence (Apr 22). 5 incident versions in d001. Validate iPSK enrollment.	2026-04-15	51	P0 - RECURRING
Murus Portae (WAF) — Phase 0	FMC cert expired, ACP returns zero rules. d001: zone map, architecture D2, FMC API reference, ops script.	2026-04-16	50	P0 - INVESTIGATING
Vocera EAP-TLS Supplicant Fix	~10 phones failing 802.1X, missing supplicant config. 61 days — schedule with clinical engineering team.	2026-03-12	85	P1 - TODO — schedule
ISE MnT Messaging Service	Enable "Use ISE Messaging Service for UDP syslogs delivery". 61 days — low risk, schedule with ISE Patch 10 maintenance window.	2026-03-12	85	P2 - BUNDLE with Patch 10

Professional backlog remains critical. Check Days column for priorities.

Personal Blockers

BLOCKERS — Fix Immediately

Task	Details	Origin	Days	Impact
Z Fold 7 Termux	gopass and SSH not working	2026-03-10	58	BLOCKER — Cannot access passwords on mobile
gopass v3 organization	Inconsistent structure, poor key-value usage	2026-03-20	48	Inefficient password management, no aggregation
Git history scrub — sensitive personal terms	Plaintext references to personal legal matters in committed worklogs (WRKLOG-2026-03-14, WRKLOG-2026-04-18). Forward-fixed but old commits still contain strings. Requires `git filter-repo` + force-push. See runbook below.	2026-04-22	15	SECURITY — sensitive terms in public git history

Runbook: Git History Scrub (d000 Personal Terms)

Problem: Two committed worklogs contained plaintext references to personal legal matters. The files have been edited (forward-fix), but git history retains the original text in prior commits.

Affected commits: Any commit touching these files:

# Identify affected commits
git log --oneline -- \
  docs/modules/ROOT/pages/2026/03/WRKLOG-2026-03-14.adoc \
  docs/modules/ROOT/pages/2026/04/WRKLOG-2026-04-18.adoc

Scrub procedure:

# 1. BEFORE: Full backup of the repo
cp -a ~/atelier/_bibliotheca/domus-captures ~/atelier/_bibliotheca/domus-captures.bak

# 2. Install git-filter-repo (if not present)
# Arch: pacman -S git-filter-repo
# pip: pip install git-filter-repo

# 3. Create expressions file for replacement
cat > /tmp/scrub-expressions.txt << 'EXPR'
regex:(?i)divorce==[REDACTED]
regex:(?i)dissolutio(?!n\.adoc\.age)==[REDACTED-LEGAL]
regex:(?i)iliana==[REDACTED-NAME]
regex:(?i)angulo-arreola==[REDACTED-NAME]
regex:legal-divorce-notes\.age==legal-notes.age
regex:1099-NEC-iliana==1099-NEC
EXPR

# 4. Verify before (dry run — count matches in history)
git log -p --all -S 'divorce' -- '*.adoc' | grep -c 'divorce' || echo "0 matches"
git log -p --all -S 'iliana' -- '*.adoc' | grep -c 'iliana' || echo "0 matches"

# 5. Run filter-repo (DESTRUCTIVE — rewrites all commit hashes)
git filter-repo --replace-text /tmp/scrub-expressions.txt --force

# 6. Verify after
git log -p --all -S 'divorce' -- '*.adoc' | grep -c 'divorce' || echo "0 matches — CLEAN"
git log -p --all -S 'iliana' -- '*.adoc' | grep -c 'iliana' || echo "0 matches — CLEAN"

# 7. Re-add remotes (filter-repo removes them)
git remote add origin git@github.com:<user>/domus-captures.git
# Add any other remotes (Gitea, etc.)

# 8. Force-push to all remotes (DESTRUCTIVE — overwrites remote history)
git remote | xargs -I{} git push {} main --force

# 9. Clean up
rm /tmp/scrub-expressions.txt
rm -rf ~/atelier/_bibliotheca/domus-captures.bak  # only after verifying

Post-scrub checklist:

Backup created before running
git filter-repo installed
Expressions file reviewed — no false positives (e.g., Don Quijote "Angulo el Malo" is in segunda-parte/texto/texto-011.adoc — the regex targets angulo-arreola specifically to avoid this)
Dry-run counts match expectations
Filter-repo executed
Post-scrub verification shows 0 matches
Remotes re-added
Force-pushed to all remotes
Cloudflare Pages rebuild verified
Local clones on other machines re-cloned or git fetch --all && git reset --hard origin/main
Backup removed

Life Admin

URGENT - Requires Immediate Action

Item Details Deadline Status Impact

Item	Details	Deadline	Status	Impact
Housing Search	Granada Hills area - apartments/rooms	TBD	In Progress	Quality of life, commute
2025 Tax — IRS Transcript Review	MFJ filed 2026-04-22. Pull IRS Return Transcript to verify contents. Consult attorney re: Form 8857 (Innocent Spouse Relief). Details in encrypted case file.	Before attorney meeting	In Progress	Financial — liability exposure. See `data/d000/personal/dissolutio/`
Rack Relocation	Physical move of server rack. CR written: CR-2026-04-18 (pending in infra-ops). Borg backup completed. VM XML dumps, switch save, shutdown/startup procedure documented.	TBD	Pending	Infrastructure downtime — all services offline during move
D000 Legal Planning	Encrypted case file: `data/d000/personal/dissolutio/`. Open: `dissolutio-open`. Close: `dissolutio-close`. 19 partials + assembler. PDF build for attorney handoff. Critical deadline: Jan 2029.	Before Jan 2029	Active — escalating	Life transition — see case file for details
Credit Report Review	Pull reports from all 3 bureaus via annualcreditreport.com. Verify no unknown joint accounts or debts. Credentials in gopass: `v3/personal/finance/credit/annual_credit_report`	TBD	In Progress	Financial discovery — FL-142 preparation
Gopass Security Audit	Rotate passwords on shared/known accounts. Add 2FA backup codes to `v3/personal/recovery/`. Create missing government entries (IRS, SSA, VA, DMV). Add `last_login` field to active entries.	TBD	Pending	Digital security — pre-filing preparation
Subscription Audit	Download 3 months bank/CC statements (Chase, NFCU, USAA). Identify all recurring charges. Cancel unnecessary. Document active subscriptions for FL-150.	TBD	Pending	Financial — expense documentation
401(k) Enrollment	Enroll in CHLA 401(k) immediately. Post-separation contributions are 100% separate property. Reduces gross income for support calculations. Max 2026: $23,500/yr.	In progress (started 5/4)	In Progress	Financial — support calculation + retirement

Housing Search

Granada Hills area - apartments/rooms

TBD

In Progress

Quality of life, commute

2025 Tax — IRS Transcript Review

MFJ filed 2026-04-22. Pull IRS Return Transcript to verify contents. Consult attorney re: Form 8857 (Innocent Spouse Relief). Details in encrypted case file.

Before attorney meeting

In Progress

Financial — liability exposure. See data/d000/personal/dissolutio/

Rack Relocation

Physical move of server rack. CR written: CR-2026-04-18 (pending in infra-ops). Borg backup completed. VM XML dumps, switch save, shutdown/startup procedure documented.

TBD

Pending

Infrastructure downtime — all services offline during move

D000 Legal Planning

Encrypted case file: data/d000/personal/dissolutio/. Open: dissolutio-open. Close: dissolutio-close. 19 partials + assembler. PDF build for attorney handoff. Critical deadline: Jan 2029.

Before Jan 2029

Active — escalating

Life transition — see case file for details

Credit Report Review

Pull reports from all 3 bureaus via annualcreditreport.com. Verify no unknown joint accounts or debts. Credentials in gopass: v3/personal/finance/credit/annual_credit_report

TBD

In Progress

Financial discovery — FL-142 preparation

Gopass Security Audit

Rotate passwords on shared/known accounts. Add 2FA backup codes to v3/personal/recovery/. Create missing government entries (IRS, SSA, VA, DMV). Add last_login field to active entries.

TBD

Pending

Digital security — pre-filing preparation

Subscription Audit

Download 3 months bank/CC statements (Chase, NFCU, USAA). Identify all recurring charges. Cancel unnecessary. Document active subscriptions for FL-150.

TBD

Pending

Financial — expense documentation

401(k) Enrollment

Enroll in CHLA 401(k) immediately. Post-separation contributions are 100% separate property. Reduces gross income for support calculations. Max 2026: $23,500/yr.

In progress (started 5/4)

In Progress

Financial — support calculation + retirement

Certification Deadlines

URGENT — Performance Review Certifications

Certification	Provider	Deadline	Status	Impact
CISSP	ISC² — Certified Information Systems Security Professional	July 12, 2026	ACTIVE — Week 2 of 10 (Project)	Required for performance review. 10-week accelerated plan.
RHCSA 9	Red Hat Certified System Administrator	Q3 2026	ACTIVE — 21-phase curriculum (Project)	After CISSP. Required for performance review.

Certification

Provider

Deadline

Status

Impact

CISSP

ISC² — Certified Information Systems Security Professional

July 12, 2026

ACTIVE — Week 2 of 10 (Project)

Required for performance review. 10-week accelerated plan.

RHCSA 9

Red Hat Certified System Administrator

Q3 2026

ACTIVE — 21-phase curriculum (Project)

After CISSP. Required for performance review.

CISSP: 41 days remaining (exam July 12). Domain 1 study in progress. Schedule exam today (06-01).

Early Morning - 5:30am

Regex Training (CRITICAL CARRYOVER)

Session 3 - Character classes, word boundaries
Practice drills from regex-mastery curriculum
Status: 52 days carried over (since 2026-03-16) — CRITICAL

Regex training continues to slip. This is the foundation for all CLI mastery.

Work (CHLA)

CHARGE TIME IN PEOPLESOFT - CRITICAL. Do this NOW before anything else.

PeopleSoft Time Entry Reference

Critical (P0)

Project	Description	Owner	Status	Due	Blocker
Linux Research (Xianming Ding)	EAP-TLS for Linux workstations, dACL, UFW	Evan	BEHIND (72 days overdue)	02-24	Certificate "password required" - nmcli fix documented
iPSK Manager	Pre-shared key automation	Ben Castillo	BEHIND	—	DB replication issues
MSCHAPv2 Migration	Legacy auth deprecation — 6,227 devices, 5 waves. 6 batch SQL queries + 3-API endpoint profile script added (05-11). Report due.	Evan	25% — Report due, batch queries ready	05-30	Report to turn in
Research Segmentation	All endpoints to Untrusted VLAN	Evan	BLOCKED	—	CISO decision pending
Disaster Recovery	ISE DR scoping — dot1x closed mode = total blackout	Evan	Scoping	—	—
Mandiant Remediation	Copy 4/16 findings, Guest ACL lab, Q2 assessment	Evan	Active	—	—
SIEM QRadar → Sentinel	Full SIEM platform transition. Monad console error resolved 05-12. Secrets configured. Blocked on DCR creation (Rule ID + Stream Name). Azure private network policy unresolved.	Evan	Active — blocked on DCR	Q2 2026	Victor/Mauricio: create DCR, resolve Azure network policy
Abnormal Security	AI email platform — ESA cutover. CR assigned, CAB May 12 15:00. Implementation May 14 10:00.	Evan	Active — CAB today 15:00	05-14	Pre-CAB checklist: confirm Tyler, Jason, Sarah

Project

Description

Owner

Status

Due

Blocker

Linux Research (Xianming Ding)

EAP-TLS for Linux workstations, dACL, UFW

Evan

BEHIND (72 days overdue)

02-24

Certificate "password required" - nmcli fix documented

iPSK Manager

Pre-shared key automation

Ben Castillo

BEHIND

—

DB replication issues

MSCHAPv2 Migration

Legacy auth deprecation — 6,227 devices, 5 waves. 6 batch SQL queries + 3-API endpoint profile script added (05-11). Report due.

Evan

25% — Report due, batch queries ready

05-30

Report to turn in

Research Segmentation

All endpoints to Untrusted VLAN

Evan

BLOCKED

—

CISO decision pending

Disaster Recovery

ISE DR scoping — dot1x closed mode = total blackout

Evan

Scoping

—

Mandiant Remediation

Copy 4/16 findings, Guest ACL lab, Q2 assessment

Evan

Active

—

SIEM QRadar → Sentinel

Full SIEM platform transition. Monad console error resolved 05-12. Secrets configured. Blocked on DCR creation (Rule ID + Stream Name). Azure private network policy unresolved.

Evan

Active — blocked on DCR

Q2 2026

Victor/Mauricio: create DCR, resolve Azure network policy

Abnormal Security

AI email platform — ESA cutover. CR assigned, CAB May 12 15:00. Implementation May 14 10:00.

Evan

Active — CAB today 15:00

05-14

Pre-CAB checklist: confirm Tyler, Jason, Sarah

High Priority (P1)

Project	Description	Owner	Status	Target
ISE 3.4 Migration	Upgrade from 3.2p9	Evan	Blocked — maintenance window needed	Q2 2026
Switch Upgrades	IOS-XE fleet update (C9300, 3560CX)	Evan	Pending	Q2 2026
Spikewell BYOD VPN	dACL SQL, AD group integration	Evan	Active	—
Strongline Gateway	MAC capture, Identity Group setup — 37 days aging	Evan	Active — David Rukiza assigned	—
Abnormal Security	AI email security platform research, ESA cutover timeline	Evan	Newly assigned	—
DMZ Migration	External services audit behind NetScaler	Evan	Audit phase	—
Firewall Audit (murus-portae)	EtherChannel query, prefilter, policy assignments	Evan	Scoping — ASA API creds needed	—
iPSK Manager HA	Server 2 config, TLS, SQL security audit	Evan	In progress	—
Sentinel KQL	Build proficiency, distinguish from team	Evan	Onboarding	—
VNC Blocking	Block and eliminate VNC protocol enterprise-wide	Evan	Active — Phase 0 (Discovery)	Mid-June 2026

Project

Description

Owner

Status

Target

ISE 3.4 Migration

Upgrade from 3.2p9

Evan

Blocked — maintenance window needed

Q2 2026

Switch Upgrades

IOS-XE fleet update (C9300, 3560CX)

Evan

Pending

Q2 2026

Spikewell BYOD VPN

dACL SQL, AD group integration

Evan

Active

—

Strongline Gateway

MAC capture, Identity Group setup — 37 days aging

Evan

Active — David Rukiza assigned

—

Abnormal Security

AI email security platform research, ESA cutover timeline

Evan

Newly assigned

—

DMZ Migration

External services audit behind NetScaler

Evan

Audit phase

—

Firewall Audit (murus-portae)

EtherChannel query, prefilter, policy assignments

Evan

Scoping — ASA API creds needed

—

iPSK Manager HA

Server 2 config, TLS, SQL security audit

Evan

In progress

—

Sentinel KQL

Build proficiency, distinguish from team

Evan

Onboarding

—

VNC Blocking

Block and eliminate VNC protocol enterprise-wide

Evan

Active — Phase 0 (Discovery)

Mid-June 2026

Strategic (P2)

Project	Description	Owner	Status
HHS Regulatory Compliance	New HHS security policies implementation	TBD	NOT STARTED
InfoSec Reporting Dashboard	PowerBI metrics for executives	TBD	NOT STARTED
EDR Migration (AMP → Defender)	Endpoint protection consolidation	TBD	NOT STARTED
Azure Legacy Migration	Modern landing zone	Team	In Progress
ChromeOS EAP-TLS	SCEP + Victor, Paul testing	Victor	In Progress

Project

Description

Owner

Status

HHS Regulatory Compliance

New HHS security policies implementation

TBD

NOT STARTED

InfoSec Reporting Dashboard

PowerBI metrics for executives

TBD

NOT STARTED

EDR Migration (AMP → Defender)

Endpoint protection consolidation

TBD

NOT STARTED

Azure Legacy Migration

Modern landing zone

Team

In Progress

ChromeOS EAP-TLS

SCEP + Victor, Paul testing

Victor

In Progress

Case Studies (March 2026)

TAC Cases:

TAC-2026-03 - 802.1X Auth Failures

Incidents:

Changes:

CR - Vault Backup SELinux

RCAs:

Today’s Priorities

P0 — Critical / Blocking

Security & Compliance

ISE 3.2 Patch 10 upgrade — CVE-2026-20147 CVSS 9.9 / CVE-2026-20148. Propose maintenance window once patch confirmed on software.cisco.com.
ISE Advisory sa-ise-rce-traversal-8bYndVrZ — check Patch 10 availability
Mandiant Remediation — findings status tracked. Working session prep + defensive posture documented (comms-2026-04-24). Copy 4/16 updates into Excel at work. Guest ACL lockdown (WIR-M-01) pending lab validation. appendix-todos updated with MSCHAPv2 milestones.
Guest ACL update — guest redirect ACL work needed. Lab validate GUEST_CWA_REDIRECT_MAX_SECURITY in d000, then joint CR with NE. On today’s task list.
Disaster Recovery & Downtime Procedures — ISE top priority (dot1x closed mode = SPOF for network access)
- ISE DR: Document failover sequence — PAN, MnT, PSN priority order
- ISE DR: RADIUS dead-server detection on WLCs/switches — critical-auth VLAN fallback
- ISE DR: Backup/restore procedures — scheduled config backups, tested restores
- FTD/FMC DR: FMC loss = no policy management
- Network DR: Core/distribution switch failure, STP reconvergence, HSRP failover
- Document RTO/RPO per system

SIEM Migration (QRadar → Sentinel)

SIEM QRadar → Sentinel Migration — LEAD ROLE. 4 collection iterations (Apr 16, 17, 17-streamlined, 20-streamlined). Python chart pipeline built (qradar-charts.py). Migration XLSX generated. Verification pending. Comms sent Apr 23.
- d001 artifacts: 8 JSON exports, 2 CSV inventories, migration XLSX, top5 source SVG/PNG, verification doc
- Dependency: Monad pipeline for log source transition
- Dependency: Sentinel KQL proficiency for query migration
Monad Pipeline Evaluation (origin: 2026-03-11) — lead role. Console error RESOLVED 05-12 — secrets configured in CHLA production tenant. Blocked on DCR creation (Rule ID + Stream Name). Azure private network policy unresolved. 10am call today 05-12.
Sentinel KQL — build proficiency, distinguish from team. Azure portal access acquired.
QRadar log source report — run AQL queries, fetch JSON, generate Python Excel

Active Deployments & Migrations

MSCHAPv2 Migration — Report due. 6-sheet Standard Report ready (Sheet 6: policy match by protocol added 05-14 for removal planning + anonymous identity validation on cert profiles). Migration window 5/4 – 5/30. 6,227 MSCHAPv2 devices, 14,249 EAP-TLS/TEAP (70% migrated). Focus: run Standard Report, turn in spreadsheet.
MSCHAPv2 weekly cadence — recurring Wednesday call established (first 04-22). Completed 2026-04-22.
MSCHAPv2 ownership matrix — sent in scoping email 4/24 with manager callouts (@Albert, @John). Completed 2026-04-24.
TCP Clocks deployment — new device added via ERS POST and confirmed (04-24). 7+ clocks validated. v2 query file with partials architecture. Revalidate full set — confirm no flapping.
SRT Research VLAN — confirm roles with Tony Sun: Tony implementor, Evan tester. CAB approved 04-21.
Downtime Computers enforcement — draft ISE AuthZ rule: medigate_724 + Wireless = DenyAccess. Separate CR. d001: DC queries, audit CSVs (v1-v3), wireless violations report delivered 04-21.
Enterprise Linux 802.1X — standardize Shahab/Ding deployment (CISO priority). Overdue since 02-24. Blocked by nmcli cert fix.
Abnormal Security — CR-2026-05-07-abnormal-read-write. CAB 05-12 approved, implementation 05-14. Jason Landeros implements, Evan presents. 06-01 update: Review Jihad’s policy mapping XLSX + Tyler’s Policy and Rules Migration doc before next call. Plan email migration expansion beyond security group to full environment — priority to move off ESA. Exchange rule considerations: external sender disclaimer (sender not company, outside org, not internal IP → prepend disclaimer).
- Team: Cox/William, Landeros/Jason, Rosado/Evan, Naranjo/Mauricio, Sandoval/Carlos

Tube System Upgrade (NEW — 06-01)

Tube System Upgrade — iTrack 3528165. 15x 10" TS stations need MAC addresses added to ISE identity group IoT_Onboard. MACs received from vendor (C8:1A:FE:20:xx:xx series). Station list spans ICU (CTICU, PICU, BMT, NICU, NICCU), ED, Surgery, Trauma, Pharmacy. Vendor contact: John Genest. Rationale: manufacturer no longer supports current system; failure risks delayed/missed patient care.

BMS Device Inventory (NEW — 04-24)

BMS Device Inventory — 72 devices discovered across 37 switches (04-24). Profile-driven architecture (Claroty/Medigate). 16 queries built. Phase 0 complete. Next: cross-reference with Visio diagrams, classify by function, begin D2 diagrams. Cleanup: delete 4 orphaned test groups, migrate 4 retire-dACL devices, investigate 3 null-profile devices.

VNC Blocking (NEW — 05-11)

VNC Blocking — block and eliminate VNC enterprise-wide. Due mid-June 2026. Phase 0: discovery. January AQL query baseline to incorporate. Cross-reference BMS inventory for VNC-capable devices.

Investigations & Audits

Murus Portae (WAF) — Phase 0 discovery in progress. FMC cert expired. d001: DMZ NetScaler WAF investigation, zone map, architecture D2 diagrams (v1+v2 SVGs), FMC REST API reference guide, ops script. FMC API returning zero ACP rules — under investigation.
Firewall audit — FMC discovery inventory done (d001: fmc-discovery-2026-04-16). EtherChannel query, prefilter, policy assignments pending.
IoT Dr. Kim devices — RECURRING. All 4 MACs validated in IoT_iPSK_VLAN1620_Misc (04-24). v2 validation queries built with 7 deep analysis queries (group flapping, credential leakage, profile drift, NAS tracking, remediation timeline, deny audit, OUI scan). Revalidate — confirm no flapping since 04-24.
IoT device validation queries — v2 created with partials architecture, 16 queries across ERS/MnT/DataConnect/FMC. Completed 2026-04-24.

Stale Blockers (carried via carryover tracker)

k3s NAT verification — rule 170, 10.42.0.0/16 pod network (origin: 2026-03-09). 59 days. Blocks Wazuh indexer recovery → blocks SIEM visibility. Weekend task?
Strongline Gateway VLAN fix — 8 devices wrong identity group (origin: 2026-03-16). 52 days. David Rukiza assigned — follow up on status.

Administrative

PeopleSoft — track time for current week
iTrack tickets — close open tickets
KQL library — build initial queries in codex + d001
Linux Research project — finalize and review
Tax filing 2025 (MFJ) — see encrypted case file in data/d000/personal/ for details and action items

P1 — Important

MSCHAPv2 action-item tracker — owner/status/next-steps per workstream
ISE admin MFA enforcement — recommendation tied to advisory (interim control pending Patch 10)
DMZ Migration — external services audit behind NetScaler. Linked to Murus Portae investigation.
Vocera/Wyse iTrack RCA — complete root cause report
GCC ISE Support — 3/4 nodes restored, PSN-04 deferred
Wazuh indexer recovery — blocked by k3s NAT (origin: 2026-03-09)
Vocera EAP-TLS Supplicant Fix (origin: 2026-03-12)
iPSK Manager HA — blocked by DB replication (Ben Castillo)
ISE 3.4 Migration — depends on Patch 10 completion first
Git history scrub — murus-portae-output.md + ise-analytics CSVs
Encrypt prep-cmds-2026-04-15.adoc — plaintext committed to git
ISE MnT Messaging Service — enable UDP syslog delivery (maintenance window needed)

Infrastructure (Personal)

Borg backups — test and validate on ALL systems (Razer, P16g, vault-01, bind-01, kvm-01, kvm-02)
Borg — verify backup script paths updated from dotfiles-optimus to dots-quantum
Borg — create initial archive for ThinkPad P16g if none exists
Libvirt VLAN hook debug on both KVMs
Te1/0/2 cable replacement and re-test
Vault Raft cluster — verify vault-01 rejoined
Fix EAP-TLS keyring/secrets issue on Razer workstation

Completed (confirmed — do not delete, archive only)

CR-2026-04-15 SRT Research VLAN — submitted to iTrack. Completed 2026-04-15.
CAB presentation 4/21 — SRT Research VLAN 233 → CHLA-Research. APPROVED. Completed 2026-04-21.
Downtime Computers wireless audit — 45 computers, 16 violating, v3 report delivered. Completed 2026-04-21.
Git identity fix — dots-quantum/git/.gitconfig email corrected. Completed 2026-04-21.
MSCHAPv2 10:30 meeting — next steps + ACL coordination. Completed 2026-04-17.

Active Tickets

Service Requests (SR)

SR#	Request	Requestor	Opened	Status
3508542	Zoll cards connection issue	—	—	STALE — verify in iTrack
3508524	Disable dot1x on (2) network ports - 5th floor 3250 Wilshire (PXE-boot imaging issues)	—	—	STALE — verify in iTrack (issues persisted after disable)
3528165	Tube System Upgrade — 15 stations, MAC addresses for ISE IoT_Onboard identity group	Genest, John (vendor contact)	2026-06-01	NEW — MACs received, need ISE onboarding

Incidents (INC)

INC#	Priority	Description	Opened	SLA	Status
1911859	—	Strongline Gateways in Miscellaneous Subnet	—	—	STALE — verify in iTrack (related to carryover P0)

INC#

Priority

Description

Opened

SLA

Status

1911859

—

Strongline Gateways in Miscellaneous Subnet

—

STALE — verify in iTrack (related to carryover P0)

Change Requests - Emergency (ECAB)

CR#	Description	Opened	Scheduled	Status
No emergency changes

CR#

Description

Opened

Scheduled

Status

No emergency changes

Change Requests - Normal

CR#	Description	Opened	Scheduled	Status
No normal changes

CR#

Description

Opened

Scheduled

Status

No normal changes

Change Requests - Scheduled/Standard

CR#	Description	Opened	Window	Status
No scheduled changes

CR#

Description

Opened

Window

Status

No scheduled changes

Change Requests - Root Cause / Post-Incident

CR#	Description	Related INC	Opened	Status
100451	Vocera Phones and Wyse devices went off network	—	—	STALE — verify in iTrack

CR#

Description

Related INC

Opened

Status

100451

Vocera Phones and Wyse devices went off network

—

STALE — verify in iTrack

Session Accomplishments (Claude Code)

Don Quijote — Estudios

Apertura study (estudios/apertura.adoc) — complete anatomy of opening paragraph:
- 7 sentences dissected with line-by-line syntactic annotation
- Juegos de palabras: poverty vocabulary, prosody, Quijada/Quesada/Quejana etymologies
- 10 rhetorical devices identified in one paragraph
- Feliciano de Silva section: poliptoton razón ×5, le parecían as autoengaño verb, Aristóteles invoked in Ch 1, se le secó el celebro
- Perspectivas críticas: Maestro’s cynic reading, no quiero vs no puedo, primer autor = protagonist theory
- D2 diagram: images/diagrams/d2/quijote/apertura-sintaxis.svg
Contexto Histórico — 1492 (three events), Lepanto, Algiers captivity, limpieza de sangre, Dulcinea del Toboso (morisco town), Ricote’s "lloramos por España," mestizaje as novel’s structural DNA
Aristóteles Retórica — 3 pillars (ethos/pathos/logos) + 5 canons + 3 genres, each mapped to:
- Cervantes' technique in the Quijote
- Professional communication (CRs, CAB, advisories, vendor emails)
- Falacias Don Quijote commits
- Enthymeme identified in clock metaphor (Ch 33)
Léxico Cervantino expanded to 12 categories:
- Added: Vocabulario Vivo (discreto, decoro, pesar, titubear, alabar, pretensión — words alive today for SIELE C1)
- Added: Vocabulario de Honra y Deshonra (menoscabar, lascivo intento, honestidad, recato)
- Added: Vocabulario Marcial (continente, denuedo)
- Added: Vocabulario de Súplica (plega a Dios, ojalá — Arabic loanword layer)
- Added: Vocabulario Popular (embaular, tasajo, como el puño)
Narrative wrapping diagram — images/diagrams/d2/quijote/venta-narrative-layers.svg:
- 6 narrative levels at the inn (Ch 23-35)
- Cardenio, Dorotea, the suitcase manuscript, Curioso Impertinente
- Ch 35 collision: deepest fiction interrupted by shallowest delusion
- Thematic thread: Women Betrayed — Dorotea, Luscinda, Camila, while DQ sleeps

Don Quijote — Close Reading Ch 33

Study notes: data/quijote-study/notas/notas-033.adoc
Inline analysis: clock metaphor as logos/enthymeme, ANTONOMASIA, paralelismo quiásmico
10 grammatical structures annotated: aposición explicativa, correlación consecutiva, pronombre relativo neutro, subjuntivo imperfecto, concesiva, elipsis, quiasmo, hipérbole, contracción arcaica, subjuntivo irregular
Camila’s letter analysis: menoscabo, desenvoltura dual register, pesar, honor trap — naming the danger IS the danger
Lotario’s naval metaphor: piélago, áncoras, a pie enjuto — perfect rhetoric serving a lie
cola as polysemic word: animal tail, property, remainder, innuendo — 5 registers in one noun

CLI Skills Practiced

find -exec grep -iEn -A 2 — compound pipeline from memory
quijote-lookup.sh -e — elegant word categories
awk NR>=X && NR⇐Y — line-range extraction for close reading
diff with process substitution for textual variants (concept — editions to be sourced)

Personal

In Progress

Project	Description	Status	Notes
k3s Platform	Production k3s cluster on kvm-01	Active	Prometheus, Grafana, Wazuh deployed
Wazuh Archives	Enable archives indexing in Filebeat	Active	PVC fix pending
kvm-02 Hardware	Supermicro B deployment	Active	Hardware ready, RAM upgrade done

Project

Description

Status

Notes

k3s Platform

Production k3s cluster on kvm-01

Active

Prometheus, Grafana, Wazuh deployed

Wazuh Archives

Enable archives indexing in Filebeat

Active

PVC fix pending

kvm-02 Hardware

Supermicro B deployment

Active

Hardware ready, RAM upgrade done

Planned

Project	Description	Target	Blocked By
Vault HA (3-node)	vault-02, vault-03 on kvm-02	Q2 2026 (slipped from Q1)	kvm-02 deployment
k3s HA (3-node)	Control plane HA	Q2 2026 (slipped from Q1)	kvm-02 deployment
ArgoCD GitOps	k3s GitOps deployment	After k3s stable	—
MinIO S3	Object storage for k3s	After ArgoCD	—
Domus Inventory	Personal asset management (YAML + CLI + AsciiDoc)	Q2 2026	Schema approved

Project

Description

Target

Blocked By

Vault HA (3-node)

vault-02, vault-03 on kvm-02

Q2 2026 (slipped from Q1)

kvm-02 deployment

k3s HA (3-node)

Control plane HA

Q2 2026 (slipped from Q1)

kvm-02 deployment

ArgoCD GitOps

k3s GitOps deployment

After k3s stable

—

MinIO S3

Object storage for k3s

After ArgoCD

—

Domus Inventory

Personal asset management (YAML + CLI + AsciiDoc)

Q2 2026

Schema approved

Active — Infrastructure

Task	Details	Priority	Status	Due
Wazuh agent deployment	Deploy agents to all infrastructure hosts	P2	Pending	After archives fix
k3s Platform	Production k3s cluster on kvm-01	P1	In Progress	—
Wazuh Archives	Enable archives indexing in Filebeat, PVC fix	P1	In Progress	—
kvm-02 Hardware	Supermicro B deployment, RAM upgrade done	P1	In Progress	—

Task

Details

Priority

Status

Due

Wazuh agent deployment

Deploy agents to all infrastructure hosts

Pending

After archives fix

k3s Platform

Production k3s cluster on kvm-01

In Progress

—

Wazuh Archives

Enable archives indexing in Filebeat, PVC fix

In Progress

—

kvm-02 Hardware

Supermicro B deployment, RAM upgrade done

In Progress

—

Active — Security & Encryption

Task	Details	Priority	Status	Due
Configure 4th YubiKey	SSH FIDO2 keys	P1	TODO	—
Cold storage M-DISC backup	age-encrypted archives	P1	TODO	After YubiKey setup

Task

Details

Priority

Status

Due

Configure 4th YubiKey

SSH FIDO2 keys

TODO

—

Cold storage M-DISC backup

age-encrypted archives

TODO

After YubiKey setup

Active — Development & Tools

Task	Details	Priority	Status	Due
netapi Commercialization	Go CLI rewrite with Cobra-style argument discovery, package for distribution	P0	Active	—
Ollama API Service	FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen	P0	Active	—
Shell functions (fe, fec, fef)	File hunting helpers	P3	TODO	—

Task

Details

Priority

Status

Due

netapi Commercialization

Go CLI rewrite with Cobra-style argument discovery, package for distribution

Active

—

Ollama API Service

FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen

Active

—

Shell functions (fe, fec, fef)

File hunting helpers

TODO

—

Active — Documentation

Task	Details	Priority	Status	Due
D2 Catppuccin Mocha styling	domus-* spoke repos (177 files total)	P3	In Progress	—

Task

Details

Priority

Status

Due

D2 Catppuccin Mocha styling

domus-* spoke repos (177 files total)

In Progress

—

Active — Financial

Task	Details	Priority	Status	Due
Amazon order history import	Download CSV from Privacy Central → parse with awk → populate subscriptions tracker	P1	Waiting	Pending Amazon data export (requested 2026-04-04)

Task

Details

Priority

Status

Due

Amazon order history import

Download CSV from Privacy Central → parse with awk → populate subscriptions tracker

Waiting

Pending Amazon data export (requested 2026-04-04)

Active — Education

Task	Details	Priority	Status	Due
No active education tasks — see education trackers

Task

Details

Priority

Status

Due

No active education tasks — see education trackers

Active — Personal & Life Admin

Task	Details	Priority	Status	Due
ThinkPad T16g Setup	Arch install, stow dotfiles, Ollama stack, netapi dev env	P0	Pending	—
P50 Arch to Ubuntu migration	CR-2026-03-12	P2	In Progress	—
X1 Carbon Ubuntu installs	2 laptops, LUKS encryption	P2	In Progress	—
P50 Steam Test	Test Flatpak Steam + apt cleanup of broken i386 packages	P3	Pending	—

Task

Details

Priority

Status

Due

ThinkPad T16g Setup

Arch install, stow dotfiles, Ollama stack, netapi dev env

Pending

—

P50 Arch to Ubuntu migration

CR-2026-03-12

In Progress

—

X1 Carbon Ubuntu installs

2 laptops, LUKS encryption

In Progress

—

P50 Steam Test

Test Flatpak Steam + apt cleanup of broken i386 packages

Pending

—

Documentation Sites

docs.domusdigitalis.dev - Private documentation hub
docs.architectus.dev - Public portfolio site

Notes

Day-specific personal notes here.

Education

Claude Code + AI Engineering (ACTIVE)

Claude Code Mastery

Resource	Details	Progress	Status
Claude Code Full Course (4 hrs)	Nick Saraev - YouTube comprehensive course	26:49 / 4:00:00	IN PROGRESS
Claude Code Certification	Anthropic official certification (newly released)	Not started	GOAL

Resource

Details

Progress

Status

Claude Code Full Course (4 hrs)

Nick Saraev - YouTube comprehensive course

26:49 / 4:00:00

IN PROGRESS

Claude Code Certification

Anthropic official certification (newly released)

Not started

GOAL

Active Tracks (Focus)

Skills Mastery (Critical)

Regex Mastery - 10-module curriculum
Python Mastery
Bash Mastery
AsciiDoc Docs - Documentation format
Antora Docs - Documentation pipeline

Certification Deadlines

CISSP - July 12, 2026 (10-week plan active — Week 1)
RHCSA 9 - Q3 2026 (after CISSP)
LPIC-1 - Renewal required (blocks LPIC-2)

Language Certifications (DELE/SIELE)

Spanish C1 Certification Goals

Certification	Provider	Target	Status	Strategy
SIELE C1	Instituto Cervantes / UNAM / Salamanca	Q2 2026	ACTIVE	Computer-based, faster results - take FIRST
DELE C1	Instituto Cervantes	Q3/Q4 2026	PLANNED	After SIELE success, harder exam
DELE C2	Instituto Cervantes	2027	FUTURE	Mastery level - requires extensive immersion

Certification

Provider

Target

Status

Strategy

SIELE C1

Instituto Cervantes / UNAM / Salamanca

Q2 2026

ACTIVE

Computer-based, faster results - take FIRST

DELE C1

Instituto Cervantes

Q3/Q4 2026

PLANNED

After SIELE success, harder exam

DELE C2

Instituto Cervantes

2027

FUTURE

Mastery level - requires extensive immersion

SIELE is computer-adaptive, results in 3 weeks. DELE is paper-based, results in 3-4 months. Do SIELE first to validate readiness.

Don Quijote Writing Practice - DELE C1/C2 Initiative

Method:

Read chapter in original Spanish
Write personal analysis/understanding en espanol
AI review for grammar, vocabulary, register
Build comprehensive understanding of literary elements

Today’s Study

Focus: CISSP (41 days to July 12 exam — schedule exam today 06-01), MSCHAPv2 migration wrap-up
Secondary: RHCSA curriculum, Spanish SIELE C1
CISSP — Security & Risk Management (continuing). Schedule exam this afternoon.
RHCSA — continue curriculum phase
Spanish — Don Quijote reading + analysis (DTLA study day)
MSCHAPv2 — migration window closed 05-30, review final report

Regex Training (CRITICAL)

Status: 52 days carried over (since 2026-03-16)
Priority: After PeopleSoft, before Quijote
Session: Character classes, word boundaries

Infrastructure

Documentation Sites

Site	URL	Status	Actions Needed
Domus Digitalis	docs.domusdigitalis.dev	Active	Validate, harden, improve
Architectus	docs.architectus.dev	Active	Public portfolio site - maintain

Site

URL

Status

Actions Needed

Domus Digitalis

docs.domusdigitalis.dev

Active

Validate, harden, improve

Architectus

docs.architectus.dev

Active

Public portfolio site - maintain

HA Deployment Status

System	Description	Status	Notes
VyOS HA	vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP	✅ COMPLETE	2026-03-07 - pfSense decommissioned
BIND DNS HA	bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR	✅ COMPLETE	Zone transfer operational
Vault HA	Raft cluster (vault-01/02/03)	✅ COMPLETE	Integrated with PKI
Keycloak Rebuild	keycloak-01 corrupted, rebuild from scratch	🔄 NEXT	Priority P3 - SSO broken
FreeIPA HA	ipa-02 replica planned	📋 PLANNED	Linux auth redundancy
AD DC HA	home-dc02 replication	📋 PLANNED	Windows auth redundancy
iPSK Manager HA	ipsk-mgr-02 with MySQL replication	📋 PLANNED	PSK portal redundancy
ISE HA	PAN HA (ise-01 reconfigure)	⏳ DEFERRED	Wait until ise-02 stable
ISE 3.5 Migration	Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)	📋 PLANNED	After 3.4 Migration completes (Q2 2026)

System

Description

Status

Notes

VyOS HA

vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP

✅ COMPLETE

2026-03-07 - pfSense decommissioned

BIND DNS HA

bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR

✅ COMPLETE

Zone transfer operational

Vault HA

Raft cluster (vault-01/02/03)

✅ COMPLETE

Integrated with PKI

Keycloak Rebuild

keycloak-01 corrupted, rebuild from scratch

🔄 NEXT

Priority P3 - SSO broken

FreeIPA HA

ipa-02 replica planned

📋 PLANNED

Linux auth redundancy

AD DC HA

home-dc02 replication

📋 PLANNED

Windows auth redundancy

iPSK Manager HA

ipsk-mgr-02 with MySQL replication

📋 PLANNED

PSK portal redundancy

ISE HA

PAN HA (ise-01 reconfigure)

⏳ DEFERRED

Wait until ise-02 stable

ISE 3.5 Migration

Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)

📋 PLANNED

After 3.4 Migration completes (Q2 2026)

Single Points of Failure (CRITICAL)

These systems have NO redundancy - outage impacts production.

System	Impact if Down	Mitigation
ISE (ise-02)	All 802.1X stops - wired and wireless auth fails	ise-01 reconfiguration deferred until ise-02 stable
Keycloak (keycloak-01)	SAML/OIDC SSO broken (ISE admin, Grafana, etc.)	NEXT PRIORITY - Rebuild runbook
FreeIPA (ipa-01)	Linux auth, sudo rules, HBAC fails	ipa-02 replica planned
AD DC (home-dc01)	Windows auth, Kerberos, GPO fails	home-dc02 replica planned
iPSK Manager	Self-service PSK portal unavailable	ipsk-mgr-02 with MySQL replication planned

System

Impact if Down

Mitigation

ISE (ise-02)

All 802.1X stops - wired and wireless auth fails

ise-01 reconfiguration deferred until ise-02 stable

Keycloak (keycloak-01)

SAML/OIDC SSO broken (ISE admin, Grafana, etc.)

NEXT PRIORITY - Rebuild runbook

FreeIPA (ipa-01)

Linux auth, sudo rules, HBAC fails

ipa-02 replica planned

AD DC (home-dc01)

Windows auth, Kerberos, GPO fails

home-dc02 replica planned

iPSK Manager

Self-service PSK portal unavailable

ipsk-mgr-02 with MySQL replication planned

Validation Tasks

Task	Details	Status
docs.domusdigitalis.dev validation	Test all cross-references, search, rendering	TODO
docs.domusdigitalis.dev hardening	HTTPS, CSP headers, security review	TODO
docs.architectus.dev validation	Public site content review	TODO
Hub-spoke sync verification	All components building correctly	Ongoing

Task

Details

Status

docs.domusdigitalis.dev validation

Test all cross-references, search, rendering

TODO

docs.domusdigitalis.dev hardening

HTTPS, CSP headers, security review

TODO

docs.architectus.dev validation

Public site content review

TODO

Hub-spoke sync verification

All components building correctly

Ongoing

Quick Commands

Git & GitHub CLI

create GitHub repo from existing local repo

gh repo create <name> --private --source . --remote origin --push

clone a forked repo into a specific directory

gh repo clone EvanusModestus/PowerShell ~/atelier/_projects/work/PowerShell

gh repo clone defaults to SSH. If key is passphrase-protected, load agent first: eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519_github

cross-repo commit search — all domus repos on a specific date

for repo in ~/atelier/_bibliotheca/domus-*/ ~/atelier/_projects/personal/domus-*/; do
  [ -d "$repo/.git" ] || continue
  name=$(basename "$repo")
  git -C "$repo" log --since="2026-04-06" --until="2026-04-07" --format="%h %aI %s" 2>/dev/null |
    awk -v r="$name" '{print r, $0}'
done

commit history touching only today’s modified files

git log --oneline -- $(find . -name "*.adoc" -type f -newermt "$(date +%F)")

unstage a file without losing changes

git restore --staged data/d001/api/ise-dataconnect/output/output-2026-04-24

Safe — removes from staging area only. Working tree is untouched. Use when you accidentally git add a plaintext or output file.

gh CLI — repo discovery and filtering

list repos by name pattern (domus/antora ecosystem)

gh repo list --limit 100 --json name,description \
  | jq -r '.[] | select(.name | test("domus|antora|asciidoc"; "i")) | "\(.name)\t\(.description)"'

top 20 most recently updated repos

gh repo list --limit 100 --json name,description,updatedAt \
  | jq -r 'sort_by(.updatedAt) | reverse | .[:20] | .[] | "\(.updatedAt[:10])\t\(.name)\t\(.description)"'

top 10 repos by disk usage

gh repo list --limit 100 --json name,diskUsage \
  | jq -r '.[] | "\(.diskUsage)\t\(.name)"' | sort -rn | head -10

clone a repo that’s not local yet

gh repo clone EvanusModestus/<repo-name> ~/atelier/_bibliotheca/<repo-name>

find & grep

files modified since midnight today (precise — not "last 24 hours")

find . -name "*.adoc" -type f -newermt "$(date +%F)" | sort

-mtime 0 means "last 24 hours", not "today". -newermt "$(date +%F)" compares against midnight — exact.

case-insensitive file search

find . -iname "*mschap*" -type f | sort

multiple name patterns with -o

find . -type f \( -iname "*ise*" -o -iname "*mschap*" \) | sort

same thing, single regex — fewer parens, extensible

find . -type f -iregex '.*\(ise\|mschap\).*'

exclude directories

find . -type f -iname "*meeting*" \
  -not -path "*/node_modules/*" \
  -not -path "*/.git/*" \
  -not -path "*/build/*"

recent drafts by modification time (newest first)

find .drafts -type f -printf '%T@ %Tc %p\n' | sort -rn | awk '{$1="";print}' | head -3

grep — know what you’re counting

grep -rl "pattern" . --include="*.adoc"         # file count (which files)
grep -rn "pattern" . --include="*.adoc"         # line matches (every occurrence)
grep -rc "pattern" . --include="*.adoc" | grep -v ':0$'  # match count per file

search with context — avoid opening the file

grep -rn -E 'git init|gh repo create' docs/ --include='*.adoc' -B2 -A2

Search codex by content — which files contain a command?

find all PowerShell files that use a specific cmdlet

find docs/modules/ROOT/examples/codex/powershell -type f -name "*.adoc" \
  -exec grep -l 'Get-Process\|Start-Process\|pipeline\|Where-Object' {} \;

Pattern: find -exec grep -l returns only filenames with matches — like grep -rl but with find’s `-type f -name filtering. Use \| for OR in grep basic regex. Swap the pattern for any cmdlet or keyword to locate coverage across the codex.

inventory a codex tool directory — count files per tier

find docs/modules/ROOT -name "powershell" -type d \
  -exec sh -c 'echo "$1: $(find "$1" -type f | wc -l) files"' _ {} \;

find orphaned examples (not included by any page)

for f in $(find docs/modules/ROOT/examples/codex/powershell -name "*.adoc" -type f); do
  base=$(basename "$f")
  dir_parent=$(basename $(dirname "$f"))
  grep -rq "$dir_parent/$base" docs/modules/ROOT/pages/codex/powershell/ \
    docs/modules/ROOT/examples/codex/powershell/*.adoc 2>/dev/null \
    || echo "ORPHAN: $f"
done

find → grep → open in nvim

find by path + content, open result in nvim

nvim $(find -path '*oauth*' -name '*.adoc' -type f \
  -exec grep -l 'timeout\|expire\|reconfig\|token' {} \;)

Command substitution $(…) feeds all matches as arguments to nvim — opens every hit as a buffer. :bn/:bp to cycle, :ls to list. One file? Opens directly. Five files? All loaded, ready to navigate.

find by content across entire tree, open in nvim

nvim $(find docs/modules/ROOT -name '*.adoc' -type f \
  -exec grep -l 'token.*expire\|oauth.*refresh' {} \;)

open one at a time (sequential — -exec nvim per match)

find -path '*oauth*' -name '*.adoc' -type f \
  -exec grep -l 'timeout\|expire' {} \; \
  -exec nvim {} \;

Trace Antora partial inclusion chains

who includes this partial? (one level up)

grep -rl 'commands/shell' docs/modules/ROOT/partials/

count all pages that include a partial

grep -rl 'quick-commands' docs/modules/ROOT | wc -l

full chain: partial → assembler → every page that uses it

file="commands/shell"
grep -rl "$file" docs/modules/ROOT/partials/ | while read f; do
  parent=$(basename "$f" .adoc)
  echo "$file -> $parent"
  grep -rl "$parent" docs/modules/ROOT/pages/ | while read p; do
    echo "  -> $(basename "$p")"
  done
done

Pattern: grep -rl finds which files contain the string. Chain two passes — first finds the assembler partial, second finds every page that includes it. Works for any partial in the Antora include hierarchy.

Multi-pattern file search — worklog partial discovery

brute force — one find per partial name

find docs/modules/ROOT -name "*urgent.adoc*" -type f
find docs/modules/ROOT -name "*morning.adoc*" -type f

consolidated — single find with regex (production approach)

find docs/modules/ROOT -type f -regextype posix-extended \
  -regex '.*(urgent|morning|work-chla|personal|education|infrastructure|quick-commands|related)\.adoc' \
  | sort

Pattern: -regextype posix-extended enables | alternation without escaping. One process, one sort — versus 8 separate finds. The sort deduplicates visually and groups by path.

pipeline alternative — find piped to grep

find docs/modules/ROOT -type f -name "*.adoc" \
  | grep -E 'urgent|morning|work-chla|personal|education|infrastructure|quick-commands|related'

Trade-off: the pipeline version is more readable but spawns two processes. The regex version is a single find — faster on large trees, same result.

Cross-repo literary term search — bibliotheca-wide discovery

When searching for a term across the entire _bibliotheca (multiple repos, mixed file types), these patterns escalate from narrow to broad.

1. Single repo — count matches per file

grep -rn --include='*.adoc' -c 'sanchuelo' . | grep -v ':0$'

2. Cross-repo — filenames only (all bibliotheca)

grep -rl --include='*.adoc' -i 'sanchuelo' ~/atelier/_bibliotheca/ | sort

3. Cross-repo with context — see the line in situ

grep -rn --include='*.adoc' -i -B1 -A1 'sanchuelo' ~/atelier/_bibliotheca/domus-captures/

4. Multi-filetype — .adoc + .txt (catches source texts)

grep -rl -i 'sanchuelo' ~/atelier/_bibliotheca/ --include='*.txt' --include='*.adoc' | sort

5. Null-safe find + xargs — handles spaces in paths

find ~/atelier/_bibliotheca/ -type f \( -name '*.adoc' -o -name '*.txt' \) -print0 \
  | xargs -0 grep -li 'sanchuelo' | sort

6. Open all hits directly in nvim

grep -rl -i 'sanchuelo' ~/atelier/_bibliotheca/ --include='*.adoc' --include='*.txt' | xargs nvim

Pattern escalation: #1 confirms the term exists and where. #2 expands to all repos. #3 shows context without opening files. #4 adds plain text sources (Quijote .txt originals). #5 is the safe version for automation. #6 opens everything for editing.

Trade-off: grep -r --include is faster for known file types. find | xargs grep is safer for paths with spaces and more extensible (add -name '*.md' etc.). For literary searches across the bibliotheca, #4 or #5 is usually the right starting point — the source texts are .txt, not .adoc.

Email thread analysis — extract people, dates, commitments, silence

who’s in the thread (@ mentions + From headers)

grep -P '(@\w+|^From:.*<)' comms.adoc

timeline — every date with context

grep -nP '\d{1,2}/\d{1,2}/\d{2,4}|20\d{2}-\d{2}-\d{2}' comms.adoc

commitments — who promised what

grep -niP '(I can |I will |I.ll |we will |we.ll )' comms.adoc

open questions and unknowns

grep -niP '(\?|need to confirm|need to validate|TBD|pending)' comms.adoc

comm — set difference (who hasn’t replied)

# All recipients
grep -oP '<\K[^>]+' comms.adoc | sort -u > /tmp/all-recipients

# All senders
grep -P '^From:' comms.adoc | grep -oP '<\K[^>]+' | sort -u > /tmp/replied

# Who's silent — follow-up targets
comm -23 /tmp/all-recipients /tmp/replied

comm -23 outputs lines only in file 1 (recipients not in senders). Requires sorted input. grep -oP '<\K[^>]+' uses PCRE lookbehind — match < but don’t include it, capture until >.

awk, sed, jq

awk — field extraction

print second field (whitespace-delimited)

awk '{print $2}' file.txt

custom delimiter — colon-separated (like /etc/passwd)

awk -F: '{print $1, $3}' /etc/passwd

extract JSON code blocks from AsciiDoc

awk '/\[source,json\]/{getline; if ($0 ~ /^----/) {p=1; next}} p && /^----/{p=0; next} p' file.adoc

field extraction with printf formatting

awk '{printf "%-30s %s\n", $1, $2}' file.txt

sed — stream editing

in-place replacement with verify-before/after

# Before
awk 'NR==73' /etc/ssh/sshd_config
# Change
sed -i '73s/#GSSAPIAuthentication no/GSSAPIAuthentication yes/' /etc/ssh/sshd_config
# After
awk 'NR==73' /etc/ssh/sshd_config

extract line range

sed -n '10,20p' file.txt

jq — JSON processing

extract nested fields

curl -s localhost:8080/stats | jq '.stats.total_files'

filter array by property

jq '.results[] | select(.category == "standards")' response.json

transform to TSV for spreadsheets

jq -r '.[] | [.title, .path] | @tsv' response.json | column -t -s $'\t'

GitHub API + jq — commit history by path

gh api "repos/EvanusModestus/domus-captures/commits?path=docs/&per_page=10" |
  jq -r '.[] | "\(.commit.author.date[:10]) \(.sha[:7]) \(.commit.message | split("\n")[0])"'

Shell Patterns

xargs — when the next command reads arguments, not stdin

Next command reads… Use

Next command reads…	Use
stdin (`awk`, `grep`, `wc`, `sort`)	pipe directly
arguments (`stat`, `rm`, `cp`, `nvim`, `git add`)	`xargs`

stdin (awk, grep, wc, sort)

pipe directly

arguments (stat, rm, cp, nvim, git add)

xargs

copy today’s files to backup — -I{} placeholder

mkdir -p /tmp/adoc-backup-$(date +%F) && \
  find . -name "*.adoc" -type f -newermt "$(date +%F)" | \
  xargs -I{} cp {} /tmp/adoc-backup-$(date +%F)/

parallel validation — -P4 runs 4 at a time

find .drafts -name "*.adoc" -type f | xargs -P4 -I{} asciidoctor -o /dev/null {}

null-delimited pipeline — safe for filenames with spaces

find . -name "*.adoc" -type f -print0 | xargs -0 wc -l

Process substitution — `<(cmd)` treats output as a file

compare tracker state: yesterday vs today

diff <(grep '|' partials/trackers/work/adhoc/carryover.adoc | head -20) \
     <(git show HEAD~1:partials/trackers/work/adhoc/carryover.adoc | grep '|' | head -20)

files on disk vs files in nav — drift detection

diff <(find docs/modules/ROOT/pages/projects/chla/mschapv2-migration -name "*.adoc" -type f | sort) \
     <(grep -oP 'mschapv2-migration/[^[]+\.adoc' docs/modules/ROOT/nav.adoc | sort)

Command substitution — embed output as arguments

open most recently modified file in nvim

nvim "$(find data/ -name '*.adoc' -type f -printf '%T@ %p\n' | sort -rn | awk 'NR==1{print $2}')"

line count across a project

wc -l $(find docs/modules/ROOT -path '*mschapv2*' -name '*.adoc' -type f)

Conditional execution — capture, test, act

open matching files only if they exist

files=$(find .drafts -name 'in*' -type f) && [ -n "$files" ] && nvim $files

open files that contain unchecked items

files=$(grep -rl '\[ \]' .drafts/*.adoc) && [ -n "$files" ] && nvim $files

guard with grep -q — only act if pattern matches

grep -q 'TODO\|FIXME\|\[ \]' "$file" && nvim "$file"

Pattern: $(capture) → [ -n ] tests non-empty → && only proceeds if true. grep -q is the idempotent guard — run repeatedly, only opens when there’s work.

Decrypt and open — find .age, decrypt, nvim in one shot

files=$(find . -name "*tcp-clock*.age" -type f) && \
  [ -n "$files" ] && echo "$files" | xargs -I{} decrypt-file {} && \
  nvim $(echo "$files" | sed 's/\.age$//')

Pattern: find .age only (never tries plaintext), sed derives the decrypted path, guard prevents empty nvim. Change the glob to match any project.

tee_clean — color on screen, clean text in file

tee_clean() {
  tee >(sed 's/\x1b\[[0-9;]*m//g' > "$1")
}

# Color output on terminal, stripped in file
jq -C '.' data.json | tee_clean output.json
xq -C '.' data.xml | tee_clean output.json

# Wrap a whole block
{
  echo "=== Summary ==="
  jq -C '.[] | .name' data.json
} | tee_clean summary.txt

The >(cmd) is process substitution — tee writes to stdout AND to the subshell pipe. sed strips ANSI escape sequences (\x1b\[[0-9;]*m) before they hit the file.

Dependency check — verify toolchain in one shot

for cmd in asciidoctor asciidoctor-pdf pandoc rouge d2 mmdc age; do
  printf "%-20s %s\n" "$cmd" "$(command -v $cmd >/dev/null 2>&1 && echo 'OK' || echo 'MISSING')"
done

Pattern: command -v checks if binary exists on PATH. >/dev/null 2>&1 suppresses output — we only care about exit code. Swap the tool list for any project’s dependencies.

printf safety — dashes as data, not options

wrong — printf treats --- as invalid option

printf '---\n\n'

right — %s format string treats --- as data

printf '%s\n\n' '---'

Kill stuck SSH sessions

Find established SSH connections

lsof -i TCP -n -P | awk '/ssh.*ESTABLISHED/ {print $2, $9}'

Kill all stuck SSH sessions to a specific host

lsof -i TCP -n -P | awk '/ssh.*kvm-01.*ESTABLISHED/ {print $2}' | sort -u | xargs kill

Kill ALL stuck SSH sessions

lsof -i TCP -n -P | awk '/ssh.*ESTABLISHED/ {print $2}' | sort -u | xargs kill

lsof -i TCP -n -P lists all TCP connections. awk filters for SSH + ESTABLISHED, prints only the PID ($2). sort -u deduplicates (multiple file descriptors per process). xargs kill sends SIGTERM to each.

File Descriptors & Redirection

The three file descriptors

FD	Name	Purpose
0	stdin	input to the command
1	stdout	normal output (valid results)
2	stderr	error messages

Name

Purpose

stdin

input to the command

stdout

normal output (valid results)

stderr

error messages

Split stdout and stderr into separate files

find / -name "*.conf" 1>results.txt 2>errors.txt

Suppress errors — `2>/dev/null`

find / -name "*.conf" 2>/dev/null

Merge stderr into stdout — `2>&1`

command 2>&1 | grep "pattern"

This sends both stdout and stderr through the pipe. Without 2>&1, only stdout reaches grep — errors print to the terminal and bypass the pipeline.

Heredoc patterns

multi-line input to a command

cat <<'EOF'
Line 1
Line 2
EOF

heredoc commit messages (quotes prevent variable expansion)

git commit -m "$(cat <<'EOF'
feat: add new feature

Multi-line description here.
EOF
)"

API & curl/jq

domus-api — Documentation System REST API

start the API server

cd ~/atelier/_projects/personal/domus-api && uv run uvicorn domus_api.main:app --host 0.0.0.0 --port 8080

health check

curl -s localhost:8080/ | jq

full-text search

curl -s 'localhost:8080/search?q=mandiant' | jq

search — extract path, title, match count

curl -s 'localhost:8080/search?q=mandiant' | jq '.results[] | {path, title, match_count}'

list pages by category

curl -s 'localhost:8080/pages?category=standards' | jq

all antora.yml attributes

curl -s localhost:8080/attributes | jq

GitHub API

cross-repo search via GitHub API

gh search code "vault seal" --owner EvanusModestus --json repository,path,textMatches |
  jq '.[] | {repo: .repository.full_name, file: .path, match: .textMatches[].fragment}'

count .adoc files in a repo via API

gh api 'repos/EvanusModestus/domus-captures/git/trees/main?recursive=1' |
  jq '[.tree[] | select(.path | endswith(".adoc"))] | length'

Domus Workflows

Read content from terminal (meeting-ready)

today’s worklog

bat docs/modules/ROOT/pages/2026/04/WRKLOG-$(date +%Y-%m-%d).adoc

current priorities

bat docs/modules/ROOT/partials/trackers/work/priorities/current.adoc

carryover backlog

bat docs/modules/ROOT/partials/trackers/work/adhoc/carryover.adoc

any project summary

bat docs/modules/ROOT/partials/projects/mandiant-remediation/summary.adoc

Search and discovery

find all files related to a topic

grep -rl "MSCHAPv2" docs/modules/ROOT/ --include="*.adoc" | sort

search codex entries

grep -rn "pattern" docs/modules/ROOT/partials/codex/ --include="*.adoc" -B1 -A3

list all worklogs for a month

ls -1 docs/modules/ROOT/pages/2026/04/WRKLOG-*.adoc

Tracker aging — calculate days from origin

how many days since a carryover item started

echo $(( ($(date +%s) - $(date -d "2026-03-09" +%s)) / 86400 ))

Encrypted data access (d001)

view encrypted file without disk write

age --decrypt -i ~/.secrets/.metadata/keys/master.age.key \
  data/d001/projects/mandiant-remediation/findings-status-2026-04-16.adoc.age \
  | bat --language asciidoc

project encryption dashboard

for d in data/d001/projects/*/; do
  total=$(find "$d" -type f | wc -l)
  plain=$(find "$d" -type f ! -name '*.age' ! -name 'README.adoc' ! -name '.gitkeep' ! -name '*.py' | wc -l)
  printf "%-25s %s files  %s plaintext\n" "$(basename "$d")" "$total" "$plain"
done

ISE & Network Ops

ISE ERS API — endpoint CRUD

set credentials (session)

export ISE_HOST="{ise-ip}" ISE_USER="admin" ISE_PASS="$(gopass show -o ise/admin)"

list identity groups

curl -sk "https://$ISE_HOST:{ise-ers-port}/ers/config/identitygroup" \
  -H "Accept: application/json" -u "$ISE_USER:$ISE_PASS" | jq '.SearchResult.resources[].name'

check if endpoint exists by MAC

curl -sk "https://$ISE_HOST:{ise-ers-port}/ers/config/endpoint?filter=mac.EQ.AA:BB:CC:DD:EE:FF" \
  -H "Accept: application/json" -u "$ISE_USER:$ISE_PASS" | jq '.SearchResult.total'

Certificate inspection

view EAP-TLS client cert from local store

openssl x509 -in {cert-dir}/client.pem -text -noout | head -30

check cert expiry

openssl x509 -in {cert-dir}/client.pem -enddate -noout

Network diagnostics

check listening ports

ss -tlnp | grep -E ':{port-https}|:{port-ssh}|:{port-ldaps}'

test ISE connectivity

nc -zv {ise-ip} {ise-ers-port}

DNS resolution

dig {ise-hostname} +short

PowerShell (from zsh)

All PowerShell commands run inside pwsh -NoLogo -Command '…' from zsh. Running them bare fails — zsh interprets $, |, () as shell syntax.

Process management

top 5 processes by memory

pwsh -NoLogo -Command 'Get-Process | Sort-Object WorkingSet64 -Descending |
  Select-Object -First 5 ProcessName, Id,
    @{N="MB";E={[math]::Round($_.WorkingSet64/1MB)}} | Format-Table'

stop/start Teams

pwsh -NoLogo -Command 'Get-Process | Where-Object {$_.ProcessName -like "*teams*"} | Stop-Process'
pwsh -NoLogo -Command 'Start-Process "ms-teams"'

Export to JSON (pipe to jq)

always use -NoLogo when piping pwsh output to zsh tools

pwsh -NoLogo -Command 'Get-Process | Sort-Object WorkingSet64 -Descending |
  Select-Object -First 5 ProcessName, Id,
    @{N="MB";E={[math]::Round($_.WorkingSet64/1MB)}} | ConvertTo-Json' | jq '.'

Never pipe Format-Table into ConvertTo-Json — it produces layout metadata, not data. Select-Object first, then ConvertTo-Json.

Wi-Fi management (netsh)

force fresh network scan

netsh wlan disconnect interface="Wi-Fi"
netsh wlan show networks mode=bssid
netsh wlan connect name="CHLA-Remote" interface="Wi-Fi"

SSH from PowerShell

connect to homelab from Windows terminal

ssh evan@modestus-razer.inside.domusdigitalis.dev

Security & Encryption

View encrypted files without writing to disk

pipe age decrypt to bat — nothing touches the filesystem

age --decrypt -i ~/.secrets/.metadata/keys/master.age.key \
  data/d001/projects/mandiant-remediation/findings-status-2026-04-16.adoc.age \
  | bat --language asciidoc --file-name "findings-status-2026-04-16.adoc"

Batch re-encrypt — brace expansion + loop

re-encrypt multiple project files

for f in data/d001/projects/mandiant-remediation/{findings-status,guest-acl-update,siem-report}-2026-04-16.adoc; do
  rm -f "${f}.age" && echo y | encrypt-file "$f"
done

Always rm -f the .age first. If you skip it, encrypt-file prompts about overwrite and may only delete the plaintext without re-encrypting.

Detect stale plaintext — files needing re-encryption

find plaintext newer than its .age counterpart

for f in data/d001/projects/*/*.adoc; do
  age="${f}.age"
  if [ -f "$f" ] && [ -f "$age" ]; then
    pt_mod=$(/usr/bin/stat -c'%Y' "$f")
    age_mod=$(/usr/bin/stat -c'%Y' "$age")
    [ "$pt_mod" -gt "$age_mod" ] && echo "STALE: $f"
  fi
done

Secure delete — shred for sensitive plaintext

shred -u data/d001/projects/mandiant-remediation/man-report.txt

On SSD/NVMe, shred is less effective (wear leveling), but better than rm which only removes the directory entry.

Pre-push audit — find all unencrypted project files

find data/d001/projects -type f ! -name '*.age' ! -name 'README.adoc' ! -name '.gitkeep' ! -name '*.py' | sort

System & Infrastructure

PipeWire audio validation

wpctl status                                    # PipeWire status
pactl list sinks short                          # list audio sinks
pw-play /usr/share/sounds/freedesktop/stereo/bell.oga  # test default sink
journalctl -b --grep='sof|cs35l56' --no-pager | tail -20  # kernel audio firmware
cat /proc/asound/cards                          # ALSA sound cards

gopass — personal document management

gopass-personal-docs    # interactive entry creation
gopass-query bills      # list recurring bills with totals
gopass-query storage    # list storage units with gate codes
gopass-query export bills  # export category to JSON

Makefile — daily workflow

make new-day      # create today's worklog + update attributes
make serve        # build + local server (port 8000)
make              # build only
make sync-nav     # sync worklog nav entries
make update-index # rebuild monthly index

Per-project file dashboard

per-project summary — total files vs unencrypted plaintext

for d in data/d001/projects/*/; do
  total=$(find "$d" -type f | wc -l)
  plain=$(find "$d" -type f ! -name '*.age' ! -name 'README.adoc' ! -name '.gitkeep' ! -name '*.py' | wc -l)
  echo "$(basename "$d") | ${total} files | ${plain} plaintext"
done