STD-014: Worklog System
The daily worklog is the foundation of the documentation system. Every workday produces a single capture file that records decisions, accomplishments, blockers, and forward momentum. Over time, worklogs become the primary source for monthly summaries, project timelines, pattern extraction, and case study creation. Without consistent daily capture, institutional knowledge decays within days.
Principles
-
One worklog per day. Each workday produces exactly one
WRKLOG-YYYY-MM-DD.adocfile. Weekend and personal sessions follow the same format. No day produces two worklogs; no worklog spans two days. -
Section includes for modularity. The worklog body is composed from section partials (
partials/worklog/). Each section is a separate file that is rewritten daily. This enables selective inclusion, independent editing, and partial reuse without modifying the worklog page itself. -
Summary first. The worklog opens with a bold day name and a dense paragraph summarizing the entire day’s output. A reader who reads only the summary should understand the day’s scope and significance.
-
Session accomplishments capture AI-assisted work. Every Claude Code session that produces material output is documented under "Session Accomplishments" with scope, file counts, and line counts where relevant. This is the audit trail for AI-assisted productivity.
-
TODOs carry forward. The "Today’s Remaining TODO" section uses Must/Should/Stretch tiers. Uncompleted items carry forward to the next worklog or are promoted to a tracker. Nothing silently disappears.
Worklog Naming
Worklogs follow the WRKLOG prefix defined in STD-003:
WRKLOG-YYYY-MM-DD.adoc
Filed in the chronological directory structure:
pages/YYYY/MM/WRKLOG-YYYY-MM-DD.adoc
Example: pages/2026/04/WRKLOG-2026-04-06.adoc
Creation
make new-dayThis command auto-generates today’s worklog with the correct header, section includes, and TODO skeleton. Never create worklogs manually — the Makefile template ensures structural consistency.
For local preview:
make serve # Build + local server (port 8000)
make # Build onlyRequired Structure
Every worklog MUST follow this structure exactly:
= WRKLOG-YYYY-MM-DD
:description: [Day Name] - [Summary of day's work]
:revdate: YYYY-MM-DD
== Summary
// Worklog Section: URGENT - All Domains — Assembler
// Usage: include::partial$worklog/urgent.adoc[]
// Contains: All urgent items across domains via sub-partials
//
// PARADIGM: Each domain = its own file in urgent/
// FILES: professional.adoc, personal.adoc, life-admin.adoc, certifications.adoc
//
// MAINTENANCE: Add/remove urgent domains by editing includes below
== URGENT - All Domains
// Worklog Urgent: Professional Backlog
// Usage: Included by worklog/urgent.adoc assembler
// Contains: Work carryover backlog with aging
=== Professional Backlog
// Carryover Backlog — Critical tasks carried across worklogs
// Usage: include::partial$trackers/work/adhoc/carryover.adoc[]
// Last updated: 2026-04-09
=== Carryover Backlog (CRITICAL)
// =========================================================================
// UPDATE: Days column each worklog
// PRIORITY: P0 = blocking others or critical | P1 = important | P2 = scheduled
// =========================================================================
[cols="2,3,1,1,1"]
|===
| Task | Details | Origin | Days | Status
| **k3s NAT verification**
| NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity
| 2026-03-09
| 31
| **P0 - BLOCKING**
| **Wazuh indexer recovery**
| Restart pod after NAT confirmed working - SIEM visibility blocked
| 2026-03-09
| 31
| **P0 - Blocked by k3s**
| Strongline Gateway VLAN fix
| 8 devices in wrong identity group (David Rukiza assigned)
| 2026-03-16
| 24
| P0 - TODO
| Monad Pipeline Evaluation
| Test pipeline creation, input sources, transforms (LEAD ROLE)
| 2026-03-11
| 29
| P1 - TODO
| Vocera EAP-TLS Supplicant Fix
| ~10 phones failing 802.1X, missing supplicant config
| 2026-03-12
| 28
| P1 - TODO
| ISE MnT Messaging Service
| Enable "Use ISE Messaging Service for UDP syslogs delivery"
| 2026-03-12
| 28
| P2 - TODO
| ISE Patch 9 upgrade
| ISE 3.2 Patch 9 addresses known replication issues
| 2026-03-12
| 28
| P2 - TODO
|===
WARNING: Professional backlog remains critical. Check Days column for priorities.
// Worklog Urgent: Personal Blockers
// Usage: Included by worklog/urgent.adoc assembler
// Contains: Personal blocking items
=== Personal Blockers
// Blockers — Fix before anything else
// Usage: include::partial$trackers/personal/tasks/blockers.adoc[]
// Last updated: 2026-04-09
=== BLOCKERS — Fix Immediately
[cols="2,3,1,1,2"]
|===
| Task | Details | Origin | Days | Impact
| **Z Fold 7 Termux**
| gopass and SSH not working
| 2026-03-10
| 30
| **BLOCKER** — Cannot access passwords on mobile
| **gopass v3 organization**
| Inconsistent structure, poor key-value usage
| 2026-03-20
| 20
| Inefficient password management, no aggregation
|===
// Worklog Urgent: Life Admin
// Usage: Included by worklog/urgent.adoc assembler
// Contains: Urgent life admin items (medical, financial, legal, housing)
=== Life Admin
// Urgent - Requires Immediate Action
// Usage: include::partial$trackers/personal/life-admin/urgent.adoc[]
// Last updated: 2026-04-04
=== URGENT - Requires Immediate Action
[cols="2,2,1,1,2"]
|===
| Item | Details | Deadline | Status | Impact
| **Housing Search**
| Granada Hills area - apartments/rooms
| TBD
| In Progress
| Quality of life, commute
|===
// Worklog Urgent: Certification Deadlines
// Usage: Included by worklog/urgent.adoc assembler
// Contains: Cert deadline urgency flags
=== Certification Deadlines
=== URGENT — Performance Review Deadline (June 1, 2026)
[cols="2,2,1,1,2"]
|===
| Certification | Provider | Deadline | Status | Impact
| **CISSP**
| ISC² — Certified Information Systems Security Professional
| **June 1, 2026**
| **ACTIVE** — Phase 0 (xref:projects/education/edu-cissp/index.adoc[Project])
| Required for performance review
| **RHCSA 9**
| Red Hat Certified System Administrator
| **June 1, 2026**
| **ACTIVE** — 21-phase curriculum (xref:projects/education/edu-rhcsa/index.adoc[Project])
| Required for performance review
|===
WARNING: **53 days remaining** until June 1st deadline.
---
// Worklog Section: Early Morning — Assembler
// Usage: include::partial$worklog/morning.adoc[]
// Contains: Morning focus via slot partial
//
// PARADIGM: Slot-based — swap morning/focus.adoc for new priorities
// FILES: focus.adoc (current morning priority)
== Early Morning - 5:30am
// Worklog Morning: Current Focus
// Usage: Included by worklog/morning.adoc assembler
// Contains: Current morning priority (swap this file when focus changes)
//
// CURRENT FOCUS: Regex Training
// SWAP TO: Any morning priority without touching worklog structure
=== Regex Training (CRITICAL CARRYOVER)
* [ ] Session 3 - Character classes, word boundaries
* [ ] Practice drills from regex-mastery curriculum
* **Status:** 7 days carried over - DO THIS TODAY
WARNING: Regex training continues to slip. This is the foundation for all CLI mastery.
---
// Worklog Section: Work (CHLA) — Assembler
// Usage: include::partial$worklog/work-chla.adoc[]
// Contains: All work domains via sub-partials
//
// PARADIGM: Each concern = its own file in work/
// FILES: timekeeping.adoc, projects.adoc, priorities.adoc, tickets.adoc
//
// MAINTENANCE: Comment out sections for weekend/non-work worklogs
// Weekend: comment out timekeeping + tickets, keep projects + priorities
== Work (CHLA)
// Worklog Work: Timekeeping
// Usage: Included by worklog/work-chla.adoc assembler
// Contains: PeopleSoft time entry reminder
CAUTION: **CHARGE TIME IN PEOPLESOFT - CRITICAL.** Do this NOW before anything else.
xref:projects/chla/PRJ-peoplesoft-time-entry.adoc[PeopleSoft Time Entry Reference]
// Worklog Work: Projects
// Usage: Included by worklog/work-chla.adoc assembler
// Contains: P0/P1/P2 project priorities + case study links
// Critical Projects (P0) — Blocking or critical priority
// Usage: include::partial$trackers/work/projects/p0.adoc[]
// Last updated: 2026-04-04
=== Critical (P0)
[cols="2,3,1,1,1,2"]
|===
| Project | Description | Owner | Status | Due | Blocker
| Linux Research (Xianming Ding)
| EAP-TLS for Linux workstations, dACL, UFW
| Evan
| BEHIND
| 02-24
| Certificate "password required" - nmcli fix documented
| iPSK Manager
| Pre-shared key automation
| Ben Castillo
| BEHIND
| --
| DB replication issues
| MSCHAPv2 Migration
| Legacy auth deprecation
| Evan
| BEHIND
| --
| No progress on planning
| Research Segmentation
| All endpoints to Untrusted VLAN
| Evan
| BLOCKED
| --
| CISO decision pending
|===
// High Priority Projects (P1) — Important but not blocking
// Usage: include::partial$trackers/work/projects/p1.adoc[]
// Last updated: 2026-04-04
=== High Priority (P1)
[cols="2,3,1,1,1"]
|===
| Project | Description | Owner | Status | Target
| ISE 3.4 Migration
| Upgrade from 3.2p9
| Evan
| Blocked
| Q1 2026
| Switch Upgrades
| IOS-XE fleet update (C9300, 3560CX)
| Evan
| Pending
| Q1 2026
| Spikewell BYOD VPN
| dACL SQL, AD group integration
| Evan
| Active
| --
| Strongline Gateway
| MAC capture, Identity Group setup
| Evan
| Active
| --
| **QRadar → Sentinel Migration**
| Full SIEM platform transition, Monad evaluation
| Evan
| Active
| Q2 2026
|===
// Strategic Projects (P2) — Long-term or not yet started
// Usage: include::partial$trackers/work/projects/p2.adoc[]
// Last updated: 2026-04-04
=== Strategic (P2)
[cols="2,3,1,1"]
|===
| Project | Description | Owner | Status
| HHS Regulatory Compliance
| New HHS security policies implementation
| TBD
| NOT STARTED
| InfoSec Reporting Dashboard
| PowerBI metrics for executives
| TBD
| NOT STARTED
| EDR Migration (AMP → Defender)
| Endpoint protection consolidation
| TBD
| NOT STARTED
| Azure Legacy Migration
| Modern landing zone
| Team
| In Progress
| ChromeOS EAP-TLS
| SCEP + Victor, Paul testing
| Victor
| In Progress
|===
// Case Study Links — TAC, incidents, changes, RCAs
// Usage: include::partial$trackers/work/links/case-studies.adoc[]
// Last updated: 2026-04-04
==== Case Studies (March 2026)
**TAC Cases:**
* xref:case-studies/tac/TAC-2026-03-chla-8021x-auth-failures.adoc[TAC-2026-03 - 802.1X Auth Failures]
**Incidents:**
* xref:case-studies/incidents/INC-2026-03-16-strongline-gateway-vlan.adoc[INC - Strongline Gateway VLAN]
* xref:case-studies/incidents/PREP-2026-03-16-ise-incident-defense.adoc[PREP - ISE Incident Defense]
**Changes:**
* xref:case-studies/changes/CR-2026-03-10-vault-backup-selinux.adoc[CR - Vault Backup SELinux]
**RCAs:**
* xref:case-studies/rca/RCA-2026-03-16-001-8021x-eaptls-ca-chain.adoc[RCA - 802.1X EAP-TLS CA Chain]
* xref:case-studies/rca/RCA-2026-03-13-001-wifi-dhcp-failure.adoc[RCA - WiFi DHCP Failure]
// Worklog Work: Daily Priorities
// Usage: Included by worklog/work-chla.adoc assembler
// Contains: Today's actionable priority checkboxes
=== Today's Priorities
// Current Priorities — P0 and P1 daily checkbox items
// Usage: include::partial$trackers/work/priorities/current.adoc[]
// Last updated: 2026-04-04
* [ ] **P0** - MSCHAPv2 Migration: Run netapi endpoint report + pandas graph for team (URGENT — team meeting)
* [ ] **P0** - Enterprise Linux 802.1X: Standardize Shahab/Ding deployment (CISO priority)
* [ ] **P0** - Strongline Gateway VLAN fix (17 days - blocking Arin)
* [ ] **P0** - k3s NAT verification (24 days - CRITICAL)
* [ ] **P1** - Abnormal Security: ESA → API migration (Cisco→Microsoft shift)
* [ ] **P1** - DMZ Migration: External services audit behind NetScaler
* [ ] **P1** - Sentinel KQL: Build proficiency, distinguish from team
* [ ] **P1** - Monad Pipeline Evaluation (22 days - lead role assigned)
* [ ] **P1** - Vocera/Wyse iTrack RCA: Complete root cause report
* [ ] **P1** - GCC ISE Support: 3/4 nodes restored, PSN-04 deferred (NE-Systems)
* [ ] **P1** - Wazuh indexer recovery (blocked by NAT)
* [ ] **P1** - Vocera EAP-TLS Supplicant Fix (21 days)
// Worklog Work: ITSM Tickets
// Usage: Included by worklog/work-chla.adoc assembler
// Contains: Active service requests, incidents, and change requests
=== Active Tickets
// Service Requests — SR ticket tracking
// Usage: include::partial$trackers/work/itsm-tickets/service-requests.adoc[]
// Last updated: 2026-04-04
=== Service Requests (SR)
[cols="1,2,2,1,1"]
|===
| SR# | Request | Requestor | Opened | Status
| 3508542
| Zoll cards connection issue
| TBD
| TBD
| TODO
| 3508524
| Disable dot1x on (2) network ports - 5th floor 3250 Wilshire (PXE-boot imaging issues)
| TBD
| TBD
| Follow-up: Issues persisted after disable - plan to test re-enable
|===
// Incidents — INC ticket tracking
// Usage: include::partial$trackers/work/itsm-tickets/incidents.adoc[]
// Last updated: 2026-04-04
=== Incidents (INC)
[cols="1,1,2,1,1,1"]
|===
| INC# | Priority | Description | Opened | SLA | Status
| 1911859
| TBD
| Strongline Gateways in Miscellaneous Subnet
| TBD
| TBD
| TODO
|===
// Emergency Changes — ECAB change request tracking
// Usage: include::partial$trackers/work/itsm-tickets/changes-emergency.adoc[]
// Last updated: 2026-04-04
=== Change Requests - Emergency (ECAB)
[cols="1,2,1,1,1"]
|===
| CR# | Description | Opened | Scheduled | Status
| _No emergency changes_
|
|
|
|
|===
// Normal Changes — Standard change request tracking
// Usage: include::partial$trackers/work/itsm-tickets/changes-normal.adoc[]
// Last updated: 2026-04-04
=== Change Requests - Normal
[cols="1,2,1,1,1"]
|===
| CR# | Description | Opened | Scheduled | Status
| _No normal changes_
|
|
|
|
|===
// Scheduled Changes — Scheduled/standard change request tracking
// Usage: include::partial$trackers/work/itsm-tickets/changes-scheduled.adoc[]
// Last updated: 2026-04-04
=== Change Requests - Scheduled/Standard
[cols="1,2,1,1,1"]
|===
| CR# | Description | Opened | Window | Status
| _No scheduled changes_
|
|
|
|
|===
// RCA Changes — Root cause / post-incident change request tracking
// Usage: include::partial$trackers/work/itsm-tickets/changes-rca.adoc[]
// Last updated: 2026-04-04
=== Change Requests - Root Cause / Post-Incident
[cols="1,2,1,1,1"]
|===
| CR# | Description | Related INC | Opened | Status
| 100451
| Vocera Phones and Wyse devices went off network
| TBD
| TBD
| TODO
|===
---
== Session Accomplishments (Claude Code)
// Worklog Section: Personal
// Usage: include::partial$worklog/personal.adoc[]
// Contains: Personal projects, adhoc items, reference links
== Personal
// In Progress Projects
// Usage: include::partial$trackers/personal/projects/active.adoc[]
// Last updated: 2026-04-04
=== In Progress
[cols="2,3,1,2"]
|===
| Project | Description | Status | Notes
| k3s Platform
| Production k3s cluster on kvm-01
| Active
| Prometheus, Grafana, Wazuh deployed
| Wazuh Archives
| Enable archives indexing in Filebeat
| Active
| PVC fix pending
| kvm-02 Hardware
| Supermicro B deployment
| Active
| Hardware ready, RAM upgrade done
|===
// Planned Projects
// Usage: include::partial$trackers/personal/projects/planned.adoc[]
// Last updated: 2026-04-04
=== Planned
[cols="2,3,1,2"]
|===
| Project | Description | Target | Blocked By
| Vault HA (3-node)
| vault-02, vault-03 on kvm-02
| Q1 2026
| kvm-02 deployment
| k3s HA (3-node)
| Control plane HA
| Q1 2026
| kvm-02 deployment
| ArgoCD GitOps
| k3s GitOps deployment
| After k3s stable
| --
| MinIO S3
| Object storage for k3s
| After ArgoCD
| --
| xref:projects/personal/domus-inventory/index.adoc[Domus Inventory]
| Personal asset management (YAML + CLI + AsciiDoc)
| Q2 2026
| Schema approved
|===
// Active — Infrastructure
// Usage: include::partial$trackers/personal/tasks/active-infrastructure.adoc[]
// Last updated: 2026-04-04
=== Active — Infrastructure
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| **Wazuh agent deployment**
| Deploy agents to all infrastructure hosts
| P2
| Pending
| After archives fix
| **k3s Platform**
| Production k3s cluster on kvm-01
| P1
| In Progress
| --
| **Wazuh Archives**
| Enable archives indexing in Filebeat, PVC fix
| P1
| In Progress
| --
| **kvm-02 Hardware**
| Supermicro B deployment, RAM upgrade done
| P1
| In Progress
| --
|===
'''
// Active — Security & Encryption
// Usage: include::partial$trackers/personal/tasks/active-security.adoc[]
// Last updated: 2026-04-04
=== Active — Security & Encryption
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| **Configure 4th YubiKey**
| SSH FIDO2 keys
| P1
| TODO
| --
| **Cold storage M-DISC backup**
| age-encrypted archives
| P1
| TODO
| After YubiKey setup
|===
'''
// Active — Development & Tools
// Usage: include::partial$trackers/personal/tasks/active-development.adoc[]
// Last updated: 2026-04-04
=== Active — Development & Tools
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| **netapi Commercialization**
| Go CLI rewrite with Cobra-style argument discovery, package for distribution
| P0
| Active
| --
| **Ollama API Service**
| FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen
| P0
| Active
| --
| **Shell functions (fe, fec, fef)**
| File hunting helpers
| P3
| TODO
| --
|===
'''
// Active — Documentation
// Usage: include::partial$trackers/personal/tasks/active-docs.adoc[]
// Last updated: 2026-04-04
=== Active — Documentation
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| **D2 Catppuccin Mocha styling**
| domus-* spoke repos (177 files total)
| P3
| In Progress
| --
|===
'''
// Active — Financial
// Usage: include::partial$trackers/personal/tasks/active-financial.adoc[]
// Last updated: 2026-04-04
=== Active — Financial
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| **Amazon order history import**
| Download CSV from Privacy Central → parse with awk → populate subscriptions tracker
| P1
| Waiting
| Pending Amazon data export (requested 2026-04-04)
|===
'''
// Active — Education
// Usage: include::partial$trackers/personal/tasks/active-education.adoc[]
// Last updated: 2026-04-04
=== Active — Education
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| _No active education tasks — see education trackers_
|
|
|
|
|===
'''
// Active — Personal & Life Admin
// Usage: include::partial$trackers/personal/tasks/active-personal.adoc[]
// Last updated: 2026-04-04
=== Active — Personal & Life Admin
[cols="2,3,1,1,1"]
|===
| Task | Details | Priority | Status | Due
| **ThinkPad T16g Setup**
| Arch install, stow dotfiles, Ollama stack, netapi dev env
| P0
| Pending
| --
| **P50 Arch to Ubuntu migration**
| xref:case-studies/changes/CR-2026-03-12-p50-arch-to-ubuntu.adoc[CR-2026-03-12]
| P2
| In Progress
| --
| **X1 Carbon Ubuntu installs**
| 2 laptops, LUKS encryption
| P2
| In Progress
| --
| **P50 Steam Test**
| Test Flatpak Steam + apt cleanup of broken i386 packages
| P3
| Pending
| --
|===
// Documentation Sites Quick Links
// Usage: include::partial$trackers/personal/links/sites.adoc[]
// Last updated: 2026-04-04
==== Documentation Sites
* https://docs.domusdigitalis.dev/[docs.domusdigitalis.dev] - Private documentation hub
* https://docs.architectus.dev/[docs.architectus.dev] - Public portfolio site
=== Notes
_Day-specific personal notes here._
---
// Worklog Section: Education — Assembler
// Usage: include::partial$worklog/education.adoc[]
// Contains: All education domains via sub-partials
//
// PARADIGM: Each domain = its own file in education/
// FILES: ai-engineering.adoc, languages.adoc, study-today.adoc, regex.adoc
//
// MAINTENANCE: Add/remove domains by editing includes below
// To add RHCSA: include::partial$worklog/education/rhcsa.adoc[]
== Education
// Worklog Education: AI Engineering
// Usage: Included by worklog/education.adoc assembler
// Contains: Claude Code + AI training status
=== Claude Code + AI Engineering (ACTIVE)
=== Claude Code Mastery
[cols="2,3,1,1"]
|===
| Resource | Details | Progress | Status
| **Claude Code Full Course (4 hrs)**
| Nick Saraev - YouTube comprehensive course
| 26:49 / 4:00:00
| **IN PROGRESS**
| **Claude Code Certification**
| Anthropic official certification (newly released)
| Not started
| GOAL
|===
=== Active Tracks (Focus)
* xref:education/systems/regex-mastery.adoc[Regex Mastery] | xref:education/systems/regex/index.adoc[Curriculum]
* xref:education/rhcsa/index.adoc[RHCSA 9]
* xref:education/literature/don-quijote.adoc[Don Quijote] - Primera Parte
* xref:education/languages/dele-spanish.adoc[DELE C1/C2]
=== Skills Mastery (Critical)
* xref:education/systems/regex/index.adoc[Regex Mastery] - 10-module curriculum
* xref:education/programming/python.adoc[Python Mastery]
* xref:education/programming/bash.adoc[Bash Mastery]
* https://docs.asciidoctor.org/asciidoc/latest/[AsciiDoc Docs^] - Documentation format
* https://antora.org/[Antora Docs^] - Documentation pipeline
=== Certification Deadlines
* **CISSP** - Before June 1, 2026 (performance review)
* **RHCSA 9** - Before June 1, 2026 (performance review)
* **LPIC-1** - Renewal required (blocks LPIC-2)
// Worklog Education: Languages
// Usage: Included by worklog/education.adoc assembler
// Contains: DELE/SIELE certs, Don Quijote writing method
=== Language Certifications (DELE/SIELE)
=== Spanish C1 Certification Goals
[cols="2,2,1,1,2"]
|===
| Certification | Provider | Target | Status | Strategy
| xref:education/languages/siele.adoc[**SIELE C1**]
| https://siele.org/[Instituto Cervantes^] / UNAM / Salamanca
| **Q2 2026**
| ACTIVE
| Computer-based, faster results - take FIRST
| xref:education/languages/dele-spanish.adoc[**DELE C1**]
| https://examenes.cervantes.es/es/dele/que-es[Instituto Cervantes^]
| **Q3/Q4 2026**
| PLANNED
| After SIELE success, harder exam
| xref:education/languages/dele-spanish.adoc[**DELE C2**]
| https://examenes.cervantes.es/es/dele/que-es[Instituto Cervantes^]
| 2027
| FUTURE
| Mastery level - requires extensive immersion
|===
TIP: SIELE is computer-adaptive, results in 3 weeks. DELE is paper-based, results in 3-4 months. Do SIELE first to validate readiness.
=== Don Quijote Writing Practice - DELE C1/C2 Initiative
**Method:**
1. Read chapter in original Spanish
2. Write personal analysis/understanding _en espanol_
3. AI review for grammar, vocabulary, register
4. Build comprehensive understanding of literary elements
// Worklog Education: Today's Study
// Usage: Included by worklog/education.adoc assembler
// Contains: Current study focus pointer
=== Today's Study
* **Focus:** CISSP study (55 days to June 1), domus-api Phase 3 prep
* **Secondary:** RHCSA curriculum, Spanish DELE/SIELE
* [ ] CISSP — begin Phase 0 domain review
* [ ] RHCSA — continue curriculum phase
* [ ] Spanish — Don Quijote reading + analysis
* [ ] domus-api — evaluate Ollama RAG architecture for Phase 3
// Worklog Education: Regex Training
// Usage: Included by worklog/education.adoc assembler
// Contains: Regex training status (remove when complete)
=== Regex Training (CRITICAL)
* **Status:** 7 days carried over
* **Priority:** After PeopleSoft, before Quijote
* **Session:** Character classes, word boundaries
---
// Worklog Section: Infrastructure
// Usage: include::partial$worklog/infrastructure.adoc[]
// Contains: Infrastructure sites, HA status, SPOFs, validation
== Infrastructure
// Documentation Sites
// Usage: include::partial$trackers/personal/infrastructure/sites.adoc[]
// Last updated: 2026-04-04
=== Documentation Sites
[cols="2,2,1,2"]
|===
| Site | URL | Status | Actions Needed
| **Domus Digitalis**
| https://docs.domusdigitalis.dev[docs.domusdigitalis.dev]
| Active
| Validate, harden, improve
| **Architectus**
| https://docs.architectus.dev[docs.architectus.dev]
| Active
| Public portfolio site - maintain
|===
// HA Deployment Status
// Usage: include::partial$trackers/personal/infrastructure/ha-status.adoc[]
// Last updated: 2026-04-04
=== HA Deployment Status
[cols="2,2,1,2"]
|===
| System | Description | Status | Notes
| **VyOS HA**
| vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP
| ✅ COMPLETE
| 2026-03-07 - pfSense decommissioned
| **BIND DNS HA**
| bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR
| ✅ COMPLETE
| Zone transfer operational
| **Vault HA**
| Raft cluster (vault-01/02/03)
| ✅ COMPLETE
| Integrated with PKI
| **Keycloak Rebuild**
| keycloak-01 corrupted, rebuild from scratch
| 🔄 NEXT
| Priority P3 - SSO broken
| **FreeIPA HA**
| ipa-02 replica planned
| 📋 PLANNED
| Linux auth redundancy
| **AD DC HA**
| home-dc02 replication
| 📋 PLANNED
| Windows auth redundancy
| **iPSK Manager HA**
| ipsk-mgr-02 with MySQL replication
| 📋 PLANNED
| PSK portal redundancy
| **ISE HA**
| PAN HA (ise-01 reconfigure)
| ⏳ DEFERRED
| Wait until ise-02 stable
| **ISE 3.5 Migration**
| Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)
| 📋 PLANNED
| After 3.4 Migration completes (Q2 2026)
|===
// Single Points of Failure
// Usage: include::partial$trackers/personal/infrastructure/spof.adoc[]
// Last updated: 2026-04-04
=== Single Points of Failure (CRITICAL)
WARNING: These systems have NO redundancy - outage impacts production.
[cols="2,2,3"]
|===
| System | Impact if Down | Mitigation
| **ISE (ise-02)**
| All 802.1X stops - wired and wireless auth fails
| ise-01 reconfiguration deferred until ise-02 stable
| **Keycloak (keycloak-01)**
| SAML/OIDC SSO broken (ISE admin, Grafana, etc.)
| **NEXT PRIORITY** - Rebuild runbook
| **FreeIPA (ipa-01)**
| Linux auth, sudo rules, HBAC fails
| ipa-02 replica planned
| **AD DC (home-dc01)**
| Windows auth, Kerberos, GPO fails
| home-dc02 replica planned
| **iPSK Manager**
| Self-service PSK portal unavailable
| ipsk-mgr-02 with MySQL replication planned
|===
// Validation Tasks
// Usage: include::partial$trackers/personal/infrastructure/validation.adoc[]
// Last updated: 2026-04-04
=== Validation Tasks
[cols="2,3,1"]
|===
| Task | Details | Status
| docs.domusdigitalis.dev validation
| Test all cross-references, search, rendering
| TODO
| docs.domusdigitalis.dev hardening
| HTTPS, CSP headers, security review
| TODO
| docs.architectus.dev validation
| Public site content review
| TODO
| Hub-spoke sync verification
| All components building correctly
| Ongoing
|===
---
// Worklog Section: Quick Commands
// Usage: include::partial$worklog/quick-commands.adoc[]
// Contains: Frequently used commands for daily workflow
== Quick Commands
=== gopass-personal-docs Usage
[listing]
....
\# Interactive entry creation
gopass-personal-docs
\# Categories: 1) Bills 2) Subscriptions 3) Housing 4) Vehicles 5) Insurance
....
=== gopass-query Usage
[listing]
....
\# List all recurring bills with totals
gopass-query bills
\# List storage units with gate codes
gopass-query storage
\# Export category to JSON
gopass-query export bills
....
=== API: domus-api — Documentation System REST API
_Source: 2026-04-06 — First domus-api session, querying 2,928 .adoc files via REST endpoints_
[listing]
....
\# Start the API server (localhost:8080, Tailscale accessible)
cd ~/atelier/_projects/personal/domus-api && uv run uvicorn domus_api.main:app --host 0.0.0.0 --port 8080
\# Health check — document counts
curl -s localhost:8080/ | jq
\# Full repository stats by category
curl -s localhost:8080/stats | jq
\# All 20+ standards as JSON
curl -s localhost:8080/standards | jq
\# Standards — extract just ID and title (awk-style with jq)
curl -s localhost:8080/standards | jq -r '.standards[] | "\(.id)\t\(.title)"'
\# Full-text search across all files
curl -s 'localhost:8080/search?q=mandiant' | jq
\# Search — extract just path, title, match count
curl -s 'localhost:8080/search?q=mandiant' | jq '.results[] | {path, title, match_count}'
\# Scoped search (standards only)
curl -s 'localhost:8080/search?q=RFC+2119&scope=standards' | jq
\# Get specific page with full content + metadata
curl -s localhost:8080/pages/standards/operations/change-control | jq
\# List pages filtered by category
curl -s 'localhost:8080/pages?category=standards' | jq
curl -s 'localhost:8080/pages?category=codex&limit=10' | jq
\# All antora.yml attributes (127)
curl -s localhost:8080/attributes | jq
\# Swagger UI (open in browser)
\# http://localhost:8080/docs
\# Kill server on port 8080
kill $(lsof -ti:8080)
....
=== API: Incident & Change Record Queries
_Source: 2026-04-07 — Querying incidents and CRs via domus-api for work reporting_
[listing]
....
\# ─── INCIDENT QUERIES ───
\# Get incident title
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.title'
\# Read incident content as plain text (jq -r unescapes \n)
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.content' | head -50
\# List all incidents
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | "\(.title)\t\(.path)"'
\# Search incidents by keyword
curl -s 'localhost:8080/search?q=IOT_WAN' | jq -r '.results[] | "\(.title)\t\(.path)"'
\# Search for all VPN-related content
curl -s 'localhost:8080/search?q=GlobalProtect' | jq -r '.results[] | "\(.title)\t\(.path)"'
\# ─── CHANGE RECORD QUERIES ───
\# Get CR title
curl -s localhost:8080/pages/case-studies/changes/CR-2026-04-07-iot-wan-vpn-passthrough | jq -r '.title'
\# Read CR content
curl -s localhost:8080/pages/case-studies/changes/CR-2026-04-07-iot-wan-vpn-passthrough | jq -r '.content' | head -80
\# List all change records
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("changes")) | "\(.title)\t\(.path)"'
\# ─── WORKFLOW: INCIDENT TO CR TRACEABILITY ───
\# Find all documents related to an incident
curl -s 'localhost:8080/search?q=INC-2026-04-06-001' | jq -r '.results[] | "\(.path)"'
\# Find the CR linked to an incident
curl -s 'localhost:8080/search?q=CR-2026-04-07-iot-wan' | jq -r '.results[] | {title, path}'
\# ─── FORMAT FOR REPORTING ───
\# Incident summary as TSV (paste into spreadsheet)
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | [.title, .path] | @tsv'
\# Pipe to column for terminal table
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | [.title, .path] | @tsv' | column -t -s $'\t'
\# Export incident as markdown (basic conversion)
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.content' > /tmp/incident-report.txt
....
=== Security: Mandiant Vulnerability Assessment Discovery
_Source: 2026-04-06 — Searching domus-captures + Principia for pentest findings, dACLs, and remediation content_
[listing]
....
\# Search for Mandiant references across domus-captures
grep -ri 'mandiant' docs/modules/ROOT/ | awk 'NR<=30'
\# Find dACL / downloadable ACL content
grep -ri 'dacl\|downloadable.acl' docs/modules/ROOT/ | awk 'NR<=30'
\# Search Principia vault (legacy PKM) for Mandiant data
grep -ri 'mandiant' ~/atelier/_bibliotheca/Principia/ 2>/dev/null | awk 'NR<=30'
\# Find files with security assessment terms in the name
find docs/ -name '*mandiant*' -o -name '*vuln*' -o -name '*dacl*'
\# Find dACL diagram source files
find docs/modules/ROOT/images/diagrams -name 'dacl*'
\# Posture redirect ACL references (the critical finding)
grep -ri 'posture.*redirect\|redirect.*acl\|pre.auth.*acl' docs/modules/ROOT/ | awk 'NR<=20'
\# Cross-repo vulnerability search
grep -ri 'vulnerability.assess\|pentest\|penetration.test' docs/modules/ROOT/pages/2026/ | awk 'NR<=20'
\# Principia asset directory discovery (OPS-* and PRJ-* directories)
find ~/atelier/_bibliotheca/Principia/02_Assets -maxdepth 1 -type d \( -name 'OPS-*' -o -name 'PRJ-*' \)
\# Raspberry Pi OUI detection (from pentest findings)
\# netapi ise mnt --format json sessions | jq -r '.[] | select(.calling_station_id | startswith("B8:27:EB") or startswith("DC:A6:32") or startswith("E4:5F:01")) | [.calling_station_id, .framed_ip_address, .nas_ip_address] | @tsv'
....
=== Audio: PipeWire Validation (Post-Reboot)
_Source: 2026-04-06 — P16g audio testing after sof-firmware install_
[listing]
....
\# PipeWire status (replaces pulseaudio pavucontrol for status)
wpctl status
\# List all audio sinks (short format)
pactl list sinks short
\# Play audio through default sink (native PipeWire — no alsa-utils needed)
pw-play /usr/share/sounds/freedesktop/stereo/bell.oga
\# Play through specific sink by ID
pw-play --target 65 /usr/share/sounds/freedesktop/stereo/bell.oga
\# Kernel audio firmware messages (Intel SOF)
journalctl -b --grep='sof|cs35l56|cs42l43' --no-pager | tail -20
\# ALSA sound cards
cat /proc/asound/cards
....
=== Git: Cross-Repo Activity Audit
_Source: 2026-04-06 — Reconstructing daily AI session history across all domus repos_
[listing]
....
\# All commits on a specific date across all domus repos
for repo in ~/atelier/_bibliotheca/domus-*/ ~/atelier/_projects/personal/domus-*/; do
[ -d "$repo/.git" ] || continue
name=$(basename "$repo")
git -C "$repo" log --since="2026-04-06" --until="2026-04-07" --format="%h %aI %s" 2>/dev/null |
awk -v r="$name" '{print r, $0}'
done
\# Structured commit log as JSON (pipe to jq)
git -C ~/atelier/_bibliotheca/domus-captures log --pretty=format:'{"hash":"%h","date":"%aI","subject":"%s"}' -20 |
jq -s 'sort_by(.date) | reverse'
\# Commits per month (aggregation)
git -C ~/atelier/_bibliotheca/domus-captures log --pretty=format:'{"date":"%aI"}' -100 |
jq -s 'map(.date | split("T")[0] | split("-")[0:2] | join("-")) | group_by(.) | map({month: .[0], count: length}) | sort_by(.month)'
\# Cross-repo search via GitHub API (quote URL for zsh)
gh search code "vault seal" --owner EvanusModestus --json repository,path,textMatches |
jq '.[] | {repo: .repository.full_name, file: .path, match: .textMatches[].fragment}'
\# List .adoc files in a repo via GitHub API
gh api 'repos/EvanusModestus/domus-captures/git/trees/main?recursive=1' |
jq '[.tree[] | select(.path | endswith(".adoc"))] | length'
\# Cross-repo activity dashboard (last 5 per repo)
for repo in domus-captures domus-infra-ops domus-ise-linux domus-netapi-docs domus-secrets-ops; do
git -C ~/atelier/_bibliotheca/$repo log --pretty=format:"{\"repo\":\"$repo\",\"date\":\"%aI\",\"subject\":\"%s\"}" -5 2>/dev/null
done | jq -s 'sort_by(.date) | reverse | .[:15] | .[] | "\(.date | split("T")[0]) [\(.repo)] \(.subject)"' -r
\# Antora attribute comparison across repos
for f in ~/atelier/_bibliotheca/domus-*/docs/asciidoc/antora.yml; do
repo=$(basename "$(dirname "$(dirname "$(dirname "$f")")")")
count=$(yq '.asciidoc.attributes | length // 0' "$f")
printf "%-30s %s attributes\n" "$repo" "$count"
done
....
=== Attribute Includes
[source,asciidoc]// Worklog Section: Related Documents // Usage: include::partial$worklog/related.adoc[] // Contains: Common cross-references for worklogs == Related Documents * xref:education/literature/quijote/index.adoc[Don Quijote - Estudio Completo] * xref:projects/chla/PRJ-peoplesoft-time-entry.adoc[PeopleSoft Time Entry] * xref:trackers/work-2026-02.adoc[Work Tracker] * xref:patterns/index.adoc[Pattern Journal] == Today's Remaining TODO === Must Do (Before End of Day) === Should Do (If Time Permits) === Stretch Goals
Header
| Element | Rule |
|---|---|
Title |
|
|
Day name (bold in Summary, plain here) + concise summary of day’s output |
|
|
Summary Section
The Summary opens with Day Name. followed by a dense paragraph. Quantify where possible: file counts, line counts, key outcomes. This paragraph is the entry point for monthly rollups.
Section Includes
Section includes pull from partials/worklog/. Content is written directly into these partials daily:
| Partial | Purpose |
|---|---|
|
Time-sensitive items, blockers, escalations |
|
Early-day tasks, triage, planning |
|
Work-specific (CHLA) tasks and accomplishments |
|
Personal projects and homelab work |
|
Learning, certifications, study sessions |
|
Infrastructure changes, deployments, maintenance |
|
CLI patterns learned or commands worth remembering |
|
Cross-references to case studies, sessions, or other worklogs |
Session Accomplishments
Inline content (not a partial) documenting Claude Code sessions. Each session gets an === Title heading with bullet points covering scope, key actions, and quantified output.
TODO Section
Three tiers, each with checkbox items (* [ ] or * [x]):
-
Must Do — non-negotiable for the day
-
Should Do — valuable if time permits
-
Stretch Goals — aspirational, no guilt if deferred
Section Partials Location
All section partials live in:
docs/modules/ROOT/partials/worklog/
These files are rewritten daily. They contain section-level content (headings, lists, prose) that the worklog page pulls in via include::partial$worklog/<name>.adoc[]. Empty partials are valid — they produce no output in the rendered page.
Requirements
-
Every workday MUST have a worklog created via
make new-day. -
The
:description:attribute MUST include the day name and a summary of the day’s work. -
Session Accomplishments MUST list every AI-assisted work session with scope and quantified output (files touched, lines written).
-
The TODO section MUST use the three-tier structure: Must Do, Should Do, Stretch Goals.
-
Uncompleted Must Do items MUST carry forward to the next worklog or be explicitly dropped with justification.
-
Section partials MUST be rewritten daily — stale content from previous days is misleading.
-
No
:toc:attribute in any worklog file. -
No hardcoded IPs, hostnames, or credentials — use
{attributes}. -
Build MUST be clean before committing:
make 2>&1 | grep -E "WARN|ERROR".
Compliance
| Check | Method | Pass Criterion |
|---|---|---|
Worklog exists for workday |
|
File exists |
Description includes day name |
|
Day name present (Monday-Sunday) |
Session accomplishments documented |
Visual inspection of |
At least one session entry per AI-assisted workday |
TODO tiers present |
|
All three tiers present |
Build clean |
|
Zero output |
No stale partials |
Compare partial dates against worklog date |
Partials reflect current day’s content |
Related
-
STD-003: File Naming — naming conventions including WRKLOG prefix
-
STD-009: Repository Architecture — directory skeleton and chronological organization