| 2026-05-27T11:14:09Z | mack | .135 | ping | test:phase1-prep | audit-emit reachable from automation pipe | mack-authentik-phase1-20260527 | — | — |
| 2026-05-27T10:34:16Z | mack | .135 | create | docker:audit-viewer | audit-viewer container live + Traefik file-provider route + Cloudflare Tunnel ingress for audit.bjnoela.com; backfill 19 events; Phase 1 complete | audit-trail-phase1-deploy-2026-05-27 | /mnt/nas/docker/docker-compose.yml.bak-mack-auditviewer-20260527T103038Z | rollbackcd /mnt/nas/docker && sudo docker compose down audit-viewer && sudo cp docker-compose.yml.bak-mack-auditviewer-20260527T103038Z docker-compose.yml && sudo rm /var/lib/container-data/traefik/config/audit-viewer.yaml |
| 2026-05-27T06:20:00Z | mack | .135 | config-edit | Deliverables/2026-05-26-vaultwarden_mariadb_dump.sh | Wired vaultwarden dump script to call audit_emit.sh on every successful dump | audit-trail-phase1-2026-05-27 | Deliverables/2026-05-26-vaultwarden_mariadb_dump.sh.bak-mack-audit-20260527 | rollbackcp Deliverables/2026-05-26-vaultwarden_mariadb_dump.sh.bak-mack-audit-20260527 Deliverables/2026-05-26-vaultwarden_mariadb_dump.sh |
| 2026-05-27T06:15:00Z | mack | .135 | config-edit | .claude/agents/{mack,sentry,hue}.md | Updated 3 agent shims with mandatory audit-emit section (Phase 1 contract) | audit-trail-phase1-2026-05-27 | .claude/agents/{mack,sentry,hue}.md.bak-mack-audit-20260527 | rollbackfor f in mack sentry hue; do cp .claude/agents/$f.md.bak-mack-audit-20260527 .claude/agents/$f.md; done |
| 2026-05-27T06:10:00Z | mack | .135 | create | projects/audit-viewer/ | Mack created FastAPI audit-viewer staging (deploy target /mnt/nas/docker/audit-viewer/) | audit-trail-phase1-2026-05-27 | — | rollbackrm -rf /mnt/nas/docker/audit-viewer && dcdown audit-viewer |
| 2026-05-27T06:05:00Z | mack | .135 | create | scripts/audit_emit.py | Mack created Python sibling audit_emit.py | audit-trail-phase1-2026-05-27 | — | rollbackgit revert <audit-emit-py-commit> |
| 2026-05-27T06:00:00Z | mack | .135 | create | scripts/audit_emit.sh | Mack created audit_emit.sh helper (Phase 1 §6.1 deliverable) | audit-trail-phase1-2026-05-27 | — | rollbackgit revert <audit-emit-commit> |
| 2026-05-27T05:00:00Z | pax | .135 | create | Deliverables/2026-05-27-authentik-sso-integration-roadmap.md | Pax authored Authentik SSO integration roadmap | authentik-roadmap-2026-05-27 | — | — |
| 2026-05-27T04:00:00Z | pax | .135 | create | Deliverables/2026-05-27-wave-5-cutover-plan-pax.md | Pax authored Wave 5 cutover plan + script | wave-5-plan-2026-05-27 | — | — |
| 2026-05-27T03:00:00Z | mack | .135 | create | docker:dockhand-env-sweep | Dockhand env sweep complete (per dockhand-env-sweep-complete.md) | dockhand-sweep-2026-05-27 | — | — |
| 2026-05-27T02:30:00Z | pax | .135 | create | Deliverables/2026-05-27-homelab-audit-and-rollback-design.md | Pax authored Phase 1 audit-trail design brief (this work's predecessor) | pax-audit-design-2026-05-27 | — | rollbackgit revert <design-doc-commit> |
| 2026-05-27T02:00:00Z | mack | .135 | migrate | docker:wave-3-slot-set | Wave 3 cutover (silent vikunja failure surfaced; >30s healthcheck gate added) | wave-3-2026-05-27 | — | rollback# per wave-3 cutover script in artifacts/ |
| 2026-05-27T01:30:00Z | sentry | pfsense | config-edit | pfsense:unbound:host_entries | Unbound host_entries snapshot pre-renumber (see pfsense-pre-unbound-host_entries.conf) | unbound-pre-renumber-2026-05-27 | Deliverables/2026-05-27-pfsense-pre-unbound-host_entries.conf | rollbackcp Deliverables/2026-05-27-pfsense-pre-unbound-host_entries.conf /var/unbound/host_entries.conf && pfSsh.php playback reload_unbound |
| 2026-05-27T01:00:00Z | sentry | pfsense | config-edit | pfsense:wan:port-forwards | Closed WAN port-forwards (now superseded by Cloudflare Tunnel) — see pfsense-pre-dns-step1-and-wan-close.xml | wan-close-2026-05-27 | Deliverables/2026-05-27-pfsense-pre-dns-step1-and-wan-close.xml | rollbackcp Deliverables/2026-05-27-pfsense-pre-dns-step1-and-wan-close.xml /cf/conf/config.xml && pfSsh.php playback restart_all |
| 2026-05-27T00:30:00Z | mack | .135 | create | cloudflare:tunnel:bjnoela-tunnel | Created Cloudflare Tunnel + ingress for bjnoela.com (replaces WAN-exposed ports) | cf-tunnel-2026-05-27 | — | rollbackcloudflared tunnel delete bjnoela-tunnel |
| 2026-05-26T23:00:00Z | mack | cloudflare | delete | cloudflare:bjnoela.com:meshcentral | Deleted stale CF DNS record meshcentral.bjnoela.com (3 records, Bryan-authorized, WAN ports closing) | cf-cleanup-2026-05-26 | cloudflare-record-id:a9d7969d-...-archived-in-MEMORY.md | rollback# Recreate via Cloudflare API; rollback IDs in Team Knowledge/MEMORY.md |
| 2026-05-26T22:00:00Z | sentry | pfsense | config-edit | pfsense:sudoers:sentry | sudoers grant on pfSense for sentry-user (limited cmd set, per preflight) | pfsense-sudoers-2026-05-26 | Deliverables/2026-05-27-pfsense-pre-task1-fresh-084359.xml | rollbackcp Deliverables/2026-05-27-pfsense-pre-task1-fresh-084359.xml /cf/conf/config.xml && pfSsh.php playback restart_all |
| 2026-05-26T21:15:00Z | sentry | nas1 | restart | nas1:reboot | NAS1 reboot to clear hung NFS exports (Bryan-authorized) | nas1-reboot-2026-05-26 | — | — |
| 2026-05-26T20:30:00Z | mack | .135 | restart | docker:daemon | Docker daemon recovery + Traefik restart (sibling-Mack task) | docker-recovery-2026-05-26 | — | rollbacksystemctl restart docker && dcup traefik |
| 2026-05-26T19:45:00Z | mack | .135 | migrate | docker:wave-2-slot-set | Wave 2 cutover: per wave-2-cutover-plan-mack.md (with 3 retries — see wave-2-retry{,2,3}.sh) | wave-2-2026-05-26 | Deliverables/2026-05-26-wave-2-retry3.sh | rollbackbash Deliverables/2026-05-26-wave-2-retry3.sh --rollback |
| 2026-05-26T18:30:00Z | mack | .135 | migrate | docker:wave-1-slot-set | Wave 1 cutover: migrated containers per wave-1-cutover-plan-mack.md (Traefik + adjacent stack) | wave-1-2026-05-26 | Team Knowledge/session-logs/2026/05/artifacts/traefik-docker-compose.post-W1-20260526.yml | rollbackcp Team\ Knowledge/session-logs/2026/05/artifacts/traefik-docker-compose.post-W1-20260526.yml /var/lib/container-data/traefik/docker-compose.yml && dcup traefik |