Project Reconciliation

Last reviewed: 2026-06-22

This project is acting as the local memory bank for the home infrastructure: Synology, Docker applications, UniFi, Pi-hole, Google Cloud DNS, desktop worker details, and diagrams. The total captured data is still small, so cleanup is mainly about clarity and avoiding stale evidence, not reclaiming disk space.

Retention Approach

Authoritative retention rules are now documented in RETENTION_POLICY.md.

Incident summaries are tracked in INCIDENT_REGISTER.md and

incidents/<date-topic>/SUMMARY.md.

• Keep current-state handoff docs, topology docs, helper scripts, and latest known-good inventory snapshots.
• Treat .ps1 helper scripts as protected assets. Do not delete them during cleanup unless the user explicitly approves the exact script path.
• Keep incident summaries long term. Keep raw incident evidence only while it is

active or within its review window, especially Synology Btrfs scrub results,

Tdarr error audits, Docker migration history, Plex diagnostics, and

post-cache-removal performance baselines.

• Remove failed, duplicate, or superseded snapshots only after explicit approval.
• Do not delete secrets automatically. Secret folders are intentionally ignored by Git, but they may still live inside OneDrive-backed project paths.

Keep

• synology/storage/btrfs-logical-resolve/20260522-104423/
• Documents the final Btrfs scrub follow-up and confirms the logical resolve no longer maps to an existing file.
• synology/performance/snapshots/
• Useful for comparing behavior before, during, and after SSD cache removal.
• synology/docker/tdarr/error-audit/
• Keep until the current Tdarr transcode error pattern is understood and stabilized.
• synology/docker/plex-diagnostics/20260515-235255/
• Useful historical evidence for Plex remote streaming and database concerns.
• pihole/inventory/snapshots/20260522-105011/
• Keep as the first post-alignment Pi-hole baseline.
• pihole/inventory/snapshots/20260531-073007/
• Prior weekly-maintenance Pi-hole inventory baseline retained for

comparison.

• pihole/inventory/snapshots/20260607-073003/
• Weekly-maintenance Pi-hole inventory baseline before the PiHole4B cutover.
• pihole/inventory/snapshots/20260613-153931/
• First post-PiHole4B replacement on-demand inventory baseline.
• pihole/inventory/snapshots/20260621-073002/
• Newest weekly-maintenance Pi-hole inventory baseline after the PiHole4B

cutover. The folder contains raw capture output rather than a README

summary, so pair it with the weekly report when reviewing it.

• reports/weekly-maintenance/20260621-073001/
• Newest weekly maintenance report bundle. All scheduled capture steps

completed successfully.

• unifi/config-audit/20260524-231737/
• Newest reviewed port-forward/security posture baseline after the Seerr reverse-proxy work.
• unifi/inventory/snapshots/20260531-073019/
• Prior weekly-maintenance UniFi inventory baseline retained for comparison.
• unifi/inventory/snapshots/20260607-073015/
• Prior weekly-maintenance UniFi inventory baseline retained for comparison.
• unifi/inventory/snapshots/20260621-073006/
• Newest weekly-maintenance UniFi inventory baseline.
• unifi/wifi/snapshots/20260531-073020/
• Prior weekly-maintenance Wi-Fi/AP baseline retained for comparison.
• unifi/wifi/snapshots/20260607-073016/
• Prior weekly-maintenance Wi-Fi/AP baseline retained for comparison.
• unifi/wifi/snapshots/20260621-073006/
• Newest weekly-maintenance Wi-Fi/AP baseline.
• google-cloud-dns/inventory/snapshots/20260531-113023/
• Prior weekly-maintenance Google Cloud DNS inventory baseline retained for

comparison.

• google-cloud-dns/inventory/snapshots/20260607-113020/
• Prior weekly-maintenance Google Cloud DNS inventory baseline.
• google-cloud-dns/inventory/snapshots/20260613-005919/
• Google Cloud DNS snapshot and DNSSEC-review baseline.
• google-cloud-dns/inventory/snapshots/20260621-113009/
• Newest weekly-maintenance Google Cloud DNS inventory baseline.
• google-cloud-dns/inventory/snapshots/20260601-225557/
• Newest security-review Google Cloud DNS inventory baseline.
• pihole/inventory/snapshots/20260601-185546/
• Newest security-review Pi-hole inventory baseline.
• unifi/inventory/snapshots/20260601-185251/
• Newest security-review UniFi inventory baseline.
• unifi/config-audit/20260601-185546/
• Newest security-review UniFi port-forward/config baseline.
• synology/system/privileged-health/20260531-073030/
• Prior weekly-maintenance Synology read-only health baseline.
• synology/system/privileged-health/20260621-073013/
• Newest weekly-maintenance Synology read-only health baseline.
• synology/system/privileged-health/20260601-185157/
• Newest security-review Synology privileged health baseline.
• synology/security/audits/20260601-190945/
• Current privileged Synology security audit baseline. It supersedes the

earlier 20260601-190324 run.

• synology/docker/container-manager-registry/snapshots/20260527-100949/
• Keep as the current Container Manager project-registration evidence from

the 2026-05-27 reconciliation pass.

• synology/docker/tdarr/health/20260527-182550/
• Keep while the TV Shows legacy repair queue is still active and under review.
• synology/docker/projects/observability-compose/
• Active Grafana/Prometheus monitoring stack source, dashboards, exporters,

alert rules, and current-state documentation. Keep this as maintained

project source, not disposable snapshot data.

• synology/support-cases/20260614-volume1-btrfs-md2/
• Active Synology support-case bundle for recurring Volume 1 Btrfs metadata

errors, md2 self-heal retries, and Plex buffering/storage-stall analysis.

Keep until Synology support or a Volume 1 rebuild/migration decision is

complete.

• synology/storage/VOLUME1_REBUILD_MIGRATION_PLAN.md
• Active runbook for the DX1222 Volume 4 evacuation, true-up, validation, and

eventual Volume 1 remove/recreate/restore workflow. Keep current until the

rebuild and restore are complete.

• /volume4/migration-from-volume1 on the Synology
• Active temporary evacuation landing copy for Volume 1. This is not a local

repo path, but it is a protected operational artifact: do not delete,

prune, or repurpose it during project cleanup.

• /volume2/docker-v5 on the Synology
• Current project docs identify this as the active Volume5 SSD-role root for

most non-Plex container appdata/projects/secrets. Follow-up: verify DSM's

displayed Volume5 name/number versus the /volume2/docker-v5 mount path

before retiring old Volume2/VM Storage references.

• /volume4/migration-from-volume1/volume5-backups/docker-v5 on the Synology
• One-way backup copy target for Volume5 appdata/projects/secrets. Keep while

Volume5 cutover and rollback posture are being validated.

Cleanup Candidates

The following cleanup candidates were approved and removed on 2026-05-22:

• Failed or incomplete Synology Docker inventory attempts:
• synology/docker/inventory/snapshots/20260515-225615/
• synology/docker/inventory/snapshots/20260515-225637/
• synology/docker/inventory/snapshots/20260515-225834/
• synology/docker/inventory/snapshots/20260515-225943/
• synology/docker/inventory/snapshots/20260515-230052/
• synology/docker/inventory/snapshots/20260515-230135/
• synology/docker/inventory/snapshots/20260515-230310/
• synology/docker/inventory/snapshots/20260515-230326/
• synology/docker/inventory/snapshots/20260515-230528/
• synology/docker/inventory/snapshots/20260515-230827/
• synology/docker/inventory/snapshots/20260515-231046/
• synology/docker/inventory/snapshots/20260515-231113/
• Superseded UniFi SSH/config exploration snapshots:
• unifi/ssh-snapshots/20260521-002348/
• unifi/ssh-snapshots/20260521-002919/
• unifi/ssh-snapshots/20260521-003658/
• unifi/ssh-snapshots/20260521-003751/
• unifi/ssh-snapshots/20260521-003838/
• unifi/config-audit/20260521-0040/
• unifi/config-audit/20260521-004436/
• Superseded Pi-hole inventory attempts:
• pihole/inventory/snapshots/20260521-101312/
• pihole/inventory/snapshots/20260521-101417/
• pihole/inventory/snapshots/20260521-101458/
• pihole/inventory/comparisons/20260521-1131/
• Failed or redundant Btrfs logical-resolve attempts:
• synology/storage/btrfs-logical-resolve/20260522-104022/
• synology/storage/btrfs-logical-resolve/20260522-104203/
• synology/storage/btrfs-logical-resolve/20260522-104308/
• First Wi-Fi helper output with less useful historical-client data:
• unifi/wifi/snapshots/20260522-110514/
• Early Tdarr progress attempts if no longer needed:
• synology/docker/tdarr/progress/20260522-123026/
• synology/docker/tdarr/progress/20260522-123047/

Remaining Cleanup Candidates

The following cleanup was approved by the user and performed on 2026-06-01:

• Superseded initial/nonprivileged security-review capture:
• security/synology/20260601-185120/
• Superseded first privileged Synology security audit:
• synology/security/audits/20260601-190324/
• Failed or superseded Container Manager registry capture attempts:
• synology/docker/container-manager-registry/snapshots/20260527-100448/
• synology/docker/container-manager-registry/snapshots/20260527-100603/
• synology/docker/container-manager-registry/snapshots/20260527-100610/
• synology/docker/container-manager-registry/snapshots/20260527-100723/

No other deletion candidates are approved at this time. The latest weekly

retention dry run on 2026-06-21 now reports older May snapshot folders for

review. Treat those as a candidate review queue only; no deletion is approved

until exact paths are summarized, checked against incident/support value, and

explicitly approved.

Non-Destructive Cleanup

• Normalize shell helper scripts to LF line endings and no UTF-8 BOM before copying them to Linux systems.
• Improve script comments and purpose blocks as scripts are touched. Prefer documenting or deprecating scripts over deleting them.
• Prefer keeping current snapshots named by date and documenting which one is authoritative in each area-specific handoff.
• Keep .secrets directories ignored. If OneDrive sync warnings become annoying or risky, move long-lived private keys and API credentials outside the OneDrive-backed workspace and leave only template/example files in the project.
• Current local secret/OneDrive hygiene findings are tracked in

SECURITY_HYGIENE_REVIEW.md.

• Use tools/project/Get-RetentionCleanupCandidates.ps1 for dry-run retention

review. It reports candidates only and does not delete files.

Approval Required Before Deletion

No files in the cleanup candidate list should be removed until explicitly approved. When approved, use PowerShell Remove-Item -LiteralPath ... -Recurse only after confirming each resolved path is inside the VHNIC workspace.