VHNIC Retention Policy

Last updated: 2026-06-22

This project is the local memory bank for the home infrastructure. It should

keep enough information to troubleshoot, rebuild, and hand off work without

keeping raw logs forever.

Rules

• Keep human-readable summaries longer than raw logs.
• Keep helper scripts, handoff docs, topology docs, and current-state docs.
• Treat .ps1 helper scripts as protected assets. Do not delete scripts unless

the exact script path is explicitly approved.

• Do not delete, prune, repair, wipe, or reformat anything without explicit

approval for the exact target.

• Do not modify /volume1/data/media/personal.
• Do not store secrets in incident summaries, registers, or tracked docs.
• Prefer dry-run cleanup reports before any deletion.

Incident Evidence

Incident evidence is split into two layers:

• Long-term summary: keep in INCIDENT_REGISTER.md and

incidents/<date-topic>/SUMMARY.md.

• Raw evidence: keep in incidents/<date-topic>/evidence/ only while it is

useful for an active investigation or post-incident review.

Default retention:

Raw evidence may be deleted after the Raw evidence review date in the

incident summary if the summary is complete and the user approves the exact

paths.

Inventory Snapshots

Default retention:

When a snapshot is retained as authoritative, document that in the relevant

area handoff or current-state file.

Metrics And Logs

Current implemented settings:

• Prometheus retention: 30 days.
• Observability Docker logs: 10m max size and 3 files per container.
• Pi-hole Teleporter backups: 30 days.
• NZBHydra2 config backups: every 7 days, delete after 2 weeks.

Recommended targets:

June 1 security-review note:

• Keep the latest privileged Synology security audit and cross-system inventory

baselines because they support the 2026-06-01 breach assessment.

• Failed or superseded security-review captures can be removed after the

findings are summarized in security/breach-assessment-20260601.md and

PROJECT_RECONCILIATION.md.

June 14 storage-support note:

• Keep synology/support-cases/20260614-volume1-btrfs-md2/ and related

2026-06-14 Plex/storage incident analysis until Synology support or a Volume

1 rebuild/migration decision is complete.

• Treat the included diagnostic folders as active storage-integrity evidence,

not routine weekly report data.

June 16/17 Volume 1 evacuation note:

• Keep synology/storage/VOLUME1_REBUILD_MIGRATION_PLAN.md, migration helper

logs/status output referenced there, and any saved validation notes until the

Volume 1 evacuation, final true-up, rebuild, restore, and post-restore

validation are complete.

• Do not treat /volume4/migration-from-volume1 as disposable cleanup data

while it is the active evacuation landing copy.

June 21 weekly retention dry-run note:

• reports/weekly-maintenance/20260621-073001/retention-cleanup-dry-run.txt

lists older May snapshot folders for review. This is a review queue only.

No cleanup is approved until the exact paths are summarized, checked against

incident/support value, and explicitly approved by the user.

• Keep current weekly baselines from 2026-06-21 and retain pre/post change

baselines that document PiHole4B cutover, Volume 1 support/rebuild work,

security review, and Docker/appdata migration decisions.

Cleanup Workflow

1. Summarize the incident or snapshot in a durable doc.

2. Mark raw evidence with a review date.

3. Run a dry-run cleanup candidate report.

4. Present exact paths and rationale to the user.

5. Delete only approved exact paths.

6. Update PROJECT_RECONCILIATION.md after cleanup.

Enforcement

The project helper tools/project/Get-RetentionCleanupCandidates.ps1 is

dry-run only. It reports possible stale raw evidence and old snapshots. It does

not delete files.

Any future cleanup helper that deletes files must:

• require an explicit -Apply style switch,
• print every path before deletion,
• verify every resolved path is inside the VHNIC workspace,
• avoid .ps1, .md, .json, .yaml, .yml, .toml, .env, and

.secrets cleanup unless a human explicitly approves exact paths.

Evidence Type	Default Retention
Active unresolved incident raw evidence	Until resolved, then 30-90 days
Resolved incident raw logs and command output	30 days
Storage integrity incidents	180 days unless summarized enough to remove sooner
Security/access incidents	180 days
Performance baselines	Keep latest known-good plus one before/after comparison
Per-incident SUMMARY.md files	Keep indefinitely
Top-level INCIDENT_REGISTER.md	Keep indefinitely
Snapshot Type	Default Retention
Latest known-good inventory per area	Keep
Baseline after major configuration change	Keep
Failed/incomplete capture attempts	Delete after approval once superseded
Duplicate routine captures	Keep newest 3-5 per area unless useful
UniFi/Pi-hole/DNS config baselines	Keep current baseline and one prior baseline
System	Retention Target
Prometheus metrics	30 days now; consider 90 days only if useful
Grafana dashboards/config	Keep as project source plus appdata backup
Tautulli history	Keep in Tautulli; do not export raw history unless needed
Plex diagnostic pulls	Keep as incident raw evidence, not routine archive
Tdarr audit pulls	Keep while rollout/error pattern is active, then summarize
Pi-hole Teleporter backups	30 daily copies; optional 6-12 monthly copies later
Google Cloud DNS snapshots	Keep current baseline and previous baseline
UniFi snapshots	Keep current baseline and previous baseline