Password Secure: Release 26.5.1

[florian-berger-netwrix]

• Adds the changeset of the new Password Secure version (26.5.1)
• Fixed a broken anchor in the AA26 docs in a way the pre-commit hook accepts (currently broken in dev)

[github-actions]

Auto-Fix Summary

1 issues fixed, 2 skipped across 2 files

Category	Fixes
Dale: misplaced-modifiers	1

Skipped (needs manual review)	Reason

| docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md:20 — Dale: wordiness | 'Fixed an issue that caused heavy performance issues' is mildly redundant, but the 'Fixed an issue that caused X' format is a standard changelog convention; rewriting risks changing meaning |
| docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md:15 — Dale: negative-assumptions | 'you can't use the path from the web' states a technical limitation of the web client, not a negative assumption about the user's general capabilities |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

Auto-Fix Summary

8 issues fixed, 3 skipped across 3 files

Category	Fixes
Dale: passive-voice	4
Dale: wordiness	4

Skipped (needs manual review)	Reason

| docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md:20 — Dale: wordiness | 'an issue that caused heavy performance issues' has redundant 'issue/issues' wording, but rewriting it without losing the changelog convention or changing the meaning is ambiguous |
| docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md:21 — Dale: wordiness | 'permissions of Active Directory profiles and Entra ID profiles not to load' is awkward, but possible rewrites change emphasis or meaning |
| docs/passwordsecure/current/msp_system.md:46 — Dale: wordiness | 'RECOMMENDED:, you should use an application server to handle a max of about 100 customers' has typos and informal language but the intended meaning is unclear enough that a confident rewrite isn't possible |

Ask @claude on this PR if you'd like an explanation of any fix.

[florian-berger-netwrix]

@claude What did you do in docs/accessanalyzer/2601/configurations/activity-monitor-integration.md? Access Analyzer is not relevant for a Password Secure release and should not be here!

[github-actions]

Auto-Fix Summary

5 issues fixed, 5 skipped across 3 files

Category	Fixes
Dale: wordiness	5

Skipped (needs manual review)	Reason

| docs/passwordsecure/current/msp_system.md:13 — Dale: misplaced-modifiers | Subject 'system requirements should manage' is awkward, but rewriting could change technical meaning. Multiple valid interpretations exist (a system meeting these requirements vs. these requirements as a configuration) |
| docs/passwordsecure/current/msp_system.md:31 — Dale: misplaced-modifiers | Same construction as line 13; same ambiguity |
| docs/passwordsecure/current/msp_system.md:9 — Dale: wordiness | 'You should make ... available' could be tightened, but the imperative rephrase shifts tone and the 'you should' is acceptable here |
| docs/passwordsecure/current/msp_system.md:45 — Dale: wordiness | 'RECOMMENDED:, you should use' has a punctuation/style issue but rewriting could conflict with the bold-prefix admonition pattern used elsewhere in the file |
| docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md:15 — Dale: negative-assumptions | 'you can't use the path from the web' describes a product limitation in this specific context, not a general assumption about user capability |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

⚠️ Broken Anchor Links

1 broken anchor link(s) found — these will cause the build to fail.

  docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:132
    If no events appear after a few minutes, see [Troubleshooting](#launches-the-installation-wizard).
    #launches-the-installation-wizard not found in docs/accessanalyzer/2601/configurations/activity-monitor-integration.md
    Available: #activity-monitor-integration · #overview · #architecture · #event-types · #security-model · #prerequisites · #setup · #step-1-verify-the-listener-is-running · #step-2-generate-an-enrollment-token · #step-3-add-the-aa2601-output-in-netwrix-activity-monitor · #step-4-verify-enrollment · #application-settings-reference · #connection-settings · #performance-and-throughput-settings · #security-and-enrollment-settings · #shutdown-settings · #best-practices · #port-configuration · #tls-certificate-management · #enrollment-token-practices · #performance-tuning · #kubernetes-shutdown-considerations · #disabling-the-integration · #troubleshooting · #the-listener-isnt-starting · #a-nam-agent-cant-connect · #an-agent-connected-but-isnt-sending-data · #events-arent-appearing-in-reports · #an-agent-keeps-getting-banned · #enrolled-agents-list-has-stale-entries · #settings-quick-reference · #related-resources

Auto-Fix Summary

0 issues fixed, 4 skipped across 4 files

Skipped (needs manual review)	Reason

| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:56 — Dale: passive-voice | Recent commit 6a4a284 explicitly reverted unrelated auto-fixes to this file; the only PR change is an anchor link. Respecting that signal and not touching prose elsewhere. |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:132 — Dale: n/a | Anchor link #launches-the-installation-wizard is broken but instructions specify the workflow repairs anchors automatically after fixes. |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:145 — Dale: passive-voice | Multiple passive constructions in settings reference tables (e.g. 'are rejected', 'is dropped', 'is blocked'). Skipping per revert signal noted above. |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:222 — Dale: misplaced-modifiers | Dangling participle 'losing any buffered events' attaches to Kubernetes; meaning is clear from context but technically misplaced. Skipping per revert signal. |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

⚠️ Broken Anchor Links

1 broken anchor link(s) found — these will cause the build to fail.

  docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:132
    If no events appear after a few minutes, see [Troubleshooting](#launches-the-installation-wizard).
    #launches-the-installation-wizard not found in docs/accessanalyzer/2601/configurations/activity-monitor-integration.md
    Available: #activity-monitor-integration · #overview · #architecture · #event-types · #security-model · #prerequisites · #setup · #step-1-verify-the-listener-is-running · #step-2-generate-an-enrollment-token · #step-3-add-the-aa2601-output-in-netwrix-activity-monitor · #step-4-verify-enrollment · #application-settings-reference · #connection-settings · #performance-and-throughput-settings · #security-and-enrollment-settings · #shutdown-settings · #best-practices · #port-configuration · #tls-certificate-management · #enrollment-token-practices · #performance-tuning · #kubernetes-shutdown-considerations · #disabling-the-integration · #troubleshooting · #the-listener-isnt-starting · #a-nam-agent-cant-connect · #an-agent-connected-but-isnt-sending-data · #events-arent-appearing-in-reports · #an-agent-keeps-getting-banned · #enrolled-agents-list-has-stale-entries · #settings-quick-reference · #related-resources

Auto-Fix Summary

4 issues fixed, 7 skipped across 4 files

Category	Fixes
Dale: passive-voice	3
Dale: wordiness	1

Skipped (needs manual review)	Reason

| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:43 — Dale: undefined-acronyms | SPKI is a standard PKI/security term; sysadmin/security audience would recognize it |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:56 — Dale: passive-voice | 'must be installed/provisioned' is the conventional construction in prerequisite lists; rewriting would force awkward imperative subjects |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:145 — Dale: passive-voice | Table cell descriptions; passive keeps subject focus on the configured behavior |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:146 — Dale: passive-voice | Table cell descriptions; passive keeps subject focus on the configured behavior |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:154 — Dale: passive-voice | Table cell descriptions; passive keeps subject focus on the configured behavior |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:165 — Dale: passive-voice | Table cell description; rewriting would change the focus from the source IP to the system |
| docs/passwordsecure/current/msp_system.md:14 — Dale: wordiness | Awkward to fix without rewriting; 'fewer than' vs 'less than' is a different style guide concern |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

Auto-Fix Summary

7 issues fixed, 4 skipped across 4 files

Category	Fixes
Dale: passive-voice	7

Skipped (needs manual review)	Reason

| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:56 — Dale: passive-voice | 'Netwrix Activity Monitor must be installed and monitoring' is a state requirement in a prerequisites bullet — converting to active would change the structural form of the prerequisite |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:57 — Dale: passive-voice | 'TLS certificates must be provisioned' and 'paths are set via environment variables' describe required state in prerequisites; restructuring would change meaning |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:267 — Dale: passive-voice | Heading 'An agent keeps getting banned' — frames the troubleshooting topic from the user's perspective; rewriting in active voice ('AA2601 keeps banning an agent') is awkward and changes the user-experience framing |
| docs/passwordsecure/current/msp_system.md:45 — Dale: wordiness | 'use an application server to handle a max of about 100 customers' — phrase 'max of about' is mildly redundant, but multiple equally valid rewrites exist (up to 100, approximately 100, a maximum of 100) with subtly different meanings; not confident which the author intended |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

Auto-Fix Summary

7 issues fixed, 7 skipped across 5 files

Category	Fixes
Dale: misplaced-modifiers	2
Dale: passive-voice	3
Dale: positional-references	1
Dale: undefined-acronyms	1

Skipped (needs manual review)	Reason

| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:46 — Dale: undefined-acronyms | SPKI is used multiple times throughout the article as the established term for the cert-pinning hash; expanding it (Subject Public Key Info) inline read awkwardly and risked changing technical meaning. |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:57 — Dale: passive-voice | null |
| docs/accessanalyzer/2601/configurations/activity-monitor-integration.md:268 — Dale: passive-voice | 'governed by' inside parentheses describes the setting's role; rewriting could alter the technical relationship. |
| docs/accessanalyzer/2601/install/quickinstall.md:81 — Dale: passive-voice | 'to be signed by' is a passive infinitive in a table cell describing AD CS workflow; active rewrites changed sentence structure significantly. |
| docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md:20 — Dale: passive-voice | 'Fixed [issue]' changelog entries use conventional implicit-subject format; rewriting would break changelog convention. |
| docs/passwordsecure/current/msp_system.md:13 — Dale: wordiness | 'should manage around 10 customers' is awkward but the meaning (the system meeting these requirements supports ~10 customers) could be misread; a fix risks altering the spec. |
| docs/passwordsecure/current/msp_system.md:45 — Dale: wordiness | 'RECOMMENDED:, you should use an application server to handle a max of about 100 customers' has unusual admonition-prefix formatting; a wordiness fix could mishandle the intended pattern. |

Ask @claude on this PR if you'd like an explanation of any fix.

[florian-berger-netwrix]

@claude Undo all changes within ‎docs/accessanalyzer/, as they don't belong to this PR.

[github-actions]

Auto-Fix Summary

0 issues fixed, 2 skipped across 3 files

Skipped (needs manual review)	Reason

| docs/passwordsecure/current/msp_system.md:13 — Dale: misplaced-modifiers | 'The following minimum system requirements should manage around 10 customers' is awkward (requirements don't manage), but a confident fix is ambiguous — could be 'support', 'handle', or restructured — and any change risks altering the author's intent. |
| docs/passwordsecure/current/msp_system.md:45 — Dale: wordiness | 'RECOMMENDED:, you should use an application server to handle a max of about 100 customers' has a punctuation typo and informal 'max', but rewriting the sentence shape is outside Dale scope (Vale-style concerns). |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

Documentation PR Review

Editorial Review

docs/accessanalyzer/2601/install/quickinstall.md

• No issues found.

docs/passwordsecure/current/introduction/versionhistory/version_26.5.1.34120.md

• Clarity — Line 20: "Fixed heavy performance issues when using the Windows application" is vague. "Heavy" doesn't tell the reader what was actually slow. Suggested fix: name the symptom — for example, "Fixed significant slowdowns when opening or searching large databases in the Windows application" (replace with the actual symptom that was resolved).
• Completeness — Line 21: "Active Directory and Entra ID profile permissions" introduces a specific term ("profile permissions") that isn't defined elsewhere in this short changelog. Suggested fix: briefly describe what was failing — for example, "Fixed an issue that prevented Active Directory and Entra ID profile permissions from loading, which previously blocked users from accessing assigned profiles in the Windows application."
• Structure — Lines 17–19: two blank lines precede ## Fixed, and there is no blank line between ## Fixed and ### Windows application. Suggested fix: use a single blank line between sections and add a blank line after ## Fixed for consistency with the ## New and ## Improved sections above.

docs/passwordsecure/current/introduction/versionhistory/version_history.md

• No issues found.

docs/passwordsecure/current/msp_system.md

• Clarity — Line 48: "Web-Endpoint" is introduced without definition or a link to an explanation. A reader who knows MSP setups but is new to Password Secure can't tell what a Web-Endpoint is or how it differs from the Application Server. Suggested fix: define it on first use, for example: "Add a web endpoint (a dedicated server that handles browser-based client traffic) including load balancing for every additional 1,000 users." Consider linking to the relevant install/architecture page if one exists.
• Clarity — Line 50: "for every additional 100 customers or 1000 users" is ambiguous — it's unclear whether either threshold triggers the recommendation or whether both must be reached. Suggested fix: clarify the trigger, for example: "Add an Application Server (including load balancing) whenever you exceed an additional 100 customers or 1,000 users, whichever comes first."
• Clarity — Lines 24 and 40: "for every additional 200 users add at least:" reads awkwardly because the introductory clause and the action are inverted. Suggested fix: "For every additional 200 users, add at least the following resources:"
• Structure — Lines 22, 48, 50: bold inline text labels (**CAUTION:**) are used instead of proper admonitions. Per the Netwrix style guide, warnings should use :::warning blocks (the file already uses :::note on lines 52–56, so it's inconsistent within the same document). Suggested fix: convert each **CAUTION:** line to a :::warning ... ::: block.
• Completeness — Line 46: "use load balancing between the application servers" doesn't tell the reader what kind of load balancing is supported (hardware, DNS round-robin, an in-product mechanism). Suggested fix: name the supported approach or link to the load-balancing configuration topic — for example, "or use a load balancer in front of the application servers (see Load balancing setup)."

Summary

7 editorial suggestions across 4 files. Vale and Dale issues are auto-fixed separately.

---

What to do next:

Comment @claude on this PR followed by your instructions to get help:

• @claude fix all issues — fix all editorial issues
• @claude help improve the flow of this document — get writing assistance
• @claude explain the voice issues — understand why something was flagged

You can ask Claude anything about the review or about Netwrix writing standards.

Automated fixes are only available for branches in this repository, not forks.

[github-actions]

Auto-Fix Summary

7 issues fixed, 6 skipped across 4 files

Category	Fixes
Dale: passive-voice	2
Dale: positional-references	1
Dale: wordiness	4

Skipped (needs manual review)	Reason

| docs/accessanalyzer/2601/install/quickinstall.md:81 — Dale: passive-voice | Table cell with 'to be signed by your internal Enterprise CA' — active rewrite would break table flow and shift meaning |
| docs/accessanalyzer/2601/install/quickinstall.md:480 — Dale: passive-voice | 'Hostname entered as an IP address' is a sentence fragment in a Likely cause table cell — passive past participle is conventional |
| docs/accessanalyzer/2601/install/quickinstall.md:481 — Dale: passive-voice | 'Outbound HTTPS blocked to one or more required endpoints' is a fragment in a diagnostic table |
| docs/passwordsecure/current/msp_system.md:13 — Dale: wordiness | 'The following minimum system requirements should manage around 10 customers...' has structural awkwardness but rewriting risks changing meaning |
| docs/passwordsecure/current/msp_system.md:31 — Dale: wordiness | Same 'should manage' construction — meaning preservation requires substantial rewrite |
| docs/passwordsecure/current/version_26.5.1.34120.md:20 — Dale: misplaced-modifiers | Changelog convention 'Fixed X when using Y' has a dangling participle but is conventional in release notes; rewriting risks meaning shift |

Ask @claude on this PR if you'd like an explanation of any fix.