diff --git a/Technical_Decomp_Accounts.md b/Technical_Decomp_Accounts.md
new file mode 100644
index 0000000..3acef96
--- /dev/null
+++ b/Technical_Decomp_Accounts.md
@@ -0,0 +1,27 @@
+## enroll/accounts.py
+
+### UserRecord (dataclass)
+
+Purpose: represents one “human” (non-system) user found on the machine.
+
+Fields:
+
+- name, uid, gid, gecos, home, shell: parsed from /etc/passwd
+- primary_group: resolved from /etc/group by matching the user’s primary gid
+- supplementary_groups: any other groups where the user appears in the group member list
+- ssh_files: list of safe-to-copy SSH public material, currently only:
+- ~/.ssh/authorized_keys if it exists and isn’t a symlink
+
+### Lifecycle / where it’s used:
+
+Constructed in `collect_non_system_users()`.
+
+`harvest.harvest()` converts it into a plain dict list (`users_list`) which is stored inside the `UsersSnapshot` and ultimately serialized into `state.json`.
+
+The actual ssh_files are also copied into `artifacts/users/...` as managed files (subject to ignore/exclude policy), and recorded as `ManagedFile` entries.
+
+### Important semantics:
+
+- A “human” user is determined by UID_MIN from `/etc/login.defs` (default 1000), and shell not being nologin/false.
+- 
+- root and nobody are explicitly skipped.
\ No newline at end of file