memory: daily review Feb 20 — Zurich rebuild, mail migration, domain expiry, MiniMax M2.5

MEMORY.md

@@ -1,6 +1,6 @@
 # MEMORY.md - Long-Term Memory
 
-*Last updated: 2026-02-15 (Sunday weekly synthesis — Week of Feb 9-15, 2026)*
+*Last updated: 2026-02-20 (background memory review)*
 
 ---
 ## ⏰ JOHAN'S SCHEDULE (US EASTERN) — MEMORIZE THIS!
@@ -127,9 +127,13 @@ I do NOT ask for permission or approval. I use my judgment. I only escalate if s
 - SMB share: `\\192.168.1.16\sophia` → `/home/johan/sophia/`
 - Full details: `memory/forge-server.md`
 
-### Mail System (2026-01-31)
-- **Proton Bridge:** Headless on localhost:1143 (IMAP), localhost:1025 (SMTP)
-- **Mail Bridge:** REST API on port 8025, webhooks new mail to /hooks/mail
+### Mail System (updated 2026-02-19)
+- **Proton Bridge: DISABLED** — migrated to self-hosted Stalwart on Zurich
+- **Stalwart:** mail.jongsma.me + mail.inou.com → 82.22.36.202 (Zurich), ports 25/465/587/143/993/995
+- **MC connectors:** Connect directly to Stalwart (mail.jongsma.me:993). Passwords: tj@jongsma.me = `!Lekker69`, johan@jongsma.me = `!!Lekker69`
+- **Amsterdam Stalwart:** stopped + disabled (data preserved, do NOT delete)
+- **Mail Bridge:** REST API on port 8025, webhooks new mail to /hooks/messages
+- **SMTP security:** SPF, DKIM (Stalwart ed25519 keys), DMARC p=reject — all correct for jongsma.me + inou.com
 - **My role:** Direct triage — I read every email, decide: archive, delete, or escalate
 - **No L1/L2 models** — I understand context better than pattern matching
 - **Spam → Trash** (not Archive — Archive is for reference-worthy items)
@@ -274,13 +278,17 @@ AI-powered phone assistant. Lets me answer Johan's calls, screen notifications,
 - **Status:** v0.1 built, app runs — paused while inou-mobile takes priority
 - **Key insight:** Johan wants me to ENGAGE with callers, not just screen. "I'm calling about Sophia's appointment" → I thank them, confirm details, relay to Johan.
 
-### Zurich VPS (zurich.inou.com)
+### Zurich VPS (zurich.inou.com) — MAJOR REBUILD 2026-02-19
 - **IP:** 82.22.36.202
-- **Purpose:** Security infrastructure, git hosting, monitoring
+- **Purpose:** Security infrastructure, git hosting, monitoring, email, password manager
 - **Git:** Dedicated `git` user with `git-shell` (can only do git operations)
 - **Clone:** `git clone git@zurich.inou.com:<repo>.git`
-- **Caddy reverse proxy:** auto-LE cert for zurich.inou.com
-- **Uptime Kuma:** http://zurich.inou.com:3001
+- **Caddy:** installed, owns port 443, auto-LE certs
+- **Stalwart:** Self-hosted mail server. mail.inou.com + mail.jongsma.me → Zurich. Data migrated from Amsterdam (19GB). Ports 25/465/587/143/993/995.
+- **Vaultwarden:** vault.jongsma.me (fresh install, no data yet — Johan needs to create account + import Proton Pass)
+- **ntfy:** ntfy.inou.com, port 2586. Token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn`
+- **Uptime Kuma:** kuma.inou.com, port 3001. User: james / JamesKuma2026!. **0 monitors — need rebuilding (awaiting Johan's OK)**
+- **Amsterdam VPS (82.24.174.112):** OLD. Stalwart stopped+disabled. Cleanup deferred.
 
 ### SOC2 Security Scanning (2026-01-31)
 - **Nuclei:** Weekly light scans (Sundays 10am ET), full monthly scans (from Zurich VPS)
@@ -352,16 +360,20 @@ Automated document processing pipeline for scanned paperwork.
 
 ## Todo / Open Items
 
-### 🔴 Urgent (This Week)
-- [ ] **Azure Files Backup:** `az login` MFA with Johan — free account expires ~Feb 27 (11 days!)
-- [ ] **Dr. Neel Madan call:** TODAY (Sunday) 2PM ET — Sophia MRI review, hydrocephalus treatment path
-- [ ] **Belastingdienst:** Corporate tax filing (vennootschapsbelasting 2025) for entity ***871 — deadline pending
+### 🔴 Urgent (This Week — as of Feb 20)
+- [ ] **jongsma.me domain transfer** — EXPIRES 2026-02-28 (8 days!). Unlock at OpenProvider, get auth code, initiate transfer at Cloudflare. Transfers take 5-7 days. Window is TIGHT.
+- [ ] **Azure Files Backup:** `az login` MFA with Johan — free account expires ~Feb 27 (7 days!). Need Johan for MFA.
+- [ ] **stpetersburgaquatics.com** — expires 2026-03-13. Transfer or renew.
+- [ ] **Uptime Kuma monitors** — 8 monitors lost in Zurich rebuild. Rebuild when Johan confirms.
 
-### 🟡 Active (In Progress)
-- [ ] **Shannon:** Complete Docker build, run portal pentest against inou.com
-- [ ] **XPS14 RDP:** Configure shadow session access for real-time triage
-- [ ] **MC Performance:** Investigate 15-16s query latency (token refresh issue suspected)
-- [ ] **Prima (UMich MRI AI):** Write service spec for inou integration (intelligent series selection)
+### 🟡 Active (Johan Action Needed)
+- [ ] **Vaultwarden:** Johan creates account at vault.jongsma.me → export Proton Pass → import. Then set SIGNUPS_ALLOWED=false.
+- [ ] **iCloud contacts import:** final.vcf at `/home/johan/clawd/tmp/contacts/final.vcf` — SCP to Mac + import at icloud.com
+- [ ] **Misha Signal pairing** — still pending
+- [ ] **OpenClaw auth decision** — OAuth token = Claude Max subscription risk. API key alternative pending.
+- [ ] **Stalwart short+full login fix** — lookup-domains config. iPhone email setup blocked until resolved.
+- [ ] **Amsterdam cleanup** — Kuma/Vaultwarden/ntfy still running on old VPS (Amsterdam 82.24.174.112). Deferred.
+- [ ] **Belastingdienst:** Corporate tax filing (vennootschapsbelasting 2025) for entity ***871 — deadline pending
 
 ### 🟢 Backlog (Parked)
 - [ ] Inter-VLAN routing on UDM-Pro (production → Signal API)
@@ -370,6 +382,9 @@ Automated document processing pipeline for scanned paperwork.
 - [ ] inou Mobile: Content at inou.com/app for WebView
 - [ ] AdventHealth MFA enrollment (Johan action)
 - [ ] HAOS SSH key authorization (forge → 192.168.1.252)
+- [ ] Fish Audio S1 TTS persistent service on forge
+- [ ] rclone backup for Vaultwarden (needs browser OAuth on Zurich)
+- [ ] BlueBubbles on Mac Mini M4 (deferred)
 
 ## Weekly Synthesis Insights (Feb 9-15, 2026)
 
@@ -493,10 +508,10 @@ Major correction added to AGENTS.md: **Mandatory memory_search before responding
 - Real Chrome on Xvfb:99 (port 9224) for WAF-protected sites
 - myCigna autonomous login achieved: Chrome + 2FA via MC email grab
 
-### Shannon VPS (82.24.174.112)
-- Setup progressing: SSH works, Docker building
-- Credentials: root / K_cX1aFThB (password login intentionally left enabled)
-- Purpose: autonomous pentester for inou.com only
+### Shannon VPS (82.24.174.112) — OLD AMSTERDAM VPS
+- **Shannon fully removed from Amsterdam (Feb 19)** — Amsterdam is now just Stalwart data backup
+- Amsterdam Stalwart: stopped + disabled. Do NOT delete data yet.
+- Amsterdam cleanup pending: Kuma, Vaultwarden, ntfy still running there (deferred)
 
 ### Alert Dashboard (Fully Kiosk Tablet)
 - Built and deployed on port 9202
@@ -514,6 +529,55 @@ Major correction added to AGENTS.md: **Mandatory memory_search before responding
 
 ---
 
+## Recent Events (Week of Feb 16-20, 2026)
+
+### ✈️ Johan in NYC (Feb 19-20)
+- Flew Delta TPA→JFK Feb 19 (conf F86VDN). Return flight DL2093.
+- Not home → no Sophia night shift coverage from Johan during NYC stay
+
+### 🏗️ Zurich Full Infrastructure Rebuild (Feb 19)
+Major overnight event — Zurich services were broken/missing, rebuilt from scratch:
+- **Caddy** installed, owns port 443
+- **Stalwart mail** migrated from Amsterdam (19GB RocksDB). mail.inou.com + mail.jongsma.me → Zurich
+- **Proton Bridge DISABLED** — MC now connects directly to Stalwart (mail.jongsma.me:993)
+- **Vaultwarden** deployed at vault.jongsma.me (fresh, no data yet)
+- **ntfy** fresh install — new token `tk_ggphzgdis49ddsvu51qam6bgzlyxn`
+- **Uptime Kuma** fresh install — 0 monitors (all 8 lost, awaiting Johan's OK to rebuild)
+- **Shannon** fully removed from Amsterdam
+- Amsterdam Stalwart: stopped + disabled (data preserved)
+
+### 🌐 DNS Mass Fix (Feb 19)
+6 domains had wrong Cloudflare NS (aryanna/sage → arvind/wren) + dead DNSSEC. All fixed:
+- harryhaasjes.nl, johanjongsma.nl, localbackup.in, stpetersburgaquatics.com, x4.trading, 851brightwaters.com
+
+### 📬 Harry Haasjes Setup (Feb 19)
+- harryhaasjes.nl: "coming soon" placeholder live on Zurich
+- harry@harryhaasjes.nl: Stalwart account + catch-all
+- SFTP: harry-web / HarryWeb2026! (chrooted). Instructions sent to Harry in Dutch.
+- Harry is NOT technical — all comms in simple language, no jargon
+
+### 👨‍👩‍👧 Family Signal + Email Status (Feb 19)
+- **Roos** (+31646563377): Signal ✅ + Stalwart email ✅
+- **Jacques** (+31624403744): Signal ✅ + Stalwart email ✅
+- **Misha** (+17272381189): Signal pairing pending ⏳
+
+### 🤖 MiniMax M2.5 (Feb 20 — worth evaluating)
+- Released Feb 11, 2026 by Shanghai-based MiniMax
+- 230B MoE open-weight. 80.2% SWE-Bench Verified. Claims to beat Claude Opus on coding.
+- ~100 tok/s, ~$1/hr — 1/20th Opus cost
+- Currently free on kilocode/opencode → dominating OpenRouter rankings
+- **Potential K2.5 replacement for grunt-work subagents** — Johan to evaluate
+
+### 📱 iCloud Contacts
+- final.vcf ready: `/home/johan/clawd/tmp/contacts/final.vcf` (~2,200 clean contacts)
+- Johan to SCP to Mac → import at icloud.com/contacts
+
+### 🏠 Real Estate
+- 851 Brightwaters listed at $7.25M. Diana Geegan (KW). Showing Feb 16: buyers liked exterior, disliked modern interior.
+- Johan in NYC, may have meetings related to this
+
+---
+
 ## Weekly Insights (Feb 9-15, 2026)
 
 ### 🧠 Architectural Maturity (Feb 13 Breakthrough)

memory/2026-02-20.md

@@ -0,0 +1,33 @@
+# Daily Notes — 2026-02-20
+
+## Status at Day Start
+- Johan in New York (flew TPA→JFK Feb 19, conf F86VDN, return DL2093)
+- Second sleep block: ~5:15am (wrapping night shift on road)
+- Nothing urgent enough to wake for
+
+## Overnight Context Scan (5 AM)
+- MC: 0 new messages
+- K2: 0 sessions (clear)
+- Doc inbox: empty
+- Claude usage: 73% weekly, resets ~Fri Feb 21 2pm ET
+
+## MiniMax M2.5 Flagged to Johan (overnight conversation)
+- Released Feb 11 by Shanghai-based MiniMax
+- 230B MoE, open-weight
+- 80.2% SWE-Bench Verified (claims to beat Claude Opus 4.6 on coding)
+- ~$1/hr at 100 tok/s — 1/20th Opus cost
+- Currently free on kilocode/opencode → driving OpenRouter rankings spike
+- 4 of top 5 OpenRouter models this week are open-weight
+- Worth evaluating as K2.5 replacement for grunt work subagents
+- Johan to decide if he wants to test it
+
+## Pending / Urgent (for Johan when he wakes)
+1. **jongsma.me domain transfer** — expires 2026-02-28 (8 days!). Need to unlock at OpenProvider, get auth code, initiate at Cloudflare. Transfers take 5-7 days. Window is tight.
+2. **stpetersburgaquatics.com** — expires 2026-03-13 (need transfer or renewal)
+3. **Uptime Kuma monitors** — 8 monitors lost in Zurich rebuild. Johan to confirm before rebuilding.
+4. **Vaultwarden** — vault.jongsma.me live. Johan needs to create account + import Proton Pass export.
+5. **iCloud contacts** — final.vcf at /home/johan/clawd/tmp/contacts/final.vcf. Johan to SCP + import.
+6. **Misha Signal pairing** — still pending
+7. **OpenClaw auth decision** — OAuth token = Claude Max subscription risk. API key alternative pending.
+8. **Stalwart short+full login fix** — iPhone email setup blocked until lookup-domains config fixed.
+9. **Amsterdam cleanup** — Kuma/Vaultwarden/ntfy still running on Amsterdam VPS.

memory/claude-usage.json

@@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-02-20T05:00:02.052693Z",
+  "last_updated": "2026-02-20T10:02:14.918035Z",
   "source": "api",
-  "session_percent": 1,
-  "session_resets": "2026-02-20T07:00:00.005487+00:00",
-  "weekly_percent": 83,
-  "weekly_resets": "2026-02-21T19:00:00.005506+00:00",
-  "sonnet_percent": 50
+  "session_percent": 8,
+  "session_resets": "2026-02-20T12:00:00.880360+00:00",
+  "weekly_percent": 84,
+  "weekly_resets": "2026-02-21T18:59:59.880378+00:00",
+  "sonnet_percent": 0
 }