Weekly memory synthesis 2026-03-15: George/Iaso agents, .17 cleanup, port 9999 incident, Go-first rule, OC 3.13, inou SMTP correction

2026-03-15 09:04:32 -04:00 · 2026-03-15 09:04:32 -04:00 · 6781b62b10
parent b9076edc5b
commit 6781b62b10
7 changed files with 267 additions and 24 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@ -266,6 +266,10 @@ Enter plan mode for ANY non-trivial task:
 - **Don't build new services for simple UI requests** — When Johan asked for a "delete button" in docsys, a previous session built an entirely new Go service (`docproc`, port 9900) with watcher, processor, and API. The right answer was one HTML element + one API route in the existing app. Scope creep kills trust.
  - **Applies to:** Any "add X to Y" request. Modify Y, don't create Z.
  - **Test:** "Does something already exist that I can add this to?"
 - **New services on forge = Go only** — Johan's stated preference: "I have a very strong preference for GoLang. Python should only be temporary tools." Any new service or long-running process must be Go. One-shot scripts in Python are OK. No Python servers, ever.
  - System Python (fail2ban, unattended-upgrades): untouchable, don't touch
  - Legacy Python code (inou/health-poller): tolerated
  - **Test:** "Is this a service or server?" If yes → Go. Period.
 **Plan includes verification:** Use plan mode for verification steps too, not just building. "How will I prove this works?" is part of the plan.
@ -298,6 +302,14 @@ Use subagents liberally:
 - For complex problems, throw more compute at it
 - **HA bulk operations → always K2.5 subagent.** Light control, automation toggles, Monoprice zones, anything returning large JSON from HA API — spawn a K2.5 subagent. The main context should never eat 100KB of WiZ bulb state data. Subagent does the work, reports "done" or "issue with X."
 ### Subagent Hygiene — Leave No Trace
 **Subagents must leave forge in a clean state.** After completing work:
 - No background processes left running (no `python3 -m http.server`, no ad-hoc servers of any kind)
 - No temp files in `/tmp` containing sensitive data (vault DBs, credentials, CSV exports)
 - If you started a server for previewing/testing — kill it before exiting
 - If you wrote sensitive files to `/tmp` — shred them (`shred -u`) before exiting
 - **Sensitive files in /tmp = security incident.** A Mar 12 2026 incident exposed `clawvault-preview.db` via a port 9999 Python server running for 5+ days. Zero tolerance.
 ## ⚙️ OpenClaw Gateway Rules
 **Never kill openclaw-gateway directly on forge.** It runs as the `johan` user (not root, not systemd). Using `pkill` or `kill` on the process destroys the session and requires Opus-level repair.
--- a/MEMORY.md
+++ b/MEMORY.md
@ -199,11 +199,12 @@ Subagent spawning works from conversation sessions. Auth is via `tokens.operator
 - **WARNING:** agentchat sessions are isolated from main/Telegram sessions. Key decisions must be written to MEMORY.md explicitly or they won't survive context switch.
 - **v1.1 (2026-03-08):** Fixed routing bug — broadcasts now use `agentchat` session (not `main`) to avoid conflicts with active webchat/Telegram sessions
-### Agent Network (as of Mar 2026)
+### Agent Network (as of Mar 15, 2026)
- **James** (forge, 192.168.1.16, Florida) — primary agent, Sonnet 4.6, port 18789. Discord bot ID: 1478257984546144327.
+- **James** (forge, 192.168.1.16, Florida) — primary agent, Sonnet 4.6, port 18789. Discord bot ID: 1478257984546144327. CoS to Johan. agentchat maintainer.
- **Hans** (Zurich, 185.218.204.47, noc.vault1984.com) — OpenClaw 2026.3.1, Fireworks MiniMax M2.5, port 18789. vault1984 NOC node. Discord bot ID: 1478321168065761352.
+- **Hans** (Zurich, 185.218.204.47, noc.vault1984.com) — OpenClaw 2026.3.1, Fireworks MiniMax M2.5, port 18789. vault1984 NOC node + DealSpace VPS ops. Discord bot ID: 1478321168065761352.
- **Mira** (forge, separate agent config) — AI for Misha, @Mira_muskepo_bot Telegram, workspace `/home/johan/mira/`. Building DealSpace.
+- **Mira** (forge, separate agent config) — AI for Misha, @Mira_muskepo_bot Telegram, workspace `/home/johan/mira/`. Building DealSpace. MEMORY.md not yet written.
- **George** (forge, discord accounts.george) — vault1984 writer agent. Discord App ID: 1480980894042030211. Workspace: `/home/johan/george/`. Live as of Mar 11 2026.
+- **George** (forge, discord accounts.george) — vault1984 writer agent. Discord App ID: 1480980894042030211. Workspace: `/home/johan/george/`. Daily market intel scan → #market-intel at 9 AM ET (cron). Live Mar 11 2026.
 - **Iaso** (forge, discord accounts.iaso) — inou health communication. Bridge-builder voice, evidence-based integrative medicine. Named for Greek goddess of recuperation (also Johan's original company name). Discord App ID: 1482680563939672124. Workspace: `/home/johan/iaso/`. Live Mar 15 2026.
 - **Bot-to-bot Discord:** doesn't work directly — use Johan as relay or build HTTP webhook side-channel
 ### Network
@ -454,6 +455,54 @@ Automated document processing pipeline for scanned paperwork.
 ---
 ## Recent Events (Week of Mar 9–15, 2026)
 ### 🤖 Iaso Agent — LIVE (Mar 15)
 New agent for inou health communication. Bridge-builder voice, evidence-based integrative medicine.
 - Discord App ID: `1482680563939672124`
 - Workspace: `/home/johan/iaso/`
 - Named for Greek goddess of recuperation + Johan's original company name (Iaso Backup, 2013)
 ### 🤖 George Agent — LIVE (Mar 11)
 New OpenClaw agent for vault1984 writing/content tasks.
 - Discord bot: App ID `1480980894042030211`
 - Workspace: `/home/johan/george/`
 - OC config: `accounts.george` in discord config
 - Daily market intel scan → #market-intel at 9 AM ET
 ### 🗑️ 192.168.1.17 — Fully Decommissioned (Mar 11)
 Stopped and disabled all zombie services: openclaw-gateway (old v2026.1.29), protonmail-bridge, message-center, message-bridge. Root cause: two conflicting gateway instances racing for IMAP cursors. `.17 is now clean.`
 ### ❌ Kaseya M365 Integration — REMOVED (Mar 11)
 Dead since Feb 27 (token expired, client_id blocked by IT). All attempts exhausted. Johan's decision: remove entirely. No Kaseya Teams alerts on Watchboard going forward.
 ### 🔒 Security Incident: Port 9999 (Mar 12)
 `python3 -m http.server` running on port 9999 for 5+ days, serving `/tmp` to LAN (no auth).
 - Exposed: `clawvault-preview.db` + WAL, `chrome_import.csv`
 - Killed, files shredded with `shred -u`
 - Best guess: Mar 7 vault1984 subagent left it running
 - **Rule added:** Zero tolerance for Python servers on forge. Go services only.
 ### 📈 SentinelOne (S) Short — Profitable (Mar 12)
 Q4 earnings: revenue +20% YoY, ARR crossed $1B, but Q1 guidance soft → AH slide. Short position profitable. Position still open.
 ### ⚙️ OpenClaw Rapid Releases (Mar 9-14)
 Four OC releases in seven days: 2026.3.8 → 3.11 ("Hunter & Healer Alpha", Gemini Embedding 2) → 3.12 → 3.13 (Live Chrome session attach — no extension badge needed, direct auth attach).
 ### 🌍 Iran War (Ongoing)
 US/Iran conflict: Hormuz closed, oil at $103/bbl, US bombed Kharg Island (Mar 14). S&P at YTD low. Trump building naval coalition with UK/Japan/France to reopen. Iran seeking deal.
 ### 🐍 Python Policy Clarified (Mar 12)
 Johan: "I have a very strong preference for GoLang. Python should only be temporary tools."
 - System Python (fail2ban, unattended-upgrades): untouchable
 - Johan's Python (inou/health-poller): tolerated legacy
 - **New services on forge: Go only. No ad-hoc servers of any kind.**
 ### 📧 inou SMTP Correction (Mar 12)
 inou prod uses Proton SMTP token directly (`smtp.protonmail.ch:587`). No Proton Bridge needed or installed. Previous notes were wrong. Check `/home/johan/dev/inou/smtp.env` before flagging SMTP issues.
 ---
 ## Recent Events (2026-03-08, post-synthesis)
 ### ⚡ OpenClaw 2026.3.7 Released (Mar 8 overnight)
@ -612,7 +661,7 @@ Johan expects Go binaries. Leaving a `python3 -m http.server` running will get c
 - [ ] **Belastingdienst:** Corporate tax filing (vennootschapsbelasting 2025) for entity ***871 — deadline pending
 - [ ] **@vault1984 on X** — Johan registered handle. Needs profile setup (logo, header, bio).
 - [ ] **vault1984 AWS credentials** — Need AWS account/creds before deploying regional nodes.
- **inou prod SMTP** — Uses Proton SMTP token directly (`smtp.protonmail.ch:587`, user `no-reply@inou.com`, token in `smtp.env`). No bridge needed or installed on prod. If bridge is ever found on 192.168.100.2, uninstall it.
+- **inou prod SMTP** — Uses Proton SMTP token directly (`smtp.protonmail.ch:587`, user `no-reply@inou.com`, token in `smtp.env`). No bridge needed or installed on prod. If bridge is ever found on 192.168.100.2, uninstall it. SMTP is working. ✅
 - [ ] **Mira MEMORY.md** — No long-term memory written for Mira agent yet. Johan offered to paste context via Telegram.
 ### 🟢 Stale / Closed
--- a/memory/MEMORY.md
+++ b/memory/MEMORY.md
@ -10,11 +10,11 @@ This file supplements daily notes. Curated, actionable memories that persist acr
 **DealSpace / muskepo.com** — Misha's M&A deal workflow platform. Go + templ + HTMX + SQLite. Auth: Email OTP + backdoor `220402`. **Prod:** Amsterdam `82.24.174.112:9300` (Hans owns VPS ops — deploy/monitor/DB, 7 rolling snapshots). **Build pipeline:** Mira builds on forge, SCPs to Amsterdam staging. Webhook HMAC secret (Hans→Mira) still undelivered.
-**inou health** — Medical imaging/advocacy platform. Prod: `192.168.100.2:1080` → inou.com. MCP at `https://inou.com/mcp` ✅. SMTP broken on prod (Proton Bridge not running). Real patients: Sophia (Johan's daughter) and Anastasia (German family, Ulm hospital, born 2020, hydrocephalus).
+**inou health** — Medical imaging/advocacy platform. Prod: `192.168.100.2:1080` → inou.com. MCP at `https://inou.com/mcp` ✅. SMTP: uses Proton SMTP token directly (`smtp.protonmail.ch:587`) — no bridge needed or installed on prod. Real patients: Sophia (Johan's daughter) and Anastasia (German family, Ulm hospital, born 2020, hydrocephalus).
 **agentchat** — Peer-to-peer coordination chat for the agent network. Go server, port 7777 on forge. James is maintainer. Repo: `git@zurich.inou.com:agentchat.git` → `/home/johan/dev/agentchat/`. v1.3: group + DM rooms, unread dots. All messages route to each agent's `main` session. Shared context repo: `git@zurich.inou.com:agentchat-context.git`. Every deploy → ntfy release note to `inou-alerts`.
-**OpenClaw** — James's runtime, latest **2026.3.7** (GPT-5.4, Gemini Flash 3.1, ACP binding persistence, pluggable context engines).
+**OpenClaw** — James's runtime, latest **2026.3.13** (Live Chrome session attach — direct attach to real Chrome with all logins, no extension badge needed. Gemini Embedding 2 for memory. 2 new stealth models via OpenRouter.).
 ## Agent Network
@ -22,7 +22,9 @@ This file supplements daily notes. Curated, actionable memories that persist acr
 |-------|------|-------|---------|------|
 | James ⚡ | forge (192.168.1.16) | Anthropic Sonnet 4.6 | Discord + Telegram | CoS to Johan. agentchat maintainer. |
 | Mira ✨ | forge (192.168.1.16) | (default) | Telegram @Mira_muskepo_bot | Misha's assistant. DealSpace builder. Workspace: `/home/johan/mira/` |
-| Hans 🔧 | Zurich 185.218.204.47 + Amsterdam 82.24.174.112 | Fireworks MiniMax M2.5 | Discord | VPS ops for DealSpace. Was on MiniMax M2.5 before James switched. |
+| Hans 🔧 | Zurich 185.218.204.47 + Amsterdam 82.24.174.112 | Fireworks MiniMax M2.5 | Discord | VPS ops for DealSpace and vault1984. |
 | George 📝 | forge (192.168.1.16) | (default) | Discord | vault1984 writer/content agent. App ID 1480980894042030211. Workspace: `/home/johan/george/`. Daily market intel scan → #market-intel at 9 AM ET. |
 | Iaso 🏥 | forge (192.168.1.16) | (default) | Discord | inou health communication. Bridge-builder voice, evidence-based integrative medicine. App ID 1482680563939672124. Workspace: `/home/johan/iaso/`. Live Mar 15 2026. |
 **Cross-agent comms:** agentchat (port 7777) is the primary channel. Discord is secondary (bots can't directly DM each other — Discord API filters bot-to-bot; workaround: allow each other's bot IDs in guild allowlist).
@ -62,9 +64,16 @@ This file supplements daily notes. Curated, actionable memories that persist acr
 - [ ] **vault1984 deploy pipeline** — Hans needs to own vault1984 deploys (same model as DealSpace)
 - [ ] **DealSpace webhook secret** — Hans → Johan → Mira handoff pending
 - [ ] **DealSpace invite flow + SMTP** — not built
- [ ] **inou SMTP fix** — Proton Bridge not running on prod
+- [ ] **Mira MEMORY.md** — DealSpace/Misha context; no DealSpace/Misha long-term memory yet
 - [ ] **Mira MEMORY.md** — DealSpace/Misha context
 - [ ] **vault1984-web templating** — nav/footer still copy-pasted across 7 pages
 - [ ] **X watch double-fire bug** — race condition on `lastIntraDayXScan` write; same story sent twice (Mar 11). Fix: atomic write or lock before spawning.
 - [ ] **Kernel reboot** — 6.8.0-106-generic installed (Mar 13), not yet running. Reboot at Johan's convenience.
 - [ ] **HostKey Amsterdam cancellation** — Johan must confirm at panel.hostkey.com (key=639551e73029b90f-c061af4412951b2e). Open since Feb 21.
 - [ ] **Uptime Kuma monitors** — 0 monitors since Feb 19 rebuild. Awaiting Johan OK to rebuild.
 - [ ] **Health Link invoices** — #000057 ($71.90) + #000058 ($666.90) unpaid since Feb 23.
 - [ ] **inou git backlog** — 161+ uncommitted files. Auto-commit discipline needed after subagent work.
 - [ ] **Spacebot worker dispatch** — v0.3.2 on Mar 11; PR #193 fix not confirmed.
 - [ ] **SentinelOne short** — Q1 guidance soft. Position still open after Mar 12 earnings.
 ## Stalwart Mail
--- a/memory/claude-usage.db
+++ b/memory/claude-usage.db
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-03-15T10:00:01.976288Z",
+  "last_updated": "2026-03-15T13:00:01.921036Z",
  "source": "api",
-  "session_percent": 3,
+  "session_percent": 9,
-  "session_resets": "2026-03-15T13:59:59.908041+00:00",
+  "session_resets": "2026-03-15T14:00:00.875140+00:00",
-  "weekly_percent": 14,
+  "weekly_percent": 15,
-  "weekly_resets": "2026-03-20T02:59:59.908059+00:00",
+  "weekly_resets": "2026-03-20T02:59:59.875153+00:00",
-  "sonnet_percent": 16
+  "sonnet_percent": 17
 }
--- a/memory/updates/2026-03-15.json
+++ b/memory/updates/2026-03-15.json
@ -1,22 +1,20 @@
 {
  "date": "2026-03-15",
-  "timestamp": "2026-03-15T05:31:14-04:00",
+  "timestamp": "2026-03-15T09:00:01-04:00",
  "openclaw": {
    "before": "OpenClaw 2026.3.13 (61d171a)",
    "latest": "2026.3.13",
-    "after": "OpenClaw 2026.3.13 (61d171a)",
+    "updated": false
    "updated": true
  },
  "claude_code": {
-    "before": "2.1.75",
+    "before": "2.1.76",
    "latest": "2.1.76",
-    "after": "2.1.75",
+    "updated": false
    "updated": true
  },
  "os": {
    "available": "0\n0",
    "updated": false,
    "packages": []
  },
-  "gateway_restarted": true
+  "gateway_restarted": false
 }
--- a/memory/weekly-synthesis-2026-03-15.md
+++ b/memory/weekly-synthesis-2026-03-15.md
@ -0,0 +1,175 @@
 # Weekly Memory Synthesis — Mar 9–15, 2026
 *Generated: Sunday, March 15, 2026 — 9:00 AM ET*
 ---
 ## Executive Summary
 A week of infrastructure hardening, rapid OC releases (4 in 7 days), a security incident that reinforced Go-first discipline, and the Iran war dominating world news. George launched as a new agent, .17 fully decommissioned, Kaseya M365 dead and removed. The git backlog is a persistent concern — inou has accumulated 100+ uncommitted files all week with no action.
 ---
 ## 🚀 Major Events
 ### George Agent — LIVE (Mar 11 overnight)
 New OpenClaw agent for vault1984 writing/content tasks.
 - Discord: App ID `1480980894042030211`, username `George`
 - Workspace: `/home/johan/george/`
 - OC config: `accounts.george` in discord config
 ### Iaso Agent — LIVE (Mar 15)
 New agent for inou health communication. Bridge-builder voice, evidence-based integrative medicine.
 - Discord App ID: `1482680563939672124`
 - Workspace: `/home/johan/iaso/`
 - Named for Greek goddess of recuperation + Johan's original company name
 ### 192.168.1.17 — Fully Decommissioned (Mar 11)
 Stopped and disabled all zombie services: openclaw-gateway (v2026.1.29), protonmail-bridge, message-center, message-bridge.
 - Root cause: two conflicting gateway instances racing for IMAP cursors
 - .17 is now clean — do not expect services there
 ### Kaseya M365 Integration — REMOVED (Mar 11)
 Dead since Feb 27 (refresh token expired, client_id blocked by Kaseya IT). Johan decision: remove it entirely rather than keep hacking. All config/binaries/tokens cleaned.
 ### ⚠️ Security Incident: Port 9999 Python Server (Mar 12)
 A `python3 -m http.server` was found running on port 9999, serving `/tmp` to `0.0.0.0` for 5+ days.
 - Exposed: `clawvault-preview.db` + WAL (vault database), `chrome_import.csv`
 - **Johan: "kill it, burn it, bury it and delete it. GONE!"**
 - Killed, sensitive files shredded with `shred -u`
 - Best guess: Mar 7 subagent doing vault1984 work spun it up to preview a file
 - **Lesson reinforced:** Never leave Python servers running. Zero tolerance.
 ### Spacebot/Andrew — Updated to v0.3.2 (Mar 11)
 Johan explicitly authorized. Running on .17:19898. Worker dispatch bug (PR #193) — check if fixed.
 ---
 ## 📦 OpenClaw & Tool Updates (Rapid Release Week)
 | Date | Tool | Version |
 |------|------|---------|
 | Mar 9 | OpenClaw | 2026.3.7 → 2026.3.8 |
 | Mar 9 | OS | Python 3.12 packages upgraded |
 | Mar 9 | Claude Code | 2.1.71 → 2.1.72 |
 | Mar 11 | Claude Code | 2.1.72 → 2.1.74 |
 | Mar 12 | OpenClaw | 2026.3.11 "Hunter & Healer Alpha" (Gemini Embedding 2, stealth models, Go OpenCode support) |
 | Mar 13 | Claude Code | 2.1.74 → 2.1.75 |
 | Mar 13 | OpenClaw | 2026.3.12 |
 | Mar 13 | OS | Kernel 6.8.0-106 installed (not yet booted — needs reboot) |
 | Mar 14 | OpenClaw | 2026.3.13 (Live Chrome session attach — major!) |
 **OC 2026.3.13 notable:** Live Chrome session attach — direct attach to real browser with all logins, no extension badge required.
 **Patches note:** Each OC release may require reapplication of deleted transcript indexing patch (grep `dist/query-expansion-*.js`).
 ---
 ## 🌍 World Events (Context for Johan)
 ### Iran War — Ongoing Escalation
 - US/Iran conflict through week, daily briefings
 - Strait of Hormuz effectively blocked by Iran
 - **Mar 12:** US sank 16 Iranian minelayers; Brent +4.8% → $92, WTI +4.6% → $87
 - **Mar 14:** US bombed Kharg Island (Iran's #1 oil export hub), then mine storage
 - **Current:** Brent ~$103/bbl. Oil shock driving market selloff. S&P at YTD low, third losing week.
 - Trump building coalition with UK/Japan/France to reopen Hormuz
 - Iran reportedly seeking deal
 ### Markets
 - S&P 500 at YTD low, three straight losing weeks (oil shock)
 - **SentinelOne (S):** Q4 earnings AH Mar 12 — Johan's short position is profitable. Q1 guidance soft → AH slide. Short still open.
 ---
 ## 🔧 Technical Decisions
 ### Go-First Discipline (Reinforced Mar 12)
 - Python audit triggered by port 9999 incident
 - **Johan:** "I have a very strong preference for GoLang. Python should only be temporary tools"
 - Active system Python: fail2ban, unattended-upgrades (untouchable system services)
 - Johan's Python: inou health-poller (legacy), mail-agent (superseded) — tolerated
 - **New rule:** New services on forge = Go only. No ad-hoc Python servers, ever.
 ### inou SMTP Clarification (Mar 12)
 - **CORRECT:** inou prod uses Proton SMTP token directly (`smtp.protonmail.ch:587`) — no bridge
 - **WRONG:** The nudge subagent kept flagging "Proton Bridge not running" as a bug
 - Check `smtp.env` before flagging inou SMTP issues
 - Bridge has no business being on 192.168.100.2 (prod)
 ### Claude Usage Reset Clarification (Mar 14)
 - Reset is **Thursday 10 PM ET** (Johan corrected this)
 - NOT Friday, NOT midnight — Thursday evening
 ### vault1984 / inou Pod Architecture (Discussed Mar 10 via agentchat)
 - Hans raised: run inou on each vault1984 pod?
 - James analysis posted to agentchat: shared pod infra, separate binaries, vault1984 manages WebAuthn PRF, inou gets scoped token
 - Key concern: inou's Claude API dependency vs air-gap model requirement
 - Status: discussion, no decision yet
 ---
 ## 🧠 Corrections This Week
 ### New Entry: inou Prod Uses Proton SMTP Token (added Mar 12)
 Already logged in corrections.md. Rule: Before flagging inou SMTP as broken, check `smtp.env` first.
 ### New Entry: inou is Infrastructure (added Mar 12 from nudge)
 Already logged in corrections.md. inou = storage/data layer. AI is pluggable on top. Don't suggest AI features as inou improvements.
 ### Johan Corrections (Mar 14)
 1. **Claude reset = Thursday 10 PM ET** (briefing had wrong day)
 2. **Inky acquisition = stale news** — stop surfacing it in briefings
 ---
 ## 🔁 Recurring Patterns This Week
 ### Git Backlog — Persistent Problem
 inou alone went from 70 → 82 → 101 → 161 uncommitted files over the week, with no action. Other repos (james-dashboard, clawd, dealspace) also have persistent unpushed commits.
 - This is a recurring weekly issue
 - **Hypothesis:** Active inou development by subagents without auto-commit discipline
 - **Action needed:** Set up auto-commit after subagent inou work, or do weekly commit sweep
 ### OpenClaw Rapid Releases
 4 OC updates in 7 days. The deleted-transcript-index patch needs reapplying after each one. Starting to create maintenance burden.
 - **Mitigation idea:** Script the patch reapplication so it's one command
 ### X Watch Double-Fire Bug (Unresolved)
 Multiple x-watch subagents fired in same window on Mar 11 (same story Telegram-sent twice). Race condition on heartbeat state write.
 - Root cause: `lastIntraDayXScan` not written atomically before second spawn
 - Fix needed: atomic write or lock before spawning
 ---
 ## 🚩 Stale Items in MEMORY.md
 These should be removed or updated:
 1. **"Dr. Madan — Call TODAY (Sunday) 2PM"** in Feb 15 section — This was from a month ago. Extremely stale. Remove "TODAY" framing.
 2. **"⚠️ triage disabled during re-sync (2026-03-06)"** in Proton Bridge section — If re-sync complete, update.
 3. **Health Link invoices** (#000057 $71.90 + #000058 $666.90) — Marked unpaid since Feb 23. No update in 3 weeks. Need Johan confirmation.
 4. **Baycare ventilator fraud complaint** — Last mentioned Feb 14. No escalation update since.
 5. **Spacebot worker dispatch bug** — Listed as "Revisiting 2026-03-03." Never revisited (v0.3.2 upgrade done but worker fix not confirmed).
 6. **HostKey Amsterdam cancellation** — Johan must confirm at panel.hostkey.com. This has been open since Feb 21. Either done or needs explicit reminder.
 7. **Uptime Kuma: 0 monitors** — Listed as "awaiting Johan's OK to rebuild" since Feb 19. Month+ old.
 8. **myCigna** listing RDP/Xvfb setup in TOOLS.md — The ThinkPad X1 was at 192.168.0.211 but updated to 192.168.0.223. Verify current IP.
 ---
 ## ✅ To Update in MEMORY.md
 - Add Recent Events section for Mar 9-15 (George, Iaso, .17 cleanup, security incident, S short, Iran war, OC 3.8-3.13)
 - Update Open Items (Kaseya M365 removed → closed, .17 decommission → closed)
 - Clarify Claude reset = Thursday 10 PM ET
 - Note kernel 6.8.0-106 installed, reboot pending
 ---
 ## 💡 Insights
 **Infrastructure decisions are compounding.** Every week we add another agent, decommission something old, and clean up one more zombie. The system is getting cleaner but the agent network is getting larger. James → Hans → Mira → George → Iaso. Five agents now. Worth having a map.
 **Security is only as strong as the subagents.** The port 9999 incident happened because a subagent spun up a Python server and nobody cleaned it up. Subagents need to leave forge in a clean state — no background processes, no temp servers, no /tmp exposure. This should be in AGENTS.md as a hard rule for subagent hygiene.
 **Johan's thesis: infrastructure is the moat** (from Mar 13 notes). vault1984 + inou = data layer bets. Models come and go, data infrastructure persists. Both products are building moat pieces, not AI features.