diff --git a/memory/2026-02-11.md b/memory/2026-02-11.md
index df7361c..9f973de 100644
--- a/memory/2026-02-11.md
+++ b/memory/2026-02-11.md
@@ -111,3 +111,20 @@
 - HostKey API reinstall does NOT reliably inject SSH keys or expose new passwords
 - Always keep password auth enabled and get credentials confirmed BEFORE hardening
 - The `eq/reinstall` endpoint returns a callback but credentials aren't retrievable after
+
+### HostKey API Breakthrough (15:30 ET)
+- Found that `eq.php?action=reinstall` DOES accept `root_pass` and `ssh_key` params
+- Previous attempt used `eq/reinstall` without these params — that's why credentials were unknown
+- Kicked off new reinstall with known password `Sh4nn0n_2026!` + james@forge SSH key
+- API response: `{"result":"OK","action":"reinstall","stage":"create_pxe","callback":"67f7d2ea30b96913559f2be022c09d40"}`
+- Spawned `shannon-setup` subagent to poll SSH and do initial setup once box is up
+- **Key learning:** HostKey `eq/reinstall` supports `root_pass`, `ssh_key`, `os_id` params — use them!
+- The first reinstall failed because we didn't pass `root_pass` (it was set to something random)
+- `eq/order_instance` with `reinstall=1` returns 404 — that endpoint doesn't exist despite docs suggesting it
+
+### HostKey API Reference (for future use)
+- **Auth:** `POST https://invapi.hostkey.com/auth.php` with `action=login&key=<api_key>` → returns session token (2hr TTL)
+- **Reinstall:** `POST https://invapi.hostkey.com/eq.php` with `action=reinstall&token=<token>&id=<server_id>&os_id=237&root_pass=<pass>&ssh_key=<pubkey>`
+- **Server list:** `POST https://invapi.hostkey.com/eq.php` with `action=list&token=<token>`
+- **Callback check:** `POST https://invapi.hostkey.com/eq_callback.php` with `action=check&token=<token>&callback=<callback_id>`
+- **eq/order_instance endpoint does NOT work** (returns 404) — use eq.php?action=reinstall instead