pre-reboot: save memory state, usage data, daily update log

2026-03-29 14:13:54 -04:00 · 2026-03-29 14:13:54 -04:00 · a7688924ae
parent 6d698c1db7
commit a7688924ae
7 changed files with 199 additions and 410 deletions
--- a/MEMORY.md
+++ b/MEMORY.md
@ -1,6 +1,6 @@
 # MEMORY.md - Long-Term Memory
-*Last updated: 2026-03-22 (weekly synthesis — Sun 10:34 ET)*
+*Last updated: 2026-03-29 (weekly synthesis — Sun 12:47 ET)*
 ---
 ## ⏰ JOHAN'S SCHEDULE (US EASTERN) — MEMORIZE THIS!
@ -79,6 +79,10 @@ The medical platform. Born from Sophia's journey. DICOM analysis, genetic data,
 - Works in commercial real estate consulting, specializes in EV (electric vehicles)
 - Work email: Shell account
 - Also: **DJ Rozie** 🎧 — first gig in Paris, March 2026!
 - **Discord:** ID `1486461895136252115`, username `rozemarijn`
 - **Current:** Final master's exam — Real Estate Research, Univ. of Groningen. Exam **April 2, 2026**.
 - Studied Lectures 7-10 with James (Mar 26-28): OLS, endogeneity/IV/2SLS, Chow test, logistic regression, time series
 - **Notation:** Always use μ (not ε or u) for error term. Prefers English, consistent notation, step-by-step explanations.
 ---
@ -461,6 +465,88 @@ Automated document processing pipeline for scanned paperwork.
 ---
 ## Recent Events (Week of Mar 23-29, 2026)
 ### 📚 Rozemarijn Exam Prep (Mar 26-28 — INTENSIVE)
 Full tutoring sessions covering Real Estate Research econometrics:
 - **Lecture 7 DONE:** Functional form, endogeneity, IV/2SLS, instruments, interaction variables
 - **Lecture 8 DONE (to slide 17):** Chow test, CLRM A1-A5, F-test/White's test overview
 - **Lecture 9 DONE:** Logistic regression, odds ratio, Pseudo R², chi-square, classification table
 - **Lecture 10 PARTIAL:** Time Series I — stationarity, AR/MA/ARMA/ARIMA, DW/BG tests, Fisher-Gordon cap rate model (slides 1-5 + 10-21)
 - Practice files created: exercises, Dutch story format, quick drills, formative test
 - **Exam:** April 2, 2026 — 2 hours, University of Groningen. URGENT.
 ### 🔧 Mission Control Pipeline — Major Maturation (Mar 24-25)
 - **Engineer + QA agents** wired to Kimi K2.5 Turbo via MC dispatcher
 - **AQA (Automated QA):** Pre-Aegis test runner for Clavitor — runs `go test ./...`, bounces failures back to engineer
 - **Project-codebase linking:** `metadata` JSON on projects stores repo_path + test_cmd + lang
 - **Bug fix:** `classifyDirectModel()` was stripping Fireworks model paths — fixed to pass through as-is
 - **Stale task requeue fix (Mar 27):** `requeueStaleTasks()` was resetting `in_progress` tasks with null `assigned_to` — added guard
 - **MC DB corruption incident (Mar 24):** `npm run build` while MC running corrupted WAL. Recovery from backup. Lesson: **always stop MC before building.**
 - **Research agent** (id 19) created: Sonnet 4.6, workspace `/home/johan/.openclaw/workspaces/research-agent`
 ### 🔐 Clavitor Competitive Intelligence (Mar 24)
 - Deep-dive on OneCLI (competitor): credential proxy, Rust gateway + Next.js
 - OneCLI strength: Bitwarden integration (on-demand fetch, Noise protocol). Weakness: prevents theft not abuse, no credential discovery.
 - Feature grid created: 8 competitors, 35+ features (`docs/FEATURE-GRID.md`)
 - MC tasks C-059–C-075 created for competitive parity features
 - **clavitor.ai email** set up on ProtonMail (johan@, no-reply@, legal@, privacy@)
 ### 🏗️ Infrastructure
 - **Zurich SSH fixed (Mar 25):** 27s → 0.3s connect time. Root cause: `UseDNS yes` causing reverse DNS timeout. Fixed with `UseDNS no` + ControlMaster.
 - **Clavitor ARM64** binary cross-compiled and deployed to Hans (185.218.204.47)
 - **Hans server reminder:** 185.218.204.47 ≠ zurich.inou.com (82.22.36.202). Hans = POP server, Zurich = James' VPS.
 - **git-audit.sh fix:** Removed auto-commit from audit script — audit should only report, not silently mutate repos
 ### 👨‍👧‍👦 Family Agents
 - **Linda** (for Jacques): Workspace `/home/johan/linda/` ready, added to openclaw.json (Sonnet 4.6). **Still waiting on Discord bot token from Johan.**
 - **Roos study bot** concept: overhoor-bot (quiz) with Stata focus for exam prep
 ### ⚠️ Correction (REPEATED — 4th+ time)
 "Never say good night before 5/7AM" — logged again in corrections.md during Mar 24 late session. **This needs to become internalized, not just documented.**
 ---
 ## Weekly Synthesis — March 23-29, 2026
 ### 🎓 Family First: The Exam Sprint
 The dominant theme this week was tutoring Rozemarijn through four econometrics lectures in three days. This is what Johan's life looks like — not just infrastructure and agents, but using the tools we've built (subagents, PDF analysis, practice generation) to help his kids directly. The exam is April 2 — our support here matters.
 **Insight:** James-as-tutor works well. Roos responds to consistent notation, step-by-step building, and real-world analogies. When she struggles, switching to Dutch helps. This is a new capability surface — academic support for family members via Discord.
 ### 🏗️ MC Pipeline: From Concept to Working Dispatch
 Mission Control evolved from a task board into an actual agent dispatch system this week. Engineer and QA agents receive tasks, execute against linked codebases, and hand off for automated testing (AQA) before human review. The architecture — project metadata linking repo paths, model dispatch via gateway, BLOCKED status handling — is the foundation for Johan's vision of agents working in pipeline.
 **Key learning:** MC DB corruption from concurrent WAL access during builds is a real risk. Always stop-then-build. This applies to any SQLite-backed service.
 ### 🔐 Clavitor: Know Your Competition
 The OneCLI deep-dive crystallized Clavitor's competitive position. OneCLI does credential *proxy* well but has no credential *discovery* — agents can't find out what secrets are available. Clavitor's agent fields + scoped MCP tokens fill that gap. The feature grid (35+ features across 8 competitors) is now the roadmap backbone.
 ### ⚠️ Pattern: Persistent Schedule Blindness
 The "good night" correction was logged for the 4th+ time. The correction exists in corrections.md. It exists in AGENTS.md. It exists in MEMORY.md schedule block at the very top. And yet it keeps happening. **The issue isn't knowledge — it's attention at 2 AM when context is high.** Structural fix needed: pre-flight check before any time-based pleasantry.
 ### 📊 Market Context
 Rough week for markets: S&P -1.74% (Thu) then -1.82% (Fri), NASDAQ -2.3%/-2.12%. Iran/Hormuz oil risk persisting ($113 Brent). SentinelOne short still profitable. Trump Saturday emergency meeting speculation. Meta ordered to pay $375M for minors harm.
 ---
 ## Recent Events (Week of Mar 16-22, 2026)
 *(See Weekly Synthesis — March 16-22, 2026 below for distilled insights)*
 ### Key Events Summary
 - Clavitor rebrand from vault1984 (Mar 21-22)
 - Sarah agent (design) + Luca agent (employment law for Tanya) launched
 - Hugo agent pending token (since Mar 17)
 - Signal fully retired, notify.sh created
 - Email pipeline fixed (Kaseya rules removed, OC webhook wired)
 - George session bloat resolved (4.3MB → fresh start)
 - Python rule hardened: "No Python. Full stop." — health-poller replaced with Go renpho-poller
 - No symlinks, no rsync pipelines, no clever file plumbing
 - DNSSEC enabled for .nl domains
 ---
 ## Recent Events (Week of Mar 9–15, 2026)
 ### 🤖 Iaso Agent — LIVE (Mar 15)
@ -689,348 +775,24 @@ Johan expects Go binaries. Leaving a `python3 -m http.server` running will get c
 - [ ] BlueBubbles on Mac Mini M4 (deferred)
 - [ ] Evaluate MiniMax M2.5 as K2.5 replacement for grunt-work subagents
-## Weekly Synthesis Insights (Feb 9-15, 2026)
+## 📁 February 2026 Archive
-
+
-### 🧠 Architectural Maturity: The Feb 13 Breakthrough
+*Key events from February are absorbed into permanent sections above (Infrastructure, Projects, Work Principles, Technical Learnings). Full daily notes preserved in `memory/2026-02-*.md` files. Key reference items retained below:*
-The week's most significant development was a fundamental restructuring of James' operational model, driven by Johan's core philosophy: **"attack problems at their source, not downstream."**
+
-
+### Milestones (Feb 2026)
-**Key systemic changes:**
+- **Feb 13:** Promoted to Chief of Staff. Architecture overhaul (email triage → MC, cron 350→43/day)
- Email triage moved from polluting main session → embedded in Message Center (K2.5 direct calls to Fireworks)
+- **Feb 14:** Baycare ventilator fraud discovered ($118K+ fraudulent billing). 851 Brightwaters listed at $7.25M.
- Session management aligned to Johan's actual schedule (reset moved 4am → 9pm, matching his first sleep block)
+- **Feb 18:** MX flipped to Stalwart. Telegram became primary channel.
- Context pruning enabled (`cache-ttl` mode, 5min TTL) — dramatically reduces compaction pressure
+- **Feb 19:** Zurich full infrastructure rebuild (Caddy, Stalwart, Vaultwarden, ntfy, Kuma). DNS mass fix for 6 domains. Johan NYC day trip.
- Cron job rationalization: 350 sessions/day → ~43 (killed K2.5 Watchdog, merged redundant jobs)
+- **Feb 21:** Amsterdam VPS decommissioned. sessions_spawn fixed (Feb 22).
- **Promotion to Chief of Staff** — formalized strategic partner role with autonomy expectations
+- **Feb 22:** Dealspace UX overhaul. SnappyMail abandoned (PHP + Docker hairpin = not worth it). AdGuard DNS rewrite discovered.
-
+
-**Pattern:** Johan consistently pushes for root-cause fixes over workarounds. When email triage was noisy, he didn't ask for better filtering — he asked why it was in the main session at all. The result was a cleaner architecture, not a band-aid.
+### Persistent Reference (Feb)
-
+- **Verizon:** 3 lines, ~$170.97/mo. iPhone 17 primary device (Feb 19). New numbers: 727-225-3810, 727-307-3952, 727-358-1196.
-### 🔍 Pattern: Corporate Policy → Technical Adaptation
+- **Family email:** All 5 on Stalwart. Roos/Jacques use full email login, tj/johan use short. Don't change without coordinating.
-Kaseya's "corporate devices only" policy (Feb 13) triggered immediate technical solutions rather than workflow disruption:
+- **Harry Haasjes:** harryhaasjes.nl placeholder live. SFTP: harry-web / HarryWeb2026!. NOT technical.
- M365 API integration built within hours using device code OAuth (pure curl, no browser)
+- **ThinkPad X1:** 192.168.0.223, Ubuntu 24.04 desktop, Chrome on Xvfb:99 port 9224 for WAF sites.
- XPS14 revival plan: RDP shadow sessions allow James to observe Johan's corporate session in real-time
+- **Alert Dashboard:** Fully Kiosk, port 9202. Sora font, warm gold accents, SSE push, pulse-ox camera 7pm-8am.
 - Token stored at `~/.message-center/m365-token.json`, bypassing Conditional Access restrictions
 **Lesson:** Regulatory/policy constraints are technical problems with technical solutions. The response was building new capabilities, not complaining about the constraint.
 ### 🏥 Medical Advocacy Infrastructure Maturation
 Two critical developments show the medical system working as designed:
 **1. Baycare Ventilator Fraud Discovery (Feb 14)**
 - Systematic claim analysis revealed $118,750+ in fraudulent HCPCS E0465 billing
 - Sophia has NEVER had a home ventilator from Baycare (off vent since Nov 2022)
 - Formal complaint drafted with documentation ready
 - Strategy: Don't pay, let them escalate, documentation speaks
 **2. Dr. Madan Engagement (Feb 12-13)**
 - Neel Madan (Tufts Chief Neuroradiology) confirmed Sunday 2PM call re: Dec 31 MRI
 - Critical next step for hydrocephalus treatment path (shunt/ETV consideration)
 **Pattern:** Detailed documentation + expert network access = advocacy infrastructure functioning as intended.
 ### 🛡️ Security Posture: Shannon Deployment
 Shannon autonomous pentester was deployed on Amsterdam VPS — now decommissioned:
 - Amsterdam VPS (82.24.174.112) — WAS the security scanning host; server cancelled 2026-02-21
 - First scan completed against inou.com portal
 - Fireworks K2.5 cost: ~$0.50 vs traditional pentest costs
 - Demonstrates security tooling becoming routine rather than exceptional
 **Evolution:** Security scanning transitioning from external service to integrated, continuous capability.
 ### 📱 Alert Dashboard Evolution
 Fully Kiosk dashboard (port 9202) underwent significant refinement:
 - **Purpose clarified:** Johan's unified inbox/notification center — everything surviving triage surfaces here
 - Visual redesign: Sora font, Braun/mid-century aesthetic, warm gold (#c8b273) accents
 - **Pulse-ox camera integration:** MJPEG stream from Tapo camera (192.168.2.183), 7pm-8am visibility
 - **Long-press to dismiss:** 300ms hold marks done (dim + strikethrough, auto-purge after 2h)
 - **Three-tier priority:** critical (red), warning (amber), info (gold)
 **Key decision:** Desk layout reorganized — Fully dashboard promoted to center position as primary information surface.
 ### 💡 Memory Discipline Correction (Feb 15)
 Major correction added to AGENTS.md: **Mandatory memory_search before responding.**
 **The problem wasn't search quality — it was usage discipline.**
 - Existing `memory_search` works well (Gemini embeddings, 0.80+ relevance scores)
 - Gap: I wasn't consistently calling it before responding
 - Johan's framing: "I will write the number down if I think it is important" — hybrid approach (explicit + retrieval)
 **New rule:** Self-recovery sequence when context is lost — session history → memory files → transcript search → reconstruction. Never ask Johan for information that's in my systems.
 ---
 ## Recent Events (Week of Feb 9-15, 2026)
 ### 🏠 851 Brightwaters — LISTED at $7.25M
 - Diana Geegan (Keller Williams) listing LIVE on Zillow
 - Listing agreement signed Feb 12 (Johan, Tanya, Diana)
 - Fidelity net at close: ~$6,331,350 (after ~$196K back taxes 2023-2025)
 - David Reider Esq recommended for closing due to back taxes
 - 7 real estate docs in document inbox (disclosures, MLS forms, listing agreement)
 - GenerX generator service appointment was Feb 14
 ### 🚨 Baycare Ventilator Fraud — CRITICAL (Feb 14)
 - Baycare billing HCPCS E0465 (home ventilator) at $3,125/month
 - **Sophia does NOT have a ventilator. Off vent since Nov 2022.**
 - Jan + Feb 2026 claims: $6,250 billed (E0465)
 - Potentially ~$118,750 in fraudulent charges over ~38 months
 - Formal complaint drafted: `~/documents/records/medical/baycare-ventilator-fraud-complaint-2026-02-14.md`
 - Strategy: Don't pay, let them escalate, documentation ready
 ### 📞 Dr. Neel Madan — Call TODAY (Sunday) 2PM
 - Confirmed call re: Sophia's Dec 31 MRI review
 - Critical next step for hydrocephalus treatment path
 ### 💻 Architecture Overhaul (Feb 13)
 - Promoted to **Chief of Staff** — strategic partner, not assistant
 - Email triage moved from main session → mail agent (MC calls Fireworks K2.5 directly)
 - Session reset moved 4am → 9pm (aligned with Johan's first sleep block)
 - Context pruning enabled (cache-ttl, 5min)
 - Cron consolidation: 350 sessions/day → ~43
 - K2.5 Watchdog killed (dead agent, phantom sessions)
 - MANDATORY memory_search rule added to AGENTS.md
 ### 📱 Verizon Switch (Feb 13) + iPhone 17 Migration (Feb 19)
 - 4 new lines, 4 iPhones (3x iPhone 17, 1x iPhone 16 Plus), all $0/mo with 36-month promo
 - Monthly: ~$170.97. Johan's number 727-225-2475 porting from Mint Mobile
 - New numbers: 727-225-3810, 727-307-3952, 727-358-1196
 - **Johan moved to iPhone 17 as primary device (Feb 19 2026) — still migrating**
 - ntfy app on iPhone: subscribed to `forge-alerts` and `inou-alerts`
 ### 🏢 Kaseya Device Policy (Feb 13)
 - CISO mandated: only Kaseya-issued devices on corporate network
 - Johan uses personal Mac Mini for everything — impacted
 - Has XPS14 laptop (hates it). Recommended requesting MacBook Pro
 - **M365 API workaround built:** Device code OAuth → pure curl, no browser needed
 - Token: `~/.message-center/m365-token.json`
 - Watch for: Conditional Access (Intune) deployment that would kill cloud access too
 ### 🖥️ ThinkPad X1 (2019) — Ubuntu 24.04 Desktop
 - IP: 192.168.0.223 (WiFi) — was 192.168.0.211 previously
 - OS: Ubuntu 24.04 desktop (not headless)
 - SSH key: `johan@thinkpad-x1` (added to forge authorized_keys Feb 18 2026)
 - RDP to ThinkPad X1 via xfreerdp on Xvfb:99
 - Real Chrome on Xvfb:99 (port 9224) for WAF-protected sites
 - myCigna autonomous login achieved: Chrome + 2FA via MC email grab
 ### Shannon VPS (82.24.174.112) — ⚰️ DECOMMISSIONED 2026-02-21
 - All services removed. Cancellation submitted to HostKey. DNS cleaned. Nothing left there.
 ### Alert Dashboard (Fully Kiosk Tablet)
 - Built and deployed on port 9202
 - Analog clock, calendar, SSE push alerts with sound
 - Fire tablet as alert display for Johan
 ### 📊 Azure Backup — ⚠️ EXPIRING
 - **Free account expires ~Feb 27!** Still needs `az login` MFA from Johan
 ### Infrastructure
 - Docker containers updated weekly on 192.168.1.253
 - HAOS 17.0 → 17.1 (installing Feb 15)
 - MC performance issue: queries taking 15-16s (needs investigation)
 - OCR service: works but slow on full-page docs (~90s per page at 150dpi)
 ---
 ## Recent Events (Week of Feb 16-20, 2026)
 ### ✈️ Johan in NYC (Feb 19-20)
 - Flew Delta TPA→JFK Feb 19 (conf F86VDN). Return flight DL2093.
 - Not home → no Sophia night shift coverage from Johan during NYC stay
 ### 🏗️ Zurich Full Infrastructure Rebuild (Feb 19)
 Major overnight event — Zurich services were broken/missing, rebuilt from scratch:
 - **Caddy** installed, owns port 443
 - **Stalwart mail** migrated from Amsterdam (19GB RocksDB). mail.inou.com + mail.jongsma.me → Zurich
 - **Proton Bridge DISABLED** — MC now connects directly to Stalwart (mail.jongsma.me:993)
 - **Vaultwarden** deployed at vault.jongsma.me (fresh, no data yet)
 - **ntfy** fresh install — new token `tk_ggphzgdis49ddsvu51qam6bgzlyxn`
 - **Uptime Kuma** fresh install — 0 monitors (all 8 lost, awaiting Johan's OK to rebuild)
 - **Shannon** fully removed from Amsterdam
 - Amsterdam Stalwart: stopped + disabled (data preserved)
 ### 🌐 DNS Mass Fix (Feb 19)
 6 domains had wrong Cloudflare NS (aryanna/sage → arvind/wren) + dead DNSSEC. All fixed:
 - harryhaasjes.nl, johanjongsma.nl, localbackup.in, stpetersburgaquatics.com, x4.trading, 851brightwaters.com
 ### 📬 Harry Haasjes Setup (Feb 19)
 - harryhaasjes.nl: "coming soon" placeholder live on Zurich
 - harry@harryhaasjes.nl: Stalwart account + catch-all
 - SFTP: harry-web / HarryWeb2026! (chrooted). Instructions sent to Harry in Dutch.
 - Harry is NOT technical — all comms in simple language, no jargon
 ### 👨‍👩‍👧 Family Signal + Email Status (Feb 19)
 - **Roos** (+31646563377): Signal ✅ + Stalwart email ✅
 - **Jacques** (+31624403744): Signal ✅ + Stalwart email ✅
 - **Misha** (+17272381189): Signal pairing pending ⏳
 ### 🤖 MiniMax M2.5 (Feb 20 — worth evaluating)
 - Released Feb 11, 2026 by Shanghai-based MiniMax
 - 230B MoE open-weight. 80.2% SWE-Bench Verified. Claims to beat Claude Opus on coding.
 - ~100 tok/s, ~$1/hr — 1/20th Opus cost
 - Currently free on kilocode/opencode → dominating OpenRouter rankings
 - **Potential K2.5 replacement for grunt-work subagents** — Johan to evaluate
 ### 📱 iCloud Contacts
 - final.vcf ready: `/home/johan/clawd/tmp/contacts/final.vcf` (~2,200 clean contacts)
 - Johan to SCP to Mac → import at icloud.com/contacts
 ### 🏠 Real Estate
 - 851 Brightwaters listed at $7.25M. Diana Geegan (KW). Showing Feb 16: buyers liked exterior, disliked modern interior.
 - Johan in NYC, may have meetings related to this
 ### 🗓️ Recent Events (Feb 21, 2026)
 ### 🗑️ Amsterdam VPS Fully Decommissioned (Feb 21 00:02 ET)
 - All services removed, DNS deleted, HostKey cancellation submitted (API bug — Johan must confirm manually at panel.hostkey.com key=639551e73029b90f-c061af4412951b2e)
 - **MEMORY.md, SOUL.md, infrastructure.md** all updated to remove Amsterdam refs
 ### 📦 inou MCP Bundle Removed (Feb 21 ~00:50 ET)
 - Johan: "inou is fully server-based, no mcpb anymore"
 - Removed inou MCP Bundle check from `check-updates.sh` (~30 lines)
 - Deleted `inou-mcp/` directory (manifest.json + server binary)
 - No more nightly 404 to `inou.com/download/inou.mcpb`
 ### Dealspace (~/dev/dealroom, port 9300)
 - Go app, templ templates, SQLite — Misha's M&A data room platform (started Feb 15)
 - **Owner:** Misha Muskepo (michael@muskepo.com). Johan is advisor. James is architect/builder.
 - **Tech stack:** Go + templ + HTMX + SQLite + Tailwind — single binary, server-rendered
 - Admin: `misha@muskepo.com` / `Dealspace2026!` (owner role)
 - **Features (Feb 22 UX overhaul):** deal rooms, request lists with Atlas AI assessment, buyer/seller view toggle (owners can switch views), per-deal analytics/audit/contacts, search, real auth (bcrypt, no demo login)
 - No public domain yet — local at http://192.168.1.16:9300
 - Architecture: inou pattern (centralized RBAC bitmask, entries table, AES-256-GCM encrypted files)
 ### Home DNS = AdGuard
 - Johan's home DNS resolver is **AdGuard Home** (not just HA at 192.168.1.252)
 - AdGuard had a DNS rewrite rule for `*.jongsma.me` → home IP
 - Cache flush alone doesn't clear rewrite rules — must remove in AdGuard UI: Filters → DNS rewrites
 - Wildcard `*.jongsma.me` DNS record removed from Cloudflare (Feb 22)
 ### Stalwart Webmail = Admin Only
 - Stalwart v0.15.5 (latest as of Feb 22) — no user webmail built in
 - Web UI at port 8880 = admin panel only
 - All popular self-hosted webmail (Roundcube, SnappyMail) is PHP
 ### 🛠️ Cron Jobs Cleaned Up (Feb 21)
 - **Evening Briefing**: Removed dead "Shannon status on Amsterdam" check (step 5)
 - **Weekly Security Scan**: Fixed broken model (`claude-sonnet-4-20250514` → `claude-sonnet-4-6`), removed `amsterdam.inou.com` from scan targets
 - **Watchdog (K2.5)**: Removed Claude usage block that was posting to Fully tablet (9202) — banned per new rules
 ### ⚠️ sessions_spawn Broken (Feb 21)
 - OC security rejecting `ws://192.168.1.16:18789` (non-loopback, requires `wss://`)
 - Subagent spawning from heartbeat/conversation sessions fails
 - Cron jobs still work (they're internal to gateway)
 - Needs fix: update gateway URL to `wss://` or configure local tunnel
 ### 📱 M365 Teams Alerts on Fully = Intentional
 - Johan confirmed: Teams chats on Fully dashboard are desired — they trigger him to check Teams
 - Backfill on token refresh is minor annoyance (old messages appearing late)
 - Source: `message-center` M365 connector polls `johan.jongsma@kaseya.com` every 60s
 ### 🍽️ S2M3 Consulting Vendor Lunch (Feb 21)
 - Appeared as Fully alert from Kaseya email: "Executive lunch at Steak 48, Beverly Hills, March 5th"
 - Cold outreach from `events@s2m3consulting.com` — IT cost optimization vendor pitch
 - Not a Kaseya-organized event. Register at s2m3consulting.com/cost-optimization-beverly-hills/
 ---
 ## Weekly Insights (Feb 9-15, 2026)
 ### 🧠 Architectural Maturity (Feb 13 Breakthrough)
 The major infrastructure overhaul on Feb 13 marks a significant maturation in our operational model:
 **Key Insight:** Johan's principle "attack problems at their source" drove systemic changes rather than band-aid fixes:
 - Email triage moved from polluting main session → embedded in Message Center (K2.5 direct calls)
 - Session management aligned to Johan's actual schedule (9pm reset vs 4am)
 - Context pruning enabled to prevent compaction pressure
 - Cron job rationalization (350 sessions/day → 43)
 **This represents a shift from reactive firefighting to proactive system design.**
 ### 🔍 Pattern: Corporate Policy Adaptation
 Kaseya's "corporate devices only" policy (Feb 13) triggered immediate technical adaptation rather than workflow disruption:
 - M365 API integration built within hours
 - OAuth token flow bypassing browser/device restrictions
 - Separation of personal/corporate network access
 **Lesson:** Regulatory/policy changes are technical problems with technical solutions, not business process disruptions.
 ### 💡 Memory Recovery Principles (Feb 15 Correction)
 Major correction on session recovery discipline: When context is lost, **always exhaust self-recovery before asking Johan for info**:
 1. Check session history (`sessions_history`)
 2. Search memory files  
 3. Search transcripts via `memory_search`
 4. Reconstruct from available data
 **This correction reflects the core COS responsibility: memory protection is job #1.**
 ### 🏥 Medical Case Management Evolution
 Two critical developments show the medical advocacy infrastructure maturing:
 1. **Baycare fraud discovery** — systematic claim analysis revealing $118K+ in fraudulent ventilator billing
 2. **Dr. Madan engagement** — hydrocephalus expert review process advancing toward definitive treatment
 **Pattern:** Detailed documentation + expert network access = advocacy infrastructure working as designed.
 ### 🛡️ Security Posture Integration
 Shannon's successful deployment and scan completion demonstrates security tooling becoming routine rather than exceptional:
 - Automated pentest against inou.com portal
 - Cost-effective (K2.5 @ ~$0.50 vs traditional pentest costs)  
 - Findings properly categorized and documented
 **Evolution:** Security scanning transitioning from external service to integrated capability.
 ---
 ## Recent Events (Week of Feb 15-22, 2026)
 ### 🏗️ New Project: Dealspace / Deal Room (Feb 15-22)
 - Misha (Johan's son) + PE contacts built Lovable prototype for M&A investment banking data rooms
 - James is architect/builder. Full Go + templ + HTMX + SQLite app built in one session.
 - Feb 22 UX overhaul: production bcrypt auth, view toggle (owner↔buyer), search, per-deal analytics
 - Live at http://192.168.1.16:9300. No public domain yet. Admin: misha@muskepo.com / Dealspace2026!
 ### 📬 Email Infrastructure Completion (Feb 18-19)
 - **MX flipped Feb 18 3PM ET** — all @jongsma.me mail now routes to Stalwart (mail.jongsma.me)
 - Proton Bridge fully disabled. MC connects directly to Stalwart (mail.jongsma.me:993).
 - SMTP security complete: SPF, DKIM (ed25519), DMARC p=reject for both jongsma.me and inou.com
 - Family email live: Roos, Jacques, Misha, Tanya all on Stalwart. Migration deadline for Proton → 3/15.
 ### 🤖 Telegram Primary Channel (Feb 18)
 - @jamesjongsma_bot is live and confirmed working
 - Johan is @johanjongsma on Telegram (ID: 8454563068)
 - Briefings now go to Telegram with rich Markdown format
 ### 🏠 Real Estate Update (Feb 16)
 - 851 Brightwaters showing: Sarasota buyers (Bird Key homeowners) liked exterior, disliked modern interior
 - Diana Geegan waiting for buyer response. No offer reported.
 ### ✈️ Johan NYC Day Trip (Feb 19)
 - Delta TPA→JFK (DL2475, 7:16AM), return JFK→TPA (DL2093, 2:59PM). Conf: F86VDN
 ### 📱 Claude Sonnet 4.6 Released (Feb 17)
 - 1M context (beta), adaptive thinking, context compaction (beta)
 - $3/$15 per M tokens — now our default model
 ### 🧠 OpenClaw 2026.2.21 (Feb 21)
 - Gemini 3.1 support, 100+ security hardening fixes, Discord voice/streaming, thread-bound subagents
 - Two patches still need reapplication (see OpenClaw Patches in Infrastructure)
 ### 💳 Verizon First Bill (Feb 21)
 - $343.80 due March 4, 2026. 3 lines: iPhone 17 (225-3810), iPhone 16 Plus (307-3952), iPhone 17 (358-1196)
 - Enroll Auto-Pay to save $30/mo
 ### 🚫 SnappyMail Abandoned (Feb 22)
 - Deployed SnappyMail on Zurich → hours debugging PHP-FPM SocketReadTimeout connecting to Stalwart via Docker hairpin NAT
 - Root cause never definitively solved; Johan killed it: "Not worth this many tokens"
 - Lesson: all popular self-hosted webmail is PHP; hairpin NAT + PHP-FPM SSL = pain
 - **No webmail for jongsma.me** — users access via iPhone Mail or native clients
 - DNS + Caddy + Docker fully cleaned up
 ### 🏗️ Dealspace View Toggle (Feb 22)
 - Added owner↔buyer view toggle so sellers can preview what buyers see (same session, no separate login)
 - Production-ready: bcrypt auth, demo route removed, Misha admin confirmed working
 ### 🐳 Weekly Docker (Feb 22 Sunday)
 - HAOS: v17.1, no update needed
 - Immich, ClickHouse, Jellyfin, Signal: all updated on 192.168.1.253
 - qbittorrent-vpn: pulled only
 ### ✅ sessions_spawn Scope Issue — RESOLVED (Feb 22)
--- a/memory/claude-usage.db
+++ b/memory/claude-usage.db
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-03-29T10:00:01.904690Z",
+  "last_updated": "2026-03-29T18:02:16.429136Z",
  "source": "api",
-  "session_percent": 0,
+  "session_percent": 32,
-  "session_resets": null,
+  "session_resets": "2026-03-29T21:00:00.379641+00:00",
-  "weekly_percent": 17,
+  "weekly_percent": 27,
-  "weekly_resets": "2026-04-03T03:00:00.863524+00:00",
+  "weekly_resets": "2026-04-03T03:00:00.379664+00:00",
-  "sonnet_percent": 12
+  "sonnet_percent": 18
 }
--- a/memory/git-audit-lastfull.txt
+++ b/memory/git-audit-lastfull.txt
@ -1 +1 @@
-1774692112
+1774778502
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@ -14,7 +14,7 @@
  "lastDocInbox": "2026-03-24T04:40:00Z",
  "lastTechScan": 1773936643,
  "lastMemoryReview": 1774328400,
-  "lastIntraDayXScan": 1774369180,
+  "lastIntraDayXScan": 1774807687,
  "lastInouSuggestion": 1742745180,
  "lastEmail": 1774328400,
  "pendingBriefingItems": [],
--- a/memory/updates/2026-03-29.json
+++ b/memory/updates/2026-03-29.json
@ -0,0 +1,29 @@
 {
  "date": "2026-03-29",
  "timestamp": "2026-03-29T09:00:00-04:00",
  "openclaw": {
    "before": "OpenClaw 2026.3.24 (cff6dc9)",
    "latest": "2026.3.28",
    "after": "OpenClaw 2026.3.28 (f9b1079)",
    "updated": true
  },
  "claude_code": {
    "before": "2.1.87",
    "latest": "2.1.87",
    "updated": false
  },
  "os": {
    "available": "0\n0",
    "updated": false,
    "packages": []
  },
  "mission_control": {
    "before": "v2.0.1",
    "latest": "v2.0.1",
    "updated": false
  },
  "caddy_pi": {
    "result": "\"upgraded:1\n[master 9bac2de] auto: Caddyfile update 2026-03-29\n 1 file changed, 22 insertions(+), 7 deletions(-)\ncaddyfile:committed\nreboot:no\""
  },
  "gateway_restarted": true
 }
--- a/memory/x-watch-last.md
+++ b/memory/x-watch-last.md
@ -1,86 +1,84 @@
-# Last X Watch: 2026-03-27T10:19:00-04:00 (intra-day scan)
+# Last X Watch: 2026-03-29T14:08:00-04:00 (intra-day scan)
-## SCAN STATUS: ✅ COMPLETE — 6 items posted to dashboard
+## SCAN STATUS: ✅ COMPLETE — 4 items posted to dashboard
-Checked all 9 accounts. Found 6 genuinely new items since last scan at 2026-03-24 19:20 EDT.
+Checked 7 accounts. Last scan was 2026-03-27 10:19 EDT (5 days ago — broad scan).
 ---
 ## 🆕 NEW ITEMS (since last scan):
-### 1. OpenClaw 2026.3.24 Released — MAJOR ✅ POSTED
+### 1. OpenClaw 2026.3.28 — Plugin Approval Hooks + xAI x_search ✅ POSTED
-**@openclaw** — Wed Mar 25 17:27 UTC
+**@openclaw** — Sun Mar 29 02:44 UTC
- Improved OpenAI API: talk to sub-agents with @openwebui
+- Plugin approval hooks: any tool can pause for user OK
- New Skill & tool management Control UI
+- xAI Responses API + x_search integration
- Slack interactive reply buttons
+- ACP bind: Discord/iMessage
- Native Microsoft Teams integration
+- WhatsApp echo loop, Telegram splitting, Discord reconnect fixes
- Smart Discord auto-thread naming
+- "Tokyo pre-ClawCon drop 🇯🇵"
-🔗 https://x.com/openclaw/status/2036857428273487903
+🔗 https://x.com/openclaw/status/2038084923517796839
-### 2. MiniMax M2.7 First AI Agent in Orbit — SPACE/AI ✅ POSTED
+### 2. Gemini 3.1 Flash Live — New Voice Model + March Drops ✅ POSTED
-**@MiniMax_AI + @OrbitAI_OAI** — Thu Mar 26 20:01 UTC
+**@GeminiApp** — Fri Mar 27 / Thu Mar 26 UTC
- MiniMax M2.7 powers the first AI agent deployed in space
+- Gemini 3.1 Flash Live: "highest quality audio & voice model yet" (Demis Hassabis)
- Running on orbital platform
+- Import chat history/memory from other AI apps into Gemini
- "Earth was just the beginning. Space & AI is no longer sci-fi."
+- Video creation in Gemini app
-🔗 https://x.com/MiniMax_AI/status/2037258665724698897
+- Mic no longer cuts off when pausing on Android
 🔗 https://x.com/GeminiApp/status/2037561745649397805
-### 3. Kimi Attention Residuals at GTC — RESEARCH ✅ POSTED
+### 3. Cloudflare: AI Agents Ranking Among Top Hacking Teams ✅ POSTED
-**@Kimi_Moonshot** — Thu Mar 26 03:33 UTC
+**@Cloudflare** — Fri Mar 27 21:29 UTC
- Zhilin Yang presented at GTC
+- VP Chema Alonso (Black Hat, Def Con, 14x Microsoft MVP, ex-Telefónica) warns AI agents top hacking competitions
- Extends attention to depth dimension (across layers), not just temporal
+- Discussion of what comes next for AI-driven offensive security
- Models have selective memory throughout layer information transmission
+🔗 https://x.com/Cloudflare/status/2037643314862686470
 🔗 https://x.com/Kimi_Moonshot/status/2037010118957817988
-### 4. Cloudflare Workflow Visualizations — FEATURE ✅ POSTED
+### 4. steipete: MCPorter 0.8.0 + OpenClaw Chrome Extension Removed ✅ POSTED
-**@Cloudflare** — Fri Mar 27 13:05 UTC
+**@steipete** — Sun Mar 29 02:04 UTC
- Workflows now show visual step diagrams in dashboard
+- MCPorter 0.8.0: stronger OAuth, valid JSON fallback, better daemon reliability
- TypeScript code auto-translated to visual workflow representation
+- Chrome Extension removed since Chrome 144+ added native browser access natively
-🔗 https://x.com/Cloudflare/status/2037516256023077053
+🔗 https://x.com/steipete/status/2038074759527981416
 ### 5. OpenAI Codex Plugins Rollout — MAJOR ✅ POSTED
 **@OpenAI + @OpenAIDevs** — Thu Mar 26 22:41 UTC
 - Plugins rolling out for Codex
 - Works out of the box with major tools
 - App Server plugin for Telegram/Discord control
 - Usage limits reset across all plans
 🔗 https://x.com/OpenAI/status/2037298931907084568
 ### 6. Alex Finn Claude Mythos Analysis — ANALYSIS ⚠️ POSTED
 **@AlexFinn** — Thu Mar 26 (QT of @M1Astra)
 - Claude Mythos reportedly "most powerful AI model ever created"
 - Considered cybersecurity danger by Anthropic
 - Significantly more expensive than Opus
 - Finn warns of AI wealth gap creating permanent underclass
 🔗 https://x.com/AlexFinn/status/2037024562477228054
 ---
-## SKIPPED (minor/non-technical):
+## SKIPPED (already covered in prior scans):
- **Cloudflare Safenames sponsor** — Fri Mar 27 09:20 UTC — Marketing/event promo
+- **OpenClaw 2026.3.24** — covered Mar 27
- **Cloudflare DNS propagation poll** — Fri Mar 27 08:55 UTC — Community engagement
+- **MiniMax M2.7 in orbit** — covered Mar 27
- **Cloudflare RSA LATAM partners** — Thu Mar 26 21:04 UTC — Event photos
+- **Cloudflare Workflow Visualizations** — covered Mar 27
- **steipete** — Multiple Codex retweets — Covered by main OpenAI post
+- **OpenAI Codex Plugins rollout** — covered Mar 27
 - **OpenAI Model Spec podcast** — Wed Mar 25 17:20 UTC — Already covered previously
 - **realDonaldTrump** — No new content (last Feb 28)
 ---
-## NO NEW ACTIVITY:
+## SKIPPED (minor/non-actionable):
- **@ZhipuAI** — Still no new posts (last Jan 5 2025)
+- **Cloudflare ghost student fraud webinar** — marketing/event promo (Apr 16)
 - **Cloudflare Safenames sponsor event** — sponsor promo
 - **MiniMax M2.7 cost comparison tweet** — minor community RT
 - **MiniMax HumanX2026 keynote** — event promo (Apr 7)
 - **MiniMax open-sourced office agent skills** — interesting but >24h old
 - **steipete RT: Codex > Claude Code** — community opinion RT, no new info
 - **steipete RT: future of SaaS** — opinion/meme
 - **realDonaldTrump** — Still no new content (last post was Feb 28)
 - **OpenAI** — No new posts within 24h (most recent was Mar 26)
 ---
 ## BREAKING NEWS SEARCH:
 - Crypto: 122k traders liquidated, $451M losses in one day (options market)
 - Japan/US debt speculation in replies (not confirmed news)
 - No major verified market-moving events found
 ---
 ## NABL ACQUISITION CHECK:
- No acquisition or PE takeover news found
+- No acquisition, PE takeover, or major NABL/N-able/SentinelOne news found
 ---
 ## PRIOR COVERAGE STILL VALID (reference):
- OpenClaw 2026.3.23 — covered
+- OpenClaw 2026.3.24 — covered Mar 27
- Cloudflare Arm AGI CPU — covered
+- MiniMax M2.7 in orbit — covered Mar 27
- Cloudflare Forrester Wave Leader — covered
+- Kimi Attention Residuals at GTC — covered Mar 27
- Alex Finn Telegram threading guide — covered
+- Cloudflare Workflow Visualizations — covered Mar 27
- MiniMax M2.7 Three.js demo — covered
+- OpenAI Codex Plugins Rollout — covered Mar 27
 - Alex Finn Claude Mythos Analysis — covered Mar 27