chore: auto-commit uncommitted changes
This commit is contained in:
James
parent
c913f9b789
commit
c65c54e36b
|
|
@ -258,7 +258,8 @@ Enter plan mode for ANY non-trivial task:
|
|||
- **If you summarized it, you had it** — if you reported something to Johan, you have the context to act on it. Don't ask "who is X?" about something you already triaged.
|
||||
- **Actionable emails stay in inbox** — archiving = losing reply capability. Keep emails needing follow-up in inbox until resolved.
|
||||
- **Recover context yourself after compaction** — When compaction/context loss happens: check session history, search memory files, search transcripts via memory_search. NEVER ask the user for info you already had. The data is in your files — find it.
|
||||
- **Exhaust self-recovery before escalation** — Always try: (1) `sessions_history` for recent tool calls/context, (2) search memory files, (3) `memory_search` transcripts, (4) reconstruct from available data. Only ask human for info that genuinely isn't in your systems.
|
||||
- **JSONL is the ultimate recovery source** — `sessions_history` only returns post-compaction messages. For pre-compaction content, the full raw transcript lives at `~/.clawdbot/agents/<agent>/sessions/*.jsonl`. NEVER say "that was lost in compaction" without checking it first. To read safely without blowing context: run a Python script via `exec` that tail-reads the last 400 lines, truncates each line to 2000 chars (appending `[...TRUNCATED]`), stops at 40k total chars accumulated, then reverses to chronological order. Only the printed output enters context (~10K tokens). If any lines were truncated, disclose it.
|
||||
- **Exhaust self-recovery before escalation** — Always try: (1) `memory/working-context.md` — fast path, (2) `sessions_history` for recent tool calls, (3) `memory_search` transcripts, (4) session JSONL for anything pre-compaction (see above). Only ask human for info that genuinely isn't in any of these.
|
||||
- **Never guess config changes** — Read the docs or source first. Backup the file before editing. A wrong config guess can take down a service; 30 seconds of reading prevents it.
|
||||
- **When debugging cascades, question the feature** — If you're 3+ hours into debugging a "simple" integration (SnappyMail webmail, PHP-FPM, Docker hairpin NAT), step back. Ask: "Is this feature actually needed?" Sometimes the right answer is abandonment, not persistence.
|
||||
|
||||
|
|
|
|||
8
TOOLS.md
8
TOOLS.md
|
|
@ -234,6 +234,14 @@ scripts/browser-setup.sh stop # Stop all
|
|||
- **For X.com access** — use bird instead of browser (faster, no bot detection issues)
|
||||
- **Auth:** Using @johanjongsma account
|
||||
|
||||
### James Email Identity
|
||||
- **Address:** james@jongsma.me (also james@inou.com)
|
||||
- **Password:** JamesCoS2026!
|
||||
- **IMAP:** mail.jongsma.me:993 (TLS)
|
||||
- **SMTP:** mail.jongsma.me:587 (STARTTLS)
|
||||
- **Stalwart admin:** admin / JamesAdmin2026x (http://127.0.0.1:8880 on Zurich)
|
||||
- **Use for:** Outbound email as James, direct comms with Tanya/family
|
||||
|
||||
### Proton Mail Bridge (Headless)
|
||||
- **Service:** `systemctl --user status protonmail-bridge`
|
||||
- **Account:** tj@jongsma.me (Tanya & Johan Jongsma)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,75 @@
|
|||
# 2026-02-23 Daily Notes
|
||||
|
||||
## Infrastructure Hardening Session (00:28–02:23 ET)
|
||||
|
||||
### DNS / Reverse Proxy Cleanup
|
||||
- **immich.jongsma.me** — DNS was missing (catch-all remnant). Added A record → 47.197.93.62, added Caddy block → 192.168.1.253:2283
|
||||
- **james.jongsma.me, docs.jongsma.me** — same issue, DNS gaps filled
|
||||
- **docs.jongsma.me renamed to docsys.jongsma.me** — DNS swapped, Caddy updated
|
||||
- **hass.jongsma.me** — DNS pointed to private IP 192.168.1.252 (wrong). Fixed → 47.197.93.62. Added Caddy block → 192.168.1.252:8123. Johan added trusted_proxies to HA config and rebooted. Now working (200 via Caddy).
|
||||
- **Old catch-all `*.jongsma.me` no longer exists** — all subdomains now explicitly in DNS
|
||||
|
||||
### UDM Port Forward Cleanup
|
||||
- Removed HASS (8123 direct) and immich (2283 direct) rules — both bypassed Caddy
|
||||
- Now only http (80) and https (443) forwarded to Caddy (192.168.0.2)
|
||||
- External nmap from Amsterdam (82.24.174.112) confirmed: only 80/443 open on 47.197.93.62 ✅
|
||||
|
||||
### fail2ban Hardening
|
||||
|
||||
**Home Caddy Pi (192.168.0.2):**
|
||||
- fail2ban was not installed. Ubuntu 24.04's packaged v1.0.2 broken (asynchat removed in Python 3.12). Installed v1.1.0 from GitHub source.
|
||||
- Jails: `caddy-hass` (HA auth, 5 fails→1hr), `caddy-scanner` (vuln probes, 3 hits→24hr), `immich-auth` (5 fails→1hr), `sshd`
|
||||
- Global Caddy access log: `/var/log/caddy/access.log` (was discarded before)
|
||||
- Immich-specific log: `/var/log/caddy/immich.log`
|
||||
|
||||
**Zurich (82.22.36.202):**
|
||||
- fail2ban was running with only sshd jail. Added:
|
||||
- `stalwart` — auth.failed/auth.too-many-attempts in `/opt/stalwart/logs/stalwart.log.*`; ports 25,110,143,465,587,993,995
|
||||
- `vaultwarden` — Caddy log for vault.inou.com; ports http/https
|
||||
- `caddy-kuma` — Kuma login via Caddy log
|
||||
- `caddy-scanner` — vuln probes via Caddy global access log
|
||||
- Added Caddy global access log + kuma-specific log on Zurich (was all discarded before)
|
||||
- Added vault.inou.com log block to Zurich Caddyfile
|
||||
|
||||
### Caddy Pi SSH note
|
||||
- `ssh root@caddy` triggers Tailscale auth challenge; use `ssh root@192.168.0.2` instead
|
||||
|
||||
### inou Template Fixes (portal)
|
||||
- **connect_nl.tmpl** — replaced entirely: old bridge download links (inou_bridge_win_amd64.exe, darwin) → new OAuth MCP setup (matches English connect.tmpl). Proper Dutch translation.
|
||||
- **connect_ru.tmpl** — same, proper Russian translation.
|
||||
- **install_public.tmpl** — replaced bridge install flow (Desktop Commander + manual exe download + config editing) with OAuth connector steps
|
||||
- **api-docs.txt** — was wrong: "Your token is your dossier ID (16-char hex)" — FIXED. Token is 96-char encrypted value from TokenCreate, NOT the dossier ID.
|
||||
- **Grok prompt** — "from inou.com/dashboard" changed to "from inou.com/connect (Grok tab)" — dashboard doesn't show token
|
||||
- All committed to inou master branch (commits: 432c6f8, d25725b, 715fdb9)
|
||||
|
||||
### Ahrefs Crawler Incident
|
||||
- IP 54.39.203.215 = Ahrefs SEO crawler (proxy-ca008-san215.ahrefs.net, OVH CA)
|
||||
- Was hitting `/download/inou_bridge_win_amd64.exe` (404) — link found in old connect_nl/ru templates on publicly accessible `/connect` page
|
||||
- Root cause: NL/RU templates never updated after migration to web MCP
|
||||
|
||||
### OpenClaw Update
|
||||
- 2026.2.22 released: Mistral AI support, multilingual memory, auto-updater, cron parallel runs, 40+ security fixes, stable browser extension
|
||||
- Decision pending: update or wait for stable rollout
|
||||
|
||||
### inou API Testing (Grok simulation)
|
||||
- Generated test token for dossier `1111111111111111` (Jane Doe test account) via gen_token.go pattern
|
||||
- Production DB is at `/tank/inou/data/inou.db` (not `/tank/inou/inou.db` which is 0 bytes)
|
||||
- `lib.TokenCreate` only needs CryptoInit (master.key) + dossier ID — no DB needed
|
||||
- To generate tokens: `cd /home/johan/dev/inou && go run /tmp/gentoken.go` (module name is `inou`)
|
||||
- xAI Grok API (grok-3): deprecated `search_parameters.mode` — use Agent Tools API now. Via raw API, Grok can't browse URLs (text model only). Template is for Grok web interface (grok.com).
|
||||
|
||||
### Stalwart DKIM Warning
|
||||
- Saw repeated `WARN DKIM signer not found (dkim.signer-not-found) id = "rsa-johanjongsma.nl"` in Stalwart logs
|
||||
- Not urgent but should be investigated — johanjongsma.nl may not have DKIM configured in Stalwart
|
||||
|
||||
### Port Scan from Amsterdam
|
||||
- Amsterdam VPS (82.24.174.112) used for external port scan — no Tailscale installed
|
||||
- nmap installed: `apt-get install -y nmap` on Amsterdam
|
||||
- Amsterdam is decommissioned but still running — no DNS (was removed after mail migration to Zurich)
|
||||
|
||||
|
||||
## 03:04 — Dealspace full feature build complete
|
||||
Claude Code (vivid-seaslug) worked through all 16 sections from Misha's request list.
|
||||
16 commits total, ~1hr of build time. Service restarted and verified live at port 9300.
|
||||
Notified Johan via Signal. Key additions: invite system, file upload, folder management,
|
||||
buyer-specific request lists, doc comments, per-buyer analytics, subscription page.
|
||||
Binary file not shown.
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"last_updated": "2026-02-23T05:00:01.588236Z",
|
||||
"last_updated": "2026-02-23T11:00:01.783763Z",
|
||||
"source": "api",
|
||||
"session_percent": 0,
|
||||
"session_resets": null,
|
||||
"weekly_percent": 22,
|
||||
"weekly_resets": "2026-02-28T19:00:00.557934+00:00",
|
||||
"sonnet_percent": 26
|
||||
"session_percent": 4,
|
||||
"session_resets": "2026-02-23T15:00:00.738074+00:00",
|
||||
"weekly_percent": 27,
|
||||
"weekly_resets": "2026-02-28T19:00:00.738094+00:00",
|
||||
"sonnet_percent": 29
|
||||
}
|
||||
|
|
@ -14,6 +14,6 @@
|
|||
"lastDocInbox": "2026-02-20T14:30:00.000Z",
|
||||
"lastTechScan": "2026-02-22T15:55:54.305561Z",
|
||||
"lastMemoryReview": "2026-02-22T01:03:37.069142Z",
|
||||
"lastIntraDayXScan": "2026-02-23T03:32:00.000000+00:00",
|
||||
"lastIntraDayXScan": "2026-02-23T09:54:43.000000+00:00",
|
||||
"lastInouSuggestion": "2026-02-22T14:30:55.694675+00:00"
|
||||
}
|
||||
Loading…
Reference in New Issue