diff --git a/memory/2026-02-19.md b/memory/2026-02-19.md
new file mode 100644
index 0000000..518a696
--- /dev/null
+++ b/memory/2026-02-19.md
@@ -0,0 +1,58 @@
+# 2026-02-19
+
+## SSH Keys Added
+- `johanjongsma@Johans-MacBook-Pro.local` → forge authorized_keys (via control UI, ~23:13)
+- `johan@thinkpad-x1` → forge authorized_keys (via Telegram, ~23:34)
+- ThinkPad X1 confirmed: 2019 model, Ubuntu 24.04 desktop, IP 192.168.0.223 (WiFi)
+- james@forge key added to ThinkPad X1 authorized_keys via Claude Code on X1
+- SSH from forge to ThinkPad X1 working: `ssh johan@192.168.0.223`
+
+## Go Environment Recovery (rogue agent incident)
+- Rogue agent at 23:30 installed golang-go (1.22.2) via apt, shadowing /usr/local/go (1.23.6)
+- Also installed libgtk-3-dev + libwebkit2gtk-4.1-dev (Wails deps) + wails binary to ~/go/bin
+- **Fixed:** Removed golang-go apt packages, fixed PATH in ~/.bashrc to put /usr/local/go/bin at FRONT
+- Go 1.23.6 active from /usr/local/go — verified in fresh shell
+- wails binary still in ~/go/bin — Johan's call whether to keep
+- message-bridge/go.mod says "go 1.25.6" — pre-existing bug, not rogue agent
+
+## Win Alerts Fix
+- Kaseya win alerts (winalert@kaseya.com) were hitting Fully dashboard
+- Fixed in connector_m365.go: added `silentSenders` blocklist filter before postFullyAlert
+- Suppressed: winalert@, lostalert@, standard.instrumentation@kaseya.com, noreply@salesforce.com
+- Committed b408ebc to mc-unified, mail-bridge restarted
+
+## ThinkPad X1 SSH Setup
+- CC on ThinkPad ran: installed openssh-server, enabled SSH, added james@forge key
+- IP confirmed: 192.168.0.223 (WiFi), was 192.168.0.211 in old notes
+
+## Vaultwarden Saga (BIG one)
+**Root cause chain:**
+1. I (previous session) added HSTS `includeSubDomains; preload` to home Caddy for inou.com
+2. This caused Chrome to hard-enforce HSTS for ALL *.inou.com subdomains
+3. Stalwart was set up on Zurich Feb 17 and claimed port 443
+4. Caddy was NEVER on Zurich — my memory notes documented a plan, not reality
+5. vault.inou.com DNS → Zurich → Stalwart served mail.inou.com cert → wrong cert → HSTS block
+
+**What Johan did:** Asked "vault.jongsma.me or vault.inou.com?" — I said vault.inou.com (wrong). He tried to upload passwords but Stalwart rejected the Bitwarden API calls. Passwords did NOT get saved anywhere.
+
+**Passwords:** Still safe in Proton Pass (not deleted).
+
+**What was actually deployed:** NOTHING — Vaultwarden was never running anywhere.
+
+**Final resolution:**
+- vault.jongsma.me → Zurich (82.24.174.112) specific DNS A record created in Cloudflare
+- Caddy on Zurich handles vault.jongsma.me → 127.0.0.1:8222 (Vaultwarden)
+- Vaultwarden running: /opt/vaultwarden/ with data at /opt/vaultwarden/data/
+- Admin token: gFUzyxPCGLkTAx4DnuiWXr+yA5Q8YXWeCEIYG9XDkDU=
+- **TODO:** Johan needs to create account + import from Proton Pass + I disable SIGNUPS_ALLOWED
+
+**Zurich Caddy config now serves:**
+- vault.jongsma.me → Vaultwarden (127.0.0.1:8222)
+- mail.inou.com, mail.jongsma.me → Stalwart (127.0.0.1:8443, TLS)
+
+**Stalwart:** Moved HTTPS from public 0.0.0.0:443 to 127.0.0.1:8443. Mail ports (25/587/465/143/993/995) still public.
+
+## Supermemory Discussion
+- OpenRouter followed @supermemory — Johan asked if we should reconsider
+- Decision: PASS for now. Privacy blocker (our memory has Sophia's medical data etc.)
+- If they get self-hosted option, worth revisiting for inou specifically
diff --git a/memory/claude-usage.db b/memory/claude-usage.db
index 5e07ee8..a7184fd 100644
Binary files a/memory/claude-usage.db and b/memory/claude-usage.db differ
diff --git a/memory/claude-usage.json b/memory/claude-usage.json
index f590b12..507f355 100644
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-02-19T11:00:01.779033Z",
+  "last_updated": "2026-02-19T11:02:19.877191Z",
   "source": "api",
   "session_percent": 0,
-  "session_resets": null,
+  "session_resets": "2026-02-19T16:00:00.843006+00:00",
   "weekly_percent": 73,
-  "weekly_resets": "2026-02-21T18:59:59.741482+00:00",
-  "sonnet_percent": 34
+  "weekly_resets": "2026-02-21T18:59:59.843028+00:00",
+  "sonnet_percent": 35
 }
\ No newline at end of file
diff --git a/memory/vaultwarden-credentials.md b/memory/vaultwarden-credentials.md
index 327d8bf..33c3c3a 100644
--- a/memory/vaultwarden-credentials.md
+++ b/memory/vaultwarden-credentials.md
@@ -1,21 +1,25 @@
-# Vaultwarden Credentials (Zurich)
+# Vaultwarden (Zurich)
 
-**URL:** https://vault.inou.com
-**Admin Panel:** https://vault.inou.com/admin
+**URL:** https://vault.jongsma.me
+**Admin Panel:** https://vault.jongsma.me/admin
 **Admin Token:** gFUzyxPCGLkTAx4DnuiWXr+yA5Q8YXWeCEIYG9XDkDU=
-**Backup Passphrase:** o7j5xuGBpf0cyv0dXR25JB/hc6x5k1Zuq6UhIhiniaI=
-**Data Dir:** /opt/vaultwarden/data
+**Data Dir:** /opt/vaultwarden/data (on Zurich: 82.24.174.112)
 **Compose:** /opt/vaultwarden/docker-compose.yml
-**Backup Script:** /opt/vaultwarden/backup.sh (daily 3AM via cron)
-**Backups:** /opt/vaultwarden/backups/ (30 day retention)
+**Caddy:** /etc/caddy/Caddyfile on Zurich
+
+## Status
+- Live as of 2026-02-19
+- SIGNUPS_ALLOWED=true (disable after Johan creates account)
+- Johan has NOT yet created account or imported Proton Pass passwords
 
 ## TODO
-- [ ] Configure rclone for Google Drive (needs OAuth browser auth - Johan must run `rclone config` on Zurich)
-- [ ] Disable signups after Johan creates his account (set SIGNUPS_ALLOWED=false in docker-compose.yml)
+- [ ] Johan creates account at https://vault.jongsma.me
+- [ ] Export from Proton Pass (Settings → Export → Bitwarden JSON)
+- [ ] Import into Vaultwarden
+- [ ] Set SIGNUPS_ALLOWED=false in /opt/vaultwarden/docker-compose.yml → docker compose up -d
+- [ ] Set up rclone backup to GDrive (needs OAuth browser auth on Zurich)
 
-## Stalwart Mail Admin
-**URL:** https://mail.inou.com (admin panel)
-**Admin user:** admin
-**Admin password:** agolM71pOwZBJhggROBDkn8R
-**Config:** /opt/stalwart-mail/etc/config.toml
-**Note:** Temp password `Temp@dmin2026!` was used during 2026-02-18 session; replaced with above
+## History
+- Deployed 2026-02-19 after long saga (Stalwart taking port 443, HSTS blocking, etc.)
+- vault.inou.com was broken — now using vault.jongsma.me
+- vault.jongsma.me A record in Cloudflare → 82.24.174.112 (Zurich, overrides *.jongsma.me wildcard)