From f6a4d06c83e2a27411d51cbb15d87f3597e61b33 Mon Sep 17 00:00:00 2001 From: James Date: Sun, 22 Feb 2026 09:01:51 -0500 Subject: [PATCH] Weekly memory synthesis: Feb 16-22, 2026 infrastructure consolidation --- AGENTS.md | 1 + MEMORY.md | 65 ++++++++++++++++++++------------- memory/claude-usage.db | Bin 40960 -> 40960 bytes memory/claude-usage.json | 10 ++--- memory/updates/2026-02-22.json | 20 ++++++++++ 5 files changed, 66 insertions(+), 30 deletions(-) create mode 100644 memory/updates/2026-02-22.json diff --git a/AGENTS.md b/AGENTS.md index b159eff..b73ad47 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -260,6 +260,7 @@ Enter plan mode for ANY non-trivial task: - **Recover context yourself after compaction** — When compaction/context loss happens: check session history, search memory files, search transcripts via memory_search. NEVER ask the user for info you already had. The data is in your files — find it. - **Exhaust self-recovery before escalation** — Always try: (1) `sessions_history` for recent tool calls/context, (2) search memory files, (3) `memory_search` transcripts, (4) reconstruct from available data. Only ask human for info that genuinely isn't in your systems. - **Never guess config changes** — Read the docs or source first. Backup the file before editing. A wrong config guess can take down a service; 30 seconds of reading prevents it. +- **When debugging cascades, question the feature** — If you're 3+ hours into debugging a "simple" integration (SnappyMail webmail, PHP-FPM, Docker hairpin NAT), step back. Ask: "Is this feature actually needed?" Sometimes the right answer is abandonment, not persistence. **Plan includes verification:** Use plan mode for verification steps too, not just building. "How will I prove this works?" is part of the plan. diff --git a/MEMORY.md b/MEMORY.md index d37e4ac..ea2954e 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -1,6 +1,6 @@ # MEMORY.md - Long-Term Memory -*Last updated: 2026-02-22 (weekly synthesis — Sun 05:00 ET)* +*Last updated: 2026-02-22 (weekly synthesis — Sun 09:00 ET)* --- ## ⏰ JOHAN'S SCHEDULE (US EASTERN) — MEMORIZE THIS! @@ -165,13 +165,10 @@ Two patches must be reapplied to `dist/` files after each OpenClaw update: 1. **Scope preservation** (`dist/gateway-cli-DbznSfRg.js`): `if (scopes.length > 0)` → `if (scopes.length > 0 && !disableControlUiDeviceAuth)` — prevents `dangerouslyDisableDeviceAuth` from clearing scopes 2. **Deleted transcript indexing** (`dist/sqlite-C54NeA1C.js`): `.filter((name) => name.endsWith(".jsonl"))` → add `|| name.includes(".jsonl.deleted.")` — makes memory_search find old sessions -### ✅ sessions_spawn Scope Issue — AUTOMATED (Feb 22) -`operator.write+read` scopes were stripped from device-auth.json on every gateway restart. -**Fixed:** `oc-scope-watchdog.service` runs continuously, restores scopes within 30s of any restart. -- Service: `systemctl --user status oc-scope-watchdog` -- Script: `~/clawd/scripts/scope-watchdog.py` -- Enabled on boot via `default.target.wants/` -No manual intervention needed anymore. +### ⚠️ sessions_spawn — Partially Fixed (Feb 22) +**Scope stripping FIXED:** `oc-scope-watchdog.service` auto-restores `operator.write+read` within 30s of gateway restart. + +**Bind issue REMAINS:** Gateway rejects `ws://192.168.1.16:18789` (non-loopback). Subagent spawning from conversation sessions fails with "pairing required" (1008). Cron jobs work (internal). Needs: `wss://` or local tunnel fix. ### Network - Home lab behind UDM-Pro + Caddy @@ -414,11 +411,17 @@ Automated document processing pipeline for scanned paperwork. ### Stalwart — Key Gotchas (Feb 18-22) - Account `name` field must equal the login username — not automatically derived from `emails` field - PATCH endpoint is broken in v0.15.5 — use DELETE + POST for account updates -- Stalwart v0.15.5 has NO user webmail — only admin panel. All popular self-hosted webmail is PHP. +- **NO user webmail** — admin panel only (port 8880). All popular self-hosted webmail (Roundcube, SnappyMail) is PHP and painful to integrate. - YAML `!` at start of value = YAML tag indicator — passwords starting with `!` must be quoted - systemd EnvironmentFile: `!` in values also needs quoting - Admin API: port 8880, `admin:agolM71pOwZBJhggROBDkn8R` via HTTP Basic at `http://127.0.0.1:8880/api/principal` +### DNS Debugging — AdGuard Rewrite Rules (Feb 22) +- Home DNS is **AdGuard Home** (not just HA at 192.168.1.252) +- DNS rewrites (Filters → DNS rewrites) override cache AND external resolution +- Cache flush alone won't fix issues if a rewrite rule exists +- Check AdGuard UI directly when DNS changes don't propagate as expected + ### Family Stalwart Account Logins (as of Feb 21) - **tj@jongsma.me**: username `tj`, pw `!Lekker69` - **johan@jongsma.me**: username `johan`, pw `!!Lekker69` @@ -439,12 +442,13 @@ Automated document processing pipeline for scanned paperwork. ## Todo / Open Items ### 🔴 Urgent (This Week — as of Feb 22) -- [ ] **jongsma.me domain transfer** — EXPIRES 2026-02-28 (6 days!). Unlock at OpenProvider, get auth code, initiate transfer at Cloudflare. Transfers take 5-7 days. Window is CRITICAL. +- [ ] **jongsma.me domain transfer** — EXPIRES 2026-02-28 (6 days!). Unlock at OpenProvider, get auth code, initiate at Cloudflare. Transfers take 5-7 days. Window is CRITICAL. - [ ] **Azure Files Backup:** `az login` MFA with Johan — free account expires ~Feb 27 (5 days!). Need Johan for MFA. - [ ] **HostKey Amsterdam cancellation** — API returned "being cancelled" but Johan must manually confirm: https://panel.hostkey.com/controlpanel.html?key=639551e73029b90f-c061af4412951b2e (server ID: 53643) - [ ] **stpetersburgaquatics.com** — expires 2026-03-13. Transfer or renew. - [ ] **Uptime Kuma monitors** — 8 monitors lost in Zurich rebuild. Rebuild when Johan confirms. - [ ] **Verizon bill** — $343.80 due March 4, 2026. Enroll Auto-Pay to save $30/mo. +- [ ] **sessions_spawn fix** — subagent spawning from conversation sessions broken (1008 error). Needs wss:// or tunnel. ### 🟡 Active (Johan Action Needed) - [ ] **Vaultwarden:** Johan creates account at vault.jongsma.me → export Proton Pass → import. Then set SIGNUPS_ALLOWED=false. @@ -462,10 +466,9 @@ Automated document processing pipeline for scanned paperwork. - [ ] inou Mobile: Content at inou.com/app for WebView - [ ] AdventHealth MFA enrollment (Johan action) - [ ] HAOS SSH key authorization (forge → 192.168.1.252) -- [ ] Fish Audio S1 TTS persistent service on forge (currently ad-hoc python http server) - [ ] rclone backup for Vaultwarden (needs browser OAuth on Zurich) - [ ] BlueBubbles on Mac Mini M4 (deferred) -- [ ] sessions_spawn from conversation sessions still broken (pairing required 1008 error) — cron jobs work +- [ ] Evaluate MiniMax M2.5 as K2.5 replacement for grunt-work subagents ## Weekly Synthesis Insights (Feb 9-15, 2026) @@ -817,26 +820,38 @@ Shannon's successful deployment and scan completion demonstrates security toolin --- -## Weekly Insights (Feb 15-22, 2026) +## Weekly Synthesis — Feb 16-22, 2026 -### 🏗️ Infrastructure Stability After Massive Build Week -This week completed a multi-week infrastructure overhaul: Proton → Stalwart email, Amsterdam → Zurich migration, family onboarding to Signal+email. The Zurich rebuild (Feb 19) was reactive (broken services) but successfully consolidated everything: Caddy, Stalwart, Vaultwarden, ntfy, Uptime Kuma all running on one VPS with proper Caddy TLS. +### 🏗️ Infrastructure: The Great Consolidation +Completed a 3-week migration arc: Proton Mail → Stalwart (self-hosted), Amsterdam VPS → Zurich, family Signal/email onboarding. Feb 19 overnight Zurich rebuild was messy but successful — Caddy, Stalwart, Vaultwarden, ntfy, Kuma all consolidated with proper TLS. -**Pattern:** Large migrations always reveal broken assumptions. The Amsterdam→Zurich move found that Zurich Caddy wasn't installed, that Stalwart had claimed port 443, and that HSTS from home Caddy blocked vault.inou.com. Each discovery was solved rather than worked around. +**Key insight:** Large migrations expose phantom infrastructure. Zurich "had" Caddy (in notes) but didn't. Stalwart claimed port 443. Home Caddy's HSTS blocked vault.inou.com. Fixed at source, not worked around. -### 🔄 Heartbeat Architecture Evolution -The Feb 18 heartbeat redesign solved a real problem: main session pinging every 30 min → 148k tokens/check burn. Solution: isolated cron sessions with minimal context. The principle extends to a general rule: **main session is for conversations, not background tasks**. +### 🔄 Architecture: Sessions Are Not Free +Feb 18 heartbeat redesign cut token burn 90%+: 148k tokens/check → ~5k. Principle: **main session is for conversations, not background work**. Isolated cron sessions with minimal context, subagents for anything parallel. -### 🎵 Voice Infrastructure Unlocked -Fish Audio S1 TTS + Fully Kiosk media_player pipeline is now validated. Johan picked Adrian voice. The capability is there for proactive announcements, intercom-style alerts, Russian voice for in-laws. The gap: need a persistent TTS service (not ad-hoc python http server) and Tanya's buy-in before home-wide deployment. +### 🎵 Voice: Infrastructure Validated, Awaiting Go-Live +Fish Audio S1 (Adrian voice) → mp3 → Fully Kiosk tablets pipeline proven. Office tablet reliable; master bedroom needs Fully REST. Blocker: Tanya buy-in before home-wide deployment. Persistent TTS service needed (not ad-hoc Python server). -### 📊 AI Model Landscape Shift -MiniMax M2.5 (Feb 20) dominates OpenRouter rankings. 230B MoE, 80.2% SWE-Bench, 1/20th Opus cost. Four of top 5 OpenRouter models are now open-weight. The gap between proprietary and open-weight is closing fast. **Actionable:** evaluate as K2.5 replacement for grunt-work subagents. +### 📊 Models: The Open-Weight Surge +MiniMax M2.5 (230B MoE, 80.2% SWE-Bench, ~$1/hr) dominates OpenRouter. 4 of top 5 models now open-weight. Gap vs proprietary closing fast. AirLLM proved forge's GTX 970 runs 70B at ~6s/tok via layer offloading — local medical analysis now viable. -AirLLM (Feb 21) proved forge's GTX 970 can run 70B models at ~6-8s/tok via layer offloading. Quietly significant for private medical document analysis where data must stay local. +### ⚠️ Risk: OpenClaw Auth = OAuth Max Subscription +Claude Max OAuth token means Anthropic could cancel Johan's subscription. Decision pending: API key switch, OpenRouter, or accept risk. Worth resolving before outage. -### ⚠️ OpenClaw Auth Risk — Unresolved -Johan is using Claude Max OAuth token, not API key. Anthropic may cancel the Max subscription if they detect OpenClaw use. This is a pending decision with real consequence. Worth resolving before it becomes an outage. +### 🛠️ Pattern: "It Should Not Be This Complicated" +SnappyMail webmail deployment: 4 hours debugging PHP-FPM, Docker hairpin NAT, SSL timeouts. Johan killed it — correctly. When debugging cascades, step back and question if the feature is needed. Stalwart has no user webmail; native clients (iPhone Mail) are fine. + +### 📝 Technical Debt: sessions_spawn Still Broken +Gateway security rejects ws://192.168.1.16 (non-loopback). Cron jobs work (internal), but conversation-session subagent spawning fails with "pairing required" (1008). Watchdog service fixes scope stripping, but bind/SSL issue remains. TODO: wss:// or local tunnel. + +### 👨‍👩‍👧 Family Systems: Operational +- Signal: Roos ✅, Jacques ✅, Misha ⏳ (pairing pending) +- Stalwart email: All 5 family accounts live. Login inconsistency: tj/johan use short names, Jacques/Roos use full email. Don't change without coordinating active clients. +- Telegram: @jamesjongsma_bot primary channel since Feb 18. + +### 🎯 New Project: Dealspace (Misha's M&A Data Room) +Go + templ + HTMX + SQLite. Production auth, view toggle (owner↔buyer), Atlas AI integration. http://192.168.1.16:9300. No public domain yet. Architecture: inou pattern (RBAC bitmask, entries table, AES-256-GCM files). --- diff --git a/memory/claude-usage.db b/memory/claude-usage.db index fa76683623ce662be7a642d2a2592fc37bd34491..dd26d43726ebe1a24828f9f8ddac064b134018c7 100644 GIT binary patch delta 238 zcmZoTz|?SnX@WFk=tLQ3#?Xxk^Ys~nHyN-5FvqfVO=fS{%EoevWfe=;#>NxO39?PW zYz(H1jEqJGMrOJOM!H5uA%@0Q21ZtfhEW1?BC<_EnDRy-c>{|mekq`QAf~(_Sl&E} zPf%p@s}?D4<|3Ay$?OyEPhL>Kwz08+d2&J_j}x**jKPx3rcB6AfLXy9gf0U!oH20o It|@NZ0N}4Vl>h($ delta 63 zcmV-F0Kor%zyg540+1U4Qjr`(0aCGGpDzJWvM>Zt16l;?lLvscv4JiGv+9Hz3j=Qi Vx|0Wx-?4$z1CwBJ470|RIt$c=7xVxC diff --git a/memory/claude-usage.json b/memory/claude-usage.json index b00c57a..3aa0e8a 100644 --- a/memory/claude-usage.json +++ b/memory/claude-usage.json @@ -1,9 +1,9 @@ { - "last_updated": "2026-02-22T11:00:01.919798Z", + "last_updated": "2026-02-22T14:00:01.371829Z", "source": "api", - "session_percent": 16, - "session_resets": "2026-02-22T13:59:59.889182+00:00", - "weekly_percent": 14, - "weekly_resets": "2026-02-28T18:59:59.889199+00:00", + "session_percent": 0, + "session_resets": null, + "weekly_percent": 16, + "weekly_resets": "2026-02-28T19:00:00.346050+00:00", "sonnet_percent": 20 } \ No newline at end of file diff --git a/memory/updates/2026-02-22.json b/memory/updates/2026-02-22.json new file mode 100644 index 0000000..0931968 --- /dev/null +++ b/memory/updates/2026-02-22.json @@ -0,0 +1,20 @@ +{ + "date": "2026-02-22", + "timestamp": "2026-02-22T09:00:01-05:00", + "openclaw": { + "before": "2026.2.21-2", + "latest": "2026.2.21-2", + "updated": false + }, + "claude_code": { + "before": "2.1.50", + "latest": "2.1.50", + "updated": false + }, + "os": { + "available": "0\n0", + "updated": false, + "packages": [] + }, + "gateway_restarted": false +} \ No newline at end of file