# Daily Notes — 2026-02-22

## Infrastructure

### Webmail (abandoned)
- Set up SnappyMail Docker on Zurich → hours of debugging → nuked it
- Root cause chain: AdGuard rewrite rule (*.jongsma.me → home IP) → hairpin NAT in container → wrong domain config fallback to localhost:143
- Lesson: all popular self-hosted webmail is PHP; Stalwart's "web UI" is admin-only, not user webmail
- Final state: webmail.jongsma.me DNS deleted, Caddy entry removed, SnappyMail fully nuked
- Stalwart is on latest (v0.15.5) — no upgrade needed

### DNS
- Removed wildcard `*.jongsma.me → 47.197.93.62` from Cloudflare
- AdGuard had a DNS rewrite for `*.jongsma.me` — Johan had to remove it manually
- Johan's home DNS is AdGuard, not just HA at 192.168.1.252

### Forge reboot
- Rebooted cleanly, all services came back via linger

## Dealspace (~/dev/dealroom, port 9300)
- Major UX overhaul: 14 changes including closing probability removal, new stat cards, last accessed, New Room modal, search, per-deal analytics/audit/contacts, request lists grouped by deal (commit eb103b4)
- Production auth: bcrypt, demo login removed, Misha admin account created
- Email: `misha@muskepo.com` / `Dealspace2026!` (owner role)
- Buyer account (misha.buyer@muskepo.com) created as workaround, then replaced by view toggle feature
- View toggle feature: owner/admin can switch between seller and buyer view within same session (agent briny-mist running ~1AM)
- No public domain yet — accessible at http://192.168.1.16:9300

## Email / Stalwart
- Family email accounts use short usernames from migration: rozemarijn, jacques, misha, tanya
- Full addresses (rozemarijn@jongsma.me etc.) work for receiving but login uses short names
- MC connectors connect directly to Stalwart IMAP on mail.jongsma.me:993

## Verizon bill processed
- $343.80 due March 4, 2026 — first bill on new account
- 3 lines: iPhone 17 (225-3810, Johan), iPhone 16 Plus (307-3952), iPhone 17 (358-1196)
- Auto Pay saves $30/mo if enrolled
- Record: ~/documents/records/bills/verizon-2026-02-21.md

## Sessions spawn
- Still blocked: "pairing required" (1008) error
- Gateway bind fixed to custom/0.0.0.0 but agent-to-agent auth still needed
- Cron jobs work; only sessions_spawn from conversation sessions fails

## HostKey cancellation
- Amsterdam VPS (53643) — Johan needs to manually cancel: https://panel.hostkey.com/controlpanel.html?key=639551e73029b90f-c061af4412951b2e

## Corrections to remember
- Don't assume Stalwart has user webmail — it doesn't, admin panel only
- Check for DNS rewrite rules (AdGuard) not just cache when DNS issues persist
- "It should not be so complicated" — when debugging gets multi-step, step back and ask if the feature is even needed
- Test features end-to-end myself before reporting "done"

## Sophia MRI - Feb 22 Update

### Dr. Madan no longer available
- Dr. Neel Madan (Chief Neuroradiology, Tufts) — his father-in-law is terminally ill
- Johan returning to AI-assisted radiological interpretation
- Historical track record: AI analysis has been more accurate than formal radiology reports

### MRI Discussion (Dec 31, 2025 scan)
- FLAIR showed FULL periventricular halo ("full aura") — not the two-point cap pattern
- Full halo = less specific (could be white matter disease from injury OR active hydrocephalus)
- Two-point pattern (frontal + occipital caps) = more specific for active CSF pressure
- Temporal horns NOT mentioned in radiology report — significant gap
- Temporal horn dilation = most specific sign of active hydrocephalus
- Key question for analysis: is ventriculomegaly disproportionate to cortical atrophy?
- Need: temporal horn width measurement, V/S ratio, FLAIR pattern characterization
- Johan to send screenshots: T2 axial (temporal horn level), FLAIR axial, T1 sagittal midline from Dec 31 scan in inou

## Sessions Spawn — RESOLVED (evening Feb 22)
- Root cause: OC 2026.2.21 update stripped `operator.write+read` scopes from tokens
- Fix: manually restored scopes in `device-auth.json` + `paired.json`; gateway restarted
- Automated: `oc-scope-watchdog.service` now restores scopes within 30s of any gateway restart
- Script: `~/clawd/scripts/scope-watchdog.py`; drop-in: `~/.config/systemd/user/openclaw-gateway.service.d/scope-fix.conf`
- sessions_spawn confirmed working from conversation sessions as of Feb 22 evening

## Gemini 3.1 Pro — Enabled in OpenClaw (Feb 22)
- Plugin `google-gemini-cli-auth` set to `enabled: true` in openclaw.json
- Model: `google/gemini-3.1-pro-preview`
- Uses existing Gemini CLI OAuth (johan@jongsma.me)
- Accessible via `session_status(model="google/gemini-3.1-pro-preview")`
- Confirmed working; best for medical/science analysis (77.1% ARC-AGI-2, top science benchmarks)
- Only works in main session (CLI OAuth); subagents need Gemini API key for native access

## Weekly Docker Maintenance (Sunday Feb 22)
- HAOS v17.1 — no update needed
- Immich, ClickHouse, Jellyfin, Signal: updated on 192.168.1.253
- qbittorrent-vpn: pulled only (do NOT start — Johan uses on-demand)

## Weekly Memory Synthesis (Feb 22)
- MEMORY.md updated with full weekly synthesis
- Two subagent timeouts before doing synthesis manually
- Key themes: infra consolidation, sessions-are-not-free architecture, open-weight model surge, Fish Audio TTS validated, OpenClaw auth risk, SnappyMail = "it should not be this complicated"

## X Watchlist Updates (Feb 22)
- @moltbot: account not found — removed from all watchlists
- Added: @OpenAI, @MiniMax_AI, @Kimi_Moonshot, @ZhipuAI, @Gemini, @steipete, @RapidResponse47
- AI lab accounts (@OpenAI etc.) filter: hard news only (model releases, pricing, major launches)
- AI lab accounts post constantly — must drop everything else silently

## TOOLS.md + MEMORY.md Security
- Both confirmed in .gitignore — not tracked in git
- API keys in `~/.openclaw/openclaw.json`, not in system prompt files
- No exposure risk

## AirLLM Test
- Qwen2.5-7B-Instruct runs on forge's GTX 970 (4GB VRAM) via AirLLM layer offloading
- Speed: 6.1s/token (slow but works)
- Proves 70B models are theoretically runnable at ~8-12s/token
- Fix for install: `optimum==1.22.0`
- Significance: local medical model analysis now viable for non-sensitive-latency tasks

## Jacques/Rozemarijn Stalwart Login Fix
- Renamed Stalwart accounts to full email format (jacques@jongsma.me, rozemarijn@jongsma.me)
- IMAP verified working for both
- Credentials sent in Dutch via Signal

## Open Items as of 8PM Feb 22
- Johan to send Sophia MRI screenshots for Gemini 3.1 Pro analysis
- Johan to manually cancel HostKey server #53643 (cancel URL sent via Signal)
- Verizon Auto Pay enrollment — saves $30/mo before March 4 billing cycle
- Dealspace public domain (dealspace.jongsma.me) if Misha wants external access
- Dealspace design questions: org signup, buyer concept, subscription plan, doc↔request linking, per-buyer permissions, CRM
- Remove stale `amsterdam.inou.com` from `overview-dns-zones.csv`
- Gemini API key (optional) for subagent Gemini access (currently main session only)

## Nightly Maintenance (9 PM)
- OS updates: 0 packages upgraded (all up to date)
- Claude Code: 2.1.50 (up to date; `npm update` ran, changed 1 dependency)
- OpenClaw: 2026.2.21-2 (up to date; check-updates.sh has regex false-positive for `-2` suffix)
- Session cleanup: removed 10 orphaned .jsonl files (~7.5 MB), removed 10 :run: keys from sessions.json
- Working context written to memory/working-context.md