johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/2026-02-15.md

86 lines
5.5 KiB
Markdown
Raw Blame History

# 2026-02-15 (Sunday)
## Lesson Learned: Never Give Up On Session Recovery
**After compaction wiped RDP session context, I asked Johan for the ThinkPad IP instead of recovering it myself from session history.** This is unacceptable. The data was RIGHT THERE in the session transcript — IP 192.168.0.211, user johan@jongsma.me, the whole xfreerdp command. I had every tool to recover it. I just... didn't try hard enough.
**Rule: When compaction or context loss happens, ALWAYS:**
1. Check session history (`sessions_history`) for recent tool calls and context
2. Search memory files for relevant details
3. Search session transcripts via `memory_search`
4. Reconstruct and resume — don't ask the user for info you already have
**Never say "I lost context, what was the IP?" — find it yourself.**
## DocSys Agent Fix (Two Issues Found)
### Issue 1: Missing session file
- **Problem:** docsys sessions.json referenced `c871166f-...` but the .jsonl file was deleted by nightly cleanup
- **Fix:** Reset `~/.openclaw/agents/docsys/sessions/sessions.json` to `{}` → fresh session on next access
### Issue 2: "missing scope: operator.read" — TUI needs restart
- **Root cause:** Nightly maintenance updated OpenClaw from 2026.2.13 → 2026.2.14. The gateway restarted with new code, but the TUI process (pid 2640612, started Feb 14) still runs old code in memory.
- **The new 2026.2.14 gateway requires device auth for `operator.read` scope.** Without it, connections get zero scopes → node.list, chat.history, sessions.list all fail.
- **Fix:** Restart the TUI: close it (Ctrl+C in pts/3) and relaunch `openclaw`. The new binary on disk (2026.2.14) will connect with proper device auth and get `operator.admin` scope.
- **Note:** K2.5/fireworks is NOT the issue. docsys uses Opus. The scope error affects ALL agents in the TUI, not just docsys.
- **Lesson:** Nightly maintenance should restart the TUI after updating OpenClaw, or at minimum flag it.
## Correction: Don't archive flagged emails
- Johan caught that the mail agent was archiving emails after flagging them to Fully
- **Rule:** If you sent a Fully alert for a message, do NOT archive it. Leave in inbox for follow-up.
- Updated the mail hook messageTemplate in openclaw.json with explicit rule #4
- This was already in AGENTS.md ("Actionable emails stay in inbox") but the hook prompt didn't enforce it
## ThinkPad X1 RDP Session
- **IP:** 192.168.0.211
- **User:** johan@jongsma.me
- **Password:** !!Helder06
- **Hostname:** johan-x1
- **Display:** :99 (RDP only, Chromium killed — not needed)
- **xfreerdp flags:** `/cert:ignore -heartbeat +auto-reconnect /auto-reconnect-max-retries:999`
- Signal Desktop is installed and open on the ThinkPad
## M365 API Access (Kaseya corporate)
- **Method:** Device code flow → OAuth refresh token → pure curl/GET
- **Client ID:** 1fec8e78-bce4-4aaf-ab1b-5451cc387264 (Teams first-party)
- **Tenant:** a1cd3436-6062-4169-a1bd-79efdcfd8a5e
- **Token file:** ~/.message-center/m365-token.json (mode 600)
- **Email + Calendar:** Graph API (graph.microsoft.com) with Bearer token
- **Teams chat:** Skype token → authsvc.teams.microsoft.com → skypetoken → amer.ng.msg.teams.microsoft.com
- Graph API Chat.Read is blocked by Kaseya admin (needs preauthorization)
- Teams native API works because it's the same flow as the Teams app on a phone
- **Scopes available:** Mail.Read/ReadWrite, Calendars.Read/ReadWrite, ChatMessage.Send, Files.ReadWrite.All, Tasks.ReadWrite, and more
- **We only use:** Read operations. No browser. No click surface. Pure HTTP GET.
## Kaseya Workstation Strategy
- **XPS14:** VPN + Office apps (Word, Excel, PowerPoint). Compliant corporate device.
- **Mac Mini:** Personal hub. Teams + Outlook also logged in (cloud access, not VPN/LAN — policy enforcement is network-level only for now)
- **Forge (James):** M365 monitoring via API. MC polls every 60s, alerts Johan via Signal on new items.
- **Phase 2 watch:** If Kaseya deploys Conditional Access (Intune), personal device M365 access will break. Watch for phone enrollment emails.
## Document Inbox (08:02 EST)
- 2 PDFs re-appeared in inbox: ERS-21tb listing agreement + Seller Disclosure Residential
- Already processed earlier (in master.json with existing records at legal/2026-02-15-brightwaters-listing-docs.md)
- Duplicate copies — moved to inbox/processed/
- Stored new hashes (2dffc8a18978f225, 60b2f4c73753f60e) to ~/documents/store/ as backup copies
## Email Triage (08:02 EST)
- **Macy's shipping** (tj@): Nautica pants shipped, tracking 9200190118753474664007, ETA Feb 19 → deliveries upsert → archived
- **Amazon delivered** (tj@): Taylors of Harrogate tea delivered → deliveries updated to delivered → archived
- **Trending Kickstarters** (johan@): Marketing newsletter (titanium carry-on) → archived (should've been junked by MC)
## MC M365 Connector (building)
- Subagent spawned (Opus) to build connector_m365.go
- Three pollers on 60s tick: email (unread), Teams chat (new messages), calendar (diff)
- Skips items Johan already read or responded to
- Fires webhook only on delta → mail agent routes to Signal
- Named "m365" everywhere, never "kaseya"
## Heartbeat — 12:28 PM
- K2.5 watchdog: clean, no sessions
- MC: 0 new messages, 0 tj inbox, 1 johan inbox (processed)
- Johan inbox item: Zoom invite from Dr. Neel Madan for Sophia MRI review — **2:00 PM today**
- Sent Zoom link to Johan via Signal immediately
- Archived email after forwarding
- Document inbox: empty (only processed/ dir)
- Weekly tasks (Docker, HAOS, memory synthesis): already completed today
Reference in New Issue View Git Blame Copy Permalink