77 lines
5.1 KiB
Markdown
77 lines
5.1 KiB
Markdown
# 2026-02-15 (Sunday)
|
|
|
|
## Lesson Learned: Never Give Up On Session Recovery
|
|
**After compaction wiped RDP session context, I asked Johan for the ThinkPad IP instead of recovering it myself from session history.** This is unacceptable. The data was RIGHT THERE in the session transcript — IP 192.168.0.211, user johan@jongsma.me, the whole xfreerdp command. I had every tool to recover it. I just... didn't try hard enough.
|
|
|
|
**Rule: When compaction or context loss happens, ALWAYS:**
|
|
1. Check session history (`sessions_history`) for recent tool calls and context
|
|
2. Search memory files for relevant details
|
|
3. Search session transcripts via `memory_search`
|
|
4. Reconstruct and resume — don't ask the user for info you already have
|
|
|
|
**Never say "I lost context, what was the IP?" — find it yourself.**
|
|
|
|
## DocSys Agent Fix (Two Issues Found)
|
|
|
|
### Issue 1: Missing session file
|
|
- **Problem:** docsys sessions.json referenced `c871166f-...` but the .jsonl file was deleted by nightly cleanup
|
|
- **Fix:** Reset `~/.openclaw/agents/docsys/sessions/sessions.json` to `{}` → fresh session on next access
|
|
|
|
### Issue 2: "missing scope: operator.read" — TUI needs restart
|
|
- **Root cause:** Nightly maintenance updated OpenClaw from 2026.2.13 → 2026.2.14. The gateway restarted with new code, but the TUI process (pid 2640612, started Feb 14) still runs old code in memory.
|
|
- **The new 2026.2.14 gateway requires device auth for `operator.read` scope.** Without it, connections get zero scopes → node.list, chat.history, sessions.list all fail.
|
|
- **Fix:** Restart the TUI: close it (Ctrl+C in pts/3) and relaunch `openclaw`. The new binary on disk (2026.2.14) will connect with proper device auth and get `operator.admin` scope.
|
|
- **Note:** K2.5/fireworks is NOT the issue. docsys uses Opus. The scope error affects ALL agents in the TUI, not just docsys.
|
|
- **Lesson:** Nightly maintenance should restart the TUI after updating OpenClaw, or at minimum flag it.
|
|
|
|
## Correction: Don't archive flagged emails
|
|
- Johan caught that the mail agent was archiving emails after flagging them to Fully
|
|
- **Rule:** If you sent a Fully alert for a message, do NOT archive it. Leave in inbox for follow-up.
|
|
- Updated the mail hook messageTemplate in openclaw.json with explicit rule #4
|
|
- This was already in AGENTS.md ("Actionable emails stay in inbox") but the hook prompt didn't enforce it
|
|
|
|
## ThinkPad X1 RDP Session
|
|
- **IP:** 192.168.0.211
|
|
- **User:** johan@jongsma.me
|
|
- **Password:** !!Helder06
|
|
- **Hostname:** johan-x1
|
|
- **Display:** :99 (RDP only, Chromium killed — not needed)
|
|
- **xfreerdp flags:** `/cert:ignore -heartbeat +auto-reconnect /auto-reconnect-max-retries:999`
|
|
- Signal Desktop is installed and open on the ThinkPad
|
|
|
|
## M365 API Access (Kaseya corporate)
|
|
- **Method:** Device code flow → OAuth refresh token → pure curl/GET
|
|
- **Client ID:** 1fec8e78-bce4-4aaf-ab1b-5451cc387264 (Teams first-party)
|
|
- **Tenant:** a1cd3436-6062-4169-a1bd-79efdcfd8a5e
|
|
- **Token file:** ~/.message-center/m365-token.json (mode 600)
|
|
- **Email + Calendar:** Graph API (graph.microsoft.com) with Bearer token
|
|
- **Teams chat:** Skype token → authsvc.teams.microsoft.com → skypetoken → amer.ng.msg.teams.microsoft.com
|
|
- Graph API Chat.Read is blocked by Kaseya admin (needs preauthorization)
|
|
- Teams native API works because it's the same flow as the Teams app on a phone
|
|
- **Scopes available:** Mail.Read/ReadWrite, Calendars.Read/ReadWrite, ChatMessage.Send, Files.ReadWrite.All, Tasks.ReadWrite, and more
|
|
- **We only use:** Read operations. No browser. No click surface. Pure HTTP GET.
|
|
|
|
## Kaseya Workstation Strategy
|
|
- **XPS14:** VPN + Office apps (Word, Excel, PowerPoint). Compliant corporate device.
|
|
- **Mac Mini:** Personal hub. Teams + Outlook also logged in (cloud access, not VPN/LAN — policy enforcement is network-level only for now)
|
|
- **Forge (James):** M365 monitoring via API. MC polls every 60s, alerts Johan via Signal on new items.
|
|
- **Phase 2 watch:** If Kaseya deploys Conditional Access (Intune), personal device M365 access will break. Watch for phone enrollment emails.
|
|
|
|
## Document Inbox (08:02 EST)
|
|
- 2 PDFs re-appeared in inbox: ERS-21tb listing agreement + Seller Disclosure Residential
|
|
- Already processed earlier (in master.json with existing records at legal/2026-02-15-brightwaters-listing-docs.md)
|
|
- Duplicate copies — moved to inbox/processed/
|
|
- Stored new hashes (2dffc8a18978f225, 60b2f4c73753f60e) to ~/documents/store/ as backup copies
|
|
|
|
## Email Triage (08:02 EST)
|
|
- **Macy's shipping** (tj@): Nautica pants shipped, tracking 9200190118753474664007, ETA Feb 19 → deliveries upsert → archived
|
|
- **Amazon delivered** (tj@): Taylors of Harrogate tea delivered → deliveries updated to delivered → archived
|
|
- **Trending Kickstarters** (johan@): Marketing newsletter (titanium carry-on) → archived (should've been junked by MC)
|
|
|
|
## MC M365 Connector (building)
|
|
- Subagent spawned (Opus) to build connector_m365.go
|
|
- Three pollers on 60s tick: email (unread), Teams chat (new messages), calendar (diff)
|
|
- Skips items Johan already read or responded to
|
|
- Fires webhook only on delta → mail agent routes to Signal
|
|
- Named "m365" everywhere, never "kaseya"
|