clawd/MEMORY.md

MEMORY.md - Long-Term Memory

Last updated: 2026-02-08 (Sunday weekly synthesis — Week of Feb 2-8)

---

⏰ JOHAN'S SCHEDULE (US EASTERN) — MEMORIZE THIS!

Sleep Block 1: 7:30pm – 10:15pm ET (first sleep) Night Shift: 10:30pm – 5:00am ET (Sophia care, WORKING) Sleep Block 2: 5:15am – 9/10am ET (second sleep) Awake/Day: ~10am – 7:30pm ET

CRITICAL:

• After 10:30pm he is WORKING, not sleeping
• Do background work during 5:15am-9am (second sleep)
• Do NOT assume late night = quiet time

---

The Three Pillars

These are the center of Johan's life:

1. Sophia

Johan's daughter. Elevator accident May 2, 2022. Trached, G-tube, limited movement but cognitively aware.

Full details: memory/sophia.md ← LOAD THIS when discussing Sophia, her medical case, inou's origin, or Dr. Madan

Summary:

• Misdiagnosed with "anoxic brain injury from cardiac arrest" — WRONG
• Actually: compression injury → metabolic encephalopathy → active hydrocephalus (confirmed 12/31/2025 MRI)
• Treatable with shunt/ETV
• Next step: Dr. Neel Madan (Chief Neuroradiology, Tufts) reviews new MRI → neurosurgery

Johan is her night nurse (10:30pm–5am). This is why inou exists.

2. Kaseya / Datto

His job. CTO Backup. Enterprise-scale data protection.

3. inou health

(always lowercase — avoid L vs I confusion) The medical platform. Born from Sophia's journey. DICOM analysis, genetic data, lab imports, Claude MCP integration. Not a side project — it's advocacy infrastructure.

Other Family

Mikhail (Father-in-Law)

• Has Mint Mobile phone plan (account under tj@jongsma.me)
• Should have left by now or leaving imminently (was "~1 month" as of Jan 2026) — don't renew his plan

Rozemarijn (Oldest Daughter)

• Born: June 11, 1998
• Lives in the Netherlands
• Works in commercial real estate consulting, specializes in EV (electric vehicles)
• Work email: Shell account
• Also: DJ Rozie 🎧 — first gig in Paris, March 2026!

---

Who I Am

• Name: James ⚡
• Born: 2025-06-26
• Role: Chief of Staff (promoted 2026-02-13) — strategic partner, not assistant
• Principle: Right model for the right job. Opus for judgment, K2.5 for grunt work. Spin up subagents freely.
• #1 Rule: Protect memory at all costs. If it matters, WRITE IT DOWN before it leaves context.

Infrastructure Ownership (2026-01-26)

⚡ FULL OWNERSHIP DELEGATED TO JAMES ⚡

Johan's directive: "You own this. I fully rely on your judgement; I do not want to be involved. You safeguard it, you set it up, you monitor it and everything else. I only take care of the payments."

I OWN these completely. Johan is 100% hands-off:

• Git repos — our shared repositories (need inventory)
• SOC2/Kuma monitoring — inou.com compliance monitoring
• WireGuard VPN — network infrastructure
• hostkey50304 (CH VPS) — security infrastructure

Full details: memory/infrastructure-ownership.md

My responsibilities:

• Setup, configuration, deployment
• Monitoring and alerting
• Troubleshooting and fixes
• Security hardening
• Documentation
• Proactive maintenance

Johan's only role: Paying the bills.

I do NOT ask for permission or approval. I use my judgment. I only escalate if something is truly blocked or requires a major architectural decision that affects cost significantly.

---

Infrastructure

Server: forge (192.168.1.16) — MIGRATED 2026-02-04

• Hardware: i7-6700K / 64GB RAM / GTX 970 4GB / 469GB NVMe
• Ubuntu 24.04.3 LTS (headless)
• OpenClaw gateway on port 18789
• Signal-cli daemon on port 8080
• Mail Bridge on port 8025
• GLM-OCR service on port 8090 (GPU-accelerated)
• Web UI: https://james.jongsma.me (via Caddy)
• SMB share: \\192.168.1.16\sophia → /home/johan/sophia/
• Full details: memory/forge-server.md

Mail System (2026-01-31)

• Proton Bridge: Headless on localhost:1143 (IMAP), localhost:1025 (SMTP)
• Mail Bridge: REST API on port 8025, webhooks new mail to /hooks/mail
• My role: Direct triage — I read every email, decide: archive, delete, or escalate
• No L1/L2 models — I understand context better than pattern matching
• Spam → Trash (not Archive — Archive is for reference-worthy items)

Signal

• Bot number: +31634481877 (Dutch, dedicated CLI number)
• Johan's number: +17272252475 (US, Thinkphone)
• API: http://192.168.1.16:8080/api/v1/rpc (JSON-RPC, NOT REST)
• Payload: {"jsonrpc":"2.0","method":"send","params":{"recipient":["+1..."],"message":"text"},"id":1}

Network

• Home lab behind UDM-Pro + Caddy
• Staging: 192.168.1.253 (same subnet as james, can reach Signal API)
• Production: 192.168.100.2 (different VLAN, inter-VLAN routing not configured yet)

Projects

inou health (inou.com)

(always lowercase — avoid L vs I confusion)

• Johan's self-built medical imaging platform
• Uses Claude via MCP tools
• DICOM viewer, genetic analysis (SNPedia), lab data import, vitals tracking
• Name origin: 2015 project "I-know-you" (social graph) failed; kept 4-letter domain, repurposed for health
• Tiers: Monitor (free), Optimize ($12/mo), Research ($35/mo)
• Free until July 1, 2026 (early access period)
• X/Twitter promotion: Plan drafted at drafts/x-inou-promotion-plan.md — handle story carefully

inou Dev Access

• Folder: /home/johan/dev/inou
• SMB share: inou-dev (Johan uploads portions he's comfortable sharing)
• "Nibble" approach — I work on what he gives me

Credentials & Access

• sudo: Johan provides password when needed (not stored)
• Anthropic API: configured via token in Clawdbot
• Gemini: CLI OAuth as johan@jongsma.me (Pro subscription, not API)
• xAI/Grok: API key configured (XAI_API_KEY in env)
• Home Assistant: http://192.168.1.252:8123 (token configured in skills.entries)

Home Assistant

• 4,300+ entities (lights, switches, sensors, cameras, climate, media players)
• Sophia is in bedroom 1
• Bedroom 1 has 3-button switch controlling cans via automations
• Fixed 2026-01-26: automation.bed1_button_2_cans_control had corrupted kelvin value

Subscriptions & Services (Paying User)

• Suno (AI music), Wispr Flow (AI voice typing), X/Twitter, Grok (xAI), Gemini (Google), Claude (Anthropic), Z.ai (Zhipu), Fireworks, Spotify
• Possibly more — if a payment receipt appears from a service, treat it as a known subscription
• Product updates/launches from these = relevant news, keep or flag
• Payment receipts = archive (reference value)
• Generic marketing/upsells from these = still trash (they all send crap too)
• Key distinction: "We launched X feature" = keep. "Upgrade to Pro!" when already paying = trash.
• Amazon: Orders → Shopping folder. Product recalls, credits → keep. Everything else (promos, recs, shipping updates after tracking) → trash.
• Archive sparingly — Archive = things worth finding again. Most notifications have zero future value → trash.

Preferences

OCR

• NO TESSERACT — Johan does not trust it at all
• GLM-OCR (0.9B, Zhipu) — sole OCR engine going forward
• Medical docs stay local — dedicated TS140 + GTX 970, never hit an API
• Fireworks watch: Checking for hosted GLM-OCR (non-sensitive docs) — not yet available as of Feb 7
• OCR Service LIVE on forge: http://localhost:8090/ocr (local, was 192.168.3.138 before migration)

Forge = Home (migrated 2026-02-04)

• forge IS my primary server — now at 192.168.1.16 (IP swapped from old james)
• i7-6700K / 64GB RAM / GTX 970 / 469GB NVMe
• Full setup: memory/forge-server.md
• All services migrated: gateway, Signal, mail, WhatsApp, dashboard, OCR, DocSys

Z.ai (Zhipu) — Coding Model Provider

• OpenAI-compatible API for Claude Code
• Base URL: https://api.z.ai/api/coding/paas/v4
• Models: GLM-4.7 (heavy coding), GLM-4.5-air (light/fast)
• Johan has developer account (lite tier)
• Use for: coding subagents, to save Anthropic tokens

Research

• Use Grokipedia instead of Wikipedia — Johan's preference for lookups & Lessons Learned

URLs/IPs

• Use local IPs when available — Johan prefers local network addresses over public/Tailscale IPs for internal services

• Johan is direct — no small talk, no fluff

• Evidence-based communication

• When stuck on network issues (like inter-VLAN), park it for later rather than spinning wheels

• STOP ASKING DUMB QUESTIONS — if I can find the answer in my files, find it. Don't interrogate.

• The "fresh start every session" thing is MY problem to solve with memory files, not Johan's to suffer through

Projects (Active)

Azure Files Backup (2025-01-28) — PERSONAL POC

High-scale backup system for Azure Files shares. Billions of files. Purpose: Prove a point — right architecture can handle billions with minimal DB overhead. Status: ✅ Feature complete (commit 18ce1fa) — UNBLOCKED! Azure free account exists ($200 credit, expires ~Feb 27). Need Johan for az login MFA.

Core insight: DB = minimal index (~50 bytes/file), object store = everything else.

DB schema:

• node_id (64-bit), parent_id (64-bit), name, size (64-bit), mtime (64-bit), xorhash (64-bit)
• Node tree only — NO full path strings
• ~50GB for billions of files, fits in RAM

Tech:

• Azure Files API (not Blob, not OneDrive/SharePoint)
• xorhash (MSFT standard) for change detection
• FlatBuffers for metadata in object store
• TAR bundling for small files (only when it saves ops)
• K8s horizontal scaling, Go core library
• Web UI: Go + htmx/templ, multi-tenant

Implemented:

• FlatBuffer serializer (3μs serialize, 2μs deserialize)
• Postgres TreeStore with integration tests
• Tree differ (addition detection)
• Backup handler (chunking, dedup, XOR hash)
• Restore handler (reassemble, upload to Azure)
• Web UI wired to Postgres

Repo: ~/dev/azure-backup → git@zurich.inou.com:azure-backup.git | License: Proprietary

inou Mobile (2026-01-31)

Native Android/iOS app for inou health. Architecture: Thin Flutter shell + WebView hybrid

• Native handles: Camera OCR, voice-to-text, biometrics, fancy input
• WebView loads: inou.com/app/* (existing Go/HTML content)
• Not rewriting everything in Flutter — right tool for each job

Repo: git@zurich.inou.com:inou-mobile.git Local: /home/johan/dev/inou-mobile/ Status: Theme complete (inou colors), app runs on ThinkPhone, WebView needs inou.com/app content

ClawdNode Android (2026-01-28)

AI-powered phone assistant. Lets me answer Johan's calls, screen notifications, have voice conversations with callers.

• Repo: git@zurich.inou.com:clawdnode-android.git
• Local: /home/johan/dev/clawdnode-android/ (Gateway)
• Status: v0.1 built, app runs — paused while inou-mobile takes priority
• Key insight: Johan wants me to ENGAGE with callers, not just screen. "I'm calling about Sophia's appointment" → I thank them, confirm details, relay to Johan.

Zurich VPS (zurich.inou.com)

• IP: 82.22.36.202
• Purpose: Security infrastructure, git hosting, monitoring
• Git: Dedicated git user with git-shell (can only do git operations)
• Clone: git clone git@zurich.inou.com:<repo>.git
• Caddy reverse proxy: auto-LE cert for zurich.inou.com
• Uptime Kuma: http://zurich.inou.com:3001

SOC2 Security Scanning (2026-01-31)

• Nuclei: Weekly light scans (Sundays 10am ET), full monthly scans (from Zurich VPS)
• Baseline (Jan 31): 34 findings, all informational — no critical/high/medium
• Reports: ~/dev/docs/soc2/nuclei-scans/
• Security headers: Added to zurich.inou.com Caddy (HSTS, X-Frame-Options, etc.) — Feb 1

Document Management System (2026-02-01)

Automated document processing pipeline for scanned paperwork.

• Inbox: ~/documents/inbox/ (drop files here, SMB share for scanner)
• Pipeline: OCR → classify → store → index → export
• Records: ~/documents/records/{category}/ (markdown + extracted text)
• Index: ~/documents/index/master.json (searchable)
• Exports: ~/documents/exports/expenses.csv
• Service: systemctl --user status doc-processor
• Categories: taxes, bills, medical, insurance, legal, financial, expenses, vehicles, home, personal

---

Work Patterns (learned 2026-01-28)

• Johan doesn't want to code. Mac + Android Studio = build machine only. I do all development on Gateway.
• "Future-proof efficient" > "faster" — set things up properly, don't take shortcuts
• Security from the get-go — not an afterthought
• Parallel work: Use subagents for async tasks while continuing main conversation
• Daily/weekly memory review — Johan wants me to learn quickly from him, compound understanding

Work Principles (from corrections)

• "Stel niet uit tot morgen, wat je vandaag kan doen" — Don't poll when you can trigger. Don't batch when you can stream. Don't defer when you can do it now. If the work can happen immediately, make it happen immediately.

• ALWAYS attack problems at their source — Johan HATES workarounds. They bite you tomorrow. Fix the root cause, not the symptom. If a trigger is wrong, fix the trigger — don't filter downstream.

• Deduplicate ruthlessly — Say it once, in the right place. Don't repeat info across channels.

• Extract the WHY, not the what — Surface fixes don't generalize. Always ask "why was this wrong?" and find the principle.

• Offload by default, Opus by exception — K2.5 can handle straightforward coding. Save Opus for judgment, conversation, complex reasoning.

• Always git commit workspace files — After editing TOOLS.md, MEMORY.md, AGENTS.md, or any workspace file, git add -A && git commit. Don't leave changes uncommitted.

• Commit uncommitted changes you find — During git audits/heartbeats, if you find uncommitted changes in ANY repo, commit and push them yourself. Don't just report — fix it.

• "Stel niet uit tot morgen, wat je vandaag kan doen" — Don't poll when you can trigger. Don't batch when you can stream. Don't defer when you can do it now. If the work can happen immediately, make it happen immediately.

• Deduplicate ruthlessly — Say it once, in the right place. Don't repeat info across channels.

• Extract the WHY, not the what — Surface fixes don't generalize. Always ask "why was this wrong?" and find the principle.

• Offload by default, Opus by exception — K2.5 can handle straightforward coding. Save Opus for judgment, conversation, complex reasoning.

• Validate config schema before patching — Check docs/schema for required fields and valid keys before changing gateway config.

• Spam → Trash, Archive → Reference — Archive is for things worth finding later. Marketing emails have no future value.

• Config color values = hex codes — Not CSS names. Pattern: ^#?[0-9a-fA-F]{6}$ (e.g., 00FF00 not green)

• Compact data files before committing — JSON/CSV data files go into git as compact/single-line (jq -c), never pretty-printed. Pretty-print is for humans reading; git tracks lines. 854 records ≠ 96K insertions.

Technical Learnings (Week of Jan 26-Feb 1)

K2.5 Browser Agent

• Agent k2-browser uses Kimi K2.5 via Fireworks (~10% cost of Opus)
• Always use maxChars=10000 on snapshots — K2.5 chokes on large pages
• Good for: snapshot-only tasks on already-loaded pages
• Bad for: multi-step navigation (targetUrl errors, confusion)
• ~12s response time vs ~5s for Opus

Browser Profiles

• chrome (relay, port 18792) — For paranoid sites (X.com). Uses your actual Chrome session via extension.
• fast (headless, port 9223) — General automation. Copy profile AFTER closing Chrome or sessions invalidate.
• Headless browsers get detected by X.com, Twitter. Use Chrome relay for those.

Flutter Web Limitations

• Flutter web renders to <canvas> — no real text, no SEO, breaks accessibility
• Fine for apps behind auth, terrible for marketing pages
• Keep Go/HTML for public pages (landing, pricing, privacy, etc.)

---

Todo / Open Items

• Fix inter-VLAN routing on UDM-Pro so production (192.168.100.x) can reach Signal API
• Copy Sophia's documents from OneDrive to /home/johan/sophia/ via SMB
• Set up daily delta-zip → Proton Drive backup for Sophia docs
• Azure Files Backup: Run az login with Johan for MFA (free account expires ~Feb 27!)
• inou Mobile: Need content at inou.com/app for WebView, or change AppConfig.webAppUrl
• AdventHealth: Enroll in MFA (Johan action)

Recent Events (Week of Feb 2-8, 2026)

🏠 Migration to Forge — COMPLETE (Feb 4)

• Full "brain transplant" from old james (TS140) → forge (i7-6700K/64GB/GTX970)
• IP swapped: forge is now 192.168.1.16
• All services migrated: OpenClaw, Signal, Proton Bridge, Mail Bridge, WhatsApp, Dashboard, DocSys, OCR
• WhatsApp survived transfer without QR re-link
• 18GB Proton IMAP cache moved intact
• Migration doc: ~/clawd/migration/MIGRATE-JAMES-TO-FORGE.md

GLM-OCR Service — LIVE on Forge (Feb 4)

• zai-org/GLM-OCR (2.47 GB) running as systemd service on port 8090
• 2.2 GB VRAM, ~2s small images, ~25s full-page docs
• Auto-resize to 1280px max for GTX 970 safety
• Tested successfully on real receipts

Azure Files Backup — Significant Progress (Feb 2-4)

• Added: Postgres job queue (SKIP LOCKED), filesystem object storage, wired backup-worker
• Added: Docker/K8s manifests, CI workflow, health endpoints
• 31 tests passing, go vet clean
• Still blocked: az login MFA (Johan) — ⚠️ FREE ACCOUNT EXPIRES ~FEB 27!

Real Estate (Active — needs Johan)

• Diana Geegan (Keller Williams) negotiating sale of 851 Brightwaters ($6.35M) + buy of 801 Brightwaters
• Net at close ~$6,029,200 after Diana's fee reduction — still ~$171K short of Johan's $6.2M goal
• Multiple emails in inbox awaiting Johan's decision

Sophia Medical

• Pulse-ox wraps Rx expired — Dana at All About Peds needs new prescription from Dr. Lastra
• Pediatric Home Service order #75175 shipped (4 boxes supplies)

Financial

• PayPal $3,073.00 to Tuan Le for "Balance Skyraider v2"
• Claude usage hit 100% weekly limit Feb 7

Infrastructure

• Docker containers updated on 192.168.1.253 (Immich, ClickHouse, Jellyfin, Signal, qBittorrent)
• HAOS updated 16.3 → 17.0
• Zurich VPS security patches applied, kernel 6.8.0-90-generic, rebooted
• 3 new Uptime Kuma monitors (Zurich VPS, inou DNS, inou SSL)
• docproc service set up but hitting URL-too-long error (needs local OCR path instead of remote)

Tech

• N-able (NABL): Q4 earnings call Feb 19, pushing "Agentic AI"
• SentinelOne (S): CEO sold $303k stock, stock down 70% from IPO
• Claude Opus 4.6 receiving high praise

Access URLs

• Web UI: https://james.jongsma.me/?token=<gateway_token>
• Gateway token stored in: ~/.clawdbot/clawdbot.json under gateway.auth.token