johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/email-triage.md

221 lines
8.3 KiB
Markdown
Raw Blame History

# Email Triage Instructions
*Created: 2026-02-01*
*Updated: 2026-02-07 (Added Specific Sender Rules)*
## Message Center (MC) API
**Unified endpoint for all messages (email + WhatsApp):**
- Base URL: `http://localhost:8025`
- Fetch new: `GET /messages/new`
- Replay: `GET /messages?since=24h`
- Actions: `POST /messages/{id}/archive`, `/delete`, `/reply`, `/to-docs`
**Account identifiers:**
- `tj_jongsma_me` (tj@jongsma.me) — family/shared account
- `johan_jongsma_me` (johan@jongsma.me) — Johan's personal account
- `whatsapp` — WhatsApp messages
All messages use unified ID format: `{source}:{sourceID}` (e.g., `tj_jongsma_me:12345`)
## CRITICAL RULE
**ALWAYS read the FULL message content before triaging. NO EXCEPTIONS.**
Every email gets read in full — regardless of sender, subject, or apparent category. The content determines the action.
---
## Attachment Processing
When emails have attachments (`has_attachments: true`, `attachment_names: [...]`), decide if any are worth archiving.
### Trigger Ingest (Forward to Documents Inbox)
```bash
curl -X POST "http://localhost:8025/messages/{id}/to-docs" \
-H "Content-Type: application/json" \
-d '{"attachments": ["invoice.pdf"]}'
```
MC fetches attachments and saves to `~/documents/inbox/` for DocSys processing.
**Response:**
```json
{"saved": ["/home/johan/documents/inbox/invoice.pdf"], "errors": []}
```
**Ingest all attachments:** omit the `attachments` array or pass `{}`.
### When to Ingest
**Trigger ingest for anything interesting/worth keeping:**
- Invoices, receipts, bills, statements
- Contracts, agreements, legal documents
- Medical records, insurance docs
- Tax forms (W-2, 1099, etc.)
- Any document worth keeping/finding later
- Use judgment — if it looks useful, ingest it
**Skip these:**
- Marketing fluff, promo images
- Logos, signatures (image-only attachments)
- Spam attachments
- Duplicate documents already ingested
### Supported Formats
- **Vision (K2.5):** .pdf, .png, .jpg, .jpeg, .gif, .webp, .tiff, .bmp, .doc, .docx, .odt, .rtf, .xls, .xlsx, .ppt, .pptx
- **Text (K2):** .txt, .md, .csv, .json, .xml, .yaml, .log
---
## James Tasks (assign to myself)
These emails are ACTIONABLE for me — create a dashboard task (owner: james), don't just archive:
- **Google Search Console** (sc-noreply@google.com) — inou.com indexing issues, crawl errors, etc.
- **inou.com alerts** — uptime, errors, anything about the platform
- **Infrastructure alerts** — Uptime Kuma, server notifications, SSL expiry
- **Security alerts** — breach notifications, vulnerability disclosures for our stack
**Workflow:**
1. Read the full email
2. Create task: `POST http://localhost:9200/api/tasks` with `owner: "james"`, appropriate domain
3. THEN archive the email
---
## Sophia Triggers
Anything matching these → Sophia's recovery folder (or ASK if unclear):
- "brain", "neuro", "therapy", "activator"
- Medical devices, equipment, serial numbers
- Pediatric suppliers (All About Pediatrics, Tri-Med, etc.)
- Insurance claims mentioning Sophia
- Any person name "S. Jongsma" or "Sophia"
- Therapy appointments, medical follow-ups
## Conversation Detection
- "Re:" from a person = active conversation, READ IT
- Thread replies are not spam
- Check context before deleting
## Action Required Detection
- Credits/refunds → check expiry, action needed?
- Payment reminders → notify Johan
- "ACTION REQUIRED" → read and assess
- Medical advice → flag for attention, don't just file
## Phishing / Scam Detection
**Phishing ≠ Spam.** Spam is junk. Phishing is fraud. Different handling.
### Red Flags (read body carefully if ANY present):
- Unexpected "payment processed" or "transaction" language
- Phone numbers to call "if you didn't authorize"
- Urgent action required + money involved
- Generic sender names ("Your Teacher", "Support Team")
- Legitimate service used as delivery mechanism (Canva class, Google Doc share, etc.)
- Message-ID from unexpected domain (e.g., amazonses.com for a "Canva" email)
- Mismatched context (class invite containing payment info)
### Phishing Workflow:
1. **PRESERVE** — do NOT delete. Move to a folder or keep in inbox.
2. **FLAG** — mark for Johan's attention
3. **ALERT** — ping Johan: "Phishing attempt detected, preserved for review"
4. **LOG** — dashboard entry with `action: "flagged"`, `reason: "Phishing - [brief description]"`
5. **DO NOT AUTO-REPORT** — Never send abuse reports to Canva/Google/PayPal/etc. without Johan's explicit approval. We don't want to become spam ourselves, and false positives happen.
**Johan decides** if an abuse report is warranted. I preserve evidence, he takes action.
### Why This Matters:
- Phishing evolves — today's "class invite" scam is tomorrow's "shared document" scam
- Evidence has value for reporting (if Johan chooses to)
- Auto-reporting could flag legitimate emails, annoy abuse teams, or get our accounts flagged
---
## Delete Behavior
**NEVER hard-delete. Always move to Trash.**
Before moving to Trash:
1. Read full content
2. Summarize what it contains
3. Confirm no action is needed
4. Confirm it's NOT phishing (phishing = preserve, not trash)
## Processed Email Routing
### → Trash (delete)
- Marketing/promotional emails
- Spam
- Phishing attempts
- Newsletters not worth keeping
- Automated notifications with no value
- Test emails
**Rule:** If Johan would never want to find this again → Trash
### → Shopping (mark read, move)
- Order confirmations ONLY
**Rule:** Actual order/purchase confirmation → mark read, move to `Folders/Shopping`
### → Trash (after processing)
- Shipping notifications
- Delivery updates
- "Out for delivery" / "Delivered" notices
**Workflow for shipping/delivery emails:**
1. Read the full message
2. Update delivery tracking via dashboard API (`POST/PATCH http://localhost:9200/api/deliveries`)
3. THEN move to Trash
This keeps the delivery schedule current without cluttering Shopping folder.
### → Archive (keep but out of inbox)
- Processed bills after payment
- Travel confirmations (past trips)
- Payment receipts from subscriptions (reference value)
- Security alerts (password changes, new logins)
**Rule:** Archive is for things worth FINDING AGAIN. If Johan would never search for it → Trash, not Archive.
### → Trash (common false-archive candidates)
- **Amazon:** Everything except order confirmations and outliers (product recalls, credits). Promos, recommendations, "items you viewed", shipping updates (after updating deliveries) → all trash.
- **Retailers:** Marketing, sales, "new arrivals" → trash
- **Account notifications** with no future value → trash
- **Generic "your statement is ready"** → trash (he can check the app)
### → Keep in Inbox (flag for Johan)
- Action required
- Bills/renewals pending payment
- Personal correspondence awaiting reply
- Anything Sophia-related
- Medical/insurance matters
## Specific Sender Rules
These override general routing:
- **Kaseya Marketing:** Read fully -> Summarize (rundown) -> Post to Dashboard News -> **Trash**.
- **Lansweeper:** (Johan is ex-CTO) Read fully -> Summarize what's going on -> Post to Dashboard News -> **Trash**.
- **inou Verification Codes:** (noreply@inou.com) -> **Trash** immediately (Johan uses backdoors).
- **Immich:** (GitHub/Releases) Read fully -> **Trigger update on server 192.168.1.253** -> Post to Dashboard News -> **Trash**.
- **Lingerie & Beach Wear (e.g., Pain de Sucre, Fleur du Mal):** Use your judgment. If the email introduces a **new collection, series, or seasonal release**, **Keep in Inbox**. If it is just general sales/marketing/shipping alerts, **Trash**.
- **Domain Purchase Inquiries (e.g., Jacob):** -> Deny (Reply "not for sale") -> **Archive**.
## Mistakes Made
### 2026-02-01
- Hard-deleted GenerX thread (permanently lost)
- Deleted Amazon promo credit without checking if action needed
- Almost deleted MBL Brain Activator emails (Sophia's therapy device repair)
- Triaged MosaicDx by subject without reading their medical advice
### 2026-02-02
- **Canva phishing email:** Deleted as "educational marketing spam" without reading body. Missed scam payload ($769.68 fake payment + scam phone number). Should have: read full content, recognized phishing red flags, preserved + flagged for Johan. **Violated my own rule: "ALWAYS read the FULL message content before triaging."**
Learn from these. Don't repeat.
Reference in New Issue View Git Blame Copy Permalink