clawd/memory/2026-02-22.md

Daily Notes — 2026-02-22

Infrastructure

Webmail (abandoned)

• Set up SnappyMail Docker on Zurich → hours of debugging → nuked it
• Root cause chain: AdGuard rewrite rule (*.jongsma.me → home IP) → hairpin NAT in container → wrong domain config fallback to localhost:143
• Lesson: all popular self-hosted webmail is PHP; Stalwart's "web UI" is admin-only, not user webmail
• Final state: webmail.jongsma.me DNS deleted, Caddy entry removed, SnappyMail fully nuked
• Stalwart is on latest (v0.15.5) — no upgrade needed

DNS

• Removed wildcard *.jongsma.me → 47.197.93.62 from Cloudflare
• AdGuard had a DNS rewrite for *.jongsma.me — Johan had to remove it manually
• Johan's home DNS is AdGuard, not just HA at 192.168.1.252

Forge reboot

• Rebooted cleanly, all services came back via linger

Dealspace (~/dev/dealroom, port 9300)

• Major UX overhaul: 14 changes including closing probability removal, new stat cards, last accessed, New Room modal, search, per-deal analytics/audit/contacts, request lists grouped by deal (commit eb103b4)
• Production auth: bcrypt, demo login removed, Misha admin account created
• Email: misha@muskepo.com / Dealspace2026! (owner role)
• Buyer account (misha.buyer@muskepo.com) created as workaround, then replaced by view toggle feature
• View toggle feature: owner/admin can switch between seller and buyer view within same session (agent briny-mist running ~1AM)
• No public domain yet — accessible at http://192.168.1.16:9300

Email / Stalwart

• Family email accounts use short usernames from migration: rozemarijn, jacques, misha, tanya
• Full addresses (rozemarijn@jongsma.me etc.) work for receiving but login uses short names
• MC connectors connect directly to Stalwart IMAP on mail.jongsma.me:993

Verizon bill processed

• $343.80 due March 4, 2026 — first bill on new account
• 3 lines: iPhone 17 (225-3810, Johan), iPhone 16 Plus (307-3952), iPhone 17 (358-1196)
• Auto Pay saves $30/mo if enrolled
• Record: ~/documents/records/bills/verizon-2026-02-21.md

Sessions spawn

• Still blocked: "pairing required" (1008) error
• Gateway bind fixed to custom/0.0.0.0 but agent-to-agent auth still needed
• Cron jobs work; only sessions_spawn from conversation sessions fails

HostKey cancellation

• Amsterdam VPS (53643) — Johan needs to manually cancel: https://panel.hostkey.com/controlpanel.html?key=639551e73029b90f-c061af4412951b2e

Corrections to remember

• Don't assume Stalwart has user webmail — it doesn't, admin panel only
• Check for DNS rewrite rules (AdGuard) not just cache when DNS issues persist
• "It should not be so complicated" — when debugging gets multi-step, step back and ask if the feature is even needed
• Test features end-to-end myself before reporting "done"

Sophia MRI - Feb 22 Update

Dr. Madan no longer available

• Dr. Neel Madan (Chief Neuroradiology, Tufts) — his father-in-law is terminally ill
• Johan returning to AI-assisted radiological interpretation
• Historical track record: AI analysis has been more accurate than formal radiology reports

MRI Discussion (Dec 31, 2025 scan)

• FLAIR showed FULL periventricular halo ("full aura") — not the two-point cap pattern
• Full halo = less specific (could be white matter disease from injury OR active hydrocephalus)
• Two-point pattern (frontal + occipital caps) = more specific for active CSF pressure
• Temporal horns NOT mentioned in radiology report — significant gap
• Temporal horn dilation = most specific sign of active hydrocephalus
• Key question for analysis: is ventriculomegaly disproportionate to cortical atrophy?
• Need: temporal horn width measurement, V/S ratio, FLAIR pattern characterization
• Johan to send screenshots: T2 axial (temporal horn level), FLAIR axial, T1 sagittal midline from Dec 31 scan in inou

Sessions Spawn — RESOLVED (evening Feb 22)

• Root cause: OC 2026.2.21 update stripped operator.write+read scopes from tokens
• Fix: manually restored scopes in device-auth.json + paired.json; gateway restarted
• Automated: oc-scope-watchdog.service now restores scopes within 30s of any gateway restart
• Script: ~/clawd/scripts/scope-watchdog.py; drop-in: ~/.config/systemd/user/openclaw-gateway.service.d/scope-fix.conf
• sessions_spawn confirmed working from conversation sessions as of Feb 22 evening

Gemini 3.1 Pro — Enabled in OpenClaw (Feb 22)

• Plugin google-gemini-cli-auth set to enabled: true in openclaw.json
• Model: google/gemini-3.1-pro-preview
• Uses existing Gemini CLI OAuth (johan@jongsma.me)
• Accessible via session_status(model="google/gemini-3.1-pro-preview")
• Confirmed working; best for medical/science analysis (77.1% ARC-AGI-2, top science benchmarks)
• Only works in main session (CLI OAuth); subagents need Gemini API key for native access

Weekly Docker Maintenance (Sunday Feb 22)

• HAOS v17.1 — no update needed
• Immich, ClickHouse, Jellyfin, Signal: updated on 192.168.1.253
• qbittorrent-vpn: pulled only (do NOT start — Johan uses on-demand)

Weekly Memory Synthesis (Feb 22)

• MEMORY.md updated with full weekly synthesis
• Two subagent timeouts before doing synthesis manually
• Key themes: infra consolidation, sessions-are-not-free architecture, open-weight model surge, Fish Audio TTS validated, OpenClaw auth risk, SnappyMail = "it should not be this complicated"

X Watchlist Updates (Feb 22)

• @moltbot: account not found — removed from all watchlists
• Added: @OpenAI, @MiniMax_AI, @Kimi_Moonshot, @ZhipuAI, @Gemini, @steipete, @RapidResponse47
• AI lab accounts (@OpenAI etc.) filter: hard news only (model releases, pricing, major launches)
• AI lab accounts post constantly — must drop everything else silently

TOOLS.md + MEMORY.md Security

• Both confirmed in .gitignore — not tracked in git
• API keys in ~/.openclaw/openclaw.json, not in system prompt files
• No exposure risk

AirLLM Test

• Qwen2.5-7B-Instruct runs on forge's GTX 970 (4GB VRAM) via AirLLM layer offloading
• Speed: 6.1s/token (slow but works)
• Proves 70B models are theoretically runnable at ~8-12s/token
• Fix for install: optimum==1.22.0
• Significance: local medical model analysis now viable for non-sensitive-latency tasks

Jacques/Rozemarijn Stalwart Login Fix

• Renamed Stalwart accounts to full email format (jacques@jongsma.me, rozemarijn@jongsma.me)
• IMAP verified working for both
• Credentials sent in Dutch via Signal

Open Items as of 8PM Feb 22

• Johan to send Sophia MRI screenshots for Gemini 3.1 Pro analysis
• Johan to manually cancel HostKey server #53643 (cancel URL sent via Signal)
• Verizon Auto Pay enrollment — saves $30/mo before March 4 billing cycle
• Dealspace public domain (dealspace.jongsma.me) if Misha wants external access
• Dealspace design questions: org signup, buyer concept, subscription plan, doc↔request linking, per-buyer permissions, CRM
• Remove stale amsterdam.inou.com from overview-dns-zones.csv
• Gemini API key (optional) for subagent Gemini access (currently main session only)

Nightly Maintenance (9 PM)

• OS updates: 0 packages upgraded (all up to date)
• Claude Code: 2.1.50 (up to date; npm update ran, changed 1 dependency)
• OpenClaw: 2026.2.21-2 (up to date; check-updates.sh has regex false-positive for -2 suffix)
• Session cleanup: removed 10 orphaned .jsonl files (~7.5 MB), removed 10 :run: keys from sessions.json
• Working context written to memory/working-context.md