clawd/memory/2026-02-18.md

# Daily Notes — 2026-02-18

## Contacts Dedup (completed ~midnight)
- Johan has contacts across multiple Google accounts, exporting to iCloud as part of Apple ecosystem switch
- Built Python dedup script at `/home/johan/clawd/tmp/contacts/dedup.py` + `postprocess.py`
- Input: 4,168 contacts (3 vcf files: contacts.vcf 689, contacts(1).vcf 3477, contacts(2).vcf 2)
- Output: `final.vcf` with ~2,200 clean contacts
- Key bugs fixed during session:
  - Phone chain merging via shared switchboard numbers (LogicNow HQ +1-919-957-5099 merged 15 employees) → threshold filter: skip phones appearing in 3+ contacts
  - ORG-only dedup merged entire companies → removed
  - Single-word name dedup merged all "Sander" / "Floor" contacts → require 2+ significant words
  - Subset name matching (Wenda Haasjes / Wenda Haasjes - Jongsma) → fixed using prefix matching
- Post-processing: removes contacts with no email+phone, removes nameless contacts (215 emails printed for review), converts Dutch 06XXXXXXXXX numbers to +316XXXXXXXXX
- **Nameless contacts email list** was printed — Johan should review if any need a contact card created
- 62 Dutch phone numbers converted to international format
- `final.vcf` ready to import at icloud.com/contacts → gear → Import vCard (Mac/browser, not iPhone)

## Apple Ecosystem Transition
- Johan bought iPhone 17 (sign-ins seen on Apple, Google, Spotify today ~3:39 PM PST)
- Moving from Windows → Mac (Apple Silicon superior, especially for local AI)
- Prefers Android but accepting iPhone because Mac + Windows mismatch is worse
- Calendaring: all in Outlook (work), no personal calendar
- Contacts: moving to iCloud

## Email Triage (9 PM, silent while Johan slept)
- 34 messages processed across tj_jongsma_me and johan_jongsma_me
- Key alerts posted to Fully:
  - ✈️ Delta flight F86VDN: TPA→JFK Thu Feb 19 at 7:16 AM, back at 6:06 PM (day trip NYC)
  - 🏠 851 Brightwaters showing (2/16): Sarasota buyers, liked exterior, disliked modern interior; Diana waiting for buyer response
  - 💳 Macy's CC (ending 8097): $29 min due by 2/22, balance $147.23
  - 👙 Fleur du Mal new collection
  - 🧠 Southwest Brain Performance Centers (Albuquerque) — Sophia's provider, seminar Feb 18 6PM + appointment reminder
- Deliveries added to dashboard: Macy's (3 packages, UPS+USPS, by 2/19-2/23), Nordstrom chinos x2 (by 2/20)
- Cloudflare DNSSEC errors: zavtra.nl, busel.nl, muskepo.nl — James task created to remove DS records
- flourishevents.nl: successfully migrated to Cloudflare Free plan
- NETGEAR Meural annual renewal: $74.85 auto-charged to MC ****2208

## Dashboard Cleanup
- Old Fully alerts from 2/9 era were still visible (David Bagget era, Kaseya Win Alerts, Teams messages)
- Johan flagged this — cleaned all alerts older than tonight
- Root cause: messages with null dates were being treated as current
- Fix: email straggler cron now checks message body date, skips >48h old

## Heartbeat Architecture Overhaul
- Problem: heartbeats ran in main session → burned 148k tokens per check when context was large
- Solution: disabled built-in heartbeat (set to 720h), created two isolated cron jobs:
  - **Watchdog (K2.5)** — every 30 min, isolated: K2 watchdog + doc inbox + Claude usage
  - **Email Straggler (Sonnet)** — every 90 min, isolated: email fallback triage
- Main session now only used for actual conversations with Johan

## Token Usage
- Weekly: 55% used as of midnight, resets Fri Feb 21
- Tonight's contacts dedup session was expensive (~500k-1M tokens estimated)
- New architecture should significantly reduce background token burn

## 851 Brightwaters Real Estate
- Diana Geegan is the realtor
- Showing 2/16: Sarasota buyers (Bird Key homeowners), daughter lives in St. Pete
- Also toured 1075 31st Ter NE ($8.95M) — not on Brightwaters
- Buyers felt interior was "too modern" / contemporary European for their Mediterranean taste
- Agent expected response from buyers the morning of 2/17 — no offer reported yet

## Delta Flight Thu Feb 19
- Delta 2475: TPA departs 7:16 AM → JFK arrives 10:00 AM
- Delta 2093: JFK departs 2:59 PM → TPA arrives 6:06 PM
- Confirmation: F86VDN, seat assigned at gate, Main Basic (E) fare, $445.80
- Day trip to NYC

## Contacts Pipeline — Known Issues in final.vcf
- **Bishop I.T. Solutions**: appears 3× — manual review needed after iCloud import
- **McKenna Sloan Malison**: Shorecrest multi-person blob from source data; not a pipeline error
- **Johan Jongsma**: appears 2× — caught by chain merge guard correctly (not merged)
- **Aleksey Shafransky / Alona Dishy / Bertram Heemink**: each has 4 emails but are legitimate (career history)
- **To re-run pipeline**: `cd /home/johan/clawd/tmp/contacts && python3 dedup.py && python3 postprocess.py`
- **Chain merge guard**: if merged record would have >4 email domains, revert to individual records
- **iCloud chosen over Baikal**: zero infra maintenance, easy export later, Johan already has Apple ID from iPhone 17

## Contacts Pipeline — Dedup Rules (for future reference)
- Email match → merge
- Unique phone match (phone appearing in <3 contacts) → merge
- Exact full name match (≥2 significant words) → merge; prefix name match also handled (e.g. "Wenda Haasjes" ↔ "Wenda Haasjes - Jongsma")
- No org-only dedup (caused LogicNow + Shorecrest blobs)
- Skip phones appearing in 3+ contacts (shared switchboard numbers)
- Chain merge guard: >4 email domains → revert
- Strip: no-email AND no-phone contacts; no-name contacts; noise labels (Imported on, Restored from Google, myContacts); keep "starred"
- Dutch 06XXXXXXXXX → +316XXXXXXXXX normalization

## Heartbeat Cron Jobs (new architecture)
- Built-in heartbeat disabled (interval set to 720h) — was burning 148k tokens per ping
- **K2 Watchdog** (isolated, K2.5/Haiku): runs every 30 min — checks K2 service + doc inbox + Claude usage
- **Email Straggler** (isolated, Sonnet): runs every 90 min — fallback email triage check
- Isolated sessions have minimal context → cheap per-run cost

## Teams 24h Age Filter (fix committed)
- Old January Teams messages were appearing on Fully dashboard
- Root cause: no age filtering on inbound Teams messages
- Fix: added `ComposeTime string` to `teamsMsg` struct; skip if message > 24h old before building `convDetails`
- Committed `b69af43` on `mc-unified` branch of `message-center`

## mail.jongsma.me — Family Email Server
- DNS: A record added → Zurich IP (82.24.174.112); Stalwart ACME covers `mail.inou.com` + `mail.jongsma.me`
- Stalwart admin password reset: `agolM71pOwZBJhggROBDkn8R` (stored in `memory/vaultwarden-credentials.md`)
- **Family accounts created** on Stalwart:
  - Rozemarijn: pw `cRKEWJL4h3MGn3Li` — aliases: rozemarijn@, roos@, rozie@, rozemarijn@flourishevents.nl, info@flourishevents.nl + more @jongsma.me
  - Jacques: pw `7I#rydMKlri6r%!g` — aliases: jacques@, tjerk@, tjerkjacob@, jacques@e-consultants.nl
  - Misha: pw `6hRSl8KAZtGXPRUG` — aliases: misha@muskepo.com, michael@muskepo.com, misha@jongsma.me (PRIVATE — not to be mentioned publicly)
- Signal migration instructions sent to all three from James bot (+31634481877)
- Cert provisioning in progress — verify with `curl -v https://mail.jongsma.me`
- Roos asked if she wants James to help with migration or do it herself — awaiting reply
- **Stalwart quirk**: PATCH is broken in v0.15.5 — use DELETE + POST for account updates

## Signal Connector (MC)
- Built `connector_signal.go` in Message Center at `/home/johan/dev/message-center/`
- Polls signal-cli JSON-RPC at `http://localhost:8080/api/v1/rpc`
- Posts Fully alerts per sender; `Send()` via same endpoint
- Test pings sent to Roos (+31646563377) and Jacques (+31624403744) — both delivered
- Jacques Signal UUID: `ce74137a-b165-411d-9d2b-48362d8468cf`

## Signal Session Isolation Fix (Critical)
- **Problem discovered**: `allowFrom` setting in OpenClaw bypasses pairing flow → all family messages fell into Johan's main session
- **Fix**: Reverted `signal-allowFrom.json` to only contain `+17272252475` (Johan only); cleared `signal-pairing.json`
- **Result**: Kids must now send a message → get pairing code → type it back → get isolated sessions
- Roos confirmed channel works ("Hoi James"), had brief conversation about rijles + studio
- Roos asked about Sophia's guitar — no info in memory, James told her to ask Johan
- Jacques confirmed channel works; follow-up sent ("pairing thing was a bug, channel works now, dad is doing great")
- Roos informed of pairing reset — told to send a message to get new code

## M365 Email Alert Auto-Delete
- When Outlook email is deleted/read, next MC poll cycle now removes corresponding Fully tile
- Implementation: `EmailAlerts map[string]string` added to `m365State` (`msgID → alertID`), persisted in `~/.message-center/m365-state.json`
- `pollEmail()` tracks IDs and reconciles (removes orphaned Fully tiles) on each poll
- Committed `2005d75` on `mc-unified`

## OpenClaw Family Agent Routing (investigated, not yet configured)
- Confirmed: `bindings[]` array at top level of OpenClaw config with `agentId` + `match` (channel, accountId, peer.id, peer.kind, roles)
- `peer.id` matching Signal numbers → routes to specific `agentId`; multiple agents defined in `agents.list[]`
- Each agent can have separate workspace/identity/skills/memory
- **Decision pending**: Johan needs to decide whether to create a dedicated family agent (stripped-down, no personal memory files) or keep shared workspace
- Risk of shared workspace: kids' sessions currently can read MEMORY.md (Sophia medical, finances)
- Recommended: create `agents.family` with separate workspace dir, no access to Johan's personal memory

## Alena CVS Prescriptions
- 3 prescriptions ready since Feb 16: HYD, CAR, AML
- Johan needs to arrange pickup or delivery

## Pending / Next Steps
1. Johan: import `final.vcf` to iCloud — `scp johan@192.168.1.16:/home/johan/clawd/tmp/contacts/final.vcf ~/Downloads/` → icloud.com/contacts → gear → Import vCard
2. Verify `mail.jongsma.me` cert: `curl -v https://mail.jongsma.me`
3. Roos email migration: awaiting her reply
4. Kids pairing: Roos, Jacques, Misha each need to send message + complete pairing flow
5. OpenClaw family agent: Johan decides whether to create separate agent with isolated workspace
6. **URGENT**: jongsma.me domain transfer — expires Feb 28 (2026)
7. DNSSEC fix: remove DS records for zavtra.nl, busel.nl, muskepo.nl (Cloudflare)
8. Alena's prescriptions: pickup or delivery at CVS
9. Johan's flight Thu Feb 19: Delta TPA→JFK departs 7:16 AM — be at TPA ~5:30 AM (conf: F86VDN)
10. Vaultwarden: Johan needs to create account + import Proton Pass passwords

---

## Afternoon Session (2026-02-18 ~11AM–3PM)

### OpenClaw & Telegram
- Updated to OpenClaw 2026.2.17 (Sonnet 4.6 support, 1M context beta, iOS share extension, Talk mode improvements)
- **Telegram bot live:** @jamesjongsma_bot, token `8510971070:AAFFgv_UO_9L0Ulp2DRKHD-IWKkrarJNTIc`, Johan Telegram ID: 8454563068
- dmPolicy: open requires `allowFrom: ["*"]` — learned this the hard way (gateway failed to start, Claude Code fixed it)
- Johan is now @johanjongsma on Telegram; Telegram is primary channel going forward
- Dutch SIM (+31634481877) is NOW IN JOHAN'S POSSESSION (not Jacques) — he's in US with it
- OpenClaw iOS app: internal preview (2026.2.9), NOT on App Store — need to request access via Discord
- ClawdNode Android project paused; iOS node app takes over that concept

### Cloudflare DNS — All 9 Domains Active ✅
- busel.nl, e-consultants.nl, muskepo.nl, zavtra.nl were stuck for 2 days
- Root cause: DNSSEC DS records (readonly=1) blocked SIDN from accepting NS change
- Fix: `is_dnssec_enabled: false` via OpenProvider API cleared the readonly keys
- Johan re-saved each domain via OpenProvider UI → triggered EPP submission to SIDN
- All 9 zones now active on Cloudflare as of ~1:22 PM

### Email Migrations — jongsma.me → Stalwart (mail.jongsma.me)
- **tj@jongsma.me**: ✅ Complete — 17,413 messages (5.3 GiB)
- **tanya@jongsma.me**: ✅ Complete (done previously + cleaned up; do NOT re-run)
- **johan@jongsma.me**: ⏳ IN PROGRESS — 48,699 messages in All Mail alone; started ~14:05, ETA ~4hrs. Log: `/tmp/LOG_imapsync/tmp/migration_johan2.log`

### Stalwart Account Changes
- Account names updated to full email addresses for IMAP login compatibility:
  - `tj` → `tj@jongsma.me` (pw: `!Lekker69`)
  - `johan` → `johan@jongsma.me` (pw: `!!Lekker69`)
- MC config uses `JOHAN_BRIDGE_PASSWORD=c16oDOTzbSrc675YP3qDqA` (in `~/.config/message-center.env`)
- `johan@jongsma.me` is a SEPARATE Proton account from `tj@jongsma.me` — not an alias!
- All other accounts: rozemarijn, jacques, misha, tanya — unchanged

### MX Records FLIPPED ✅ — 3:00 PM ET
- jongsma.me MX: Proton (mail.protonmail.ch) → Stalwart (mail.jongsma.me)
- All @jongsma.me mail now routes to Stalwart going forward
- Family has until 3/15 to migrate existing Proton mail
- Announced to Roos, Jacques, Misha via Signal at ~11:54 AM

### Key Lessons Learned Today
1. **dmPolicy open requires allowFrom: ["*"]** — OpenClaw won't start without it
2. **Check MC config FIRST** before claiming an account doesn't exist (cost: wasted 30min on johan@jongsma.me)
3. **Don't re-run migrations** without verifying intent — almost duplicated Tanya's entire mailbox
4. **Stalwart login with email** requires account `name` field = full email address; not automatic from `emails` field
5. **imapsync readonly DNSSEC**: use `is_dnssec_enabled: false` not `dnssec_keys: []`

### Family Signal Status
- Roos, Jacques: confirmed Signal pairing works
- Misha: still needs to complete pairing
- All three notified of: MX flip, 3/15 migration deadline, Telegram bot @jamesjongsma_bot

### Pending / Still Open
1. **johan@jongsma.me migration**: still running, finishes ~6-7 PM
2. **jongsma.me domain transfer**: URGENT — expires 2026-02-28 (10 days!)
3. **Vaultwarden**: Johan needs to create account at vault.inou.com + import Proton Pass
4. **iCloud contacts**: final.vcf ready at `/home/johan/clawd/tmp/contacts/final.vcf`
5. **Alena CVS prescriptions**: HYD, CAR, AML — ready since Feb 16
6. **OpenClaw patches**: scope preservation + deleted transcript indexing need reapplication after 2026.2.17 update
7. **Remove self-signed cert** from Stalwart (tls.multiple-certificates-available warning)
8. **DNSSEC fix**: busel.nl done; verify all 4 are clean at SIDN level
9. **Misha Signal pairing**: still pending
10. **iOS node app alpha**: request access via OpenClaw Discord

## Stalwart Login — Short Username Broken (3:08 PM)
- Renaming accounts to full email broke short username login (`tj`, `johan` no longer work)
- Only `tj@jongsma.me` and `johan@jongsma.me` work now
- Johan's Mac accounts broke immediately after the rename
- **Fix for Johan:** update username field in Mac Mail from `tj` → `tj@jongsma.me`, `johan` → `johan@jongsma.me`
- **Alternative:** add short-name aliases back on Stalwart so BOTH work
- Lesson: don't rename Stalwart account names without coordinating with existing clients

## Stalwart Username Fix (3:26 PM)
- Reverted account names back to short form: `tj` and `johan` (not full email)
- Short names work for Mac Mail; full email (`tj@jongsma.me`) does NOT work simultaneously without proper Stalwart config
- **TODO:** Find proper Stalwart config to support BOTH short name AND full email login (lookup-domains or similar)
- For iPhone setup: full email login will require solving this properly first
- Mac accounts: username=`tj` pw=`!Lekker69`, username=`johan` pw=`!!Lekker69`, server=`mail.jongsma.me:993`

## Nightly Maintenance (9:00 PM ET)
- Working context written to `memory/working-context.md`
- **OS updates**: 5 packages upgraded (gcc-14-base, libasan8, libatomic1, libcc1-0, libgcc-s1, libgfortran5, libgomp1, libhwasan0, libitm1, liblsan0, libquadmath0, libstdc++6, libtsan2, libubsan1 → 14.2.0-4ubuntu2~24.04.1; systemd-hwe-hwdb → 255.1.7, cloud-init → 25.3-0ubuntu1~24.04.1)
- **Kernel upgraded** to 6.8.0-100-generic (reboot required — not yet rebooted, manual reboot needed)
- **Claude Code**: updated 2.1.45 → 2.1.47 (both user + system-wide npm installs)
- **OpenClaw**: already up to date at 2026.2.17 (updated this morning)
- **Session cleanup**: removed 29 :run: keys from sessions.json; marked 17 orphaned .jsonl files as deleted