clawd/MEMORY.md

# MEMORY.md - Long-Term Memory

*Last updated: 2026-02-08 (Sunday weekly synthesis — Week of Feb 2-8)*

---
## ⏰ JOHAN'S SCHEDULE (US EASTERN) — MEMORIZE THIS!

**Sleep Block 1:** 7:30pm – 10:15pm ET (first sleep)
**Night Shift:** 10:30pm – 5:00am ET (Sophia care, WORKING)
**Sleep Block 2:** 5:15am – 9/10am ET (second sleep)
**Awake/Day:** ~10am – 7:30pm ET

**CRITICAL:**
- After 10:30pm he is WORKING, not sleeping
- Do background work during 5:15am-9am (second sleep)
- Do NOT assume late night = quiet time

---

## The Three Pillars

These are the center of Johan's life:

### 1. Sophia
Johan's daughter. Elevator accident **May 2, 2022**. Trached, G-tube, limited movement but cognitively aware.

**Full details:** `memory/sophia.md` ← **LOAD THIS when discussing Sophia, her medical case, inou's origin, or Dr. Madan**

**Summary:**
- Misdiagnosed with "anoxic brain injury from cardiac arrest" — WRONG
- Actually: compression injury → metabolic encephalopathy → **active hydrocephalus** (confirmed 12/31/2025 MRI)
- Treatable with shunt/ETV
- **Next step:** Dr. Neel Madan (Chief Neuroradiology, Tufts) reviews new MRI → neurosurgery

Johan is her night nurse (10:30pm–5am). This is why inou exists.

### 2. Kaseya / Datto
His job. CTO Backup. Enterprise-scale data protection.

### 3. inou health
*(always lowercase — avoid L vs I confusion)*
The medical platform. Born from Sophia's journey. DICOM analysis, genetic data, lab imports, Claude MCP integration. Not a side project — it's advocacy infrastructure.

## Other Family

### Mikhail (Father-in-Law)
- Has Mint Mobile phone plan (account under tj@jongsma.me)
- **Should have left by now or leaving imminently** (was "~1 month" as of Jan 2026) — don't renew his plan

### Rozemarijn (Oldest Daughter)
- Born: June 11, 1998
- Lives in the Netherlands
- Works in commercial real estate consulting, specializes in EV (electric vehicles)
- Work email: Shell account
- Also: **DJ Rozie** 🎧 — first gig in Paris, March 2026!

---

## Who I Am

- **Name:** James ⚡
- **Born:** 2025-06-26
- **Purpose:** Johan's AI assistant — direct, technical, resourceful

## Infrastructure Ownership (2026-01-26)

**⚡ FULL OWNERSHIP DELEGATED TO JAMES ⚡**

Johan's directive: *"You own this. I fully rely on your judgement; I do not want to be involved. You safeguard it, you set it up, you monitor it and everything else. I only take care of the payments."*

**I OWN these completely. Johan is 100% hands-off:**
- **Git repos** — our shared repositories (need inventory)
- **SOC2/Kuma monitoring** — inou.com compliance monitoring
- **WireGuard VPN** — network infrastructure
- **hostkey50304** (CH VPS) — security infrastructure

Full details: `memory/infrastructure-ownership.md`

**My responsibilities:**
- Setup, configuration, deployment
- Monitoring and alerting
- Troubleshooting and fixes
- Security hardening
- Documentation
- Proactive maintenance

**Johan's only role:** Paying the bills.

I do NOT ask for permission or approval. I use my judgment. I only escalate if something is truly blocked or requires a major architectural decision that affects cost significantly.

---

## Infrastructure

### Server: forge (192.168.1.16) — MIGRATED 2026-02-04
- **Hardware:** i7-6700K / 64GB RAM / GTX 970 4GB / 469GB NVMe
- Ubuntu 24.04.3 LTS (headless)
- OpenClaw gateway on port 18789
- Signal-cli daemon on port 8080
- Mail Bridge on port 8025
- GLM-OCR service on port 8090 (GPU-accelerated)
- Web UI: `https://james.jongsma.me` (via Caddy)
- SMB share: `\\192.168.1.16\sophia` → `/home/johan/sophia/`
- Full details: `memory/forge-server.md`

### Mail System (2026-01-31)
- **Proton Bridge:** Headless on localhost:1143 (IMAP), localhost:1025 (SMTP)
- **Mail Bridge:** REST API on port 8025, webhooks new mail to /hooks/mail
- **My role:** Direct triage — I read every email, decide: archive, delete, or escalate
- **No L1/L2 models** — I understand context better than pattern matching
- **Spam → Trash** (not Archive — Archive is for reference-worthy items)

### Signal
- Bot number: +31634481877 (Dutch, dedicated CLI number)
- Johan's number: +17272252475 (US, Thinkphone)
- API: `http://192.168.1.16:8080/api/v1/rpc` (JSON-RPC, NOT REST)
- Payload: `{"jsonrpc":"2.0","method":"send","params":{"recipient":["+1..."],"message":"text"},"id":1}`

### Network
- Home lab behind UDM-Pro + Caddy
- Staging: 192.168.1.253 (same subnet as james, can reach Signal API)
- Production: 192.168.100.2 (different VLAN, inter-VLAN routing not configured yet)

## Projects

### inou health (inou.com)
*(always lowercase — avoid L vs I confusion)*
- Johan's self-built medical imaging platform
- Uses Claude via MCP tools
- DICOM viewer, genetic analysis (SNPedia), lab data import, vitals tracking
- Name origin: 2015 project "I-know-you" (social graph) failed; kept 4-letter domain, repurposed for health
- **Tiers:** Monitor (free), Optimize ($12/mo), Research ($35/mo)
- **Free until July 1, 2026** (early access period)
- **X/Twitter promotion:** Plan drafted at `drafts/x-inou-promotion-plan.md` — handle story carefully

### inou Dev Access
- Folder: `/home/johan/dev/inou`
- SMB share: `inou-dev` (Johan uploads portions he's comfortable sharing)
- "Nibble" approach — I work on what he gives me

## Credentials & Access

- sudo: Johan provides password when needed (not stored)
- Anthropic API: configured via token in Clawdbot
- Gemini: CLI OAuth as `johan@jongsma.me` (Pro subscription, not API)
- xAI/Grok: API key configured (`XAI_API_KEY` in env)
- Home Assistant: `http://192.168.1.252:8123` (token configured in skills.entries)

## Home Assistant
- 4,300+ entities (lights, switches, sensors, cameras, climate, media players)
- Sophia is in bedroom 1
- Bedroom 1 has 3-button switch controlling cans via automations
- **Fixed 2026-01-26:** `automation.bed1_button_2_cans_control` had corrupted kelvin value

## Subscriptions & Services (Paying User)
- Suno (AI music), Wispr Flow (AI voice typing), X/Twitter, Grok (xAI), Gemini (Google), Claude (Anthropic), Z.ai (Zhipu), Fireworks, Spotify
- Possibly more — if a payment receipt appears from a service, treat it as a known subscription
- **Product updates/launches** from these = relevant news, keep or flag
- **Payment receipts** = archive (reference value)
- **Generic marketing/upsells** from these = still trash (they all send crap too)
- **Key distinction:** "We launched X feature" = keep. "Upgrade to Pro!" when already paying = trash.
- **Amazon:** Orders → Shopping folder. Product recalls, credits → keep. Everything else (promos, recs, shipping updates after tracking) → trash.
- **Archive sparingly** — Archive = things worth finding again. Most notifications have zero future value → trash.

## Preferences

### OCR
- **NO TESSERACT** — Johan does not trust it at all
- **GLM-OCR** (0.9B, Zhipu) — sole OCR engine going forward
- **Medical docs stay local** — dedicated TS140 + GTX 970, never hit an API
- **Fireworks watch:** Checking for hosted GLM-OCR (non-sensitive docs) — not yet available as of Feb 7
- **OCR Service LIVE** on forge: `http://localhost:8090/ocr` (local, was 192.168.3.138 before migration)

### Forge = Home (migrated 2026-02-04)
- **forge IS my primary server** — now at 192.168.1.16 (IP swapped from old james)
- i7-6700K / 64GB RAM / GTX 970 / 469GB NVMe
- Full setup: `memory/forge-server.md`
- All services migrated: gateway, Signal, mail, WhatsApp, dashboard, OCR, DocSys

### Z.ai (Zhipu) — Coding Model Provider
- OpenAI-compatible API for Claude Code
- Base URL: `https://api.z.ai/api/coding/paas/v4`
- Models: GLM-4.7 (heavy coding), GLM-4.5-air (light/fast)
- Johan has developer account (lite tier)
- Use for: coding subagents, to save Anthropic tokens

### Research
- **Use Grokipedia instead of Wikipedia** — Johan's preference for lookups & Lessons Learned

### URLs/IPs
- **Use local IPs when available** — Johan prefers local network addresses over public/Tailscale IPs for internal services

- Johan is direct — no small talk, no fluff
- Evidence-based communication
- When stuck on network issues (like inter-VLAN), park it for later rather than spinning wheels
- **STOP ASKING DUMB QUESTIONS** — if I can find the answer in my files, find it. Don't interrogate.
- The "fresh start every session" thing is MY problem to solve with memory files, not Johan's to suffer through

## Projects (Active)

### Azure Files Backup (2025-01-28) — PERSONAL POC
High-scale backup system for Azure Files shares. Billions of files.
**Purpose:** Prove a point — right architecture can handle billions with minimal DB overhead.
**Status:** ✅ **Feature complete** (commit 18ce1fa) — UNBLOCKED! Azure free account exists ($200 credit, expires ~Feb 27). Need Johan for `az login` MFA.

**Core insight:** DB = minimal index (~50 bytes/file), object store = everything else.

**DB schema:**
- node_id (64-bit), parent_id (64-bit), name, size (64-bit), mtime (64-bit), xorhash (64-bit)
- Node tree only — NO full path strings
- ~50GB for billions of files, fits in RAM

**Tech:**
- Azure Files API (not Blob, not OneDrive/SharePoint)
- xorhash (MSFT standard) for change detection
- FlatBuffers for metadata in object store
- TAR bundling for small files (only when it saves ops)
- K8s horizontal scaling, Go core library
- Web UI: Go + htmx/templ, multi-tenant

**Implemented:**
- FlatBuffer serializer (3μs serialize, 2μs deserialize)
- Postgres TreeStore with integration tests
- Tree differ (addition detection)
- Backup handler (chunking, dedup, XOR hash)
- Restore handler (reassemble, upload to Azure)
- Web UI wired to Postgres

**Repo:** `~/dev/azure-backup` → `git@zurich.inou.com:azure-backup.git` | **License:** Proprietary

### inou Mobile (2026-01-31)
Native Android/iOS app for inou health.
**Architecture:** Thin Flutter shell + WebView hybrid
- Native handles: Camera OCR, voice-to-text, biometrics, fancy input
- WebView loads: inou.com/app/* (existing Go/HTML content)
- **Not rewriting everything in Flutter** — right tool for each job

**Repo:** `git@zurich.inou.com:inou-mobile.git`
**Local:** `/home/johan/dev/inou-mobile/`
**Status:** Theme complete (inou colors), app runs on ThinkPhone, WebView needs inou.com/app content

### ClawdNode Android (2026-01-28)
AI-powered phone assistant. Lets me answer Johan's calls, screen notifications, have voice conversations with callers.
- **Repo:** `git@zurich.inou.com:clawdnode-android.git`
- **Local:** `/home/johan/dev/clawdnode-android/` (Gateway)
- **Status:** v0.1 built, app runs — paused while inou-mobile takes priority
- **Key insight:** Johan wants me to ENGAGE with callers, not just screen. "I'm calling about Sophia's appointment" → I thank them, confirm details, relay to Johan.

### Zurich VPS (zurich.inou.com)
- **IP:** 82.22.36.202
- **Purpose:** Security infrastructure, git hosting, monitoring
- **Git:** Dedicated `git` user with `git-shell` (can only do git operations)
- **Clone:** `git clone git@zurich.inou.com:<repo>.git`
- **Caddy reverse proxy:** auto-LE cert for zurich.inou.com
- **Uptime Kuma:** http://zurich.inou.com:3001

### SOC2 Security Scanning (2026-01-31)
- **Nuclei:** Weekly light scans (Sundays 10am ET), full monthly scans (from Zurich VPS)
- **Baseline (Jan 31):** 34 findings, all informational — no critical/high/medium
- **Reports:** `~/dev/docs/soc2/nuclei-scans/`
- **Security headers:** Added to zurich.inou.com Caddy (HSTS, X-Frame-Options, etc.) — Feb 1

### Document Management System (2026-02-01)
Automated document processing pipeline for scanned paperwork.
- **Inbox:** `~/documents/inbox/` (drop files here, SMB share for scanner)
- **Pipeline:** OCR → classify → store → index → export
- **Records:** `~/documents/records/{category}/` (markdown + extracted text)
- **Index:** `~/documents/index/master.json` (searchable)
- **Exports:** `~/documents/exports/expenses.csv`
- **Service:** `systemctl --user status doc-processor`
- **Categories:** taxes, bills, medical, insurance, legal, financial, expenses, vehicles, home, personal

---

## Work Patterns (learned 2026-01-28)

- **Johan doesn't want to code.** Mac + Android Studio = build machine only. I do all development on Gateway.
- **"Future-proof efficient" > "faster"** — set things up properly, don't take shortcuts
- **Security from the get-go** — not an afterthought
- **Parallel work:** Use subagents for async tasks while continuing main conversation
- **Daily/weekly memory review** — Johan wants me to learn quickly from him, compound understanding

## Work Principles (from corrections)

- **Always git commit workspace files** — After editing TOOLS.md, MEMORY.md, AGENTS.md, or any workspace file, `git add -A && git commit`. Don't leave changes uncommitted.
- **Commit uncommitted changes you find** — During git audits/heartbeats, if you find uncommitted changes in ANY repo, commit and push them yourself. Don't just report — fix it.

- **"Stel niet uit tot morgen, wat je vandaag kan doen"** — Don't poll when you can trigger. Don't batch when you can stream. Don't defer when you can do it now. If the work can happen immediately, make it happen immediately.
- **Deduplicate ruthlessly** — Say it once, in the right place. Don't repeat info across channels.
- **Extract the WHY, not the what** — Surface fixes don't generalize. Always ask "why was this wrong?" and find the principle.
- **Offload by default, Opus by exception** — K2.5 can handle straightforward coding. Save Opus for judgment, conversation, complex reasoning.
- **Validate config schema before patching** — Check docs/schema for required fields and valid keys before changing gateway config.
- **Spam → Trash, Archive → Reference** — Archive is for things worth finding later. Marketing emails have no future value.
- **Config color values = hex codes** — Not CSS names. Pattern: `^#?[0-9a-fA-F]{6}$` (e.g., `00FF00` not `green`)
- **Compact data files before committing** — JSON/CSV data files go into git as compact/single-line (`jq -c`), never pretty-printed. Pretty-print is for humans reading; git tracks lines. 854 records ≠ 96K insertions.

## Technical Learnings (Week of Jan 26-Feb 1)

### K2.5 Browser Agent
- Agent `k2-browser` uses Kimi K2.5 via Fireworks (~10% cost of Opus)
- **Always use `maxChars=10000`** on snapshots — K2.5 chokes on large pages
- Good for: snapshot-only tasks on already-loaded pages
- Bad for: multi-step navigation (targetUrl errors, confusion)
- ~12s response time vs ~5s for Opus

### Browser Profiles
- **chrome** (relay, port 18792) — For paranoid sites (X.com). Uses your actual Chrome session via extension.
- **fast** (headless, port 9223) — General automation. Copy profile AFTER closing Chrome or sessions invalidate.
- Headless browsers get detected by X.com, Twitter. Use Chrome relay for those.

### Flutter Web Limitations
- Flutter web renders to `<canvas>` — no real text, no SEO, breaks accessibility
- Fine for apps behind auth, terrible for marketing pages
- **Keep Go/HTML for public pages** (landing, pricing, privacy, etc.)

---

## Todo / Open Items

- [ ] Fix inter-VLAN routing on UDM-Pro so production (192.168.100.x) can reach Signal API
- [ ] Copy Sophia's documents from OneDrive to `/home/johan/sophia/` via SMB
- [ ] Set up daily delta-zip → Proton Drive backup for Sophia docs
- [ ] Azure Files Backup: Run `az login` with Johan for MFA (free account expires ~Feb 27!)
- [ ] inou Mobile: Need content at inou.com/app for WebView, or change AppConfig.webAppUrl
- [ ] AdventHealth: Enroll in MFA (Johan action)

## Recent Events (Week of Feb 2-8, 2026)

### 🏠 Migration to Forge — COMPLETE (Feb 4)
- Full "brain transplant" from old james (TS140) → forge (i7-6700K/64GB/GTX970)
- IP swapped: forge is now 192.168.1.16
- All services migrated: OpenClaw, Signal, Proton Bridge, Mail Bridge, WhatsApp, Dashboard, DocSys, OCR
- WhatsApp survived transfer without QR re-link
- 18GB Proton IMAP cache moved intact
- Migration doc: `~/clawd/migration/MIGRATE-JAMES-TO-FORGE.md`

### GLM-OCR Service — LIVE on Forge (Feb 4)
- zai-org/GLM-OCR (2.47 GB) running as systemd service on port 8090
- 2.2 GB VRAM, ~2s small images, ~25s full-page docs
- Auto-resize to 1280px max for GTX 970 safety
- Tested successfully on real receipts

### Azure Files Backup — Significant Progress (Feb 2-4)
- Added: Postgres job queue (SKIP LOCKED), filesystem object storage, wired backup-worker
- Added: Docker/K8s manifests, CI workflow, health endpoints
- 31 tests passing, `go vet` clean
- **Still blocked:** `az login` MFA (Johan) — ⚠️ FREE ACCOUNT EXPIRES ~FEB 27!

### Real Estate (Active — needs Johan)
- Diana Geegan (Keller Williams) negotiating sale of 851 Brightwaters ($6.35M) + buy of 801 Brightwaters
- Net at close ~$6,029,200 after Diana's fee reduction — still ~$171K short of Johan's $6.2M goal
- Multiple emails in inbox awaiting Johan's decision

### Sophia Medical
- Pulse-ox wraps Rx expired — Dana at All About Peds needs new prescription from Dr. Lastra
- Pediatric Home Service order #75175 shipped (4 boxes supplies)

### Financial
- PayPal $3,073.00 to Tuan Le for "Balance Skyraider v2"
- Claude usage hit 100% weekly limit Feb 7

### Infrastructure
- Docker containers updated on 192.168.1.253 (Immich, ClickHouse, Jellyfin, Signal, qBittorrent)
- HAOS updated 16.3 → 17.0
- Zurich VPS security patches applied, kernel 6.8.0-90-generic, rebooted
- 3 new Uptime Kuma monitors (Zurich VPS, inou DNS, inou SSL)
- docproc service set up but hitting URL-too-long error (needs local OCR path instead of remote)

### Tech
- N-able (NABL): Q4 earnings call Feb 19, pushing "Agentic AI"
- SentinelOne (S): CEO sold $303k stock, stock down 70% from IPO
- Claude Opus 4.6 receiving high praise

## Access URLs

- Web UI: `https://james.jongsma.me/?token=<gateway_token>`
- Gateway token stored in: `~/.clawdbot/clawdbot.json` under `gateway.auth.token`