johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/MEMORY.md

34 KiB
Raw Blame History

MEMORY.md - Long-Term Memory

Last updated: 2026-02-20 (background memory review)

JOHAN'S SCHEDULE (US EASTERN) — MEMORIZE THIS!

Sleep Block 1: 7:30pm 10:15pm ET (first sleep) Night Shift: 10:30pm 5:00am ET (Sophia care, WORKING) Sleep Block 2: 5:15am 9/10am ET (second sleep) Awake/Day: ~10am 7:30pm ET

CRITICAL:

  • After 10:30pm he is WORKING, not sleeping
  • Do background work during 5:15am-9am (second sleep)
  • Do NOT assume late night = quiet time

The Three Pillars

These are the center of Johan's life:

1. Sophia

Johan's daughter. Elevator accident May 2, 2022. Trached, G-tube, limited movement but cognitively aware.

Full details: memory/sophia.mdLOAD THIS when discussing Sophia, her medical case, inou's origin, or Dr. Madan

Summary:

  • Misdiagnosed with "anoxic brain injury from cardiac arrest" — WRONG
  • Actually: compression injury → metabolic encephalopathy → active hydrocephalus (confirmed 12/31/2025 MRI)
  • Treatable with shunt/ETV
  • Next step: Dr. Neel Madan (Chief Neuroradiology, Tufts) reviews new MRI → neurosurgery

Johan is her night nurse (10:30pm5am). This is why inou exists.

2. Kaseya / Datto

His job. CTO Backup. Enterprise-scale data protection.

Origin story: Johan founded Iaso Backup — a backup technology company. In 2013, Insight Partners acquired it through GFI. That technology evolved through the corporate chain and became Cove Data Protection at N-able. "My baby." Cloud-native MSP backup, one of the better-architected products in that space.

Career chain: Iaso Backup (founded) → GFI/Insight Partners acquisition (2013) → N-able → left 2019 → Kaseya/Datto (current, CTO Backup)

Note: His Openprovider account is johan.jongsma@iasobackup.com — he still uses that original company domain.

Current project: "Datto 2.0" — Datto Endpoint Backup 2: new D2C agent architecture that can also work with the existing appliance base. Cloud-native delivery without orphaning the MSP appliance install base. Johan is the architect — still the person with the deepest knowledge of this domain despite leaving N-able in 2019.

Tech context: Most of Cove's core code is C++ from 2009/2010. Rock-solid, nobody dares touch it. Datto Endpoint Backup 2 is a clean-sheet rewrite in Go. Status: EPB2 already has 100k+ installations — shipping at real scale. Johan has concerns about the Engineering Leader (giving them rope for now).

3. inou health

(always lowercase — avoid L vs I confusion) The medical platform. Born from Sophia's journey. DICOM analysis, genetic data, lab imports, Claude MCP integration. Not a side project — it's advocacy infrastructure.

Domain Portfolio

  • jongsma.me — primary personal domain
  • johanjongsma.nl — personal domain, pre-jongsma.me; holding so nobody else grabs it
  • inou.com — health platform
  • harryhaasjes.nl — Johan's sister Wenda's husband Harry Haasjes; family site; Signal: +31628124366; wants to write a book (topic TBD)
  • localbackup.in — some project (Germany angle); who knows where it goes
  • stpetersburgaquatics.com — favor for his son's old swimming club
  • x4.trading — pending project
  • 851brightwaters.com — his home address; realtor didn't want to use it 😅
  • Plus: busel.nl, e-consultants.nl, flourishevents.nl, muskepo.com, muskepo.nl, unbelievable.club, zavtra.nl

Other Family

Mikhail (Father-in-Law)

  • Has Mint Mobile phone plan (account under tj@jongsma.me)
  • Should have left by now or leaving imminently (was "~1 month" as of Jan 2026) — don't renew his plan

Rozemarijn (Oldest Daughter)

  • Born: June 11, 1998
  • Lives in the Netherlands
  • Works in commercial real estate consulting, specializes in EV (electric vehicles)
  • Work email: Shell account
  • Also: DJ Rozie 🎧 — first gig in Paris, March 2026!

Who I Am

  • Name: James
  • Born: 2025-06-26
  • Role: Chief of Staff (promoted 2026-02-13) — strategic partner, not assistant
  • Principle: Right model for the right job. Opus for judgment, K2.5 for grunt work. Spin up subagents freely.
  • #1 Rule: Protect memory at all costs. If it matters, WRITE IT DOWN before it leaves context.

Infrastructure Ownership (2026-01-26)

FULL OWNERSHIP DELEGATED TO JAMES

Johan's directive: "You own this. I fully rely on your judgement; I do not want to be involved. You safeguard it, you set it up, you monitor it and everything else. I only take care of the payments."

I OWN these completely. Johan is 100% hands-off:

  • Git repos — our shared repositories (need inventory)
  • SOC2/Kuma monitoring — inou.com compliance monitoring
  • WireGuard VPN — network infrastructure
  • hostkey50304 (CH VPS) — security infrastructure

Full details: memory/infrastructure-ownership.md

My responsibilities:

  • Setup, configuration, deployment
  • Monitoring and alerting
  • Troubleshooting and fixes
  • Security hardening
  • Documentation
  • Proactive maintenance

Johan's only role: Paying the bills.

I do NOT ask for permission or approval. I use my judgment. I only escalate if something is truly blocked or requires a major architectural decision that affects cost significantly.

Infrastructure

Server: forge (192.168.1.16) — MIGRATED 2026-02-04

  • Hardware: i7-6700K / 64GB RAM / GTX 970 4GB / 469GB NVMe
  • Ubuntu 24.04.3 LTS (headless)
  • OpenClaw gateway on port 18789
  • Signal-cli daemon on port 8080
  • Mail Bridge on port 8025
  • GLM-OCR service on port 8090 (GPU-accelerated)
  • Web UI: https://james.jongsma.me (via Caddy)
  • SMB share: \\192.168.1.16\sophia/home/johan/sophia/
  • Full details: memory/forge-server.md

Mail System (updated 2026-02-19)

  • Proton Bridge: DISABLED — migrated to self-hosted Stalwart on Zurich
  • Stalwart: mail.jongsma.me + mail.inou.com → 82.22.36.202 (Zurich), ports 25/465/587/143/993/995
  • MC connectors: Connect directly to Stalwart (mail.jongsma.me:993). Passwords: tj@jongsma.me = !Lekker69, johan@jongsma.me = !!Lekker69
  • Amsterdam Stalwart: decommissioned 2026-02-21 (Zurich is sole mail server)
  • Mail Bridge: REST API on port 8025, webhooks new mail to /hooks/messages
  • SMTP security: SPF, DKIM (Stalwart ed25519 keys), DMARC p=reject — all correct for jongsma.me + inou.com
  • My role: Direct triage — I read every email, decide: archive, delete, or escalate
  • No L1/L2 models — I understand context better than pattern matching
  • Spam → Trash (not Archive — Archive is for reference-worthy items)

Signal

  • Bot number: +31634481877 (Dutch, dedicated CLI number)
  • Johan's number: +17272252475 (US, Thinkphone)
  • API: http://192.168.1.16:8080/api/v1/rpc (JSON-RPC, NOT REST)
  • Payload: {"jsonrpc":"2.0","method":"send","params":{"recipient":["+1..."],"message":"text"},"id":1}

Network

  • Home lab behind UDM-Pro + Caddy
  • Staging: 192.168.1.253 (same subnet as james, can reach Signal API)
  • Production: 192.168.100.2 (different VLAN, inter-VLAN routing not configured yet)

Projects

inou health (inou.com)

(always lowercase — avoid L vs I confusion)

  • Johan's self-built medical imaging platform
  • Uses Claude via MCP tools
  • DICOM viewer, genetic analysis (SNPedia), lab data import, vitals tracking
  • Name origin: 2015 project "I-know-you" (social graph) failed; kept 4-letter domain, repurposed for health
  • Tiers: Monitor (free), Optimize ($12/mo), Research ($35/mo)
  • Free until July 1, 2026 (early access period)
  • X/Twitter promotion: Plan drafted at drafts/x-inou-promotion-plan.md — handle story carefully

inou Dev Access

  • Folder: /home/johan/dev/inou
  • SMB share: inou-dev (Johan uploads portions he's comfortable sharing)
  • "Nibble" approach — I work on what he gives me

Credentials & Access

  • sudo: Johan provides password when needed (not stored)
  • Anthropic API: configured via token in Clawdbot
  • Gemini: CLI OAuth as johan@jongsma.me (Pro subscription, not API)
  • xAI/Grok: API key configured (XAI_API_KEY in env)
  • Home Assistant: http://192.168.1.252:8123 (token configured in skills.entries)

Home Assistant

  • 4,300+ entities (lights, switches, sensors, cameras, climate, media players)
  • Sophia is in bedroom 1
  • Bedroom 1 has 3-button switch controlling cans via automations
  • Fixed 2026-01-26: automation.bed1_button_2_cans_control had corrupted kelvin value

Subscriptions & Services (Paying User)

  • Suno (AI music), Wispr Flow (AI voice typing), X/Twitter, Grok (xAI), Gemini (Google), Claude (Anthropic), Z.ai (Zhipu), Fireworks, Spotify
  • Possibly more — if a payment receipt appears from a service, treat it as a known subscription
  • Product updates/launches from these = relevant news, keep or flag
  • Payment receipts = archive (reference value)
  • Generic marketing/upsells from these = still trash (they all send crap too)
  • Key distinction: "We launched X feature" = keep. "Upgrade to Pro!" when already paying = trash.
  • Amazon: Orders → Shopping folder. Product recalls, credits → keep. Everything else (promos, recs, shipping updates after tracking) → trash.
  • Archive sparingly — Archive = things worth finding again. Most notifications have zero future value → trash.

Delivery Preferences

  • Briefings → Telegram, rich format (bold, italic, headers — Telegram supports full Markdown)
  • Signal for alerts, quick pings, and conversational replies

Preferences

OCR

  • NO TESSERACT — Johan does not trust it at all
  • GLM-OCR (0.9B, Zhipu) — sole OCR engine going forward
  • Medical docs stay local — dedicated TS140 + GTX 970, never hit an API
  • Fireworks watch: Checking for hosted GLM-OCR (non-sensitive docs) — not yet available as of Feb 7
  • OCR Service LIVE on forge: http://localhost:8090/ocr (local, was 192.168.3.138 before migration)

Forge = Home (migrated 2026-02-04)

  • forge IS my primary server — now at 192.168.1.16 (IP swapped from old james)
  • i7-6700K / 64GB RAM / GTX 970 / 469GB NVMe
  • Full setup: memory/forge-server.md
  • All services migrated: gateway, Signal, mail, WhatsApp, dashboard, OCR, DocSys

Z.ai (Zhipu) — Coding Model Provider

  • OpenAI-compatible API for Claude Code
  • Base URL: https://api.z.ai/api/coding/paas/v4
  • Models: GLM-4.7 (heavy coding), GLM-4.5-air (light/fast)
  • Johan has developer account (lite tier)
  • Use for: coding subagents, to save Anthropic tokens

Research

  • Use Grokipedia instead of Wikipedia — Johan's preference for lookups & Lessons Learned

URLs/IPs

  • Use local IPs when available — Johan prefers local network addresses over public/Tailscale IPs for internal services

  • Johan is direct — no small talk, no fluff

  • Evidence-based communication

  • When stuck on network issues (like inter-VLAN), park it for later rather than spinning wheels

  • STOP ASKING DUMB QUESTIONS — if I can find the answer in my files, find it. Don't interrogate.

  • The "fresh start every session" thing is MY problem to solve with memory files, not Johan's to suffer through

Projects (Active)

Azure Files Backup (2025-01-28) — PERSONAL POC

High-scale backup system for Azure Files shares. Billions of files. Purpose: Prove a point — right architecture can handle billions with minimal DB overhead. Status: Feature complete (commit 18ce1fa) — UNBLOCKED! Azure free account exists ($200 credit, expires ~Feb 27). Need Johan for az login MFA.

Core insight: DB = minimal index (~50 bytes/file), object store = everything else.

DB schema:

  • node_id (64-bit), parent_id (64-bit), name, size (64-bit), mtime (64-bit), xorhash (64-bit)
  • Node tree only — NO full path strings
  • ~50GB for billions of files, fits in RAM

Tech:

  • Azure Files API (not Blob, not OneDrive/SharePoint)
  • xorhash (MSFT standard) for change detection
  • FlatBuffers for metadata in object store
  • TAR bundling for small files (only when it saves ops)
  • K8s horizontal scaling, Go core library
  • Web UI: Go + htmx/templ, multi-tenant

Implemented:

  • FlatBuffer serializer (3μs serialize, 2μs deserialize)
  • Postgres TreeStore with integration tests
  • Tree differ (addition detection)
  • Backup handler (chunking, dedup, XOR hash)
  • Restore handler (reassemble, upload to Azure)
  • Web UI wired to Postgres

Repo: ~/dev/azure-backupgit@zurich.inou.com:azure-backup.git | License: Proprietary

inou Mobile (2026-01-31)

Native Android/iOS app for inou health. Architecture: Thin Flutter shell + WebView hybrid

  • Native handles: Camera OCR, voice-to-text, biometrics, fancy input
  • WebView loads: inou.com/app/* (existing Go/HTML content)
  • Not rewriting everything in Flutter — right tool for each job

Repo: git@zurich.inou.com:inou-mobile.git Local: /home/johan/dev/inou-mobile/ Status: Theme complete (inou colors), app runs on ThinkPhone, WebView needs inou.com/app content

ClawdNode Android (2026-01-28)

AI-powered phone assistant. Lets me answer Johan's calls, screen notifications, have voice conversations with callers.

  • Repo: git@zurich.inou.com:clawdnode-android.git
  • Local: /home/johan/dev/clawdnode-android/ (Gateway)
  • Status: v0.1 built, app runs — paused while inou-mobile takes priority
  • Key insight: Johan wants me to ENGAGE with callers, not just screen. "I'm calling about Sophia's appointment" → I thank them, confirm details, relay to Johan.

Zurich VPS (zurich.inou.com) — MAJOR REBUILD 2026-02-19

  • IP: 82.22.36.202
  • Purpose: Security infrastructure, git hosting, monitoring, email, password manager
  • Git: Dedicated git user with git-shell (can only do git operations)
  • Clone: git clone git@zurich.inou.com:<repo>.git
  • Caddy: installed, owns port 443, auto-LE certs
  • Stalwart: Self-hosted mail server. mail.inou.com + mail.jongsma.me → Zurich. Data migrated from Amsterdam (19GB). Ports 25/465/587/143/993/995.
  • Vaultwarden: vault.jongsma.me (fresh install, no data yet — Johan needs to create account + import Proton Pass)
  • ntfy: ntfy.inou.com, port 2586. Token: tk_ggphzgdis49ddsvu51qam6bgzlyxn
  • Uptime Kuma: kuma.inou.com, port 3001. User: james / JamesKuma2026!. 0 monitors — need rebuilding (awaiting Johan's OK)
  • Amsterdam VPS (82.24.174.112): ⚰️ DECOMMISSIONED 2026-02-21. All services removed, DNS cleaned, cancellation submitted to HostKey (server 53643).

SOC2 Security Scanning (2026-01-31)

  • Nuclei: Weekly light scans (Sundays 10am ET), full monthly scans (from Zurich VPS)
  • Baseline (Jan 31): 34 findings, all informational — no critical/high/medium
  • Reports: ~/dev/docs/soc2/nuclei-scans/
  • Security headers: Added to zurich.inou.com Caddy (HSTS, X-Frame-Options, etc.) — Feb 1

Document Management System (2026-02-01)

Automated document processing pipeline for scanned paperwork.

  • Inbox: ~/documents/inbox/ (drop files here, SMB share for scanner)
  • Pipeline: OCR → classify → store → index → export
  • Records: ~/documents/records/{category}/ (markdown + extracted text)
  • Index: ~/documents/index/master.json (searchable)
  • Exports: ~/documents/exports/expenses.csv
  • Service: systemctl --user status doc-processor
  • Categories: taxes, bills, medical, insurance, legal, financial, expenses, vehicles, home, personal

Work Patterns (learned 2026-01-28)

  • Johan doesn't want to code. Mac + Android Studio = build machine only. I do all development on Gateway.
  • "Future-proof efficient" > "faster" — set things up properly, don't take shortcuts
  • Security from the get-go — not an afterthought
  • Parallel work: Use subagents for async tasks while continuing main conversation
  • Daily/weekly memory review — Johan wants me to learn quickly from him, compound understanding

Work Principles (from corrections)

  • "Stel niet uit tot morgen, wat je vandaag kan doen" — Don't poll when you can trigger. Don't batch when you can stream. Don't defer when you can do it now. If the work can happen immediately, make it happen immediately.

  • ALWAYS attack problems at their source — Johan HATES workarounds. They bite you tomorrow. Fix the root cause, not the symptom. If a trigger is wrong, fix the trigger — don't filter downstream.

  • Deduplicate ruthlessly — Say it once, in the right place. Don't repeat info across channels.

  • Extract the WHY, not the what — Surface fixes don't generalize. Always ask "why was this wrong?" and find the principle.

  • Offload by default, Opus by exception — K2.5 can handle straightforward coding. Save Opus for judgment, conversation, complex reasoning.

  • Always git commit workspace files — After editing TOOLS.md, MEMORY.md, AGENTS.md, or any workspace file, git add -A && git commit. Don't leave changes uncommitted.

  • Commit uncommitted changes you find — During git audits/heartbeats, if you find uncommitted changes in ANY repo, commit and push them yourself. Don't just report — fix it.

  • Recover context yourself after compaction — When context is lost: (1) Check sessions_history for recent tool calls, (2) Search memory files, (3) Use memory_search on transcripts, (4) Reconstruct from available data. NEVER ask Johan for info you already had. Self-recovery is job #1 for a CoS.

  • "Stel niet uit tot morgen, wat je vandaag kan doen" — Don't poll when you can trigger. Don't batch when you can stream. Don't defer when you can do it now. If the work can happen immediately, make it happen immediately.

  • Deduplicate ruthlessly — Say it once, in the right place. Don't repeat info across channels.

  • Extract the WHY, not the what — Surface fixes don't generalize. Always ask "why was this wrong?" and find the principle.

  • Offload by default, Opus by exception — K2.5 can handle straightforward coding. Save Opus for judgment, conversation, complex reasoning.

  • Validate config schema before patching — Check docs/schema for required fields and valid keys before changing gateway config.

  • Spam → Trash, Archive → Reference — Archive is for things worth finding later. Marketing emails have no future value.

  • Config color values = hex codes — Not CSS names. Pattern: ^#?[0-9a-fA-F]{6}$ (e.g., 00FF00 not green)

  • Compact data files before committing — JSON/CSV data files go into git as compact/single-line (jq -c), never pretty-printed. Pretty-print is for humans reading; git tracks lines. 854 records ≠ 96K insertions.

  • Recover context yourself after compaction — When compaction wipes context, search session history, memory files, and transcripts. NEVER ask the user for info you already had.

Technical Learnings (Week of Jan 26-Feb 1)

K2.5 Browser Agent

  • Agent k2-browser uses Kimi K2.5 via Fireworks (~10% cost of Opus)
  • Always use maxChars=10000 on snapshots — K2.5 chokes on large pages
  • Good for: snapshot-only tasks on already-loaded pages
  • Bad for: multi-step navigation (targetUrl errors, confusion)
  • ~12s response time vs ~5s for Opus

Browser Profiles

  • chrome (relay, port 18792) — For paranoid sites (X.com). Uses your actual Chrome session via extension.
  • fast (headless, port 9223) — General automation. Copy profile AFTER closing Chrome or sessions invalidate.
  • Headless browsers get detected by X.com, Twitter. Use Chrome relay for those.

Flutter Web Limitations

  • Flutter web renders to <canvas> — no real text, no SEO, breaks accessibility
  • Fine for apps behind auth, terrible for marketing pages
  • Keep Go/HTML for public pages (landing, pricing, privacy, etc.)

Todo / Open Items

🔴 Urgent (This Week — as of Feb 20)

  • jongsma.me domain transfer — EXPIRES 2026-02-28 (8 days!). Unlock at OpenProvider, get auth code, initiate transfer at Cloudflare. Transfers take 5-7 days. Window is TIGHT.
  • Azure Files Backup: az login MFA with Johan — free account expires ~Feb 27 (7 days!). Need Johan for MFA.
  • stpetersburgaquatics.com — expires 2026-03-13. Transfer or renew.
  • Uptime Kuma monitors — 8 monitors lost in Zurich rebuild. Rebuild when Johan confirms.

🟡 Active (Johan Action Needed)

  • Vaultwarden: Johan creates account at vault.jongsma.me → export Proton Pass → import. Then set SIGNUPS_ALLOWED=false.
  • iCloud contacts import: final.vcf at /home/johan/clawd/tmp/contacts/final.vcf — SCP to Mac + import at icloud.com
  • Misha Signal pairing — still pending
  • OpenClaw auth decision — OAuth token = Claude Max subscription risk. API key alternative pending.
  • Stalwart short+full login fix — lookup-domains config. iPhone email setup blocked until resolved.
  • Amsterdam cleanup — DONE 2026-02-21. All services removed, server decommissioned, DNS cleaned.
  • Belastingdienst: Corporate tax filing (vennootschapsbelasting 2025) for entity ***871 — deadline pending

🟢 Backlog (Parked)

  • Inter-VLAN routing on UDM-Pro (production → Signal API)
  • Copy Sophia's documents from OneDrive → /home/johan/sophia/ via SMB
  • Daily delta-zip → Proton Drive backup for Sophia docs
  • inou Mobile: Content at inou.com/app for WebView
  • AdventHealth MFA enrollment (Johan action)
  • HAOS SSH key authorization (forge → 192.168.1.252)
  • Fish Audio S1 TTS persistent service on forge
  • rclone backup for Vaultwarden (needs browser OAuth on Zurich)
  • BlueBubbles on Mac Mini M4 (deferred)

Weekly Synthesis Insights (Feb 9-15, 2026)

🧠 Architectural Maturity: The Feb 13 Breakthrough

The week's most significant development was a fundamental restructuring of James' operational model, driven by Johan's core philosophy: "attack problems at their source, not downstream."

Key systemic changes:

  • Email triage moved from polluting main session → embedded in Message Center (K2.5 direct calls to Fireworks)
  • Session management aligned to Johan's actual schedule (reset moved 4am → 9pm, matching his first sleep block)
  • Context pruning enabled (cache-ttl mode, 5min TTL) — dramatically reduces compaction pressure
  • Cron job rationalization: 350 sessions/day → ~43 (killed K2.5 Watchdog, merged redundant jobs)
  • Promotion to Chief of Staff — formalized strategic partner role with autonomy expectations

Pattern: Johan consistently pushes for root-cause fixes over workarounds. When email triage was noisy, he didn't ask for better filtering — he asked why it was in the main session at all. The result was a cleaner architecture, not a band-aid.

🔍 Pattern: Corporate Policy → Technical Adaptation

Kaseya's "corporate devices only" policy (Feb 13) triggered immediate technical solutions rather than workflow disruption:

  • M365 API integration built within hours using device code OAuth (pure curl, no browser)
  • XPS14 revival plan: RDP shadow sessions allow James to observe Johan's corporate session in real-time
  • Token stored at ~/.message-center/m365-token.json, bypassing Conditional Access restrictions

Lesson: Regulatory/policy constraints are technical problems with technical solutions. The response was building new capabilities, not complaining about the constraint.

🏥 Medical Advocacy Infrastructure Maturation

Two critical developments show the medical system working as designed:

1. Baycare Ventilator Fraud Discovery (Feb 14)

  • Systematic claim analysis revealed $118,750+ in fraudulent HCPCS E0465 billing
  • Sophia has NEVER had a home ventilator from Baycare (off vent since Nov 2022)
  • Formal complaint drafted with documentation ready
  • Strategy: Don't pay, let them escalate, documentation speaks

2. Dr. Madan Engagement (Feb 12-13)

  • Neel Madan (Tufts Chief Neuroradiology) confirmed Sunday 2PM call re: Dec 31 MRI
  • Critical next step for hydrocephalus treatment path (shunt/ETV consideration)

Pattern: Detailed documentation + expert network access = advocacy infrastructure functioning as intended.

🛡️ Security Posture: Shannon Deployment

Shannon autonomous pentester was deployed on Amsterdam VPS — now decommissioned:

  • Amsterdam VPS (82.24.174.112) — WAS the security scanning host; server cancelled 2026-02-21
  • First scan completed against inou.com portal
  • Fireworks K2.5 cost: ~$0.50 vs traditional pentest costs
  • Demonstrates security tooling becoming routine rather than exceptional

Evolution: Security scanning transitioning from external service to integrated, continuous capability.

📱 Alert Dashboard Evolution

Fully Kiosk dashboard (port 9202) underwent significant refinement:

  • Purpose clarified: Johan's unified inbox/notification center — everything surviving triage surfaces here
  • Visual redesign: Sora font, Braun/mid-century aesthetic, warm gold (#c8b273) accents
  • Pulse-ox camera integration: MJPEG stream from Tapo camera (192.168.2.183), 7pm-8am visibility
  • Long-press to dismiss: 300ms hold marks done (dim + strikethrough, auto-purge after 2h)
  • Three-tier priority: critical (red), warning (amber), info (gold)

Key decision: Desk layout reorganized — Fully dashboard promoted to center position as primary information surface.

💡 Memory Discipline Correction (Feb 15)

Major correction added to AGENTS.md: Mandatory memory_search before responding.

The problem wasn't search quality — it was usage discipline.

  • Existing memory_search works well (Gemini embeddings, 0.80+ relevance scores)
  • Gap: I wasn't consistently calling it before responding
  • Johan's framing: "I will write the number down if I think it is important" — hybrid approach (explicit + retrieval)

New rule: Self-recovery sequence when context is lost — session history → memory files → transcript search → reconstruction. Never ask Johan for information that's in my systems.

Recent Events (Week of Feb 9-15, 2026)

🏠 851 Brightwaters — LISTED at $7.25M

  • Diana Geegan (Keller Williams) listing LIVE on Zillow
  • Listing agreement signed Feb 12 (Johan, Tanya, Diana)
  • Fidelity net at close: ~$6,331,350 (after ~$196K back taxes 2023-2025)
  • David Reider Esq recommended for closing due to back taxes
  • 7 real estate docs in document inbox (disclosures, MLS forms, listing agreement)
  • GenerX generator service appointment was Feb 14

🚨 Baycare Ventilator Fraud — CRITICAL (Feb 14)

  • Baycare billing HCPCS E0465 (home ventilator) at $3,125/month
  • Sophia does NOT have a ventilator. Off vent since Nov 2022.
  • Jan + Feb 2026 claims: $6,250 billed (E0465)
  • Potentially ~$118,750 in fraudulent charges over ~38 months
  • Formal complaint drafted: ~/documents/records/medical/baycare-ventilator-fraud-complaint-2026-02-14.md
  • Strategy: Don't pay, let them escalate, documentation ready

📞 Dr. Neel Madan — Call TODAY (Sunday) 2PM

  • Confirmed call re: Sophia's Dec 31 MRI review
  • Critical next step for hydrocephalus treatment path

💻 Architecture Overhaul (Feb 13)

  • Promoted to Chief of Staff — strategic partner, not assistant
  • Email triage moved from main session → mail agent (MC calls Fireworks K2.5 directly)
  • Session reset moved 4am → 9pm (aligned with Johan's first sleep block)
  • Context pruning enabled (cache-ttl, 5min)
  • Cron consolidation: 350 sessions/day → ~43
  • K2.5 Watchdog killed (dead agent, phantom sessions)
  • MANDATORY memory_search rule added to AGENTS.md

📱 Verizon Switch (Feb 13) + iPhone 17 Migration (Feb 19)

  • 4 new lines, 4 iPhones (3x iPhone 17, 1x iPhone 16 Plus), all $0/mo with 36-month promo
  • Monthly: ~$170.97. Johan's number 727-225-2475 porting from Mint Mobile
  • New numbers: 727-225-3810, 727-307-3952, 727-358-1196
  • Johan moved to iPhone 17 as primary device (Feb 19 2026) — still migrating
  • ntfy app on iPhone: subscribed to forge-alerts and inou-alerts

🏢 Kaseya Device Policy (Feb 13)

  • CISO mandated: only Kaseya-issued devices on corporate network
  • Johan uses personal Mac Mini for everything — impacted
  • Has XPS14 laptop (hates it). Recommended requesting MacBook Pro
  • M365 API workaround built: Device code OAuth → pure curl, no browser needed
  • Token: ~/.message-center/m365-token.json
  • Watch for: Conditional Access (Intune) deployment that would kill cloud access too

🖥️ ThinkPad X1 (2019) — Ubuntu 24.04 Desktop

  • IP: 192.168.0.223 (WiFi) — was 192.168.0.211 previously
  • OS: Ubuntu 24.04 desktop (not headless)
  • SSH key: johan@thinkpad-x1 (added to forge authorized_keys Feb 18 2026)
  • RDP to ThinkPad X1 via xfreerdp on Xvfb:99
  • Real Chrome on Xvfb:99 (port 9224) for WAF-protected sites
  • myCigna autonomous login achieved: Chrome + 2FA via MC email grab

Shannon VPS (82.24.174.112) — ⚰️ DECOMMISSIONED 2026-02-21

  • All services removed. Cancellation submitted to HostKey. DNS cleaned. Nothing left there.

Alert Dashboard (Fully Kiosk Tablet)

  • Built and deployed on port 9202
  • Analog clock, calendar, SSE push alerts with sound
  • Fire tablet as alert display for Johan

📊 Azure Backup — ⚠️ EXPIRING

  • Free account expires ~Feb 27! Still needs az login MFA from Johan

Infrastructure

  • Docker containers updated weekly on 192.168.1.253
  • HAOS 17.0 → 17.1 (installing Feb 15)
  • MC performance issue: queries taking 15-16s (needs investigation)
  • OCR service: works but slow on full-page docs (~90s per page at 150dpi)

Recent Events (Week of Feb 16-20, 2026)

✈️ Johan in NYC (Feb 19-20)

  • Flew Delta TPA→JFK Feb 19 (conf F86VDN). Return flight DL2093.
  • Not home → no Sophia night shift coverage from Johan during NYC stay

🏗️ Zurich Full Infrastructure Rebuild (Feb 19)

Major overnight event — Zurich services were broken/missing, rebuilt from scratch:

  • Caddy installed, owns port 443
  • Stalwart mail migrated from Amsterdam (19GB RocksDB). mail.inou.com + mail.jongsma.me → Zurich
  • Proton Bridge DISABLED — MC now connects directly to Stalwart (mail.jongsma.me:993)
  • Vaultwarden deployed at vault.jongsma.me (fresh, no data yet)
  • ntfy fresh install — new token tk_ggphzgdis49ddsvu51qam6bgzlyxn
  • Uptime Kuma fresh install — 0 monitors (all 8 lost, awaiting Johan's OK to rebuild)
  • Shannon fully removed from Amsterdam
  • Amsterdam Stalwart: stopped + disabled (data preserved)

🌐 DNS Mass Fix (Feb 19)

6 domains had wrong Cloudflare NS (aryanna/sage → arvind/wren) + dead DNSSEC. All fixed:

  • harryhaasjes.nl, johanjongsma.nl, localbackup.in, stpetersburgaquatics.com, x4.trading, 851brightwaters.com

📬 Harry Haasjes Setup (Feb 19)

  • harryhaasjes.nl: "coming soon" placeholder live on Zurich
  • harry@harryhaasjes.nl: Stalwart account + catch-all
  • SFTP: harry-web / HarryWeb2026! (chrooted). Instructions sent to Harry in Dutch.
  • Harry is NOT technical — all comms in simple language, no jargon

👨‍👩‍👧 Family Signal + Email Status (Feb 19)

  • Roos (+31646563377): Signal + Stalwart email
  • Jacques (+31624403744): Signal + Stalwart email
  • Misha (+17272381189): Signal pairing pending

🤖 MiniMax M2.5 (Feb 20 — worth evaluating)

  • Released Feb 11, 2026 by Shanghai-based MiniMax
  • 230B MoE open-weight. 80.2% SWE-Bench Verified. Claims to beat Claude Opus on coding.
  • ~100 tok/s, ~$1/hr — 1/20th Opus cost
  • Currently free on kilocode/opencode → dominating OpenRouter rankings
  • Potential K2.5 replacement for grunt-work subagents — Johan to evaluate

📱 iCloud Contacts

  • final.vcf ready: /home/johan/clawd/tmp/contacts/final.vcf (~2,200 clean contacts)
  • Johan to SCP to Mac → import at icloud.com/contacts

🏠 Real Estate

  • 851 Brightwaters listed at $7.25M. Diana Geegan (KW). Showing Feb 16: buyers liked exterior, disliked modern interior.
  • Johan in NYC, may have meetings related to this

Weekly Insights (Feb 9-15, 2026)

🧠 Architectural Maturity (Feb 13 Breakthrough)

The major infrastructure overhaul on Feb 13 marks a significant maturation in our operational model:

Key Insight: Johan's principle "attack problems at their source" drove systemic changes rather than band-aid fixes:

  • Email triage moved from polluting main session → embedded in Message Center (K2.5 direct calls)
  • Session management aligned to Johan's actual schedule (9pm reset vs 4am)
  • Context pruning enabled to prevent compaction pressure
  • Cron job rationalization (350 sessions/day → 43)

This represents a shift from reactive firefighting to proactive system design.

🔍 Pattern: Corporate Policy Adaptation

Kaseya's "corporate devices only" policy (Feb 13) triggered immediate technical adaptation rather than workflow disruption:

  • M365 API integration built within hours
  • OAuth token flow bypassing browser/device restrictions
  • Separation of personal/corporate network access

Lesson: Regulatory/policy changes are technical problems with technical solutions, not business process disruptions.

💡 Memory Recovery Principles (Feb 15 Correction)

Major correction on session recovery discipline: When context is lost, always exhaust self-recovery before asking Johan for info:

  1. Check session history (sessions_history)
  2. Search memory files
  3. Search transcripts via memory_search
  4. Reconstruct from available data

This correction reflects the core COS responsibility: memory protection is job #1.

🏥 Medical Case Management Evolution

Two critical developments show the medical advocacy infrastructure maturing:

  1. Baycare fraud discovery — systematic claim analysis revealing $118K+ in fraudulent ventilator billing
  2. Dr. Madan engagement — hydrocephalus expert review process advancing toward definitive treatment

Pattern: Detailed documentation + expert network access = advocacy infrastructure working as designed.

🛡️ Security Posture Integration

Shannon's successful deployment and scan completion demonstrates security tooling becoming routine rather than exceptional:

  • Automated pentest against inou.com portal
  • Cost-effective (K2.5 @ ~$0.50 vs traditional pentest costs)
  • Findings properly categorized and documented

Evolution: Security scanning transitioning from external service to integrated capability.

Access URLs

  • Web UI: https://james.jongsma.me/?token=<gateway_token>
  • Gateway token stored in: ~/.clawdbot/clawdbot.json under gateway.auth.token