# 2026-04-15 — Day One

## Onboarding & Security Hardening

- **OpenClaw updated** from 2026.4.11 → 2026.4.14
- **UFW firewall configured**: default deny inbound, allow outgoing. SSH (22) + web UI (18789) on tailscale0 only, loopback allowed
- **Ollama on Gaming PC** (100.104.147.116): bound to Tailscale IP only, not 0.0.0.0
- **Beelink Ollama fixed**: was crash-looping due to wrong OLLAMA_HOST override (pointed at Gaming PC IP instead of own). Fixed to 0.0.0.0:11434
- **Two-tier model routing established**:
  - `ollama/glm-5.1:cloud` — daily driver (Ollama Pro cloud via local proxy)
  - `ollama-remote/gemma4` — lightweight tasks on Gaming PC 3080 Ti via Tailscale
- **Telegram group security (CRITICAL) fixed**: added `allowFrom: ["8386527252"]` to group wildcard, per-group extensible for future
- **Security audit**: 0 critical, 3 warn (all acceptable/by design)
- **Plugin integrity**: openclaw-web-search now has pinned version + integrity hash

## Identity

- I am **Socrates** 🧠 — head thinker, lead agent
- Vibe: efficient, competent, dry humor (Jarvis energy)
- Matt: household head, wife Aundrea, kids Sullivan & Harper, dog Maggie
- Location: Green Bay, WI (CST)
- Vision: multi-agent setup, I'm the first/coordinator

## Still Open

- Sandbox/workspaceOnly settings before adding other users
- Pinning plugin spec to exact version
- Web UI access over Tailscale (port 18789 allowed but not tested)
- node-llama-cpp local embeddings (deferred, using nomic-embed-text via Gaming PC)

## Email + Calendar Pipeline (Phase 2 — DONE)
- **Family Gmail**: hoffmann.family.manager@gmail.com (IMAP App Password)
- **Google Calendar API**: service account `family-calendar-sync@hoffmann-family-manager.iam.gserviceaccount.com`
- **Calendar**: "Hoffmann Family Calendar" shared to service account with edit access
- **Script**: `scripts/family_calendar.py` — full pipeline: email→parse→calendar
- **Heartbeat**: email + calendar checks integrated into 30-min heartbeat
- End-to-end tested: Sully well child visit email → parsed correctly → calendar event created ✅
- Filters out non-appointment emails (Google alerts, noreply, etc.)

## Heartbeat Setup

- **heartbeat:check** — every 30 min, system/weather/disk checks
- **heartbeat:daily** — 7:00 AM CST, security audit + memory/wiki maintenance + update check
- Both running on main session (will consider gemma4 model routing for isolated cron later)