SESSION HANDOFF — 2026-06-25 ~00:30 (read this first in the fresh session)
Marathon session (cameras → comms → Cloudflare → a secret-deploy disaster). Claude degraded; Sam moved to a fresh session. Here's exactly what's frozen, broken, and open.
🚫 FROZEN / DO-NOT-TOUCH-BLIND
- ops-api is FROZEN on version
8523bfaf. A plainwrangler deploySTRANDS ALL 30 secrets (broke prod TWICE tonight, recovered viawrangler rollback 8523bfaf...). Do NOT deploy ops-api until the secret-inheritance issue is solved → that's thecloudflare-deploy-safeskill (queue card). The Hospitable endpoint (/hospitable/properties|reservations) is IN the code (commit 0962ffe) but NOT deployed.
🔴 BROKEN (found, not yet fixed)
- Camera portal tile is DOWN (go2rtc on Sam's PC needs a restart; the whole thing is PC-tied via go2rtc — a stopgap Sam dislikes).
- Bot voice pipeline breaks on LONG notes:
command-inbox/Code.js:372JSON.parses an empty body when/voice/transcribetimes out → dumps a rawSyntaxErrorat Sam. Fix = guard the parse + clean message (isolated bot change, clasp-deploy, LOW risk — safe to do). - Bot auto-assembly MISREADS cross-person actors. Real example: Chanie said her parents will get Sam's mother a platter for the yahrzeit and Chanie will pick it up from Gourmet. The assembler wrote "YOUR parents / YOU pick up" (card #515) — collapsed everyone into "you." Sender-tag is right; in-message actor roles are wrong. Fix the assembler prompt to preserve actor roles on third-party captures.
🧠 LESSONS THIS SESSION (honor these)
- EVIDENCE DISCIPLINE. Claude invented a "Hikvision firmware killed the web service" theory, wrote it into memory as "CONFIRMED," and put a FABRICATED citation in a code comment. The 15-agent forensic REFUTED it. The original portal cameras were PC-FREE (Worker →
http://d6468120.eero.online:8500→ NVR ISAPI digest, verified June 2). The outage was Sam's OWN security hardening (move web off 8500 + HTTPS + lockout, per the 6/1 audit) + closing the eero port-forward — NOT firmware, NOT No-IP. The PC-free path is RESTORABLE (dormantnvrFetch()still in ops-api). Research/verify BEFORE asserting; never write "confirmed" on the unverified.
📋 OPEN — the 3 clean sessions (do in order, START with #1)
- 🔴 MONEY TRUTH (no deploy risk, real dollars, self-contained): cash-on-hand — 5609 stale ($1,588 shown vs ~$1,050, pendings ignored); labels (Shellpoint=9332, Selene=9312, Fifth Third ≠ HELOC, US Alliance = HELOC); separate banks/cards/trading; kill phantom $0 accounts; Affirm. See
docs/PORTAL_PUNCHLIST.md. - THE 3 PORTALS: Mildred (stale "good evening/smart devices" block, dead property links, empty bills), Chanie (obligations defaults to month not 7-days), comms UI not upgraded for wife/Mildred.
- UNTETHER: camera PC-free restore (security tradeoff to decide) + unified capture / WhatsApp iOS-Shortcut→inbox (the Achilles heel) + the brain-on-PC question.
Also open: ~25-item docs/PORTAL_PUNCHLIST.md, 15 GitHub issues, CF cleanup (NVR_USE typo + 2 empty workers, docs/CLOUDFLARE_INVENTORY.md).
Recommended first fresh session: MONEY TRUTH (highest value, zero deploy risk) — or the two bot fixes (voice + actor-comprehension; both isolated/low-risk).