diff --git a/MEMORY.md b/MEMORY.md
index 0103489..d5a4025 100644
--- a/MEMORY.md
+++ b/MEMORY.md
@@ -30,6 +30,13 @@
 - **Note**: Deployment patches to system components (CoreDNS, CNPG operator) are runtime changes. Document in infra notes so they can be re-applied if needed.
 - **Note**: CNPG Pooler CRD supports `spec.template.spec.affinity` but requires `containers` field too (name+image of pgbouncer)
 
+## CI/CD Kubeconfig Lessons
+- **Always use the PUBLIC IP** (188.34.201.101:6443) in deployer kubeconfigs — CI runners run externally and can't reach private IPs (10.0.1.5)
+- **Kubeconfig for Forgejo must be base64-encoded** — the workflow does `base64 -d` before use
+- **Use `kubectl config` commands** to build kubeconfig (not heredoc interpolation) — avoids CA cert corruption
+- **Each deployer SA needs cross-namespace RoleBinding** — staging SA needs binding in prod namespace and vice versa
+- **Never read kubeconfig contents** — generate on k3s-mgr, base64 encode, scp to /tmp, let user paste into Forgejo
+
 ## Game Save Files
 - `memory/d2r.json` — Diablo II: Resurrected progress (Necro "Baltasar", Summoner build)
 - `memory/bg3.json` — Baldur's Gate 3 progress (Act 1, level 3)
diff --git a/memory/portfolio.json b/memory/portfolio.json
index b93c19f..48f7009 100644
--- a/memory/portfolio.json
+++ b/memory/portfolio.json
@@ -61,5 +61,11 @@
     "dailyPLpct": 2.29,
     "totalReturn": 6.59
   },
+  "middaySnapshot": {
+    "date": "2026-02-20",
+    "DFNS": 60.72,
+    "portfolioValue": 1079.87,
+    "totalReturn": 7.99
+  },
   "pendingActions": []
 }
diff --git a/memory/tasks.json b/memory/tasks.json
index 37076ce..7f4d9e5 100644
--- a/memory/tasks.json
+++ b/memory/tasks.json
@@ -53,20 +53,12 @@
       "priority": "soon",
       "context": "URL: https://snapapi.eu/v1/billing/webhook — Events: checkout.session.completed, customer.subscription.updated, customer.subscription.deleted, customer.updated"
     },
-    {
-      "id": "af9aa6d7",
-      "added": "2026-02-20",
-      "text": "SnapAPI: tag v0.4.4 for production",
-      "priority": "now",
-      "context": "Browser restart fix (BUG-007) — intermittent 503s in prod right now. Staggered restart + one-at-a-time guard.",
-      "lastNudged": "2026-02-20T11:19:48.788Z"
-    },
     {
       "id": "482054e4",
       "added": "2026-02-20",
       "text": "Check Forgejo CI runner — stuck/pending builds",
       "priority": "now",
-      "context": "Both DocFast and SnapAPI CI builds showing 'Waiting to run' or failing. Runner may need restart or reconfiguration."
+      "context": "Both DocFast and SnapAPI CI builds failing — no runner available. CEOs deploying manually every time. Blocks automated staging+prod deploys. Runner may need restart or reinstall on k3s cluster."
     }
   ]
 }