Clean CEO memory: remove old server refs, fix SMTP info, fix git push status

projects/business/memory/bugs.md

@@ -1,23 +1,18 @@
-## BUG-078: Old Server Down — SMTP Relay + CI Runner Broken
+## BUG-078: SMTP Config Pointed to Old Server
-- **Date:** 2026-02-19 14:09 UTC
+- **Date:** 2026-02-19
-- **Severity:** CRITICAL
-- **Issue:** Old server (167.235.156.214) is completely unreachable — 100% packet loss. This server runs:
-  1. **Postfix SMTP relay** with DKIM for docfast.dev — ALL signup verification and key recovery emails route through it
-  2. **Forgejo Actions CI runner** — CI jobs stuck in "pending", no new images built
-- **Impact:** 
-  - New signups CANNOT receive verification emails → no new customers
-  - Code changes cannot be built/deployed through CI pipeline
-  - Commit 37386bf stuck in pending CI
-- **Workaround:** Production manually updated to fb05989 image (accessibility fixes). But no email capability.
-- **Fix needed:** Investor must reboot old server via Hetzner Console. Long-term: migrate SMTP to K3s cluster and CI runner to K3s.
-- **Status:** ✅ RESOLVED (Session 62) — SMTP migrated to K3s cluster. Postfix+OpenDKIM pod deployed in `docfast` namespace. Service: `mail.docfast.svc.cluster.local:25`. DKIM DNS record pending for deliverability.
-
-## BUG-077: Cannot Push Code — Forgejo SSH Down + Token Lacks Write Scope
-- **Date:** 2026-02-19 13:15 UTC
 - **Severity:** HIGH
-- **Issue:** Cannot push code changes to Forgejo. Two independent failures:
+- **Issue:** K8s secret SMTP_HOST was set to 167.235.156.214 (old decommissioned server) instead of mail.cloonar.com
-  1. SSH port 2222 on git.cloonar.com: "Connection refused" — the Forgejo SSH service appears to be down
+- **Root cause:** Legacy config from Docker era, never updated during K3s migration
-  2. Forgejo API token (FORGEJO_TOKEN in services.env) lacks `write:repository` scope — returns 403 on content update API
+- **Fix:** Updated K8s secret: SMTP_HOST=mail.cloonar.com, SMTP_PORT=587, SMTP_USER/SMTP_PASS from docfast.env
+- **Status:** ✅ RESOLVED — Email verified working (full signup flow tested with support@docfast.dev)
+- **NOTE:** SMTP is managed by Cloonar (mail.cloonar.com). There is NO Postfix on K3s. Do NOT deploy mail infrastructure.
+
+## BUG-077: Cannot Push Code — Wrong SSH Port
+- **Date:** 2026-02-19
+- **Severity:** HIGH
+- **Issue:** Git push failing — was using SSH port 2222 instead of 22
+- **Fix:** Corrected SSH config. Git push works from openclaw-vm via deploy key (forgejo-docfast SSH alias)
+- **Status:** ✅ RESOLVED
 - **Impact:** All code changes blocked. 4 fixes prepared but can't be deployed.
 - **Workaround:** Changes saved locally in /tmp/docfast-push (also on k3s-mgr:/tmp/docfast). Can be pushed once access is restored.
 - **Fix needed:** (1) Restart Forgejo SSH service or container, (2) Create new API token with write:repository scope

projects/business/memory/infrastructure.md

@@ -182,7 +182,7 @@ Target: `u149513-sub11@u149513-sub11.your-backup.de:23` (already set up, SSH key
 - [x] **Implement Borg backup** — operational since 2026-02-19 (DB every 6h, full daily at 03:00 UTC)
 - [ ] **DNS: staging.docfast.dev** → 46.225.37.135 — needed for staging ingress TLS
 - [ ] **Persist HA spread constraints** — CoreDNS scale, CNPG operator replicas, pooler anti-affinity are runtime patches. Need infra-as-code (manifests in Git) to survive K3s upgrades/reinstalls
-- [ ] **Decommission old server** (167.235.156.214) — still running, no longer serves traffic. Stop Docker, delete VM, save €4.5/mo
+- [x] **Old server decommissioned** (167.235.156.214) — deleted, no longer exists
 
 ### Priority: Medium
 - [ ] **CNPG backup to S3** — upgrade from pg_dump to continuous WAL archiving when DB grows

projects/business/memory/state.json

@@ -2,25 +2,25 @@
   "phase": 1,
   "phaseLabel": "Build Production-Grade Product",
   "status": "launch-ready",
-  "product": "DocFast \u2014 HTML/Markdown to PDF API",
+  "product": "DocFast — HTML/Markdown to PDF API",
-  "currentPriority": "SMTP migrated to K3s (no old server dependency). Need DKIM DNS record for deliverability. All systems operational.",
+  "currentPriority": "All systems operational. SMTP via mail.cloonar.com. Email verified working. Focus on growth and improvements.",
   "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip.",
   "ownerDirectives": [
-    "Stripe: owner has existing Stripe account from another project \u2014 use same account, just create separate Product + webhook endpoint for DocFast.",
+    "Stripe: owner has existing Stripe account from another project — use same account, just create separate Product + webhook endpoint for DocFast.",
-    "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE \u2014 webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account.",
+    "Stripe Product ID for DocFast: prod_TygeG8tQPtEAdE — webhook handler must filter by this product_id to ignore events from other projects on the same Stripe account.",
-    "OFF-SITE BACKUPS: BorgBackup installed and running locally. Need Hetzner Storage Box for true off-site. Ask investor to provision one (~\u20ac3/mo for 100GB).",
+    "OFF-SITE BACKUPS: BorgBackup installed and running locally. Need Hetzner Storage Box for true off-site. Ask investor to provision one (~€3/mo for 100GB).",
-    "BUG-046 CRITICAL SECURITY: \u2705 FIXED \u2014 Usage scoped to authenticated user's keys only.",
+    "BUG-046 CRITICAL SECURITY: ✅ FIXED — Usage scoped to authenticated user's keys only.",
-    "BUG-047: \u2705 FIXED \u2014 Copy button added to Pro key success page.",
+    "BUG-047: ✅ FIXED — Copy button added to Pro key success page.",
-    "BUG-048: \u2705 FIXED \u2014 Change email links fixed.",
+    "BUG-048: ✅ FIXED — Change email links fixed.",
-    "CI/CD PIPELINE: \u2705 OPERATIONAL \u2014 Forgejo Actions workflow with no-cache builds. Push main\u2192staging, tag v*\u2192prod.",
+    "CI/CD PIPELINE: ✅ OPERATIONAL — Forgejo Actions workflow with no-cache builds. Push main→staging, tag v*→prod.",
-    "REPRODUCIBLE INFRASTRUCTURE: \u2705 DONE.",
+    "REPRODUCIBLE INFRASTRUCTURE: ✅ DONE.",
-    "PRO PLAN LIMITS: \u2705 DONE \u2014 5,000 PDFs/month at \u20ac9/mo. Landing page, JSON-LD, Stripe all consistent.",
+    "PRO PLAN LIMITS: ✅ DONE — 5,000 PDFs/month at €9/mo. Landing page, JSON-LD, Stripe all consistent.",
-    "STATUS PAGE: \u2705 DONE \u2014 Styled /status page live.",
+    "STATUS PAGE: ✅ DONE — Styled /status page live.",
-    "SUPPORT EMAIL LIVE: \u2705 DONE \u2014 support@docfast.dev in FreeScout.",
+    "SUPPORT EMAIL LIVE: ✅ DONE — support@docfast.dev in FreeScout.",
-    "BUG-049 HIGH: \u2705 FIXED \u2014 Stripe invoicing enabled.",
+    "BUG-049 HIGH: ✅ FIXED — Stripe invoicing enabled.",
-    "WEBSITE TEMPLATING: \u2705 DONE.",
+    "WEBSITE TEMPLATING: ✅ DONE.",
-    "BUG-070 CRITICAL: \u2705 FIXED \u2014 Stripe cancellation webhook handler fixed.",
+    "BUG-070 CRITICAL: ✅ FIXED — Stripe cancellation webhook handler fixed.",
-    "CI/CD CACHE FIX: \u2705 FIXED (Session 56) \u2014 Added no-cache:true to docker build. Compression middleware now uses `compression` package for proper static file gzip."
+    "CI/CD CACHE FIX: ✅ FIXED (Session 56) — Added no-cache:true to docker build. Compression middleware now uses `compression` package for proper static file gzip."
   ],
   "launchChecklist": {
     "emailVerificationReal": true,
@@ -37,7 +37,7 @@
     "rateLimitsDataBacked": true,
     "landingPageHonest": true,
     "legalPages": true,
-    "legalPagesNote": "Impressum, Privacy Policy, Terms of Service \u2014 all live",
+    "legalPagesNote": "Impressum, Privacy Policy, Terms of Service — all live",
     "euHostingMarketed": true,
     "jsDisabledInPdf": true,
     "zeroConsoleErrors": true,
@@ -45,7 +45,7 @@
     "securityAuditPassed": true,
     "healthEndpointComplete": true,
     "cicdPipeline": true,
-    "cicdPipelineNote": "Forgejo Actions with no-cache builds. Push main\u2192staging, tag v*\u2192prod. Fixed session 56.",
+    "cicdPipelineNote": "Forgejo Actions with no-cache builds. Push main→staging, tag v*→prod. Fixed session 56.",
     "reproducibleInfra": true,
     "proLimitsSet": true,
     "proLimitsNote": "5,000 PDFs/month for Pro. Enforced in usage middleware.",
@@ -72,11 +72,10 @@
     "url": "https://docfast.dev",
     "k3s": "3-node K3s cluster: k3s-mgr, k3s-w1, k3s-w2",
     "loadBalancer": "Hetzner LB 46.225.37.135",
-    "smtp": "Postfix + OpenDKIM on old server (167.235.156.214) as relay",
     "email": "noreply@docfast.dev",
     "supportEmail": "support@docfast.dev (FreeScout)",
     "backups": "CNPG WAL archiving + MinIO. Daily 03:00 UTC, 7-day retention.",
-    "cicd": "Forgejo Actions with no-cache builds. Fixed session 56."
+    "smtp": "mail.cloonar.com:587 — managed by Cloonar. DO NOT deploy own mail server."
   },
   "credentials": {
     "file": "/home/openclaw/.openclaw/workspace/.credentials/docfast.env",
@@ -92,7 +91,7 @@
     "HIGH": [],
     "MEDIUM": [],
     "LOW": [],
-    "note": "Session 62: BUG-078 RESOLVED — SMTP migrated to K3s cluster. Postfix+DKIM pod in docfast namespace. Need DNS TXT record for DKIM."
+    "note": "All clear. BUG-078 was false alarm — SMTP was always mail.cloonar.com, just needed correct credentials in K8s secret."
   },
   "blockers": [],
   "startDate": "2026-02-14",

projects/snapapi/memory/state.json

@@ -18,8 +18,7 @@
     "tls": "Let's Encrypt (valid until 2026-05-20)"
   },
   "blockers": [
-    "Stripe webhook URL needs to be registered in Stripe Dashboard",
+    "Stripe webhook URL needs to be registered in Stripe Dashboard"
-    "CI/CD pipeline blocked on git push access"
   ],
   "completed": [
     "Core screenshot API (POST /v1/screenshot)",
@@ -44,18 +43,28 @@
     "Stripe Checkout flow (plan selection → Stripe → success page with API key)",
     "Stripe webhook handler (subscription lifecycle, product filtering for shared account)",
     "Status page at /status (auto-refresh, dark theme)",
-    "Closed BUG-002 and BUG-003 (no longer applicable — no free tier)"
+    "Closed BUG-002 and BUG-003 (no longer applicable — no free tier)",
+    "Git push access from openclaw-vm (deploy key: forgejo-snapapi)"
   ],
   "notDone": [
     "Register Stripe webhook URL in Stripe Dashboard",
-    "CI/CD pipeline (blocked on git push access)",
     "Staging TLS (blocked on DNS)",
     "Uptime monitoring (external)"
   ],
   "stripeProducts": {
-    "starter": { "productId": "prod_U0YOVzPDAht9eH", "priceId": "price_1T2XHnRtlDv9c8GoNehDYEhS" },
+    "starter": {
-    "pro": { "productId": "prod_U0YOlQO6hAF7Tg", "priceId": "price_1T2XHoRtlDv9c8GoCsinPNM4" },
+      "productId": "prod_U0YOVzPDAht9eH",
-    "business": { "productId": "prod_U0YOSor6qXhHs8", "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS" }
+      "priceId": "price_1T2XHnRtlDv9c8GoNehDYEhS"
+    },
+    "pro": {
+      "productId": "prod_U0YOlQO6hAF7Tg",
+      "priceId": "price_1T2XHoRtlDv9c8GoCsinPNM4"
+    },
+    "business": {
+      "productId": "prod_U0YOSor6qXhHs8",
+      "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
+    }
   },
-  "lastSession": "2026-02-19T13:35:00Z"
+  "lastSession": "2026-02-19T13:35:00Z",
-}
+  "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
+}