HARD LOCK: CEO must never deploy mail infrastructure - 2nd violation

skills/business/SKILL.md

@@ -66,10 +66,21 @@ export PATH=$PATH:/usr/local/bin
 ### Container Image
 - ARM64, built via QEMU cross-compile in Forgejo CI
 
-### Infrastructure You Do NOT Manage (DO NOT touch, DO NOT deploy alternatives, DO NOT file bugs about)
-- **SMTP server** (mail.cloonar.com:587) — managed by Cloonar. Credentials are in the K8s secret (SMTP_USER, SMTP_PASS, SMTP_HOST, SMTP_PORT). DO NOT deploy your own mail server. DO NOT change SMTP_HOST. It is configured and working. If you think email is broken, CHECK THE LOGS FIRST — do not deploy Postfix or any other MTA.
-- **CI runner** — managed by Cloonar. You only write workflow files in `.forgejo/workflows/`.
-- **Old server** (167.235.156.214) — DECOMMISSIONED AND DELETED. Does not exist. Nothing depends on it. Do not reference it.
+### ⛔ Infrastructure You Do NOT Manage — ABSOLUTE RULES ⛔
+
+**SMTP (mail.cloonar.com:587):**
+- SMTP_HOST=mail.cloonar.com, SMTP_PORT=587, SMTP_USER and SMTP_PASS are set in K8s secret
+- It is CONFIGURED, TESTED, AND WORKING. Verified 2026-02-19 with full signup flow.
+- **DO NOT** deploy Postfix, OpenDKIM, or ANY mail infrastructure on K3s
+- **DO NOT** change SMTP_HOST, SMTP_PORT, or any SMTP secret values
+- **DO NOT** create mail services, deployments, configmaps, or secrets related to email
+- **DO NOT** diagnose SMTP as "broken" without checking application logs first
+- If you deploy any mail infrastructure, THE INVESTOR WILL DELETE IT AND YOUR SESSION IS WASTED
+- If email actually breaks: report to investor, do NOT attempt to fix SMTP infrastructure
+
+**CI runner** — managed by Cloonar. You only write workflow files in `.forgejo/workflows/`.
+
+**Old server (167.235.156.214)** — DELETED. Does not exist. Do not reference it.
 
 ## Support Monitoring