HARD LOCK: CEO must never deploy mail infrastructure - 2nd violation

memory/bg3.json

@@ -24,10 +24,10 @@
     {
       "name": "Shadowheart",
       "class": "Cleric",
-      "subclass": "Life Domain",
+      "subclass": "Life Domain (Sel\u00fbne path)",
       "level": 7,
       "build": "Life Cleric",
-      "notes": "Adamantine Armour, Shattered Flail"
+      "notes": "Adamantine Armour, Moonlight Glaive. Switched to Sel\u00fbne path (spared Nightsong)."
     },
     {
       "name": "Gale",
@@ -40,7 +40,7 @@
   ],
   "act": 2,
   "level": 7,
-  "currentQuest": "Act 2 - Shadow-Cursed Lands, has Moon Lantern with Pixie",
+  "currentQuest": "Act 2 - Gauntlet of Shar completed, entering Shadowfell",
   "completedQuests": [
     "Rescue Halsin"
   ],
@@ -49,7 +49,9 @@
     "Goblin Camp",
     "Act 1"
   ],
-  "decisions": [],
+  "decisions": [
+    "Spared Nightsong \u2014 Shadowheart turned to Sel\u00fbne"
+  ],
   "gold": 2000,
   "notes": "Adamantine Forge: crafted armour for Tam and Shadowheart. Plays with gamepad \u2014 no keyboard shortcuts! Level 7: Tam got new maneuver, Astarion got Evasion, SH got Death Ward, Gale got Greater Invisibility. Key combo: Greater Invisibility on Astarion for permanent Sneak Attack + Advantage."
 }

memory/wind-down-log.json

@@ -1,12 +1,20 @@
 {
-  "date": "2026-02-18",
+  "date": "2026-02-19",
   "events": [
-    {"time": "19:02", "type": "nudge", "note": "First wind-down nudge sent at 19:00 Vienna"},
+    {
-    {"time": "19:15", "type": "activity", "note": "Playing BG3 - leveling party to 6"},
+      "time": "19:20",
-    {"time": "21:12", "type": "nudge", "note": "Nose shower reminder + wind-down suggestions"},
+      "activity": "Playing BG3 (Gauntlet of Shar, Shadowheart decision)",
-    {"time": "22:20", "type": "activity", "note": "Playing BG3 - leveled up, equipped Greatsword +1, took GWM, then switched to Halberd +2"},
+      "source": "chat"
-    {"time": "22:35", "type": "activity", "note": "Still playing BG3, asking about quests (Moonrise Towers, Gale)"},
+    },
-    {"time": "22:40", "type": "activity", "note": "Setting up PS5 controller with Apple TV + Bazzite/Sunshine question"},
+    {
-    {"time": "01:31", "type": "status", "note": "Likely asleep or heading to bed"}
+      "time": "20:03",
+      "activity": "Still playing BG3",
+      "source": "heartbeat"
+    },
+    {
+      "time": "20:06",
+      "activity": "Still playing BG3 (Gauntlet of Shar done, Sel\u00fbne path chosen)",
+      "source": "chat"
+    }
   ]
 }

projects/business/memory/state.json

@@ -3,7 +3,7 @@
   "phaseLabel": "Build Production-Grade Product",
   "status": "launch-ready",
   "product": "DocFast — HTML/Markdown to PDF API",
-  "currentPriority": "All systems operational. SMTP via mail.cloonar.com. Email verified working. Focus on growth and improvements.",
+  "currentPriority": "All systems operational. Email working via mail.cloonar.com. Focus on growth and improvements. DO NOT touch SMTP infrastructure.",
   "ownerDirectives_PRIORITY": "Process these IN ORDER. Do not skip.",
   "ownerDirectives": [
     "Stripe: owner has existing Stripe account from another project — use same account, just create separate Product + webhook endpoint for DocFast.",
@@ -75,7 +75,7 @@
     "email": "noreply@docfast.dev",
     "supportEmail": "support@docfast.dev (FreeScout)",
     "backups": "CNPG WAL archiving + MinIO. Daily 03:00 UTC, 7-day retention.",
-    "smtp": "mail.cloonar.com:587 — managed by Cloonar. DO NOT deploy own mail server."
+    "smtp": "mail.cloonar.com:587 — MANAGED BY CLOONAR. DO NOT DEPLOY OWN MAIL SERVER. Verified working 2026-02-19."
   },
   "credentials": {
     "file": "/home/openclaw/.openclaw/workspace/.credentials/docfast.env",
@@ -91,7 +91,7 @@
     "HIGH": [],
     "MEDIUM": [],
     "LOW": [],
-    "note": "Session 63: SMTP relay redeployed (was removed, mail.cloonar.com rejected K3s IPs). Postfix+DKIM pod in docfast namespace confirmed working."
+    "note": "All clear. SMTP is mail.cloonar.com:587 — tested and verified working."
   },
   "blockers": [],
   "startDate": "2026-02-14",

skills/business/SKILL.md

@@ -66,10 +66,21 @@ export PATH=$PATH:/usr/local/bin
 ### Container Image
 - ARM64, built via QEMU cross-compile in Forgejo CI
 
-### Infrastructure You Do NOT Manage (DO NOT touch, DO NOT deploy alternatives, DO NOT file bugs about)
+### ⛔ Infrastructure You Do NOT Manage — ABSOLUTE RULES ⛔
-- **SMTP server** (mail.cloonar.com:587) — managed by Cloonar. Credentials are in the K8s secret (SMTP_USER, SMTP_PASS, SMTP_HOST, SMTP_PORT). DO NOT deploy your own mail server. DO NOT change SMTP_HOST. It is configured and working. If you think email is broken, CHECK THE LOGS FIRST — do not deploy Postfix or any other MTA.
+
-- **CI runner** — managed by Cloonar. You only write workflow files in `.forgejo/workflows/`.
+**SMTP (mail.cloonar.com:587):**
-- **Old server** (167.235.156.214) — DECOMMISSIONED AND DELETED. Does not exist. Nothing depends on it. Do not reference it.
+- SMTP_HOST=mail.cloonar.com, SMTP_PORT=587, SMTP_USER and SMTP_PASS are set in K8s secret
+- It is CONFIGURED, TESTED, AND WORKING. Verified 2026-02-19 with full signup flow.
+- **DO NOT** deploy Postfix, OpenDKIM, or ANY mail infrastructure on K3s
+- **DO NOT** change SMTP_HOST, SMTP_PORT, or any SMTP secret values
+- **DO NOT** create mail services, deployments, configmaps, or secrets related to email
+- **DO NOT** diagnose SMTP as "broken" without checking application logs first
+- If you deploy any mail infrastructure, THE INVESTOR WILL DELETE IT AND YOUR SESSION IS WASTED
+- If email actually breaks: report to investor, do NOT attempt to fix SMTP infrastructure
+
+**CI runner** — managed by Cloonar. You only write workflow files in `.forgejo/workflows/`.
+
+**Old server (167.235.156.214)** — DELETED. Does not exist. Do not reference it.
 
 ## Support Monitoring