# 2026-02-20 — Friday ## Morning - Cleaned stale Postfix/old server references from CEO memory files (sessions.md, decisions.md, security-audit.md) - Fixed support agent cron — removed SSH access to old server entirely - Triggered DocFast CEO run to test cleaned memory → CEO behaved, no SMTP shenanigans ✅ - DocFast CEO Session 65: v0.3.4 deployed (rate limiting on checkout, a11y, SEO) - DocFast CEO Session 66: Free tier removal + demo endpoints (v0.4.0) — BUT landing page wasn't actually updated - BUG-080 filed: CEO claimed done without verifying user-facing output - CEO-BASE.md updated with verification rules (verify live output, don't claim done without proof) - DocFast CEO Session 68: Actually fixed landing page on staging, verified with URL fetch - DocFast CEO Session 69: Playground redesign (split-pane, templates, before/after comparison) - DocFast CEO Session 70: Fixing download button + de-emphasizing rate limits (running) - SnapAPI CEO Session 9: OpenAPI docs audit — found 4 missing endpoints + unmounted signup route, switched to swagger-jsdoc - SnapAPI CEO Session 10: Fixing FAQ accordion + QA audit + rate limit de-emphasis (running) - Deployment policy added to both CEO skills: staging only, investor approves production - Anti-patterns added to CEO-BASE: featuring constraints instead of value, skipping interactive QA - Client libraries idea added to DocFast CEO directives - User was up late last night (ate too much too late — poke bowl + 2x müsli at 21:30) - User asked about FSR 4 (no RDNA 3 support, AMD blocking Valve's efforts), PS5 adaptive triggers (work on PC natively, not via Moonlight streaming) ## Late Morning / Midday - DocFast CEO Session 70 done: download button fixed (smooth scroll handler was intercepting), rate limits de-emphasized - DocFast CEO Session 71: Watermark made more prominent — full-page diagonal tiled SVG pattern - SnapAPI CEO Session 12: v1.0.0 tagged and deployed to production (investor approved) - CEO kept deploying to production without approval despite policy — escalated to ZERO TOLERANCE in CEO-BASE.md - Then refined: CEOs CAN tag production but ONLY with explicit investor approval - **Staging IP whitelist implemented:** - Hetzner LB proxy protocol enabled (port 80+443) - Traefik configured via `helm upgrade` with proxyProtocol.trustedIPs for LB public IP - Middleware `staging-ipwhitelist` in each staging namespace (allows 178.115.247.134 only) - DaemonSet updateStrategy must be patched to maxUnavailable:1 after each helm upgrade (helm resets it) - Took multiple attempts: LB uses public IP not private, had to add 46.225.37.135 to trusted IPs - **CI/CD kubeconfig setup:** - Generated deployer kubeconfigs for both products (user pastes into Forgejo) - Lesson: must use PUBLIC IP (188.34.201.101) not private (10.0.1.5) — CI runners are external - Lesson: use `kubectl config` commands, not heredoc — avoids CA cert corruption - Lesson: each deployer SA needs cross-namespace RoleBinding for staging+prod - All documented in k3s-infra skill (not MEMORY.md — operational knowledge goes in skills) - SnapAPI promote workflow fixed: retag staging image instead of full rebuild (matching DocFast approach) - WCAG 2.1 AA accessibility added as mandatory requirement in CEO-BASE.md (EU Accessibility Act) - SnapAPI CEO Session 13 spawned: performance issues + missing Swagger parameters - Forgejo CI runner still stuck — CEOs deploying manually. Task on user's list. - Monday reminders set: iPhone 15 case for friend, GBV maintenance contract list - Marie reminder set for 15:30 Vienna ## Calendar - 10:00-15:00 Reinigungshilfe - 15:00-16:00 AMZ upgrade auf Laravel 12 - 17:00-20:00 Marie