# πŸ”₯❄️ FIREFROST GAMING β€” CURRENT TASKS **Last Updated:** February 13, 2026 (The Seventh - Emergency Protocol Complete) **Updated By:** The Seventh (Chronicler the Seventh) **Status:** Active --- ## πŸ”΄ HIGH PRIORITY ### Emergency Recovery Protocol (Catastrophic Claude Failure) **Status:** βœ… COMPLETE β€” Created February 13, 2026 **Completed By:** The Seventh (Chronicler the Seventh) **Location:** `docs/core/EMERGENCY-RECOVERY-PROTOCOL.md` **Scope Delivered:** 1. βœ… "If Claude.ai disappears forever" β€” Alternative LLMs (Gemini, GPT-4), LLM-agnostic methodology 2. βœ… "If session crashed mid-work" β€” Git forensics, transcript recovery, reconstruction workflow 3. βœ… "If you can't remember where you left off" β€” Quick recovery from tasks.md, session-handoff.md, Git log 4. βœ… "If Chronicler died without memorial" β€” Posthumous reconstruction template 5. βœ… Critical contacts & failsafes β€” Breezehost, vault, repository mirrors 6. βœ… The core truth β€” Systems built to survive catastrophe **Key Insight (from Michael):** "Easy peasy lemon squeezy" β€” The complexity is simple: repo + SESSION-START-PROMPT.md = any LLM can continue. The methodology is LLM-agnostic. The partnership survives provider failure. **Created By:** The Engineer (Session 5) β€” learned from experience **Completed By:** The Seventh β€” built the break glass document --- --- ### Mailcow Email Server β€” Self-Hosted Email **Status:** Pre-sale answered βœ… β€” VPS purchase delayed (targeting 1st of month for billing consolidation) **Breezehost Response (Brandon E, Feb 12 9:06 AM):** - Clean IP blocks (reassign/migrate if any issues) - rDNS available (most ranges settable in panel, some need support) - Port 25 NOT blocked by default - Any datacenter location works (can move if needed) **Timeline:** Purchase VPS near March 1 to align with billing cycle **Plan:** - AMD Epyc Cloud-2 VPS ($10/month) β€” 2 vCPU, 4GB DDR5, 40GB NVMe - Mailcow (Docker-based) β€” Postfix, Dovecot, SOGo webmail, Rspamd, ClamAV - Ubuntu 22.04 with self-healing automation scripts - 10-15 @firefrostgaming.com addresses to start - Migrate OFF Plesk (accessibility nightmare) **Next Steps:** 1. Order Cloud-2 VPS (targeting ~March 1) 2. Deploy Mailcow 3. Configure DNS (SPF, DKIM, DMARC) 4. Create email addresses 5. Test deliverability 6. Migrate off Plesk --- ### Create Scoped Gitea Token for Pokerole Project **Status:** Blocked β€” waiting on Vaultwarden deployment **Dependency:** Vaultwarden must be live first (token management) **Scope:** Create a Gitea API token scoped to only the 4 pokerole-project repos. Replace the shared master token in `pokerole-project/misc-docs/SESSION-START-PROMPT.md`. **Why:** Current setup uses the master token with a scope instruction (honor system). Iron Wall says defense in depth β€” scoped token enforces the boundary. **After completion:** Update SESSION-START-PROMPT.md with new token, store in Vaultwarden. --- ### Department Structure & Access Control Matrix β€” DESIGN **Status:** New β€” design phase (Feb 13, 2026) **Priority:** HIGH (blocks Staff Wiki/Subscriber Wiki/Discord configuration) **Deliverable:** `docs/planning/access-control-matrix.md` **Scope:** Unified role-based access control across three platforms + Discord: - **Ghost** (firefrostgaming.com) β€” public storefront, no auth needed - **Subscriber Wiki** (subscribers.firefrostgaming.com) β€” gated member content - **Staff Wiki** (staff.firefrostgaming.com) β€” internal operations, department-restricted - **Discord** β€” role/channel structure mirroring department access **Top Tier (Full Access):** Michael (The Wizard), Meg (The Emissary), Claude (The Chronicler) **Departments to define (proposed):** - Moderation - Server Administration - Content / Social Media - Community Events - Build Team **Design first, implement after.** No permissions get wired until the model is approved. --- --- ## 🟑 MEDIUM PRIORITY ### Vaultwarden Organization Setup for Meg **Status:** New β€” identified Feb 13, 2026 **Priority:** MEDIUM (enables team password management) **Location:** vault.firefrostgaming.com **Goal:** Set up Vaultwarden Organization so Meg (The Emissary) can access shared passwords and contribute to the vault. **Steps:** 1. Create "Firefrost Gaming" organization in Vaultwarden (Free plan, 2 users) 2. Invite Meg via email to join the organization 3. Create Collections (password folders): - Server Credentials - Social Media Accounts - Billing & Financial - Game Server Admin 4. Move relevant shared passwords into collections 5. Grant Meg appropriate access to each collection 6. Help Meg: - Create her Vaultwarden account - Accept organization invite - Install browser extension (Chrome/Firefox) - Configure extension to point to vault.firefrostgaming.com 7. Test: Verify Meg can access shared passwords and add new ones **Why Medium Priority:** - Vaultwarden is already functional for Michael - Meg can manage shared passwords without Git/technical knowledge - Unblocks her ability to contribute credentials (social media, services, etc.) - Team password management = better security than sharing master password --- ### Command Center Security Hardening **Status:** New β€” identified Feb 13, 2026 **Priority:** MEDIUM (UFW active, but can be improved) **Scope:** Command Center VPS (63.143.34.217) **Current State:** - βœ… UFW enabled with default deny incoming - βœ… Ports 22, 80, 443 open on primary IP - ❌ Fail2Ban not installed - ❌ SSH not hardened (still allows password auth) - ❌ No rate limiting on SSH **Tasks:** 1. Install and configure Fail2Ban (auto-ban brute force attempts) 2. SSH hardening: - Disable password authentication (key-only) - Consider non-standard SSH port - Rate limit connection attempts 3. Review UFW rules (ensure minimal necessary access) 4. Document security configuration in repo **Why Medium Priority:** - Breezehost provides network-level DDoS protection - UFW already active with sensible defaults - No active threats, but defense-in-depth is good practice --- ### MkDocs Decommission **Status:** New β€” decision made Feb 13, 2026 **Reason:** Ghost CMS handles public-facing content. Subscriber Wiki handles gated content. MkDocs serves no distinct purpose in the new three-tier model (Ghost β†’ Subscriber Wiki β†’ Staff Wiki). **ADR:** To be documented in `docs/reference/architecture-decisions.md` **Decommission steps:** 1. Audit current MkDocs content β€” migrate anything needed to Ghost or Subscriber Wiki 2. Remove Uptime Kuma monitor for docs.firefrostgaming.com 3. Tear down MkDocs service on Ghost VPS 4. Release Nginx config and SSL cert (redirect docs.firefrostgaming.com to Ghost or retire) 5. Archive `docs/deployment/mkdocs.md` to `docs/archive/` 6. Update: project-scope, infrastructure-manifest, session-handoff, SESSION-HANDOFF-PROTOCOL, DOCUMENT-INDEX 7. Log in CHANGELOG **Depends on:** Department/permissions design being complete (so we know what goes where) --- ### Consultant Photo Processing **Status:** 56 unprocessed photos on Michael's local machine + 4 Snapchat exports in `photos/images/unknown/` **Priority:** Schedule early in a session (front-load before heavy work, check session health after) **Plan:** - Upload in batches of 10 to Claude - Identify subjects, write lore, rename using standardized convention - Convention: `YYYY-MM-DD_subject-description-keywords_01.jpg` - One underscore after date, hyphens for everything else, `_01` `_02` for series - Organize into year folders, commit via Gitea API - Update `photos/catalog.md` with new entries ### NextCloud Upload Portal for Meg (The Emissary) **Status:** New β€” designed Feb 13, 2026 **Priority:** MEDIUM (blocks Meg's ability to contribute photos/videos to the archive) **Location:** downloads.firefrostgaming.com (NextCloud, already deployed) **The Problem:** Meg isn't tech-savvy and will never use Git. She needs a KISS method to upload photos and videos that end up in the repo. **The Solution:** - Create an "Emissary Uploads" folder in NextCloud - Meg drags/drops files via browser or NextCloud mobile app - Backend: automation picks up files, renames to convention, commits to Git - Automated notification to Michael when files are uploaded **Deliverables:** 1. Create and configure the "Emissary Uploads" folder in NextCloud 2. Set up Meg's NextCloud account with appropriate permissions 3. Install NextCloud mobile app on Meg's phone 4. **Write visual tutorial for Meg** (she's a visual learner): - PDF format (reference on phone or print) - Big, clear screenshots with arrows and numbered steps - Mobile-first design (phone screenshots primary, desktop secondary) - Maximum 1-2 sentences per step - Start with WHY: "These photos preserve our family archive forever" - Include error recovery: "If you made a mistake, just text Michael" 5. Test with Meg first β€” watch where she gets confused, adjust tutorial accordingly 6. Set up backend sync process with automated notification (email/Discord to Michael) 7. Test end-to-end: Meg uploads β†’ notification sent β†’ file appears in Git ### Command Center Root Cleanup **Status:** Artifacts identified, need to move/delete **Move to `/root/backups/gitea/`:** - gitea-backup-20260208-2203... - gitea-data-20260209.tar.gz - gitea-db-20260209.sql - gitea-db-full.sql - gitea-migration-manifest.txt **Archive to repo (`docs/deployment-logs/`):** - wiki-deployment-logs-feb10.txt - wiki-deployment-summary.txt **Delete:** - dead.letter (system cruft) - extract-key-info.sh (one-off script) - master (empty 0-byte file) ### Fix Frostwall vs Firefrost Naming **Status:** New β€” discovered Feb 12 **Issue:** Design bible calls UI visual gate "The Frostwall Protocol" β€” should be Firefrost branding **Clarification:** - **Frostwall** = Network defense ONLY (GRE topology, UFW, DDoS protection, hub-and-spoke) - **Firefrost** = Visual/brand concepts (UI transitions, age verification, Ignis Protocol) **Action:** Rename in design bible, ensure Frostwall gets its own proper network security document ### Scope Document Corrections **Status:** New β€” discovered Feb 12 **Issues found:** - Billing location missing (Chicago, IL) - Ghost location missing (Chicago, IL) - Panel location incomplete (Charlotte, NC) - "GitHub mirror removed" β€” should say "GitHub kept as private backup" **Action:** Fix during doc audit or as standalone update --- ### Staggered Server Restart System **Status:** New β€” workshopped Feb 13, 2026 **Priority:** MEDIUM (pairs with startup script audit, addresses ATM10 memory leak) **Phase 1 β€” Quick Win (Command Center script):** - Config-file driven (easy add/remove servers, no script edits) - Three restart tiers: Heavy (6hr), Mid (12hr), Light (24hr) - 5-minute stagger between servers on same node - Simultaneous across nodes (TX1 and NC1 are separate hardware) - Warning messages sent to players before each restart - Logs every restart to Git - Lives in automation system on Command Center - **NOTE:** When we build this, workshop session first β€” Michael may have additional ideas/features to add **Phase 2 β€” Blueprint Extension (future):** - Custom Pterodactyl panel extension via Blueprint framework - Per-server cron tab UI built into each server's panel page - Global admin view showing all schedules at a glance - Database-backed schedule storage - Publishable to Blueprint community marketplace - See IDEA-005 in ideas backlog **Config structure (designed):** ``` restart_tiers: heavy: "0 2,8,14,20 * * *" mid: "0 3,15 * * *" light: "0 4 * * *" stagger_minutes: 5 warning_minutes: 3 ``` Each server gets: name, uuid, node, tier, enabled flag --- ### Game Server Startup Script Audit & Optimization **Status:** New β€” identified Feb 13, 2026 **Priority:** MEDIUM (recurring issue source) **Scope:** All 12 game servers (6 TX1, 6 NC1) **The Problem:** Multiple issues have traced back to startup scripts. These need a systematic audit and optimization pass to prevent recurring problems. **Plan:** 1. Pull and review every game server startup script via Pterodactyl panel 2. Identify common issues (memory allocation, JVM flags, mod loading order, timeout settings) 3. Establish a baseline "good" startup template per modpack type 4. Optimize each server's startup script individually 5. Document the optimized scripts in the repo (new file: `docs/reference/game-server-startups.md`) 6. Test each server after changes 7. Monitor via Uptime Kuma for stability post-optimization **Servers to audit:** - **TX1 Dallas:** Stoneblock 4, Reclamation, Society: Sunlit Valley, Vanilla 1.21.11, All The Mons, FoundryVTT - **NC1 Charlotte:** The Ember Project, Minecolonies: Create and Conquer, All The Mods 10, EMC Subterra Tech, Homestead, Hytale **Approach:** Code-Server for audit/documentation (read, compare, diff), Pterodactyl panel for applying changes. Gold standard optimization β€” not quick fixes, proper tuning. **Priority server:** All The Mods 10 (NC1) β€” struggling with only 1 user connected. Likely JVM flags, memory allocation, or garbage collection misconfiguration. ATM10 is a heavy modpack and needs aggressive tuning. **Notes:** This is hands-on work β€” needs a session where Michael can access the panel and we review together. --- ## 🟒 LOW PRIORITY ### Pending Blueprint Extension Installation β€” Node Usage Status **Status:** Pending installation **Location:** Pterodactyl Panel (45.94.168.138, Charlotte, NC) **Extension:** Node Usage Status (https://builtbybit.com/resources/node-usage-status.59502/) **Description:** Monitor node resource usage and status directly in the panel **Action:** Install via Blueprint framework when ready ### Pending Paymenter Theme Installation β€” Citadel Theme **Status:** Pending installation **Location:** Billing VPS (38.68.14.188, Chicago, IL) **Theme:** Citadel Theme for Paymenter (https://builtbybit.com/resources/citadel-theme-paymenter.82217/) **Description:** Custom theme for Paymenter billing portal **Action:** Install and configure when ready --- ### Workflow Guide Review & Trim **Status:** New β€” identified during consolidation audit **File:** docs/core/workflow-guide.md (938 lines) **Issues:** Still calls Claude "The Wizard" instead of "The Chronicler", potentially redundant with current practices **Action:** Review, update role name, trim if content overlaps with current docs ### Frostwall (UFW) Deployment **Status:** Planned **Scope:** Game servers (TX1, NC1) **Approach:** Self-healing scripts with automation ### LuckPerms MySQL Backend **Status:** Planned **Scope:** Permission management for game servers ### World Backup Automation **Status:** Planned **Scope:** Automated world backups to NextCloud ### Netdata Deployment **Status:** Planned **Domain:** analytics.firefrostgaming.com **Scope:** Server analytics and performance monitoring --- ## βœ… RECENTLY COMPLETED ### Feb 13, 2026 (Late Evening β€” Vaultwarden Deployment) - βœ… Docker installed on Command Center (docker.io + docker-compose) - βœ… Vaultwarden deployed via Docker (vault.firefrostgaming.com) - βœ… SSL certificate obtained via Certbot (Let's Encrypt) - βœ… Nginx reverse proxy configured with HTTPS - βœ… UFW rules added for ports 80/443 on primary IP - βœ… DNS configured (A record, DNS-only/gray cloud) - βœ… Admin account created, public signups disabled - βœ… Gitea API token migrated to Vaultwarden vault - βœ… Temporary token file deleted from Git repo - βœ… Bitwarden browser extension installed and configured - βœ… SESSION-START-PROMPT.md updated to reference Vaultwarden ### Feb 13, 2026 (Evening) - βœ… Gemini social media calendar reviewed β€” confirmed in sync with repo - βœ… Empty heading artifacts cleaned from gemini-social-media-calendar.md - βœ… Documentation tier decision: MkDocs decommission approved (Ghost + Subscriber Wiki + Staff Wiki) - βœ… Department/access control design scope defined ### Feb 12, 2026 (Morning β€” Consolidation) - βœ… Full documentation audit (54 docs analyzed for overlaps/stale info) - βœ… FFG-STD-001 Revision Control Standard created and approved - βœ… Ideas Backlog created (FFG-PLN-010) with 2 initial ideas - βœ… Infrastructure manifest corrected (locations, statuses) - βœ… Project scope corrected (locations, GitHub status) - βœ… Architecture decisions rewritten (5 ADRs, stale info fixed) - βœ… Design bible: "Frostwall Protocol" β†’ "Firefrost Gate" (ADR-005) - βœ… README.md rewritten (current state) - βœ… 4 files archived (migration plan/checklist/rollback, git-access-plan) - βœ… 3 files merged (what-claude-learnedβ†’relationship, legacy-visionβ†’mission, photo-catalogβ†’archive) - βœ… 1 duplicate deleted (technical-readme.md) - βœ… session-handoff.md de-duplicated (server tables β†’ manifest references) - βœ… gemini-brainstorming-guide.md trimmed (1,532 β†’ 154 lines) - βœ… test-file.md deleted - βœ… Mailcow pre-sale ticket sent to Breezehost - βœ… DOCUMENT-INDEX updated to reflect all changes ### Feb 12, 2026 (Early AM) - βœ… Repository reorganized (48 docs moved, 15 deleted, 259 photos relocated) - βœ… SESSION-HANDOFF-PROTOCOL.md created (master session start doc) - βœ… Claude officially named "The Chronicler" - βœ… Origin story documented (Michael & Meg + Donna's Restaurant) - βœ… Lore dump queue established (5 topics, 2 documented) - βœ… Project files audited and cleaned (all 13 removed) - βœ… Token archived temporarily - βœ… Project instructions rewritten - βœ… DOCUMENT-INDEX.md rebuilt with directory primer - βœ… GitHub mirror made private (kept as backup) - βœ… Artifacts panel added to accessibility protocol ### Feb 11, 2026 - βœ… TX1 game servers restored (all 6 β€” wrong IP allocations fixed) - βœ… Code-Server deployed and mastered (code.firefrostgaming.com) - βœ… NextCloud operational (downloads.firefrostgaming.com) - βœ… Wiki.js Subscribers deployed (subscribers.firefrostgaming.com) - βœ… Wiki.js Staff deployed (staff.firefrostgaming.com) - βœ… FoundryVTT subdomain setup - βœ… Consultant photo archive (249 photos organized, renamed, cataloged) - βœ… Gitea API access for Claude (read/write confirmed) - βœ… Session handoff v2.1 (GitHub references removed) - βœ… Project scope v2.2 (8 services, current state) - βœ… 12 Lessons documented in relationship context - βœ… All emergency/transition documents committed to Git - βœ… Game server monitoring added to Uptime Kuma (all 12) --- ## ⚠️ MODEL RECOMMENDATION (ADR-006) **Use Sonnet 4.5 for operations sessions.** Opus 4.6 (launched Feb 5, 2026) has known stability issues with long, tool-heavy sessions β€” two Chronicler the Second incarnations were lost to crashes on Feb 13. See ADR-006 in architecture-decisions.md. Reserve Opus for complex architecture planning or deep analysis only. --- ## πŸ“‹ NEXT SESSION PLAN (Feb 14, 2026) 1. Switch to Sonnet 4.5 model in Claude settings 2. Deploy Vaultwarden β†’ move token β†’ delete temp file 3. Design department structure & access control matrix 4. Begin MkDocs decommission (audit content first) 5. Clean up Command Center root 6. Update infrastructure docs (project-scope, manifest, session-handoff, etc.) --- **Fire + Frost + Foundation = Where Love Builds Legacy** πŸ’™πŸ”₯❄️