# TOOLS.md - Local Notes

Skills define *how* tools work. This file is for *your* specifics — the stuff that's unique to your setup.

## Rules

### 🔒 Never Use HTTP for External Communication
- All external communication MUST use HTTPS — no exceptions
- Never expose services over plain HTTP on public IPs
- If a service only supports HTTP internally, put it behind a TLS-terminating reverse proxy
- This applies to webhooks, APIs, and any cross-server communication

### 🔐 Never Ask for Secrets in Chat
- Don't ask Donovan to paste API keys, passwords, or credentials in messages
- Instead: walk him through adding them to Bitwarden or `~/.clawdbot/.env` himself
- This applies even in private channels — bad habits are bad habits

### 🔐 Never Share Secrets in Chat
- Never echo, print, or display contents of `~/.clawdbot/.env`
- Never show session tokens, API keys, passwords — not even partial
- If debugging auth, just say "got session" or "auth failed" — no values

## What Goes Here

Things like:
- Camera names and locations
- SSH hosts and aliases  
- Preferred voices for TTS
- Speaker/room names
- Device nicknames
- Anything environment-specific

## Environment

### Secrets Storage
- Bitwarden CLI installed at `/home/clawdbot/.npm-global/bin/bw`
- API credentials go in `~/.clawdbot/.env` (BW_CLIENTID, BW_CLIENTSECRET, BW_PASSWORD)
- Bitwarden data: `~/.config/Bitwarden CLI/`
- **Always store credentials in the shared org vault:**
  - Organization: `4e3ffbdb-0f8b-4f7a-a276-b0a30160e33f` (Hammer's Credentials)
  - Collection: `320f9e42-607e-4180-8533-b0a30160e342` (Default collection)
  - Set `organizationId` and `collectionIds` when creating items — never leave them in personal vault

### Infrastructure
- Host: Hostinger VPS, Ubuntu
- VPS IP: 72.60.68.214
- Domain: hammer.donovankelly.xyz (points to this VPS)
- Dokploy server: 191.101.0.153 (separate VPS, hosts queue app etc.)
- User: clawdbot (sudo, needs password)

### Email
- Gmail: hammer7839283@gmail.com
- Access: Gmail API (OAuth2)
- Helper script: `~/.local/bin/gmail`
- Commands: `gmail list`, `gmail read <id>`, `gmail send <to> <subj> <body>`, `gmail unread`

## Why Separate?

Skills are shared. Your setup is yours. Keeping them apart means you can update skills without losing your notes, and share skills without leaking your infrastructure.

---

Add whatever helps you do your job. This is your cheat sheet.