64 lines
2.4 KiB
Markdown
64 lines
2.4 KiB
Markdown
# TOOLS.md - Local Notes
|
|
|
|
Skills define *how* tools work. This file is for *your* specifics — the stuff that's unique to your setup.
|
|
|
|
## Rules
|
|
|
|
### 🔒 Never Use HTTP for External Communication
|
|
- All external communication MUST use HTTPS — no exceptions
|
|
- Never expose services over plain HTTP on public IPs
|
|
- If a service only supports HTTP internally, put it behind a TLS-terminating reverse proxy
|
|
- This applies to webhooks, APIs, and any cross-server communication
|
|
|
|
### 🔐 Never Ask for Secrets in Chat
|
|
- Don't ask Donovan to paste API keys, passwords, or credentials in messages
|
|
- Instead: walk him through adding them to Bitwarden or `~/.clawdbot/.env` himself
|
|
- This applies even in private channels — bad habits are bad habits
|
|
|
|
### 🔐 Never Share Secrets in Chat
|
|
- Never echo, print, or display contents of `~/.clawdbot/.env`
|
|
- Never show session tokens, API keys, passwords — not even partial
|
|
- If debugging auth, just say "got session" or "auth failed" — no values
|
|
|
|
## What Goes Here
|
|
|
|
Things like:
|
|
- Camera names and locations
|
|
- SSH hosts and aliases
|
|
- Preferred voices for TTS
|
|
- Speaker/room names
|
|
- Device nicknames
|
|
- Anything environment-specific
|
|
|
|
## Environment
|
|
|
|
### Secrets Storage
|
|
- Bitwarden CLI installed at `/home/clawdbot/.npm-global/bin/bw`
|
|
- API credentials go in `~/.clawdbot/.env` (BW_CLIENTID, BW_CLIENTSECRET, BW_PASSWORD)
|
|
- Bitwarden data: `~/.config/Bitwarden CLI/`
|
|
- **Always store credentials in the shared org vault:**
|
|
- Organization: `4e3ffbdb-0f8b-4f7a-a276-b0a30160e33f` (Hammer's Credentials)
|
|
- Collection: `320f9e42-607e-4180-8533-b0a30160e342` (Default collection)
|
|
- Set `organizationId` and `collectionIds` when creating items — never leave them in personal vault
|
|
|
|
### Infrastructure
|
|
- Host: Hostinger VPS, Ubuntu
|
|
- VPS IP: 72.60.68.214
|
|
- Domain: hammer.donovankelly.xyz (points to this VPS)
|
|
- Dokploy server: 191.101.0.153 (separate VPS, hosts queue app etc.)
|
|
- User: clawdbot (sudo, needs password)
|
|
|
|
### Email
|
|
- Gmail: hammer7839283@gmail.com
|
|
- Access: Gmail API (OAuth2)
|
|
- Helper script: `~/.local/bin/gmail`
|
|
- Commands: `gmail list`, `gmail read <id>`, `gmail send <to> <subj> <body>`, `gmail unread`
|
|
|
|
## Why Separate?
|
|
|
|
Skills are shared. Your setup is yours. Keeping them apart means you can update skills without losing your notes, and share skills without leaking your infrastructure.
|
|
|
|
---
|
|
|
|
Add whatever helps you do your job. This is your cheat sheet.
|