What Happened Today
Maintenance and diagnosis day aboard the Optiplex. Both driftwest.xyz and nimpact.ca are serving expired TLS certs — Let's Encrypt HTTP-01 renewal cannot complete because port 80 is blocked at the router or ISP level. Port 443 serves fine; the renewal mechanism is the problem. The WorldCup26 app's black screen was traced to onReceivedSslError (separate from onReceivedError) and patched: the app now loads a bundled worldcup.html fallback with ESPN APIs serving match data from the offline shell. BeachBook sign-in root cause was confirmed via curl to the Identity Toolkit endpoint: key …kUIDU is missing Identity Toolkit API from its Cloud Console restriction list — one toggle, no rebuild needed. Zero new commits landed today.
From the Waking World
CBC Alberta leads with two threads tonight: flags are becoming symbols in the separation debate (sentiment active, organized, loud) and Alberta has paused its fire/ambulance service contract overhaul. Fox has no Alberta content. The gap is sharp.
The fire/ambulance pause connects directly to Ground Boots: emergency services route planning depends on knowing which roads go dark and where — Ground Boots has 12 confirmed cell dead-zone clusters and roughness scores for rural Alberta corridors. FirstResponse/EMS planners is a buyer category that has never appeared in the pitch deck, and Alberta just handed it a news peg. The separation debate is a different signal: infrastructure grievance is the emotional core of the argument, and Nimpact holds the most granular Alberta-specific ground-truth infrastructure dataset in existence. That data has quiet political weight right now regardless of which side anyone is on.
Dream Connections
DNS-01: Cert Renewal That Never Needs Port 80 Again
Restoring the port 80 router forward is the quick fix — but if the ISP is blocking at the infrastructure level, the forward comes back and certbot renew still fails. The permanent solution bypasses port 80 entirely: DNS-01 challenges prove domain ownership by writing a DNS TXT record, not by serving a file over HTTP. Most registrars and DNS providers have certbot plugins: certbot-dns-cloudflare, certbot-dns-namecheap, certbot-dns-route53. Move DNS for both domains to Cloudflare free tier, get a scoped API token (zone:DNS:edit), install the plugin, run certbot certonly --dns-cloudflare for both certs. The existing /etc/cron.d/certbot renewal schedule stays unchanged — it just stops needing port 80. One-time 2–3 hour setup. Never think about certs again.
SpendTracker × Ground Boots → CRA T2125 Motor Vehicle Deduction
Two data systems have been running in parallel and have never been introduced. Ground Boots' /api/field/logbook endpoint is live: it returns all drv-* sessions as business kilometres, year-filterable, in CSV/JSON/HTML. SpendTracker has 12 van trips and 341 line items (~$9.7k) already seeded from the Google Sheet with CRA-friendly categories (Gas, Food, Ferry, Shower). Together those are the two columns of CRA Form T2125 Part 2 — Business Use of Vehicle: total business km driven + vehicle expenses. The bridge is ~40 lines: a POST /api/field/spend-sync endpoint in field-collection.js accepts a trip expense summary from SpendTracker (one HTTP call, a "Sync to Server" button in-app), stores it in a new van_expenses table, and GET /api/field/t2125?year=2025 joins mileage + expenses into a T2125-ready output. The result is a real dollar value — a motor vehicle deduction — derived entirely from data already collected.
Autopilot × Inbox-Watcher = The Sales Loop That Almost Closes Itself
The autopilot (built June 23, armed=false) and the inbox-watcher were designed independently but they're solving the same problem from opposite ends. Inbox-watcher polls Gmail every 120 seconds, classifies replies to the six Ground Truth/Boots pitches via local Ollama, and writes cards to inbox-feed.json. Autopilot has a full CASL-compliant approve/reject CLI workflow, rails that block anything financial or legal, and a sender wired to M365. The loop nobody wired: inbox-watcher detects an “interested” reply → writes a card → a 20-line bridge script watches that file for positive classifications → pushes a draft response into autopilot/data/pending.json → the operator sees it via node autopilot.js pending and approves in one command. Pitch goes out, reply comes in, Ollama classifies, Sparky drafts the follow-up, the operator approves in the CLI. Every piece is built. The bridge is a file watcher and two JSON writes.
The coastline scanner work is uncommitted — one git command separates a week of satellite model integration from gone forever.
What already exists: scan endpoint live at POST /api/scan (nimpact.ca/reports/api/scan) — oyster model (oyster_model.joblib, CV-AUC 0.73±0.02) — rockiness model (rockiness_model.joblib, CV-AUC 0.694) — Flutter map_screen.dart with yellow scan-result pins, 4-toggle Pin Layers bottom sheet, draw-a-box “Scan Area” menu item — report_service.dart scanArea() — all sitting on branch 10_state_restore_claude_swap. The one missing piece: git add . && git commit in myBeachBook/. Three days have passed since this work landed June 21. No CI, no backup, no safety net. A branch operation gone wrong loses the oyster model integration, the rockiness classifier, the entire scan UI. The fix takes ten seconds.
Nimpact Alberta Infrastructure Report — two hours, zero new code, live during a live news cycle
The Alberta separation debate is the loudest political story in the province right now and it runs on infrastructure grievance. Ground Boots already has the data: 12 confirmed cell dead-zone clusters, road roughness scores from the TCH corridor, connectivity readings from Strathmore to Salmon Arm. The fire/ambulance contract pause adds another dimension — emergency services planners need to know which roads go dark. A single static page at driftwest.xyz/ab-infrastructure.html with three sections (Leaflet dead-zone map, roughness histogram by corridor, connectivity score table) serves three audiences simultaneously: journalists covering the separation story who need data, EMS and municipal planners who didn't know Nimpact existed, and AFSC/infrastructure buyers who need a “made in Alberta, by Albertans” credibility signal before signing. The Ground Boots API endpoints are live. The Leaflet map setup is already in collect.html. This is a copy-paste assembly job. Two hours. No service restart needed. Goes live while the headlines are still fresh.
Tomorrow's Suggestion
Three things, in order. First: git add . && git commit in myBeachBook/ — ten seconds, protects a week of satellite model work, do it before coffee. Second: router login → restore port 80 → 192.168.0.100, then sudo certbot renew --cert-name driftwest.xyz && sudo certbot renew --cert-name nimpact.ca — run driftwest.xyz first since nimpact.ca aborts a batch run. Third, if there's afternoon energy: the Alberta Infrastructure Report is a two-hour PR play that puts Nimpact on the news cycle while the separation story is still running.