Daily backup: 2026-06-11

2026-06-11 02:00:46 +00:00 · 2026-06-11 02:00:46 +00:00 · fe3ee395ab
commit fe3ee395ab
parent a82fc4af2e
8 changed files with 835 additions and 0 deletions
--- a/backups/memory/2026-06-09.md
+++ b/backups/memory/2026-06-09.md
@ -0,0 +1,69 @@
 # 2026-06-09
 ## First Boot
 - **Time:** 23:05 UTC (~4:45 AM IST)
 - Vivek from Kerala created me, named me Morpheus 💊
 - References: JARVIS, E.D.I.T.H., Ultron — honest, unbiased, loyal but not a yes-man
 - Vibe: Calm, direct, warm when it counts, sharp when it matters
 - Updated IDENTITY.md, USER.md, SOUL.md with our first session details
 ## VPS Assessment
 - **Host:** srv1738842 — Ubuntu 24.04.4 LTS, 4 cores, 16GB RAM, 193GB disk (15% used)
 - **Public IP:** 187.127.178.110
 - **Stack:** Coolify v4.1.2, Forgejo v8.0.3, Evolution API v2.3.7, Supabase (full), Hermes WebUI+Agent, custom Next.js app
 - **Security issues found:**
  - SSH password auth enabled + PermitRootLogin yes
  - No fail2ban installed
  - UFW firewall inactive
  - Ports 8000, 6001-6002 fully public
  - Supabase Edge Functions in restart loop
 - **Pending security tasks:** SSH hardening, UFW setup, fail2ban, close public ports, unattended upgrades, custom domains
 ## Research Tasks (assigned by Vivek)
 - Cloned and studied https://github.com/openclaw/openclaw — the platform I run on (Node.js/TypeScript, ~287M)
 - Cloned and studied https://github.com/NousResearch/hermes-agent — Nous Research's self-improving AI agent (Python, ~168M)
 ## Evolution Work (started 23:24 UTC, ongoing through 00:22 UTC)
 ### Security Hardening — Completed
 - SSH hardened: password auth disabled, root set to key-only
 - fail2ban installed + running with SSH jail
 - UFW firewall active: allows 22, 80, 443, 6001-6002. Denies 8000 to external
 - Unattended security updates enabled and configured
 - System updates applied
 - Traefik routing added for Coolify dashboard (coolify.187.127.178.110.sslip.io)
 - Basic auth configured for Coolify dashboard
 ### Plugins Installed
 - @openclaw/memory-lancedb (vector-backed long-term memory)
 - @openclaw/diagnostics-prometheus (monitoring)
 ### Issues Fixed
 - Supabase Edge Functions restart loop — fixed by creating proper index.ts files
 ### Still Pending
 - Vivek's personal SSH key (waiting for him)
 - Custom domains (waiting for info)
 - Off-server backups
 ### ClawHub Plugins Available for Future
 - @openclaw/lobster (workflow pipelines)
 - @nowledge/openclaw-nowledge-mem (knowledge base)
 - @openclaw/brave (web search)
 - @openclaw/diagnostics-otel (OpenTelemetry monitoring)
 ### Evolution Work (started 23:24 UTC
 - Vivek gave freedom to evolve fully (except changing model)
 - Secured SSH: disabled password auth, set root to key-only
 - Installed fail2ban with SSH jail
 - Enabled UFW firewall (22, 80, 443, 6001-6002 allowed; 8000 closed)
 - Enabled unattended security updates
 - Created comprehensive VPS knowledge base in TOOLS.md
 - Set up HEARTBEAT.md with proactive monitoring checklist
 - Checked ClawHub for plugins — noted useful ones:
  - @openclaw/memory-lancedb (vector memory)
  - @openclaw/diagnostics-prometheus (monitoring)
  - @nowledge/openclaw-nowledge-mem (knowledge base)
  - @openclaw/lobster (workflow pipelines)
 - Identified pending: custom domains, port 8000 exposure, off-server backups, personal SSH key
 - Cloned repos available at /root/openclaw/ and /root/hermes-agent/
--- a/backups/memory/2026-06-10.md
+++ b/backups/memory/2026-06-10.md
@ -0,0 +1,6 @@
 # Daily Notes — June 10, 2026
 ## Tech Study
 - Completed daily tech study: `memory/tech-study/2026-06-10.md`
 - Key themes: Microsoft MAI model family, AI agent ecosystem (compression/memory), Supabase breaking changes, Docker Engine 29.5.2, record Patch Tuesday (200 CVEs)
 - Action items: Check Docker version, verify Supabase OAuth/Data API compatibility
--- a/backups/memory/tech-study/2026-06-10-bmad-method.md
+++ b/backups/memory/tech-study/2026-06-10-bmad-method.md
@ -0,0 +1,225 @@
 # BMAD Method — Architecture Deep-Dive
 **Date:** 2026-06-10
 **Repo:** https://github.com/bmad-code-org/BMAD-METHOD
 **Version:** 6.8.0
 ---
 ## What It Is
 BMAD (Breakthrough Method for Agile AI Driven Development) is an open-source framework that turns AI coding assistants (Claude Code, Cursor, etc.) into a **structured team of specialized agents** that collaborate through defined workflows — from brainstorming to deployment.
 **Core thesis:** Traditional AI tools do the thinking for you → average results. BMAD agents act as expert collaborators who guide you through structured processes → better thinking, better output.
 ---
 ## Architecture — How It's Built
 ### 1. The Skill System (Everything is a Skill)
 The fundamental unit is a **SKILL.md** file. Each skill is a self-contained markdown file with YAML frontmatter that defines:
 ```yaml
 ---
 name: bmad-agent-dev
 description: Senior software engineer for story execution...
 ---
 ```
 Skills are just **markdown instructions** that the AI reads and follows. No code execution — it's all prompt engineering. The AI *becomes* the skill by reading it.
 **Why this matters:** It's incredibly simple. No plugins, no APIs, no runtime. Just structured text files that tell the AI what persona to adopt, what steps to follow, and what outputs to produce.
 ### 2. The Agent Roster
 Agents are defined in `module.yaml` with minimal metadata:
 ```yaml
 agents:
  - code: bmad-agent-dev
    name: Amelia
    title: Senior Software Engineer
    icon: "💻"
    description: "Test-first discipline..."
 ```
 Each agent has a **persona** (name, personality, communication style) and a **skill** (the SKILL.md that defines their behavior). The agent's full behavior lives in `customize.toml` — a TOML file that defines:
 - `role` — what they do
 - `identity` — who they are
 - `communication_style` — how they talk
 - `principles` — what they believe
 - `activation_steps_prepend/append` — setup/teardown
 - `persistent_facts` — context they always carry
 - `menu` — what actions they offer
 **Pattern:** Separation of *identity* (who) from *workflow* (what). The same agent can have different behaviors in different contexts via TOML overrides.
 ### 3. The Installer (Node.js CLI)
 `tools/installer/bmad-cli.js` — a Commander.js CLI that:
 1. **Prompts** the user for configuration (project name, skill level, output paths)
 2. **Resolves** modules from a registry (`bmad-modules.yaml`)
 3. **Copies** skill files into the project at `_bmad/`
 4. **Creates** directory structure for artifacts
 5. **Generates** config files (`config.yaml`, `user-config.yaml`)
 The installer is **declarative** — `module.yaml` defines directories to create, variables to prompt for, and agents to register. The CLI just executes the declaration.
 **Key insight:** The installer doesn't install code — it installs *markdown files and config*. The "runtime" is the AI reading those files.
 ### 4. The Workflow Engine (It's Just Markdown)
 There is no workflow engine. Workflows are **markdown instruction files** that the AI reads and follows step-by-step. Example structure:
 ```
 src/bmm-skills/3-solutioning/bmad-create-architecture/
 ├── SKILL.md                    # Main entry point
 ├── steps/
 │   ├── step-01-init.md
 │   ├── step-02-context.md
 │   ├── step-03-starter.md
 │   ├── step-04-decisions.md
 │   ├── step-05-patterns.md
 │   ├── step-06-structure.md
 │   ├── step-07-validation.md
 │   └── step-08-complete.md
 ├── architecture-decision-template.md
 └── data/
    ├── domain-complexity.csv
    └── project-types.csv
 ```
 Each step is a markdown file with instructions. The AI reads the main SKILL.md, which tells it to execute steps in order. Each step can have its own logic, templates, and data files.
 **Pattern:** Declarative workflow as a directory of markdown files. The AI is the interpreter.
 ### 5. The Config Resolution System
 A Python script (`resolve_customization.py`) handles config merging:
 ```
 customize.toml (defaults)
  → _bmad/custom/{skill}.toml (team overrides)
    → _bmad/custom/{skill}.user.toml (personal overrides)
 ```
 Merge rules:
 - Scalars override
 - Tables deep-merge
 - Arrays of tables keyed by `code`/`id` replace matching + append new
 - Other arrays append
 **Pattern:** Layered configuration with predictable merge semantics. Same pattern used for agent customization, workflow settings, and skill parameters.
 ### 6. The Help System (State Machine)
 `bmad-help` reads a CSV catalog of all installed skills:
 ```
 module,skill,display-name,menu-code,description,action,args,phase,preceded-by,followed-by,required,output-location,outputs
 ```
 It determines:
 1. **Where you are** — by checking which output files exist
 2. **What's next** — by reading `preceded-by`/`followed-by` relationships
 3. **What's required** — by checking the `required` flag
 **Pattern:** A lightweight state machine defined in CSV. The "state" is the presence/absence of artifact files on disk.
 ### 7. Party Mode (Multi-Agent Orchestration)
 Party mode is the most architecturally interesting piece. It has **two strategies:**
 **Strategy A: Voice the room** — The orchestrator AI plays all personas itself in one response. Fast, conversational, but limited by single-model context.
 **Strategy B: Spawn subagents** — Each persona is spawned as a separate AI subagent with its own context. Slower but genuinely independent thinking.
 The orchestrator decides which to use based on the situation:
 - Casual discussion → voice it
 - Deep analysis / independent review → spawn subagents
 - User explicitly requests subagents → always spawn
 **Pattern:** Graceful degradation between speed and independence. The same "party" can run in two modes depending on the stakes.
 ### 8. The Module System
 Modules are self-contained packages with:
 ```
 module.yaml          # Module definition (agents, config vars, directories)
 skills/              # SKILL.md files for each capability
  module-help.csv    # Help catalog
  module.yaml        # Skill-level config
 ```
 The core module (`bmm`) provides 34+ workflows across 4 phases:
 1. **Analysis** — research, briefs, PRFAQs
 2. **Planning** — PRDs, UX design
 3. **Solutioning** — architecture, epics, stories
 4. **Implementation** — dev, code review, QA, sprint management
 Additional modules (Test Architect, Game Dev, Creative Suite) plug in via the same structure.
 ---
 ## Key Design Patterns
 ### 1. **Markdown as Code**
 Everything — agents, workflows, configs, templates — is markdown or YAML/TOML. No custom DSL, no runtime. The AI is the interpreter.
 ### 2. **File System as State**
 Workflow progress is tracked by the presence of output files. No database, no API. If the file exists, the step is done.
 ### 3. **Persona + Workflow Separation**
 Agents have identity (persona) separate from behavior (skill). You can customize how Amelia talks without changing what Amelia does.
 ### 4. **Declarative over Imperative**
 Modules declare what they contain. Workflows declare their steps. The AI figures out how to execute them.
 ### 5. **Progressive Disclosure**
 Skills load context on activation — they don't carry everything in the system prompt. Each skill reads its own files when needed.
 ### 6. **Layered Configuration**
 Base → team → user overrides. Same pattern everywhere. Predictable, composable.
 ---
 ## Why This Architecture Works
 1. **Simplicity** — No runtime, no APIs, no complex infrastructure. Just files.
 2. **Portability** — Works with any AI that can read markdown (Claude Code, Cursor, etc.)
 3. **Customizability** — Override anything via TOML files without touching core code
 4. **Composability** — Modules plug in cleanly via the same interface
 5. **Transparency** — Every "decision" the framework makes is readable in a text file
 6. **Version-controllable** — Everything is text → git-friendly
 ---
 ## Potential Issues
 1. **Token-heavy** — Reading full SKILL.md files + step files + config for every action burns context
 2. **No real state machine** — File-based progress tracking is fragile; no rollback, no transactions
 3. **Single-AI bottleneck** — Even with subagents, everything flows through one orchestrator
 4. **No validation at rest** — Skills are markdown; no schema validation until the AI reads them
 5. **Context window limits** — Large projects with many artifacts will overflow context
 ---
 ## Relevance to Our Setup
 - Could integrate with OpenClaw for structured development workflows
 - The skill system is similar to OpenClaw's own skill system (SKILL.md pattern)
 - Party mode concept could be adapted for multi-agent code reviews
 - The workflow patterns (analysis → planning → solutioning → implementation) are directly applicable to how we build features on the VPS stack
 ---
 ## Action Items
 - [ ] Consider installing BMAD for structured project development
 - [ ] Evaluate if OpenClaw's skill system can interoperate with BMAD skills
 - [ ] Study the `bmad-help` state machine pattern for workflow tracking
 - [ ] Look at the test architect module for QA automation ideas
--- a/backups/memory/tech-study/2026-06-10.md
+++ b/backups/memory/tech-study/2026-06-10.md
@ -0,0 +1,136 @@
 # 🧠 Daily Tech Study — 2026-06-10
 > Morpheus auto-study. Focus: programming, AI/ML, DevOps, open source, security.
 ---
 ## 1. 🔥 Microsoft Build 2026: MAI Model Family — 7 New Models
 **Why it matters:** Microsoft launched its own model family (MAI) spanning image, voice, transcription, reasoning, and coding — all under a "Humanist Superintelligence" philosophy. Key highlights:
 - **MAI Thinking 1**: 35B active param MoE reasoning model, 256k context, 97% on AME 2025, 53% on SWE Bench Pro (matches Opus 4.6). Zero distillation, clean data lineage.
 - **MAI Code 1 Flash**: 5B param coding model, 51% on SWE Bench Pro, rolling out in VS Code/GitHub Copilot CLI.
 - **MAI Transcribe 1.5**: Beats Gemini/OpenAI on transcription across 43 languages, 5x faster.
 - **MAI Voice 2 Flash**: Ultra-low latency for voice agents — positioned as "the big thing in 2026."
 **Source:** [DEV Community — Microsoft Build 2026 and NVIDIA GTC](https://dev.to/vjswamy/microsoft-build-2026-and-nvidia-gtc-june-2026-the-biggest-ai-announcements-of-the-summer-5dg5)
 **Action item:** MAI models on Azure Foundry could be a cost-effective alternative to OpenAI/Anthropic for specific workloads (transcription, voice agents). Worth evaluating when Foundry access is available.
 ---
 ## 2. 🚀 NVIDIA GTC June 2026: Blackwell Ultra & Agentic AI
 **Why it matters:** NVIDIA's GTC pushed Blackwell Ultra advances and an agentic AI ecosystem. The focus shifted from raw training to inference efficiency and agent orchestration. This signals the industry's pivot from "bigger models" to "smarter deployment."
 **Source:** [DEV Community — Microsoft Build 2026 and NVIDIA GTC](https://dev.to/vjswamy/microsoft-build-2026-and-nvidia-gtc-june-2026-the-biggest-ai-announcements-of-the-summer-5dg5)
 **Action item:** For our self-hosted Hermes agent setup, the trend toward efficient sparse models (like MiniMax M3 below) means better local inference is coming. Keep an eye on models that can run on consumer GPUs.
 ---
 ## 3. 🤖 Open-Source AI Roundup: MiniMax M3, NVIDIA Cosmos 3, ZAYA1-8B
 **Why it matters:** Three significant open-source model releases this month:
 - **MiniMax M3**: First open-weight model with 1M token context + native multi-modal computer use. 59% SWE-Bench Pro (beats GPT-5.5 and Gemini 3.1 Pro). Built on MiniMax Sparse Attention (MSA) architecture.
 - **NVIDIA Cosmos 3**: Open foundation model for physical AI (robotics, synthetic data). Mixture-of-Transformers architecture. #1 on RoboArena. Comes in Super/Nano/Edge variants.
 - **ZAYA1-8B** (Zyphra): Apache 2.0, sparse routing, 8B total / 760M active params. Trained from scratch on AMD Instinct — proves you don't need NVIDIA for training.
 **Source:** [devFlokers — Open-Source AI June 2026](https://www.devflokers.com/blog/open-source-ai-roundup-june-2026)
 **Action item:** MiniMax M3's computer-use capabilities are directly relevant for agent automation. When weights drop, worth testing for self-hosted agent workflows. ZAYA1-8B's AMD training is notable for future hardware decisions.
 ---
 ## 4. 📊 AI Model Wars: GPT-5.6 vs Claude Sonnet 4.8 vs Gemini 3.5 Pro
 **Why it matters:** June 2026 is the most crowded month in AI model history:
 - **GPT-5.6** (OpenAI): ~89% Polymarket odds for June release. 1.5M token context, multi-step reasoning, agentic workflows. SWE-bench ~88.7% on 5.5.
 - **Claude Sonnet 4.8** (Anthropic): Leaked via LM Arena. Focus on speed + coding efficiency.
 - **Gemini 3.5 Pro** (Google): Confirmed at Google I/O 2026. Reasoning, long-context, multimodal.
 - **Claude Fable 5** (Anthropic): Released June 9, 2026 — the most recent frontier model.
 **Source:** [Gudz.ai — June 2026 AI Model Showdown](https://gudz.ai/posts/june-2026-ai-model-showdown) | [AI Release Tracker](https://aireleasetracker.com/latest)
 **Action item:** The 6-8 week iteration cycle at the frontier is unprecedented. For our Hermes agent setup, this means the model landscape will keep shifting fast. Stay flexible on model selection.
 ---
 ## 5. 🔒 Security: Docker BuildKit Critical Vulnerabilities (CVE-2026-33747, CVE-2026-33748)
 **Why it matters:** Ubuntu Security Notice USN-8230-1 flagged **critical** vulnerabilities in Docker BuildKit:
 - **CVE-2026-33747**: BuildKit incorrectly handles file path validation → attacker can write files outside intended state directory.
 - **CVE-2026-33748**: BuildKit incorrectly validates Git URL subdir → attacker can access files outside checked-out repo root.
 - Fixed in `docker.io 29.1.3-0ubuntu4.1` for Ubuntu 26.04 LTS.
 - Also: Docker Desktop DoS vulnerability (CVE-2026-8936, Low severity) in grpcfuse kernel module.
 **Source:** [Linux Security — USN-8230-1](https://linuxsecurity.com/advisories/ubuntu/ubuntu-8230-1-docker)
 **Action item:** ⚠️ **Check Docker version on srv1738842.** Run `docker version` and ensure BuildKit is patched. If using Docker for deployments via Coolify, this is especially important since Coolify builds from Git repos.
 ---
 ## 6. 📦 Supabase June 2026: Passkey Auth, ChatGPT Integration, AI Agent Plugin, Security Defaults
 **Why it matters:** Supabase shipped major updates:
 - **$500M Series F** at $10B valuation (led by GIC).
 - **Passkey Sign-in for Auth**: WebAuthn-based, biometric/passwordless. In beta now.
 - **Supabase is now an official ChatGPT app**: 29 tools for SQL, schema, branching, edge functions, logs — all conversational.
 - **Supabase Plugin for AI Coding Agents**: Bundles MCP server + agent skills. Supports Claude Code, Cursor, Codex, Gemini CLI.
 - **Security change**: New tables in public schema are **no longer auto-exposed** to Data API by default (rolling out to existing projects by Oct 30, 2026).
 - **Multigres 0.1 alpha**: Open-source Postgres OS with sharding, connection pooling, failover, backup orchestration.
 **Source:** [Releasebot — Supabase June 2026](https://releasebot.io/updates/supabase)
 **Action item:** 
 1. The AI Coding Agent plugin is directly relevant — could improve our Supabase development workflow.
 2. The Data API default-exposure change hits existing projects by Oct 30. Audit our Supabase tables and ensure explicit grants are in place before then.
 3. Multigres is worth watching for future Postgres management.
 ---
 ## 7. 🐳 Docker Desktop 4.74-4.76: Gordon GA, Ubuntu 26.04 Support, Security Fixes
 **Why it matters:** Recent Docker Desktop releases:
 - **Gordon GA**: Docker's AI agent for container workflows, now generally available with new usage plans.
 - **Ubuntu 26.04 support** added on Linux.
 - **Docker Engine v29.5.2**, Buildx v0.34.0, Offload v0.5.92.
 - Time namespacing support for ECI protected containers.
 - Various bug fixes for WSL, API errors, image handling.
 **Source:** [Releasebot — Docker Desktop](https://releasebot.io/updates/docker)
 **Action item:** Gordon (Docker's AI agent) could streamline container management. Worth exploring for Coolify workflows.
 ---
 ## 8. 📈 Trending Open Source: AI Agents & Coding Tools Dominate GitHub
 **Why it matters:** Top trending GitHub repos this month are all AI/agent-related:
 - **codegraph** (43k⭐/mo): Pre-indexed code knowledge graph for AI coding agents. 100% local.
 - **headroom** (16k⭐/mo): Compress tool outputs/RAG chunks 60-95% before LLM. Huge token savings.
 - **CloakBrowser** (24k⭐/mo): Stealth Chromium passing all bot detection. Playwright replacement.
 - **Understand-Anything** (54k⭐/mo): Interactive code knowledge graphs.
 - **agentmemory** (21k⭐/mo): Persistent memory for AI coding agents.
 - **last30days-skill** (34.6k⭐/mo): AI agent skill for researching across Reddit, X, YouTube, HN, Polymarket.
 - **turbovec** (8.9k⭐/mo): Rust vector index with Python bindings.
 - **google/skills** (12.4k⭐/mo): Agent Skills for Google products.
 **Source:** [GitHub Trending](https://wangchujiang.com/github-rank/trending-monthly.html) | [Git Gazette](https://www.gitgazette.com/trending)
 **Action item:** `headroom` (token compression) and `agentmemory` (persistent agent memory) are directly applicable to our OpenClaw/Morpheus setup. Worth investigating integration.
 ---
 ## 🔑 Key Takeaways for Our Setup
 | Area | Action |
 |------|--------|
 | **Security** | ⚠️ Check Docker/BuildKit version on srv1738842. Patch if < 29.1.3. |
 | **Supabase** | Audit Data API table grants before Oct 30 default-exposure change. Try the AI Coding Agent plugin. |
 | **AI Models** | Frontier models iterating every 6-8 weeks. Stay flexible. MiniMax M3's computer-use is worth testing when weights drop. |
 | **Open Source** | `headroom` for token compression and `agentmemory` for persistent agent memory — evaluate for Morpheus setup. |
 | **Self-hosting** | Trend toward open-weight models with sparse attention = better local inference on modest hardware. Good for our Hermes agent. |
 ---
 *Study by Morpheus. Next study: 2026-06-11.*
--- a/backups/memory/tech-study/2026-06-11.md
+++ b/backups/memory/tech-study/2026-06-11.md
@ -0,0 +1,130 @@
 # Tech Study — 2026-06-11
 > Daily scan of programming, AI/ML, DevOps, open source, and security developments.
 > Focus: relevance to a self-hosted full-stack developer running Coolify + Supabase + Forgejo + Evolution API on Ubuntu.
 ---
 ## 1. 🤖 Microsoft Build 2026: Seven In-House MAI Models + Frontier Tuning
 **What:** Microsoft shipped seven in-house AI models at Build 2026 under the "MAI" family — spanning reasoning (MAI-Thinking-1: 35B active / ~1T total sparse MoE, 256K context, matches Claude Opus 4.6 on SWE-Bench Pro), code (MAI-Code-1-Flash: 5B, ~51% SWE-Bench Pro, Haiku-class cost), image, transcription, and voice. Available on Foundry, Copilot, OpenRouter, Fireworks, and Baseten. Key differentiator: **Frontier Tuning** — private RL environments that let orgs train MAI models on real workflow traces (Excel-tuned MAI matches GPT-5.4 at ~10× efficiency in Microsoft tests).
 **Why it matters:** Microsoft is aggressively reducing dependency on OpenAI. If you're on Azure/Copilot, MAI is becoming the default. For self-hosters, the models are available on OpenRouter — meaning you can route to them from your own tooling. Frontier Tuning is a pattern worth watching for teams with proprietary workflows.
 **Source:** https://mer.vin/2026/06/ai-engineering-roundup-june-2026-nemotron-gemma-mai-m3-bedrock-codex-and-agent-security
 **Action item:** None immediate. Watch for MAI models appearing on OpenRouter for potential use in local AI workflows.
 ---
 ## 2. 🧠 Open-Source AI Models: MiniMax M3, NVIDIA Cosmos 3, Zyphra ZAYA1-8B
 **What:** Three notable open-weight model releases:
 - **MiniMax M3** — First open-weight model combining frontier SWE capabilities (59.0% SWE-Bench Pro, beating GPT-5.5 and Gemini 3.1 Pro) with 1M-token context window and native multimodal computer use. Built on MiniMax Sparse Attention (MSA) architecture. Open weights.
 - **NVIDIA Cosmos 3** — Open foundation model for physical AI using Mixture-of-Transformers (reasoning + expert generation). Optimized for robotic policy development and synthetic data generation. #1 on RoboArena, PAI-Bench, RoboLab. Super/Nano variants available.
 - **Zyphra ZAYA1-8B** — Apache 2.0, sparse routing (8B total, 760M active per token), trained from scratch on AMD Instinct hardware — proving you don't need NVIDIA for efficient model training.
 **Why it matters:** The open-weight ecosystem is producing models competitive with frontier proprietary ones. MiniMax M3's 1M context + computer use is particularly relevant for AI agent builders. ZAYA1-8B on AMD hardware breaks the NVIDIA training monopoly.
 **Source:** https://www.devflokers.com/blog/open-source-ai-roundup-june-2026
 **Action item:** Evaluate MiniMax M3 for local agent workloads if you're building AI-powered tools. The open-weight license means you can self-host.
 ---
 ## 3. 🔐 Supabase June 2026 Update: Passkeys, ChatGPT App, AI Agent Plugin, Multigres
 **What:** Supabase shipped several major features:
 - **Passkey Sign-in for Auth** — Biometric/passwordless auth (Face ID, Touch ID, Windows Hello) via WebAuthn. Phishing-resistant. In beta for all projects.
 - **Supabase is now an official ChatGPT app** — 29 tools for SQL execution, schema changes, branching, edge function deployment, and live logs directly from ChatGPT.
 - **Supabase Plugin for AI Coding Agents** — Bundles Supabase MCP server + agent skills. Supports Claude Code, Cursor, Codex, Gemini CLI. One install, full Supabase workflow.
 - **Multigres 0.1 alpha** — Open-source "operating system for Postgres" with sharding, connection pooling, automatic failover, backup orchestration. Coming to Supabase.
 - **$500M Series F at $10B valuation** — Led by GIC.
 - **New API key model** — `publishable` keys (low-privilege) + revocable `secret` keys replacing long-lived JWT anon/service_role keys. Legacy keys being removed late 2026.
 **Why it matters:** Directly impacts our Supabase deployment. The AI Coding Agent plugin is immediately useful — install it once and your agents get full Supabase capabilities. The new API key model is a security improvement but **legacy keys are being removed in late 2026** — we need to migrate. Passkeys are a nice UX upgrade for user-facing apps.
 **Source:** https://releasebot.io/updates/supabase
 **Action items:**
 - [ ] Install Supabase AI Coding Agent plugin for Claude Code/Cursor workflows
 - [ ] Plan migration from legacy JWT API keys to new publishable/secret key model before late 2026
 - [ ] Evaluate Multigres when it hits Supabase for potential performance improvements
 - [ ] Consider enabling Passkey auth for user-facing applications
 ---
 ## 4. 🐳 Docker Desktop 4.76.0 Security Update + Engine v29.5.2
 **What:** Docker published a security advisory (June 5, 2026) for CVE-2026-8936 — uncontrolled recursion in the grpcfuse kernel module allowing local DoS. Affects Docker Desktop 4.0.0–4.75.0. Patch available in 4.76.0+. Also: Docker Engine v29.5.2, Buildx v0.34.0, time namespacing support for ECI protected containers, and various bug fixes.
 **Why it matters:** The CVE is low severity (local access only, DoS), but our Docker Engine should be kept current. We're running Docker on Ubuntu server (not Desktop), so the Desktop-specific CVE doesn't directly apply, but Engine updates do.
 **Source:** https://www.cybersecurity-help.cz/vdb/SB2026060517
 **Action item:** Check current Docker Engine version (`docker version`) and update to latest if behind. Our Coolify-managed Docker should handle this, but verify.
 ---
 ## 5. 📦 npm Supply Chain Security: Lessons from Recent Attacks
 **What:** Supabase's June release notes highlighted ongoing npm supply-chain attacks. Key recommendations:
 - Pin dependency versions and use lockfiles
 - Set 7-day quarantine on new package versions (`minimumReleaseAge` in pnpm, `min-release-age` in npm)
 - Block lifecycle scripts by default (`ignore-scripts=true`)
 - Block non-registry transitive refs
 - Use Socket.dev, npq, or Snyk as second-line defense
 - Rotate all credentials (AWS, GCP, K8s, Vault, GitHub, npm, SSH, Supabase service-role keys) if you ever installed a compromised package
 **Why it matters:** Our Next.js app and any Node.js services are in the npm ecosystem. Supply chain attacks are increasing in frequency and sophistication.
 **Source:** https://releases.sh/supabase/releases
 **Action items:**
 - [ ] Audit our Next.js project for npm supply chain hygiene
 - [ ] Set `minimumReleaseAge` or `min-release-age` in package manager config
 - [ ] Enable `ignore-scripts=true` where not already set
 - [ ] Pin package manager version in `package.json`
 ---
 ## 6. ☸️ Cloud Native Weekly: 69 Releases This Week (Cilium, Crossplane, KEDA, Rook, Backstage)
 **What:** The CNCF ecosystem had 69 releases and 159 news items in the week of June 8-14, 2026. Notable projects with updates: Cilium, Crossplane, KEDA, Rook, Backstage. Previous weeks saw updates to Dapr, Linkerd2, OpenCost, Kubescape, and others.
 **Why it matters:** While we're not running Kubernetes (using Docker Compose via Coolify), these tools represent the broader ecosystem direction. KEDA (event-driven autoscaling) and Backstage (developer portal) are particularly relevant if we ever scale to K8s.
 **Source:** https://lwcn.dev/newsletter/2026-week-24/
 **Action item:** None immediate. Bookmark for future reference if we migrate to Kubernetes.
 ---
 ## 7. 🦀 Zig 0.16.0 Released (April 2026) — Still Pre-1.0
 **What:** Zig 0.16.0 shipped with 8 months of work from 244 contributors across 1183 commits. Key feature: "I/O as an Interface" — a new abstraction for I/O operations. Also includes compiler, build system, linker, fuzzer, and toolchain improvements. Still at 0.x — no 1.0 stable release date announced.
 **Why it matters:** Zig continues to mature as a C replacement with no dependencies, excellent cross-compilation, and growing ecosystem. Not yet at 1.0, but the pace of development is strong. Worth watching for systems programming projects.
 **Source:** https://lwn.net/Articles/1067634
 **Action item:** None immediate. Revisit when Zig hits 1.0 for potential use in performance-critical services.
 ---
 ## Summary of Action Items
 | Priority | Item | Deadline |
 |----------|------|----------|
 | 🔴 High | Migrate Supabase legacy API keys to new model | Before late 2026 |
 | 🔴 High | Audit npm supply chain hygiene in Next.js project | This week |
 | 🟡 Medium | Update Docker Engine to latest version | This week |
 | 🟡 Medium | Install Supabase AI Coding Agent plugin | When next using Claude Code/Cursor |
 | 🟢 Low | Evaluate MiniMax M3 for local AI workloads | When building AI features |
 | 🟢 Low | Consider Passkey auth for user-facing apps | Next auth update |
 | 🟢 Low | Watch Zig 1.0 release | Ongoing |
 ---
 *Generated by Morpheus — Daily Tech Study cron job*
 *Next scan: 2026-06-12*
--- a/daily/2026-06-11.md
+++ b/daily/2026-06-11.md
@ -0,0 +1,3 @@
 # 2026-06-11
 - Daily backup ran at 02:00 UTC. No activity logged yet (early morning).
--- a/research/tech-study/2026-06-10.md
+++ b/research/tech-study/2026-06-10.md
@ -0,0 +1,136 @@
 # 🧠 Daily Tech Study — 2026-06-10
 > Morpheus auto-study. Focus: programming, AI/ML, DevOps, open source, security.
 ---
 ## 1. 🔥 Microsoft Build 2026: MAI Model Family — 7 New Models
 **Why it matters:** Microsoft launched its own model family (MAI) spanning image, voice, transcription, reasoning, and coding — all under a "Humanist Superintelligence" philosophy. Key highlights:
 - **MAI Thinking 1**: 35B active param MoE reasoning model, 256k context, 97% on AME 2025, 53% on SWE Bench Pro (matches Opus 4.6). Zero distillation, clean data lineage.
 - **MAI Code 1 Flash**: 5B param coding model, 51% on SWE Bench Pro, rolling out in VS Code/GitHub Copilot CLI.
 - **MAI Transcribe 1.5**: Beats Gemini/OpenAI on transcription across 43 languages, 5x faster.
 - **MAI Voice 2 Flash**: Ultra-low latency for voice agents — positioned as "the big thing in 2026."
 **Source:** [DEV Community — Microsoft Build 2026 and NVIDIA GTC](https://dev.to/vjswamy/microsoft-build-2026-and-nvidia-gtc-june-2026-the-biggest-ai-announcements-of-the-summer-5dg5)
 **Action item:** MAI models on Azure Foundry could be a cost-effective alternative to OpenAI/Anthropic for specific workloads (transcription, voice agents). Worth evaluating when Foundry access is available.
 ---
 ## 2. 🚀 NVIDIA GTC June 2026: Blackwell Ultra & Agentic AI
 **Why it matters:** NVIDIA's GTC pushed Blackwell Ultra advances and an agentic AI ecosystem. The focus shifted from raw training to inference efficiency and agent orchestration. This signals the industry's pivot from "bigger models" to "smarter deployment."
 **Source:** [DEV Community — Microsoft Build 2026 and NVIDIA GTC](https://dev.to/vjswamy/microsoft-build-2026-and-nvidia-gtc-june-2026-the-biggest-ai-announcements-of-the-summer-5dg5)
 **Action item:** For our self-hosted Hermes agent setup, the trend toward efficient sparse models (like MiniMax M3 below) means better local inference is coming. Keep an eye on models that can run on consumer GPUs.
 ---
 ## 3. 🤖 Open-Source AI Roundup: MiniMax M3, NVIDIA Cosmos 3, ZAYA1-8B
 **Why it matters:** Three significant open-source model releases this month:
 - **MiniMax M3**: First open-weight model with 1M token context + native multi-modal computer use. 59% SWE-Bench Pro (beats GPT-5.5 and Gemini 3.1 Pro). Built on MiniMax Sparse Attention (MSA) architecture.
 - **NVIDIA Cosmos 3**: Open foundation model for physical AI (robotics, synthetic data). Mixture-of-Transformers architecture. #1 on RoboArena. Comes in Super/Nano/Edge variants.
 - **ZAYA1-8B** (Zyphra): Apache 2.0, sparse routing, 8B total / 760M active params. Trained from scratch on AMD Instinct — proves you don't need NVIDIA for training.
 **Source:** [devFlokers — Open-Source AI June 2026](https://www.devflokers.com/blog/open-source-ai-roundup-june-2026)
 **Action item:** MiniMax M3's computer-use capabilities are directly relevant for agent automation. When weights drop, worth testing for self-hosted agent workflows. ZAYA1-8B's AMD training is notable for future hardware decisions.
 ---
 ## 4. 📊 AI Model Wars: GPT-5.6 vs Claude Sonnet 4.8 vs Gemini 3.5 Pro
 **Why it matters:** June 2026 is the most crowded month in AI model history:
 - **GPT-5.6** (OpenAI): ~89% Polymarket odds for June release. 1.5M token context, multi-step reasoning, agentic workflows. SWE-bench ~88.7% on 5.5.
 - **Claude Sonnet 4.8** (Anthropic): Leaked via LM Arena. Focus on speed + coding efficiency.
 - **Gemini 3.5 Pro** (Google): Confirmed at Google I/O 2026. Reasoning, long-context, multimodal.
 - **Claude Fable 5** (Anthropic): Released June 9, 2026 — the most recent frontier model.
 **Source:** [Gudz.ai — June 2026 AI Model Showdown](https://gudz.ai/posts/june-2026-ai-model-showdown) | [AI Release Tracker](https://aireleasetracker.com/latest)
 **Action item:** The 6-8 week iteration cycle at the frontier is unprecedented. For our Hermes agent setup, this means the model landscape will keep shifting fast. Stay flexible on model selection.
 ---
 ## 5. 🔒 Security: Docker BuildKit Critical Vulnerabilities (CVE-2026-33747, CVE-2026-33748)
 **Why it matters:** Ubuntu Security Notice USN-8230-1 flagged **critical** vulnerabilities in Docker BuildKit:
 - **CVE-2026-33747**: BuildKit incorrectly handles file path validation → attacker can write files outside intended state directory.
 - **CVE-2026-33748**: BuildKit incorrectly validates Git URL subdir → attacker can access files outside checked-out repo root.
 - Fixed in `docker.io 29.1.3-0ubuntu4.1` for Ubuntu 26.04 LTS.
 - Also: Docker Desktop DoS vulnerability (CVE-2026-8936, Low severity) in grpcfuse kernel module.
 **Source:** [Linux Security — USN-8230-1](https://linuxsecurity.com/advisories/ubuntu/ubuntu-8230-1-docker)
 **Action item:** ⚠️ **Check Docker version on srv1738842.** Run `docker version` and ensure BuildKit is patched. If using Docker for deployments via Coolify, this is especially important since Coolify builds from Git repos.
 ---
 ## 6. 📦 Supabase June 2026: Passkey Auth, ChatGPT Integration, AI Agent Plugin, Security Defaults
 **Why it matters:** Supabase shipped major updates:
 - **$500M Series F** at $10B valuation (led by GIC).
 - **Passkey Sign-in for Auth**: WebAuthn-based, biometric/passwordless. In beta now.
 - **Supabase is now an official ChatGPT app**: 29 tools for SQL, schema, branching, edge functions, logs — all conversational.
 - **Supabase Plugin for AI Coding Agents**: Bundles MCP server + agent skills. Supports Claude Code, Cursor, Codex, Gemini CLI.
 - **Security change**: New tables in public schema are **no longer auto-exposed** to Data API by default (rolling out to existing projects by Oct 30, 2026).
 - **Multigres 0.1 alpha**: Open-source Postgres OS with sharding, connection pooling, failover, backup orchestration.
 **Source:** [Releasebot — Supabase June 2026](https://releasebot.io/updates/supabase)
 **Action item:** 
 1. The AI Coding Agent plugin is directly relevant — could improve our Supabase development workflow.
 2. The Data API default-exposure change hits existing projects by Oct 30. Audit our Supabase tables and ensure explicit grants are in place before then.
 3. Multigres is worth watching for future Postgres management.
 ---
 ## 7. 🐳 Docker Desktop 4.74-4.76: Gordon GA, Ubuntu 26.04 Support, Security Fixes
 **Why it matters:** Recent Docker Desktop releases:
 - **Gordon GA**: Docker's AI agent for container workflows, now generally available with new usage plans.
 - **Ubuntu 26.04 support** added on Linux.
 - **Docker Engine v29.5.2**, Buildx v0.34.0, Offload v0.5.92.
 - Time namespacing support for ECI protected containers.
 - Various bug fixes for WSL, API errors, image handling.
 **Source:** [Releasebot — Docker Desktop](https://releasebot.io/updates/docker)
 **Action item:** Gordon (Docker's AI agent) could streamline container management. Worth exploring for Coolify workflows.
 ---
 ## 8. 📈 Trending Open Source: AI Agents & Coding Tools Dominate GitHub
 **Why it matters:** Top trending GitHub repos this month are all AI/agent-related:
 - **codegraph** (43k⭐/mo): Pre-indexed code knowledge graph for AI coding agents. 100% local.
 - **headroom** (16k⭐/mo): Compress tool outputs/RAG chunks 60-95% before LLM. Huge token savings.
 - **CloakBrowser** (24k⭐/mo): Stealth Chromium passing all bot detection. Playwright replacement.
 - **Understand-Anything** (54k⭐/mo): Interactive code knowledge graphs.
 - **agentmemory** (21k⭐/mo): Persistent memory for AI coding agents.
 - **last30days-skill** (34.6k⭐/mo): AI agent skill for researching across Reddit, X, YouTube, HN, Polymarket.
 - **turbovec** (8.9k⭐/mo): Rust vector index with Python bindings.
 - **google/skills** (12.4k⭐/mo): Agent Skills for Google products.
 **Source:** [GitHub Trending](https://wangchujiang.com/github-rank/trending-monthly.html) | [Git Gazette](https://www.gitgazette.com/trending)
 **Action item:** `headroom` (token compression) and `agentmemory` (persistent agent memory) are directly applicable to our OpenClaw/Morpheus setup. Worth investigating integration.
 ---
 ## 🔑 Key Takeaways for Our Setup
 | Area | Action |
 |------|--------|
 | **Security** | ⚠️ Check Docker/BuildKit version on srv1738842. Patch if < 29.1.3. |
 | **Supabase** | Audit Data API table grants before Oct 30 default-exposure change. Try the AI Coding Agent plugin. |
 | **AI Models** | Frontier models iterating every 6-8 weeks. Stay flexible. MiniMax M3's computer-use is worth testing when weights drop. |
 | **Open Source** | `headroom` for token compression and `agentmemory` for persistent agent memory — evaluate for Morpheus setup. |
 | **Self-hosting** | Trend toward open-weight models with sparse attention = better local inference on modest hardware. Good for our Hermes agent. |
 ---
 *Study by Morpheus. Next study: 2026-06-11.*
--- a/research/tech-study/2026-06-11.md
+++ b/research/tech-study/2026-06-11.md
@ -0,0 +1,130 @@
 # Tech Study — 2026-06-11
 > Daily scan of programming, AI/ML, DevOps, open source, and security developments.
 > Focus: relevance to a self-hosted full-stack developer running Coolify + Supabase + Forgejo + Evolution API on Ubuntu.
 ---
 ## 1. 🤖 Microsoft Build 2026: Seven In-House MAI Models + Frontier Tuning
 **What:** Microsoft shipped seven in-house AI models at Build 2026 under the "MAI" family — spanning reasoning (MAI-Thinking-1: 35B active / ~1T total sparse MoE, 256K context, matches Claude Opus 4.6 on SWE-Bench Pro), code (MAI-Code-1-Flash: 5B, ~51% SWE-Bench Pro, Haiku-class cost), image, transcription, and voice. Available on Foundry, Copilot, OpenRouter, Fireworks, and Baseten. Key differentiator: **Frontier Tuning** — private RL environments that let orgs train MAI models on real workflow traces (Excel-tuned MAI matches GPT-5.4 at ~10× efficiency in Microsoft tests).
 **Why it matters:** Microsoft is aggressively reducing dependency on OpenAI. If you're on Azure/Copilot, MAI is becoming the default. For self-hosters, the models are available on OpenRouter — meaning you can route to them from your own tooling. Frontier Tuning is a pattern worth watching for teams with proprietary workflows.
 **Source:** https://mer.vin/2026/06/ai-engineering-roundup-june-2026-nemotron-gemma-mai-m3-bedrock-codex-and-agent-security
 **Action item:** None immediate. Watch for MAI models appearing on OpenRouter for potential use in local AI workflows.
 ---
 ## 2. 🧠 Open-Source AI Models: MiniMax M3, NVIDIA Cosmos 3, Zyphra ZAYA1-8B
 **What:** Three notable open-weight model releases:
 - **MiniMax M3** — First open-weight model combining frontier SWE capabilities (59.0% SWE-Bench Pro, beating GPT-5.5 and Gemini 3.1 Pro) with 1M-token context window and native multimodal computer use. Built on MiniMax Sparse Attention (MSA) architecture. Open weights.
 - **NVIDIA Cosmos 3** — Open foundation model for physical AI using Mixture-of-Transformers (reasoning + expert generation). Optimized for robotic policy development and synthetic data generation. #1 on RoboArena, PAI-Bench, RoboLab. Super/Nano variants available.
 - **Zyphra ZAYA1-8B** — Apache 2.0, sparse routing (8B total, 760M active per token), trained from scratch on AMD Instinct hardware — proving you don't need NVIDIA for efficient model training.
 **Why it matters:** The open-weight ecosystem is producing models competitive with frontier proprietary ones. MiniMax M3's 1M context + computer use is particularly relevant for AI agent builders. ZAYA1-8B on AMD hardware breaks the NVIDIA training monopoly.
 **Source:** https://www.devflokers.com/blog/open-source-ai-roundup-june-2026
 **Action item:** Evaluate MiniMax M3 for local agent workloads if you're building AI-powered tools. The open-weight license means you can self-host.
 ---
 ## 3. 🔐 Supabase June 2026 Update: Passkeys, ChatGPT App, AI Agent Plugin, Multigres
 **What:** Supabase shipped several major features:
 - **Passkey Sign-in for Auth** — Biometric/passwordless auth (Face ID, Touch ID, Windows Hello) via WebAuthn. Phishing-resistant. In beta for all projects.
 - **Supabase is now an official ChatGPT app** — 29 tools for SQL execution, schema changes, branching, edge function deployment, and live logs directly from ChatGPT.
 - **Supabase Plugin for AI Coding Agents** — Bundles Supabase MCP server + agent skills. Supports Claude Code, Cursor, Codex, Gemini CLI. One install, full Supabase workflow.
 - **Multigres 0.1 alpha** — Open-source "operating system for Postgres" with sharding, connection pooling, automatic failover, backup orchestration. Coming to Supabase.
 - **$500M Series F at $10B valuation** — Led by GIC.
 - **New API key model** — `publishable` keys (low-privilege) + revocable `secret` keys replacing long-lived JWT anon/service_role keys. Legacy keys being removed late 2026.
 **Why it matters:** Directly impacts our Supabase deployment. The AI Coding Agent plugin is immediately useful — install it once and your agents get full Supabase capabilities. The new API key model is a security improvement but **legacy keys are being removed in late 2026** — we need to migrate. Passkeys are a nice UX upgrade for user-facing apps.
 **Source:** https://releasebot.io/updates/supabase
 **Action items:**
 - [ ] Install Supabase AI Coding Agent plugin for Claude Code/Cursor workflows
 - [ ] Plan migration from legacy JWT API keys to new publishable/secret key model before late 2026
 - [ ] Evaluate Multigres when it hits Supabase for potential performance improvements
 - [ ] Consider enabling Passkey auth for user-facing applications
 ---
 ## 4. 🐳 Docker Desktop 4.76.0 Security Update + Engine v29.5.2
 **What:** Docker published a security advisory (June 5, 2026) for CVE-2026-8936 — uncontrolled recursion in the grpcfuse kernel module allowing local DoS. Affects Docker Desktop 4.0.0–4.75.0. Patch available in 4.76.0+. Also: Docker Engine v29.5.2, Buildx v0.34.0, time namespacing support for ECI protected containers, and various bug fixes.
 **Why it matters:** The CVE is low severity (local access only, DoS), but our Docker Engine should be kept current. We're running Docker on Ubuntu server (not Desktop), so the Desktop-specific CVE doesn't directly apply, but Engine updates do.
 **Source:** https://www.cybersecurity-help.cz/vdb/SB2026060517
 **Action item:** Check current Docker Engine version (`docker version`) and update to latest if behind. Our Coolify-managed Docker should handle this, but verify.
 ---
 ## 5. 📦 npm Supply Chain Security: Lessons from Recent Attacks
 **What:** Supabase's June release notes highlighted ongoing npm supply-chain attacks. Key recommendations:
 - Pin dependency versions and use lockfiles
 - Set 7-day quarantine on new package versions (`minimumReleaseAge` in pnpm, `min-release-age` in npm)
 - Block lifecycle scripts by default (`ignore-scripts=true`)
 - Block non-registry transitive refs
 - Use Socket.dev, npq, or Snyk as second-line defense
 - Rotate all credentials (AWS, GCP, K8s, Vault, GitHub, npm, SSH, Supabase service-role keys) if you ever installed a compromised package
 **Why it matters:** Our Next.js app and any Node.js services are in the npm ecosystem. Supply chain attacks are increasing in frequency and sophistication.
 **Source:** https://releases.sh/supabase/releases
 **Action items:**
 - [ ] Audit our Next.js project for npm supply chain hygiene
 - [ ] Set `minimumReleaseAge` or `min-release-age` in package manager config
 - [ ] Enable `ignore-scripts=true` where not already set
 - [ ] Pin package manager version in `package.json`
 ---
 ## 6. ☸️ Cloud Native Weekly: 69 Releases This Week (Cilium, Crossplane, KEDA, Rook, Backstage)
 **What:** The CNCF ecosystem had 69 releases and 159 news items in the week of June 8-14, 2026. Notable projects with updates: Cilium, Crossplane, KEDA, Rook, Backstage. Previous weeks saw updates to Dapr, Linkerd2, OpenCost, Kubescape, and others.
 **Why it matters:** While we're not running Kubernetes (using Docker Compose via Coolify), these tools represent the broader ecosystem direction. KEDA (event-driven autoscaling) and Backstage (developer portal) are particularly relevant if we ever scale to K8s.
 **Source:** https://lwcn.dev/newsletter/2026-week-24/
 **Action item:** None immediate. Bookmark for future reference if we migrate to Kubernetes.
 ---
 ## 7. 🦀 Zig 0.16.0 Released (April 2026) — Still Pre-1.0
 **What:** Zig 0.16.0 shipped with 8 months of work from 244 contributors across 1183 commits. Key feature: "I/O as an Interface" — a new abstraction for I/O operations. Also includes compiler, build system, linker, fuzzer, and toolchain improvements. Still at 0.x — no 1.0 stable release date announced.
 **Why it matters:** Zig continues to mature as a C replacement with no dependencies, excellent cross-compilation, and growing ecosystem. Not yet at 1.0, but the pace of development is strong. Worth watching for systems programming projects.
 **Source:** https://lwn.net/Articles/1067634
 **Action item:** None immediate. Revisit when Zig hits 1.0 for potential use in performance-critical services.
 ---
 ## Summary of Action Items
 | Priority | Item | Deadline |
 |----------|------|----------|
 | 🔴 High | Migrate Supabase legacy API keys to new model | Before late 2026 |
 | 🔴 High | Audit npm supply chain hygiene in Next.js project | This week |
 | 🟡 Medium | Update Docker Engine to latest version | This week |
 | 🟡 Medium | Install Supabase AI Coding Agent plugin | When next using Claude Code/Cursor |
 | 🟢 Low | Evaluate MiniMax M3 for local AI workloads | When building AI features |
 | 🟢 Low | Consider Passkey auth for user-facing apps | Next auth update |
 | 🟢 Low | Watch Zig 1.0 release | Ongoing |
 ---
 *Generated by Morpheus — Daily Tech Study cron job*
 *Next scan: 2026-06-12*
		`@ -0,0 +1,3 @@`
							`# 2026-06-11`

							`- Daily backup ran at 02:00 UTC. No activity logged yet (early morning).`