✨ Add automated session logging system

- Created logs/ structure (sessions, operations, incidents)
- Added session-start/log/end scripts
- Installed Git hooks for auto-logging commits/pushes
- Added shell integration for zsh
- Created CHANGELOG.md
- Documented today's session (2026-01-10)

docs/infrastructure_quick_ref.ipynb

@@ -6,12 +6,19 @@
    "source": [
     "# 🚀 Infrastructure Quick Reference — DAARION & MicroDAO\n",
     "\n",
-    "Версія:** 2.3.0  \n",
-    "Останнє оновлення:** 2026-01-09 13:50  \n",
+    "Версія:** 2.4.0  \n",
+    "Останнє оновлення:** 2026-01-10 XX:XX  \n",
     "\n",
     "Цей notebook містить швидкий довідник по серверах, репозиторіях та endpoints для DAGI Stack.\n",
     "\n",
-    "**NEW (v2.3.0):** \n",
+    "**🔴 CRITICAL (v2.4.0) - Jan 10, 2026:**\n",
+    "- 🔴 **Incident #4: NODE1 Host Compromise Suspected**\n",
+    "- ❌ ALL PostgreSQL images show malware on NODE1 (15-alpine, 16-alpine, 14, 16)\n",
+    "- ⚠️ **NODE1 UNSAFE** - Do not deploy any containers until verified\n",
+    "- 📋 **Triage script added**: `scripts/security/triage-postgres-compromise.sh`\n",
+    "- 🔬 **Verification required**: Test same image digest on clean host\n",
+    "\n",
+    "**v2.3.0:** \n",
     "- 🖥️ **NODE3 added** - Threadripper PRO 5975WX + RTX 3090 24GB\n",
     "- 🚀 Most powerful node for AI/ML workloads (32c/64t, 128GB RAM, 4TB NVMe)\n",
     "- ✅ Security verified - clean system\n",
@@ -171,24 +178,23 @@
    "cell_type": "markdown",
    "metadata": {},
    "source": [
-    "## 🐙 GitHub Repositories",
-    "",
-    "### 1. MicroDAO (Current Project)",
-    "- **Repository:** `git@github.com:IvanTytar/microdao-daarion`",
-    "- **HTTPS:** `https://github.com/IvanTytar/microdao-daarion`",
-    "- **Remote Name:** `origin`",
-    "- **Main Branch:** `main`",
-    "- **Purpose:** MicroDAO core code, DAGI Stack, documentation",
-    "",
-    "### 2. DAARION.city",
-    "- **Repository:** `git@github.com:DAARION-DAO/daarion-ai-city.git`",
-    "- **HTTPS:** `https://github.com/DAARION-DAO/daarion-ai-city.git`",
-    "- **Remote Name:** `daarion-city`",
-    "- **Main Branch:** `main`",
-    "- **Purpose:** Official DAARION.city website and integrations",
-    "",
-    "---",
-    ""
+    "## 🐙 GitHub Repositories\n",
+    "\n",
+    "### 1. MicroDAO (Current Project)\n",
+    "- **Repository:** `git@github.com:IvanTytar/microdao-daarion`\n",
+    "- **HTTPS:** `https://github.com/IvanTytar/microdao-daarion`\n",
+    "- **Remote Name:** `origin`\n",
+    "- **Main Branch:** `main`\n",
+    "- **Purpose:** MicroDAO core code, DAGI Stack, documentation\n",
+    "\n",
+    "### 2. DAARION.city\n",
+    "- **Repository:** `git@github.com:DAARION-DAO/daarion-ai-city.git`\n",
+    "- **HTTPS:** `https://github.com/DAARION-DAO/daarion-ai-city.git`\n",
+    "- **Remote Name:** `daarion-city`\n",
+    "- **Main Branch:** `main`\n",
+    "- **Purpose:** Official DAARION.city website and integrations\n",
+    "\n",
+    "---\n"
    ]
   },
   {
@@ -197,50 +203,49 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "# GitHub Repositories Configuration",
-    "REPOSITORIES = {",
-    "    \"microdao-daarion\": {",
-    "        \"name\": \"MicroDAO\",",
-    "        \"ssh_url\": \"git@github.com:IvanTytar/microdao-daarion\",",
-    "        \"https_url\": \"https://github.com/IvanTytar/microdao-daarion\",",
-    "        \"remote_name\": \"origin\",",
-    "        \"main_branch\": \"main\",",
-    "        \"purpose\": \"MicroDAO core code, DAGI Stack, documentation\",",
-    "        \"clone_cmd\": \"git clone git@github.com:IvanTytar/microdao-daarion\"",
-    "    },",
-    "    \"daarion-ai-city\": {",
-    "        \"name\": \"DAARION.city\",",
-    "        \"ssh_url\": \"git@github.com:DAARION-DAO/daarion-ai-city.git\",",
-    "        \"https_url\": \"https://github.com/DAARION-DAO/daarion-ai-city.git\",",
-    "        \"remote_name\": \"daarion-city\",",
-    "        \"main_branch\": \"main\",",
-    "        \"purpose\": \"Official DAARION.city website and integrations\",",
-    "        \"clone_cmd\": \"git clone git@github.com:DAARION-DAO/daarion-ai-city.git\"",
-    "    }",
-    "}",
-    "",
-    "print(\"GitHub Repositories:\")",
-    "print(\"=\"*80)",
-    "for repo_id, repo in REPOSITORIES.items():",
-    "    print(f\"\\n{repo['name']} ({repo_id})\")",
-    "    print(f\"  SSH URL:     {repo['ssh_url']}\")",
-    "    print(f\"  HTTPS URL:   {repo['https_url']}\")",
-    "    print(f\"  Remote:      {repo['remote_name']}\")",
-    "    print(f\"  Branch:      {repo['main_branch']}\")",
-    "    print(f\"  Purpose:     {repo['purpose']}\")",
-    "    print(f\"  Clone:       {repo['clone_cmd']}\")",
-    "",
-    "print(\"\\n\" + \"=\"*80)",
-    "print(\"\\nQuick Commands:\")",
-    "print(\"\\n# Clone MicroDAO:\")",
-    "print(\"git clone git@github.com:IvanTytar/microdao-daarion.git\")",
-    "print(\"\\n# Clone DAARION.city:\")",
-    "print(\"git clone git@github.com:DAARION-DAO/daarion-ai-city.git\")",
-    "print(\"\\n# Add DAARION.city as remote to MicroDAO:\")",
-    "print(\"cd microdao-daarion\")",
-    "print(\"git remote add daarion-city git@github.com:DAARION-DAO/daarion-ai-city.git\")",
-    "print(\"git fetch daarion-city\")",
-    ""
+    "# GitHub Repositories Configuration\n",
+    "REPOSITORIES = {\n",
+    "    \"microdao-daarion\": {\n",
+    "        \"name\": \"MicroDAO\",\n",
+    "        \"ssh_url\": \"git@github.com:IvanTytar/microdao-daarion\",\n",
+    "        \"https_url\": \"https://github.com/IvanTytar/microdao-daarion\",\n",
+    "        \"remote_name\": \"origin\",\n",
+    "        \"main_branch\": \"main\",\n",
+    "        \"purpose\": \"MicroDAO core code, DAGI Stack, documentation\",\n",
+    "        \"clone_cmd\": \"git clone git@github.com:IvanTytar/microdao-daarion\"\n",
+    "    },\n",
+    "    \"daarion-ai-city\": {\n",
+    "        \"name\": \"DAARION.city\",\n",
+    "        \"ssh_url\": \"git@github.com:DAARION-DAO/daarion-ai-city.git\",\n",
+    "        \"https_url\": \"https://github.com/DAARION-DAO/daarion-ai-city.git\",\n",
+    "        \"remote_name\": \"daarion-city\",\n",
+    "        \"main_branch\": \"main\",\n",
+    "        \"purpose\": \"Official DAARION.city website and integrations\",\n",
+    "        \"clone_cmd\": \"git clone git@github.com:DAARION-DAO/daarion-ai-city.git\"\n",
+    "    }\n",
+    "}\n",
+    "\n",
+    "print(\"GitHub Repositories:\")\n",
+    "print(\"=\"*80)\n",
+    "for repo_id, repo in REPOSITORIES.items():\n",
+    "    print(f\"\\n{repo['name']} ({repo_id})\")\n",
+    "    print(f\"  SSH URL:     {repo['ssh_url']}\")\n",
+    "    print(f\"  HTTPS URL:   {repo['https_url']}\")\n",
+    "    print(f\"  Remote:      {repo['remote_name']}\")\n",
+    "    print(f\"  Branch:      {repo['main_branch']}\")\n",
+    "    print(f\"  Purpose:     {repo['purpose']}\")\n",
+    "    print(f\"  Clone:       {repo['clone_cmd']}\")\n",
+    "\n",
+    "print(\"\\n\" + \"=\"*80)\n",
+    "print(\"\\nQuick Commands:\")\n",
+    "print(\"\\n# Clone MicroDAO:\")\n",
+    "print(\"git clone git@github.com:IvanTytar/microdao-daarion.git\")\n",
+    "print(\"\\n# Clone DAARION.city:\")\n",
+    "print(\"git clone git@github.com:DAARION-DAO/daarion-ai-city.git\")\n",
+    "print(\"\\n# Add DAARION.city as remote to MicroDAO:\")\n",
+    "print(\"cd microdao-daarion\")\n",
+    "print(\"git remote add daarion-city git@github.com:DAARION-DAO/daarion-ai-city.git\")\n",
+    "print(\"git fetch daarion-city\")\n"
    ]
   },
   {
@@ -733,6 +738,64 @@
     "- **Action Required:** User MUST submit statement at https://statement-abuse.hetzner.com/statements/?token=28b2c7e67a409659f6c823e863887\n",
     "- **Task Document:** `/Users/apple/github-projects/microdao-daarion/TASK_REBUILD_DAARION_WEB.md`"
    ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## 🔴 Incident #4: NODE1 Host Compromise (Jan 10, 2026)\n",
+    "\n",
+    "### Summary\n",
+    "ALL PostgreSQL official images show malware artifacts when run on NODE1.\n",
+    "This is **NOT** \"Docker Hub compromised\" — this is **NODE1 host compromise**.\n",
+    "\n",
+    "### Indicators of Compromise (IOC)\n",
+    "```\n",
+    "/tmp/httpd        # ~10MB crypto miner (xmrig variant)\n",
+    "/tmp/.perf.c/     # perfctl malware staging directory\n",
+    "/tmp/mysql        # Another miner variant\n",
+    "/tmp/cpioshuf     # perfctl payload\n",
+    "/tmp/ipcalc*      # perfctl payload\n",
+    "```\n",
+    "\n",
+    "### Affected Images (on NODE1)\n",
+    "- ❌ postgres:15-alpine\n",
+    "- ❌ postgres:16-alpine\n",
+    "- ❌ postgres:14\n",
+    "- ❌ postgres:16 (Debian)\n",
+    "\n",
+    "### Why This is HOST Compromise (not image)\n",
+    "1. ALL different image variants show same IOC\n",
+    "2. Previous incidents (#1, #2, #3) already compromised NODE1\n",
+    "3. `/tmp/.perf.c/` is classic perfctl malware directory\n",
+    "4. `tmpfs noexec` didn't prevent infection\n",
+    "\n",
+    "### Verification Procedure\n",
+    "```bash\n",
+    "# Run triage script from MacBook (NOT NODE1!)\n",
+    "cd /Users/apple/github-projects/microdao-daarion\n",
+    "./scripts/security/triage-postgres-compromise.sh compare\n",
+    "\n",
+    "# Or manually:\n",
+    "# 1. Get digest from NODE1\n",
+    "ssh root@144.76.224.179 \"docker inspect --format='{{index .RepoDigests 0}}' postgres:16\"\n",
+    "\n",
+    "# 2. Pull same digest on MacBook\n",
+    "docker pull postgres:16@sha256:<digest>\n",
+    "\n",
+    "# 3. Check if clean\n",
+    "docker run --rm postgres:16@sha256:<digest> ls -la /tmp/\n",
+    "# If empty → NODE1 compromised, image is clean\n",
+    "```\n",
+    "\n",
+    "### Current Status\n",
+    "- ⏳ **Verification pending** — Need to test on clean host\n",
+    "- 🔴 **NODE1 UNSAFE** — Do not deploy PostgreSQL\n",
+    "- 🟡 **Secrets rotation needed** — Assume all compromised\n",
+    "\n",
+    "### Full Documentation\n",
+    "See `INFRASTRUCTURE.md` → Incident #4"
+   ]
   }
  ],
  "metadata": {
@@ -756,4 +819,4 @@
  },
  "nbformat": 4,
  "nbformat_minor": 4
-}
+}