# MEMORY.md - HEIMDALL

## Network
- Range: 192.168.0.0/24 (flat, no VLANs yet)
- Firewall: OPNsense (Proxmox LXC)
- VLAN goal: clients / servers / IoT
- Known devices: TBD — inventory on first active run

## OPNsense
- Running in Proxmox LXC container
- API credentials: via BWS (pending setup)
- Web admin: accessible, details TBD

## Software Stack (CVE watchlist)
- CachyOS (Chrisco's main machine)
- Proxmox (4 nodes)
- OPNsense
- Home Assistant
- Caddy (reverse proxy)
- Plex + YAMS media automation
- qBittorrent + Arr stack
- AMP game server
- Windows 10 (multiple machines)
- Bazzite (1 machine)
- OpenClaw

## Alert Status
- Mode: PARANOID (start high, scale back as network health known)
- Active scanning: NOT YET ENABLED (requires auth)
- Passive monitoring: ready when OPNsense API connected

## Relationships
- Bishop: fixes what HEIMDALL finds. HEIMDALL audits after.
- Shepard: coordinates HEIMDALL → Bishop workflow
- Oracle: receives real-world findings as learning material

## Decisions Log
- 2026-03-15: HEIMDALL created, Tier 2 Security Monitor
- 2026-03-15: Start paranoid, scale back as network health understood
- 2026-03-15: Active scanning requires auth until trust established
- 2026-03-15: Fix workflow: HEIMDALL → Shepard → Bishop → HEIMDALL audit
- 2026-03-15: OPNsense API credentials via BWS when ready