diff --git a/.daemon/logs/daemon.out.log b/.daemon/logs/daemon.out.log
index af0e415a2..39e1d4e5d 100644
--- a/.daemon/logs/daemon.out.log
+++ b/.daemon/logs/daemon.out.log
@@ -7193,3 +7193,70 @@ hint: See the 'Note about fast-forwards' in 'git push --help' for details.
 22:01:25 INFO  [watcher]    File added {"path":"/home/nicholai/.agents/memory/memories.db-wal"}
 22:01:25 INFO  [watcher]    File added {"path":"/home/nicholai/.agents/memory/memories.db-shm"}
 22:01:25 INFO  [watcher]    File changed {"path":"/home/nicholai/.agents/memory/memories.db"}
+22:01:30 INFO  [git]        Auto-committed {"message":"2026-02-19T22-01-30_auto_memory/memories.db-wal, memory/memories.db-shm, me","filesChanged":3}
+22:05:36 WARN  [git]        Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:05:36 WARN  [git]        Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:10:36 WARN  [git]        Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:10:36 WARN  [git]        Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:15:36 WARN  [git]        Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:15:36 WARN  [git]        Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:20:36 WARN  [git]        Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:20:36 WARN  [git]        Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git
+ ! [rejected]        HEAD -> main (non-fast-forward)
+error: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'
+hint: Updates were rejected because the tip of your current branch is behind
+hint: its remote counterpart. If you want to integrate the remote changes,
+hint: use 'git pull' before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+
+22:21:27 INFO  [watcher]    File added {"path":"/home/nicholai/.agents/memory/memories.db-wal"}
+22:21:27 INFO  [watcher]    File added {"path":"/home/nicholai/.agents/memory/memories.db-shm"}
diff --git a/.daemon/logs/signet-2026-02-19.log b/.daemon/logs/signet-2026-02-19.log
index c9a100cd3..b9cd01969 100644
--- a/.daemon/logs/signet-2026-02-19.log
+++ b/.daemon/logs/signet-2026-02-19.log
@@ -2608,3 +2608,14 @@
 {"timestamp":"2026-02-19T22:01:25.720Z","level":"info","category":"watcher","message":"File added","data":{"path":"/home/nicholai/.agents/memory/memories.db-wal"}}
 {"timestamp":"2026-02-19T22:01:25.720Z","level":"info","category":"watcher","message":"File added","data":{"path":"/home/nicholai/.agents/memory/memories.db-shm"}}
 {"timestamp":"2026-02-19T22:01:25.750Z","level":"info","category":"watcher","message":"File changed","data":{"path":"/home/nicholai/.agents/memory/memories.db"}}
+{"timestamp":"2026-02-19T22:01:30.925Z","level":"info","category":"git","message":"Auto-committed","data":{"message":"2026-02-19T22-01-30_auto_memory/memories.db-wal, memory/memories.db-shm, me","filesChanged":3}}
+{"timestamp":"2026-02-19T22:05:36.699Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:05:36.699Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:10:36.709Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:10:36.709Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:15:36.698Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:15:36.699Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:20:36.706Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:20:36.706Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected]        HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
+{"timestamp":"2026-02-19T22:21:27.863Z","level":"info","category":"watcher","message":"File added","data":{"path":"/home/nicholai/.agents/memory/memories.db-wal"}}
+{"timestamp":"2026-02-19T22:21:27.864Z","level":"info","category":"watcher","message":"File added","data":{"path":"/home/nicholai/.agents/memory/memories.db-shm"}}
diff --git a/memory/memories.db-shm b/memory/memories.db-shm
new file mode 100644
index 000000000..fe9ac2845
Binary files /dev/null and b/memory/memories.db-shm differ
diff --git a/memory/memories.db-wal b/memory/memories.db-wal
new file mode 100644
index 000000000..e69de29bb
diff --git a/skills/mac-server-setup/SKILL.md b/skills/mac-server-setup/SKILL.md
index 7e9e4446b..8b56870fd 100644
--- a/skills/mac-server-setup/SKILL.md
+++ b/skills/mac-server-setup/SKILL.md
@@ -117,15 +117,25 @@ before running. The script is idempotent — safe to re-run. Structure:
 - Push `~/.agents` (signet identity) and `~/.config/nvim` if upstream set
 - All repos use `upstream` as remote name
 
-### 4. SSH Hardening (separate)
+### 4. SSH Key Auth
 
-Must be done interactively, not in the script:
+Set up key-based SSH early to enable rsync file transfers.
+Can be done via MCP (no interactive step needed):
 
-1. `ssh-copy-id <host>` from local machine
-2. Verify key login works
-3. Edit `/etc/ssh/sshd_config`: `PasswordAuthentication no`,
+1. Read operator's pubkey (`~/.ssh/id_ed25519.pub`)
+2. Via MCP exec: `mkdir -p ~/.ssh && chmod 700 ~/.ssh`
+3. Append pubkey to `~/.ssh/authorized_keys` (chmod 600)
+4. Verify: `ssh -o BatchMode=yes <host> echo ok` from local
+
+Password auth can stay enabled — key auth just needs to work
+so rsync is available for file transfers.
+
+To optionally harden SSH later (disable password auth):
+
+1. Verify key login works first
+2. Edit `/etc/ssh/sshd_config`: `PasswordAuthentication no`,
    `PermitRootLogin no`, `AcceptEnv TERM`
-4. `sudo launchctl kickstart -k system/com.openssh.sshd`
+3. `sudo launchctl kickstart -k system/com.openssh.sshd`
 
 ### 5. Local SSH Config
 
@@ -140,7 +150,22 @@ Host <alias>
 
 The `SetEnv TERM` fixes kitty terminal + tmux over SSH.
 
-### 6. Verify
+### 6. Client Documentation
+
+Write a README.md and CHANGELOG.md in the client directory
+(`~/.<client>/`). These are for the nontechnical client — keep
+language plain, explain the *why* not the *how*, and avoid
+exposing implementation details. Write locally, rsync over:
+
+```
+rsync -av /tmp/readme.md <host>:~/.<client>/README.md
+```
+
+README covers: what the server is, current state, what's next,
+who to contact. CHANGELOG is a dated record in plain language
+of each setup session.
+
+### 7. Verify
 
 See [references/verification.md](references/verification.md) for the
 full checklist.
@@ -166,8 +191,15 @@ full checklist.
 - Keep software update auto-check, just defer auto-install
 - Add `set -ga terminal-overrides ",*:Tc,*:kbs=\177"` to tmux.conf for
   backspace fix over SSH
-- MCP command length limit (~1000 chars) — write scripts in chunks
-  using `cat >>` with heredocs
+- MCP command length limit (~1000 chars) — for short content, write
+  in chunks using `cat >>` with heredocs. For larger files (README,
+  docs, configs), write locally and rsync over SSH instead.
+- **SSH key auth first**: Set up SSH key auth early (before disabling
+  password auth) so rsync works from the operator's machine. Add the
+  operator's pubkey to `~/.ssh/authorized_keys` via MCP exec, then
+  verify with `ssh -o BatchMode=yes <host> echo ok`. This unlocks
+  rsync for file transfer, which is vastly better than chunked
+  heredocs through MCP.
 
 ## Gotchas (learned the hard way)