As-built (2026-04-25). Architecture documented here is deployed and operational. Three notable divergences from the original design: (1) polling-based ingest chosen over webhooks for OPSEC; (2) Tailscale Serve (not Funnel) handles HTTPS for n8n; (3) Code-node bypass for n8n credential and body-serialization bugs in this n8n version (2.8.4) — credentials and body encoding are inlined in workflow nodes rather than using HTTP Header Auth credential type. See tag-taxonomy.md (routing contract), n8n_ingest_workflow.md (as-built notes), and active-search-tuning.md (monitor inventory).

Inoreader Pro — Collection Stack Configuration

BLUF

Inoreader Pro is the primary Collection-phase instrument of the PIA intelligence cycle. This guide operationalizes it end-to-end: account hardening, feed architecture mapped to the vault’s 10 canonical sections, Rules engine for auto-tagging and triage, Active Search for keyword monitoring, OAuth handoff to n8n for downstream ingestion, and routing to Obsidian → Claude → Signal Brief → Typefully/X/Beehiiv. The objective is ≥80% automated triage of raw signal before it hits the analyst’s attention surface, preserving human judgment for Verification, Cross-referencing, and Synthesis.

Scope note. Inoreader plan-tier quotas (feeds, rules, monitors) are revised periodically. Treat all numeric limits in this guide as Unverified until you reconfirm at checkout; the architecture below degrades gracefully if any single quota is tighter than expected.

---

1. Strategic Role in the Intelligence Cycle

Phase	Tool	Inoreader’s Role
Collection	Inoreader Pro	Single-pane aggregator for RSS, Atom, Twitter/X lists (via bridges), newsletters, and web monitors
Verification	Manual + WebFetch + Source Verification Framework	Inoreader holds the raw item and its provenance — does not verify
Cross-referencing	Obsidian + Qdrant + Neo4j	Inoreader hands off to vault; cross-refs live in the graph
Evaluation	Analyst + Claude	Inoreader tags + Rules feed the analyst a pre-triaged queue
Synthesis	Signal Brief + Quartz + X threads	Inoreader → n8n → Publish/ pipeline
Update	Inoreader Rules + Dashboards	KPI feedback loops: noise ratio, signal density per feed

Assessment (Medium confidence). Inoreader Pro’s combination of Rules + Active Search + API webhooks is the minimum viable toolset to run a one-analyst intelligence operation at Beehiiv/X cadence without a dedicated SOC. Free and Supporter tiers cannot sustain the architecture described here because they cap Rules and lack webhook actions.

---

2. Pro Plan Features to Enable

Fact (High confidence) — feature categories present on Pro tier:

• Unlimited subscriptions — required for a multi-theater monitoring posture.
• Rules engine — auto-tag, auto-star, forward, mark as read, trigger webhooks.
• Active Search / Monitored Searches — persistent keyword monitors across the entire indexed web and feeds; results land in a virtual feed.
• Newsletter inbox — dedicated @inoreader.com address to subscribe to newsletters without polluting Proton.
• HTML web-page feeds — synthesize a feed from any page that lacks RSS (XPath/CSS selectors).
• Full-content loading — bypasses truncated RSS teasers for full article body.
• Duplicate filter — collapses cross-posted items (essential for wire-service amplification).
• IFTTT / Zapier / Webhook actions — downstream integration layer.
• Public API access — OAuth2; read/write; used by n8n.
• Search history & saved searches — query reuse.
• Multi-account / team features — unused at solo-operator scale; ignore.

Gap. Confirm at checkout: current Rules cap, Active Search cap, API rate limit (commonly 100 req/min but revised), and whether the Newsletter inbox has per-domain filtering.

---

3. Account Hardening (Pre-Configuration)

3.1 Identity & OPSEC

1. Email: register Inoreader with a dedicated Proton alias (e.g. inoreader.pia@<alias>.proton.me), not the primary intellecta.contact@proton.me. Reason: compartmentalization.
2. Password: Bitwarden-generated, ≥32 chars, stored in Bitwarden vault under tag pia/collection.
3. 2FA: enable TOTP via Aegis (not SMS). Store recovery codes in Bitwarden secure note.
4. Session hygiene: revoke all but two active sessions (desktop browser + mobile app) under Preferences → Security → Active Sessions.
5. Connected apps audit: pre-authorize only n8n + (optionally) Readwise. Revoke any legacy integrations.

3.2 Profile Settings

• Time zone: America/Sao_Paulo.
• Language: interface EN; content languages: EN, PT, ES, FR, RU (monitoring Russian-language feeds justifies this).
• Reading direction / density: compact card view; mark-as-read on scroll = off (force deliberate triage).
• Content preview: full content by default on Pro; lazy-load images.

3.3 Export Baseline

Before configuring, export any pre-existing OPML: Preferences → OPML Export. Archive to Automation/Inoreader/baseline-opml-2026-04-24.xml. This is the rollback point.

---

4. Feed Architecture — Mapping to the 10 Vault Sections

4.1 Folder Taxonomy (Primary Routing)

Create this folder hierarchy in Inoreader under Subscriptions. Folders are the first-class routing primitive; tags are secondary refinements.

📂 01_Actors-Entities
   ├── 11_State_Actors           (gov portals, MFA feeds, state media)
   ├── 12_Non-State_Actors       (insurgent / militia watchers)
   ├── 13_Agencies_Departments   (OFAC, EU Council, UN, think tank feeds)
   └── 14_Corporations_Tech      (Big Tech newsrooms, defense primes)
📂 02_Concepts-Tactics
   ├── Cognitive_Warfare
   ├── Hybrid_Threats
   ├── Info_Operations
   └── Cyber_Doctrine
📂 03_Weapons-Systems
   ├── Air_Land_Sea
   ├── Space_Counterspace
   └── Emerging_DEW_AI
📂 04_Current-Crises
   ├── Active_Conflicts
   ├── Diplomatic_Crises
   ├── Emerging_Flashpoints
   └── Hybrid_Campaigns
📂 05_Historical-Events          (slow-moving archival / declassification feeds)
📂 06_Authors-Thinkers           (analyst blogs, Substacks, academic RSS)
📂 07_Investigations             (per-investigation bespoke feed sets)
📂 08_Guides-Methodology         (Bellingcat, GIJN, OSINT Essentials)
📂 09_Repository                 (primary-source document drops — ICIJ, archives)
📂 10_Library                    (book reviews, long-reads, Foreign Affairs-tier)
📂 99_Signal-Brief-Candidates    (promotion inbox; see §7.3)
📂 99_Newsletter-Inbox           (Proton-isolated newsletters; see §5)
📂 99_Unclassified               (triage-pending; target = empty)

Assessment (High confidence). Mirroring the vault’s canonical numbering inside Inoreader eliminates a translation layer in n8n: a feed in folder 04_Current-Crises/Active_Conflicts maps 1:1 to 00_Inbox/04_Crises/ in Obsidian. This is the lowest-friction routing scheme.

4.2 Seed Feed List (Starter Pack)

Target: 80–120 high-signal feeds across all folders on Day 1. Populate incrementally; measure signal density before expanding.

Folder	Representative Sources
04_Current-Crises/Active_Conflicts	ISW daily updates, Institute for the Study of War RSS, Al Jazeera, Kyiv Independent, Meduza EN
02_Concepts-Tactics/Cognitive_Warfare	NATO StratCom COE, EU DisinfoLab, Stanford Internet Observatory
02_Concepts-Tactics/Hybrid_Threats	Hybrid CoE Helsinki, RAND Corporation, CSIS Hybrid Threats
02_Concepts-Tactics/Info_Operations	DFRLab, GRAPHIKA publications, Mandiant blog
01_Actors-Entities/13_Agencies_Departments	OFAC press releases, EU Council sanctions, UN SC press, CISA advisories
08_Guides-Methodology	Bellingcat, GIJN, OSINT Essentials (Jake Creps)
06_Authors-Thinkers	War on the Rocks, Lawfare, Just Security, Texty.org.ua
09_Repository	ICIJ, DocumentCloud new collections, Court Listener RSS

Gap. Portuguese-language Latin-American sources (GEPSI/NEGISC adjacency) require dedicated curation; propose a 01_Actors-Entities/11_State_Actors/LATAM/ subfolder populated from Brazilian/Argentine/Mexican analyst blogs and ministry press feeds.

4.3 Creating Feeds Without RSS — HTML Web Feeds

Pro tier allows feed synthesis from any URL. Use this for:

• Think-tank pages that publish but don’t expose RSS (increasingly common).
• Ministry / MFA press pages in RU / ZH.
• Adversary doctrinal release pages.

Steps:

1. In Inoreader: Add Subscription → Create Web Feed.
2. Enter target URL. Inoreader attempts auto-detection; if it fails, define:
   • Item selector (CSS, e.g. article.post).
   • Title, link, date, content selectors.
3. Preview — confirm the last 5 items match the on-page list.
4. Name the feed explicitly with source language: [RU] MoD Press — Web Feed.
5. File under the correct 01_Actors-Entities or 02_Concepts-Tactics subfolder.

4.4 Twitter/X Ingestion

Native Twitter/X feeds in Inoreader are unreliable post-API-lockdown. Assessment (Medium confidence): prefer these patterns:

1. Nitter-based RSS — fragile; hosts churn. Maintain a rotating list in Automation/Inoreader/nitter-endpoints.md.
2. RSS.app / RSSHub — self-host RSSHub on the brainnet-backup Pi for a durable bridge from X lists → RSS.
3. X Premium+ Lists — use X’s native list view for real-time; do not rely on Inoreader for the firehose.

Recommended split. Strategic X accounts (≤50, heavily filtered) → RSSHub → Inoreader. Tactical firehose → native X lists in X Pro / web client. Do not force Inoreader to be the X primary.

---

5. Newsletter Inbox — Replacing Email Clutter

Pro provides a dedicated @inoreader.com address. Route all analyst newsletters there.

Migration Steps

1. Preferences → Newsletter subscriptions → copy the issued address (e.g. l.brandao-abcde@inoreader.com).
2. In Proton, create a mail filter: any incoming mail from known newsletter senders → forward to the Inoreader address → archive (do not delete; keep Proton as evidentiary copy).
3. Unsubscribe from each sender’s original address and re-subscribe using the Inoreader address. This is cleaner than forwarding.
4. Inoreader auto-parses newsletters into a Newsletters virtual folder. Use Rules (§6) to reroute by sender into the appropriate canonical folder.

Priority targets for newsletter migration:

• Lawfare Daily, War on the Rocks, Foreign Policy Situation Report.
• Substack analysts: Dnipro Osint, Covert Cabal, Silvio Cascione.
• Academic: ICG weekly watch, CSIS analyst alerts.

OPSEC. The Inoreader newsletter address is not secret but is identity-linked — do not reuse it for form signups. Treat it as analyst-only.

---

6. Rules Engine — Automated Triage

Rules are the force-multiplier. Pro supports multi-condition rules with webhook output. Design them as a pipeline, not a grab-bag.

6.1 Rule Design Philosophy

Tier	Purpose	Action
T1 — Noise filter	Suppress low-signal cross-posts, ads, listicles	Mark as read
T2 — Auto-route	Route by folder/sender/keyword to section-specific tag	Tag + star
T3 — Priority escalation	Flag named entities, crisis keywords, doctrinal terms	Tag + star + webhook → n8n
T4 — Signal Brief candidate	High-confidence brief-worthy items	Tag #signal-brief + move to 99_Signal-Brief-Candidates + webhook

Assessment (High confidence). With a typical Pro tier cap of ~30 rules, allocate approximately: 6 T1, 12 T2, 8 T3, 4 T4. Do not exceed 2/3 of the cap — reserve headroom for investigation-specific ad hoc rules.

6.2 T1 — Noise Filter Examples

Rule Name	Condition	Action
T1-suppress-sponsored	Title contains [Sponsored] OR Partner Content OR Promoted	Mark as read
T1-suppress-cross-post-wires	Duplicate already starred within 6h	Mark as read
T1-suppress-paywalled-noise	Body length < 200 chars AND tag != priority	Mark as read

6.3 T2 — Auto-Route Examples (matches n8n_ingest_workflow.md tag taxonomy)

Rule Name	Condition	Tag Applied	Target Folder
T2-tag-hybrid	Body contains hybrid warfare OR gray zone OR below threshold	#hybrid-warfare	02_Concepts-Tactics/Hybrid_Threats
T2-tag-cognitive	Body contains cognitive warfare OR psyops OR influence operation	#cognitive-warfare	02_Concepts-Tactics/Cognitive_Warfare
T2-tag-active-conflict	Folder = 04_Current-Crises/Active_Conflicts	#active-conflicts	(stays)
T2-tag-latam	Language = PT-BR OR ES AND body mentions named LATAM actor list	#latin-america	01_Actors-Entities/11_State_Actors/LATAM
T2-tag-osint-tools	Feed in 08_Guides-Methodology	#osint-tools	(stays)

These tags are what n8n_ingest_workflow consumes to route into 00_Inbox/ subfolders. Keep the tag strings identical across Inoreader and n8n — any drift breaks routing.

6.4 T3 — Priority Escalation

Rule Name	Condition	Action
T3-named-entity-watch	Body contains any of Shoigu, Gerasimov, Prigozhin heirs, <investigation-target-list>	Tag #priority-entity + star + webhook
T3-doctrinal-release	Source in {MoD.ru, PLA Daily, DoD.gov/policy, NATO doctrine} AND title contains doctrine OR strategy OR concept	Tag #doctrine-drop + star + webhook
T3-crisis-keyword	Body contains <active crisis keyword list, per [[../../04 Current Crises|Current Crises]]>	Tag #crisis-update + star + webhook
T3-sanctions-drop	Source in {OFAC, EU Council, UN SC} AND new entry	Tag #sanctions + star + webhook

Webhook target. All T3 rules POST to a single n8n webhook endpoint (/webhook/inoreader-priority) with a priority tier field in the payload. n8n fans out from there. Single entry point simplifies rule management.

6.5 T4 — Signal Brief Candidate

Rule Name	Condition	Action
T4-brief-candidate	Starred manually OR #doctrine-drop OR (#crisis-update AND source reliability tag = A-grade)	Tag #signal-brief + move to 99_Signal-Brief-Candidates + webhook
T4-weekly-digest-trigger	Scheduled (via n8n cron, not Inoreader) — every Sunday 17:00 BRT	n8n queries #signal-brief tag → drafts edition

Assessment. Weekly-digest trigger belongs in n8n, not Inoreader, because Inoreader Rules fire on items, not on time. Inoreader’s job ends at feeding the 99_Signal-Brief-Candidates bucket with correctly-tagged items.

---

7. Active Search — Persistent Keyword Monitoring

Active Search is Inoreader’s most under-utilized Pro feature. It runs a query continuously across Inoreader’s entire indexed web, not just your subscribed feeds, and delivers hits into a virtual feed.

7.1 Active Search vs. Regular Search

Regular Search	Active Search
Ad hoc, one-shot	Persistent
Your feeds only	All indexed web
No action pipeline	Rules can fire on results
Free tier	Pro only (quota limited)

7.2 Configuration Pattern

Each Active Search consumes one slot from the Pro quota. Use them for high-value persistent monitors, not ad hoc curiosity.

Recommended allocation (start with 15–20 monitors):

Category	Example Query	Rationale
Named doctrines	"Gerasimov Doctrine" OR "New Generation Warfare"	Catches new analysis referencing doctrinal frames
Emerging tactics	"cognitive operation" OR "reflexive control"	Detects vocabulary shifts
Target actors	"Wagner Group" OR "Africa Corps" OR "Convoy PMC"	Actor tracking across unsubscribed sources
Weapons platforms	"Oreshnik" OR "Kinzhal" OR "Avangard"	Doctrinal-strategic weapon monitoring
Investigation terms	<active investigation target strings>	Per active file in 07 Current Investigations
Geo flashpoints	"Kaliningrad" AND ("mobilization" OR "deployment")	Rolling flashpoint watch
Brazilian hybrid threats	("guerra híbrida" OR "guerra cognitiva") AND Brasil	PT-BR coverage
Open-source verification	"geolocation" AND "<active crisis region>"	Catches OSINT community work

7.3 Rules on Active Search Results

Active Search virtual feeds can be targets of Rules like any other feed. Wire:

• T3-active-search-hit → tag #active-search-hit + star + webhook.

This creates a high-value raw feed that bypasses the noise of your subscribed corpus entirely.

7.4 Active Search Hygiene

1. Review quarterly. Queries go stale; actors rename; vocabulary drifts. Calendar reminder Q1/Q2/Q3/Q4.
2. Track false positives. Note recurring noise queries in Automation/Inoreader/active-search-tuning.md; refine with NOT clauses.
3. One monitor, one purpose. Resist compound queries that muddle signal attribution. If a query hits, you should know why immediately.

---

8. Integration Layer — Downstream Pipeline

8.1 OAuth Application (for n8n)

Steps:

1. Navigate to https://www.inoreader.com/developers/ (Pro API access is gated).
2. Create App: name PIA-n8n-ingest, description Local n8n workflow for intelligence ingestion.
3. Record APP_ID and APP_KEY. Store in Bitwarden; never commit to the vault.
4. Callback URL: http://localhost:5678/rest/oauth2-credential/callback (n8n default).
5. In n8n, create OAuth2 credential of type Inoreader; paste credentials; run the auth flow once to mint the refresh token.

Update Automation/n8n_ingest_workflow.md environment variable block with concrete values (via .env, not the vault).

8.2 Webhook Rules → n8n

Pro Rules support webhook actions (HTTP POST with JSON body). Configure a single upstream endpoint and fan out in n8n:

Inoreader Rule (T3/T4)
   └── POST http://<tailnet-host>/webhook/inoreader-priority
        Body: {
          "rule_id": "T3-doctrinal-release",
          "item_id": "<inoreader_item_id>",
          "title": "...",
          "url": "...",
          "source": "...",
          "published": "...",
          "body_excerpt": "...",
          "tags": ["doctrine-drop", "priority-entity"],
          "priority_tier": 3
        }

Assessment (High confidence). Exposing n8n via Tailscale (not public internet) is the correct OPSEC posture — matches existing tailnet architecture. Inoreader must be able to reach the Tailnet endpoint; use a Tailscale Funnel or a lightweight Caddy relay on the Pi if Inoreader cannot originate from a tailnet client.

Gap. If Inoreader webhooks cannot originate from Tailscale (likely — webhooks fire from Inoreader’s cloud), the relay decision is load-bearing. Two acceptable patterns:

1. Tailscale Funnel on Pi exposing /webhook/inoreader-priority → forwards to T420 n8n over tailnet.
2. n8n Cloud trial for webhook-only ingress, then relay via Tailscale to the local n8n. Higher complexity; not recommended unless Funnel is unavailable.

8.3 API Polling Fallback

If webhook delivery proves unreliable:

• Use Inoreader’s Stream API (/reader/api/0/stream/contents/user/-/state/com.google/starred) on a 5-minute n8n cron.
• Dedupe against a Automation/Inoreader/ingested-ids.sqlite ledger to prevent reprocessing.

Assessment. Webhook-first, polling-fallback is the resilient default. Do not run both simultaneously without deduplication.

8.4 Third-Party Integrations — Evaluate, Don’t Default

Integration	Recommendation	Rationale
IFTTT	Skip	n8n replaces it; IFTTT adds a cloud dependency
Zapier	Skip	Same as above
Readwise	Optional	Useful for long-read highlighting; not core pipeline
Pocket	Skip	Redundant to Obsidian inbox
Evernote / OneNote	Skip	Not in vault stack
Slack / Discord	Skip	Violates solo-operator OPSEC
Buffer / Hootsuite	Skip	Publish pipeline handles distribution

---

9. Downstream Handoff Map

Inoreader (Collection)
    │
    ├─ Rules T1/T2     ──► tag + route (internal)
    ├─ Rules T3        ──► webhook ──► n8n ──► Obsidian 00_Inbox/ + Claude summarize
    ├─ Rules T4        ──► webhook ──► n8n ──► 00_Inbox/Signal_Brief_Drafts/
    └─ Active Search   ──► Rules T3 pipeline
                                │
                                ▼
                      Obsidian (Verification, Analysis)
                                │
         ┌──────────────────────┼──────────────────────┐
         ▼                      ▼                      ▼
  Signal Brief (Beehiiv)   X Threads (Typefully)   Quartz (intelligencenotes.com)

Downstream dependencies:

• n8n ingest workflow — receives webhooks, transforms, writes to Obsidian REST API.
• Publish — Beehiiv / Typefully / Quartz staging.
• Signal Brief — post-ship public archive.

---

10. OPSEC & Privacy

10.1 Threat Model

Threat	Mitigation
Inoreader account compromise	Dedicated Proton alias, 32-char password, TOTP, Bitwarden vaulting
Inoreader service-side breach	Assume breached — no sensitive queries; treat all Active Search terms as potentially exposed
Adversary enumeration of monitored keywords	Avoid highly specific target strings in Active Search (use operator vocabulary, not identity PII)
Newsletter-inbox deanonymization	Inoreader newsletter address is analyst-identifiable — never re-share or expose in public outputs
Cross-device session hijack	Quarterly session audit; revoke stale sessions

10.2 Data Residency

Fact. Inoreader (Innologica Ltd) is Bulgaria-based, EU-jurisdictional. Acceptable for OSINT collection. Do not process PII-sensitive investigations through it; those belong entirely in the local vault.

10.3 Hard Lines

• No classified, proprietary, or protected-source material in any Inoreader field (titles, tags, Active Search queries, notes on articles).
• No subject-targeting queries that would constitute surveillance of a private individual without public-interest justification.
• All data that lands in Obsidian via Inoreader must be treated as evidentiary — preserve source URL, published date, retrieval date.

---

11. Operational Cadence

11.1 Daily (≤ 15 min)

1. Morning (08:00 BRT): review 99_Signal-Brief-Candidates folder in Inoreader. Unstar non-candidates; confirm T4-worthy items.
2. Midday (13:00 BRT): scan T3-escalated items that arrived in Obsidian 00_Inbox/. Promote to 07 Current Investigations if relevant.
3. Evening (19:00 BRT): glance at 99_Unclassified — should be near-empty. If it’s growing, a feed is misrouted — add a T2 rule.

11.2 Weekly

1. Monday 09:00 BRT: feed hygiene review. Drop any feed with 0 items of retained value over the past 30 days.
2. Thursday 10:00 BRT: Active Search tuning review. Read the Automation/Inoreader/active-search-tuning.md log; refine.
3. Sunday 17:00 BRT: /brief slash command triggers Signal Brief drafter against #signal-brief-tagged items. Inoreader’s role ends here.

11.3 Monthly

1. Export OPML to Automation/Inoreader/opml-snapshots/opml-YYYY-MM-DD.xml.
2. Review Rules firing stats (Inoreader shows per-rule hit counts): prune zero-hit rules; promote frequently-manually-applied actions into new rules.
3. Audit Pro quota utilization: feeds, rules, Active Searches.

11.4 Quarterly

1. Active Search full refresh (see §7.4).
2. Folder taxonomy review against any vault-structure drift.
3. Webhook resilience test: simulate an Inoreader outage; confirm polling fallback catches the gap.

---

12. KPIs — Measure the Collection Layer

KPI	Target	Source
Triage automation ratio	≥ 80% of ingested items have ≥ 1 tag applied by rules	Inoreader rule stats
Signal density per feed	Top quartile of feeds contribute ≥ 60% of starred items	Manual review monthly
False positive rate on T3	≤ 15% of T3-escalated items end up unstarred	Manual review weekly
Newsletter-to-vault latency	< 30 min median from inbox arrival to Obsidian 00_Inbox/	n8n logs
Active Search hit quality	≥ 1 usable hit per monitor per week	Manual review quarterly
Dead-feed ratio	< 10% of subscribed feeds 30-day silent	Monthly hygiene pass

---

13. Implementation Checklist

Week 1 — Foundation

• Register Pro plan with dedicated Proton alias + TOTP.
• Export baseline OPML.
• Build the §4.1 folder hierarchy.
• Import seed feed list (§4.2); target 80–120 feeds.
• Configure Newsletter inbox; migrate 5 priority newsletters as a pilot.

Week 2 — Rules & Search

• Build T1 noise-suppression rules (6 rules).
• Build T2 auto-route rules mapped to n8n tags (12 rules).
• Build T3 priority escalation rules — without webhooks initially (8 rules).
• Configure 15–20 Active Search monitors; document in Automation/Inoreader/active-search-tuning.md.

Week 3 — Integration

• Create Inoreader Developer App; store credentials in Bitwarden.
• Wire n8n OAuth2 credential; validate token refresh.
• Expose n8n webhook endpoint (Tailscale Funnel on Pi, per §8.2).
• Activate T3 rule webhooks to n8n.
• End-to-end test: doctrinal press release → Inoreader rule → n8n webhook → Obsidian 00_Inbox/02_Concepts/ note created.

Week 4 — Signal Brief Integration

• Build T4 rule set (4 rules).
• Verify /brief slash command draws from #signal-brief tag.
• Ship one Signal Brief edition driven end-to-end by the Inoreader-first pipeline.
• Post-mortem against KPIs (§12).

Ongoing

• Weekly hygiene (§11.2).
• Monthly audit (§11.3).
• Quarterly Active Search refresh (§11.4).

---

14. Failure Modes & Mitigations

Failure	Symptom	Mitigation
Inoreader rule cap reached	New rule cannot be saved	Audit per §11.3; retire zero-hit rules; merge overlapping conditions
Webhook delivery failure	Items tagged in Inoreader but not in Obsidian	Polling fallback (§8.3); alerting via n8n healthcheck ping
Tag drift between Inoreader and n8n	Items routed to wrong 00_Inbox/ subfolder	Single source of truth in Automation/Inoreader/tag-taxonomy.md; diff on change
Active Search quota exhaustion	Can’t add new monitor	Quarterly refresh discipline; retire stale monitors first
Newsletter inbox abuse (sender spam)	High-volume low-quality items	Add T1 rule filtering by sender domain; worst case, rotate newsletter address
Feed death (source goes dark)	Zero new items over 30 days	Monthly hygiene pass flags; archive, don’t delete (evidentiary value)

---

15. Strategic Implications

1. Inoreader becomes load-bearing. Once Rules + Active Search + webhooks are live, the Collection layer has no manual bottleneck. This shifts analyst time entirely to Verification → Synthesis. Assessment (High confidence).

2. Tag taxonomy is contract. The Inoreader ↔ n8n tag strings are effectively an API. Drift breaks routing silently — items land, but in the wrong folder, and the error only surfaces during synthesis. Version the taxonomy and treat changes as breaking-change PRs.

3. Active Search is a force multiplier for cross-referencing. A well-tuned monitor surfaces items from sources you don’t subscribe to — this is the highest-leverage feature of the Pro tier and the one most likely to be under-utilized.

4. The pipeline creates a dependency on Inoreader uptime. Pro SLA is best-effort. The polling fallback (§8.3) must be operational, not hypothetical. Test it quarterly.

5. OPSEC posture is improved, not worsened. Routing newsletters through a dedicated alias + Inoreader inbox improves compartmentalization vs. primary Proton. Pending threat: Inoreader service-side breach exposes monitoring vocabulary — mitigate by keeping Active Search queries at the operator-doctrine level, not target-PII level.

---

16. Next Actions

1. This week. Purchase Pro, run §3 hardening, execute §13 Week 1 checklist. Update n8n_ingest_workflow status from draft to in-progress.
2. This month. Complete §13 Weeks 2–4. Publish first end-to-end Inoreader-driven Signal Brief edition.
3. Promote this guide. Once Week 4 completes and KPIs are measured, change status: draft → status: publish-ready and cross-link from OSINT Toolkit Essentials §Workflow Integration.
4. Create companion notes.
   • Automation/Inoreader/tag-taxonomy.md — canonical tag list (Inoreader ↔ n8n contract).
   • Automation/Inoreader/active-search-tuning.md — monitor log.
   • Automation/Inoreader/opml-snapshots/ — versioned exports.

---

Key Connections

• n8n Inoreader → Obsidian Ingestion Workflow — downstream consumer of this configuration.
• OSINT Toolkit Essentials — broader tool context.
• Obsidian for Intelligence Analysis — destination platform.
• Open-Source Intelligence Manual — methodological anchor.
• Source Verification Framework — applied after Inoreader hands off.
• OSINT — the discipline this stack instruments.
• PIA — the private automation layer this integrates into.
• Signal Brief — the principal publication downstream.

---

Sources & Verification Status

Claim	Confidence	Basis
Inoreader Pro supports Rules, Active Search, webhooks, API, Newsletter inbox, HTML web feeds	High	Inoreader public pricing/feature pages, stable across multiple revisions
Specific Pro quotas (rules, searches, feeds)	Unverified	Revised periodically — confirm at checkout
Webhook fan-out pattern recommended	Assessment (High)	Standard n8n integration pattern; reduces Inoreader rule complexity
Tailscale Funnel as ingress for Inoreader cloud webhooks	Assessment (Medium)	Inoreader cannot originate from a tailnet client; Funnel is the cleanest relay
Nitter/RSSHub fragility for X ingestion	Fact (High)	Widely documented post-2023 X API lockdown
Inoreader EU/Bulgaria jurisdiction	Fact (High)	Innologica Ltd public incorporation records
Target triage-automation ratio ≥ 80%	Assessment (Medium)	Operator judgment; derived from similar single-analyst OSINT shops

Gaps flagged for resolution at implementation time:

• Current Pro plan numeric quotas.
• Whether Inoreader’s outbound webhook IP range is stable (for firewall allowlisting on Pi Funnel).
• Per-rule performance impact (does Rule count affect ingest latency?).