diff --git a/session-logs/bot/2026-06/2026-06-15-bot-activity.md b/session-logs/bot/2026-06/2026-06-15-bot-activity.md
new file mode 100644
index 0000000..a8afda9
--- /dev/null
+++ b/session-logs/bot/2026-06/2026-06-15-bot-activity.md
@@ -0,0 +1 @@
+10:10 PT - Winter - Reset password for Marco@kittlearizona.com (Kittle Arizona) - Success, new password vaulted at clients/kittle/m365-marco
diff --git a/wiki/clients/klem-littlehearts.md b/wiki/clients/klem-littlehearts.md
new file mode 100644
index 0000000..ab1fd6d
--- /dev/null
+++ b/wiki/clients/klem-littlehearts.md
@@ -0,0 +1,121 @@
+---
+type: client
+name: klem-littlehearts
+display_name: Bob Klem / Little Hearts Little Hands
+last_compiled: 2026-06-15
+compiled_by: GURU-BEAST-ROG/discord-bot
+sources:
+  - clients/internal-infrastructure/session-logs/2026-03-17-neptune-exchange-cleanup.md
+  - discord thread 1516115120453844992 (2026-06-15)
+---
+
+# Bob Klem / Little Hearts Little Hands
+
+Education-sector client. Email hosted on ACG's Neptune Exchange server with Mailprotector CloudFilter filtering. The school was previously known as **Air and Space Academy** and was later renamed to **Little Hearts Little Hands**. Two legacy domains (airandspaceacademy.com, lifelonglearningacademy.com) are kept active and are intended to function as aliases delivering to the primary @littleheartslittlehands.org mailboxes.
+
+---
+
+## Profile
+
+- **Primary contact:** Bob Klem / Robert Klem
+- **Domains:**
+  - `littleheartslittlehands.org` — primary mail domain
+  - `airandspaceacademy.com` — legacy alias domain (school's former name)
+  - `lifelonglearningacademy.com` — legacy alias domain
+- **Domain registrar:** GoDaddy (client's own account — ACG does NOT have API access)
+- **Mailprotector account:** Bob Klem, account ID 17414
+
+---
+
+## Email Hosting
+
+Mail is hosted on **Neptune Exchange** (ACG-managed, physically at Dataforth D2). Inbound and outbound filtered via **Mailprotector CloudFilter**.
+
+### Intended Architecture
+
+`littleheartslittlehands.org` is the **primary domain**. The two legacy domains are **email address aliases** on the same mailboxes — mail sent to `rklem@airandspaceacademy.com` delivers to the `rklem@littleheartslittlehands.org` mailbox. No forwarding; the alias addresses are proxy addresses on the Exchange mailbox object.
+
+### Mailprotector Domain Provisioning (as of 2026-06-15)
+
+| Domain | MP Domain ID | Status |
+|---|---|---|
+| airandspaceacademy.com | 29764 | Active (provisioned 2020-03-15) |
+| littleheartslittlehands.org | 49493 | Active (provisioned 2024-05-07) |
+| lifelonglearningacademy.com | — | **NOT provisioned** |
+
+### MX Records (as of 2026-06-15) — BOTH WRONG
+
+Both alias domains currently point MX directly to `mail.acghosting.com`, bypassing Mailprotector. Neptune's inbound restriction transport rule (priority 0) **blocks direct delivery** for these domains — meaning inbound mail to both alias domains is currently being rejected.
+
+| Domain | Current MX | Correct MX |
+|---|---|---|
+| airandspaceacademy.com | `mail.acghosting.com` (priority 10) | `airandspaceacademy-com.inbound.emailservice.io` |
+| lifelonglearningacademy.com | `mail.acghosting.com` (priority 10) | `lifelonglearningacademy-com.inbound.emailservice.io` (after MP provisioning) |
+
+**Action required:**
+1. Provision `lifelonglearningacademy.com` in Mailprotector under account 17414 (Bob Klem)
+2. Update both MX records in GoDaddy (client's account — need credentials from client)
+3. Standard Mailprotector secondary/tertiary MX pattern: priority 10/20/30 via .io/.cc/.co
+
+### Neptune Exchange Mailboxes (as of 2026-06-15)
+
+#### Correctly configured — .org primary with alias addresses
+
+| Display Name | Primary SMTP | Alias Domains Present |
+|---|---|---|
+| Robert Klem | rklem@littleheartslittlehands.org | @airandspaceacademy.com, @lifelonglearningacademy.com, @littleheartslittlehands.com |
+| Marylou Klem | marylou@littleheartslittlehands.org | @airandspaceacademy.com, @lifelonglearningacademy.com |
+
+#### Needs alias addresses added — .org primary, no legacy domain aliases
+
+| Display Name | Primary SMTP | Missing Aliases |
+|---|---|---|
+| Ms Williamson | swilliamson@littleheartslittlehands.org | @airandspaceacademy.com, @lifelonglearningacademy.com |
+
+#### Standalone mailboxes — primary is still legacy domain, NOT alias on .org mailbox
+
+These accounts have a legacy domain as their primary address. No corresponding @littleheartslittlehands.org mailbox exists. Status deferred per Mike (2026-06-15) — do not convert until instructed.
+
+| Alias | Primary SMTP | Notes |
+|---|---|---|
+| ajoseph | ajoseph@airandspaceacademy.com | Former staff? |
+| email | email@airandspaceacademy.com | Generic address |
+| lschlegel | lschlegel@airandspaceacademy.com | Former staff? |
+| mrocha | mrocha@airandspaceacademy.com | Former staff? |
+| RicohCopier | RicohCopier@airandspaceacademy.com | Device mailbox — verify if copier still active |
+| sbranch | sbranch@airandspaceacademy.com | Former staff? |
+| tstevens | tstevens@airandspaceacademy.com | Former staff? |
+| specialeducation | specialeducation@lifelonglearningacademy.com | Generic/role address |
+
+### SBR / Send Connector (outbound)
+
+| Domain | SBR Tag | Send Connector | Smart Host |
+|---|---|---|---|
+| airandspaceacademy.com | airandspaceacademy.sbr | Outbound.LittleHearts | littleheartslittlehands-org.outbound.emailservice.io |
+| lifelonglearningacademy.com | lifelonglearningacademy.sbr | Outbound.LLA | lifelonglearningacademy-com.outbound.emailservice.io |
+| littleheartslittlehands.org | littleheartslittlehands.sbr | Outbound.LittleHearts | littleheartslittlehands-org.outbound.emailservice.io |
+
+### Neptune Transport Rules Affecting This Client
+
+- **Restrict Inbound - Devcon and LittleHearts** (priority 0): Rejects inbound mail to airandspaceacademy.com / littleheartslittlehands.org / .com that does NOT arrive from Mailprotector IPs. Direct-to-Neptune delivery is blocked. This is why the broken MX records cause inbound mail to fail.
+
+---
+
+## Open Items
+
+1. **[CRITICAL] Fix airandspaceacademy.com MX on GoDaddy** — Mailprotector already provisioned. Just needs MX updated to `airandspaceacademy-com.inbound.emailservice.io`. Requires client's GoDaddy account credentials.
+2. **[CRITICAL] Provision lifelonglearningacademy.com in Mailprotector** — not yet in MP. Must do before changing MX.
+3. **[CRITICAL] Fix lifelonglearningacademy.com MX on GoDaddy** — same as above, after MP provisioning. Requires client's GoDaddy account credentials.
+4. **[LOW] Add alias addresses to Ms Williamson's mailbox** — `swilliamson@airandspaceacademy.com` and `swilliamson@lifelonglearningacademy.com` proxy addresses missing.
+5. **[DEFERRED] Standalone legacy-domain mailboxes** — 8 accounts still have old domain as primary. Mike to advise which (if any) need .org counterparts or should be disabled.
+
+---
+
+## History
+
+| Date | Event |
+|---|---|
+| 2020-03-15 | airandspaceacademy.com provisioned in Mailprotector |
+| 2024-05-07 | littleheartslittlehands.org provisioned in Mailprotector |
+| 2026-03-17 | Neptune cleanup — spam purged from airandspaceacademy.com mailboxes; SBR routing configured; inbound restriction rule created. MX fix deferred. |
+| 2026-06-15 | Mailbox audit via RMM. Confirmed MX on both alias domains still pointing direct to mail.acghosting.com. GoDaddy API key is ACG's account — client domains are in client's own GoDaddy. |