diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md
index 91875193..e8729c76 100644
--- a/.claude/HISTORY.md
+++ b/.claude/HISTORY.md
@@ -1643,3 +1643,39 @@ Client → HAProxy → mitmproxy (WAF) → Backend (Streamlit/MetaBlog)
 Client → HAProxy → Backend (Infrastructure - bypass WAF)
 Client → HAProxy → Backend (Path ACLs - bypass WAF)
 ```
+
+## 2026-02-14: Streamlit WebSocket WAF Bypass
+
+### Issue
+Streamlit apps stopped displaying correctly after enabling WAF.
+
+### Root Cause
+Streamlit uses WebSockets (`_stcore/stream`) for real-time communication. mitmproxy MITM interception breaks WebSocket connections due to:
+- Certificate validation issues (self-signed MITM cert)
+- Connection upgrade handling incompatibility
+- Stream state corruption
+
+### Fix
+Re-enabled `waf_bypass=1` for all 20 Streamlit apps. Trade-off: Streamlit apps bypass WAF filtering in favor of functionality.
+
+### Affected Apps
+basic, bazi, bweek, bweep, console, control, cpf, evolution, fabric, fabricator, ftvm, hermes, papyrus, pdf, photocloud, pix, play, wuyun, yijing360, yling
+
+## 2026-02-14: MetaBlogizer SDLC Content Restoration
+
+### Issue
+`sdlc.gk2.secubox.in` displayed GK2 Hub landing page template instead of original content.
+
+### Root Cause
+GK2 Hub generator script had overwritten the local `index.html` with auto-generated service catalog page. Original content ("Les Seigneurs de La Chambre - Présentation Cinématique") was preserved in git history.
+
+### Fix
+```bash
+cd /srv/metablogizer/sites/sdlc
+git checkout HEAD -- index.html
+```
+
+### Verification
+- Site now displays medieval/renaissance cinematic presentation
+- Title: "Les Seigneurs de La Chambre - Présentation Cinématique"
+- Description: "seigneurs de la Chambre" (from UCI config)
diff --git a/.claude/WIP.md b/.claude/WIP.md
index 54bbb51e..132f6d5b 100644
--- a/.claude/WIP.md
+++ b/.claude/WIP.md
@@ -64,6 +64,19 @@ _Last updated: 2026-02-14 (WAF architecture configured)_
 
 ### Just Completed (2026-02-14)
 
+- **MetaBlogizer SDLC Content Restoration** — DONE (2026-02-14)
+  - sdlc.gk2.secubox.in was showing GK2 Hub template instead of original content
+  - GK2 Hub generator had overwritten local index.html
+  - Original "Les Seigneurs de La Chambre - Présentation Cinématique" preserved in git
+  - Restored via `git checkout HEAD -- index.html`
+  - Site now correctly displaying cinematic presentation content
+
+- **Streamlit WebSocket WAF Bypass** — DONE (2026-02-14)
+  - Streamlit apps use WebSockets which are incompatible with MITM proxy
+  - Re-added `waf_bypass=1` to all 20 Streamlit apps
+  - Apps now route directly through HAProxy without mitmproxy filtering
+  - Trade-off: Streamlit apps bypass WAF for WebSocket compatibility
+
 - **WAF Architecture Configuration** — DONE (2026-02-14)
   - WAF (mitmproxy) enabled for Streamlit apps and MetaBlogizer sites
   - WAF bypass for infrastructure: Jellyfin, Mail, Glances, GoToSocial, Webmail