johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: auto-commit uncommitted changes

This commit is contained in:
James 2026-03-10 18:02:26 -04:00
parent 391499f241
commit 203c1cfc7c
7 changed files with 316 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
drafts/vault1984-readme-draft.md Normal file
View File

@ -0,0 +1,172 @@
# vault1984
> *"If you want to keep a secret, you must also hide it from yourself."*
A password manager where the server holds your vault and nothing else.
Every other hosted vault encrypts your secrets and stores them centrally. The encryption is real. The problem is architectural: steal the database, and you have all the ciphertext you need — plus unlimited time to crack it offline. Iteration counts slow the attack. They don't prevent it.
vault1984 is built around a different principle. **The server holds ciphertext it cannot decrypt.** Not policy. Architecture.
---
## How it works
Three tiers. Each with a different trust model.
```
Tier 1 — Metadata (server-readable)
Entry names, URLs, usernames. The server can see these.
Knowing someone has a Coinbase account isn't an attack.
Tier 2 — Credentials (agent-readable, server-opaque)
Passwords, API keys, TOTP seeds, SSH keys.
Encrypted with a key derived from your hardware authenticator.
The server stores ciphertext it cannot read.
Your AI agents decrypt locally. The server never sees plaintext.
Tier 3 — Sealed (hardware-only)
Card numbers, passport, government IDs, seed phrases.
Encrypted with a symmetric key derived from WebAuthn PRF.
Requires physical authenticator — Touch ID, YubiKey, Titan Key.
Even a fully authorized AI agent cannot reach Tier 3.
```
Steal the database. You get Tier 1 metadata and encrypted blobs for Tier 2 and 3 that require hardware the server never had. The database is not interesting.
---
## The security model
| Scenario | Tier 1 | Tier 2 | Tier 3 |
|---|---|---|---|
| Database stolen | Metadata only | Worthless ciphertext | Worthless ciphertext |
| Server compromised | Plaintext (during request) | Ciphertext — server cannot decrypt | Not present |
| Agent compromised | Via MCP | Decryptable by that agent | Not present |
| Hardware key stolen + PIN | Everything | Everything | Everything |
**Tier 2 key derivation:** X25519 keypair derived via HKDF-SHA256 from your WebAuthn authenticator's PRF output. Public key stored on server. Private key: derived client-side during browser session, baked into agent tokens at creation time. Server holds envelopes it cannot open.
**Tier 3 key derivation:** Symmetric AES-256 key derived via HKDF-SHA256 from the same PRF output (independent branch). Browser-only. Never leaves the client.
Both tiers derive from a single hardware authentication. One tap in the browser unlocks both.
---
## Quick start
```bash
go build -o vault1984 ./cmd/vault1984/
./vault1984
# Open http://localhost:1984/app/
# Register a passkey → vault is ready
```
No config files, no environment variables, no database setup.
---
## Managed hosting
Don't want to run the server? We host it.
Same cryptographic guarantees. We run the infrastructure. We cannot read your Tier 2 or Tier 3 fields — the architecture makes it impossible, not policy.
→ vault1984.com
---
## Features
- **One binary** — Go, linux/mac/windows. FIPS mode available (`GOEXPERIMENT=boringcrypto`)
- **One file** — SQLite per vault. Portable, copy it anywhere
- **No master password** — WebAuthn only. Touch ID, Face ID, YubiKey, Titan Key, Windows Hello
- **Three-tier field encryption** — per-field tier assignment, auto-detection on import
- **AI agent integration** — MCP tools for `get_credential`, `get_totp`, `search_vault`, `list_credentials`, `check_expiring`
- **Scoped tokens** — per-agent access by tags or entry IDs. Cryptographic scoping, not policy
- **Auto-detection** — imports auto-flag card numbers, CVV, government IDs, recovery codes as Tier 3 across 15+ languages
- **Auto-lock** — 60s idle + 15s countdown. Session and key cleared on lock
- **TOTP generation** — agents can complete 2FA flows autonomously
- **Browser extension** — Manifest V3, LLM field mapping, autofill on any site
- **Native import** — Chrome, Firefox, Bitwarden, Proton Pass without LLM. Any format via LLM fallback
- **Smart dedup** — collision resolution by source modification date
- **Automatic backups** — weekly, 3-month retention, deterministic per vault ID
- **Audit log** — every access logged with actor (web / extension / MCP / agent name)
- **Multi-tenant** — hosted mode with `/v/{vault_id}/` route prefix
---
## MCP setup
Create a token in the web UI (Tokens page):
```json
{
"mcpServers": {
"vault1984": {
"url": "http://localhost:1984/mcp",
"headers": {
"Authorization": "Bearer v1984_..."
}
}
}
}
```
The token contains both the MCP auth credential and the Tier 2 private key (wrapped). The agent decrypts Tier 2 fields locally. The server never sees the key.
### Available tools
| Tool | Description |
|------|-------------|
| `get_credential` | Find and return a credential by query |
| `list_credentials` | List all accessible entries |
| `get_totp` | Get live TOTP code for 2FA |
| `search_vault` | Full-text search across entries |
| `check_expiring` | Find expiring credentials, cards, documents |
Tier 3 fields return `[Sealed — hardware key required]` to agents. They are not accessible without a browser session and physical authenticator.
---
## Config
All optional. Environment variables or `.env` in working directory.
```bash
PORT=1984 # default
DATA_DIR=. # directory for vault DB files
MODE=self-hosted # or "hosted" for multi-tenant
VAULT_KEY=... # optional server-side encryption key for Tier 1
FIREWORKS_API_KEY=... # for LLM import of unknown formats
```
---
## Import
Native parsing (no LLM) for:
- **Chrome**`chrome://settings/passwords` → export CSV
- **Firefox**`about:logins` → export CSV
- **Bitwarden** — Settings → Export → JSON
- **Proton Pass** — Settings → Export → JSON (zip or plain)
Any other format: drag and drop, LLM parses it.
Tier 3 auto-detection on import covers card numbers, CVV, government IDs (SSN, passport, driver's license, BSN, PESEL, etc.), recovery codes, and crypto wallets — in English, Dutch, German, French, Spanish, Portuguese, Italian, Chinese, Japanese, Korean, Russian, Arabic, Hindi, Turkish, Polish, Swedish, Thai, and Vietnamese.
---
## Backups
Automatic weekly backups with 3-month retention. Each vault's backup slot is deterministic — the first byte of the vault ID maps to an hour of the week, spreading backup load evenly across nodes.
Backups use SQLite `VACUUM INTO` for consistent snapshots stored in `{DATA_DIR}/backups/`.
From the web UI: view all backups, trigger immediate backup, restore (current DB saved as pre-restore backup first).
---
## License
[Elastic License 2.0](LICENSE) — free to use and self-host, not for resale as a managed service.

126
memory/2026-03-10.md Normal file
View File

@ -0,0 +1,126 @@
---
## Afternoon Session — vault1984 Strategy (13:0013:11 ET)
### vault1984 Architecture Decisions
- **L2 single vault-level keypair confirmed** — not per-agent. Threat model = database theft, not agent compromise. Single keypair is correct.
- **TOTP at L2 noted** — means every MCP client needs TOTP generation logic. Worth knowing before classifying.
- **`crypto_box_seal` recommended** over rolling X25519+AES-GCM manually.
### vault1984 Product Structure (clarified)
- `app/` = OSS core, will go on GitHub (private for now)
- `website/` = marketing + managed service front-door, lives on Zurich
- **Managed vault1984** = the monetization play. Johan hosts it, charges for it.
- OSS core is the trust foundation (auditable); managed service is the product.
- Migration between self-hosted ↔ managed is possible but no users yet so not a priority.
### vault1984 Positioning (new, firm)
- **Three parallel workstreams:** L2 implementation, website repositioning, browser extension (never started)
- **Browser extension** must come AFTER L2 — would need rebuilding anyway once L2 ships
- **Johan's role:** Supervisor/architect, not junior dev. Agents execute against his specs.
- **Key insight:** "Database worthless to steal" applies equally to self-hosted and managed
- **Managed pitch:** "We host it. We maintain it. We cannot read it." — strongest for managed, not just self-hosted
- **1Password Okta incident** referenced: for vault1984, a server breach is a non-event. DB = noise.
- **Affirmative framing wins** over defensive ("we can't be LastPass'd") — lead with what you ARE, not what you resist
- **"The only hosted vault where the operator holds no keys"** — current best headline candidate
### vault1984 Three HN Articles (Johan's idea)
1. The breach argument (already drafted at `~/clawd/drafts/vault1984-hn-article.md`)
2. Architecture deep-dive — WebAuthn PRF + HKDF + three tiers — for crypto/security audience
3. Show HN launch post — when OSS ships on GitHub
### vault1984 README as Leading Document
- Johan decided: README is the canonical source of truth
- Website is the designed version; HN articles are narrative versions; all derive from README
- Existing README: AI-productivity-first, two-tier "Shared/Personal" model — wrong framing
- **New README draft:** `~/clawd/drafts/vault1984-readme-draft.md`
- Opens with Orwell quote + architectural thesis
- Three-tier model: Tier 1 (Metadata), Tier 2 (Credentials/agent-readable), Tier 3 (Sealed/hardware-only)
- Security model table updated for three tiers
- Managed hosting section added
- MCP section updated: token carries Tier 2 private key, agent decrypts locally
### vault1984 Repo — Now on Git
- Initialized at `/home/johan/dev/vault1984/` (outer monorepo, not app/ itself)
- Remote: `git@zurich.inou.com:vault1984.git`
- First commit: `bca8723 init: vault1984 monorepo skeleton + L2 agent encryption design`
- app/, docs/, website/ remain as independent repos (have their own history)
- Tracked in outer repo: .gitignore, Makefile, L2_AGENT_ENCRYPTION.md
### Repositioning Subagent
- Completed: `~/clawd/drafts/vault1984-repositioning.md`
- Covers README issues (6 problems), website page-by-page rewrites, what to keep, draft copy
- Option C headline recommended: "We cannot be LastPass'd. Mathematically."
- NOTE: This was written before the "managed service is the product" clarification — some framing needs updating
### Johan Personal Context (new)
- **Lid van Provinciale Staten van Flevoland** — LPF (Lijst Pim Fortuyn), ~20022006
- Was in NL during the full LPF arc: Fortuyn assassination, 26-seat win, Balkenende I 87-day collapse
- Moved to the US in **2013**, same year Iaso Backup was acquired by GFI/Insight Partners
- Logged to `~/clawd/memory/johan-model.md`
### Morning Briefing
- Briefing posted, dashboard updated (id: 47ae94ab from overnight, plus morning update)
- Zurich updated (21 packages), dev.inou.com DNS fixed
- Signal retired; Discord is now sole briefing channel
---
## Afternoon Session (Mar 10, ~11am-1pm ET)
### vault1984 Strategy Crystallized
**Product structure:**
- `app/` = OSS core, private GitHub (not yet public)
- `website/` = marketing + managed hosting frontend, lives on Zurich
- Managed vault1984 = the monetization play — hosted service with cryptographic guarantees even operator can't read
- Migration between self-hosted and managed: possible but no users yet, not a priority
**Repositioning thesis:**
- Lead: "The only hosted vault where the operator holds no keys" — architecture, not policy
- Orwell quote stays as the soul
- "Stolen database = worthless ciphertext" is a feature, not a defense
- Incumbents are architecturally trapped — their business model requires server authority
- Managed pitch is STRONGER than self-hosted: "We host it. We cannot read it."
**README as leading document:**
- README is canonical source of truth
- Website = designed version of same content
- HN articles = narrative versions
- Draft written: `~/clawd/drafts/vault1984-readme-draft.md`
- Old README: AI-productivity framing, "Shared/Personal" two-tier model
- New README: architecture-first, three tiers (Tier 1/2/3 naming)
**Three HN articles identified:**
1. The breach argument (already drafted) — structural problem + vault1984 as answer
2. Architecture deep-dive — WebAuthn PRF, HKDF, three-tier model — crypto/security audience
3. Show HN launch post — when OSS ships
**Repositioning doc:** `~/clawd/drafts/vault1984-repositioning.md` (subagent-generated)
**Johan's role:** Supervisor/architect, not junior developer. Agents execute against his specs.
**Three parallel workstreams:**
1. Implement L2 (spec in L2_AGENT_ENCRYPTION.md)
2. Website repositioning + onboarding
3. Browser extension (Johan hasn't started this yet)
### Johan Personal Context Added
- **Lid van Provinciale Staten van Flevoland** — LPF party, ~20022006
- Witnessed full LPF arc: Fortuyn assassination, 26-seat win, Balkenende I 87-day collapse
- Moved to US in 2013, same year Iaso Backup was acquired by GFI/Insight Partners
- Dutch citizen in Florida since 2013
- Logged in `memory/johan-model.md`
### vault1984 Git Setup
- Outer repo initialized: `/home/johan/dev/vault1984/`
- Remote: `git@zurich.inou.com:vault1984.git`
- Tracks: `.gitignore`, `Makefile`, `L2_AGENT_ENCRYPTION.md`
- `app/`, `docs/`, `website/` remain as independent repos (all have own git history)
- First commit: `bca8723 init: vault1984 monorepo skeleton + L2 agent encryption design`
### Decision: Technical/Marketing Writer Subagent
- Johan proposed spinning up a dedicated technical/marketing writer subagent for vault1984
- Goal: tighter context, specialized writing focus
- All vault1984 writing tasks (README, HN articles, website copy) to route through this agent

BIN
memory/claude-usage.db
View File

Binary file not shown.

12
memory/claude-usage.json
View File

@ -1,9 +1,9 @@
{
"last_updated": "2026-03-10T16:00:01.794533Z",
"last_updated": "2026-03-10T22:00:01.889286Z",
"source": "api",
"session_percent": 5,
"session_resets": "2026-03-10T19:00:00.749955+00:00",
"weekly_percent": 65,
"weekly_resets": "2026-03-13T03:00:00.749984+00:00",
"sonnet_percent": 50
"session_percent": 14,
"session_resets": "2026-03-11T00:00:00.843709+00:00",
"weekly_percent": 69,
"weekly_resets": "2026-03-13T02:59:59.843732+00:00",
"sonnet_percent": 53
}

2
memory/git-audit-lastfull.txt
View File

@ -1 +1 @@
1773072228
1773158610

2
memory/heartbeat-state.json
View File

@ -14,7 +14,7 @@
"lastDocInbox": "2026-02-25T22:01:42.532628Z",
"lastTechScan": 1773068932,
"lastMemoryReview": "2026-03-10T12:10:06.000Z",
"lastIntraDayXScan": "2026-03-09T20:06:37.000Z",
"lastIntraDayXScan": "2026-03-10T21:59:00.000Z",
"lastInouSuggestion": "2026-03-09T15:04:00.000Z",
"lastEmail": 1772132453,
"pendingBriefingItems": [],

10
memory/johan-model.md
View File

@ -126,3 +126,13 @@
---
*Update this file immediately when new patterns emerge. Don't wait for Sunday.*
---
## Political Background
- **Lid van Provinciale Staten van Flevoland** — LPF (Lijst Pim Fortuyn), ~20022006
- Member of provincial parliament during the most turbulent period in modern Dutch politics: Fortuyn assassination (May 6, 2002), LPF's 26-seat election win, Balkenende I 87-day collapse
- Flevoland: youngest Dutch province, Almere/Lelystad electorate
- Moved to the US in 2013, same year Iaso Backup was acquired by GFI/Insight Partners — likely the trigger
- Provinciale Staten also elects the Eerste Kamer (Senate) — national weight to the role