From 203c1cfc7c6001afe93d0366474910a630a90963 Mon Sep 17 00:00:00 2001 From: James Date: Tue, 10 Mar 2026 18:02:26 -0400 Subject: [PATCH] chore: auto-commit uncommitted changes --- drafts/vault1984-readme-draft.md | 172 +++++++++++++++++++++++++++++++ memory/2026-03-10.md | 126 ++++++++++++++++++++++ memory/claude-usage.db | Bin 65536 -> 65536 bytes memory/claude-usage.json | 12 +-- memory/git-audit-lastfull.txt | 2 +- memory/heartbeat-state.json | 2 +- memory/johan-model.md | 10 ++ 7 files changed, 316 insertions(+), 8 deletions(-) create mode 100644 drafts/vault1984-readme-draft.md create mode 100644 memory/2026-03-10.md diff --git a/drafts/vault1984-readme-draft.md b/drafts/vault1984-readme-draft.md new file mode 100644 index 0000000..5f617d3 --- /dev/null +++ b/drafts/vault1984-readme-draft.md @@ -0,0 +1,172 @@ +# vault1984 + +> *"If you want to keep a secret, you must also hide it from yourself."* + +A password manager where the server holds your vault and nothing else. + +Every other hosted vault encrypts your secrets and stores them centrally. The encryption is real. The problem is architectural: steal the database, and you have all the ciphertext you need — plus unlimited time to crack it offline. Iteration counts slow the attack. They don't prevent it. + +vault1984 is built around a different principle. **The server holds ciphertext it cannot decrypt.** Not policy. Architecture. + +--- + +## How it works + +Three tiers. Each with a different trust model. + +``` +Tier 1 — Metadata (server-readable) + Entry names, URLs, usernames. The server can see these. + Knowing someone has a Coinbase account isn't an attack. + +Tier 2 — Credentials (agent-readable, server-opaque) + Passwords, API keys, TOTP seeds, SSH keys. + Encrypted with a key derived from your hardware authenticator. + The server stores ciphertext it cannot read. + Your AI agents decrypt locally. The server never sees plaintext. + +Tier 3 — Sealed (hardware-only) + Card numbers, passport, government IDs, seed phrases. + Encrypted with a symmetric key derived from WebAuthn PRF. + Requires physical authenticator — Touch ID, YubiKey, Titan Key. + Even a fully authorized AI agent cannot reach Tier 3. +``` + +Steal the database. You get Tier 1 metadata and encrypted blobs for Tier 2 and 3 that require hardware the server never had. The database is not interesting. + +--- + +## The security model + +| Scenario | Tier 1 | Tier 2 | Tier 3 | +|---|---|---|---| +| Database stolen | Metadata only | Worthless ciphertext | Worthless ciphertext | +| Server compromised | Plaintext (during request) | Ciphertext — server cannot decrypt | Not present | +| Agent compromised | Via MCP | Decryptable by that agent | Not present | +| Hardware key stolen + PIN | Everything | Everything | Everything | + +**Tier 2 key derivation:** X25519 keypair derived via HKDF-SHA256 from your WebAuthn authenticator's PRF output. Public key stored on server. Private key: derived client-side during browser session, baked into agent tokens at creation time. Server holds envelopes it cannot open. + +**Tier 3 key derivation:** Symmetric AES-256 key derived via HKDF-SHA256 from the same PRF output (independent branch). Browser-only. Never leaves the client. + +Both tiers derive from a single hardware authentication. One tap in the browser unlocks both. + +--- + +## Quick start + +```bash +go build -o vault1984 ./cmd/vault1984/ +./vault1984 +# Open http://localhost:1984/app/ +# Register a passkey → vault is ready +``` + +No config files, no environment variables, no database setup. + +--- + +## Managed hosting + +Don't want to run the server? We host it. + +Same cryptographic guarantees. We run the infrastructure. We cannot read your Tier 2 or Tier 3 fields — the architecture makes it impossible, not policy. + +→ vault1984.com + +--- + +## Features + +- **One binary** — Go, linux/mac/windows. FIPS mode available (`GOEXPERIMENT=boringcrypto`) +- **One file** — SQLite per vault. Portable, copy it anywhere +- **No master password** — WebAuthn only. Touch ID, Face ID, YubiKey, Titan Key, Windows Hello +- **Three-tier field encryption** — per-field tier assignment, auto-detection on import +- **AI agent integration** — MCP tools for `get_credential`, `get_totp`, `search_vault`, `list_credentials`, `check_expiring` +- **Scoped tokens** — per-agent access by tags or entry IDs. Cryptographic scoping, not policy +- **Auto-detection** — imports auto-flag card numbers, CVV, government IDs, recovery codes as Tier 3 across 15+ languages +- **Auto-lock** — 60s idle + 15s countdown. Session and key cleared on lock +- **TOTP generation** — agents can complete 2FA flows autonomously +- **Browser extension** — Manifest V3, LLM field mapping, autofill on any site +- **Native import** — Chrome, Firefox, Bitwarden, Proton Pass without LLM. Any format via LLM fallback +- **Smart dedup** — collision resolution by source modification date +- **Automatic backups** — weekly, 3-month retention, deterministic per vault ID +- **Audit log** — every access logged with actor (web / extension / MCP / agent name) +- **Multi-tenant** — hosted mode with `/v/{vault_id}/` route prefix + +--- + +## MCP setup + +Create a token in the web UI (Tokens page): + +```json +{ + "mcpServers": { + "vault1984": { + "url": "http://localhost:1984/mcp", + "headers": { + "Authorization": "Bearer v1984_..." + } + } + } +} +``` + +The token contains both the MCP auth credential and the Tier 2 private key (wrapped). The agent decrypts Tier 2 fields locally. The server never sees the key. + +### Available tools + +| Tool | Description | +|------|-------------| +| `get_credential` | Find and return a credential by query | +| `list_credentials` | List all accessible entries | +| `get_totp` | Get live TOTP code for 2FA | +| `search_vault` | Full-text search across entries | +| `check_expiring` | Find expiring credentials, cards, documents | + +Tier 3 fields return `[Sealed — hardware key required]` to agents. They are not accessible without a browser session and physical authenticator. + +--- + +## Config + +All optional. Environment variables or `.env` in working directory. + +```bash +PORT=1984 # default +DATA_DIR=. # directory for vault DB files +MODE=self-hosted # or "hosted" for multi-tenant +VAULT_KEY=... # optional server-side encryption key for Tier 1 +FIREWORKS_API_KEY=... # for LLM import of unknown formats +``` + +--- + +## Import + +Native parsing (no LLM) for: +- **Chrome** — `chrome://settings/passwords` → export CSV +- **Firefox** — `about:logins` → export CSV +- **Bitwarden** — Settings → Export → JSON +- **Proton Pass** — Settings → Export → JSON (zip or plain) + +Any other format: drag and drop, LLM parses it. + +Tier 3 auto-detection on import covers card numbers, CVV, government IDs (SSN, passport, driver's license, BSN, PESEL, etc.), recovery codes, and crypto wallets — in English, Dutch, German, French, Spanish, Portuguese, Italian, Chinese, Japanese, Korean, Russian, Arabic, Hindi, Turkish, Polish, Swedish, Thai, and Vietnamese. + +--- + +## Backups + +Automatic weekly backups with 3-month retention. Each vault's backup slot is deterministic — the first byte of the vault ID maps to an hour of the week, spreading backup load evenly across nodes. + +Backups use SQLite `VACUUM INTO` for consistent snapshots stored in `{DATA_DIR}/backups/`. + +From the web UI: view all backups, trigger immediate backup, restore (current DB saved as pre-restore backup first). + +--- + +## License + +[Elastic License 2.0](LICENSE) — free to use and self-host, not for resale as a managed service. diff --git a/memory/2026-03-10.md b/memory/2026-03-10.md new file mode 100644 index 0000000..6179547 --- /dev/null +++ b/memory/2026-03-10.md @@ -0,0 +1,126 @@ + +--- + +## Afternoon Session — vault1984 Strategy (13:00–13:11 ET) + +### vault1984 Architecture Decisions +- **L2 single vault-level keypair confirmed** — not per-agent. Threat model = database theft, not agent compromise. Single keypair is correct. +- **TOTP at L2 noted** — means every MCP client needs TOTP generation logic. Worth knowing before classifying. +- **`crypto_box_seal` recommended** over rolling X25519+AES-GCM manually. + +### vault1984 Product Structure (clarified) +- `app/` = OSS core, will go on GitHub (private for now) +- `website/` = marketing + managed service front-door, lives on Zurich +- **Managed vault1984** = the monetization play. Johan hosts it, charges for it. +- OSS core is the trust foundation (auditable); managed service is the product. +- Migration between self-hosted ↔ managed is possible but no users yet so not a priority. + +### vault1984 Positioning (new, firm) +- **Three parallel workstreams:** L2 implementation, website repositioning, browser extension (never started) +- **Browser extension** must come AFTER L2 — would need rebuilding anyway once L2 ships +- **Johan's role:** Supervisor/architect, not junior dev. Agents execute against his specs. +- **Key insight:** "Database worthless to steal" applies equally to self-hosted and managed +- **Managed pitch:** "We host it. We maintain it. We cannot read it." — strongest for managed, not just self-hosted +- **1Password Okta incident** referenced: for vault1984, a server breach is a non-event. DB = noise. +- **Affirmative framing wins** over defensive ("we can't be LastPass'd") — lead with what you ARE, not what you resist +- **"The only hosted vault where the operator holds no keys"** — current best headline candidate + +### vault1984 Three HN Articles (Johan's idea) +1. The breach argument (already drafted at `~/clawd/drafts/vault1984-hn-article.md`) +2. Architecture deep-dive — WebAuthn PRF + HKDF + three tiers — for crypto/security audience +3. Show HN launch post — when OSS ships on GitHub + +### vault1984 README as Leading Document +- Johan decided: README is the canonical source of truth +- Website is the designed version; HN articles are narrative versions; all derive from README +- Existing README: AI-productivity-first, two-tier "Shared/Personal" model — wrong framing +- **New README draft:** `~/clawd/drafts/vault1984-readme-draft.md` + - Opens with Orwell quote + architectural thesis + - Three-tier model: Tier 1 (Metadata), Tier 2 (Credentials/agent-readable), Tier 3 (Sealed/hardware-only) + - Security model table updated for three tiers + - Managed hosting section added + - MCP section updated: token carries Tier 2 private key, agent decrypts locally + +### vault1984 Repo — Now on Git +- Initialized at `/home/johan/dev/vault1984/` (outer monorepo, not app/ itself) +- Remote: `git@zurich.inou.com:vault1984.git` +- First commit: `bca8723 init: vault1984 monorepo skeleton + L2 agent encryption design` +- app/, docs/, website/ remain as independent repos (have their own history) +- Tracked in outer repo: .gitignore, Makefile, L2_AGENT_ENCRYPTION.md + +### Repositioning Subagent +- Completed: `~/clawd/drafts/vault1984-repositioning.md` +- Covers README issues (6 problems), website page-by-page rewrites, what to keep, draft copy +- Option C headline recommended: "We cannot be LastPass'd. Mathematically." +- NOTE: This was written before the "managed service is the product" clarification — some framing needs updating + +### Johan Personal Context (new) +- **Lid van Provinciale Staten van Flevoland** — LPF (Lijst Pim Fortuyn), ~2002–2006 +- Was in NL during the full LPF arc: Fortuyn assassination, 26-seat win, Balkenende I 87-day collapse +- Moved to the US in **2013**, same year Iaso Backup was acquired by GFI/Insight Partners +- Logged to `~/clawd/memory/johan-model.md` + +### Morning Briefing +- Briefing posted, dashboard updated (id: 47ae94ab from overnight, plus morning update) +- Zurich updated (21 packages), dev.inou.com DNS fixed +- Signal retired; Discord is now sole briefing channel + +--- + +## Afternoon Session (Mar 10, ~11am-1pm ET) + +### vault1984 Strategy Crystallized + +**Product structure:** +- `app/` = OSS core, private GitHub (not yet public) +- `website/` = marketing + managed hosting frontend, lives on Zurich +- Managed vault1984 = the monetization play — hosted service with cryptographic guarantees even operator can't read +- Migration between self-hosted and managed: possible but no users yet, not a priority + +**Repositioning thesis:** +- Lead: "The only hosted vault where the operator holds no keys" — architecture, not policy +- Orwell quote stays as the soul +- "Stolen database = worthless ciphertext" is a feature, not a defense +- Incumbents are architecturally trapped — their business model requires server authority +- Managed pitch is STRONGER than self-hosted: "We host it. We cannot read it." + +**README as leading document:** +- README is canonical source of truth +- Website = designed version of same content +- HN articles = narrative versions +- Draft written: `~/clawd/drafts/vault1984-readme-draft.md` +- Old README: AI-productivity framing, "Shared/Personal" two-tier model +- New README: architecture-first, three tiers (Tier 1/2/3 naming) + +**Three HN articles identified:** +1. The breach argument (already drafted) — structural problem + vault1984 as answer +2. Architecture deep-dive — WebAuthn PRF, HKDF, three-tier model — crypto/security audience +3. Show HN launch post — when OSS ships + +**Repositioning doc:** `~/clawd/drafts/vault1984-repositioning.md` (subagent-generated) + +**Johan's role:** Supervisor/architect, not junior developer. Agents execute against his specs. + +**Three parallel workstreams:** +1. Implement L2 (spec in L2_AGENT_ENCRYPTION.md) +2. Website repositioning + onboarding +3. Browser extension (Johan hasn't started this yet) + +### Johan Personal Context Added +- **Lid van Provinciale Staten van Flevoland** — LPF party, ~2002–2006 +- Witnessed full LPF arc: Fortuyn assassination, 26-seat win, Balkenende I 87-day collapse +- Moved to US in 2013, same year Iaso Backup was acquired by GFI/Insight Partners +- Dutch citizen in Florida since 2013 +- Logged in `memory/johan-model.md` + +### vault1984 Git Setup +- Outer repo initialized: `/home/johan/dev/vault1984/` +- Remote: `git@zurich.inou.com:vault1984.git` +- Tracks: `.gitignore`, `Makefile`, `L2_AGENT_ENCRYPTION.md` +- `app/`, `docs/`, `website/` remain as independent repos (all have own git history) +- First commit: `bca8723 init: vault1984 monorepo skeleton + L2 agent encryption design` + +### Decision: Technical/Marketing Writer Subagent +- Johan proposed spinning up a dedicated technical/marketing writer subagent for vault1984 +- Goal: tighter context, specialized writing focus +- All vault1984 writing tasks (README, HN articles, website copy) to route through this agent diff --git a/memory/claude-usage.db b/memory/claude-usage.db index 73bb62b9a3fbb088a1ae966a7310beaff6019cf8..c3eda713028f3a0cfca8dba05df1e06f508b583a 100644 GIT binary patch delta 412 zcmZo@U}lzw_7#Ug_7+Dz^M!9gC$hJme${T>>4Nan4*iB?wBS7*T z$odT}!Sa?-&c?E>;b_|Z3_=VopyoRX02PFxDFDiwgXK-4oVbi+TSGDB&8!Setc;AJ z9NCOE?|$gX$CAwYiD9x?wNUpoK* delta 62 zcmV-E0Kxx&fCPYm1dtm6){z`T0oJi#pDzK_vM>a&19JhplLz4Ek%7&#yWvR=1YHJ> U0Fx?ky0L-G1(MSYvzqp12^@GDwg3PC diff --git a/memory/claude-usage.json b/memory/claude-usage.json index 8a15be5..2d14a5e 100644 --- a/memory/claude-usage.json +++ b/memory/claude-usage.json @@ -1,9 +1,9 @@ { - "last_updated": "2026-03-10T16:00:01.794533Z", + "last_updated": "2026-03-10T22:00:01.889286Z", "source": "api", - "session_percent": 5, - "session_resets": "2026-03-10T19:00:00.749955+00:00", - "weekly_percent": 65, - "weekly_resets": "2026-03-13T03:00:00.749984+00:00", - "sonnet_percent": 50 + "session_percent": 14, + "session_resets": "2026-03-11T00:00:00.843709+00:00", + "weekly_percent": 69, + "weekly_resets": "2026-03-13T02:59:59.843732+00:00", + "sonnet_percent": 53 } \ No newline at end of file diff --git a/memory/git-audit-lastfull.txt b/memory/git-audit-lastfull.txt index 8bf7c5b..3a72e4f 100644 --- a/memory/git-audit-lastfull.txt +++ b/memory/git-audit-lastfull.txt @@ -1 +1 @@ -1773072228 +1773158610 diff --git a/memory/heartbeat-state.json b/memory/heartbeat-state.json index 6f754bd..dc6f6c5 100644 --- a/memory/heartbeat-state.json +++ b/memory/heartbeat-state.json @@ -14,7 +14,7 @@ "lastDocInbox": "2026-02-25T22:01:42.532628Z", "lastTechScan": 1773068932, "lastMemoryReview": "2026-03-10T12:10:06.000Z", - "lastIntraDayXScan": "2026-03-09T20:06:37.000Z", + "lastIntraDayXScan": "2026-03-10T21:59:00.000Z", "lastInouSuggestion": "2026-03-09T15:04:00.000Z", "lastEmail": 1772132453, "pendingBriefingItems": [], diff --git a/memory/johan-model.md b/memory/johan-model.md index 22bdd0e..5fcc213 100644 --- a/memory/johan-model.md +++ b/memory/johan-model.md @@ -126,3 +126,13 @@ --- *Update this file immediately when new patterns emerge. Don't wait for Sunday.* + +--- + +## Political Background + +- **Lid van Provinciale Staten van Flevoland** — LPF (Lijst Pim Fortuyn), ~2002–2006 +- Member of provincial parliament during the most turbulent period in modern Dutch politics: Fortuyn assassination (May 6, 2002), LPF's 26-seat election win, Balkenende I 87-day collapse +- Flevoland: youngest Dutch province, Almere/Lelystad electorate +- Moved to the US in 2013, same year Iaso Backup was acquired by GFI/Insight Partners — likely the trigger +- Provinciale Staten also elects the Eerste Kamer (Senate) — national weight to the role