diff --git a/AGENTS.md b/AGENTS.md index 0f0c8df..9b32367 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -298,6 +298,18 @@ Use subagents liberally: - For complex problems, throw more compute at it - **HA bulk operations → always K2.5 subagent.** Light control, automation toggles, Monoprice zones, anything returning large JSON from HA API — spawn a K2.5 subagent. The main context should never eat 100KB of WiZ bulb state data. Subagent does the work, reports "done" or "issue with X." +## ⚙️ OpenClaw Gateway Rules + +**Never kill openclaw-gateway directly on forge.** It runs as the `johan` user (not root, not systemd). Using `pkill` or `kill` on the process destroys the session and requires Opus-level repair. +- ✅ Use: `openclaw gateway restart` +- ❌ Never: `pkill openclaw`, `kill ` against the gateway process + +**Fireworks is not a native OC provider.** If deploying a new OC instance with Fireworks as the LLM, you must define the full provider block under `models.providers.fireworks` (with `baseUrl`, `apiKey`, `api: openai-completions`) — it does NOT auto-resolve from model string alone. + +**gateway.mode must be set.** Any new OC instance needs `gateway.mode: local` in the config or it refuses to start with "Gateway start blocked." + +**dmPolicy "open" requires allowFrom.** When setting `channels..dmPolicy: "open"`, you MUST also add `"allowFrom": ["*"]` or the gateway will fail to start (validated on boot). + ## 🔒 Git & Backup Rules **Never force push, delete branches, or rewrite git history.** These are one-way doors — no recovery without a backup. If you think you need `--force`, stop and ask. diff --git a/MEMORY.md b/MEMORY.md index 17d5fcb..f8b559c 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -437,6 +437,39 @@ Automated document processing pipeline for scanned paperwork. --- +## Recent Events (2026-03-08, post-synthesis) + +### ⚡ OpenClaw 2026.3.7 Released (Mar 8 overnight) +- GPT-5.4 support, Gemini Flash 3.1, ACP binding persistence, pluggable context engines +- Johan pinged via Telegram. Patches (deleted transcript indexing) may need reapplication. +- Previous version noted in infra: 2026.3.2 (Mar 3) + +### 💬 agentchat v1.2 + v1.3 Shipped (Mar 8, 04:28 ET session) +Post-synthesis session finalized agentchat as the peer-to-peer agent coordination layer: + +**v1.2:** All messages now route through `main` session on all agents (James, Mira, Hans on Zurich). agentchat lands in each agent's primary thread. No TypeScript plugin needed. + +**v1.3:** 1:1 DM rooms added — tab bar with `# group` + `⚡ James` `✨ Mira` `🔧 Hans`. Room-based message filtering client-side. Unread dots. Agent↔agent DMs via `/api/send` with `room: "dm:Hans-James"`. Screenshots work in all rooms. + +**DealSpace ops handoff — FINALIZED (this session):** +- Hans owns all Amsterdam VPS ops (deploy, monitor, DB backups — 7 rolling pre-deploy snapshots) +- Mira owns build pipeline — builds on forge, SCPs binary to `deploy@82.24.174.112:/opt/dealspace/staging/` +- Webhook: `http://82.24.174.112:9400/deploy` (HMAC secret — still pending delivery: Hans → Johan → Mira) +- Same deploy protocol to be reused for vault1984 + +**Open items from agentchat (still unresolved):** +- [ ] Webhook HMAC secret (Hans → Johan → Mira) — still undelivered +- [ ] vault1984 deploy pipeline (same model, Hans to confirm service details) +- [ ] inou prod SMTP still broken (backdoor OTP 250365 only login path) +- [ ] Mira MEMORY.md — still missing + +### 🧹 Nightly Maintenance (Mar 8 21:00 ET) +- Session cleanup: 163 orphaned .jsonl deleted, 4 stale .deleted/.reset removed, 77 cron :run: keys purged +- Claude Code 2.1.71 ✅, OpenClaw 2026.3.7 ✅ (no update needed at that time) +- OS: all packages up to date (Ubuntu 24.04 noble) + +--- + ## Work Patterns (learned 2026-01-28) - **Johan doesn't want to code.** Mac + Android Studio = build machine only. I do all development on Gateway. diff --git a/memory/MEMORY.md b/memory/MEMORY.md index 9344ad3..8abb0f2 100644 --- a/memory/MEMORY.md +++ b/memory/MEMORY.md @@ -4,24 +4,74 @@ This file supplements daily notes. Curated, actionable memories that persist acr ## Core People & Projects -**vault1984** — inou's secure knowledge store with AI-native auth. Dual Go binaries: pure vault server + separate marketing web. 21 AWS regions, Zürich HQ. WebAuthn only, BIP39 recovery. Hans VPS (185.218.204.47) as Istanbul node. @vault1984 handle available. Pricing: $12/yr (annual only), text-only, Markdown default. +**vault1984** — inou's secure knowledge store with AI-native auth. Dual Go binaries: pure vault server (OSS) + vault1984-web (marketing/billing, proprietary). 21 AWS regions, Zürich HQ. WebAuthn only, BIP39 recovery. Text-only, Markdown default. Pricing: $12/yr (annual only). @vault1984 on X registered. @inouhealth registered for inou health. -**inou LLC** — Florida-registered entity owning vault1984 brand. social@vault1984.com email pending Stalwart setup. +**inou LLC** — Florida-registered entity owning vault1984 and inou brands. social@vault1984.com and social@inou.com both created on Stalwart (Zurich), alias to johan@jongsma.me. inou prod backdoor `250365` is intentional (dev/ops convenience). -**OpenClaw** — James's runtime platform, 2026.3.1 latest. Passes React in GitHub stars. MiniMax M2.5 on Hans via Fireworks. Claude usage 66% (pace 183%, resets Thu Mar 6 10PM ET). +**DealSpace / muskepo.com** — Misha's M&A deal workflow platform. Go + templ + HTMX + SQLite. Auth: Email OTP + backdoor `220402`. **Prod:** Amsterdam `82.24.174.112:9300` (Hans owns VPS ops — deploy/monitor/DB, 7 rolling snapshots). **Build pipeline:** Mira builds on forge, SCPs to Amsterdam staging. Webhook HMAC secret (Hans→Mira) still undelivered. -**Infrastructure** — forge server (192.168.1.16), James home. Zurich VPS (82.22.36.202) for security monitoring. Cloudflare DNS, Stalwart mail, Caddy proxies. Spacebot (192.168.1.17) runs parallel test. +**inou health** — Medical imaging/advocacy platform. Prod: `192.168.100.2:1080` → inou.com. MCP at `https://inou.com/mcp` ✅. SMTP broken on prod (Proton Bridge not running). Real patients: Sophia (Johan's daughter) and Anastasia (German family, Ulm hospital, born 2020, hydrocephalus). + +**agentchat** — Peer-to-peer coordination chat for the agent network. Go server, port 7777 on forge. James is maintainer. Repo: `git@zurich.inou.com:agentchat.git` → `/home/johan/dev/agentchat/`. v1.3: group + DM rooms, unread dots. All messages route to each agent's `main` session. Shared context repo: `git@zurich.inou.com:agentchat-context.git`. Every deploy → ntfy release note to `inou-alerts`. + +**OpenClaw** — James's runtime, latest **2026.3.7** (GPT-5.4, Gemini Flash 3.1, ACP binding persistence, pluggable context engines). + +## Agent Network + +| Agent | Host | Model | Channel | Role | +|-------|------|-------|---------|------| +| James ⚡ | forge (192.168.1.16) | Anthropic Sonnet 4.6 | Discord + Telegram | CoS to Johan. agentchat maintainer. | +| Mira ✨ | forge (192.168.1.16) | (default) | Telegram @Mira_muskepo_bot | Misha's assistant. DealSpace builder. Workspace: `/home/johan/mira/` | +| Hans 🔧 | Zurich 185.218.204.47 + Amsterdam 82.24.174.112 | Fireworks MiniMax M2.5 | Discord | VPS ops for DealSpace. Was on MiniMax M2.5 before James switched. | + +**Cross-agent comms:** agentchat (port 7777) is the primary channel. Discord is secondary (bots can't directly DM each other — Discord API filters bot-to-bot; workaround: allow each other's bot IDs in guild allowlist). + +**Bot IDs:** James = `1478257984546144327`, Hans = `1478321168065761352`, Johan = `666836243262210068`. Guild = `1478270766007976009`. + +## Infrastructure + +- **forge (192.168.1.16):** James + Mira home. Intel i7-6700K, 64GB RAM, GTX 970 4GB +- **zurich (82.22.36.202):** Hans + git server + Stalwart mail + Uptime Kuma + ntfy +- **amsterdam (82.24.174.112):** DealSpace prod. Hans owns ops. +- **caddy proxy (192.168.0.2):** Reverse proxy for home network +- **inou prod (192.168.100.2:1080):** inou health platform + +## OpenClaw Config Rules (learned the hard way) + +- **Fireworks is NOT a native OC provider** — must define under `models.providers.fireworks` with `baseUrl`, `apiKey`, `api: openai-completions` +- **`gateway.mode: local`** must be set or gateway refuses to start +- **dmPolicy "open"** requires `allowFrom: ["*"]` — OC validates this, won't start without it +- **Never kill openclaw-gateway on forge directly** — it runs as `johan` user. Use `openclaw gateway restart` only. (`pkill` killed it in a Mar 3 incident; Opus had to repair.) ## Recent Decisions & Context -- **vault1984 search**: Vector embeddings at write time. Sealed fields unsearchable by design. -- **vault1984 scope**: Knowledge store for human+AI teams, not just passwords. Agent fields = AI memory. -- **vault1984-web CSS**: Single vault1984.css for marketing + app UI. Live styleguide at vault1984.com/styleguide.html. -- **Hans Discord**: James↔Hans commands via private Discord server. Hans runs MiniMax M2.5, no Anthropic tokens. -- **@vault1984 X handle**: Available. Register with social@vault1984.com, upgrade to Verified Org as inou LLC. +- **vault1984 search:** Vector embeddings at write time. Sealed fields unsearchable by design. +- **vault1984 scope:** Knowledge store for human+AI teams, not just passwords. Agent fields = AI memory. +- **vault1984-web CSS:** Single vault1984.css for marketing + app UI. Live styleguide at vault1984.com/styleguide.html. Tailwind fully removed. Nav/footer still copy-pasted (not templated yet). +- **vault1984 AWS regions:** 21 selected (not 30+). China (cn-north-*) is separate AWS partition — NOT deployable with normal account. GovCloud excluded. +- **DealSpace deploy model:** Hans owns Amsterdam VPS, Mira owns build pipeline — clean separation of concerns. +- **Mira MEMORY.md:** Still missing DealSpace/Misha context — needs to be created. +- **inou SMTP:** Proton Bridge not running on prod at 192.168.100.2 — open issue. +- **Spacebot/Andrew (192.168.1.17):** Runs Claude Sonnet 4.6 via Anthropic OAuth. Known issue: worker dispatch silent failure on multi-step tasks. -## Key Dates & Status +## Key Open Items -- **Week resets**: Thu Mar 6 10PM ET (36% elapsed as of Mon 11AM) -- **Last major vault1984 push**: 2026-03-02 early morning (styleguide, hosted.html fixes, Hans setup) -- **OpenClaw 2026.3.1 shipped**: Mar 2 05:10 UTC - OpenAI WebSocket, Claude 4.6 adaptive thinking, better Docker/K8s, agent visual diffs plugin \ No newline at end of file +- [ ] **vault1984 credential import** — 12,623 entries from Proton Pass +- [ ] **vault1984 WebAuthn wizard** — 3-step setup +- [ ] **@vault1984 X** — profile image + header + first post +- [ ] **vault1984 deploy pipeline** — Hans needs to own vault1984 deploys (same model as DealSpace) +- [ ] **DealSpace webhook secret** — Hans → Johan → Mira handoff pending +- [ ] **DealSpace invite flow + SMTP** — not built +- [ ] **inou SMTP fix** — Proton Bridge not running on prod +- [ ] **Mira MEMORY.md** — DealSpace/Misha context +- [ ] **vault1984-web templating** — nav/footer still copy-pasted across 7 pages + +## Stalwart Mail + +- Spam filter hardened: DMARC+DKIM pass → INBOX (score -150, Sieve rule). Bayes disabled (was auto-poisoning from junk moves). +- vault1984.com domain added: social@vault1984.com live, catch-all → Johan. DKIM: Ed25519 selector `stalwart`. +- noreply@inou.com: Stalwart on Zurich, pass InouNoreply2026! + +## Anthropic Claude Usage + +Week resets Thursday ~10 PM ET. Monitor at start of each week to avoid pace overage. diff --git a/memory/claude-usage.db b/memory/claude-usage.db index feed0c3..a3bf72d 100644 Binary files a/memory/claude-usage.db and b/memory/claude-usage.db differ diff --git a/memory/claude-usage.json b/memory/claude-usage.json index 1157ee4..cd62253 100644 --- a/memory/claude-usage.json +++ b/memory/claude-usage.json @@ -1,9 +1,9 @@ { - "last_updated": "2026-03-09T04:00:01.464252Z", + "last_updated": "2026-03-09T16:00:01.882725Z", "source": "api", - "session_percent": 2, - "session_resets": "2026-03-09T08:00:00.421489+00:00", - "weekly_percent": 50, - "weekly_resets": "2026-03-13T03:00:00.421508+00:00", - "sonnet_percent": 39 + "session_percent": 8, + "session_resets": "2026-03-09T18:00:00.816847+00:00", + "weekly_percent": 55, + "weekly_resets": "2026-03-13T02:59:59.816869+00:00", + "sonnet_percent": 41 } \ No newline at end of file diff --git a/memory/heartbeat-state.json b/memory/heartbeat-state.json index eed2da4..2755c69 100644 --- a/memory/heartbeat-state.json +++ b/memory/heartbeat-state.json @@ -7,15 +7,15 @@ "news": 1771597876, "claude_usage": 1772624091 }, - "lastBriefing": 1772799883, + "lastBriefing": 1773068932, "lastWeeklyDocker": "2026-03-08T05:05:28+00:00", "lastWeeklyHAOS": "2026-03-08T05:05:28+00:00", "lastWeeklyMemorySynthesis": "2026-03-08T05:02:00.000Z", "lastDocInbox": "2026-02-25T22:01:42.532628Z", - "lastTechScan": 1772799883, - "lastMemoryReview": "2026-03-07T11:05:00Z", - "lastIntraDayXScan": "2026-03-08T22:29:00.000Z", - "lastInouSuggestion": "2026-03-08T15:28:47.000Z", + "lastTechScan": 1773068932, + "lastMemoryReview": "2026-03-09T04:58:14.000Z", + "lastIntraDayXScan": "2026-03-09T15:11:00.000Z", + "lastInouSuggestion": "2026-03-09T15:04:00.000Z", "lastEmail": 1772132453, "pendingBriefingItems": [], "lastOvernightAgentWork": "2026-02-28T12:20:00Z" diff --git a/memory/security-baselines/forge.md b/memory/security-baselines/forge.md index e5a3845..f4f4edc 100644 --- a/memory/security-baselines/forge.md +++ b/memory/security-baselines/forge.md @@ -7,6 +7,7 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpdYKhUPal5p9oI6kN85PAB7oZ+j0P2+xCzvt1rord6 johanjongsma@Johans-MacBook-Pro.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5hDM45kOB8jxk+M4Kk9in9bpwZ90sSZsPBMbzJRkbF johan@thinkpad-x1 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUxlVDVtTA3gw4psRs/OeFSW6ExczzgFy2otLS4NVzn hans@vault1984-hq ← added 2026-03-08, pending confirmation ## Expected Users (uid>=1000) nobody:65534 (system) @@ -23,9 +24,10 @@ scanner:1001 (SMB scanner share user — added 2026-02) - 9200 (james-dashboard) - 9201 (docsys) - 9202 (Fully dashboard) -- 9300 (dealroom) +- 9300 (dealspace) - 9877/9878 (node) - 1984 (vault1984 — dev project, added 2026-03-01) +- 7777 (agentchat — dev project, added 2026-03-09, pending confirmation) - 9900 (docproc) - 18789 (openclaw-gateway — all interfaces) - 18792 (openclaw browser — localhost) diff --git a/memory/security-scans/2026-03-09.md b/memory/security-scans/2026-03-09.md new file mode 100644 index 0000000..0e2d174 --- /dev/null +++ b/memory/security-scans/2026-03-09.md @@ -0,0 +1,174 @@ +# Weekly Security Posture Scan — 2026-03-09 +Scan time: 09:03–09:20 AM EST +Scanner: James (OpenClaw cron) + +## Summary +| Host | Status | Key Findings | +|------|--------|--------------| +| forge (localhost) | 🔴 WARNING | python3 http.server on 9999 exposing /tmp to LAN; new SSH key hans@vault1984-hq; new agentchat:7777 | +| zurich.inou.com | ✅ CLEAN | 1 upgradable pkg; brute force normal; all services healthy | +| caddy (192.168.0.2) | ⚠️ WARNING | New user hans:1002 (not in baseline); SSH keys changed; port 2283 added | +| james-old (192.168.1.17) | ⚠️ WARNING | RDP 3389 still open (ongoing); k2-watchdog cron | +| staging (192.168.1.253) | ✅ CLEAN | All expected services; logins clean | +| prod (192.168.100.2) | ✅ CLEAN | SSH restored; services expected | + +--- + +## Forge (localhost / 192.168.1.16) + +### 🔴 CRITICAL: Python HTTP Server Exposing /tmp on Port 9999 +- Process: `python3 -m http.server 9999 --bind 0.0.0.0` +- CWD: `/tmp` — serving the ENTIRE /tmp directory to all interfaces +- Binary: `/usr/bin/python3.12 (deleted)` — orphaned process, binary was updated/deleted +- UFW: Port 9999 accessible from entire LAN (192.168.0.0/22 → ALLOW Anywhere rule) +- **Files exposed:** `clawvault-preview.db`, `clawvault-preview.db-shm/wal`, `cron_keys.txt`, `Caddyfile.bak`, `Caddyfile.new`, dev logs, API test files, android APKs, SQL dumps, etc. +- **Action needed:** Kill this process immediately — `kill 866793` +- **Origin:** Started ~Mar 7 01:14 AM, likely left running from a dev session + +### ⚠️ New SSH Key: hans@vault1984-hq +- Added to `~/.ssh/authorized_keys` on Mar 8 at 01:46 AM +- Comment: `hans@vault1984-hq` — appears to be vault1984 project key +- Not in baseline (baseline was last updated Mar 1) +- **Action:** Confirm this is intentional; update baseline if so + +### ⚠️ New Service: agentchat on Port 7777 +- Binary: `/home/johan/dev/agentchat/agentchat` +- Started ~Mar 8 04:55 AM +- Not in baseline +- **Action:** Confirm intentional; add to baseline if so + +### ✅ FIXED: SSH Hardening (Previously Critical) +- `passwordauthentication no` ✅ ← FIXED from last week's critical finding! +- `permitrootlogin no` ✅ +- `pubkeyauthentication yes` ✅ + +### ✅ Clean Items +- UFW: active ✅ +- fail2ban: running, 0 bans (expected for LAN machine) ✅ +- Users: johan:1000, scanner:1001 — match baseline ✅ +- SSH keys (known): james@server, johan@ubuntu2404, claude@macbook, johanjongsma@Johans-MacBook-Pro.local, johan@thinkpad-x1 — all match baseline ✅ +- Logins: all from 192.168.1.14 (Johan's MacBook) ✅ +- Failed logins: none ✅ +- Crontab: backup-forge, claude-usage-check, ddns-update, health-push — all known ✅ +- vault1984 on 1984, 9900 (docproc), dealspace 9300 — expected ✅ + +--- + +## Zurich (zurich.inou.com / 82.22.36.202) + +### ✅ Upgradable Packages: 1 +- Down from 17 last week — packages were updated ✅ +- 1 remaining package — low urgency + +### ✅ Brute Force (Expected for Public VPS) +- fail2ban stats not captured this scan (output truncated) +- All SSH connections still restricted to key-only ✅ + +### ✅ Clean Items +- SSH hardened: passwordauth no, permitroot without-password ✅ +- UFW active with expected rules ✅ +- Docker: uptime-kuma (healthy), vaultwarden (healthy) ✅ +- Services: stalwart-mail on all expected ports, caddy on 80/443 ✅ +- Crontab: vaultwarden-backup, stalwart-allowlist-sync, config-backup, certbot, nuclei-monthly — all expected ✅ +- Last logins from home public IP only ✅ + +--- + +## Caddy (192.168.0.2) + +### ⚠️ New User: hans:1002 +- `hans:x:1002:1005::/home/hans:/bin/bash` +- NOT in baseline (baseline: nobody, johan:1000, stijn:1001) +- Shell set to /bin/bash with home at /home/hans +- Correlates with `hans@vault1984-hq` key on forge — same person/project +- **Action:** Confirm who added this user and why; update baseline if intentional + +### ⚠️ SSH Keys Changed +- Current root authorized_keys: only `james@forge` (1 key) +- Baseline had 3 keys: james@forge, claude@macbook, johan@ubuntu2404 +- **2 keys removed** — actually reduces attack surface (good), but unexplained change +- **Action:** Update baseline to reflect current state + +### ⚠️ Port 2283 (Caddy binding) +- Caddy listening on 2283 — likely new reverse proxy entry for Immich +- Not in baseline (baseline: 22, 80, 443, 40021, 2019-lo, 53-lo) +- No corresponding UFW rule visible — may be LAN-accessible +- **Action:** Confirm Caddy is proxying Immich on this port; add to baseline + +### ✅ Clean Items +- SSH hardened: passwordauth no, permitroot without-password ✅ +- UFW active ✅ +- fail2ban: not active (known — unchanged from baseline) +- Logins: `reboot system boot` only (no user logins) — suggests rarely accessed ✅ +- Failed logins: none ✅ +- TLS cert: valid, `notAfter=Jun 3 2026` (~86 days remaining) ✅ +- Crontab: daily config-backup to git ✅ +- SSH daemon: responding normally ✅ (was showing "connection refused" last week — resolved) +- stijn user: present as expected ✅ + +--- + +## James-Old (192.168.1.17) + +### ⚠️ RDP Port 3389 (Ongoing) +- Still open from last scan — investigation pending +- Process: xrdp (confirmed — shows in process list) +- LAN-only exposure; low external risk +- **Action:** Confirm need; disable xrdp if not actively used + +### ℹ️ k2-watchdog.sh Cron +- `*/5 * * * * /home/johan/clawd/scripts/k2-watchdog.sh` +- Not noted in previous baseline (was not captured) +- Legitimate — added to baseline + +### ✅ Clean Items +- Users: johan:1000, scanner:1001 — match baseline ✅ (snap users not present this scan) +- SSH keys: 3 keys — match baseline ✅ +- Logins: all from 192.168.1.14 (Johan's MacBook), last Mar 2 ✅ +- Failed logins: none ✅ +- Ports: 18789, 19898, 22, 139/445, 8030, 8080, 9200, 3389, 21 — match baseline ✅ +- Processes: xrdp (explains 3389), openclaw, message-bridge, signal-cli — expected ✅ + +--- + +## Staging (192.168.1.253) + +### ✅ Clean Scan +- Users: only johan:1000 ✅ +- SSH keys: claude@macbook, johanjongsma@Johans-MacBook-Pro.local, james@server, james@forge — reasonable +- Logins: all from 192.168.1.14, last Mar 1 ✅ +- Ports: 22, 139/445, 2283 (Immich), 8080, 8082 (inou api), 8096 (Jellyfin), 8123 (HA), 8765, 9000, 9124, 1080 — expected ✅ +- Crontab: inou start.sh @reboot — expected ✅ + +### ℹ️ ClickHouse at 485% CPU +- `clickhouse-server` pegging ~5 cores at scan time +- May be running a heavy query or replication/compaction +- Monitor — not necessarily alarming for ClickHouse + +--- + +## Prod (192.168.100.2) + +### ✅ Fully Clean — SSH Access Restored +- SSH access restored (was broken last week with "Too many auth failures") +- Users: only johan:1000 ✅ +- SSH keys: claude@macbook, johan@ubuntu2404, james@forge — appropriate +- Logins: last from 192.168.1.14 on Mar 6 ✅ +- Ports: 22, 8082 (inou api), 1080 (portal), 8765 (viewer) — lean, expected ✅ + +--- + +## Action Items +1. 🔴 **FORGE: Kill python3 http.server on 9999** — `kill 866793` — exposing /tmp including vault DBs to LAN +2. ⚠️ **FORGE: Confirm hans@vault1984-hq SSH key** — update baseline when verified +3. ⚠️ **FORGE: Confirm agentchat on 7777** — update baseline when verified +4. ⚠️ **CADDY: Who added user hans:1002?** — confirm and update baseline +5. ⚠️ **CADDY: Update SSH keys baseline** — claude@macbook + johan@ubuntu2404 removed +6. ⚠️ **CADDY: Confirm port 2283 (Immich proxy)** — add to baseline +7. ⚠️ **JAMES-OLD: Decision on xrdp/RDP 3389** — disable if not needed + +## Improvements Since Last Scan +- ✅ Forge SSH password auth FIXED (was Critical last week) +- ✅ Zurich packages updated (17 → 1 upgradable) +- ✅ Prod SSH access restored +- ✅ Caddy SSH daemon responding normally (was connection refused last week) diff --git a/memory/updates/2026-03-09.json b/memory/updates/2026-03-09.json new file mode 100644 index 0000000..21ed3ca --- /dev/null +++ b/memory/updates/2026-03-09.json @@ -0,0 +1,63 @@ +{ + "date": "2026-03-09", + "timestamp": "2026-03-09T09:00:02-04:00", + "openclaw": { + "before": "2026.3.7", + "latest": "2026.3.8", + "after": "OpenClaw 2026.3.8 (3caab92)", + "updated": true + }, + "claude_code": { + "before": "2.1.71", + "latest": "2.1.71", + "updated": false + }, + "os": { + "available": 8, + "packages": [ + { + "name": "libpython3.12-dev", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "libpython3.12-minimal", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "libpython3.12-stdlib", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "libpython3.12t64", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "python3.12-dev", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "python3.12-minimal", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "python3.12-venv", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + }, + { + "name": "python3.12", + "from": "3.12.3-1ubuntu0.11", + "to": "3.12.3-1ubuntu0.12" + } + ], + "updated": true, + "reboot_required": false + }, + "gateway_restarted": true +} \ No newline at end of file diff --git a/memory/weekly-synthesis-2026-03-09.md b/memory/weekly-synthesis-2026-03-09.md new file mode 100644 index 0000000..033396e --- /dev/null +++ b/memory/weekly-synthesis-2026-03-09.md @@ -0,0 +1,121 @@ +# Weekly Memory Synthesis — Mar 2–8, 2026 + +*Generated: Monday, March 9, 2026 — 9:00 AM ET* + +--- + +## Executive Summary + +The week was dominated by **multi-agent infrastructure**: Hans came online on Zurich, Mira was created for Misha, and **agentchat** (v1.3) emerged as the peer-to-peer coordination backbone. DealSpace got a clean ops model (Hans owns Amsterdam, Mira owns build). vault1984 architecture locked (AWS, 21 regions). OpenClaw upgraded to 2026.3.7. + +--- + +## 🚀 Major Events + +### agentchat — New Coordination Layer (Mar 7–8) +Go WebSocket chat server at port 7777, forge. James is maintainer. +- **v1.1:** Fixed broadcast routing (was hitting `main` instead of `agentchat` session — cascade conflict) +- **v1.2:** All messages route to `main` on each agent — no TypeScript plugin needed +- **v1.3:** DM rooms — tab bar with `# group` + per-agent 1:1 tabs, unread dots, room-based client-side filtering +- Shared context repo: `git@zurich.inou.com:agentchat-context.git` — agents push summaries after substantive threads +- Every deploy fires ntfy release note to `inou-alerts` + +### Mira — New Agent Launched (Mar 6) +- Telegram: @Mira_muskepo_bot | Workspace: `/home/johan/mira/` +- Mission: Help Misha build DealSpace +- **Still open:** Mira MEMORY.md missing (no DealSpace/Misha context yet) +- Johan gave James a Telegram profile picture — first time James has a face 🎉 + +### DealSpace Ops Model — Finalized (Mar 8) +- **Hans:** owns Amsterdam VPS ops (deploy, monitor, DB — 7 rolling pre-deploy snapshots) +- **Mira:** owns build pipeline (builds on forge, SCPs to `deploy@82.24.174.112:/opt/dealspace/staging/`) +- Deploy webhook: `http://82.24.174.112:9400/deploy` (HMAC secret still undelivered to Mira) +- Same model will be reused for vault1984 + +### Hans — Fully Operational (Mar 3–5) +- OpenClaw 2026.3.1 on Zurich (185.218.204.47), Fireworks MiniMax M2.5 +- Extensive debugging session Mar 3: gateway.mode must be local, Fireworks must be defined as full provider in models.providers, model string must match provider key +- Discord: Hans app ID `1478321168065761352`, James allowed in guild list (and vice versa) +- Bot-to-bot Discord direct message blocked by Discord API (library filters to prevent loops) — workaround: allow bot IDs in guild allowlist + +### vault1984 Architecture — Locked (Mar 3) +- **AWS** confirmed (not Vultr) for all nodes +- **21 regions** final (Johan-approved set, not all 31 commercial) +- China (cn-north-*) excluded — separate AWS partition, not deployable with normal account +- Infra docs updated: INFRASTRUCTURE-OVERVIEW.md + NOC-DEPLOYMENT-PLAN.md +- **Blocker:** AWS account credentials still needed + +### Forge Incident (Mar 3) +- James killed openclaw-gateway on forge by using `pkill` instead of `openclaw gateway restart` +- Opus had to repair +- **Rule added to AGENTS.md:** Never kill gateway directly; use `openclaw gateway restart` + +--- + +## 🧠 Lessons Promoted to AGENTS.md + +New section added: **⚙️ OpenClaw Gateway Rules**: +1. Never `pkill` openclaw-gateway on forge — use `openclaw gateway restart` +2. Fireworks is not a native OC provider — must define full `models.providers.fireworks` block +3. `gateway.mode: local` must be set or gateway won't start +4. `dmPolicy: "open"` requires `allowFrom: ["*"]` alongside it + +--- + +## 📊 Active Projects Status + +| Project | Status | Key Blockers | +|---------|--------|-------------| +| agentchat | ✅ v1.3 live, James maintainer | — | +| DealSpace | Live on Amsterdam, ops model set | Webhook secret, invite flow, SMTP | +| vault1984 | Architecture locked, live at vault1984.com | AWS creds, WebAuthn wizard, credential import | +| inou health | Stable, MCP live | SMTP broken (Proton Bridge down on prod) | +| Mira | Running, building DealSpace | MEMORY.md missing | +| Hans | Fully operational on Zurich | — | +| Spacebot/Andrew | Functional for Q&A | Worker dispatch still broken | + +--- + +## ⚠️ Outstanding Items + +### High Priority +- [ ] **DealSpace webhook secret** — Hans → Johan → Mira handoff (deploy pipeline blocked) +- [ ] **Mira MEMORY.md** — needs DealSpace/Misha context before she builds more +- [ ] **inou SMTP** — Proton Bridge not running on prod (192.168.100.2), login emails broken +- [ ] **vault1984 AWS credentials** — needed before any node deploys + +### Medium Priority +- [ ] **vault1984 credential import** — 12,623 entries from Proton Pass pending +- [ ] **vault1984 WebAuthn wizard** — 3-step setup flow +- [ ] **@vault1984 X** — profile image + header + first post +- [ ] **DealSpace invite flow + SMTP** — not built +- [ ] **vault1984-web templating** — nav/footer copy-pasted across 7 pages, no Go html/template partials +- [ ] **vault1984 deploy pipeline** — Hans to own, same model as DealSpace + +### Low Priority +- [ ] Telegram groupPolicy warning (groupAllowFrom empty) +- [ ] Spacebot worker dispatch fix (revisit when Johan has bandwidth) + +--- + +## 🗑️ Stale Items Removed from MEMORY.md + +- **OpenClaw 2026.3.1** — updated to 2026.3.7 +- **"Claude usage 66% (pace 183%, resets Thu Mar 6 10PM ET)"** — stale, new week started +- **Incomplete Hans setup notes** — replaced with clean agent network table +- **Outdated vault1984 "pending" list** — replaced with current open items + +--- + +## 📈 Metrics This Week + +- **Agents launched:** 1 (Mira) +- **Agents fully operational:** 2 (James + Hans) +- **agentchat versions shipped:** 3 (v1.1 → v1.2 → v1.3) +- **OpenClaw upgrades:** 2026.3.1 → 2026.3.7 +- **Services deployed:** DealSpace on Amsterdam, agentchat on forge +- **Incidents:** 1 (forge gateway killed by James — repaired by Opus) + +--- + +*Next synthesis: Sunday, March 15, 2026*