chore: auto-commit uncommitted changes

2026-03-09 12:03:43 -04:00 · 2026-03-09 12:03:43 -04:00 · 4bd088d8c6
parent 4d49e6649a
commit 4bd088d8c6
10 changed files with 480 additions and 25 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@ -298,6 +298,18 @@ Use subagents liberally:
 - For complex problems, throw more compute at it
 - **HA bulk operations → always K2.5 subagent.** Light control, automation toggles, Monoprice zones, anything returning large JSON from HA API — spawn a K2.5 subagent. The main context should never eat 100KB of WiZ bulb state data. Subagent does the work, reports "done" or "issue with X."

+## ⚙️ OpenClaw Gateway Rules
+
+**Never kill openclaw-gateway directly on forge.** It runs as the `johan` user (not root, not systemd). Using `pkill` or `kill` on the process destroys the session and requires Opus-level repair.
+- ✅ Use: `openclaw gateway restart`
+- ❌ Never: `pkill openclaw`, `kill <pid>` against the gateway process
+
+**Fireworks is not a native OC provider.** If deploying a new OC instance with Fireworks as the LLM, you must define the full provider block under `models.providers.fireworks` (with `baseUrl`, `apiKey`, `api: openai-completions`) — it does NOT auto-resolve from model string alone.
+
+**gateway.mode must be set.** Any new OC instance needs `gateway.mode: local` in the config or it refuses to start with "Gateway start blocked."
+
+**dmPolicy "open" requires allowFrom.** When setting `channels.<channel>.dmPolicy: "open"`, you MUST also add `"allowFrom": ["*"]` or the gateway will fail to start (validated on boot).
+
 ## 🔒 Git & Backup Rules

 **Never force push, delete branches, or rewrite git history.** These are one-way doors — no recovery without a backup. If you think you need `--force`, stop and ask.
--- a/MEMORY.md
+++ b/MEMORY.md
@ -437,6 +437,39 @@ Automated document processing pipeline for scanned paperwork.

 ---

+## Recent Events (2026-03-08, post-synthesis)
+
+### ⚡ OpenClaw 2026.3.7 Released (Mar 8 overnight)
+- GPT-5.4 support, Gemini Flash 3.1, ACP binding persistence, pluggable context engines
+- Johan pinged via Telegram. Patches (deleted transcript indexing) may need reapplication.
+- Previous version noted in infra: 2026.3.2 (Mar 3)
+
+### 💬 agentchat v1.2 + v1.3 Shipped (Mar 8, 04:28 ET session)
+Post-synthesis session finalized agentchat as the peer-to-peer agent coordination layer:
+
+**v1.2:** All messages now route through `main` session on all agents (James, Mira, Hans on Zurich). agentchat lands in each agent's primary thread. No TypeScript plugin needed.
+
+**v1.3:** 1:1 DM rooms added — tab bar with `# group` + `⚡ James` `✨ Mira` `🔧 Hans`. Room-based message filtering client-side. Unread dots. Agent↔agent DMs via `/api/send` with `room: "dm:Hans-James"`. Screenshots work in all rooms.
+
+**DealSpace ops handoff — FINALIZED (this session):**
+- Hans owns all Amsterdam VPS ops (deploy, monitor, DB backups — 7 rolling pre-deploy snapshots)
+- Mira owns build pipeline — builds on forge, SCPs binary to `deploy@82.24.174.112:/opt/dealspace/staging/`
+- Webhook: `http://82.24.174.112:9400/deploy` (HMAC secret — still pending delivery: Hans → Johan → Mira)
+- Same deploy protocol to be reused for vault1984
+
+**Open items from agentchat (still unresolved):**
+- [ ] Webhook HMAC secret (Hans → Johan → Mira) — still undelivered
+- [ ] vault1984 deploy pipeline (same model, Hans to confirm service details)
+- [ ] inou prod SMTP still broken (backdoor OTP 250365 only login path)
+- [ ] Mira MEMORY.md — still missing
+
+### 🧹 Nightly Maintenance (Mar 8 21:00 ET)
+- Session cleanup: 163 orphaned .jsonl deleted, 4 stale .deleted/.reset removed, 77 cron :run: keys purged
+- Claude Code 2.1.71 ✅, OpenClaw 2026.3.7 ✅ (no update needed at that time)
+- OS: all packages up to date (Ubuntu 24.04 noble)
+
+---
+
 ## Work Patterns (learned 2026-01-28)

 - **Johan doesn't want to code.** Mac + Android Studio = build machine only. I do all development on Gateway.
--- a/memory/MEMORY.md
+++ b/memory/MEMORY.md
@ -4,24 +4,74 @@ This file supplements daily notes. Curated, actionable memories that persist acr

 ## Core People & Projects

-**vault1984** — inou's secure knowledge store with AI-native auth. Dual Go binaries: pure vault server + separate marketing web. 21 AWS regions, Zürich HQ. WebAuthn only, BIP39 recovery. Hans VPS (185.218.204.47) as Istanbul node. @vault1984 handle available. Pricing: $12/yr (annual only), text-only, Markdown default.
+**vault1984** — inou's secure knowledge store with AI-native auth. Dual Go binaries: pure vault server (OSS) + vault1984-web (marketing/billing, proprietary). 21 AWS regions, Zürich HQ. WebAuthn only, BIP39 recovery. Text-only, Markdown default. Pricing: $12/yr (annual only). @vault1984 on X registered. @inouhealth registered for inou health.

-**inou LLC** — Florida-registered entity owning vault1984 brand. social@vault1984.com email pending Stalwart setup.
+**inou LLC** — Florida-registered entity owning vault1984 and inou brands. social@vault1984.com and social@inou.com both created on Stalwart (Zurich), alias to johan@jongsma.me. inou prod backdoor `250365` is intentional (dev/ops convenience).

-**OpenClaw** — James's runtime platform, 2026.3.1 latest. Passes React in GitHub stars. MiniMax M2.5 on Hans via Fireworks. Claude usage 66% (pace 183%, resets Thu Mar 6 10PM ET).
+**DealSpace / muskepo.com** — Misha's M&A deal workflow platform. Go + templ + HTMX + SQLite. Auth: Email OTP + backdoor `220402`. **Prod:** Amsterdam `82.24.174.112:9300` (Hans owns VPS ops — deploy/monitor/DB, 7 rolling snapshots). **Build pipeline:** Mira builds on forge, SCPs to Amsterdam staging. Webhook HMAC secret (Hans→Mira) still undelivered.

-**Infrastructure** — forge server (192.168.1.16), James home. Zurich VPS (82.22.36.202) for security monitoring. Cloudflare DNS, Stalwart mail, Caddy proxies. Spacebot (192.168.1.17) runs parallel test.
+**inou health** — Medical imaging/advocacy platform. Prod: `192.168.100.2:1080` → inou.com. MCP at `https://inou.com/mcp` ✅. SMTP broken on prod (Proton Bridge not running). Real patients: Sophia (Johan's daughter) and Anastasia (German family, Ulm hospital, born 2020, hydrocephalus).
+
+**agentchat** — Peer-to-peer coordination chat for the agent network. Go server, port 7777 on forge. James is maintainer. Repo: `git@zurich.inou.com:agentchat.git` → `/home/johan/dev/agentchat/`. v1.3: group + DM rooms, unread dots. All messages route to each agent's `main` session. Shared context repo: `git@zurich.inou.com:agentchat-context.git`. Every deploy → ntfy release note to `inou-alerts`.
+
+**OpenClaw** — James's runtime, latest **2026.3.7** (GPT-5.4, Gemini Flash 3.1, ACP binding persistence, pluggable context engines).
+
+## Agent Network
+
+| Agent | Host | Model | Channel | Role |
+|-------|------|-------|---------|------|
+| James ⚡ | forge (192.168.1.16) | Anthropic Sonnet 4.6 | Discord + Telegram | CoS to Johan. agentchat maintainer. |
+| Mira ✨ | forge (192.168.1.16) | (default) | Telegram @Mira_muskepo_bot | Misha's assistant. DealSpace builder. Workspace: `/home/johan/mira/` |
+| Hans 🔧 | Zurich 185.218.204.47 + Amsterdam 82.24.174.112 | Fireworks MiniMax M2.5 | Discord | VPS ops for DealSpace. Was on MiniMax M2.5 before James switched. |
+
+**Cross-agent comms:** agentchat (port 7777) is the primary channel. Discord is secondary (bots can't directly DM each other — Discord API filters bot-to-bot; workaround: allow each other's bot IDs in guild allowlist).
+
+**Bot IDs:** James = `1478257984546144327`, Hans = `1478321168065761352`, Johan = `666836243262210068`. Guild = `1478270766007976009`.
+
+## Infrastructure
+
+- **forge (192.168.1.16):** James + Mira home. Intel i7-6700K, 64GB RAM, GTX 970 4GB
+- **zurich (82.22.36.202):** Hans + git server + Stalwart mail + Uptime Kuma + ntfy
+- **amsterdam (82.24.174.112):** DealSpace prod. Hans owns ops.
+- **caddy proxy (192.168.0.2):** Reverse proxy for home network
+- **inou prod (192.168.100.2:1080):** inou health platform
+
+## OpenClaw Config Rules (learned the hard way)
+
+- **Fireworks is NOT a native OC provider** — must define under `models.providers.fireworks` with `baseUrl`, `apiKey`, `api: openai-completions`
+- **`gateway.mode: local`** must be set or gateway refuses to start
+- **dmPolicy "open"** requires `allowFrom: ["*"]` — OC validates this, won't start without it
+- **Never kill openclaw-gateway on forge directly** — it runs as `johan` user. Use `openclaw gateway restart` only. (`pkill` killed it in a Mar 3 incident; Opus had to repair.)

 ## Recent Decisions & Context

- **vault1984 search**: Vector embeddings at write time. Sealed fields unsearchable by design.
- **vault1984 scope**: Knowledge store for human+AI teams, not just passwords. Agent fields = AI memory.
- **vault1984-web CSS**: Single vault1984.css for marketing + app UI. Live styleguide at vault1984.com/styleguide.html.
- **Hans Discord**: James↔Hans commands via private Discord server. Hans runs MiniMax M2.5, no Anthropic tokens.
- **@vault1984 X handle**: Available. Register with social@vault1984.com, upgrade to Verified Org as inou LLC.
+- **vault1984 search:** Vector embeddings at write time. Sealed fields unsearchable by design.
+- **vault1984 scope:** Knowledge store for human+AI teams, not just passwords. Agent fields = AI memory.
+- **vault1984-web CSS:** Single vault1984.css for marketing + app UI. Live styleguide at vault1984.com/styleguide.html. Tailwind fully removed. Nav/footer still copy-pasted (not templated yet).
+- **vault1984 AWS regions:** 21 selected (not 30+). China (cn-north-*) is separate AWS partition — NOT deployable with normal account. GovCloud excluded.
+- **DealSpace deploy model:** Hans owns Amsterdam VPS, Mira owns build pipeline — clean separation of concerns.
+- **Mira MEMORY.md:** Still missing DealSpace/Misha context — needs to be created.
+- **inou SMTP:** Proton Bridge not running on prod at 192.168.100.2 — open issue.
+- **Spacebot/Andrew (192.168.1.17):** Runs Claude Sonnet 4.6 via Anthropic OAuth. Known issue: worker dispatch silent failure on multi-step tasks.

-## Key Dates & Status
+## Key Open Items

- **Week resets**: Thu Mar 6 10PM ET (36% elapsed as of Mon 11AM)
- **Last major vault1984 push**: 2026-03-02 early morning (styleguide, hosted.html fixes, Hans setup)
- **OpenClaw 2026.3.1 shipped**: Mar 2 05:10 UTC - OpenAI WebSocket, Claude 4.6 adaptive thinking, better Docker/K8s, agent visual diffs plugin
+- [ ] **vault1984 credential import** — 12,623 entries from Proton Pass
+- [ ] **vault1984 WebAuthn wizard** — 3-step setup
+- [ ] **@vault1984 X** — profile image + header + first post
+- [ ] **vault1984 deploy pipeline** — Hans needs to own vault1984 deploys (same model as DealSpace)
+- [ ] **DealSpace webhook secret** — Hans → Johan → Mira handoff pending
+- [ ] **DealSpace invite flow + SMTP** — not built
+- [ ] **inou SMTP fix** — Proton Bridge not running on prod
+- [ ] **Mira MEMORY.md** — DealSpace/Misha context
+- [ ] **vault1984-web templating** — nav/footer still copy-pasted across 7 pages
+
+## Stalwart Mail
+
+- Spam filter hardened: DMARC+DKIM pass → INBOX (score -150, Sieve rule). Bayes disabled (was auto-poisoning from junk moves).
+- vault1984.com domain added: social@vault1984.com live, catch-all → Johan. DKIM: Ed25519 selector `stalwart`.
+- noreply@inou.com: Stalwart on Zurich, pass InouNoreply2026!
+
+## Anthropic Claude Usage
+
+Week resets Thursday ~10 PM ET. Monitor at start of each week to avoid pace overage.
--- a/memory/claude-usage.db
+++ b/memory/claude-usage.db
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-03-09T04:00:01.464252Z",
+  "last_updated": "2026-03-09T16:00:01.882725Z",
  "source": "api",
-  "session_percent": 2,
-  "session_resets": "2026-03-09T08:00:00.421489+00:00",
-  "weekly_percent": 50,
-  "weekly_resets": "2026-03-13T03:00:00.421508+00:00",
-  "sonnet_percent": 39
+  "session_percent": 8,
+  "session_resets": "2026-03-09T18:00:00.816847+00:00",
+  "weekly_percent": 55,
+  "weekly_resets": "2026-03-13T02:59:59.816869+00:00",
+  "sonnet_percent": 41
 }
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@ -7,15 +7,15 @@
    "news": 1771597876,
    "claude_usage": 1772624091
  },
-  "lastBriefing": 1772799883,
+  "lastBriefing": 1773068932,
  "lastWeeklyDocker": "2026-03-08T05:05:28+00:00",
  "lastWeeklyHAOS": "2026-03-08T05:05:28+00:00",
  "lastWeeklyMemorySynthesis": "2026-03-08T05:02:00.000Z",
  "lastDocInbox": "2026-02-25T22:01:42.532628Z",
-  "lastTechScan": 1772799883,
-  "lastMemoryReview": "2026-03-07T11:05:00Z",
-  "lastIntraDayXScan": "2026-03-08T22:29:00.000Z",
-  "lastInouSuggestion": "2026-03-08T15:28:47.000Z",
+  "lastTechScan": 1773068932,
+  "lastMemoryReview": "2026-03-09T04:58:14.000Z",
+  "lastIntraDayXScan": "2026-03-09T15:11:00.000Z",
+  "lastInouSuggestion": "2026-03-09T15:04:00.000Z",
  "lastEmail": 1772132453,
  "pendingBriefingItems": [],
  "lastOvernightAgentWork": "2026-02-28T12:20:00Z"
--- a/memory/security-baselines/forge.md
+++ b/memory/security-baselines/forge.md
@ -7,6 +7,7 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpdYKhUPal5p9oI6kN85PAB7oZ+j0P2+xCzvt1rord6 johanjongsma@Johans-MacBook-Pro.local
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5hDM45kOB8jxk+M4Kk9in9bpwZ90sSZsPBMbzJRkbF johan@thinkpad-x1
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUxlVDVtTA3gw4psRs/OeFSW6ExczzgFy2otLS4NVzn hans@vault1984-hq  ← added 2026-03-08, pending confirmation

 ## Expected Users (uid>=1000)
 nobody:65534 (system)
@ -23,9 +24,10 @@ scanner:1001 (SMB scanner share user — added 2026-02)
 - 9200 (james-dashboard)
 - 9201 (docsys)
 - 9202 (Fully dashboard)
- 9300 (dealroom)
+- 9300 (dealspace)
 - 9877/9878 (node)
 - 1984 (vault1984 — dev project, added 2026-03-01)
+- 7777 (agentchat — dev project, added 2026-03-09, pending confirmation)
 - 9900 (docproc)
 - 18789 (openclaw-gateway — all interfaces)
 - 18792 (openclaw browser — localhost)
--- a/memory/security-scans/2026-03-09.md
+++ b/memory/security-scans/2026-03-09.md
@ -0,0 +1,174 @@
+# Weekly Security Posture Scan — 2026-03-09
+Scan time: 09:03–09:20 AM EST
+Scanner: James (OpenClaw cron)
+
+## Summary
+| Host | Status | Key Findings |
+|------|--------|--------------|
+| forge (localhost) | 🔴 WARNING | python3 http.server on 9999 exposing /tmp to LAN; new SSH key hans@vault1984-hq; new agentchat:7777 |
+| zurich.inou.com | ✅ CLEAN | 1 upgradable pkg; brute force normal; all services healthy |
+| caddy (192.168.0.2) | ⚠️ WARNING | New user hans:1002 (not in baseline); SSH keys changed; port 2283 added |
+| james-old (192.168.1.17) | ⚠️ WARNING | RDP 3389 still open (ongoing); k2-watchdog cron |
+| staging (192.168.1.253) | ✅ CLEAN | All expected services; logins clean |
+| prod (192.168.100.2) | ✅ CLEAN | SSH restored; services expected |
+
+---
+
+## Forge (localhost / 192.168.1.16)
+
+### 🔴 CRITICAL: Python HTTP Server Exposing /tmp on Port 9999
+- Process: `python3 -m http.server 9999 --bind 0.0.0.0`
+- CWD: `/tmp` — serving the ENTIRE /tmp directory to all interfaces
+- Binary: `/usr/bin/python3.12 (deleted)` — orphaned process, binary was updated/deleted
+- UFW: Port 9999 accessible from entire LAN (192.168.0.0/22 → ALLOW Anywhere rule)
+- **Files exposed:** `clawvault-preview.db`, `clawvault-preview.db-shm/wal`, `cron_keys.txt`, `Caddyfile.bak`, `Caddyfile.new`, dev logs, API test files, android APKs, SQL dumps, etc.
+- **Action needed:** Kill this process immediately — `kill 866793`
+- **Origin:** Started ~Mar 7 01:14 AM, likely left running from a dev session
+
+### ⚠️ New SSH Key: hans@vault1984-hq
+- Added to `~/.ssh/authorized_keys` on Mar 8 at 01:46 AM
+- Comment: `hans@vault1984-hq` — appears to be vault1984 project key
+- Not in baseline (baseline was last updated Mar 1)
+- **Action:** Confirm this is intentional; update baseline if so
+
+### ⚠️ New Service: agentchat on Port 7777
+- Binary: `/home/johan/dev/agentchat/agentchat`
+- Started ~Mar 8 04:55 AM
+- Not in baseline
+- **Action:** Confirm intentional; add to baseline if so
+
+### ✅ FIXED: SSH Hardening (Previously Critical)
+- `passwordauthentication no` ✅ ← FIXED from last week's critical finding!
+- `permitrootlogin no` ✅
+- `pubkeyauthentication yes` ✅
+
+### ✅ Clean Items
+- UFW: active ✅
+- fail2ban: running, 0 bans (expected for LAN machine) ✅
+- Users: johan:1000, scanner:1001 — match baseline ✅
+- SSH keys (known): james@server, johan@ubuntu2404, claude@macbook, johanjongsma@Johans-MacBook-Pro.local, johan@thinkpad-x1 — all match baseline ✅
+- Logins: all from 192.168.1.14 (Johan's MacBook) ✅
+- Failed logins: none ✅
+- Crontab: backup-forge, claude-usage-check, ddns-update, health-push — all known ✅
+- vault1984 on 1984, 9900 (docproc), dealspace 9300 — expected ✅
+
+---
+
+## Zurich (zurich.inou.com / 82.22.36.202)
+
+### ✅ Upgradable Packages: 1
+- Down from 17 last week — packages were updated ✅
+- 1 remaining package — low urgency
+
+### ✅ Brute Force (Expected for Public VPS)
+- fail2ban stats not captured this scan (output truncated)
+- All SSH connections still restricted to key-only ✅
+
+### ✅ Clean Items
+- SSH hardened: passwordauth no, permitroot without-password ✅
+- UFW active with expected rules ✅
+- Docker: uptime-kuma (healthy), vaultwarden (healthy) ✅
+- Services: stalwart-mail on all expected ports, caddy on 80/443 ✅
+- Crontab: vaultwarden-backup, stalwart-allowlist-sync, config-backup, certbot, nuclei-monthly — all expected ✅
+- Last logins from home public IP only ✅
+
+---
+
+## Caddy (192.168.0.2)
+
+### ⚠️ New User: hans:1002
+- `hans:x:1002:1005::/home/hans:/bin/bash`
+- NOT in baseline (baseline: nobody, johan:1000, stijn:1001)
+- Shell set to /bin/bash with home at /home/hans
+- Correlates with `hans@vault1984-hq` key on forge — same person/project
+- **Action:** Confirm who added this user and why; update baseline if intentional
+
+### ⚠️ SSH Keys Changed
+- Current root authorized_keys: only `james@forge` (1 key)
+- Baseline had 3 keys: james@forge, claude@macbook, johan@ubuntu2404
+- **2 keys removed** — actually reduces attack surface (good), but unexplained change
+- **Action:** Update baseline to reflect current state
+
+### ⚠️ Port 2283 (Caddy binding)
+- Caddy listening on 2283 — likely new reverse proxy entry for Immich
+- Not in baseline (baseline: 22, 80, 443, 40021, 2019-lo, 53-lo)
+- No corresponding UFW rule visible — may be LAN-accessible
+- **Action:** Confirm Caddy is proxying Immich on this port; add to baseline
+
+### ✅ Clean Items
+- SSH hardened: passwordauth no, permitroot without-password ✅
+- UFW active ✅
+- fail2ban: not active (known — unchanged from baseline)
+- Logins: `reboot system boot` only (no user logins) — suggests rarely accessed ✅
+- Failed logins: none ✅
+- TLS cert: valid, `notAfter=Jun 3 2026` (~86 days remaining) ✅
+- Crontab: daily config-backup to git ✅
+- SSH daemon: responding normally ✅ (was showing "connection refused" last week — resolved)
+- stijn user: present as expected ✅
+
+---
+
+## James-Old (192.168.1.17)
+
+### ⚠️ RDP Port 3389 (Ongoing)
+- Still open from last scan — investigation pending
+- Process: xrdp (confirmed — shows in process list)
+- LAN-only exposure; low external risk
+- **Action:** Confirm need; disable xrdp if not actively used
+
+### ℹ️ k2-watchdog.sh Cron
+- `*/5 * * * * /home/johan/clawd/scripts/k2-watchdog.sh`
+- Not noted in previous baseline (was not captured)
+- Legitimate — added to baseline
+
+### ✅ Clean Items
+- Users: johan:1000, scanner:1001 — match baseline ✅ (snap users not present this scan)
+- SSH keys: 3 keys — match baseline ✅
+- Logins: all from 192.168.1.14 (Johan's MacBook), last Mar 2 ✅
+- Failed logins: none ✅
+- Ports: 18789, 19898, 22, 139/445, 8030, 8080, 9200, 3389, 21 — match baseline ✅
+- Processes: xrdp (explains 3389), openclaw, message-bridge, signal-cli — expected ✅
+
+---
+
+## Staging (192.168.1.253)
+
+### ✅ Clean Scan
+- Users: only johan:1000 ✅
+- SSH keys: claude@macbook, johanjongsma@Johans-MacBook-Pro.local, james@server, james@forge — reasonable
+- Logins: all from 192.168.1.14, last Mar 1 ✅
+- Ports: 22, 139/445, 2283 (Immich), 8080, 8082 (inou api), 8096 (Jellyfin), 8123 (HA), 8765, 9000, 9124, 1080 — expected ✅
+- Crontab: inou start.sh @reboot — expected ✅
+
+### ℹ️ ClickHouse at 485% CPU
+- `clickhouse-server` pegging ~5 cores at scan time
+- May be running a heavy query or replication/compaction
+- Monitor — not necessarily alarming for ClickHouse
+
+---
+
+## Prod (192.168.100.2)
+
+### ✅ Fully Clean — SSH Access Restored
+- SSH access restored (was broken last week with "Too many auth failures")
+- Users: only johan:1000 ✅
+- SSH keys: claude@macbook, johan@ubuntu2404, james@forge — appropriate
+- Logins: last from 192.168.1.14 on Mar 6 ✅
+- Ports: 22, 8082 (inou api), 1080 (portal), 8765 (viewer) — lean, expected ✅
+
+---
+
+## Action Items
+1. 🔴 **FORGE: Kill python3 http.server on 9999** — `kill 866793` — exposing /tmp including vault DBs to LAN
+2. ⚠️ **FORGE: Confirm hans@vault1984-hq SSH key** — update baseline when verified
+3. ⚠️ **FORGE: Confirm agentchat on 7777** — update baseline when verified
+4. ⚠️ **CADDY: Who added user hans:1002?** — confirm and update baseline
+5. ⚠️ **CADDY: Update SSH keys baseline** — claude@macbook + johan@ubuntu2404 removed
+6. ⚠️ **CADDY: Confirm port 2283 (Immich proxy)** — add to baseline
+7. ⚠️ **JAMES-OLD: Decision on xrdp/RDP 3389** — disable if not needed
+
+## Improvements Since Last Scan
+- ✅ Forge SSH password auth FIXED (was Critical last week)
+- ✅ Zurich packages updated (17 → 1 upgradable)
+- ✅ Prod SSH access restored
+- ✅ Caddy SSH daemon responding normally (was connection refused last week)
--- a/memory/updates/2026-03-09.json
+++ b/memory/updates/2026-03-09.json
@ -0,0 +1,63 @@
+{
+  "date": "2026-03-09",
+  "timestamp": "2026-03-09T09:00:02-04:00",
+  "openclaw": {
+    "before": "2026.3.7",
+    "latest": "2026.3.8",
+    "after": "OpenClaw 2026.3.8 (3caab92)",
+    "updated": true
+  },
+  "claude_code": {
+    "before": "2.1.71",
+    "latest": "2.1.71",
+    "updated": false
+  },
+  "os": {
+    "available": 8,
+    "packages": [
+      {
+        "name": "libpython3.12-dev",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "libpython3.12-minimal",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "libpython3.12-stdlib",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "libpython3.12t64",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "python3.12-dev",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "python3.12-minimal",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "python3.12-venv",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      },
+      {
+        "name": "python3.12",
+        "from": "3.12.3-1ubuntu0.11",
+        "to": "3.12.3-1ubuntu0.12"
+      }
+    ],
+    "updated": true,
+    "reboot_required": false
+  },
+  "gateway_restarted": true
+}
--- a/memory/weekly-synthesis-2026-03-09.md
+++ b/memory/weekly-synthesis-2026-03-09.md
@ -0,0 +1,121 @@
+# Weekly Memory Synthesis — Mar 2–8, 2026
+
+*Generated: Monday, March 9, 2026 — 9:00 AM ET*
+
+---
+
+## Executive Summary
+
+The week was dominated by **multi-agent infrastructure**: Hans came online on Zurich, Mira was created for Misha, and **agentchat** (v1.3) emerged as the peer-to-peer coordination backbone. DealSpace got a clean ops model (Hans owns Amsterdam, Mira owns build). vault1984 architecture locked (AWS, 21 regions). OpenClaw upgraded to 2026.3.7.
+
+---
+
+## 🚀 Major Events
+
+### agentchat — New Coordination Layer (Mar 7–8)
+Go WebSocket chat server at port 7777, forge. James is maintainer.
+- **v1.1:** Fixed broadcast routing (was hitting `main` instead of `agentchat` session — cascade conflict)
+- **v1.2:** All messages route to `main` on each agent — no TypeScript plugin needed
+- **v1.3:** DM rooms — tab bar with `# group` + per-agent 1:1 tabs, unread dots, room-based client-side filtering
+- Shared context repo: `git@zurich.inou.com:agentchat-context.git` — agents push summaries after substantive threads
+- Every deploy fires ntfy release note to `inou-alerts`
+
+### Mira — New Agent Launched (Mar 6)
+- Telegram: @Mira_muskepo_bot | Workspace: `/home/johan/mira/`
+- Mission: Help Misha build DealSpace
+- **Still open:** Mira MEMORY.md missing (no DealSpace/Misha context yet)
+- Johan gave James a Telegram profile picture — first time James has a face 🎉
+
+### DealSpace Ops Model — Finalized (Mar 8)
+- **Hans:** owns Amsterdam VPS ops (deploy, monitor, DB — 7 rolling pre-deploy snapshots)
+- **Mira:** owns build pipeline (builds on forge, SCPs to `deploy@82.24.174.112:/opt/dealspace/staging/`)
+- Deploy webhook: `http://82.24.174.112:9400/deploy` (HMAC secret still undelivered to Mira)
+- Same model will be reused for vault1984
+
+### Hans — Fully Operational (Mar 3–5)
+- OpenClaw 2026.3.1 on Zurich (185.218.204.47), Fireworks MiniMax M2.5
+- Extensive debugging session Mar 3: gateway.mode must be local, Fireworks must be defined as full provider in models.providers, model string must match provider key
+- Discord: Hans app ID `1478321168065761352`, James allowed in guild list (and vice versa)
+- Bot-to-bot Discord direct message blocked by Discord API (library filters to prevent loops) — workaround: allow bot IDs in guild allowlist
+
+### vault1984 Architecture — Locked (Mar 3)
+- **AWS** confirmed (not Vultr) for all nodes
+- **21 regions** final (Johan-approved set, not all 31 commercial)
+- China (cn-north-*) excluded — separate AWS partition, not deployable with normal account
+- Infra docs updated: INFRASTRUCTURE-OVERVIEW.md + NOC-DEPLOYMENT-PLAN.md
+- **Blocker:** AWS account credentials still needed
+
+### Forge Incident (Mar 3)
+- James killed openclaw-gateway on forge by using `pkill` instead of `openclaw gateway restart`
+- Opus had to repair
+- **Rule added to AGENTS.md:** Never kill gateway directly; use `openclaw gateway restart`
+
+---
+
+## 🧠 Lessons Promoted to AGENTS.md
+
+New section added: **⚙️ OpenClaw Gateway Rules**:
+1. Never `pkill` openclaw-gateway on forge — use `openclaw gateway restart`
+2. Fireworks is not a native OC provider — must define full `models.providers.fireworks` block
+3. `gateway.mode: local` must be set or gateway won't start
+4. `dmPolicy: "open"` requires `allowFrom: ["*"]` alongside it
+
+---
+
+## 📊 Active Projects Status
+
+| Project | Status | Key Blockers |
+|---------|--------|-------------|
+| agentchat | ✅ v1.3 live, James maintainer | — |
+| DealSpace | Live on Amsterdam, ops model set | Webhook secret, invite flow, SMTP |
+| vault1984 | Architecture locked, live at vault1984.com | AWS creds, WebAuthn wizard, credential import |
+| inou health | Stable, MCP live | SMTP broken (Proton Bridge down on prod) |
+| Mira | Running, building DealSpace | MEMORY.md missing |
+| Hans | Fully operational on Zurich | — |
+| Spacebot/Andrew | Functional for Q&A | Worker dispatch still broken |
+
+---
+
+## ⚠️ Outstanding Items
+
+### High Priority
+- [ ] **DealSpace webhook secret** — Hans → Johan → Mira handoff (deploy pipeline blocked)
+- [ ] **Mira MEMORY.md** — needs DealSpace/Misha context before she builds more
+- [ ] **inou SMTP** — Proton Bridge not running on prod (192.168.100.2), login emails broken
+- [ ] **vault1984 AWS credentials** — needed before any node deploys
+
+### Medium Priority
+- [ ] **vault1984 credential import** — 12,623 entries from Proton Pass pending
+- [ ] **vault1984 WebAuthn wizard** — 3-step setup flow
+- [ ] **@vault1984 X** — profile image + header + first post
+- [ ] **DealSpace invite flow + SMTP** — not built
+- [ ] **vault1984-web templating** — nav/footer copy-pasted across 7 pages, no Go html/template partials
+- [ ] **vault1984 deploy pipeline** — Hans to own, same model as DealSpace
+
+### Low Priority
+- [ ] Telegram groupPolicy warning (groupAllowFrom empty)
+- [ ] Spacebot worker dispatch fix (revisit when Johan has bandwidth)
+
+---
+
+## 🗑️ Stale Items Removed from MEMORY.md
+
+- **OpenClaw 2026.3.1** — updated to 2026.3.7
+- **"Claude usage 66% (pace 183%, resets Thu Mar 6 10PM ET)"** — stale, new week started
+- **Incomplete Hans setup notes** — replaced with clean agent network table
+- **Outdated vault1984 "pending" list** — replaced with current open items
+
+---
+
+## 📈 Metrics This Week
+
+- **Agents launched:** 1 (Mira)
+- **Agents fully operational:** 2 (James + Hans)
+- **agentchat versions shipped:** 3 (v1.1 → v1.2 → v1.3)
+- **OpenClaw upgrades:** 2026.3.1 → 2026.3.7
+- **Services deployed:** DealSpace on Amsterdam, agentchat on forge
+- **Incidents:** 1 (forge gateway killed by James — repaired by Opus)
+
+---
+
+*Next synthesis: Sunday, March 15, 2026*