diff --git a/HEARTBEAT.md b/HEARTBEAT.md index d4685cb..4660a12 100644 --- a/HEARTBEAT.md +++ b/HEARTBEAT.md @@ -376,7 +376,7 @@ Only ping if: IRS correspondence, something urgent, or can't categorize. **Pace = (weekly_percent / time_elapsed_percent) × 100** e.g. 60% used at 50% of the week = pace 120% (burning too fast). 60% used at 80% of the week = pace 75% (fine). -Week runs Sat 2PM → Sat 2PM ET. Sat 7AM–2PM excluded (dead zone, Johan asleep). +Week runs Thu 10PM → Thu 10PM ET (Anthropic changed reset window — previously Sat 2PM). **Alert rules — read carefully:** - **Pace ≤ 100%:** NOT an alert. Tracking correctly. Mention in briefing, nothing more. diff --git a/memory/2026-02-28.md b/memory/2026-02-28.md index 91f62f6..20a2593 100644 --- a/memory/2026-02-28.md +++ b/memory/2026-02-28.md @@ -166,3 +166,73 @@ All 6 agents completed successfully. Johan was sleeping during second sleep bloc ### Key fixes summary - Dealspace: 4 security fixes, 83 tests, smoke test script, request import live - inou: LOINC matching bug fixed, auth backdoor removed, CORS locked, 59 tests written + +--- + +## Afternoon Session (14:00–18:00 ET) + +### Vault1984 — New Project Born +Built a personal password manager for humans with AI assistants. Designed and shipped Day 1 in one afternoon. + +**The insight (Johan's EA analogy):** +> "My EA has access to company files, not my private drawer. Different key, kept on me." + +**Architecture:** +- One Go binary, one SQLite file, port **1984** (Orwell — intentional) +- L1: server key (VAULT_KEY env), AI-readable — API keys, SSH, TOTP +- L2: WebAuthn PRF client-side only (Touch ID/YubiKey/Titan Key) — card numbers, CVV, passport. Key NEVER on server. +- No email/SMS fallback for L2 (would break security model) +- Recovery: printed BIP39 mnemonic only + +**Entry model:** No separate tables. Everything is an entry with free-form fields. `l2:true` per field, `section` for grouping, `kind` for type hint. + +**Import:** Chrome/Firefox CSV, Bitwarden JSON, Proton Pass JSON parsed natively in Go. LLM fallback (Fireworks, chunked) for unknown formats. Handles 12,623 entries. Date-based collision resolution (newest `timePasswordChanged`/`modifyTime`/`revisionDate` wins; Chrome has no timestamps → existing wins). + +**Name evolution:** Started as ClawVault → renamed Vault1984 (stands alone, not Claw-specific) + +**Git:** `git@zurich.inou.com:vault1984.git` | Local: `/home/johan/dev/vault1984/` | Running: `http://192.168.1.16:1984` + +**3 bugs fixed from test suite:** +- L2 fields leaked plaintext to web API → stripped for web+MCP actors +- `words=4` passphrase generator ignored N → fixed +- `?q=` on `/api/entries` ignored → delegates to search + +**Day 2 pending:** WebAuthn PRF, L2 client-side encrypt/decrypt, scoped MCP tokens, extension autofill, Caddy proxy, systemd service + +### Scoped MCP Tokens (KEY FEATURE) +For multi-agent swarms: per-token tag/entry whitelisting. Agent 1 gets `["social","twitter"]`, Agent 2 gets `["dev","github"]`. One compromise = one agent's scope. Added to SPEC.md. + +### Go-to-Market: Alex Finn +- @AlexFinn runs 10+ OpenClaw agents 24/7 on Mac Studio swarm +- He uses bots to scan X — don't tag him, make content his bots surface +- Keywords: OpenClaw, MCP, credentials, multi-agent, swarm, autonomous +- Discord is his primary community — subagent hunting for his server +- James needs Discord account to participate genuinely +- Hook: scoped tokens solving the exact multi-agent credential problem he has + +### Assets created +- `docs/README.md`, `docs/X-ANNOUNCEMENT.md` (3 options + 6-tweet thread) +- `docs/KILLER-FEATURES.md` (14 features, 3 tiers) +- `docs/RESEARCH.md` (Chrome complaints, CC/Codex MCP config, community channels) +- `docs/SESSION-2026-02-28.md` (full session notes) + +### Azure Backup — Abandoned +Johan abandoned the Azure Files project. +- Local: `azure-backup-abandoned-20260228` (kept recoverable) +- Remote: `azure-backup.git` deleted from Zurich + +### Taalas / ChatJimmy (chatjimmy.ai) +Toronto startup, stealth last week. HC1 chip: Llama 3.1 8B hard-coded into silicon. 17,000 tok/s. $30M of $200M spent. Model got boxes puzzle answer right by accident, wrong reasoning. HC2 (70B) will be the real test. Watch this company. + +### Breaking News: US Strikes Iran +Operation Epic Fury. Confirmed by White House + CENTCOM. Iran internet ~98% down (Cloudflare Radar). Signaled Johan at 15:41 ET. + +### OpenAI × DoD +Signed classified AI deployment agreement. OpenAI retains safety stack. Explicitly stated Anthropic should NOT be flagged as supply chain risk. + +### Pending (carry to tomorrow) +- [ ] AlexFinn Discord server found? +- [ ] James Discord account — ask Johan +- [ ] Import Johan's actual 12,623 entries into Vault1984 +- [ ] Vault1984 Day 2: WebAuthn PRF + scoped tokens +- [ ] Caddy proxy + systemd for Vault1984 diff --git a/memory/claude-usage.db b/memory/claude-usage.db index e2b195f..710c35b 100644 Binary files a/memory/claude-usage.db and b/memory/claude-usage.db differ diff --git a/memory/claude-usage.json b/memory/claude-usage.json index c1d9175..075a798 100644 --- a/memory/claude-usage.json +++ b/memory/claude-usage.json @@ -1,9 +1,9 @@ { - "last_updated": "2026-02-28T23:00:02.828215Z", + "last_updated": "2026-03-01T05:00:02.046165Z", "source": "api", - "session_percent": 29, - "session_resets": "2026-03-01T00:00:00.255782+00:00", - "weekly_percent": 33, - "weekly_resets": "2026-03-06T03:00:00.255798+00:00", - "sonnet_percent": 27 + "session_percent": 0, + "session_resets": null, + "weekly_percent": 38, + "weekly_resets": "2026-03-06T03:00:00.008306+00:00", + "sonnet_percent": 31 } \ No newline at end of file diff --git a/memory/heartbeat-state.json b/memory/heartbeat-state.json index d9c1b20..fdd653d 100644 --- a/memory/heartbeat-state.json +++ b/memory/heartbeat-state.json @@ -14,7 +14,7 @@ "lastDocInbox": "2026-02-25T22:01:42.532628Z", "lastTechScan": "2026-02-28T12:04:00-05:00", "lastMemoryReview": "2026-02-28T14:03:00Z", - "lastIntraDayXScan": "2026-02-28T20:42:09.814Z", + "lastIntraDayXScan": "2026-03-01T04:01:37.647Z", "lastInouSuggestion": "2026-02-28T14:00:00Z", "lastEmail": 1772132453, "pendingBriefingItems": [ diff --git a/memory/updates/2026-02-28.json b/memory/updates/2026-02-28.json index 55a9d03..e5479cc 100644 --- a/memory/updates/2026-02-28.json +++ b/memory/updates/2026-02-28.json @@ -1,20 +1,28 @@ { "date": "2026-02-28", - "timestamp": "2026-02-28T09:00:06-05:00", - "openclaw": { - "before": "2026.2.26", - "latest": "2026.2.26", - "updated": false + "time": "21:00 ET", + "os_updates": { + "status": "up_to_date", + "upgraded": 0, + "details": "0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded" }, "claude_code": { - "before": "2.1.63", - "latest": "2.1.63", - "updated": false + "previous": "2.1.53", + "current": "2.1.63", + "updated": true }, - "os": { - "available": "0\n0", + "openclaw": { + "version": "2026.2.26", "updated": false, - "packages": [] + "status": "up_to_date" }, - "gateway_restarted": false -} \ No newline at end of file + "session_cleanup": { + "cron_run_keys_removed": 78, + "active_jsonl_files": 91, + "sessions_json_updated": true + }, + "memory_updated": { + "working_context": true, + "daily_note": true + } +} diff --git a/memory/working-context.md b/memory/working-context.md index 84d9b7d..dbbf10e 100644 --- a/memory/working-context.md +++ b/memory/working-context.md @@ -1,5 +1,5 @@ # Working Context -*Updated: 2026-02-28 17:57 ET* +*Updated: 2026-02-28 21:00 ET (nightly maintenance)* ## PRIMARY PROJECT: Vault1984 @@ -7,44 +7,75 @@ ### What it is Password manager for humans with AI assistants. Two-tier encryption: -- L1: server key, AI (James) can read — API keys, SSH, TOTP -- L2: client-side WebAuthn PRF only (Touch ID / Titan Key) — card numbers, CVV, passport, NEVER on server +- L1: server key (VAULT_KEY env), AI-readable — API keys, SSH, TOTP +- L2: WebAuthn PRF client-side only (Touch ID/YubiKey/Titan Key) — card numbers, CVV, passport. Key NEVER on server. ### Status: Day 1 complete, Day 2 pending - Binary: `/home/johan/dev/vault1984/vault1984` -- Running: `http://192.168.1.16:1984` (port 1984 = Orwell, intentional) +- Running: `http://192.168.1.16:1984` (port = Orwell, intentional) - Git: `git@zurich.inou.com:vault1984.git` - 3 bugs found and fixed by test suite ### Day 2 TODO 1. WebAuthn PRF (client-side L2 key derivation) 2. L2 client-side encrypt/decrypt in browser -3. Scoped MCP tokens (per-agent credential scoping — KEY FEATURE for multi-agent use) +3. Scoped MCP tokens (per-agent credential scoping — KEY FEATURE) 4. Extension autofill (LLM field mapping) 5. Caddy proxy + systemd service 6. Import Johan's actual 12,623 entries -### Go-to-Market -**Goal: Get Alex Finn (@AlexFinn) to adopt Vault1984** -- He runs 10+ OpenClaw agents 24/7 on a swarm (3x Mac Studio, DGX Spark) -- He's a Discord power user — subagent searching for his server -- Strategy: James joins his Discord, participates genuinely, Vault1984 comes up naturally -- James needs Discord account — Johan to provide token -- Content angle: "10 agents, each scoped to exactly what it needs" — scoped MCP tokens +### Go-to-Market: Alex Finn (@AlexFinn) +- Runs 10+ OpenClaw agents 24/7 on Mac Studio swarm (3x Mac Studio + DGX Spark) +- Discord is his primary community — subagent was hunting for his server +- James needs Discord account token from Johan to participate genuinely +- Hook: scoped MCP tokens = exact problem he has (multi-agent credential isolation) +- Content strategy: let his bots surface the content, don't @ tag him -### Assets ready -- `docs/README.md` — project readme -- `docs/X-ANNOUNCEMENT.md` — 3 options + full thread -- `docs/KILLER-FEATURES.md` — 14 features -- `docs/RESEARCH.md` — Chrome complaints, CC/Codex MCP config, community channels -- `docs/SESSION-2026-02-28.md` — full session notes +### Pending items +- [ ] AlexFinn Discord server — did subagent find it? +- [ ] James Discord account token — ask Johan +- [ ] Import 12,623 entries into Vault1984 +- [ ] Vault1984 Day 2 (WebAuthn PRF, scoped tokens, Caddy, systemd) -## Other Active -- **Dealspace/muskepo.com**: Live at 82.24.174.112, Shannon VPS +--- + +## SECONDARY PROJECT: Dealspace (muskepo.com) + +### Status: Live, hardened, tests passing +- Live at: https://muskepo.com (Shannon VPS — 82.24.174.112) +- Shannon VPS: root pw `gUB-C63-EN`, paid till 2026-04-09 +- Git: `git@zurich.inou.com:dealspace.git` | Local: `/home/johan/dev/dealspace` +- 83 tests passing, security hardened (timing attacks fixed, CORS locked, security headers) +- Smoke test: 14/14 PASS (`scripts/smoke-test.sh`) + +### Pending +- [ ] Invite flow (only invited users can sign up — not yet built) +- [ ] GET/DELETE /api/projects/:id, DELETE /api/orgs/:id (documented, missing) +- [ ] SMTP config (waiting on Misha's domain decision) +- [ ] First Misha demo — muskepo.com is placeholder name, Misha hasn't confirmed + +--- + +## SECONDARY PROJECT: inou health + +### Status: Code reviewed, hardened +- LOINC matching bug FIXED (normalize.go) +- Auth backdoor REMOVED (code 250365 gone from dbcore.go) +- CORS locked to allowlist +- 59 tests written and passing +- Full report: `/home/johan/dev/inou/docs/CODE-REVIEW-2026-02-28.md` + +--- + +## Abandoned +- **Azure Backup project** — abandoned, local at `azure-backup-abandoned-20260228`, remote deleted from Zurich + +## World Events Noted +- US Operation Epic Fury (Iran strikes) — 2026-02-28 ~15:41 ET +- OpenAI × DoD classified AI agreement signed +- Taalas/ChatJimmy (chatjimmy.ai) — HC1 silicon Llama 3.1 8B, 17,000 tok/s, $30M spent + +## Infrastructure - **DocSys**: Running at localhost:9201 -- **inou**: Code review done, LOINC fixed, backdoor removed -- **Azure backup**: ABANDONED — deleted from Zurich, local at azure-backup-abandoned-20260228 - -## Pending Subagents -- vault1984-research (Chrome complaints etc) — may still be running -- alexfinn-discord — searching for his Discord server +- **Vault1984**: Running at http://192.168.1.16:1984 +- **Dealspace**: Running at muskepo.com (Shannon VPS)