chore: auto-commit uncommitted changes

2026-03-13 18:03:49 -04:00 · 2026-03-13 18:03:49 -04:00 · a5eb060e07
parent ae49913ef0
commit a5eb060e07
14 changed files with 838 additions and 19 deletions
--- a/MEMORY.md
+++ b/MEMORY.md
@ -218,8 +218,9 @@ Subagent spawning works from conversation sessions. Auth is via `tokens.operator
 ### inou health (inou.com)
 *(always lowercase — avoid L vs I confusion)*
- Johan's self-built medical imaging platform
+- **Medical data storage platform / infrastructure** — NOT an AI service
- Uses Claude via MCP tools
+- AI (Claude MCP, ChatGPT, Grok, Kimi, MiniMax, etc.) is pluggable on top — inou is the data layer
 - Strategic goal: support ALL major LLMs as connectors. You bring the AI, inou holds your medical data.
 - DICOM viewer, genetic analysis (SNPedia), lab data import, vitals tracking
 - Name origin: 2015 project "I-know-you" (social graph) failed; kept 4-letter domain, repurposed for health
 - **Tiers:** Monitor (free), Optimize ($12/mo), Research ($35/mo)
@ -232,6 +233,17 @@ Subagent spawning works from conversation sessions. Auth is via `tokens.operator
 - SMB share: `inou-dev` (Johan uploads portions he's comfortable sharing)
 - "Nibble" approach — I work on what he gives me
 ### Johan's Strategic Thesis (2026-03-13)
 **"Infrastructure is our moat."**
 Bet on the data layer, not on which AI wins. Models will get bigger, go on-device, consolidate — doesn't matter. The infrastructure underneath always persists.
 - **inou** — medical data infrastructure
 - **vault1984** — credential/identity infrastructure  
 - More TBD — same pattern
 AI is volatile. Data infrastructure isn't. Don't build the AI, build what the AI needs.
 ### Dealspace / muskepo.com (2026-02-28)
 M&A deal workflow SaaS for investment banking data rooms. Built for Misha (Johan's son).
--- a/drafts/vault1984-growth-plan.md
+++ b/drafts/vault1984-growth-plan.md
@ -0,0 +1,221 @@
 # vault1984 — Growth Plan
 *March 2026*
 ---
 ## The model
 Near-zero marginal cost. One binary. SQLite. $100/month for 21 global nodes. Every dollar of revenue is margin.
 This is not a venture-backed growth plan. It is a frugal architect's plan: maximum reach, minimum spend, no sales team until the product sells itself. The HN community is the first customer. The developer flywheel is the distribution engine. The pricing makes competition economically irrational before it starts.
 **The single constraint:** Part-time build. Growth must be compounding and largely passive. Every initiative must generate more than it costs in time.
 ---
 ## Phase 1 — Launch (months 0–1)
 **Goal:** 5,000 individual users. First revenue.
 **The trigger: Show HN.**
 One post. The working product, the architecture argument, the Orwell quote. Not a landing page — a shipped product people can sign up for and use today.
 The HN audience is the exact demographic: developers running AI coding agents who feel the credential problem daily. They don't need to be sold. They need to see the product and understand why it's architecturally different.
 **What a successful HN launch looks like:**
 - Front page, 24+ hours
 - 500+ upvotes
 - Technical debate in comments — this is credibility, not controversy
 - 2,000–5,000 signups in 72 hours
 - Organic spread to Twitter/X, Lobsters, dev Slack/Discord communities
 **Supporting assets needed before launch:**
 - vault1984.com/security — the architecture trust page
 - Updated README with current naming and tagline
 - Import flows working (1Password, Bitwarden, LastPass) — frictionless first day
 - Pricing page with $12/year individual prominently displayed
 **Cost: $0. Time: one evening to write the post.**
 ---
 ## Phase 2 — Organic individual growth (months 1–6)
 **Goal:** 50,000 individual users. ~$600K ARR run rate.
 **The breach trigger is always on.**
 Every credential breach in the news sends people searching. The math-vs-keys argument — one RTX 4090, 17,000 guesses per second, 256-bit WebAuthn PRF key, 3.7 × 10⁴⁸ years — is a shareable fact. We publish it once. It lives forever.
 **Channels (all organic, all low-time-cost):**
 - HN: ongoing presence in relevant threads (MCP, AI agents, security, password managers). Answer questions. Be the expert.
 - Twitter/X: the architecture story in threads. One good thread = 10,000 impressions, zero cost.
 - GitHub: the open-source repo generates stars. Stars generate signups. Stars compound.
 - Developer newsletters: a single mention in TLDR, Console, or Bytes reaches 100K+ developers. One cold email to the editor. Free.
 - Reddit: r/selfhosted, r/privacy, r/netsec — communities that already care about this problem.
 **The referral mechanic:**
 Every time a developer installs vault1984 for personal use, they are a future team account. They work somewhere. They use AI agents professionally. The personal install is the top of the funnel for B2B.
 **Infrastructure:** All 21 nodes live by end of month 2. Low latency everywhere. Users in Lagos and Nairobi load the same fast product as users in San Francisco.
 **Cost: $0 cash. ~2 hours/week in community presence.**
 ---
 ## Phase 3 — The team wedge (months 2–6)
 **Goal:** 500 team accounts. 5,000 business seats. ~$150K ARR from this segment.
 **The product addition: team invite.**
 One feature: invite a colleague. Shared vault for team credentials. Admin sees who has access to what. No SSO. No SCIM. No enterprise procurement. Just: "invite your colleague."
 Developers don't ask permission to use a $12/year tool. They use it, then say "we should all use this." The team invite exists to formalize what's already happening.
 **Pricing: $2.50/user/month.** A 10-person team pays $300/year. Goes on a personal credit card. No procurement involved.
 **How it happens:** Zero outbound. Users who signed up individually receive an in-app nudge: "Invite your team. Share credentials securely." The conversion from individual to team is pull, not push.
 **Cost: Development time (one feature). $0 cash.**
 ---
 ## Phase 4 — SMB market (months 4–12)
 **Goal:** 2,000 SMB accounts. 30,000 seats. ~$900K ARR from this segment.
 **What opens SMB:**
 - Team invite (Phase 3) working and proven
 - Admin console: member management, audit log access, basic reporting
 - Billing by seat, not individual credit cards
 **The AI agent story is now mainstream.** Every SMB with a developer team has at least one agent running. The credential problem is visible. The IT manager is asking "where are all these API keys going?" vault1984 is the answer their developers are already using.
 **The global advantage compounds here.** An SMB in Nairobi or Lagos pays $2.50/user/month and gets sub-50ms latency on a local node. No competitor is serving them. First-mover advantage in emerging markets is locked in.
 **Pricing: $2.50/user/month.** A 20-person SMB pays $600/year. A 50-person SMB pays $1,500/year. Not a budget line anyone argues about.
 **Cost: Admin console development. $0 cash for acquisition.**
 ---
 ## Phase 5 — Enterprise unlock (months 9–18)
 **Goal:** 50 enterprise accounts. 25,000 seats. ~$750K ARR from this segment.
 **What opens enterprise:**
 - SSO (SAML/OIDC) — the single feature that converts a "nice to have" into a "can deploy"
 - SOC 2 Type II formal audit — controls already implemented; audit cost ~$20K
 - Dedicated support tier (email SLA, named contact)
 **Why enterprise comes to vault1984 (not the other way around):**
 Enterprises with 500+ developers running AI coding agents already have the credential problem at scale. Their developers are using vault1984 personally. The CISO asks: "what are all these API keys going to?" The answer is already vault1984. The sale is inbound.
 **The procurement argument is arithmetic:**
 A 1,000-seat enterprise pays $30,000/year at $2.50/user/month. Competitors charge $84,000–120,000 for the same. No negotiation. No RFP theater. Just a purchase order.
 **Pricing: $2.50/user/month.** Same as SMB. The enterprise tier adds SLA and compliance docs, not price.
 **Cost: SSO development + $20K SOC 2 audit.**
 ---
 ## Phase 6 — MSP channel (months 6–18)
 **Goal:** 200 MSP partners. 200,000 managed seats. ~$300K ARR wholesale.
 **The unlock: commercial MSP license.**
 The Elastic License 2.0 prohibits third parties from offering vault1984 as a managed service. A commercial MSP license (separate agreement) opens the channel.
 **The MSP pitch is unique:**
 MSPs can tell their clients: "We cannot read your passwords." No other MSP-delivered solution offers this. vault1984 removes a significant liability — MSPs cannot be subpoenaed for credentials they don't have the keys to.
 **The math for an MSP:**
 - Buy at $1/user/month wholesale
 - Sell at $3–5/user/month
 - 100 clients × 20 users = 2,000 seats = $2,000–4,000/month margin per MSP
 - Signing 200 MSPs: 400,000 seats, $400K–800K/month in MSP revenue
 **Distribution:** MSP communities (IT Nation, Connect, ASCII), direct outreach to the top 500 MSPs. One channel partner manager can handle this at scale — but not needed until Phase 4 is proven.
 **Cost: Legal framework for MSP license (~$15K). $0 thereafter.**
 ---
 ## The numbers
 ### Revenue model (month 18 projection)
 | Segment | Volume | Price | ARR |
 |---------|--------|-------|-----|
 | Individual | 200,000 users | $12/yr | $2.4M |
 | Teams/SMB | 50,000 seats | $2.50/mo | $1.5M |
 | Enterprise | 25,000 seats | $2.50/mo | $0.75M |
 | MSP (wholesale) | 100,000 seats | $1/mo | $1.2M |
 | **Total** | | | **$5.85M ARR** |
 ### Month 30 projection
 | Segment | Volume | Price | ARR |
 |---------|--------|-------|-----|
 | Individual | 500,000 users | $12/yr | $6.0M |
 | Teams/SMB | 150,000 seats | $2.50/mo | $4.5M |
 | Enterprise | 50,000 seats | $2.50/mo | $1.5M |
 | MSP (wholesale) | 300,000 seats | $1/mo | $3.6M |
 | **Total** | | | **$15.6M ARR** |
 **At 8x ARR multiple: $124M valuation.**
 ### Infrastructure cost at month 30
 21 nodes. ~$400/month fully loaded with traffic. The model does not break with scale — it's stateless compute on cheap instances with SQLite. Adding capacity is adding an instance.
 ---
 ## What we do not do
 **No outbound sales.** Until $5M ARR, every new customer comes inbound. The HN flywheel, developer word of mouth, and the breach news cycle are the sales team.
 **No paid acquisition.** CAC must stay near zero. If a channel requires paying per click, it's not the right channel for this stage.
 **No enterprise features before SMB is proven.** SSO and SCIM are on the roadmap — not the priority. Individual → team → SMB → enterprise is the sequence. Skipping steps burns time and capital.
 **No sales team.** A great hire costs $150K/year. The HN post costs nothing. Organic growth at this price point generates more pipeline than a sales team could close.
 ---
 ## The competitive window
 The window to own this category is 18–24 months. After that:
 - 1Password ships "good enough" MCP integration. Feature gap narrows.
 - Bitwarden raises money, hires a product team, catches up on agent support.
 - A well-funded startup enters with VC backing and a sales team.
 None of them can copy the encryption architecture. That moat is permanent — they'd have to break their existing users' recovery flows to do it. But the feature moat and the geography moat narrow over time.
 The time to establish is now. Every month of delay is market share that costs more to recapture later.
 ---
 ## Capital requirements
 The growth plan requires no external capital to reach Phase 3.
 To accelerate Phases 4–6 and eliminate personal financial risk:
 | Item | Cost |
 |------|------|
 | 21-node infrastructure buildout + 18 months | $80K |
 | SOC 2 Type II formal audit | $20K |
 | Legal (MSP license framework, IP) | $40K |
 | **Total** | **$140K** |
 **The raise: $200K at $20M pre-money.** 1% equity. Wealthy friends & family who understand the AgentMail comparable ($6M raised at $60M post-money for MCP on IMAP).
 This is the frugal version. Not a Series A. Not a growth round. Capital to deploy infrastructure and validate enterprise compliance — then the product grows itself.
 ---
 *Draft — George for Johan. Not for external distribution.*
--- a/drafts/vault1984-lastpass-page.md
+++ b/drafts/vault1984-lastpass-page.md
@ -0,0 +1,82 @@
 # vault1984.com/lastpass
 *Draft — George for Johan*
 ---
 **Note:** This page names LastPass directly. It's the necessary exception to the no-competitor-names rule — the offer is meaningless without naming the breach.
 ---
 ## Page copy
 ---
 # If LastPass cost you, vault1984 is free. Forever.
 The breach happened in 2022. The FBI confirmed $150 million stolen in March 2025. Your vault was on their server. Their server was compromised. That's the architecture.
 We built vault1984 so this can't happen again.
 **If you are a plaintiff in the LastPass breach litigation, you get a vault1984 account free for life. No credit card. No trial. No expiry.**
 ---
 ## Why vault1984 is different
 LastPass encrypted your vault with a key derived from your master password. That key lived on their server. When their server was breached, attackers got the encrypted vault and enough information to crack the key. Given enough time and enough computing power — and they have both — they get your passwords.
 vault1984 works differently.
 Your credentials are encrypted with a key derived from your hardware authenticator — a physical device in your possession. That key is never sent to our server. We store ciphertext. We don't have the plaintext. We don't have the key.
 Steal our server. You get noise.
 This isn't a policy. It's not a promise. It's math.
 ---
 ## What "free for life" means
 - Full individual account
 - All features, no limits
 - Never expires
 - No payment method required, ever
 ---
 ## How to claim
 You're on the honor system. We're not asking for court filings or legal documents.
 If you were a LastPass user whose vault was exposed in the 2022 breach, and you've joined the class action or suffered losses as a result — this offer is for you.
 **[Claim your free account →]**
 Enter your email. Select "LastPass breach" at signup. We'll activate your lifetime account immediately.
 If you want to share your story, we'd like to hear it. No obligation. Email: [contact address].
 ---
 ## The class action
 The ongoing litigation against LastPass (consolidated in the District of Massachusetts) has thousands of plaintiffs. If you haven't joined and suffered losses from the breach, organizations like the Electronic Privacy Information Center (EPIC) can point you toward legal resources.
 We are not lawyers. This is not legal advice. We're a password manager that thinks you deserved better.
 ---
 *vault1984 — We host it. We cannot read it.*
 ---
 ## Press angle (not on the page — for Johan's reference)
 The press pitch writes itself: "Password manager offers free lifetime accounts to all LastPass breach victims." 
 Send this page to:
 - Brian Krebs (krebsonsecurity.com) — covered the LastPass breach exhaustively
 - Troy Hunt (HaveIBeenPwned.com) — the breach authority
 - TechCrunch, The Verge, Wired — all covered the $150M FBI confirmation in March 2025
 Timing: launch this page the same day as the Show HN post, or the day after a new LastPass development hits the news. The breach story is still active — TRM Labs confirmed funds still draining as of late 2025.
--- a/drafts/vault1984-market-research.md
+++ b/drafts/vault1984-market-research.md
@ -124,9 +124,9 @@ Largest volume segment. Price-sensitive but willing to pay for something that so
 - [ ] Email-based onboarding
 ### Pricing opportunity
-$4–6/user/month ($48–72/year) is the market rate. vault1984 at current $12/year is priced for individuals. Business pricing needs a per-seat model at market rate. The encryption story supports a small premium over Bitwarden.
+Market rate is $4–6/user/month. vault1984's strategy is not to match the market — it's to make competition economically irrational.
-**Suggested: $5/user/month billed annually ($60/user/year).** Free trial, no minimum seats.
+**Target: $2–3/user/month.** Same product, fraction of the price. At this level no VC funds a competitor — the market is already priced out. Revenue model is volume, not margin.
 ---
@ -161,9 +161,7 @@ Slower sales cycle than SMB but much higher contract value. vault1984's "operato
 - [ ] Custom onboarding support
 ### Pricing opportunity
-$6–10/user/month. SSO parity commands a small premium. The compliance story supports $8/user/month with annual commitment.
+Market rate is $6–10/user/month. vault1984 target: **$2–3/user/month.** Same knockout logic — at this price procurement is a no-brainer, not a negotiation. CFOs don't hold meetings about a $3/seat product.
 **Suggested: $8/user/month ($96/user/year), minimum 25 seats.** Discount for 100+.
 ---
@ -200,7 +198,7 @@ Smallest number of deals, largest contract value. A single enterprise contract c
 - [ ] Dedicated customer success manager
 ### Pricing opportunity
-Custom. $10–20/user/month or six-figure annual deals for large deployments.
+Target: **$2–3/user/month** — same as SMB/MME. The differentiation is not price, it's features (SOC2, SLAs, support). Revenue at this price point is pure volume: 100,000 enterprise seats = $2.4–3.6M ARR. 1M seats = $24–36M ARR.
 ---
@ -245,7 +243,7 @@ High. An MSP with 100 clients averaging 20 users each represents 2,000 seats. va
 ### Pricing opportunity
 $2–3/user/month wholesale (MSP pays), resells at $5–8/user/month to clients. Alternatively, flat fee per client vault instance.
-**Suggested commercial MSP license: $2/user/month billed to MSP, minimum 5 clients.** Volume discounts at 500+ seats.
+**Target: $1–1.50/user/month wholesale.** MSPs resell at $3–5. They make margin. Their clients pay less than 1Password direct. Nobody competes.
 ---
--- a/drafts/vault1984-pr-plan.md
+++ b/drafts/vault1984-pr-plan.md
@ -0,0 +1,103 @@
 # vault1984 — PR & Communications Plan
 *Saved March 2026 — DO NOT EXECUTE until product is locked*
 **Status: HOLD. Product must ship before any of this moves.**
 ---
 ## The core asset: "We Do Not Comply"
 A formal open letter published on vault1984.com, addressed simultaneously to:
 - The Five Eyes alliance (NSA, GCHQ, CSE, ASD, GCSB)
 - The FSB (Russia)
 - The MSS (China)
 Not a blog post. A letter. With the list of laws, the architecture argument, and one line: *"We cannot comply. Not because we won't. Because we don't have what you're asking for."*
 ### Countries/laws to name explicitly
 **Authoritarian:**
 - China — Network Data Security Regulations (2024), Criminal Code decryption requirements, Cryptography Law
 - Russia — Yarovaya Law (Federal Law No. 374-FZ): mandatory handover of decryption keys to FSB
 - Kazakhstan — data localization + mandatory government access
 - Vietnam — Cybersecurity Law 2019
 **Western democracies (no favorites):**
 - USA — PATRIOT Act, CLOUD Act, FISA courts, National Security Letters with gag orders
 - UK — Investigatory Powers Act 2016 ("Snoopers' Charter"): bulk collection, compelled backdoors, Technical Capability Notices
 - Australia — TOLA Act (Assistance and Access Act 2018): compels tech companies to build decryption capabilities on demand
 - EU — Chat Control proposal: client-side scanning of encrypted messages
 - Five Eyes collectively — formally and repeatedly called for encryption backdoors
 **The line:** Architecture doesn't discriminate by flag. FBI, FSB, MSS, GCHQ — same answer. We don't have your keys.
 **The Orwell connection:** He was British. The UK's surveillance law is a monument to the warning he wrote.
 ---
 ## Distribution plan (when ready)
 ### Anchor
 - Publish the open letter at vault1984.com/cannot-comply
 - Simultaneously publish a /security page explaining the architecture
 ### Press pitches
 - **Wired** — covered LastPass breach extensively, covers surveillance, 15M readers
 - **The Intercept** — built for this. Surveillance, encryption, government overreach.
 - **The Register** — UK audience, Investigatory Powers Act is their beat
 - **EFF** — don't pitch a story, pitch a partnership. Ask for formal recognition / co-sign.
 ### X
 - One image post: governments on one side, "Your answer: We don't have your keys." Not a thread. An image. Screenshot-shareable.
 ### YouTube (without being on camera)
 - Pitch to privacy YouTubers: Techlore, Mental Outlaw, or a security researcher channel
 - They make the video, vault1984 gets the reach
 ### HN
 - Let it be discovered organically via the open letter, or submit as a link post (not Show HN)
 - Technical debate in comments = credibility
 ### Long game
 - Submit architecture paper to DEF CON or Black Hat
 - If accepted: the talk reaches every security professional who matters; the YouTube recording does itself
 ---
 ## Why this works
 Every other password manager complies with government requests — because they have the keys. vault1984 structurally cannot comply. Being compelled and refusing is the proof-of-work that the claims are real.
 If China sends a legal demand: publish the response. The headline writes itself. Signups spike.
 Apple's San Bernardino moment made every privacy claim credible overnight. This is vault1984's equivalent — except proactive, not reactive.
 ---
 ## Timing
 **Not before:** Product is shipped, tested, and stable. Nailing the product is the prerequisite. Going public before the product is locked hands competitors a roadmap.
 **Trigger:** Show HN ships and is successful. Product has paying users. Then this plan activates.
 ---
 ## Ideas pool — parked for later
 **Open letter to LastPass's 33M users**
 "Here's what happened to your vault and why it can't happen here." Published on vault1984.com, pitched to Krebs and Troy Hunt. Facts only, sourced to FBI and TRM Labs.
 **Architecture comparison page**
 vault1984 vs. LastPass model, side by side. No opinion. Just the architecture. Devastating in its accuracy.
 **Bug bounty as PR**
 "Extract a credential from a vault1984 server. We'll pay $10,000." Mathematically impossible to win. Excellent press. Proves the claim costs nothing because nobody can collect.
 **The acquisition angle**
 LastPass is owned by Francisco Partners (PE). Architecture is broken, can't be fixed without destroying the product. 33M users hemorrhaging. Acquiring vault1984 gives them a rebuilt architecture and a redemption story. The provocation ladder (plaintiff page → open letter → architecture comparison) makes vault1984 undeniable — too credible to dismiss, too well-positioned to out-build. Acquisition becomes cheaper than watching vault1984 eat their users.
 All of the above: hold until product ships and Show HN is live.
 ---
 *George for Johan. Hold until product ships.*
--- a/drafts/vault1984-pricing.md
+++ b/drafts/vault1984-pricing.md
@ -0,0 +1,188 @@
 # vault1984 — Pricing Plan
 *March 2026*
 ---
 ## The strategic goal
 Pricing must make competition economically irrational at every tier. A competitor needs to out-price, out-cover, out-encrypt, and out-agent-support vault1984 simultaneously. That's not a startup problem — it's an impossibility.
 The model is volume. Near-zero marginal cost means every dollar of revenue is margin. The job of pricing is to remove friction from adoption, not to maximize per-user revenue.
 ---
 ## The market landscape
 | Product | Individual | Notes |
 |---------|-----------|-------|
 | 1Password | $36/year | Market leader, premium positioned |
 | Dashlane | $33/year | Declining market share |
 | Keeper | $35/year | Security-focused |
 | NordPass | $24/year | VPN bundle play |
 | Bitwarden Premium | $10/year | Open source, price leader |
 | Bitwarden Free | $0 | The real competition |
 | Apple/Google built-in | $0 | Biggest consumer competitor |
 **The real floor is $0.** Apple Keychain and Google Password Manager are free and good enough for most consumers. vault1984 doesn't compete with them on price — it competes on agent support, which they don't have, and encryption model, which they don't care about.
 **The relevant paid competitor is Bitwarden at $10/year.** vault1984 at $12/year is actually $2 MORE than Bitwarden. That needs a justification — which is the agent story and the encryption model.
 ---
 ## Is $12 the right number?
 **Arguments for $12/year:**
 - "$1 a month" is a clean, memorable pitch
 - Below every competitor except Bitwarden and free tiers
 - Makes price a non-conversation at any sales stage
 - The launch price — can be raised later once established
 **Arguments against $12/year:**
 - More expensive than Bitwarden Premium ($10/year) — needs clear differentiation to justify
 - At $12/year, reaching $1M ARR requires 83,333 paying users. That's achievable but not trivial.
 - No room for a launch discount (can't go lower without giving the product away)
 **The alternative: $24/year ($2/month)**
 - Still far below every competitor except Bitwarden free
 - "Two dollars a month" is still an easy yes
 - Doubles revenue per user — $1M ARR at 41,667 users instead of 83,333
 - Leaves room for a launch promotion: "First year $12, then $24"
 - More defensible against "why are you more expensive than Bitwarden?"
 **Recommendation: Launch at $12/year, standard price $24/year.**
 Use $12 as the permanent early-adopter/launch price, visible on the page as a strikethrough: ~~$24~~ **$12/year — launch price**. Creates urgency, rewards early adopters, and gives a path to sustainable pricing without a price hike surprise.
 ---
 ## Full pricing structure
 ### Free tier — Yes or no?
 **The case for free:**
 - Bitwarden's success was built on a robust free tier. People adopt free, recommend to paid users.
 - Cost to serve a free user: ~$0 (SQLite, minimal compute)
 - Free users seed the team and enterprise funnel
 **The case against free:**
 - Complicates support and operations
 - "Free" attracts users who will never pay
 - vault1984's differentiator (agent support, encryption model) is most valuable to paying users
 - Bitwarden has free forever — competing on free is fighting on their turf
 **Verdict: 30-day trial, no free tier.**
 Let people experience the full product without commitment. After 30 days: pay or export your data. Clean. No free-rider problem.
 ---
 ### Individual
 | | |
 |--|--|
 | **Price** | $12/year launch (~~$24~~ standard) |
 | **What's included** | Unlimited entries, all three encryption tiers, MCP agent access, browser extension, mobile apps, import/export, daily backups, email support |
 | **What's not** | Shared vaults, admin console, SSO |
 **The pitch:** A dollar a month. The only password manager built for AI agents. If your AI coding agent ever needs a credential, this is the answer.
 ---
 ### Team
 | | |
 |--|--|
 | **Price** | $3/user/month (billed annually) |
 | **Minimum** | 2 users |
 | **What's included** | Everything in Individual + shared vaults, team admin console, audit log, centralized billing |
 | **What's not** | SSO, SCIM, SLA |
 **The pitch:** A 10-person team pays $360/year. No procurement needed. Credit card. Done.
 **Note:** $3/user/month is slightly above the previously discussed $2.50 — reflects that team features add genuine value (shared vaults, admin) and this is still far below every competitor.
 ---
 ### Business (MME)
 | | |
 |--|--|
 | **Price** | $5/user/month (billed annually) |
 | **Minimum** | 10 users |
 | **What's included** | Everything in Team + SSO (SAML/OIDC), SCIM provisioning, priority support, audit log export |
 | **What's not** | Custom SLA, dedicated support, custom contracts |
 **The pitch:** A 50-person company pays $3,000/year. 1Password charges $10,800 for the same. No negotiation required.
 **Note:** SSO is the unlock for this tier. Price jumps from $3 to $5 at the SSO boundary — SSO is expensive to build and support, and enterprises expect it. This is justified.
 ---
 ### Enterprise
 | | |
 |--|--|
 | **Price** | $5/user/month + custom |
 | **Minimum** | 100 users |
 | **What's included** | Everything in Business + custom SLA, dedicated support contact, compliance documentation package (SOC 2, security questionnaire support), custom contract |
 | **Pricing** | $5/user/month is the floor; large deployments negotiate volume |
 **The pitch:** 1,000 seats at $5/user/month = $60,000/year. Competitors charge $84,000–$168,000. The CFO doesn't hold a meeting. They just sign.
 ---
 ### MSP (wholesale)
 | | |
 |--|--|
 | **Price** | $1.50/user/month wholesale |
 | **Requires** | Commercial MSP license (separate from ELv2) |
 | **Minimum** | 50 managed seats |
 | **What's included** | Full Business tier for managed clients, multi-tenant admin console, white-label optional |
 **The MSP math:** Buy at $1.50, sell at $4–6. 100 clients × 20 users = 2,000 seats = $3,000–9,000/month margin. vault1984 earns $3,000/month from that MSP.
 ---
 ## Revenue model at scale
 | Segment | Users/Seats | Price | ARR |
 |---------|------------|-------|-----|
 | Individual | 300,000 | $12/yr | $3.6M |
 | Team | 50,000 seats | $3/mo | $1.8M |
 | Business | 30,000 seats | $5/mo | $1.8M |
 | Enterprise | 20,000 seats | $5/mo | $1.2M |
 | MSP wholesale | 200,000 seats | $1.50/mo | $3.6M |
 | **Total** | | | **$12M ARR** |
 **At 8x ARR multiple: $96M valuation.**
 ---
 ## Launch promotion
 **The LastPass offer:** Free lifetime account for breach plaintiffs. This is not a pricing tier — it's a PR move. The cost is near-zero. The return is press coverage, credibility, and brand positioning.
 **Early adopter pricing:** $12/year for the first 12 months of the product's life. After that, $24/year for new signups. Early adopters are locked in at $12 forever (their loyalty built the product).
 ---
 ## What we don't do
 **No per-agent pricing.** The agent story is the differentiator — taxing it would punish exactly the use case we want to grow. MCP access is included in all paid tiers.
 **No feature-gating the encryption model.** Credential and Identity Encryption are available on all tiers. Security is not a premium feature.
 **No freemium.** 30-day trial, then pay. Clean. No free-rider infrastructure burden, no support complexity.
 ---
 ## Open questions for Johan
 1. **$12 or $24 as standard individual price?** Or $12 launch, $24 after 12 months?
 2. **Free tier?** 30-day trial recommended, but worth discussing.
 3. **Is $3/user/month right for teams, or stick with $2.50?**
 4. **SSO included in Business at $5, or is that too aggressive a price jump from Team?**
 5. **MSP minimum seat count** — 50 is the proposal; could go higher or lower.
 ---
 *Draft — George for Johan.*
--- a/drafts/vault1984-vision.md
+++ b/drafts/vault1984-vision.md
@ -0,0 +1,176 @@
 # vault1984 — From Launch to $100M
 *Strategic vision — March 2026*
 ---
 ## The thesis
 The AI era creates a new infrastructure requirement: every agent that acts on behalf of a human needs credentials. Every company deploying AI needs those credentials managed securely. No existing password manager was built for this. The incumbents are bolting on MCP. They cannot change their encryption architecture without destroying their current product.
 vault1984 is built for this from day one. The window to own this category is open now and will close within 18-24 months as incumbents catch up on features (they can never catch up on architecture).
 The model is near-zero marginal cost: a 10MB SQLite file, one binary, the smallest AWS instance. Every dollar of revenue is margin. The strategy is volume at knockout pricing — make competition economically irrational before it starts.
 ---
 ## Where we are
 **Product:** Complete. One binary, one SQLite file. WebAuthn PRF key derivation. Three-tier encryption (Vault / Credential / Identity). MCP-native. Browser extension. Import from all major password managers. Automatic backups. Audit log.
 **Infrastructure:** Building out 21 global nodes — AWS where present, local providers where AWS doesn't reach (Nigeria, Tanzania, and other markets where incumbents have no footprint).
 **Pricing:** $12/year individual hosted. Essentially zero marginal cost per user.
 **Status:** Pre-launch. The product is ready. The HN article isn't published. The category is unclaimed.
 ---
 ## Step 1 — The HN launch (now)
 **Goal:** 10,000–50,000 individual users in the first 90 days.
 **Why HN:** Zero acquisition cost. Exactly the right audience — developers with AI coding agents who feel the credential problem daily. One good post is worth more than $500K in paid acquisition. This audience validates, then multiplies.
 **The launch asset:** A Show HN post with the working product. The architecture argument. The math-vs-keys story. The Orwell quote.
 **What success looks like:** Front page. 500+ upvotes. Comments debating the architecture (technical credibility). Organic spread to Twitter/X and Lobsters. Signups from developers at major tech companies.
 **The flywheel:** Developer at Kaseya (or Google or Stripe) finds vault1984 on HN → installs for personal use → brings it to their team → becomes an SMB account.
 ---
 ## Step 2 — Viral individual growth (months 1–6)
 **Goal:** 100,000 individual users. $1.2M ARR (at $12/year). Zero meaningful CAC.
 **Channels:**
 - HN ongoing presence (comment threads, Ask HN)
 - Developer Twitter/X — the architecture story is shareable
 - GitHub — open source generates stars, stars generate signups
 - Word of mouth within AI coding communities (Claude Code, Cursor, Codex users)
 **The breach trigger:** Every time there is a credential breach in the news, vault1984 gets organic signups. The math-vs-keys argument writes itself. We don't pay for this — it's always on.
 **Infrastructure by this point:** All 21 nodes live. Global coverage established. Latency competitive everywhere.
 ---
 ## Step 3 — The team wedge (months 3–9)
 **Goal:** Convert individual users to team accounts. First $500K B2B ARR.
 **The product addition needed:** Basic team features — shared vault, invite members, admin view of audit log. Minimal MVP. Not SSO, not SCIM. Just "invite your colleague."
 **Why it happens organically:** Developers don't buy software for their team. They use it personally, then say "we should all use this." The team account exists to formalize what's already happening.
 **Pricing:** $2–3/user/month for teams. A 10-person team pays $240–360/year. Nobody approves this budget — it goes on a credit card.
 ---
 ## Step 4 — SMB market (months 6–18)
 **Goal:** 1,000 SMB accounts. 20,000 seats. ~$480K–720K ARR from this segment.
 **What opens this:** Team features from Step 3 + a simple admin console. Nothing more. SMBs don't need SSO. They need "I can see what my team is doing."
 **The AI agent story:** By this point, AI agent adoption in SMBs is mainstream. Every developer team has at least one agent running. The credential problem is visible. vault1984 is the answer that's already been validated by their engineers.
 **Global coverage matters here:** A Nairobi-based SMB or a Lagos startup can deploy vault1984 with local latency. 1Password can't say that. First-mover advantage in emerging markets is captured here.
 ---
 ## Step 5 — The $10M ARR milestone (months 12–24)
 **The math:**
 | Segment | Users/Seats | Revenue |
 |---------|------------|---------|
 | Individual | 500,000 × $12/yr | $6.0M |
 | Teams/SMB | 150,000 seats × $2.50/mo | $4.5M |
 | **Total** | | **$10.5M ARR** |
 **At 10x ARR multiple (standard SaaS): $100M+ valuation.**
 This is achievable without enterprise sales, without SSO, without SOC 2 certification. It's pure volume — individual and team accounts at knockout pricing.
 ---
 ## Step 6 — The enterprise angle (months 18–36)
 **What unlocks it:**
 - SSO (SAML/OIDC) — single feature that opens MME
 - SOC 2 Type II — 12–18 month process, start at month 6
 - Dedicated support tier
 **Why enterprise comes to us (not the other way around):**
 Enterprises with 800 developers already running AI coding agents have the credential problem at scale. Their developers are already using vault1984 personally. The CISO asks "what are all these API keys going to?" — and the answer is vault1984. The sales cycle is pull, not push.
 **Pricing: $2–3/user/month.** A 2,000-seat enterprise pays $48,000–72,000/year. 1Password charges $168,000 for the same. Procurement doesn't negotiate — they just sign.
 ---
 ## Step 7 — The MSP channel (months 12–24)
 **The unlock:** Commercial MSP license (separate from Elastic License 2.0).
 **The MSP argument:** MSPs can tell their clients "we cannot read your passwords." No other MSP-delivered solution can say that. vault1984 removes a significant liability from MSPs — they can't be compelled to hand over client credentials they don't have keys to.
 **Distribution:** The MSP channel is multiplicative. One MSP with 100 clients and 20 users each = 2,000 seats. Sign 500 MSPs and you have 1M seats without a single enterprise sales call.
 **Pricing: $1–1.50/user/month wholesale.** MSPs resell at $3–5. Margin for them, still below 1Password direct for their clients.
 ---
 ## The competitive moat — why it lasts
 **Price:** Nobody builds a company to compete with $12/year individual and $2-3/user/month enterprise. VCs won't fund it.
 **Coverage:** 21 nodes including markets where 1Password has no infrastructure. Replicating global coverage takes 2–3 years and millions of dollars.
 **Encryption architecture:** 1Password, Bitwarden, Dashlane cannot adopt vault1984's encryption model. Their recovery flow requires operator access — it's baked into their product promise. Copying vault1984 means breaking their existing users. They're architecturally trapped.
 **Agent-native:** They are bolting MCP onto products designed for humans. vault1984 was designed from day one for the model where agents are first-class clients. The product philosophy cannot be copied — only rebuilt.
 **Timing:** The window to establish the category is now. In 18–24 months, incumbents will have shipped "good enough" MCP integrations. The architecture gap will be harder to explain. The coverage gap will narrow. The price gap can be closed with VC money. The time to establish is before any of that happens.
 ---
 ## The vault1984 + inou portfolio
 vault1984 and inou (inou.com) are built on the same infrastructure philosophy: sensitive personal data, organized and private, ready for your AI. vault1984 handles credentials. inou handles health data. Both: operator-blind, independent infrastructure, "your AI connects to it."
 As AI agent adoption grows, every category of sensitive personal data will need this treatment. The portfolio grows with the category.
 The strategic value of two products with the same architecture and philosophy, both gaining adoption simultaneously, is significantly higher than either alone. A strategic acquirer in this space buys the platform, not just one product.
 ---
 ## What we need to get there
 **Now:**
 - [ ] HN Show HN post — the launch asset
 - [ ] /security page on vault1984.com
 - [ ] Updated README with new naming and tagline
 **0–3 months:**
 - [ ] Team invite / shared vault (basic, MVP)
 - [ ] All 21 nodes live
 **3–6 months:**
 - [ ] Admin console (audit log access, member management)
 - [ ] Begin SOC 2 Type II process
 - [ ] Commercial MSP license framework
 **6–12 months:**
 - [ ] SSO (SAML/OIDC) — unlocks MME
 - [ ] Mobile apps (iOS/Android) — unlocks consumer fully
 - [ ] MSP partner program launch
 **12–24 months:**
 - [ ] SOC 2 Type II certified
 - [ ] Enterprise tier (dedicated support, SLA, custom contract)
 - [ ] $10M ARR
 ---
 *Draft — George for Johan. Strategic working document.*
--- a/memory/2026-03-13.md
+++ b/memory/2026-03-13.md
@ -0,0 +1,25 @@
 # Cron: Claude Usage Monitor - 2026-03-13 3:02 PM ET
 ## Status: 🚨 ALERT TRIGGERED
 **Usage Spike Detected!**
 - Previous: 3%
 - Current: 7%
 - Jump: **4% in 2 hours** 🚨
 **Current Usage:**
 - Weekly: 7% used (93% remaining)
 - Session: 29% used (resets 6:00 PM ET today)
 - Sonnet: 9% used
 - Weekly resets: 2026-03-20
 **Dashboard Updated:**
 - Key: claude-usage
 - Value: 📊 Weekly: 7% used
 - Type: info ✅
 **Alert Status:**
 ✅ Discord DM sent to Johan (user:666836243262210068 → messageId: 1482091528230015037)
 ---
 *Source: cron job 50bcb3e9-8436-41f8-820d-830a87dcfc66*
--- a/memory/claude-usage.db
+++ b/memory/claude-usage.db
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-03-13T16:00:01.795083Z",
+  "last_updated": "2026-03-13T22:03:21.069267Z",
  "source": "api",
-  "session_percent": 4,
+  "session_percent": 0,
-  "session_resets": "2026-03-13T17:00:00.738221+00:00",
+  "session_resets": "2026-03-14T03:00:00.022112+00:00",
-  "weekly_percent": 3,
+  "weekly_percent": 8,
-  "weekly_resets": "2026-03-20T02:59:59.738248+00:00",
+  "weekly_resets": "2026-03-20T03:00:00.022131+00:00",
-  "sonnet_percent": 3
+  "sonnet_percent": 11
 }
--- a/memory/corrections.md
+++ b/memory/corrections.md
@ -175,3 +175,11 @@ When Johan pushes back, log the **principle**, not just the symptom.
 **Source of truth:** `/home/johan/dev/inou/smtp.env` — SMTP_HOST=smtp.protonmail.ch, SMTP_PORT=587, SMTP_TOKEN set.
 **Applies to:** Any inou email troubleshooting. Don't suggest bridge on prod — it has no business being there.
 **Test:** Before flagging inou SMTP as broken, check smtp.env first.
 ### PRINCIPLE: inou is infrastructure, not an AI service
 **Trigger:** Nudge suggested building a "Neurosurgery Consultation Package Generator" with Claude reasoning chains
 **Why:** inou's core value is as a **storage platform / infrastructure** — secure medical data storage, import pipelines, DICOM/FHIR/lab data handling. AI is a layer on top, not the product.
 **Applies to:** Every inou nudge, suggestion, feature proposal, or product description
 **Test:** "Am I proposing storage/data/infrastructure work?" If not, rethink.
 **Bad:** "Build AI analysis feature", "Claude consultation generator", "reasoning chain export"
 **Good:** "Improve DICOM import pipeline", "FHIR compliance", "data portability", "storage reliability", "lab data ingestion", "HIPAA-grade storage layer"
--- a/memory/git-audit-lastfull.txt
+++ b/memory/git-audit-lastfull.txt
@ -1 +1 @@
-1773331430
+1773417810
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@ -13,8 +13,8 @@
  "lastWeeklyMemorySynthesis": "2026-03-08T05:02:00.000Z",
  "lastDocInbox": "2026-02-25T22:01:42.532628Z",
  "lastTechScan": 1773416379.4425044,
-  "lastMemoryReview": "2026-03-11T21:42:04.000Z",
+  "lastMemoryReview": "2026-03-13T16:32:00.000Z",
-  "lastIntraDayXScan": 1773384960,
+  "lastIntraDayXScan": 1773503723,
  "lastInouSuggestion": "2026-03-13T16:36:00.000Z",
  "lastEmail": 1772132453,
  "pendingBriefingItems": [],
--- a/memory/inou-context.md
+++ b/memory/inou-context.md
@ -3,7 +3,13 @@
 *Updated: 2026-02-20. Always lowercase "inou" — avoids L/I confusion.*
 ## What it is
-Self-built medical advocacy platform. Born from Sophia's accident (May 2, 2022). Johan built it to fight the medical system — read MRIs, challenge diagnoses, build evidence for specialists. It's not a wellness app. It's infrastructure for people the system has failed.
+**Medical data storage platform / infrastructure.** Born from Sophia's accident (May 2, 2022). Johan built it to fight the medical system — read MRIs, challenge diagnoses, build evidence for specialists. It's not a wellness app, and it's not an AI service. It's infrastructure for people the system has failed.
 **⚠️ CRITICAL FRAMING:** inou = storage platform, infrastructure layer. AI is pluggable — not the product. The goal is to support ALL major LLMs: Claude, ChatGPT, Grok, Kimi, MiniMax, you name it. inou holds your medical data; you connect whatever AI you want to it.
 **Strategic direction (2026-03-13):** Build connectors/integrations for every major model/platform. MCP is the Claude connector — replicate this pattern for ChatGPT (plugin/GPT connector), Grok, MiniMax, Kimi, etc. Data schema must be clean and well-structured so any AI gets good results.
 Nudges should focus on: new LLM integrations, connector reliability, data schema quality, storage infrastructure, import pipelines (DICOM/FHIR/lab), data portability. NOT: "build an AI feature."
 ## Current capabilities
 - **DICOM viewer + analysis** — brain MRIs, CT scans, radiology reports