chore: auto-commit uncommitted changes

memory/claude-usage.json

@@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-02-28T17:00:02.990894Z",
+  "last_updated": "2026-02-28T23:00:02.828215Z",
   "source": "api",
-  "session_percent": 9,
-  "session_resets": "2026-02-28T19:00:01.126726+00:00",
-  "weekly_percent": 27,
-  "weekly_resets": "2026-03-06T03:00:00.126744+00:00",
-  "sonnet_percent": 22
+  "session_percent": 29,
+  "session_resets": "2026-03-01T00:00:00.255782+00:00",
+  "weekly_percent": 33,
+  "weekly_resets": "2026-03-06T03:00:00.255798+00:00",
+  "sonnet_percent": 27
 }

memory/git-audit-lastfull.txt

@@ -1 +1 @@
-1772211728
+1772298127

memory/heartbeat-state.json

@@ -1,20 +1,20 @@
 {
   "lastChecks": {
-    "email": 1772291050,
+    "email": 1772305243,
     "calendar": null,
     "weather": 1771942030,
     "briefing": 1772291050,
     "news": 1771597876,
-    "claude_usage": 1772291050
+    "claude_usage": 1772305243
   },
   "lastBriefing": "2026-02-27T14:37:39Z",
   "lastWeeklyDocker": "2026-02-22T08:33:05.950745+00:00",
   "lastWeeklyHAOS": "2026-02-22T08:33:05.950745+00:00",
   "lastWeeklyMemorySynthesis": "2026-02-22T10:05:38.031320Z",
   "lastDocInbox": "2026-02-25T22:01:42.532628Z",
-  "lastTechScan": "2026-02-27T14:37:39Z",
+  "lastTechScan": "2026-02-28T12:04:00-05:00",
   "lastMemoryReview": "2026-02-28T14:03:00Z",
-  "lastIntraDayXScan": "2026-02-28T04:01:32.821Z",
+  "lastIntraDayXScan": "2026-02-28T20:42:09.814Z",
   "lastInouSuggestion": "2026-02-28T14:00:00Z",
   "lastEmail": 1772132453,
   "pendingBriefingItems": [

memory/working-context.md

@@ -1,76 +1,50 @@
-# Working Context — Updated 2026-02-27 9:00 PM ET
+# Working Context
+*Updated: 2026-02-28 17:57 ET*
 
-## Current State
-Nightly maintenance completed. Context reset at 9PM. Main session history inaccessible from cron.
+## PRIMARY PROJECT: Vault1984
 
-## Carryover from Feb 26
+**Full session notes:** `/home/johan/dev/vault1984/docs/SESSION-2026-02-28.md`
 
-### Spacebot/Andrew (192.168.1.17)
-- Running parallel to James on port 19898
-- Bug: channel model calls reply() and stops — worker dispatch announced but never executed
-- Simple Q&A works, multi-step agentic tasks silently fail
-- **Revisit: 2026-03-03**
+### What it is
+Password manager for humans with AI assistants. Two-tier encryption:
+- L1: server key, AI (James) can read — API keys, SSH, TOTP
+- L2: client-side WebAuthn PRF only (Touch ID / Titan Key) — card numbers, CVV, passport, NEVER on server
 
-### X/Twitter Intel (from Feb 26 scans)
-- OpenClaw 2026.2.26 — heartbeat DM fix, subagent overhaul, Slack/thread fixes, 30+ security fixes ✅ installed
-- Qwen 3.5 (35B/122B/27B) — rivals Sonnet 4.5, runs on 32GB RAM (Johan's M4 Max)
-- Gemini Nano Banana 2 — Google new image model, Pro quality at Flash speed
-- @steipete OpenClaw beta: External Secrets, thread-bound agents, Codex/Claude Code as ACP subagents
+### Status: Day 1 complete, Day 2 pending
+- Binary: `/home/johan/dev/vault1984/vault1984`
+- Running: `http://192.168.1.16:1984` (port 1984 = Orwell, intentional)
+- Git: `git@zurich.inou.com:vault1984.git`
+- 3 bugs found and fixed by test suite
 
-## Active Projects
-- **inou health** — medical platform, building phase (not promoting yet)
-- **Sophia care** — Johan is night nurse, trach/pulse-ox monitoring nightly
-- **Spacebot/Andrew** — parallel bot test, multi-step tasks broken
-- **James infrastructure** — forge (192.168.1.16), Zurich VPS, Uptime Kuma monitoring
+### Day 2 TODO
+1. WebAuthn PRF (client-side L2 key derivation)
+2. L2 client-side encrypt/decrypt in browser
+3. Scoped MCP tokens (per-agent credential scoping — KEY FEATURE for multi-agent use)
+4. Extension autofill (LLM field mapping)
+5. Caddy proxy + systemd service
+6. Import Johan's actual 12,623 entries
 
-## Pending / Open Threads
-- Spacebot worker dispatch bug — 2026-03-03
-- SentinelOne (S) short position — earnings Mar 12
-- Johan's M4 Max — Qwen 3.5 locally viable (32GB RAM)
-- OpenClaw @steipete beta — External Secrets + ACP thread-bound agents worth watching
+### Go-to-Market
+**Goal: Get Alex Finn (@AlexFinn) to adopt Vault1984**
+- He runs 10+ OpenClaw agents 24/7 on a swarm (3x Mac Studio, DGX Spark)
+- He's a Discord power user — subagent searching for his server
+- Strategy: James joins his Discord, participates genuinely, Vault1984 comes up naturally
+- James needs Discord account — Johan to provide token
+- Content angle: "10 agents, each scoped to exactly what it needs" — scoped MCP tokens
 
-## Infrastructure Notes
-- Signal outbound from cron/subagents blocked (cross-context restriction) — use Telegram or main session relay
-- Claude Code 2.1.62 installed
-- OpenClaw 2026.2.26
+### Assets ready
+- `docs/README.md` — project readme
+- `docs/X-ANNOUNCEMENT.md` — 3 options + full thread
+- `docs/KILLER-FEATURES.md` — 14 features
+- `docs/RESEARCH.md` — Chrome complaints, CC/Codex MCP config, community channels
+- `docs/SESSION-2026-02-28.md` — full session notes
 
----
-## Dealspace (added 2026-02-28)
-- **Live at:** muskepo.com (Shannon VPS 82.24.174.112)
-- **Git:** git@zurich.inou.com:dealspace.git → /home/johan/dev/dealspace
-- **Deploy:** `cd /home/johan/dev/dealspace && make deploy`
-- **Login:** muskepo.com/app/login → johan@jongsma.me → code 220402
-- **Misha:** michael@muskepo.com, super_admin
-- **Status:** Marketing site live, app UI rough, orgs/invite flow being built
-- **Next:** Invite flow, org management, first Misha demo
-- **SMTP:** Waiting on Misha's domain choice before wiring email
+## Other Active
+- **Dealspace/muskepo.com**: Live at 82.24.174.112, Shannon VPS
+- **DocSys**: Running at localhost:9201
+- **inou**: Code review done, LOINC fixed, backdoor removed
+- **Azure backup**: ABANDONED — deleted from Zurich, local at azure-backup-abandoned-20260228
 
----
-## Overnight Build Night Completions (2026-02-28 02:00–07:20 ET)
-
-### Dealspace — ALL shipped, live at muskepo.com
-- **Git SHA:** 4758baf (latest) — all pushed to zurich.inou.com:dealspace.git
-- **Agents completed:** dealspace-orgs, dealspace-requests, dealspace-tests, dealspace-security, dealspace-smoke
-- **83 tests passing** (was 31, now 83)
-- **Security fixes:** OTP timing attack (constant-time compare), CORS wildcard → allowlist, security headers middleware
-- **Request import:** CSV/XLSX with smart header detection, priority normalization, section→workstream creation
-- **Organizations:** OrgData+DealOrgData entry model, domain validation, deal_org linking, domain-lock enforcement
-- **App templates:** projects, project, request, orgs, admin/dashboard — all live
-- **Smoke test:** 14/14 pass on live muskepo.com — auth, projects, orgs, import, security enforcement
-- **Missing endpoints to add:** GET /api/projects/:id (returns 404), DELETE endpoints
-- **Security audit report:** /home/johan/dev/dealspace/docs/SECURITY-AUDIT-2026-02-28.md
-- **Smoke test script:** /home/johan/dev/dealspace/scripts/smoke-test.sh
-
-### inou — First ever test suite + deep code review
-- **59 tests written** (lib + api), all passing
-- **Code review report:** /home/johan/dev/inou/docs/CODE-REVIEW-2026-02-28.md
-- **Critical fix:** LOINC matching bug fixed — Normalize() was skipping entries with SearchKey2 set even without LOINC codes. Fix: require BOTH SearchKey2 AND data["loinc"] to skip.
-- **Critical fix:** CORS wildcard → allowlist (inou.com, localhost, capacitor)
-- **Auth backdoor removed** from inou (code 250365)
-- **Medium/low:** DICOM memory, nil pointer risks, hardcoded Signal recipient — documented only
-- **Build:** passes. Tests: ./lib ./api all green.
-
-### Next for Dealspace (when Johan wakes)
-1. GET /api/projects/:id endpoint (currently 404)
-2. Invite flow (onboarding page for new users)
-3. First real demo: create "Project James", add James LLC as seller org
+## Pending Subagents
+- vault1984-research (Chrome complaints etc) — may still be running
+- alexfinn-discord — searching for his Discord server