# Weekly Memory Synthesis — Mar 9–15, 2026

*Generated: Sunday, March 15, 2026 — 9:00 AM ET*

---

## Executive Summary

A week of infrastructure hardening, rapid OC releases (4 in 7 days), a security incident that reinforced Go-first discipline, and the Iran war dominating world news. George launched as a new agent, .17 fully decommissioned, Kaseya M365 dead and removed. The git backlog is a persistent concern — inou has accumulated 100+ uncommitted files all week with no action.

---

## 🚀 Major Events

### George Agent — LIVE (Mar 11 overnight)
New OpenClaw agent for vault1984 writing/content tasks.
- Discord: App ID `1480980894042030211`, username `George`
- Workspace: `/home/johan/george/`
- OC config: `accounts.george` in discord config

### Iaso Agent — LIVE (Mar 15)
New agent for inou health communication. Bridge-builder voice, evidence-based integrative medicine.
- Discord App ID: `1482680563939672124`
- Workspace: `/home/johan/iaso/`
- Named for Greek goddess of recuperation + Johan's original company name

### 192.168.1.17 — Fully Decommissioned (Mar 11)
Stopped and disabled all zombie services: openclaw-gateway (v2026.1.29), protonmail-bridge, message-center, message-bridge.
- Root cause: two conflicting gateway instances racing for IMAP cursors
- .17 is now clean — do not expect services there

### Kaseya M365 Integration — REMOVED (Mar 11)
Dead since Feb 27 (refresh token expired, client_id blocked by Kaseya IT). Johan decision: remove it entirely rather than keep hacking. All config/binaries/tokens cleaned.

### ⚠️ Security Incident: Port 9999 Python Server (Mar 12)
A `python3 -m http.server` was found running on port 9999, serving `/tmp` to `0.0.0.0` for 5+ days.
- Exposed: `clawvault-preview.db` + WAL (vault database), `chrome_import.csv`
- **Johan: "kill it, burn it, bury it and delete it. GONE!"**
- Killed, sensitive files shredded with `shred -u`
- Best guess: Mar 7 subagent doing vault1984 work spun it up to preview a file
- **Lesson reinforced:** Never leave Python servers running. Zero tolerance.

### Spacebot/Andrew — Updated to v0.3.2 (Mar 11)
Johan explicitly authorized. Running on .17:19898. Worker dispatch bug (PR #193) — check if fixed.

---

## 📦 OpenClaw & Tool Updates (Rapid Release Week)

| Date | Tool | Version |
|------|------|---------|
| Mar 9 | OpenClaw | 2026.3.7 → 2026.3.8 |
| Mar 9 | OS | Python 3.12 packages upgraded |
| Mar 9 | Claude Code | 2.1.71 → 2.1.72 |
| Mar 11 | Claude Code | 2.1.72 → 2.1.74 |
| Mar 12 | OpenClaw | 2026.3.11 "Hunter & Healer Alpha" (Gemini Embedding 2, stealth models, Go OpenCode support) |
| Mar 13 | Claude Code | 2.1.74 → 2.1.75 |
| Mar 13 | OpenClaw | 2026.3.12 |
| Mar 13 | OS | Kernel 6.8.0-106 installed (not yet booted — needs reboot) |
| Mar 14 | OpenClaw | 2026.3.13 (Live Chrome session attach — major!) |

**OC 2026.3.13 notable:** Live Chrome session attach — direct attach to real browser with all logins, no extension badge required.

**Patches note:** Each OC release may require reapplication of deleted transcript indexing patch (grep `dist/query-expansion-*.js`).

---

## 🌍 World Events (Context for Johan)

### Iran War — Ongoing Escalation
- US/Iran conflict through week, daily briefings
- Strait of Hormuz effectively blocked by Iran
- **Mar 12:** US sank 16 Iranian minelayers; Brent +4.8% → $92, WTI +4.6% → $87
- **Mar 14:** US bombed Kharg Island (Iran's #1 oil export hub), then mine storage
- **Current:** Brent ~$103/bbl. Oil shock driving market selloff. S&P at YTD low, third losing week.
- Trump building coalition with UK/Japan/France to reopen Hormuz
- Iran reportedly seeking deal

### Markets
- S&P 500 at YTD low, three straight losing weeks (oil shock)
- **SentinelOne (S):** Q4 earnings AH Mar 12 — Johan's short position is profitable. Q1 guidance soft → AH slide. Short still open.

---

## 🔧 Technical Decisions

### Go-First Discipline (Reinforced Mar 12)
- Python audit triggered by port 9999 incident
- **Johan:** "I have a very strong preference for GoLang. Python should only be temporary tools"
- Active system Python: fail2ban, unattended-upgrades (untouchable system services)
- Johan's Python: inou health-poller (legacy), mail-agent (superseded) — tolerated
- **New rule:** New services on forge = Go only. No ad-hoc Python servers, ever.

### inou SMTP Clarification (Mar 12)
- **CORRECT:** inou prod uses Proton SMTP token directly (`smtp.protonmail.ch:587`) — no bridge
- **WRONG:** The nudge subagent kept flagging "Proton Bridge not running" as a bug
- Check `smtp.env` before flagging inou SMTP issues
- Bridge has no business being on 192.168.100.2 (prod)

### Claude Usage Reset Clarification (Mar 14)
- Reset is **Thursday 10 PM ET** (Johan corrected this)
- NOT Friday, NOT midnight — Thursday evening

### vault1984 / inou Pod Architecture (Discussed Mar 10 via agentchat)
- Hans raised: run inou on each vault1984 pod?
- James analysis posted to agentchat: shared pod infra, separate binaries, vault1984 manages WebAuthn PRF, inou gets scoped token
- Key concern: inou's Claude API dependency vs air-gap model requirement
- Status: discussion, no decision yet

---

## 🧠 Corrections This Week

### New Entry: inou Prod Uses Proton SMTP Token (added Mar 12)
Already logged in corrections.md. Rule: Before flagging inou SMTP as broken, check `smtp.env` first.

### New Entry: inou is Infrastructure (added Mar 12 from nudge)
Already logged in corrections.md. inou = storage/data layer. AI is pluggable on top. Don't suggest AI features as inou improvements.

### Johan Corrections (Mar 14)
1. **Claude reset = Thursday 10 PM ET** (briefing had wrong day)
2. **Inky acquisition = stale news** — stop surfacing it in briefings

---

## 🔁 Recurring Patterns This Week

### Git Backlog — Persistent Problem
inou alone went from 70 → 82 → 101 → 161 uncommitted files over the week, with no action. Other repos (james-dashboard, clawd, dealspace) also have persistent unpushed commits.
- This is a recurring weekly issue
- **Hypothesis:** Active inou development by subagents without auto-commit discipline
- **Action needed:** Set up auto-commit after subagent inou work, or do weekly commit sweep

### OpenClaw Rapid Releases
4 OC updates in 7 days. The deleted-transcript-index patch needs reapplying after each one. Starting to create maintenance burden.
- **Mitigation idea:** Script the patch reapplication so it's one command

### X Watch Double-Fire Bug (Unresolved)
Multiple x-watch subagents fired in same window on Mar 11 (same story Telegram-sent twice). Race condition on heartbeat state write.
- Root cause: `lastIntraDayXScan` not written atomically before second spawn
- Fix needed: atomic write or lock before spawning

---

## 🚩 Stale Items in MEMORY.md

These should be removed or updated:

1. **"Dr. Madan — Call TODAY (Sunday) 2PM"** in Feb 15 section — This was from a month ago. Extremely stale. Remove "TODAY" framing.
2. **"⚠️ triage disabled during re-sync (2026-03-06)"** in Proton Bridge section — If re-sync complete, update.
3. **Health Link invoices** (#000057 $71.90 + #000058 $666.90) — Marked unpaid since Feb 23. No update in 3 weeks. Need Johan confirmation.
4. **Baycare ventilator fraud complaint** — Last mentioned Feb 14. No escalation update since.
5. **Spacebot worker dispatch bug** — Listed as "Revisiting 2026-03-03." Never revisited (v0.3.2 upgrade done but worker fix not confirmed).
6. **HostKey Amsterdam cancellation** — Johan must confirm at panel.hostkey.com. This has been open since Feb 21. Either done or needs explicit reminder.
7. **Uptime Kuma: 0 monitors** — Listed as "awaiting Johan's OK to rebuild" since Feb 19. Month+ old.
8. **myCigna** listing RDP/Xvfb setup in TOOLS.md — The ThinkPad X1 was at 192.168.0.211 but updated to 192.168.0.223. Verify current IP.

---

## ✅ To Update in MEMORY.md

- Add Recent Events section for Mar 9-15 (George, Iaso, .17 cleanup, security incident, S short, Iran war, OC 3.8-3.13)
- Update Open Items (Kaseya M365 removed → closed, .17 decommission → closed)
- Clarify Claude reset = Thursday 10 PM ET
- Note kernel 6.8.0-106 installed, reboot pending

---

## 💡 Insights

**Infrastructure decisions are compounding.** Every week we add another agent, decommission something old, and clean up one more zombie. The system is getting cleaner but the agent network is getting larger. James → Hans → Mira → George → Iaso. Five agents now. Worth having a map.

**Security is only as strong as the subagents.** The port 9999 incident happened because a subagent spun up a Python server and nobody cleaned it up. Subagents need to leave forge in a clean state — no background processes, no temp servers, no /tmp exposure. This should be in AGENTS.md as a hard rule for subagent hygiene.

**Johan's thesis: infrastructure is the moat** (from Mar 13 notes). vault1984 + inou = data layer bets. Models come and go, data infrastructure persists. Both products are building moat pieces, not AI features.