# Working Context *Updated: 2026-03-02 21:00 ET (nightly maintenance)* ## PRIMARY PROJECT: vault1984 **Full session notes:** `memory/2026-03-02.md` ### What it is Password manager / structured knowledge store for humans + AI agents. Two-tier encryption: - **Agent fields:** server-side key (`VAULT_KEY`), AI-accessible via scoped MCP tokens - **Sealed fields:** WebAuthn PRF client-side only (Touch ID/YubiKey) — key NEVER on server ### Two repos | Project | Location | Git | Visibility | |---------|----------|-----|------------| | vault1984 | `~/dev/vault1984/` | GitHub (johanjongsma) + Zurich | MIT OSS | | vault1984-web | `~/dev/vault1984-web/` | Zurich only | Proprietary | ### Current State (end of 2026-03-02) - Binary: `/home/johan/dev/vault1984/vault1984` - Running: `http://192.168.1.16:1984/` (systemd: vault1984.service) - `https://vault1984.com` live (Cloudflare → Caddy → forge) - vault1984-web: Go binary on port 8099 (systemd: vault1984-web.service) - CSS: vault1984.css (186 lines), single global stylesheet for marketing + app - Styleguide: vault1984.com/styleguide.html ✅ ### Architecture Decisions (LOCKED) - **L1 key:** `VAULT_KEY` in `.env` — machine secret, not user password - **User auth:** WebAuthn only (Touch ID, Face ID, YubiKey) — no master password - **Recovery:** 12-word BIP39 mnemonic, shown once at setup - **No SQLite encryption** — fields already AES-256-GCM encrypted - **Text only, Markdown default** — no attachments, no images ever - **Search:** tags + exact match for v1. Vector embeddings later. - **Pricing:** $12/year (annual only). 7-day money-back. No free trial. ### TODO / Pending - [ ] vault1984 binary still has dead website copy in `cmd/vault1984/website/` — needs cleanup (revert routes.go/main.go) - [ ] Wire VAULT_KEY to proper .env file - [ ] Import Johan's credentials (12,623 entries from browsers + Proton) - [ ] WebAuthn setup wizard (3-step): check if dawn-lagoon completed this - [ ] Scoped MCP tokens UI - [ ] Binary releases (GitHub Actions) - [ ] @vault1984 X account — Johan registered it today. Needs profile image + header set. - [ ] vault1984-web Go backend (login/billing/Stripe) ### Brand Identity - Background: `#0A1628` | Accent: `#22C55E` (green) | Font: JetBrains Mono ExtraBold / Inter - Profile pic: "1984" in green on dark background - Tagline: **"1984 had no secrets. You should."** - X: @vault1984 (registered by Johan today) ### vault1984.com Email - `social@vault1984.com` → Stalwart on Zurich → catch-all → Johan's account - MX, SPF, DKIM, DMARC all configured in Cloudflare ✅ --- ## Hans Server (vault1984 NOC node) - **IP:** 185.218.204.47 | DNS: `noc.vault1984.com` - **Specs:** vm.mini — 4 vCPU / 6GB RAM / 120GB SSD (Hostkey), €3.90/mo - **OS:** Ubuntu 24.04 - **OpenClaw:** 2026.3.1 installed, Fireworks MiniMax M2.5 configured - **Root password:** ThIsNeEdStOcHaNgE0-- (CHANGE THIS — not yet done) - **Johan user:** SSH key auth, sudo - **UFW:** 22/80/443, fail2ban active - **Pending:** - [ ] Discord bot creation (needs Johan's Chrome tab on discord.com/developers) - [ ] Hans↔James comms channel via Discord (bot runs on Zurich, not Hans) - [ ] Deploy vault1984 binary to Hans --- ## SECONDARY PROJECT: inou health - **Status:** Code hardened, 59 tests passing - **inou prod:** `192.168.100.2:1080`, binary `./bin/portal` - **Caddy:** `inou.com` → prod, `dev.inou.com` → staging (192.168.1.253:1080) - **SMTP broken:** Proton Bridge not running on 192.168.100.2 — login emails can't send - **Backdoor OTP:** `250365` (intentional dev convenience) - **MCP:** `https://inou.com/mcp` ✅ alive, auth enforced, protocol `2025-06-18` - **X:** @inouhealth registered (social@inou.com, password !!Helder06) - **Anastasia:** Real patient dossier (ID: 4aa59a4c2a8e4077) — treat with same care as Sophia --- ## SECONDARY PROJECT: Dealspace (muskepo.com) - **Status:** Live and hardened, 83 tests passing - **Shannon VPS:** 82.24.174.112, paid till 2026-04-09 - **Git:** `git@zurich.inou.com:dealspace.git` - **Pending:** - [ ] Invite flow - [ ] SMTP config (waiting on Misha's domain decision) - [ ] First Misha demo --- ## Pending From Johan - [ ] **Discord bot** for Hans — needs Johan's Chrome tab on discord.com/developers - [ ] **@vault1984 X setup** — profile picture and header image still need to be set - [ ] **@johanjongsma X** — heavily right-wing follows visible; personal decision but worth noting - [ ] **inou SMTP fix** — Proton Bridge not running on prod server; login broken - [ ] **James Discord account token** — for vault1984 community engagement - [ ] **Hans root password change** — still default ThIsNeEdStOcHaNgE0-- --- ## Infrastructure Notes - **DocSys:** Running at localhost:9201 - **vault1984:** Running at http://192.168.1.16:1984 (systemd) - **vault1984.com:** Cloudflare → Caddy → forge (ZeroSSL via Caddy) - **vault1984-web:** port 8099, serving marketing site - **inou.com:** Caddy → 192.168.100.2:1080 - **Dealspace:** muskepo.com (Shannon VPS) - **Caddy (192.168.0.2):** SSH direct LAN only. Log dir: `chown caddy:caddy /var/log/caddy` after reboot. ## Key Credentials - GitHub james-vault token: `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` - Cloudflare API token: `dSVz7JZtyK023q7kh4MMNmIggK1dahWdnBxVnP3O` - vault1984.com CF zone: `1c7614cd4ee5eabdc03905609024f93a` - vault1984 VAULT_KEY: d153af4a1b9e58023d0ec465f2674fc29d52ea0b9ef9a0f0cbbaaee63f0117fb - social@vault1984.com password: SocialVault2026! - Fireworks API key: `fw_RVcDe4c6mN4utKLsgA7hTm` - Hans root pw: ThIsNeEdStOcHaNgE0-- (CHANGE)