# Memory — 2026-03-22 ## Johan's Working Style (05:32 AM — explicit correction) **No symlinks. No rsync pipelines. No "clever" file plumbing.** When something needs to be in two places, copy it explicitly. Simple, obvious, traceable. "That's not how I roll" — figure it out, don't ask, don't add infrastructure for file movement. ## Clavitor Project Setup (03:55–04:21 AM) ### Project Structure (decided) Single workspace on forge: `/home/johan/dev/clavitor/` ``` clavitor/ ├── docs/ # SHARED docs for both OSS and commercial ├── oss/ # PUBLIC — goes to GitHub │ ├── server/ │ ├── cli/ │ ├── extension/ │ └── mobile/ # Flutter (iOS + Android) └── commercial/ # PRIVATE — never on GitHub ├── website/ ├── admin/ ├── billing/ └── infrastructure/ ``` ### Repo strategy - **Monorepo** under `github.com/clavitor/clavitor` - OSS half goes to GitHub. Commercial stays on forge/Zurich only. - `scripts/sync-to-github.sh` will push `oss/` to GitHub - vault1984 source stays intact at `/home/johan/dev/vault1984/` as backup ### Migration status (as of 04:21 AM) - Structure created at `/home/johan/dev/clavitor/` - vault1984 files COPIED (not moved) to clavitor/oss/ and clavitor/commercial/ - Makefile updated: binary output names changed vault1984 → clavitor - Go module names / import paths: LEFT UNCHANGED (internal plumbing, no need to rename) - Claude Code subagent running (pid 1363913, session gentle-shell) to: - Finish user-facing renames (README, web UI titles, CLI help text) - Attempt compile - Report results ### Key decisions - Do NOT rename Go import paths or module names — internal plumbing, code compiles fine as-is - Only rename user-facing strings: binary names, README, tags, CLI --help text - vault1984 stays intact. clavitor is a separate copy. - No MCP integration for credential access — MCP can't hold decryption keys (L2/L3 access impossible via MCP) - Viral angle: "the vault agents can query but can't steal from" — security architecture is the feature ### Pending (still needed) - [x] Domain DNS: clavitor.ai + clavitor.com — **both in Cloudflare** (not Openprovider). A records → 82.22.36.202 (Zurich). Placeholder live. - [ ] GitHub org creation: needs token with admin:org scope — Johan action - [ ] Cloudflare Browser Rendering token: current token in cloudflare.env is invalid (401) — Johan action - [ ] Compile result from Claude Code subagent — pending - [ ] OSS sync script: scripts/sync-to-github.sh — not yet written ### Product vision - Positioning: FIPS 140-3 vault, post-quantum (CRYSTALS-Kyber / ML-KEM), credential issuance for agents - Pricing: $12/year (personal), Pro tier (AgentPass), Business, Enterprise - OSS + hosted (GitLab model): same codebase, hosted service adds infrastructure layer - Go wide after OSS: consumer → SMB → MME → MSP → Enterprise - AgentPass = feature tier inside Clavitor, not a separate product ### Fireworks Developer Pass - Model: `accounts/fireworks/routers/kimi-k2p5-turbo` - Expires: March 28 trial (then $20/week opt-in) - All agents switched to this as default model - OpenCode configured at `~/.config/opencode/opencode.json`