21 KiB

Raw Permalink Blame History

2026-03-02 Daily Notes

vault1984 — Late night session (00:30–01:30 ET)

Architecture decision: Two separate Go binaries

vault1984 (/home/johan/dev/vault1984) — pure vault server binary. Runs in each AWS region. No billing, no marketing, no website.
vault1984-web (/home/johan/dev/vault1984-web) — marketing website. Go binary serving static HTML from embed.FS. Runs on vault1984.com.
Johan was clear: "the website will run its own Go, as we need login, billing etc etc"
Previous session had created a mess by embedding both into the same binary.

vault1984-web: Python server killed, replaced with Go

Was running python3 -m http.server 8099 (previous session left it). Johan: "python!? Are you kidding me?"
Replaced with Go binary (main.go + //go:embed *.html *.svg *.css)
Systemd service: ~/.config/systemd/user/vault1984-web.service, port 8099
Caddy proxies vault1984.com → 8099
Committed to git@zurich.inou.com:vault1984-web.git

hosted.html — Global infrastructure map

Lives in vault1984-web/, served at vault1984.com/hosted.html
Shows all 31 real AWS commercial regions on animated world map SVG
Zürich highlighted in gold as HQ node
Bug fixed: Beijing removed — cn-north-1 is China partition (separate AWS account, Sinnet-operated). NOT a commercial region.
Added: mx-central-1 (Mexico City, 2023) and ap-southeast-5 (Malaysia/KL, 2024) — both real commercial regions
The detailed world map SVG lives in the original vault1984-web/hosted.html — do NOT replace with simplified blob paths

vault1984 binary — partial mess still present

Previous session added cmd/vault1984/website/ (copy of marketing HTML) and updated routes.go to serve both
This needs to be reverted — vault1984 should be pure vault server, no marketing HTML
TODO: revert routes.go and main.go changes, delete cmd/vault1984/website/

AWS region knowledge

31 commercial regions as of early 2026 (not 30)
China regions (cn-north-1 Beijing, cn-northwest-1 Ningxia) are a SEPARATE partition — not deployable with normal AWS account
GovCloud regions also excluded from vault1984 deployment
Newest regions: mx-central-1 (Mexico, 2023), ap-southeast-5 (Malaysia, 2024)
GCP ARM doesn't go below t2a-standard-1 (1 vCPU, 4GB RAM) — AWS Graviton unique in offering ARM at nano size (0.5GB)

vault1984-web map work (01:30–02:20 ET)

Two hosted.html files — don't confuse them

vault1984-web/hosted.html — what vault1984.com actually serves (via port 8099). Old "Hostkey" era text. Has worldmap.svg. THIS is the file we edit.
vault1984/website/hosted.html and vault1984/cmd/vault1984/website/hosted.html — dead copies with "Everywhere you are" / "30 AWS regions" text. NOT served. Ignore them.
Earlier screenshots showed the cached "30 AWS regions" version from the headless browser — that was stale cache, not live content.

worldmap.svg architecture

Geography SVG paths (133KB) extracted to /home/johan/dev/vault1984-web/worldmap.svg
Loaded via <image href="/worldmap.svg" x="0" y="0" width="1000" height="460"/> inside the SVG element
Dots (circles) remain inline in hosted.html
fetch+DOMParser+importNode approach failed in real Chrome — <image href> works everywhere

Final region selection (21 regions, Johan-approved)

Removed from initial 31: Ohio, Oregon, Calgary, Ireland, Milan, Bahrain, Hyderabad, Melbourne, Osaka, Tokyo Kept:

Americas: Virginia, N.California, Montreal, Mexico City, São Paulo
Europe: London, Paris, Frankfurt, Zürich (HQ/gold), Spain, Stockholm
Middle East/Africa: UAE, Tel Aviv, Cape Town
Asia Pacific: Mumbai, Singapore, Jakarta, Malaysia, Sydney, Seoul, Hong Kong

Miller projection function (for future dot placement)

const W=1000, H=460;
function project(lon, lat) {
    const latR = Math.min(Math.abs(lat),85)*Math.PI/180*(lat<0?-1:1);
    const miller = 1.25*Math.log(Math.tan(Math.PI/4+0.4*latR));
    const maxMiller = 1.25*Math.log(Math.tan(Math.PI/4+0.4*80*Math.PI/180));
    return [(lon+180)/360*W, H/2-(miller/(2*maxMiller))*H];
}

Zürich verification: project(8.5, 47.4) → (523.6, 117.6) ✓

Dot format (SVG circles with staggered animation)

Each region = 3 circle elements: 2 pulse rings (fill=none) + 1 solid dot HQ (Zürich) = 4 elements: 3 circles + inner black dot Colors: green #22C55E for regions, gold #D4AF37 for HQ

Hostkey VPS — "Hans" (03:56 ET)

Provider: Hostkey
Location: Switzerland (Zürich region)
Purpose: vault1984 Istanbul node (Turkey VPS via Hostkey, who confirmed they have Istanbul)
Name: Hans
IP: 185.218.204.47
Hostname: vault1984 NOC (Hostkey label)
Root password: ThIsNeEdStOcHaNgE0--
Specs: vm.mini — 4 vCPU / 6GB RAM / 120GB SSD, €3.90/mo
OS: Ubuntu 24.04
Note: Johan is ordering this live right now. Change the password first thing after provisioning.

vault1984 Styleguide (04:14 ET)

vault1984.css is the single global stylesheet for ALL vault1984 web surfaces (marketing + app)
Live at: https://vault1984.com/styleguide.html
Source: /home/johan/dev/vault1984-web/vault1984.css
Rules: one stylesheet, one width (--width:1280px via .container), one padding (--pad:2rem), CSS variables for everything, one rule per class
Applicable to vault1984 app UI too — copy/symlink vault1984.css into vault1984/web/

vault1984 — Beyond Passwords (04:44 ET)

Key insight: vault1984 is not a password manager with notes. It's a structured knowledge store for human+AI collaboration.

Sealed fields = human-only (physical presence required): passwords, private notes, secrets
Agent fields = AI-accessible (scoped tokens): anything James/Claude needs to read or act on

Concrete uses:

James's working memory (project plans, rollout strategies, context)
Shared reference data (infra details, credentials James needs)
Any structured note an AI agent should be able to retrieve
Not limited to passwords — limited only by what you want sealed vs agent-accessible

Positioning implication: Proton Pass = secure notes for humans. vault1984 = knowledge store for human+AI teams. This is a real differentiator — needs to surface in marketing copy.

vault1984 — Storage & Pricing Implications (04:45 ET)

Expanding to arbitrary attachments (passport scans, MRIs, tax docs) makes storage a real cost
Current: $12/yr flat — works for passwords, breaks for files
Needs: base storage allowance (e.g. 100MB) + tiered overage, OR storage-based tiers
DICOM files alone can be 50MB+ — one power user could cost more than their subscription
Decision pending: pricing model redesign before launching file attachments

vault1984 — Text-only, Markdown default (04:47 ET)

No attachment/image support — ever. Text only.
Default format: Markdown
Passport number etc = just type it in. No OCR, no uploads.

vault1984 — The Memory/Encryption Tradeoff (04:48 ET)

Sealed = private = AI-blind. Good for passwords. Useless as AI memory.
Agent = AI-readable = scoped token access. Required for AI memory use case.
This is a conscious design tradeoff, not a flaw — user chooses per-field.
"James's memory in vault1984" = agent fields by definition.

vault1984 — Search Problem (04:48 ET)

Encrypted fields = ciphertext in SQLite = LIKE queries useless
Agent fields: server holds key → can decrypt-then-search server-side (acceptable, server already has access)
Sealed fields: server never has key → search impossible without client-side decrypt-all (doesn't scale)
Options: (1) server-side decrypt+search for agent fields, (2) vector embeddings, (3) unencrypted tags + encrypted body
Decision pending before building search

vault1984 — Search Architecture Decision (04:51 ET)

Decrypt-all-to-search = rejected (memory footprint, plaintext exposure)
Decision: vector embeddings at write time
- On save: generate embedding of plaintext → store unencrypted alongside ciphertext
- On search: query embeddings (no decryption) → get record IDs → decrypt only matches
- Cost: one embedding per write (cheap). Search: fast, minimal memory, no bulk decrypt
Sealed fields = unsearchable by design. User knows where they put it.
Agent fields = searchable via embeddings

Hans — OpenClaw + Discord Comms Channel (05:03 ET)

Task queued for sleeping block

Goal

Set up a James↔Hans communication channel so I can send deploy commands and Hans reports back.

Stack

Discord server: private, owned by us — create it
Hans: OpenClaw instance, bot connected to Discord
Model: MiniMax M2.5 via Fireworks (accounts/fireworks/models/minimax-m2p5)
Fireworks key: fw_RVcDe4c6mN4utKLsgA7hTm
No Anthropic tokens on Hans — Fireworks only

Hans's job description

Receive deploy commands from James via Discord
Execute them (pull new version, restart service)
Report back status
Simple, focused — not a general assistant

Steps

Create private Discord server
Create Discord bot for Hans
Install OpenClaw on Hans (185.218.204.47)
Configure with Fireworks M2.5, Discord bot token
Test: James sends message → Hans executes → Hans replies

@vault1984 on X — Available (05:19 ET)

Handle @vault1984 does NOT exist — available for registration
Only references: 2017 WikiLeaks/CIA hashtag use, 2016 @music_vault1984 (also gone)
Action needed: Johan registers @vault1984 at x.com when ready

Morning Status (07:03 ET)

css-agent: Session gone, no new commits — did NOT complete. Needs respawn when Johan wakes.
hans-openclaw: ✅ Done — OpenClaw 2026.3.1 installed on Hans, Fireworks M2.5 configured
x-vault1984-research: Subagent completed but result not captured — check manually
Discord bot: Still pending Johan's Chrome tab (discord.com/developers)
Hans password auth: Still on — Johan confirmed key works but didn't explicitly say to lock down yet

Styleguide Applied — All Pages (08:01–09:12 ET, while Johan slept)

Tailwind fully removed from all 8 pages — zero references remaining
vault1984.css extended to 186 lines: added code-block, feature-icon, checklist, footer, prose, badge, price-card, gradient-text, pulse animations, nav, scroll
All pages use standard nav + footer + .container — consistent
index.html: full rewrite preserving hero/swarm SVGs and geo JS
pricing.html: updated with correct pricing ($12/yr, 7-day refund, no free trial)
install.html: clean step layout
privacy.html / terms.html: updated to say Sealed/Agent (not L1/L2)
Commit: cf7763f — pushed to zurich

Hans Server — Current Status (as of 09:12 ET)

IP: 185.218.204.47 | DNS: noc.vault1984.com
User: johan (sudo, SSH key auth)
Root password: ThIsNeEdStOcHaNgE0-- (change after confirmed not needed)
UFW: 22/80/443 only, fail2ban active
OpenClaw: v2026.3.1 installed
Model: Fireworks MiniMax M2.5 (accounts/fireworks/models/minimax-m2p5)
Fireworks key: fw_RVcDe4c6mN4utKLsgA7hTm
Discord bot: NOT yet created — needs Johan's Chrome tab attached to discord.com/developers
Cloudflare DNS: noc.vault1984.com → 185.218.204.47 (zone 1c7614cd4ee5eabdc03905609024f93a)

vault1984 Product Decisions (04:44–05:04 ET session)

Text only, Markdown default — no attachments, no images, no OCR
Scope: Not just passwords — structured knowledge store for human+AI. Agent fields = AI memory
Search: Encrypted fields can't use LIKE. Decode-all rejected (memory). Decision: tags + exact match for v1. Embeddings later when revenue justifies it.
Pricing FINAL: $12/year (annual only, no monthly). $1/month effective — nobody can undercut without going free. 7-day money-back, no questions, instant refund.
No free trial — money-back guarantee is stronger signal
Competitor: 1Password at $2.99/month ($36/yr). vault1984 at $12/yr — permanently cheaper, they can't follow
Hans↔James comms: Discord server (bot runs ON ZURICH, not Hans). Hans OpenClaw connects to it. Pending Discord bot creation.
Greg Isenberg tweet (2.5k likes): "agent-native memory" — validates vault1984 thesis exactly

vault1984-web CSS Architecture (locked)

vault1984.css = single global stylesheet for marketing site AND app UI
--width: 1280px (one width, everywhere, via .container)
--pad: 2rem (one padding)
Card colors: rgba tint + colored border (same pattern as buttons)
--bg: #0d1520, card default: rgba(100,140,200,0.12)
Styleguide live: vault1984.com/styleguide.html

@vault1984 on X: exists but dormant/empty — likely squatter
@music_vault1984: different account (music archiving), irrelevant
Action needed: register handles on all major platforms before launch creates demand
Priority platforms: X, GitHub (already johanjongsma/vault1984), LinkedIn, Reddit, HackerNews, ProductHunt
Secondary: YouTube, Instagram
If squatted: trademark/brand claim process once vault1984.com is established
Tool: Namecheckr.com to scan 50+ platforms at once
Johan asked about checking availability — pending action

vault1984 X Account / Checkmark Question (09:30 ET)

@vault1984 may actually be available on X (earlier check was inconclusive)
Johan's question: how to get verified checkmark NOT linked to his personal identity
Answer needed: X offers "Verified Organizations" (gold checkmark) — requires org/business, not personal account
- Option 1: Register @vault1984 as personal account, upgrade to X Premium ($8/mo) → blue checkmark (tied to account, not Johan personally)
- Option 2: X Verified Organizations (gold ✓) — requires business entity, EIN/registration, $200/mo — completely separate from personal
- Option 3: Register account now (lock the handle), don't worry about checkmark until launch
Johan's concern: doesn't want checkmark tied to him personally — suggests using vault1984 as a business entity account
Pending action: register @vault1984 handle on X

Goal: handles owned by business entity, not Johan personally
Solution: US LLC (Delaware, ~$90, Stripe Atlas) — vault1984 LLC owns the accounts
Immediate action (no LLC needed yet): create social@vault1984.com, register all handles with that email
Stalwart can handle the vault1984.com email — just needs a mailbox created
Facebook: Business Page (not tied to personal profile)
Discord: server created with social@vault1984.com
X: account registered with social@vault1984.com, upgrade to Verified Org when LLC is formed
LLC formation: can happen retroactively — handles registered now, legal entity tied later
Johan is registering handles himself (needs to be logged in)

vault1984 Legal Structure (10:05 ET)

vault1984 is a brand/product under inou LLC — not a separate entity
No new LLC needed
inou LLC is the legal owner of vault1984 handles and IP
X Verified Organization: apply as inou LLC with vault1984 as product/affiliated account
Open question: is inou LLC already registered? Johan hasn't confirmed yet

inou LLC — Confirmed (10:07 ET)

inou LLC is fully registered in Florida ✅
vault1984 is a brand/product under inou LLC — no separate entity needed
X Verified Organization: apply as inou LLC, vault1984 = affiliated product account
social@vault1984.com — to be created on Stalwart for handle registrations
Johan registering handles himself; asked if I should create the email first

social@vault1984.com — Setup In Progress (10:17 ET)

Johan wants social@vault1984.com to forward/land in johan@jongsma.me
Stalwart on Zurich needs vault1984.com added as a domain first
Stalwart API returning 404 on domain creation — need to check correct API endpoint
vault1984.com DNS: Cloudflare (zone 1c7614cd4ee5eabdc03905609024f93a)
Need MX records on vault1984.com pointing to Zurich (mail.jongsma.me / 82.22.36.202)
Also asked about @inou handle — needs research

Afternoon session (cont.) — vault1984 brand + X setup

vault1984.com email — COMPLETE

Stalwart domain registered (id 36) ✅
social@vault1984.com account: social-vault1984, password SocialVault2026!, user role added
@vault1984.com catch-all → Johan's account (accountId 22) ✅
DNS on Cloudflare (zone 1c7614cd4ee5eabdc03905609024f93a):
- MX → mail.jongsma.me ✅
- SPF: v=spf1 mx include:jongsma.me ~all ✅
- DMARC: p=quarantine, reports → dmarc@vault1984.com ✅
- DKIM: Ed25519, selector stalwart, public key 9l9R7jmxqfiFYUxTdkrga+DYqfJQQY0jl9YwpEnd5wk= ✅
Fixed pre-existing Stalwart bug: duplicate spam-filter.bayes.enable in config.toml (was crashing on restart)
DKIM config added to config.toml (not DB — Stalwart settings API POST format never resolved)

Hans server (185.218.204.47)

OpenClaw 2026.3.1 installed
Fireworks M2.5 configured as default model
noc.vault1984.com → 185.218.204.47 in Cloudflare DNS

X / Twitter — @vault1984

Handle confirmed FREE (headless browser: "This account doesn't exist")
Johan registered fresh account (NOT renaming @johanjongsma — wrong optics for 1-week-old product)
Used personal email for signup (social@vault1984.com had mail delivery issues during signup)
Key decisions:
- No $1000/month gold org checkmark — not worth it at this stage
- Tagline chosen: "1984 had no secrets. You should."
- Rejected Animal Farm pun — different book, looks uneducated
- Logo: "1984" in green (#22C55E) on dark (#0A1628), JetBrains Mono ExtraBold
- Header: world map (worldmap.svg from vault1984-web) + "vault1984" + tagline

vault1984 brand identity

Background: #0A1628 (per styleguide — slightly different from CSS #0d1520)
Accent green: #22C55E
Font: JetBrains Mono ExtraBold (profile/logo), Inter (body)
Logo pattern: vault in white/muted, 1984 in green — per .vaultname .n CSS class
Profile pic (400×400): just "1984" centered in green
Header (1500×500): world map bg, "vault / 1984" + tagline
Assets generated via HTML+headless browser screenshot (PIL approach was ugly)
JetBrains Mono ExtraBold installed to ~/.local/share/fonts/

vault1984 brand under inou LLC

inou LLC registered in Florida (fully registered)
vault1984 is a brand/product under inou LLC — no separate LLC needed
Social accounts use social@vault1984.com email (owned by inou LLC)

OpenClaw 2026.3.1 update (forge)

Updated this morning (9AM ET via daily-updates.timer)
Deleted transcript indexing patch reapplied ✅
Gateway restarted ✅
Claude usage: 66% weekly at ~36% of week elapsed (pace ~183%) — ntfy alert sent

@johanjongsma X account

Joined March 2009 (17 years old), blue checkmark, 151 followers, 89 posts
Last post 2011 (Foursquare badge unlocks) — completely dormant
Following 290 accounts — heavily right-wing (Charlie Kirk x2, Alex Jones x2, Trump cabinet, Fox hosts etc.)
Decision: keep as personal account, do NOT rename to @vault1984

inou X account registered — 4:09 PM

Handle: @inouhealth (confirmed registered)
Email used: social@inou.com (now aliased to johan@jongsma.me ✅)
Password: !!Helder06
Rejected: @inou (taken), @inoullc (no), @inou_x (no), @askinou (support vibe)
@inouhealth chosen: clear, professional, health is an asset not a limitation at this stage

inou prod — key findings (17:37)

Backdoor OTP code: 250365 (inou prod login bypass)
SMTP broken on prod: Proton Bridge not running on 192.168.100.2 → TLS handshake failure. Login emails can't be sent. Backdoor is only way in right now.
MCP smoke test: PASSED ✅ — https://inou.com/mcp alive, auth enforced, protocol 2025-06-18
inou prod binary: ./bin/portal on 192.168.100.2, port 1080, logs at /tank/inou/logs/portal.log
Caddy rewired: inou.com → 192.168.100.2:1080 (prod), dev.inou.com → 192.168.1.253:1080 (staging)

inou prod backdoor — clarification (17:39)

Backdoor 250365 is intentional — Johan re-added it deliberately
Not a security oversight, it's a dev/ops convenience feature

Anastasia — real patient in inou (17:44)

Name: Anastasia (not "Anastasiia" — correct spelling matters)
Dossier ID: 4aa59a4c2a8e4077
Real patient — Johan is helping her family, same as with Sophia
German hospital records (Universitätsklinikum Ulm), born 26.02.2020 (preemie 26 SSW)
Complex hydrocephalus case — post-hemorrhagic, aqueductal stenosis, multiple shunt surgeries, ETV Dec 2021
Active: hydrocephalus, aqueductal stenosis, epilepsy, VRE/MRSA/3MRGN colonization
Last known contact: Prof. Dr. Péraud consultation Aug 2022
Treat with same care as Sophia's data — real child, real family

21 KiB Raw Permalink Blame History Unescape Escape