4.7 KiB
4.7 KiB
Working Context
Updated: 2026-03-01 21:00 ET (nightly maintenance)
PRIMARY PROJECT: vault1984
Full session notes: /home/johan/dev/vault1984/docs/SESSION-2026-02-28.md
Daily notes: memory/2026-03-01.md
What it is
Password manager for humans with AI assistants. Two-tier encryption:
- L1: server key (VAULT_KEY env), AI-readable — API keys, SSH, TOTP
- L2: WebAuthn PRF client-side only (Touch ID/YubiKey/Titan Key) — card numbers, CVV, passport. Key NEVER on server.
Two repos
| Project | Location | Git | Visibility |
|---|---|---|---|
| vault1984 | ~/dev/vault1984/ |
GitHub (johanjongsma) + Zurich | MIT OSS |
| vault1984-web | ~/dev/vault1984-web/ |
Zurich only | Proprietary |
Current State (end of 2026-03-01)
- Binary:
/home/johan/dev/vault1984/vault1984 - Running:
http://192.168.1.16:1984/(systemd: vault1984.service) https://vault1984.comlive (Cloudflare → Caddy → forge)/serves the vault app UI (marketing site removed from binary)- vault1984-web at
~/dev/vault1984-web/(static HTML for now)
Architecture (DECIDED — don't re-debate)
- L1 key:
VAULT_KEYin.env— machine secret, not user password - User auth: WebAuthn only (Touch ID, Face ID, YubiKey) — no master password
- Recovery: 12-word BIP39 mnemonic, shown once at setup, give to trusted person
- Recovery flow: trusted person reads words → email OTP → both required → register new device
- No SQLite encryption — fields already AES-256-GCM encrypted
- No migrations until v1.0 — clean slate dev
- checksum INTEGER reserved in entries table (nullable, implement before release)
WebAuthn Setup Wizard (dawn-lagoon Opus agent)
dawn-lagoon was implementing the 3-step wizard. Check status before resuming. 3 steps: (1) Register device via WebAuthn, (2) Show 12 BIP39 words + confirm 3 random, (3) You're in
Pending / Next Steps
- Check dawn-lagoon agent output (WebAuthn wizard status)
- Wire VAULT_KEY to proper .env file (currently using .vault_key workaround)
- Import Johan's credentials (12,623 entries from browsers + Proton)
- Scoped MCP tokens UI
- Binary releases (GitHub Actions)
- vault1984-web: Go backend for login/registration/Stripe
Go-to-Market: Alex Finn (@AlexFinn)
- Runs 10+ OpenClaw agents 24/7 on Mac Studio swarm (3x Mac Studio + DGX Spark)
- Hook: scoped MCP tokens = exact problem he has (multi-agent credential isolation)
- Discord is his primary community
- James needs Discord account token from Johan to participate genuinely
SECONDARY PROJECT: Dealspace (muskepo.com)
Status: Live, hardened, tests passing
- Live at: https://muskepo.com (Shannon VPS — 82.24.174.112)
- Shannon VPS: root pw
gUB-C63-EN, paid till 2026-04-09 - Git:
git@zurich.inou.com:dealspace.git| Local:/home/johan/dev/dealspace - 83 tests passing, security hardened
Pending
- Invite flow (only invited users can sign up)
- GET/DELETE /api/projects/:id, DELETE /api/orgs/:id
- SMTP config (waiting on Misha's domain decision)
- First Misha demo
SECONDARY PROJECT: inou health
Status: Code reviewed, hardened
- LOINC matching bug FIXED, auth backdoor REMOVED, CORS locked
- 59 tests passing
- Full report:
/home/johan/dev/inou/docs/CODE-REVIEW-2026-02-28.md - noreply@inou.com SMTP: host=mail.inou.com port=465, user=noreply, pass=InouNoreply2026!
BLOCKED: Hans VPS / NOC Setup
- Johan approved new small Zurich VPS for Hans agent
- Hostkey API key
639551e73029b90f-c061af4412951b2eis server-scoped, can't order new VPS - Hostkey panel: https://panel.hostkey.com/controlpanel.html?key=639551e73029b90f-c061af4412951b2e
- Hans setup package ready; needs account-level API key or Johan to manually order
Pending From Johan
- Tax reminder: e-consultant taxes (triggered 09:06 today, Johan was asleep — on task board)
- James Discord account token (for vault1984 community engagement)
- Hostkey account-level API key (or manual VPS order) for Hans
Infrastructure Notes
- DocSys: Running at localhost:9201
- vault1984: Running at http://192.168.1.16:1984 (systemd)
- vault1984.com: Cloudflare → Caddy → forge (ZeroSSL cert via Caddy)
- Dealspace: Running at muskepo.com (Shannon VPS)
- Caddy (192.168.0.2): SSH direct LAN only. Log dir:
chown caddy:caddy /var/log/caddyafter reboot.
Key Credentials / Tokens
- GitHub james-vault token:
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 - Cloudflare API token:
dSVz7JZtyK023q7kh4MMNmIggK1dahWdnBxVnP3O - vault1984.com CF zone:
1c7614cd4ee5eabdc03905609024f93a - vault1984 VAULT_KEY: d153af4a1b9e58023d0ec465f2674fc29d52ea0b9ef9a0f0cbbaaee63f0117fb