clawd/memory/2026-03-02.md

2026-03-02 Daily Notes

vault1984 — Late night session (00:30–01:30 ET)

Architecture decision: Two separate Go binaries

• vault1984 (/home/johan/dev/vault1984) — pure vault server binary. Runs in each AWS region. No billing, no marketing, no website.
• vault1984-web (/home/johan/dev/vault1984-web) — marketing website. Go binary serving static HTML from embed.FS. Runs on vault1984.com.
• Johan was clear: "the website will run its own Go, as we need login, billing etc etc"
• Previous session had created a mess by embedding both into the same binary.

vault1984-web: Python server killed, replaced with Go

• Was running python3 -m http.server 8099 (previous session left it). Johan: "python!? Are you kidding me?"
• Replaced with Go binary (main.go + //go:embed *.html *.svg *.css)
• Systemd service: ~/.config/systemd/user/vault1984-web.service, port 8099
• Caddy proxies vault1984.com → 8099
• Committed to git@zurich.inou.com:vault1984-web.git

hosted.html — Global infrastructure map

• Lives in vault1984-web/, served at vault1984.com/hosted.html
• Shows all 31 real AWS commercial regions on animated world map SVG
• Zürich highlighted in gold as HQ node
• Bug fixed: Beijing removed — cn-north-1 is China partition (separate AWS account, Sinnet-operated). NOT a commercial region.
• Added: mx-central-1 (Mexico City, 2023) and ap-southeast-5 (Malaysia/KL, 2024) — both real commercial regions
• The detailed world map SVG lives in the original vault1984-web/hosted.html — do NOT replace with simplified blob paths

vault1984 binary — partial mess still present

• Previous session added cmd/vault1984/website/ (copy of marketing HTML) and updated routes.go to serve both
• This needs to be reverted — vault1984 should be pure vault server, no marketing HTML
• TODO: revert routes.go and main.go changes, delete cmd/vault1984/website/

AWS region knowledge

• 31 commercial regions as of early 2026 (not 30)
• China regions (cn-north-1 Beijing, cn-northwest-1 Ningxia) are a SEPARATE partition — not deployable with normal AWS account
• GovCloud regions also excluded from vault1984 deployment
• Newest regions: mx-central-1 (Mexico, 2023), ap-southeast-5 (Malaysia, 2024)
• GCP ARM doesn't go below t2a-standard-1 (1 vCPU, 4GB RAM) — AWS Graviton unique in offering ARM at nano size (0.5GB)

vault1984-web map work (01:30–02:20 ET)

Two hosted.html files — don't confuse them

• vault1984-web/hosted.html — what vault1984.com actually serves (via port 8099). Old "Hostkey" era text. Has worldmap.svg. THIS is the file we edit.
• vault1984/website/hosted.html and vault1984/cmd/vault1984/website/hosted.html — dead copies with "Everywhere you are" / "30 AWS regions" text. NOT served. Ignore them.
• Earlier screenshots showed the cached "30 AWS regions" version from the headless browser — that was stale cache, not live content.

worldmap.svg architecture

• Geography SVG paths (133KB) extracted to /home/johan/dev/vault1984-web/worldmap.svg
• Loaded via <image href="/worldmap.svg" x="0" y="0" width="1000" height="460"/> inside the SVG element
• Dots (circles) remain inline in hosted.html
• fetch+DOMParser+importNode approach failed in real Chrome — <image href> works everywhere

Final region selection (21 regions, Johan-approved)

Removed from initial 31: Ohio, Oregon, Calgary, Ireland, Milan, Bahrain, Hyderabad, Melbourne, Osaka, Tokyo Kept:

• Americas: Virginia, N.California, Montreal, Mexico City, São Paulo
• Europe: London, Paris, Frankfurt, Zürich (HQ/gold), Spain, Stockholm
• Middle East/Africa: UAE, Tel Aviv, Cape Town
• Asia Pacific: Mumbai, Singapore, Jakarta, Malaysia, Sydney, Seoul, Hong Kong

Miller projection function (for future dot placement)

const W=1000, H=460;
function project(lon, lat) {
    const latR = Math.min(Math.abs(lat),85)*Math.PI/180*(lat<0?-1:1);
    const miller = 1.25*Math.log(Math.tan(Math.PI/4+0.4*latR));
    const maxMiller = 1.25*Math.log(Math.tan(Math.PI/4+0.4*80*Math.PI/180));
    return [(lon+180)/360*W, H/2-(miller/(2*maxMiller))*H];
}

Zürich verification: project(8.5, 47.4) → (523.6, 117.6) ✓

Dot format (SVG circles with staggered animation)

Each region = 3 circle elements: 2 pulse rings (fill=none) + 1 solid dot HQ (Zürich) = 4 elements: 3 circles + inner black dot Colors: green #22C55E for regions, gold #D4AF37 for HQ

Hostkey VPS — "Hans" (03:56 ET)

• Provider: Hostkey
• Location: Switzerland (Zürich region)
• Purpose: vault1984 Istanbul node (Turkey VPS via Hostkey, who confirmed they have Istanbul)
• Name: Hans
• IP: 185.218.204.47
• Hostname: vault1984 NOC (Hostkey label)
• Root password: ThIsNeEdStOcHaNgE0--
• Specs: vm.mini — 4 vCPU / 6GB RAM / 120GB SSD, €3.90/mo
• OS: Ubuntu 24.04
• Note: Johan is ordering this live right now. Change the password first thing after provisioning.

vault1984 Styleguide (04:14 ET)

• vault1984.css is the single global stylesheet for ALL vault1984 web surfaces (marketing + app)
• Live at: https://vault1984.com/styleguide.html
• Source: /home/johan/dev/vault1984-web/vault1984.css
• Rules: one stylesheet, one width (--width:1280px via .container), one padding (--pad:2rem), CSS variables for everything, one rule per class
• Applicable to vault1984 app UI too — copy/symlink vault1984.css into vault1984/web/

vault1984 — Beyond Passwords (04:44 ET)

Key insight: vault1984 is not a password manager with notes. It's a structured knowledge store for human+AI collaboration.

• Sealed fields = human-only (physical presence required): passwords, private notes, secrets
• Agent fields = AI-accessible (scoped tokens): anything James/Claude needs to read or act on

Concrete uses:

• James's working memory (project plans, rollout strategies, context)
• Shared reference data (infra details, credentials James needs)
• Any structured note an AI agent should be able to retrieve
• Not limited to passwords — limited only by what you want sealed vs agent-accessible

Positioning implication: Proton Pass = secure notes for humans. vault1984 = knowledge store for human+AI teams. This is a real differentiator — needs to surface in marketing copy.

vault1984 — Storage & Pricing Implications (04:45 ET)

• Expanding to arbitrary attachments (passport scans, MRIs, tax docs) makes storage a real cost
• Current: $12/yr flat — works for passwords, breaks for files
• Needs: base storage allowance (e.g. 100MB) + tiered overage, OR storage-based tiers
• DICOM files alone can be 50MB+ — one power user could cost more than their subscription
• Decision pending: pricing model redesign before launching file attachments

vault1984 — Text-only, Markdown default (04:47 ET)

• No attachment/image support — ever. Text only.
• Default format: Markdown
• Passport number etc = just type it in. No OCR, no uploads.

vault1984 — The Memory/Encryption Tradeoff (04:48 ET)

• Sealed = private = AI-blind. Good for passwords. Useless as AI memory.
• Agent = AI-readable = scoped token access. Required for AI memory use case.
• This is a conscious design tradeoff, not a flaw — user chooses per-field.
• "James's memory in vault1984" = agent fields by definition.

vault1984 — Search Problem (04:48 ET)

• Encrypted fields = ciphertext in SQLite = LIKE queries useless
• Agent fields: server holds key → can decrypt-then-search server-side (acceptable, server already has access)
• Sealed fields: server never has key → search impossible without client-side decrypt-all (doesn't scale)
• Options: (1) server-side decrypt+search for agent fields, (2) vector embeddings, (3) unencrypted tags + encrypted body
• Decision pending before building search

vault1984 — Search Architecture Decision (04:51 ET)

• Decrypt-all-to-search = rejected (memory footprint, plaintext exposure)
• Decision: vector embeddings at write time
  • On save: generate embedding of plaintext → store unencrypted alongside ciphertext
  • On search: query embeddings (no decryption) → get record IDs → decrypt only matches
  • Cost: one embedding per write (cheap). Search: fast, minimal memory, no bulk decrypt
• Sealed fields = unsearchable by design. User knows where they put it.
• Agent fields = searchable via embeddings

Hans — OpenClaw + Discord Comms Channel (05:03 ET)

Task queued for sleeping block

Goal

Set up a James↔Hans communication channel so I can send deploy commands and Hans reports back.

Stack

• Discord server: private, owned by us — create it
• Hans: OpenClaw instance, bot connected to Discord
• Model: MiniMax M2.5 via Fireworks (accounts/fireworks/models/minimax-m2p5)
• Fireworks key: fw_RVcDe4c6mN4utKLsgA7hTm
• No Anthropic tokens on Hans — Fireworks only

Hans's job description

• Receive deploy commands from James via Discord
• Execute them (pull new version, restart service)
• Report back status
• Simple, focused — not a general assistant

Steps

1. Create private Discord server
2. Create Discord bot for Hans
3. Install OpenClaw on Hans (185.218.204.47)
4. Configure with Fireworks M2.5, Discord bot token
5. Test: James sends message → Hans executes → Hans replies

@vault1984 on X — Available (05:19 ET)

• Handle @vault1984 does NOT exist — available for registration
• Only references: 2017 WikiLeaks/CIA hashtag use, 2016 @music_vault1984 (also gone)
• Action needed: Johan registers @vault1984 at x.com when ready