johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/working-context.md

82 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Working Context
*Updated: 2026-02-28 21:00 ET (nightly maintenance)*
## PRIMARY PROJECT: Vault1984
**Full session notes:** `/home/johan/dev/vault1984/docs/SESSION-2026-02-28.md`
### What it is
Password manager for humans with AI assistants. Two-tier encryption:
- L1: server key (VAULT_KEY env), AI-readable — API keys, SSH, TOTP
- L2: WebAuthn PRF client-side only (Touch ID/YubiKey/Titan Key) — card numbers, CVV, passport. Key NEVER on server.
### Status: Day 1 complete, Day 2 pending
- Binary: `/home/johan/dev/vault1984/vault1984`
- Running: `http://192.168.1.16:1984` (port = Orwell, intentional)
- Git: `git@zurich.inou.com:vault1984.git`
- 3 bugs found and fixed by test suite
### Day 2 TODO
1. WebAuthn PRF (client-side L2 key derivation)
2. L2 client-side encrypt/decrypt in browser
3. Scoped MCP tokens (per-agent credential scoping — KEY FEATURE)
4. Extension autofill (LLM field mapping)
5. Caddy proxy + systemd service
6. Import Johan's actual 12,623 entries
### Go-to-Market: Alex Finn (@AlexFinn)
- Runs 10+ OpenClaw agents 24/7 on Mac Studio swarm (3x Mac Studio + DGX Spark)
- Discord is his primary community — subagent was hunting for his server
- James needs Discord account token from Johan to participate genuinely
- Hook: scoped MCP tokens = exact problem he has (multi-agent credential isolation)
- Content strategy: let his bots surface the content, don't @ tag him
### Pending items
- [ ] AlexFinn Discord server — did subagent find it?
- [ ] James Discord account token — ask Johan
- [ ] Import 12,623 entries into Vault1984
- [ ] Vault1984 Day 2 (WebAuthn PRF, scoped tokens, Caddy, systemd)
---
## SECONDARY PROJECT: Dealspace (muskepo.com)
### Status: Live, hardened, tests passing
- Live at: https://muskepo.com (Shannon VPS — 82.24.174.112)
- Shannon VPS: root pw `gUB-C63-EN`, paid till 2026-04-09
- Git: `git@zurich.inou.com:dealspace.git` | Local: `/home/johan/dev/dealspace`
- 83 tests passing, security hardened (timing attacks fixed, CORS locked, security headers)
- Smoke test: 14/14 PASS (`scripts/smoke-test.sh`)
### Pending
- [ ] Invite flow (only invited users can sign up — not yet built)
- [ ] GET/DELETE /api/projects/:id, DELETE /api/orgs/:id (documented, missing)
- [ ] SMTP config (waiting on Misha's domain decision)
- [ ] First Misha demo — muskepo.com is placeholder name, Misha hasn't confirmed
---
## SECONDARY PROJECT: inou health
### Status: Code reviewed, hardened
- LOINC matching bug FIXED (normalize.go)
- Auth backdoor REMOVED (code 250365 gone from dbcore.go)
- CORS locked to allowlist
- 59 tests written and passing
- Full report: `/home/johan/dev/inou/docs/CODE-REVIEW-2026-02-28.md`
---
## Abandoned
- **Azure Backup project** — abandoned, local at `azure-backup-abandoned-20260228`, remote deleted from Zurich
## World Events Noted
- US Operation Epic Fury (Iran strikes) — 2026-02-28 ~15:41 ET
- OpenAI × DoD classified AI agreement signed
- Taalas/ChatJimmy (chatjimmy.ai) — HC1 silicon Llama 3.1 8B, 17,000 tok/s, $30M spent
## Infrastructure
- **DocSys**: Running at localhost:9201
- **Vault1984**: Running at http://192.168.1.16:1984
- **Dealspace**: Running at muskepo.com (Shannon VPS)
Reference in New Issue View Git Blame Copy Permalink