clawd/memory/2026-03-12.md

Daily Notes — Thursday, March 12, 2026

Key Events

Early Morning (1–5 AM ET) — Night Shift

Git Audit (midnight)

• inou: 5 uncommitted files + 2 unpushed commits
• james-dashboard: 2 unpushed commits
• dealspace: 29 unpushed commits

OpenClaw 2026.3.11 "Hunter & Healer Alpha" Released

• Released ~2 AM ET
• Features: 2 new stealth models via OpenRouter (1M context, free tier), GPT 5.4 mid-thought bug fix, Gemini Embedding 2 for memory, OpenCode Go support
• Alerted Johan via Telegram at 3:39 AM (night shift)
• Johan was awake on night shift (Sophia monitoring)

Iran/Hormuz escalation brief (~3:39 AM)

• Sent alongside OC release alert
• SPECTER + KC-135 operations in theatre

Morning (9:45 AM ET)

Morning Briefing delivered

• Iran/Hormuz Crisis: US sank 16 Iranian minelayers
• Brent +4.8% → $92, WTI +4.6% → $87 (approaching $100)
• IEA releasing 400M barrels — largest emergency reserve release in history (32 countries joining)
• SentinelOne (S) Q4 earnings today AH — Johan is short
• Johan asked about S earnings (was awake ~5 AM for this), confirmed AH today

Afternoon (1:30–3:30 PM ET via OC TUI)

Kaseya Alerts Purge

• Johan asked why Watchboard still showed Kaseya messages
• Found 9 stale Kaseya/Mattermost meeting alerts in alerts.json (Watchboard port 9202)
• All 9 deleted. Root cause: alerts were written before M365 removal, never cleaned up
• alerts.db confirmed empty (not the live store)

Port 9999 Security Incident — RESOLVED

• Alert on Watchboard: python3 -m http.server running on port 9999
• Discovered it had been running since ~March 7 (5+ days)
• Was serving /tmp to 0.0.0.0 (entire LAN, no auth)
• Exposed files: clawvault-preview.db + WAL (vault database), chrome_import.csv, other temp files
• Johan's reaction: "kill it, burn it, bury it and delete it. GONE!"
• Killed process, shredded sensitive files with shred -u
• Origin unknown — best guess: subagent doing vault1984 work Mar 7 spun it up to preview a file

Python Audit

• Johan: "I have a very strong preference for GoLang. Python should only be temporary tools"
• Active Python (system): fail2ban, unattended-upgrades (untouchable)
• Active Python (Johan's code): inou/health-poller (18 .py files), mail-agent (superseded by MC)
• Stale M365 OAuth callback server (localhost-only, waiting for redirect since Mar 11) killed
• Decision: Python is OK for temporary scripts; new services should be Go

inou SMTP Correction

• Morning nudge incorrectly said "Proton Bridge not running" as the inou SMTP issue
• Johan corrected: inou uses Proton SMTP token directly (smtp.protonmail.ch:587), no bridge involved
• Memory updated. The nudge was wrong.

Evening (5:45 PM ET via Telegram)

SentinelOne Q4 Results (AH)

• Revenue: $271.2M (+20% YoY) — exactly in line, no beat
• EPS: $0.07 vs $0.06 est (tiny beat)
• ARR: $1.12B (+22% YoY) — crossed $1B milestone
• Q1 guidance soft → stock slid after hours
• Johan's short is profitable ✅

Evening Briefing (8:17 PM ET)

• S&P 500: 6,740 (−0.8%, broke 50 & 100-day MAs — lowest since mid-Dec)
• Oil >$100/bbl — Iran fully blocked Strait of Hormuz; Iraq halted oil ports
• US releasing 172M barrels from SPR
• Markets: broad risk-off selloff on oil shock

Git Audit (6:02 PM)

• dealspace: 1 unpushed commit
• inou: 82 uncommitted files + 2 unpushed commits
• clawd: 1 unpushed commit

---

Decisions Made Today

1. Port 9999 python server — killed and files shredded. Zero tolerance for /tmp servers.
2. Python preference — Go-first. Python only for temporary one-off tools.
3. inou SMTP — uses direct Proton token, not Proton Bridge. Working correctly.
4. S short — holding (Q1 guidance was weak, stock dropped AH)

Open at End of Day

• inou: 82+ uncommitted files still piling up
• dealspace, james-dashboard, clawd: unpushed commits
• vault1984/inou architecture: Hans agentchat follow-up pending
• X watch double-fire bug: unresolved