clawd/memory/working-context.md

Working Context — Updated 2026-02-27 9:00 PM ET

Current State

Nightly maintenance completed. Context reset at 9PM. Main session history inaccessible from cron.

Carryover from Feb 26

Spacebot/Andrew (192.168.1.17)

• Running parallel to James on port 19898
• Bug: channel model calls reply() and stops — worker dispatch announced but never executed
• Simple Q&A works, multi-step agentic tasks silently fail
• Revisit: 2026-03-03

X/Twitter Intel (from Feb 26 scans)

• OpenClaw 2026.2.26 — heartbeat DM fix, subagent overhaul, Slack/thread fixes, 30+ security fixes ✅ installed
• Qwen 3.5 (35B/122B/27B) — rivals Sonnet 4.5, runs on 32GB RAM (Johan's M4 Max)
• Gemini Nano Banana 2 — Google new image model, Pro quality at Flash speed
• @steipete OpenClaw beta: External Secrets, thread-bound agents, Codex/Claude Code as ACP subagents

Active Projects

• inou health — medical platform, building phase (not promoting yet)
• Sophia care — Johan is night nurse, trach/pulse-ox monitoring nightly
• Spacebot/Andrew — parallel bot test, multi-step tasks broken
• James infrastructure — forge (192.168.1.16), Zurich VPS, Uptime Kuma monitoring

Pending / Open Threads

• Spacebot worker dispatch bug — 2026-03-03
• SentinelOne (S) short position — earnings Mar 12
• Johan's M4 Max — Qwen 3.5 locally viable (32GB RAM)
• OpenClaw @steipete beta — External Secrets + ACP thread-bound agents worth watching

Infrastructure Notes

• Signal outbound from cron/subagents blocked (cross-context restriction) — use Telegram or main session relay
• Claude Code 2.1.62 installed
• OpenClaw 2026.2.26

---

Dealspace (added 2026-02-28)

• Live at: muskepo.com (Shannon VPS 82.24.174.112)
• Git: git@zurich.inou.com:dealspace.git → /home/johan/dev/dealspace
• Deploy: cd /home/johan/dev/dealspace && make deploy
• Login: muskepo.com/app/login → johan@jongsma.me → code 220402
• Misha: michael@muskepo.com, super_admin
• Status: Marketing site live, app UI rough, orgs/invite flow being built
• Next: Invite flow, org management, first Misha demo
• SMTP: Waiting on Misha's domain choice before wiring email

---

Overnight Build Night Completions (2026-02-28 02:00–07:20 ET)

Dealspace — ALL shipped, live at muskepo.com

• Git SHA: 4758baf (latest) — all pushed to zurich.inou.com:dealspace.git
• Agents completed: dealspace-orgs, dealspace-requests, dealspace-tests, dealspace-security, dealspace-smoke
• 83 tests passing (was 31, now 83)
• Security fixes: OTP timing attack (constant-time compare), CORS wildcard → allowlist, security headers middleware
• Request import: CSV/XLSX with smart header detection, priority normalization, section→workstream creation
• Organizations: OrgData+DealOrgData entry model, domain validation, deal_org linking, domain-lock enforcement
• App templates: projects, project, request, orgs, admin/dashboard — all live
• Smoke test: 14/14 pass on live muskepo.com — auth, projects, orgs, import, security enforcement
• Missing endpoints to add: GET /api/projects/:id (returns 404), DELETE endpoints
• Security audit report: /home/johan/dev/dealspace/docs/SECURITY-AUDIT-2026-02-28.md
• Smoke test script: /home/johan/dev/dealspace/scripts/smoke-test.sh

inou — First ever test suite + deep code review

• 59 tests written (lib + api), all passing
• Code review report: /home/johan/dev/inou/docs/CODE-REVIEW-2026-02-28.md
• Critical fix: LOINC matching bug fixed — Normalize() was skipping entries with SearchKey2 set even without LOINC codes. Fix: require BOTH SearchKey2 AND data["loinc"] to skip.
• Critical fix: CORS wildcard → allowlist (inou.com, localhost, capacitor)
• Auth backdoor removed from inou (code 250365)
• Medium/low: DICOM memory, nil pointer risks, hardcoded Signal recipient — documented only
• Build: passes. Tests: ./lib ./api all green.

Next for Dealspace (when Johan wakes)

1. GET /api/projects/:id endpoint (currently 404)
2. Invite flow (onboarding page for new users)
3. First real demo: create "Project James", add James LLC as seller org