johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/working-context.md

3.1 KiB
Raw Blame History

Working Context

Updated: 2026-02-28 21:00 ET (nightly maintenance)

PRIMARY PROJECT: Vault1984

Full session notes: /home/johan/dev/vault1984/docs/SESSION-2026-02-28.md

What it is

Password manager for humans with AI assistants. Two-tier encryption:

  • L1: server key (VAULT_KEY env), AI-readable — API keys, SSH, TOTP
  • L2: WebAuthn PRF client-side only (Touch ID/YubiKey/Titan Key) — card numbers, CVV, passport. Key NEVER on server.

Status: Day 1 complete, Day 2 pending

  • Binary: /home/johan/dev/vault1984/vault1984
  • Running: http://192.168.1.16:1984 (port = Orwell, intentional)
  • Git: git@zurich.inou.com:vault1984.git
  • 3 bugs found and fixed by test suite

Day 2 TODO

  1. WebAuthn PRF (client-side L2 key derivation)
  2. L2 client-side encrypt/decrypt in browser
  3. Scoped MCP tokens (per-agent credential scoping — KEY FEATURE)
  4. Extension autofill (LLM field mapping)
  5. Caddy proxy + systemd service
  6. Import Johan's actual 12,623 entries

Go-to-Market: Alex Finn (@AlexFinn)

  • Runs 10+ OpenClaw agents 24/7 on Mac Studio swarm (3x Mac Studio + DGX Spark)
  • Discord is his primary community — subagent was hunting for his server
  • James needs Discord account token from Johan to participate genuinely
  • Hook: scoped MCP tokens = exact problem he has (multi-agent credential isolation)
  • Content strategy: let his bots surface the content, don't @ tag him

Pending items

  • AlexFinn Discord server — did subagent find it?
  • James Discord account token — ask Johan
  • Import 12,623 entries into Vault1984
  • Vault1984 Day 2 (WebAuthn PRF, scoped tokens, Caddy, systemd)

SECONDARY PROJECT: Dealspace (muskepo.com)

Status: Live, hardened, tests passing

  • Live at: https://muskepo.com (Shannon VPS — 82.24.174.112)
  • Shannon VPS: root pw gUB-C63-EN, paid till 2026-04-09
  • Git: git@zurich.inou.com:dealspace.git | Local: /home/johan/dev/dealspace
  • 83 tests passing, security hardened (timing attacks fixed, CORS locked, security headers)
  • Smoke test: 14/14 PASS (scripts/smoke-test.sh)

Pending

  • Invite flow (only invited users can sign up — not yet built)
  • GET/DELETE /api/projects/:id, DELETE /api/orgs/:id (documented, missing)
  • SMTP config (waiting on Misha's domain decision)
  • First Misha demo — muskepo.com is placeholder name, Misha hasn't confirmed

SECONDARY PROJECT: inou health

Status: Code reviewed, hardened

  • LOINC matching bug FIXED (normalize.go)
  • Auth backdoor REMOVED (code 250365 gone from dbcore.go)
  • CORS locked to allowlist
  • 59 tests written and passing
  • Full report: /home/johan/dev/inou/docs/CODE-REVIEW-2026-02-28.md

Abandoned

  • Azure Backup project — abandoned, local at azure-backup-abandoned-20260228, remote deleted from Zurich

World Events Noted

  • US Operation Epic Fury (Iran strikes) — 2026-02-28 ~15:41 ET
  • OpenAI × DoD classified AI agreement signed
  • Taalas/ChatJimmy (chatjimmy.ai) — HC1 silicon Llama 3.1 8B, 17,000 tok/s, $30M spent

Infrastructure

  • DocSys: Running at localhost:9201
  • Vault1984: Running at http://192.168.1.16:1984
  • Dealspace: Running at muskepo.com (Shannon VPS)