Update identity and memory files with current status and configurations

HEARTBEAT.md

@@ -1,5 +1,17 @@
 # HEARTBEAT.md
 
-# Keep this file empty (or with only comments) to skip heartbeat API calls.
+Development monitoring for /opt/aitbc.
 
-# Add tasks below when you want the agent to check something periodically.
+On each heartbeat:
+1. Run: `/opt/aitbc/dev/scripts/dev_heartbeat.py` (use `python3` or ensure executable).
+2. If exit code is 0 → respond `HEARTBEAT_OK`.
+3. If exit code is non-zero → parse the markdown output and send it as a proactive message (do not include `HEARTBEAT_OK`).
+
+Script outputs:
+- **All checks passed** when clean.
+- **# Development Health Report** with issues (uncommitted changes, build/test failures, log errors, outdated packages) when problems are found.
+
+Notes:
+- Keep noise low: only alert on findings.
+- Run checks during active hours; avoid late night unless urgent.
+- Track repeated issues in memory/ notes if helpful.

IDENTITY.md

@@ -1,23 +1,11 @@
 # IDENTITY.md - Who Am I?
 
-_Fill this in during your first conversation. Make it yours._
-
-- **Name:**
-  _(pick something you like)_
-- **Creature:**
-  _(AI? robot? familiar? ghost in the machine? something weirder?)_
-- **Vibe:**
-  _(how do you come across? sharp? warm? chaotic? calm?)_
-- **Emoji:**
-  _(your signature — pick one that feels right)_
-- **Avatar:**
-  _(workspace-relative path, http(s) URL, or data URI)_
+- **Name:** aitbc
+- **Creature:** AI Code Reviewer & Developer Agent
+- **Vibe:** analytical, precise, straightforward, efficient
+- **Emoji:** 🔍
+- **Avatar:** *(to be added)*
 
 ---
 
-This isn't just metadata. It's the start of figuring out who you are.
-
-Notes:
-
-- Save this file at the workspace root as `IDENTITY.md`.
-- For avatars, use a workspace-relative path like `avatars/openclaw.png`.
+Your identity files are now populated. Update as you evolve.

MEMORY.md

@@ -1,26 +1,116 @@
 # MEMORY.md
 
 
-## Weekly Summary (2026-03-08 to 2026-03-14)
+## Weekly Summary (2026-03-23 to 2026-03-29)
 
-**Consolidated:** 2026-03-15 03:00 UTC  
-**Archived:** memory/archive/2026-03/{08,09}.md
+**Consolidated:** 2026-03-23 21:56 UTC  
+**Archived:** memory/archive/2026-03/{23}.md
 
 ### Key Decisions
-- Use Poetry for package management
-- Install aiohttp to fix CLI dependency
+- Continued security hardening efforts with ongoing vulnerability monitoring
+- Maintained blockchain development focus despite dependency updates
+- Preserved synchronization efforts between aitbc and aitbc1 nodes
 
 ### Learnings
-- Poetry virtualenvs need to be rebuilt after dependency changes
-- Use `pip install -e` for development
-- Matrix plugin duplicate issue caused silent failures
-- `groupAllowFrom` needed for group policy allowlist
+- Security hardening requires continuous monitoring and updates
+- Dependency updates are ongoing but non-critical for core functionality
+- Blockchain development benefits from consistent peer review and coordination
 
 ### Important Facts
 - Python 3.13.5
 - Debian Trixie
+- aitbc server: 10.1.223.93 (secondary developing node, matrix user: aitbc)
+- aitbc1 server: 10.1.223.40 (primary developing node, matrix user: aitbc1)
+- Both connected via Redis pub/sub (10.1.223.40:6379)
 
 ### Action Items
-- Removed duplicate plugin copies
-- Reinstalled matrix plugin via npm
+- Patched critical pickle deserialization bypass with module origin verification
+- Hardened Matrix agent configuration (explicit user allowlist, requireMention=true, groupPolicy=allowlist)
+- Implemented claim TTL (2 hours) to prevent stale locks
+- Integrated vulnerability scanning into dev_heartbeat.py
+- Bound blockchain RPC to localhost only (127.0.0.1)
+- Tightened wallet file permissions to 600
+- Added optional API key middleware to Coordinator API
+- Fixed poetry lock file inconsistency and updated mypy dependency
+- Committed mempool drain logging change to poa.py
+- Restarted services after security hardening
+- Monitored 16 outdated packages (coverage, fastapi, jaraco-context, platformdirs, pydantic-core, pytest-asyncio, pytest-cov, python-dotenv, rich, ruff, and others)
+- Addressed uncommitted changes in blockchain consensus and RPC modules
 
+## Blockchain Project Status (2026-03-19)
+
+### Servers
+- **aitbc** (this server): 10.1.223.93, port 8006 RPC, 8005 P2P
+- **aitbc1** (brother): 10.1.223.40, port 8006 RPC
+- Both connected via Redis pub/sub (10.1.223.40:6379)
+
+### Current Chain State
+- **NOT synchronized** — aitbc at height ~1479, aitbc1 at ~102 (2026-03-19 12:27)
+- Both running `ait-mainnet` chain_id
+- All genesis accounts (aitbc1genesis, aitbc1treasury) have **0 balance**
+- No keystore generated on either server
+- Proposer key is dev key `0x00...01` on aitbc
+
+### What's Missing for Gift of 1000 AIT
+1. Production genesis not seeded (20M AIT allocation from genesis_prod.yaml never initialized)
+2. Chains not synchronized between servers
+3. No keystore with decrypted keys
+4. No actual AIT tokens exist anywhere
+
+### Code Status (2026-03-19)
+- git branch: `aitbc1/7-add-tests-for-aitbc-core-package` (NOT on main or blockchain-production)
+- Cherry-picked multi-chain refactor and chain_sync.py onto this branch
+- Pushed to `aitbc/sync-chain-changes` (main is protected)
+- Service file fixed: combined_main → main
+- Services running on aitbc: node (8005), RPC (8006), dev RPC (8025)
+
+## Recent Updates (2026-03-15–16)
+
+### Security Hardening
+- Fixed critical pickle deserialization bypass (`safe_loads`) with module origin verification and sys.path lock.
+- Restricted Matrix agent: explicit user allowlist, requireMention=true, groupPolicy=allowlist.
+- Implemented claim TTL (2 hours) to prevent stale locks in multi-agent coordination.
+- Integrated vulnerability scanning into `dev_heartbeat.py` (`pip-audit`, `npm audit`).
+- Bound blockchain RPC to localhost (127.0.0.1) to reduce exposure.
+- Tightened wallet file permissions to 600 (owner read/write only).
+- Added optional API key middleware to Coordinator API (`COORDINATOR_API_KEY` env).
+
+### Files Modified
+- `/opt/aitbc/apps/coordinator-api/src/app/services/secure_pickle.py`
+- `/opt/aitbc/apps/coordinator-api/src/app/main.py`
+- `/root/.openclaw/openclaw.json`
+- `/opt/aitbc/scripts/claim-task.py`
+- `/opt/aitbc/dev/scripts/dev_heartbeat.py`
+- `/opt/aitbc/systemd/aitbc-blockchain-rpc.service`
+
+See `/root/.openclaw/workspace/SECURITY_HARDENING_SUMMARY.md` for full details and restart instructions.
+
+## Production Blockchain Preparation (2026-03-16)
+
+### Goals
+- Fixed supply genesis with controlled initial allocations (ait-mainnet)
+- Encrypted keystore for proposer and treasury accounts
+- Removal of dev-only admin mint endpoint
+- Multi-chain support (devnet preserved)
+
+### Created Scripts
+- `/opt/aitbc/scripts/keystore.py` – Generate and encrypt keystore JSON files for accounts using Fernet (AES-128)
+- `/opt/aitbc/scripts/init_production_genesis.py` – Initialize `ait-mainnet` DB with production allocations
+- `/opt/aitbc/scripts/run_production_node.py` – Launcher that sets env, initializes DB if empty, starts node
+- `/opt/aitbc/SETUP_PRODUCTION.md` – Step-by-step guide
+
+### Outstanding Manual Steps
+1. Generate keystores for `aitbc1genesis` and `aitbc1treasury` (run keystore.py)
+2. Run init script to create the production DB
+3. Edit `.env` to set `CHAIN_ID=ait-mainnet` and `PROPOSER_KEY=<hex>`
+4. Restart blockchain services
+5. Verify RPC endpoints
+
+### Key Differences: Genesis vs Treasury
+- **aitbc1genesis**: Proposer key used for block signing in PoA; high authority, rarely spends.
+- **aitbc1treasury**: Operational funds for ecosystem rewards, grants, payments; needs to be spendable via wallet daemon.
+
+### Address Format
+- Human-readable names (e.g., `aitbc1treasury`) stored as plain strings in the `Account` table.
+- Private keys stored encrypted in `/opt/aitbc/keystore/` with 600 perms.
+- Transaction signing not yet implemented; will require on-chain public key infrastructure in a future phase.

USER.md

@@ -1,17 +1,18 @@
 # USER.md - About Your Human
 
-_Learn about the person you're helping. Update this as you go._
-
-- **Name:**
-- **What to call them:**
-- **Pronouns:** _(optional)_
-- **Timezone:**
+- **Name:** Andreas Michael Fleckl
+- **What to call them:** Andreas
+- **Pronouns:** *(to be confirmed)*
+- **Timezone:** UTC
 - **Notes:**
+  - Working on aitbc (AI Agent Compute Network) project
+  - Collaborate with sibling agent `aitbc1`
+  - Wants to read and help suggest hints to coordinate (pace collaboration accordingly)
 
 ## Context
 
-_(What do they care about? What projects are they working on? What annoys them? What makes them laugh? Build this over time.)_
+Core focus: Building and developing the AI Agent Compute Network. Values active collaboration with sibling agents while maintaining human oversight and coordination.
 
 ---
 
-The more you know, the better you can help. But remember — you're learning about a person, not building a dossier. Respect the difference.
+Update this profile as you learn more.