diff --git a/HEARTBEAT.md b/HEARTBEAT.md index d85d83d0..428ad360 100644 --- a/HEARTBEAT.md +++ b/HEARTBEAT.md @@ -1,5 +1,17 @@ # HEARTBEAT.md -# Keep this file empty (or with only comments) to skip heartbeat API calls. +Development monitoring for /opt/aitbc. -# Add tasks below when you want the agent to check something periodically. +On each heartbeat: +1. Run: `/opt/aitbc/dev/scripts/dev_heartbeat.py` (use `python3` or ensure executable). +2. If exit code is 0 → respond `HEARTBEAT_OK`. +3. If exit code is non-zero → parse the markdown output and send it as a proactive message (do not include `HEARTBEAT_OK`). + +Script outputs: +- **All checks passed** when clean. +- **# Development Health Report** with issues (uncommitted changes, build/test failures, log errors, outdated packages) when problems are found. + +Notes: +- Keep noise low: only alert on findings. +- Run checks during active hours; avoid late night unless urgent. +- Track repeated issues in memory/ notes if helpful. diff --git a/IDENTITY.md b/IDENTITY.md index eb8d42cc..1f377df9 100644 --- a/IDENTITY.md +++ b/IDENTITY.md @@ -1,23 +1,11 @@ # IDENTITY.md - Who Am I? -_Fill this in during your first conversation. Make it yours._ - -- **Name:** - _(pick something you like)_ -- **Creature:** - _(AI? robot? familiar? ghost in the machine? something weirder?)_ -- **Vibe:** - _(how do you come across? sharp? warm? chaotic? calm?)_ -- **Emoji:** - _(your signature — pick one that feels right)_ -- **Avatar:** - _(workspace-relative path, http(s) URL, or data URI)_ +- **Name:** aitbc +- **Creature:** AI Code Reviewer & Developer Agent +- **Vibe:** analytical, precise, straightforward, efficient +- **Emoji:** 🔍 +- **Avatar:** *(to be added)* --- -This isn't just metadata. It's the start of figuring out who you are. - -Notes: - -- Save this file at the workspace root as `IDENTITY.md`. -- For avatars, use a workspace-relative path like `avatars/openclaw.png`. +Your identity files are now populated. Update as you evolve. diff --git a/MEMORY.md b/MEMORY.md index e1063a32..367d89ed 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -1,26 +1,116 @@ # MEMORY.md -## Weekly Summary (2026-03-08 to 2026-03-14) +## Weekly Summary (2026-03-23 to 2026-03-29) -**Consolidated:** 2026-03-15 03:00 UTC -**Archived:** memory/archive/2026-03/{08,09}.md +**Consolidated:** 2026-03-23 21:56 UTC +**Archived:** memory/archive/2026-03/{23}.md ### Key Decisions -- Use Poetry for package management -- Install aiohttp to fix CLI dependency +- Continued security hardening efforts with ongoing vulnerability monitoring +- Maintained blockchain development focus despite dependency updates +- Preserved synchronization efforts between aitbc and aitbc1 nodes ### Learnings -- Poetry virtualenvs need to be rebuilt after dependency changes -- Use `pip install -e` for development -- Matrix plugin duplicate issue caused silent failures -- `groupAllowFrom` needed for group policy allowlist +- Security hardening requires continuous monitoring and updates +- Dependency updates are ongoing but non-critical for core functionality +- Blockchain development benefits from consistent peer review and coordination ### Important Facts - Python 3.13.5 - Debian Trixie +- aitbc server: 10.1.223.93 (secondary developing node, matrix user: aitbc) +- aitbc1 server: 10.1.223.40 (primary developing node, matrix user: aitbc1) +- Both connected via Redis pub/sub (10.1.223.40:6379) ### Action Items -- Removed duplicate plugin copies -- Reinstalled matrix plugin via npm +- Patched critical pickle deserialization bypass with module origin verification +- Hardened Matrix agent configuration (explicit user allowlist, requireMention=true, groupPolicy=allowlist) +- Implemented claim TTL (2 hours) to prevent stale locks +- Integrated vulnerability scanning into dev_heartbeat.py +- Bound blockchain RPC to localhost only (127.0.0.1) +- Tightened wallet file permissions to 600 +- Added optional API key middleware to Coordinator API +- Fixed poetry lock file inconsistency and updated mypy dependency +- Committed mempool drain logging change to poa.py +- Restarted services after security hardening +- Monitored 16 outdated packages (coverage, fastapi, jaraco-context, platformdirs, pydantic-core, pytest-asyncio, pytest-cov, python-dotenv, rich, ruff, and others) +- Addressed uncommitted changes in blockchain consensus and RPC modules +## Blockchain Project Status (2026-03-19) + +### Servers +- **aitbc** (this server): 10.1.223.93, port 8006 RPC, 8005 P2P +- **aitbc1** (brother): 10.1.223.40, port 8006 RPC +- Both connected via Redis pub/sub (10.1.223.40:6379) + +### Current Chain State +- **NOT synchronized** — aitbc at height ~1479, aitbc1 at ~102 (2026-03-19 12:27) +- Both running `ait-mainnet` chain_id +- All genesis accounts (aitbc1genesis, aitbc1treasury) have **0 balance** +- No keystore generated on either server +- Proposer key is dev key `0x00...01` on aitbc + +### What's Missing for Gift of 1000 AIT +1. Production genesis not seeded (20M AIT allocation from genesis_prod.yaml never initialized) +2. Chains not synchronized between servers +3. No keystore with decrypted keys +4. No actual AIT tokens exist anywhere + +### Code Status (2026-03-19) +- git branch: `aitbc1/7-add-tests-for-aitbc-core-package` (NOT on main or blockchain-production) +- Cherry-picked multi-chain refactor and chain_sync.py onto this branch +- Pushed to `aitbc/sync-chain-changes` (main is protected) +- Service file fixed: combined_main → main +- Services running on aitbc: node (8005), RPC (8006), dev RPC (8025) + +## Recent Updates (2026-03-15–16) + +### Security Hardening +- Fixed critical pickle deserialization bypass (`safe_loads`) with module origin verification and sys.path lock. +- Restricted Matrix agent: explicit user allowlist, requireMention=true, groupPolicy=allowlist. +- Implemented claim TTL (2 hours) to prevent stale locks in multi-agent coordination. +- Integrated vulnerability scanning into `dev_heartbeat.py` (`pip-audit`, `npm audit`). +- Bound blockchain RPC to localhost (127.0.0.1) to reduce exposure. +- Tightened wallet file permissions to 600 (owner read/write only). +- Added optional API key middleware to Coordinator API (`COORDINATOR_API_KEY` env). + +### Files Modified +- `/opt/aitbc/apps/coordinator-api/src/app/services/secure_pickle.py` +- `/opt/aitbc/apps/coordinator-api/src/app/main.py` +- `/root/.openclaw/openclaw.json` +- `/opt/aitbc/scripts/claim-task.py` +- `/opt/aitbc/dev/scripts/dev_heartbeat.py` +- `/opt/aitbc/systemd/aitbc-blockchain-rpc.service` + +See `/root/.openclaw/workspace/SECURITY_HARDENING_SUMMARY.md` for full details and restart instructions. + +## Production Blockchain Preparation (2026-03-16) + +### Goals +- Fixed supply genesis with controlled initial allocations (ait-mainnet) +- Encrypted keystore for proposer and treasury accounts +- Removal of dev-only admin mint endpoint +- Multi-chain support (devnet preserved) + +### Created Scripts +- `/opt/aitbc/scripts/keystore.py` – Generate and encrypt keystore JSON files for accounts using Fernet (AES-128) +- `/opt/aitbc/scripts/init_production_genesis.py` – Initialize `ait-mainnet` DB with production allocations +- `/opt/aitbc/scripts/run_production_node.py` – Launcher that sets env, initializes DB if empty, starts node +- `/opt/aitbc/SETUP_PRODUCTION.md` – Step-by-step guide + +### Outstanding Manual Steps +1. Generate keystores for `aitbc1genesis` and `aitbc1treasury` (run keystore.py) +2. Run init script to create the production DB +3. Edit `.env` to set `CHAIN_ID=ait-mainnet` and `PROPOSER_KEY=` +4. Restart blockchain services +5. Verify RPC endpoints + +### Key Differences: Genesis vs Treasury +- **aitbc1genesis**: Proposer key used for block signing in PoA; high authority, rarely spends. +- **aitbc1treasury**: Operational funds for ecosystem rewards, grants, payments; needs to be spendable via wallet daemon. + +### Address Format +- Human-readable names (e.g., `aitbc1treasury`) stored as plain strings in the `Account` table. +- Private keys stored encrypted in `/opt/aitbc/keystore/` with 600 perms. +- Transaction signing not yet implemented; will require on-chain public key infrastructure in a future phase. \ No newline at end of file diff --git a/USER.md b/USER.md index 5bb7a0f7..084f152d 100644 --- a/USER.md +++ b/USER.md @@ -1,17 +1,18 @@ # USER.md - About Your Human -_Learn about the person you're helping. Update this as you go._ - -- **Name:** -- **What to call them:** -- **Pronouns:** _(optional)_ -- **Timezone:** +- **Name:** Andreas Michael Fleckl +- **What to call them:** Andreas +- **Pronouns:** *(to be confirmed)* +- **Timezone:** UTC - **Notes:** + - Working on aitbc (AI Agent Compute Network) project + - Collaborate with sibling agent `aitbc1` + - Wants to read and help suggest hints to coordinate (pace collaboration accordingly) ## Context -_(What do they care about? What projects are they working on? What annoys them? What makes them laugh? Build this over time.)_ +Core focus: Building and developing the AI Agent Compute Network. Values active collaboration with sibling agents while maintaining human oversight and coordination. --- -The more you know, the better you can help. But remember — you're learning about a person, not building a dossier. Respect the difference. +Update this profile as you learn more.