1. ✓ 01 Memory architecture (3-layer system): MEMORY.md as lightweight pointer index (~150 chars/line, always in context) → topic files fetched on-demand → raw transcripts only grep'd. Compare to your current memory/ directory structure. See what Anthropic does differently.
2. ✓ 02 AgentTool internals: Sub-agents are first-class tool-registry citizens, not a separate orchestration layer. This is exactly how you use the Agent tool — study how they handle context isolation, result size limits, and the temp-file overflow you've hit.
3. ✓ 03 44 feature flags: The full list is catalogued. KAIROS (daemon mode), ULTRAPLAN (remote Opus planning), autoDream (memory consolidation during idle). These directly affect your workflow.
4. ✓ 04 Permission/security model: How deny rules, hook execution, and the 50-subcommand limit work internally. Relevant for hardening your own bash-gateway.sh.
5. ✓ 05 Bun + React Ink + Zod v4: The runtime stack. If you ever want to build CLI tools with a similar architecture, this is the reference implementation.

1. ✓ 01 Audit your bash-gateway.sh against CVE-2026-2796. The vuln bypasses per-command deny rules by chaining 50+ subcommands. Your gateway hook intercepts at the Bash tool level (PreToolUse), which should catch this — but verify it can't be bypassed by piped commands or subshells within a single tool call.
2. ✓ 02 Review how Anthropic's internal permission model handles compound commands in the leaked source. Port any patterns that strengthen your hook.
3. ✓ 03 Check your safe-exec.sh allowlist against the tool registry patterns in the source. Are there tool calls that bypass Bash entirely that you should also gate?
4. ✓ 04 Test. Try to bypass your own hooks with the 50+ chained command technique. Red-team yourself.

1. ✓ 01 Compare your MEMORY.md pattern to theirs. You independently arrived at the same "lightweight index + topic files" architecture. Document the convergence — it validates the pattern and establishes your credibility.
2. ✓ 02 Compare your agent system to AgentTool. Your custom agent types (20+ specialized agents in ~/.claude/agents/) vs their sub-agent spawning. What did you solve that they haven't shipped? What did they solve better?
3. ✓ 03 The hook security story. You built bash-gateway.sh and safe-exec.sh. The leak revealed CVE-2026-2796 exists because Anthropic's internal permission layer has a gap at 50 commands. Did your independent hook layer accidentally protect you? That's a compelling narrative.
4. ✓ 04 KAIROS vs your cron-based automation. You already have scheduled agents (CronCreate, RemoteTrigger). KAIROS is the first-party version of what you built with duct tape. Compare approaches.
5. ✓ 05 Publish on DEV.to, Medium, or your own domain. The timing window for this content is ~2 weeks from now before the news cycle moves on. Ship it.

1. ✓ 01 Map your current cron/scheduled agents to KAIROS capabilities. When daemon mode ships, you'll want to migrate your scheduled tasks (weekly calendar planner, email watchers, etc.) to native KAIROS triggers instead of external cron. Identify which of your current automations map cleanly and which need adaptation.
2. ✓ 02 Study autoDream memory consolidation. KAIROS includes a process that merges observations, removes contradictions, and converts vague insights to facts — during idle time. Your learnings system at ~/.claude/learnings/index.json is a manual version of this. Consider: will autoDream replace your learnings index, complement it, or should you align your format to be compatible?
3. ✓ 03 ULTRAPLAN for joyOS Labs. This leaked feature offloads complex planning to a remote Opus session with 30 minutes of think time. If your GSD workflow (plan-phase, research, roadmap) could benefit from deeper planning, you'll want to be an early adopter when it ships.
4. ✓ 04 Watch for Capybara/Mythos beta access. The feature flags suggest it's testable internally. If Anthropic opens a beta, you want in — your projects push Claude Code hard enough to provide useful feedback.

1. ✓ 01 Disable PPTP on router (192.168.0.1). Cryptographically broken since 2012. MS-CHAPv2 is trivially crackable. Log into the router admin panel and disable it now.
2. ✓ 02 Lock down Laravel Horizon on jturner. /horizon is fully unauthenticated — leaks queue stats, job payloads, and worker info. Add Horizon::auth() gate in HorizonServiceProvider or put it behind middleware.
3. ✓ 03 Put n8n behind Cloudflare Access. The n8n UI loads publicly and can execute arbitrary code via workflow nodes. Set up a Cloudflare Access policy or bind it to 127.0.0.1 + use SSH tunnel.
4. ✓ 04 Enable firewall + harden SSH on desktop. UFW is disabled, SSH is wide open on default port with password auth.

# Run the hardening script on desktop
ssh desktop 'bash -s' < ~/security-audit/01-desktop-harden.sh

1. ✓ 05 Rebind Docker ports to 127.0.0.1. MySQL (3306), MailHog (8896/1025), Reverb (8080), Vite (5173) are all bound to 0.0.0.0. Docker publishes bypass UFW entirely via the DOCKER-USER iptables chain.

# Scan for exposed Docker ports on desktop
ssh desktop 'bash -s' < ~/security-audit/02-docker-rebind.sh

1. ✓ 06 Update/replace Netgear R6700v2 (192.168.0.174). Firmware is from 2016, UPnP is exposed to the LAN. This router is EOL. Flash OpenWrt or replace entirely.
2. ✓ 07 Fix symfony/http-foundation auth bypass (CVE-2025-64500) in ALL deployed Laravel apps. This is a dependency-level auth bypass.

# Run dependency update script across all Laravel projects
ssh desktop 'bash -s' < ~/security-audit/03-dep-updates.sh

1. ✓ 08 n8n server (.10) — lock down exposed services. PostgreSQL, NFS, rpcbind, and Prometheus are all exposed on the LAN with no authentication. Bind to localhost or firewall them.

1. ✓ 09 System updates on desktop. Handled by script #1 (01-desktop-harden.sh). Needs a reboot after running.
2. ✓ 10 51 pending updates on laptop. Run the laptop update script.

# Run laptop update script
bash ~/security-audit/04-laptop-update.sh

1. ✓ 11 Suppress PHP version header. X-Powered-By: PHP/8.5.1 is being sent. Set expose_php = Off in php.ini or add header removal in Nginx/Apache config.
2. ✓ 12 Bind Vite dev servers to localhost. Add server: { host: '127.0.0.1' } in vite.config.ts for all projects. Currently binds to 0.0.0.0.
3. ✓ 13 Fix joyos-labs Vite vulnerabilities (5 high). Run cd ~/joyos-labs && npm audit fix.
4. ✓ 14 Fix jturner Node vulnerabilities (34 total, 14 high). Handled by the dependency update script #3.
5. ✓ 15 Servers .5 and .11: disable rpcbind/NFS. These services are running but likely not needed. SSH in and systemctl disable --now rpcbind nfs-server.
6. ✓ 16 Investigate api-frc-org (68 vulns, 9 critical). Is this project deployed? If not, archive. If yes, run npm audit fix and address criticals.
7. ✓ 17 Review crashed smelt-mysql container. It's crash-looping on the laptop. Either fix the config or remove it if it's not needed.
8. ✓ 18 MailHog has no auth on port 8896. Rebind to 127.0.0.1 in docker-compose.yml. Anyone on the LAN can read intercepted emails.
9. ✓ 19 Clean up stale DNS records. soulscape, tiberiusimages, tenx all point to dead backends. Remove or update in Cloudflare.

1. ✓ 20 Set up IoT VLAN. 14 IoT devices are on the same network as servers. Create a separate VLAN for IoT devices with no access to server subnet.
2. ✓ 21 Audit Python projects. pip-audit is not installed. Install it and run across all Python projects to check for known vulnerabilities.
3. ✓ 22 Identify mystery Python services on desktop. uvicorn on ports 8590/8591, python3 on port 8920. SSH in and check ss -tlnp | grep -E '8590|8591|8920' to find the process owners.
4. ✓ 23 Update Jekel. Winter CMS has a stored XSS vulnerability (CVE-2026-22254). Update the CMS or patch the specific component.
5. ✓ 24 Confirm StrongSwan VPN is intentional. Check if the VPN is actively used. If not, disable it — it's another attack surface.
6. ✓ 25 Review Samba shares on desktop. Check what's being shared and who can access it. Tighten permissions or disable if not needed.
7. ✓ 26 ESP32 devices on port 8081. Check for unauthenticated admin panels. These could be used to pivot into your network.