Sync beads

.beads/.local_version

@@ -1 +1 @@
-0.29.0
+0.42.0

.beads/issues.jsonl

@@ -44,6 +44,7 @@
 {"id":"ops-jrz1-nir","title":"RFC: SSH log noise reduction strategy","description":"Research showed 99.8% of SSH logs are scanner noise (9000 failed attempts/day). Options: (1) Change SSH port - simple, ~99% reduction (2) journald filter - surgical but complex (3) LogLevel ERROR - loses successful login audit trail (4) fail2ban - bans IPs, partial reduction. Orch consensus: Gemini opposed LogLevel ERROR due to losing audit trail, GPT supported. Need RFC to decide approach. See posture review from Dec 2025 session.","status":"open","priority":3,"issue_type":"task","created_at":"2025-12-04T22:55:13.990334935-08:00","updated_at":"2025-12-04T22:55:13.990334935-08:00"}
 {"id":"ops-jrz1-nvx","title":"Slack bot architecture: Matrix-first approach","description":"**Decision**: Use Matrix as primary platform for Slack bot development.\n\n**Architecture**: Bots run as maubot plugins (or Matrix bots), communicate to Slack via mautrix-slack bridge.\n\n**Rationale**:\n- Existing infrastructure (maubot deployed, bridge working)\n- Single platform to manage\n- Bots work with Matrix users too\n- Avoid Socket Mode contention (only one xapp- connection allowed)\n\n**Trade-offs accepted**:\n- Bridge dependency (edit panic bug exists)\n- Extra latency through bridge hop\n- Limited to bridged channels\n\n**Alternative considered (Option B - direct Slack API)**:\n- Could use xoxb- token for outbound-only (REST)\n- Would need new Slack app for full Socket Mode independence\n- Deferred for now\n\n**Credentials available**:\n- slack-oauth-token (xoxb-) - shareable for REST calls if needed\n- slack-app-token (xapp-) - reserved for bridge Socket Mode\n\n**Status**: DECIDED - staying with Matrix-first","status":"closed","priority":3,"issue_type":"task","created_at":"2025-12-05T23:12:22.011872713-08:00","updated_at":"2025-12-05T23:12:28.329467732-08:00","closed_at":"2025-12-05T23:12:28.329467732-08:00"}
 {"id":"ops-jrz1-qxr","title":"mautrix-slack message edit panic (upstream bug)","description":"Bridge upgraded to v25.11. Need to verify if edit panic is fixed by testing a Slack message edit. Watch logs: journalctl -u mautrix-slack -f | grep -E 'ERR|panic|edit'","status":"closed","priority":2,"issue_type":"bug","created_at":"2025-12-05T18:22:38.18203834-08:00","updated_at":"2025-12-05T19:36:00.556011621-08:00","closed_at":"2025-12-05T19:36:00.556011621-08:00","dependencies":[{"issue_id":"ops-jrz1-qxr","depends_on_id":"ops-jrz1-03o","type":"blocks","created_at":"2025-12-05T18:24:23.259399275-08:00","created_by":"daemon","metadata":"{}"}]}
+{"id":"ops-jrz1-t73","title":"Rename learner to dev in scripts and docs","description":"Rename terminology from \"learner\" to \"dev\" or \"user\" across:\n\n- scripts/learner-add.sh → dev-add.sh\n- scripts/learner-remove.sh → dev-remove.sh\n- /etc/slack-learner.env → /etc/slack-dev.env\n- learners group → devs group\n- docs/learner-*.md\n- tests/test-learner-env.sh\n\nLow priority cleanup.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-02T12:32:40.340984626-08:00","created_by":"dan","updated_at":"2026-01-02T12:32:40.340984626-08:00"}
 {"id":"ops-jrz1-u0w","title":"Security review of running server","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-04T21:03:22.420507724-08:00","updated_at":"2025-12-04T21:04:31.989886731-08:00","closed_at":"2025-12-04T21:04:31.989886731-08:00"}
 {"id":"ops-jrz1-w68","title":"Remote dev environment security and setup research","description":"Research and test security/setup questions for learner remote dev environments.\n\n## Context\nTwo dev paths identified:\n1. **Server-first**: SSH in, run agentic coders on server\n2. **Local VS Code**: Remote-SSH extension, code on server\n\nBoth have open questions around sandboxing, system packages, deployment access, and security boundaries.\n\n## Scope\n- System package management for learners\n- User isolation and sandboxing options\n- Agentic coder security (what can Claude do?)\n- Deployment pipeline security\n- VS Code extension behavior testing\n- Resource limits and quotas\n\n## Deliverables\n- Answers to open questions (documented)\n- Security recommendations\n- Implementation plan for chosen approach","status":"open","priority":2,"issue_type":"epic","created_at":"2026-01-02T12:26:48.104374079-08:00","created_by":"dan","updated_at":"2026-01-02T12:26:48.104374079-08:00","dependencies":[{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-9pe","type":"blocks","created_at":"2026-01-02T12:27:59.277687811-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-ghd","type":"blocks","created_at":"2026-01-02T12:27:59.32841874-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3b1","type":"blocks","created_at":"2026-01-02T12:27:59.375858081-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3au","type":"blocks","created_at":"2026-01-02T12:27:59.428509997-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3jo","type":"blocks","created_at":"2026-01-02T12:27:59.473581774-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-bbn","type":"blocks","created_at":"2026-01-02T12:27:59.523975339-08:00","created_by":"dan"}]}
 {"id":"ops-jrz1-wj2","title":"Design API key provisioning strategy","description":"opencode needs API keys (OpenAI, Anthropic). Options: 1) Shared key with proxy + rate limiting, 2) Per-user keys in sops-nix. Need to prevent key exposure and enable usage tracking.","status":"closed","priority":1,"issue_type":"task","created_at":"2025-12-05T15:32:19.526073243-08:00","updated_at":"2025-12-05T17:25:10.534718515-08:00","closed_at":"2025-12-05T17:25:10.534718515-08:00","dependencies":[{"issue_id":"ops-jrz1-wj2","depends_on_id":"ops-jrz1-3so","type":"parent-child","created_at":"2025-12-05T17:05:47.103332379-08:00","created_by":"daemon","metadata":"{}"}]}

.beads/last-touched

@@ -0,0 +1 @@
+ops-jrz1-t73