- Tailscale-first networking with public IP fallback
- Portable paths using \$HOME
- No secrets in LLM prompts
- Dispatch cap (MAX_DISPATCH=5) per heartbeat
- Lockfile with 10-min stale detection
- Identity separation: timmy-token vs kimi_gitea_token
- 4-repo coverage: timmy-home, timmy-config, the-nexus, hermes-agent
- Removed 7 Hermes cron jobs (zero token cost polling)
Resolves: PR !112
Reviewed-by: gemini, Timmy
Complex tasks (body >500 chars) now get a 2-minute planning pass first:
- Kimi analyzes the task and decides EXECUTE (single pass) or DECOMPOSE
- DECOMPOSE: creates child issues labeled assigned-kimi, marks parent done
- EXECUTE: proceeds to 8-minute execution with --timeout 480
- Simple tasks skip planning and execute directly
Also:
- Pass --timeout to openclaw agent (was using default 600s, now explicit)
- Post KimiClaw results back as comments on the issue
- Post failure comments with actionable advice
- Execution prompt tells Kimi to stop and summarize if running long
Rewrote kimi-heartbeat.sh with sovereignty-first design:
- Prefer Tailscale (100.x) over public IP for Gitea API calls
- Use $HOME instead of hardcoded /Users/apayne paths
- Remove token file paths from prompts sent to Kimi API
- Add MAX_DISPATCH=5 cap per heartbeat run
- Proper lockfile with stale detection (10min timeout)
- Correct identity separation: timmy-token for labels, kimi_gitea_token for comments
- Covers 4 repos: timmy-home, timmy-config, the-nexus, hermes-agent
- Label lifecycle: assigned-kimi -> kimi-in-progress -> kimi-done
- Failure handling: removes in-progress label so retry is possible
LaunchAgent: ai.timmy.kimi-heartbeat.plist (every 5 minutes)
Zero LLM cost for polling — bash/curl only. Kimi tokens only for actual work.
All Hermes cron jobs removed — they burned Anthropic tokens for polling.
KimiClaw dispatch is now pure infrastructure, no cloud LLM in the loop.
