feat: expose /metrics endpoint in health daemon

config.yaml

@@ -1,6 +1,6 @@
 model:
-  default: claude-opus-4-6
-  provider: anthropic
+  default: hermes4:14b
+  provider: custom
 toolsets:
 - all
 agent:
@@ -27,7 +27,7 @@ browser:
   inactivity_timeout: 120
   record_sessions: false
 checkpoints:
-  enabled: false
+  enabled: true
   max_snapshots: 50
 compression:
   enabled: true
@@ -110,7 +110,7 @@ tts:
     device: cpu
 stt:
   enabled: true
-  provider: local
+  provider: openai
   local:
     model: base
   openai:

scripts/sovereign_health_report.py

@@ -0,0 +1,68 @@
+
+import sqlite3
+import json
+import os
+from pathlib import Path
+from datetime import datetime
+
+DB_PATH = Path.home() / ".timmy" / "metrics" / "model_metrics.db"
+REPORT_PATH = Path.home() / "timmy" / "SOVEREIGN_HEALTH.md"
+
+def generate_report():
+    if not DB_PATH.exists():
+        return "No metrics database found."
+
+    conn = sqlite3.connect(str(DB_PATH))
+    
+    # Get latest sovereignty score
+    row = conn.execute("""
+        SELECT local_pct, total_sessions, local_sessions, cloud_sessions, est_cloud_cost, est_saved
+        FROM sovereignty_score ORDER BY timestamp DESC LIMIT 1
+    """).fetchone()
+
+    if not row:
+        return "No sovereignty data found."
+
+    pct, total, local, cloud, cost, saved = row
+    
+    # Get model breakdown
+    models = conn.execute("""
+        SELECT model, SUM(sessions), SUM(messages), is_local, SUM(est_cost_usd)
+        FROM session_stats
+        WHERE timestamp > ?
+        GROUP BY model
+        ORDER BY SUM(sessions) DESC
+    """, (datetime.now().timestamp() - 86400 * 7,)).fetchall()
+
+    report = f"""# Sovereign Health Report — {datetime.now().strftime('%Y-%m-%d')}
+
+## ◈ Sovereignty Score: {pct:.1f}%
+**Status:** {"🟢 OPTIMAL" if pct > 90 else "🟡 WARNING" if pct > 50 else "🔴 COMPROMISED"}
+
+- **Total Sessions:** {total}
+- **Local Sessions:** {local} (Zero Cost, Total Privacy)
+- **Cloud Sessions:** {cloud} (Token Leakage)
+- **Est. Cloud Cost:** ${cost:.2f}
+- **Est. Savings:** ${saved:.2f} (Sovereign Dividend)
+
+## ◈ Fleet Composition (Last 7 Days)
+| Model | Sessions | Messages | Local? | Est. Cost |
+| :--- | :--- | :--- | :--- | :--- |
+"""
+    for m, s, msg, l, c in models:
+        local_flag = "✅" if l else "❌"
+        report += f"| {m} | {s} | {msg} | {local_flag} | ${c:.2f} |\n"
+
+    report += """
+---
+*Generated by the Sovereign Health Daemon. Sovereignty is a right. Privacy is a duty.*
+"""
+    
+    with open(REPORT_PATH, "w") as f:
+        f.write(report)
+    
+    print(f"Report generated at {REPORT_PATH}")
+    return report
+
+if __name__ == "__main__":
+    generate_report()

uni-wizard/daemons/health_daemon.py

@@ -24,32 +24,52 @@ class HealthCheckHandler(BaseHTTPRequestHandler):
         # Suppress default logging
         pass
     
-    def do_GET(self):
+def do_GET(self):
         """Handle GET requests"""
         if self.path == '/health':
             self.send_health_response()
         elif self.path == '/status':
             self.send_full_status()
+        elif self.path == '/metrics':
+            self.send_sovereign_metrics()
         else:
             self.send_error(404)
-    
-    def send_health_response(self):
-        """Send simple health check"""
-        harness = get_harness()
-        result = harness.execute("health_check")
-        
+
+    def send_sovereign_metrics(self):
+        """Send sovereign health metrics as JSON"""
         try:
-            health_data = json.loads(result)
-            status_code = 200 if health_data.get("overall") == "healthy" else 503
-        except:
-            status_code = 503
-            health_data = {"error": "Health check failed"}
-        
-        self.send_response(status_code)
+            import sqlite3
+            db_path = Path.home() / ".timmy" / "metrics" / "model_metrics.db"
+            if not db_path.exists():
+                data = {"error": "No database found"}
+            else:
+                conn = sqlite3.connect(str(db_path))
+                row = conn.execute("""
+                    SELECT local_pct, total_sessions, local_sessions, cloud_sessions, est_cloud_cost, est_saved
+                    FROM sovereignty_score ORDER BY timestamp DESC LIMIT 1
+                """).fetchone()
+                
+                if row:
+                    data = {
+                        "sovereignty_score": row[0],
+                        "total_sessions": row[1],
+                        "local_sessions": row[2],
+                        "cloud_sessions": row[3],
+                        "est_cloud_cost": row[4],
+                        "est_saved": row[5],
+                        "timestamp": datetime.now().isoformat()
+                    }
+                else:
+                    data = {"error": "No data"}
+                conn.close()
+        except Exception as e:
+            data = {"error": str(e)}
+
+        self.send_response(200)
         self.send_header('Content-Type', 'application/json')
         self.end_headers()
-        self.wfile.write(json.dumps(health_data).encode())
-    
+        self.wfile.write(json.dumps(data).encode())
+
     def send_full_status(self):
         """Send full system status"""
         harness = get_harness()

uniwizard/kimi-heartbeat.sh

@@ -21,12 +21,7 @@ set -euo pipefail
 # --- Config ---
 TOKEN=$(cat "$HOME/.timmy/kimi_gitea_token" | tr -d '[:space:]')
 TIMMY_TOKEN=$(cat "$HOME/.config/gitea/timmy-token" | tr -d '[:space:]')
-# Prefer Tailscale (private network) over public IP
-if curl -sf --connect-timeout 2 "http://100.126.61.75:3000/api/v1/version" > /dev/null 2>&1; then
-  BASE="http://100.126.61.75:3000/api/v1"
-else
-  BASE="http://143.198.27.163:3000/api/v1"
-fi
+BASE="${GITEA_API_BASE:-https://forge.alexanderwhitestone.com/api/v1}"
 LOG="/tmp/kimi-heartbeat.log"
 LOCKFILE="/tmp/kimi-heartbeat.lock"
 MAX_DISPATCH=10  # Increased max dispatch to 10
@@ -45,6 +40,31 @@ REPOS=(
 # --- Helpers ---
 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG"; }
 
+needs_pr_proof() {
+  local haystack="${1,,}"
+  [[ "$haystack" =~ implement|fix|refactor|feature|perf|performance|rebase|deploy|integration|module|script|pipeline|benchmark|cache|test|bug|build|port ]]
+}
+
+has_pr_proof() {
+  local haystack="${1,,}"
+  [[ "$haystack" == *"proof:"* || "$haystack" == *"pr:"* || "$haystack" == *"/pulls/"* || "$haystack" == *"commit:"* ]]
+}
+
+post_issue_comment_json() {
+  local repo="$1"
+  local issue_num="$2"
+  local token="$3"
+  local body="$4"
+  local payload
+  payload=$(python3 - "$body" <<'PY'
+import json, sys
+print(json.dumps({"body": sys.argv[1]}))
+PY
+)
+  curl -sf -X POST -H "Authorization: token $token" -H "Content-Type: application/json" \
+    -d "$payload" "$BASE/repos/$repo/issues/$issue_num/comments" > /dev/null 2>&1 || true
+}
+
 # Prevent overlapping runs
 if [ -f "$LOCKFILE" ]; then
   lock_age=$(( $(date +%s) - $(stat -f %m "$LOCKFILE" 2>/dev/null || echo 0) ))
@@ -257,20 +277,35 @@ print(payloads[0]['text'][:3000] if payloads else 'No response')
 " 2>/dev/null || echo "No response")
 
         if [ "$status" = "ok" ] && [ "$response_text" != "No response" ]; then
-          log "COMPLETED: $repo #$issue_num"
-
-          # Post result as comment (escape for JSON)
           escaped=$(echo "$response_text" | python3 -c "import sys,json; print(json.dumps(sys.stdin.read())[1:-1])" 2>/dev/null)
-          curl -sf -X POST -H "Authorization: token $TOKEN" -H "Content-Type: application/json" \
-            -d "{\"body\":\" **KimiClaw result:**\\n\\n$escaped\"}" \
-            "$BASE/repos/$repo/issues/$issue_num/comments" > /dev/null 2>&1 || true
+          if needs_pr_proof "$title $body" && ! has_pr_proof "$response_text"; then
+            log "BLOCKED: $repo #$issue_num — response lacked PR/proof for code task"
+            post_issue_comment_json "$repo" "$issue_num" "$TOKEN" "🟡 **KimiClaw produced analysis only — no PR/proof detected.**
 
-          # Remove kimi-in-progress, add kimi-done
-          [ -n "$progress_id" ] && curl -sf -X DELETE -H "Authorization: token $TIMMY_TOKEN" \
-            "$BASE/repos/$repo/issues/$issue_num/labels/$progress_id" > /dev/null 2>&1 || true
-          [ -n "$done_id" ] && curl -sf -X POST -H "Authorization: token $TIMMY_TOKEN" -H "Content-Type: application/json" \
-            -d "{\"labels\":[$done_id]}" \
-            "$BASE/repos/$repo/issues/$issue_num/labels" > /dev/null 2>&1 || true
+This issue looks like implementation work, so it is NOT being marked kimi-done.
+Kimi response excerpt:
+
+$escaped
+
+Action: removing Kimi queue labels so a code-capable agent can pick it up."
+            [ -n "$progress_id" ] && curl -sf -X DELETE -H "Authorization: token $TIMMY_TOKEN" \
+              "$BASE/repos/$repo/issues/$issue_num/labels/$progress_id" > /dev/null 2>&1 || true
+            [ -n "$kimi_id" ] && curl -sf -X DELETE -H "Authorization: token $TIMMY_TOKEN" \
+              "$BASE/repos/$repo/issues/$issue_num/labels/$kimi_id" > /dev/null 2>&1 || true
+          else
+            log "COMPLETED: $repo #$issue_num"
+            post_issue_comment_json "$repo" "$issue_num" "$TOKEN" "🟢 **KimiClaw result:**
+
+$escaped"
+
+            [ -n "$progress_id" ] && curl -sf -X DELETE -H "Authorization: token $TIMMY_TOKEN" \
+              "$BASE/repos/$repo/issues/$issue_num/labels/$progress_id" > /dev/null 2>&1 || true
+            [ -n "$kimi_id" ] && curl -sf -X DELETE -H "Authorization: token $TIMMY_TOKEN" \
+              "$BASE/repos/$repo/issues/$issue_num/labels/$kimi_id" > /dev/null 2>&1 || true
+            [ -n "$done_id" ] && curl -sf -X POST -H "Authorization: token $TIMMY_TOKEN" -H "Content-Type: application/json" \
+              -d "{\"labels\":[$done_id]}" \
+              "$BASE/repos/$repo/issues/$issue_num/labels" > /dev/null 2>&1 || true
+          fi
         else
           log "FAILED: $repo #$issue_num — status=$status"