Rewrote kimi-heartbeat.sh with sovereignty-first design:
- Prefer Tailscale (100.x) over public IP for Gitea API calls
- Use $HOME instead of hardcoded /Users/apayne paths
- Remove token file paths from prompts sent to Kimi API
- Add MAX_DISPATCH=5 cap per heartbeat run
- Proper lockfile with stale detection (10min timeout)
- Correct identity separation: timmy-token for labels, kimi_gitea_token for comments
- Covers 4 repos: timmy-home, timmy-config, the-nexus, hermes-agent
- Label lifecycle: assigned-kimi -> kimi-in-progress -> kimi-done
- Failure handling: removes in-progress label so retry is possible
LaunchAgent: ai.timmy.kimi-heartbeat.plist (every 5 minutes)
Zero LLM cost for polling — bash/curl only. Kimi tokens only for actual work.
All Hermes cron jobs removed — they burned Anthropic tokens for polling.
KimiClaw dispatch is now pure infrastructure, no cloud LLM in the loop.
ee7f37c5c7