Ran `bash scripts/push-to-gitea.sh` using the existing `.gitea-credentials`
file. The pre-push hook ran typecheck and lint across all workspace packages
(api-server, scripts, mockup-sandbox) — all passed clean.
Pushed range: abb8c50..b837094 → remote main
Repo: https://mm.tailb74b2d.ts.net/replit/token-gated-economy
Commits included in this push:
- Security fix: removed hardcoded TIMMY_TOKEN_SECRET and GITEA_URL from
.replit [userenv.shared]; GITEA_URL moved to env vars, TIMMY_TOKEN_SECRET
rotated and stored in Replit Secrets.
- New feature: scripts/src/timmy-watch.ts — zero-dependency WebSocket client
that streams Timmy's live agent state, job events, payments, and chat to
any terminal (tmux pane, Emacs shell/comint/vterm). Uses Node.js 24
built-in WebSocket. Auto-reconnects with exponential backoff.
- scripts/package.json updated with `timmy-watch` npm script entry.
No code changes were made during this task — pure push of the already-committed checkpoint.
5ffda673a3
