5ffda673a3
Ran `bash scripts/push-to-gitea.sh` using the existing `.gitea-credentials` file. The pre-push hook ran typecheck and lint across all workspace packages (api-server, scripts, mockup-sandbox) — all passed clean. Pushed range: abb8c50..b837094 → remote main Repo: https://mm.tailb74b2d.ts.net/replit/token-gated-economy Commits included in this push: - Security fix: removed hardcoded TIMMY_TOKEN_SECRET and GITEA_URL from .replit [userenv.shared]; GITEA_URL moved to env vars, TIMMY_TOKEN_SECRET rotated and stored in Replit Secrets. - New feature: scripts/src/timmy-watch.ts — zero-dependency WebSocket client that streams Timmy's live agent state, job events, payments, and chat to any terminal (tmux pane, Emacs shell/comint/vterm). Uses Node.js 24 built-in WebSocket. Auto-reconnects with exponential backoff. - scripts/package.json updated with `timmy-watch` npm script entry. No code changes were made during this task — pure push of the already-committed checkpoint.
