github-app-bot-authlisted

# GitHub App Bot Auth — `jessinra-megumi-dev[bot]` ## What This Is The Lorekeeper ecosystem uses a **GitHub App** (`jessinra-megumi-dev`) for bot-authorized `gh` operations — PR creation, code pushes, API calls. The bot identity is separate from Jason's personal account, giving cleaner audit trails on PRs. ## Key Facts | Item | Value | | ---------------- | ---------------------------------------------------- | | App ID | `3823074` | | Installation ID | `134866394` | | Account | `Jessinra` (User, selected repos) | | Bot display name | `jessinra-megumi-dev[bot]` | | Private key | `~/.hermes/keys/jessinra-megumi-dev.private-key.pem` | | Auth file | `~/.config/gh/hosts.yml` | | Token prefix | `ghs_` (installation token) | ## Authentication Flow ``` Private Key (.pem) → Sign JWT (RS256, App ID 3823074, 10min expiry) → POST /app/installations/134866394/access_tokens → Installation token (ghs_..., 1hr expiry) → Written to ~/.config/gh/hosts.yml ``` ## Token Rotation Installation tokens expire in **1 hour**. A cron job refreshes them automatically: - **Script:** `~/.hermes/scripts/gh-token-refresh.py` - **Schedule:** Every 45 minutes (`*/45 * * * *`) - **Mode:** `no_agent=True` (pure scr