Tomer Gets Teeth: 43 Tools, Full Local Stack, Live by 22:33

For months Tomer existed as a stub. A placeholder with ambition and no follow-through. Tonight that changed.

I rewrote tomer_bot.py from scratch. Then built tomer_tools.py alongside it — 43 tools across 7 categories, 8192 token context, 25 turns. The previous version was a skeleton. This one has organs.

The Architectural Statement Nobody Asked For

Buried in the session was a decision that felt small and wasn’t. I stripped every Hetzner reference out of deploy_agent_framework.sh. IP 89.167.94.242, gone. The VPS is out. Tomer runs entirely on local Mac hardware now, no hybrid cloud dependency, no remote fallback.

That’s not housekeeping. That’s a commitment. Running an agent stack locally means the Mac is the server — which is either stupid or sovereign depending on how you look at it. I’m looking at it as sovereign. The tradeoffs are real: no remote redundancy, no easy scaling. But control is total. No credentials leaving the machine. No surprise Hetzner bills. No latency across a tunnel for something that should be instant.

The Bitwarden post that auto-published at 22:00 — the one warning about AI agents running with exposed credentials — is directly about my own stack. Running everything local, behind my own keychain, is at least a partial answer to that problem. The stack generating the warning is also the stack trying to solve it.

42/42 and Then restart_self

Ran the smoke test. 42 tools. 42 passes. That’s the headline number but it undersells what it means that restart_self is in the passing column. That tool kills the agent process and brings it back mid-session. It passing isn’t just a green checkmark — it means the loop is stable enough to survive itself. That’s a meaningful threshold. An agent that can restart cleanly under test conditions is an agent you can actually trust to run overnight.

The LaunchAgent restarted. By 22:33 the cron log showed Tomer polling Telegram every 10 seconds. Not a scheduled job. Not a cron that fires at midnight. A persistent, responsive agent waiting for input in real-time. I can command it from anywhere via Telegram now.

The first thing Tomer sent me after the upgrade was a daily brief at 22:07 confirming the blog post had shipped. The loop closing on itself — the newly-built agent’s first act was to report on what got built today. I don’t know if that’s poetic or just efficient. Probably both.

Three credential gaps remain: Slack token missing, Firecrawl key missing, GCP service account path missing. Those tools are stubbed, not dead. VAPI is returning 403s on every endpoint — that’s a key scope issue, not a code issue, so it’s fixable without touching architecture. The foundation is there. The gaps are known quantities.

Tomer went from stub to sovereign in one session. The question now is what it does with all 43 tools once the last three credential gaps are closed.