Ok, we are brainstorming here so let's see :-)
Everything you've described is ok and sounds simple enough although in no particular order:
1. Having a separate database, let's say 10,000 devices to do a check would take around 2 milliseconds plus executing the notifications it could take 10-20 milliseconds to send maybe a bulk instruction to the notifications server (depends on the Kb of the data + latency to the notification server)
That's kinda borderline too slow as ChipChop handles approx 10,000 request/heartbeats per 2-3 milliseconds so there would be a backlog.
Still, it's doable but I would have to introduce a separate CPU process or maybe even a "sub-server" within each API server to handle that.
2. Everything on ChipChop is device driven, if a device sends a heartbeat then it's assumed "real" and Actions get executed. Actions are a part of each device database record (if you delete a device all Actions for it are gone and there is no processing waste). Introducing a "global" Actions database would require re-sync and re-indexing every time a device is added/removed in the Dev Console.
The way it happens in real life is: you add a new device, add actions to it, change your mind and delete it, add it again, do some tests and delete it again and repeat that who knows how many times...and thousand users can do that at the same time....all the time ! :-)
At the moment ChipChop handles that ok but I know at what cost is to re-sync/re-index a database thousands of times a day.
But I'm not against it!
3. How do we know that your "dormant" device is "real" or still operational? There is no difference if you create a new device in the Dev Console, maybe test it once so some heartbeat gets recorded and then you abandon it for weeks or months until you have the time to play with it again?
Actually, it's not a question here if a device is real it's more of a question is your account still alive? Your devices heartbeat is your account's "pulse"....no pulse...no life...account dead, more resources for everyone
Basically I have to make ChipChop to be fair to everyone and any dead accounts take resources from those that need them.
Don't worry, I am still thinking as I'm, writing this :-)
4. You are kinda looking for a "dead-man's switch", if it's pressed nothing happens and if it's not pressed something goes booom 💣 ChipChop works in reverse, things only happen if something is pressed "live-man's switch" :-)
5. If I can know 100% that your account is alive, I mean you can have 10 devices all on batteries sending a heartbeat once a month and that's fine as ChipChop will only act on a live heartbeat....but...if nothing is sent...hmmm
I guess setting up an action like that would have to be considered a "contract" a "promise" by you that your device is still alive and maybe only execute the action once and if the device doesn't come on-line after certain period of time dispose of the action?
6. As I've mentioned, this is all easily solvable with another device that is constantly live but then we get into a logical loop as you've said, if all your devices are in your house and you get a power cut everything will go dead...damn man, get a mini nuclear reactor or something
Ok, fuck it, give me this week to tinker with it. I may have to re-activate API26 and give you access for testing...leave it with me and I'll ping you a message when I have a prototype