feat(kiloclaw): add controller telemetry checkins (#1380)

## Summary

Add controller phone-home telemetry from Fly machines to the kiloclaw
worker and store it in a dedicated Analytics Engine dataset for
machine-health observability.

- Introduces a new machine-to-worker check-in route: `POST
/api/controller/checkin`.
- Uses **dual auth** for check-ins: Bearer `KILOCODE_API_KEY` +
`x-kiloclaw-gateway-token`.
- Adds a second AE dataset binding (`KILOCLAW_CONTROLLER_AE` /
`kiloclaw_controller_telemetry`) separate from lifecycle event
telemetry.
- Wires periodic controller check-ins (5-minute interval, 2-minute
initial delay) into controller startup/shutdown.
- Extracts and reuses openclaw version caching logic in
`controller/src/openclaw-version.ts`.

**Reported telemetry payload (every check-in):**

| Category | Field | Source |
| --- | --- | --- |
| Identity | `sandboxId` | `KILOCLAW_SANDBOX_ID` env |
| Identity | `machineId` | `FLY_MACHINE_ID` (or explicit dep override) |
| Controller version | `controllerVersion` | compiled controller version
constant |
| Controller version | `controllerCommit` | compiled controller commit
constant |
| OpenClaw version | `openclawVersion` | cached `openclaw --version`
probe |
| OpenClaw version | `openclawCommit` | cached `openclaw --version`
probe |
| Process health | `supervisorState` | controller supervisor stats |
| Process health | `totalRestarts` | controller supervisor stats |
| Process health | `restartsSinceLastCheckin` | delta from prior
check-in |
| Process health | `uptimeSeconds` | controller supervisor stats |
| Host metric | `loadAvg5m` | `os.loadavg()[1]` |
| Network metric | `bandwidthBytesIn` | `/proc/net/dev` delta |
| Network metric | `bandwidthBytesOut` | `/proc/net/dev` delta |
| Process detail | `lastExitReason` | derived from last exit signal/code
|
| Infra label | `fly-region` | request header at worker ingress |

**AE datapoint layout (`kiloclaw_controller_telemetry`):**

| AE slot | Value |
| --- | --- |
| `blob1..blob9` | sandboxId, controllerVersion, controllerCommit,
openclawVersion, openclawCommit, supervisorState, flyRegion, machineId,
lastExitReason |
| `double1..double6` | restartsSinceLastCheckin, totalRestarts,
uptimeSeconds, loadAvg5m, bandwidthBytesIn, bandwidthBytesOut |
| `index1` | sandboxId |

## Verification

- [x] `pnpm lint` (in `kiloclaw/`) — pass
- [x] `pnpm typecheck` (in `kiloclaw/`) — pass
- [x] `pnpm test` (in `kiloclaw/`) — pass (`44` files, `949` tests)
- [x] `pnpm test controller/src/checkin.test.ts src/gateway/env.test.ts`
— pass
- [x] `pnpm test controller/src/checkin.test.ts
controller/src/routes/health.test.ts src/routes/controller.test.ts` —
pass (`23` tests)
- [x] `bash scripts/controller-smoke-test.sh` — pass (`11 passed, 0
failed`)
- [x] `bash scripts/controller-entrypoint-smoke-test.sh` — pass (`5
passed, 0 failed`)
- [x] `bash scripts/controller-proxy-auth-smoke-test.sh` — pass
(expected proxy auth behavior: `401` without token, success with token)
- [ ] Additional manual verification details (if any)

## Visual Changes

N/A

## Reviewer Notes

- This PR is backend/controller-only; no UI changes.
- `worker-configuration.d.ts` regeneration changes were intentionally
excluded from this branch.
- Auth path for `/api/controller/checkin` is intentionally custom and
mounted before JWT/internal API middleware.
- Network stats parser prefers `eth0`, then falls back to summing
non-loopback interfaces.
- Detailed implementation deviations/deferrals are logged at
`~/fd-plans/kiloclaw/controller-telemetry-deviations.md`.

Author: pandemicsyn

kiloclaw/Dockerfile

@@ -111,7 +111,7 @@ RUN mkdir -p /root/.openclaw \
 
 # Copy helper scripts (used at runtime by the controller/gateway)
 # Build cache bust: 2026-03-17-v65-remove-startup-script
-RUN echo "10"
+RUN echo "11"
 COPY openclaw-pairing-list.js /usr/local/bin/openclaw-pairing-list.js
 COPY openclaw-device-pairing-list.js /usr/local/bin/openclaw-device-pairing-list.js
 

kiloclaw/controller/src/checkin.test.ts

@@ -0,0 +1,25 @@
+import { describe, expect, it } from 'vitest';
+import { parseNetDevText } from './checkin';
+
+describe('parseNetDevText', () => {
+  it('prefers eth0 when present', () => {
+    const raw = `Inter-|   Receive                                                |  Transmit
+ face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
+  lo: 100 1 0 0 0 0 0 0 200 2 0 0 0 0 0 0
+eth0: 3000 10 0 0 0 0 0 0 4000 12 0 0 0 0 0 0
+`;
+
+    expect(parseNetDevText(raw)).toEqual({ bytesIn: 3000, bytesOut: 4000 });
+  });
+
+  it('falls back to summing non-loopback interfaces when eth0 is absent', () => {
+    const raw = `Inter-|   Receive                                                |  Transmit
+ face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
+  lo: 50 1 0 0 0 0 0 0 60 1 0 0 0 0 0 0
+ens5: 1000 10 0 0 0 0 0 0 2000 20 0 0 0 0 0 0
+eth1: 300 3 0 0 0 0 0 0 700 7 0 0 0 0 0 0
+`;
+
+    expect(parseNetDevText(raw)).toEqual({ bytesIn: 1300, bytesOut: 2700 });
+  });
+});

kiloclaw/controller/src/checkin.ts

@@ -0,0 +1,189 @@
+import { readFile } from 'node:fs/promises';
+import { loadavg } from 'node:os';
+import { z } from 'zod';
+import type { OpenclawVersionInfo } from './openclaw-version';
+import { CONTROLLER_COMMIT, CONTROLLER_VERSION } from './version';
+import type { SupervisorStats } from './supervisor';
+
+const CHECKIN_INTERVAL_MS = 5 * 60 * 1000;
+const INITIAL_DELAY_MS = 2 * 60 * 1000;
+const REQUEST_TIMEOUT_MS = 10 * 1000;
+
+export type NetStats = { bytesIn: number; bytesOut: number };
+
+const NetStatsSchema = z.object({
+  bytesIn: z.number().int().min(0),
+  bytesOut: z.number().int().min(0),
+});
+
+function normalizeNetStats(value: unknown): NetStats {
+  const parsed = NetStatsSchema.safeParse(value);
+  if (!parsed.success) {
+    return { bytesIn: 0, bytesOut: 0 };
+  }
+  return parsed.data;
+}
+
+export type CheckinDeps = {
+  getApiKey: () => string;
+  getGatewayToken: () => string;
+  getSandboxId: () => string;
+  getCheckinUrl: () => string;
+  getSupervisorStats: () => SupervisorStats;
+  getOpenclawVersion: () => Promise<OpenclawVersionInfo>;
+  getMachineId?: () => string;
+};
+
+export function parseNetLine(line: string): NetStats {
+  const parts = line.trim().split(/\s+/);
+  return normalizeNetStats({
+    bytesIn: Number.parseInt(parts[1] ?? '', 10) || 0,
+    bytesOut: Number.parseInt(parts[9] ?? '', 10) || 0,
+  });
+}
+
+export function parseNetDevText(raw: string): NetStats {
+  const lines = raw.split('\n');
+
+  const eth0Line = lines.find(line => line.trim().startsWith('eth0:'));
+  if (eth0Line) {
+    return parseNetLine(eth0Line);
+  }
+
+  let bytesIn = 0;
+  let bytesOut = 0;
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.includes('|') || !trimmed.includes(':') || trimmed.startsWith('lo:')) {
+      continue;
+    }
+    const stats = parseNetLine(trimmed);
+    bytesIn += stats.bytesIn;
+    bytesOut += stats.bytesOut;
+  }
+
+  return normalizeNetStats({ bytesIn, bytesOut });
+}
+
+export async function readNetStats(): Promise<NetStats> {
+  try {
+    const raw = await readFile('/proc/net/dev', 'utf8');
+    return parseNetDevText(raw);
+  } catch {
+    return { bytesIn: 0, bytesOut: 0 };
+  }
+}
+
+export function startCheckin(deps: CheckinDeps): () => void {
+  const checkinUrl = deps.getCheckinUrl();
+  if (!checkinUrl) {
+    return () => {};
+  }
+
+  let previousRestarts = deps.getSupervisorStats().restarts;
+  let previousNetStats: NetStats = { bytesIn: 0, bytesOut: 0 };
+  let checkinInFlight = false;
+
+  void readNetStats().then(stats => {
+    previousNetStats = stats;
+  });
+
+  const doCheckin = async (): Promise<void> => {
+    if (checkinInFlight) {
+      return;
+    }
+    checkinInFlight = true;
+
+    try {
+      const apiKey = deps.getApiKey();
+      const gatewayToken = deps.getGatewayToken();
+      const sandboxId = deps.getSandboxId();
+      if (!apiKey || !gatewayToken || !sandboxId) {
+        return;
+      }
+
+      const stats = deps.getSupervisorStats();
+      const openclawVersion = await deps.getOpenclawVersion();
+      const currentNetStats = await readNetStats();
+
+      const restartsSinceLastCheckin = Math.max(0, stats.restarts - previousRestarts);
+      const bandwidthBytesIn = Math.max(0, currentNetStats.bytesIn - previousNetStats.bytesIn);
+      const bandwidthBytesOut = Math.max(0, currentNetStats.bytesOut - previousNetStats.bytesOut);
+
+      const lastExitReason = stats.lastExit
+        ? stats.lastExit.signal
+          ? `signal:${stats.lastExit.signal}`
+          : stats.lastExit.code !== null
+            ? `code:${stats.lastExit.code}`
+            : ''
+        : '';
+
+      const controller = new AbortController();
+      const timeout = setTimeout(() => {
+        controller.abort();
+      }, REQUEST_TIMEOUT_MS);
+
+      let response: Response;
+      try {
+        response = await fetch(checkinUrl, {
+          method: 'POST',
+          headers: {
+            'content-type': 'application/json',
+            authorization: `Bearer ${apiKey}`,
+            'x-kiloclaw-gateway-token': gatewayToken,
+          },
+          signal: controller.signal,
+          body: JSON.stringify({
+            sandboxId,
+            machineId: deps.getMachineId?.() ?? process.env.FLY_MACHINE_ID ?? '',
+            controllerVersion: CONTROLLER_VERSION,
+            controllerCommit: CONTROLLER_COMMIT,
+            openclawVersion: openclawVersion.version,
+            openclawCommit: openclawVersion.commit,
+            supervisorState: stats.state,
+            totalRestarts: stats.restarts,
+            restartsSinceLastCheckin,
+            uptimeSeconds: stats.uptime,
+            loadAvg5m: loadavg()[1] ?? 0,
+            bandwidthBytesIn,
+            bandwidthBytesOut,
+            lastExitReason,
+          }),
+        });
+      } finally {
+        clearTimeout(timeout);
+      }
+
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => '');
+        console.error(`[checkin] HTTP ${response.status}: ${errorText}`);
+        return;
+      }
+
+      // Only advance baselines after a successful checkin.
+      previousRestarts = stats.restarts;
+      previousNetStats = currentNetStats;
+    } catch (err) {
+      console.error('[checkin] failed:', err);
+    } finally {
+      checkinInFlight = false;
+    }
+  };
+
+  let interval: ReturnType<typeof setInterval> | undefined;
+
+  const initialTimeout = setTimeout(() => {
+    void doCheckin();
+    interval = setInterval(() => {
+      void doCheckin();
+    }, CHECKIN_INTERVAL_MS);
+  }, INITIAL_DELAY_MS);
+
+  return () => {
+    clearTimeout(initialTimeout);
+    if (interval) {
+      clearInterval(interval);
+    }
+  };
+}

kiloclaw/controller/src/index.ts

@@ -24,6 +24,8 @@ import { writeGogCredentials } from './gog-credentials';
 import { startWatchRenewal, stopWatchRenewal } from './gmail-watch-renewal';
 import { bootstrap } from './bootstrap';
 import type { ControllerStateRef, ControllerState } from './bootstrap';
+import { getOpenclawVersion } from './openclaw-version';
+import { startCheckin } from './checkin';
 
 export type RuntimeConfig = {
   port: number;
@@ -226,13 +228,15 @@ export async function startController(env: NodeJS.ProcessEnv = process.env): Pro
   let supervisor: Supervisor | undefined;
   let gmailWatchSupervisor: Supervisor | undefined;
   let pairingCache: ReturnType<typeof createPairingCache> | undefined;
+  let stopCheckin: (() => void) | undefined;
 
   const onSignal = async (signal: NodeJS.Signals): Promise<void> => {
     if (shuttingDown) return;
     shuttingDown = true;
     console.log(`[controller] Received ${signal}, shutting down`);
 
     pairingCache?.cleanup();
+    stopCheckin?.();
     stopWatchRenewal();
     const shutdowns: Promise<void>[] = [];
     if (supervisor) shutdowns.push(supervisor.shutdown(signal));
@@ -395,6 +399,16 @@ export async function startController(env: NodeJS.ProcessEnv = process.env): Pro
     }
 
     controllerState.current = { state: 'ready' };
+
+    stopCheckin = startCheckin({
+      getApiKey: () => env.KILOCODE_API_KEY ?? '',
+      getGatewayToken: () => config.expectedToken,
+      getSandboxId: () => env.KILOCLAW_SANDBOX_ID ?? '',
+      getCheckinUrl: () => env.KILOCLAW_CHECKIN_URL ?? '',
+      getSupervisorStats: () => supervisor.getStats(),
+      getOpenclawVersion,
+    });
+
     console.log(
       `[controller] Ready version=${CONTROLLER_VERSION} commit=${CONTROLLER_COMMIT} requireProxyToken=${config.requireProxyToken} wsIdleTimeoutMs=${config.wsIdleTimeoutMs} wsHandshakeTimeoutMs=${config.wsHandshakeTimeoutMs} maxWsConnections=${config.maxWsConnections}`
     );

kiloclaw/controller/src/openclaw-version.ts

@@ -0,0 +1,39 @@
+import { execFile } from 'node:child_process';
+
+export type OpenclawVersionInfo = { version: string | null; commit: string | null };
+
+const OPENCLAW_VERSION_RE = /(\d{4}\.\d{1,2}\.\d{1,2})(?:\s+\(([0-9a-f]+)\))?/;
+
+export function parseOpenclawVersion(raw: string): OpenclawVersionInfo {
+  const match = raw.match(OPENCLAW_VERSION_RE);
+  if (!match) return { version: null, commit: null };
+  return { version: match[1], commit: match[2] ?? null };
+}
+
+let openclawVersionPromise: Promise<OpenclawVersionInfo> | undefined;
+
+/**
+ * Resolve the installed openclaw version once and cache it for process lifetime.
+ *
+ * If openclaw is upgraded while the controller process is still running,
+ * the cached value remains stale until the controller restarts.
+ */
+export function getOpenclawVersion(): Promise<OpenclawVersionInfo> {
+  if (!openclawVersionPromise) {
+    openclawVersionPromise = new Promise(resolve => {
+      execFile(
+        '/usr/bin/env',
+        ['HOME=/root', 'openclaw', '--version'],
+        { timeout: 5000 },
+        (err, stdout) => {
+          if (err) {
+            resolve({ version: null, commit: null });
+            return;
+          }
+          resolve(parseOpenclawVersion(stdout.toString().trim()));
+        }
+      );
+    });
+  }
+  return openclawVersionPromise;
+}

kiloclaw/controller/src/routes/health.ts

@@ -1,49 +1,12 @@
-import { execFile } from 'node:child_process';
 import type { Context, Hono } from 'hono';
 import { timingSafeTokenEqual } from '../auth';
 import type { Supervisor } from '../supervisor';
 import type { ControllerStateRef } from '../bootstrap';
 import { CONTROLLER_COMMIT, CONTROLLER_VERSION } from '../version';
 import { getBearerToken } from './gateway';
+import { getOpenclawVersion } from '../openclaw-version';
 
-/** Parsed result from `openclaw --version` (e.g. "OpenClaw 2026.3.8 (3caab92)"). */
-type OpenclawVersionInfo = { version: string | null; commit: string | null };
-
-const OPENCLAW_VERSION_RE = /(\d{4}\.\d{1,2}\.\d{1,2})(?:\s+\(([0-9a-f]+)\))?/;
-
-export function parseOpenclawVersion(raw: string): OpenclawVersionInfo {
-  const match = raw.match(OPENCLAW_VERSION_RE);
-  if (!match) return { version: null, commit: null };
-  return { version: match[1], commit: match[2] ?? null };
-}
-
-/**
- * Resolve the installed openclaw version once and cache it for the process lifetime.
- * If the user upgrades openclaw while the controller is running, the cached value
- * becomes stale until the next redeploy (which restarts the controller process).
- * This is acceptable: the UI shows a "Modified" badge by comparing image vs running
- * version, and spawning a subprocess on every request is not worth the cost.
- */
-let openclawVersionPromise: Promise<OpenclawVersionInfo> | undefined;
-function getOpenclawVersion(): Promise<OpenclawVersionInfo> {
-  if (!openclawVersionPromise) {
-    openclawVersionPromise = new Promise(resolve => {
-      execFile(
-        '/usr/bin/env',
-        ['HOME=/root', 'openclaw', '--version'],
-        { timeout: 5000 },
-        (err, stdout) => {
-          if (err) {
-            resolve({ version: null, commit: null });
-          } else {
-            resolve(parseOpenclawVersion(stdout.toString().trim()));
-          }
-        }
-      );
-    });
-  }
-  return openclawVersionPromise;
-}
+export { parseOpenclawVersion } from '../openclaw-version';
 
 export function registerHealthRoute(
   app: Hono,

kiloclaw/src/gateway/env.test.ts

@@ -418,8 +418,9 @@ describe('buildEnvVars', () => {
       instanceFeatures: ['nonexistent-feature'],
     });
 
-    // No KILOCLAW_* feature vars should be set (only platform defaults)
-    const featureVars = Object.keys(result.env).filter(k => k.startsWith('KILOCLAW_'));
+    // No feature-flag env vars should be set.
+    const knownFeatureVars = new Set(Object.values(FEATURE_TO_ENV_VAR));
+    const featureVars = Object.keys(result.env).filter(k => knownFeatureVars.has(k));
     expect(featureVars).toEqual([]);
   });
 

kiloclaw/src/gateway/env.ts

@@ -190,10 +190,12 @@ export async function buildEnvVars(
   if (env.DISCORD_DM_POLICY) plainEnv.DISCORD_DM_POLICY = env.DISCORD_DM_POLICY;
   if (env.OPENCLAW_ALLOWED_ORIGINS)
     plainEnv.OPENCLAW_ALLOWED_ORIGINS = env.OPENCLAW_ALLOWED_ORIGINS;
+  if (env.KILOCLAW_CHECKIN_URL) plainEnv.KILOCLAW_CHECKIN_URL = env.KILOCLAW_CHECKIN_URL;
   plainEnv.REQUIRE_PROXY_TOKEN = env.REQUIRE_PROXY_TOKEN ?? 'false';
 
   // Layer 5: Reserved system vars (cannot be overridden by any user config)
   sensitive.OPENCLAW_GATEWAY_TOKEN = await deriveGatewayToken(sandboxId, gatewayTokenSecret);
+  plainEnv.KILOCLAW_SANDBOX_ID = sandboxId;
   plainEnv.AUTO_APPROVE_DEVICES = 'true';
 
   // User-selected exec permissions preset (non-sensitive, survives restarts).