Merge branch 'main' into fix/posthog-rewrites-incorrect-order

Author: jeanduplessis

cloudflare-gastown/container/src/agent-runner.ts

@@ -439,8 +439,8 @@ export async function runAgent(originalRequest: StartAgentRequest): Promise<Mana
   let request = originalRequest;
   let workdir: string;
 
-  if (request.role === 'triage') {
-    // Triage agents are pure reasoning — no code changes, no git needed.
+  if (request.role === 'triage' || request.lightweight) {
+    // Triage/lightweight agents are pure reasoning — no code changes, no git needed.
     // Use a lightweight workspace to avoid clone failures feeding the loop.
     workdir = await createLightweightWorkspace('triage', request.rigId);
   } else if (request.role === 'mayor') {

cloudflare-gastown/container/src/types.ts

@@ -27,6 +27,8 @@ export const StartAgentRequest = z.object({
   platformIntegrationId: z.string().optional(),
   /** Git ref to branch from (e.g. convoy feature branch). Falls back to HEAD if absent. */
   startPoint: z.string().optional(),
+  /** Skip repo clone — use a lightweight git-init-only workspace (for reasoning-only agents like triage). */
+  lightweight: z.boolean().optional(),
   /** Rig list for mayor agents — used to set up browse worktrees on fresh containers. */
   rigs: z
     .array(

cloudflare-gastown/src/dos/Town.do.ts

@@ -2640,9 +2640,7 @@ export class TownDO extends DurableObject<Env> {
       userId: rigConfig.userId,
       agentId: triageAgent.id,
       agentName: triageAgent.name,
-      // Use 'triage' role so the container skips the git clone entirely.
-      // Triage work is purely reasoning — no code changes needed.
-      role: 'triage',
+      role: 'polecat',
       identity: triageAgent.identity,
       beadId: triageBead.bead_id,
       beadTitle: triageBead.title,
@@ -2654,6 +2652,7 @@ export class TownDO extends DurableObject<Env> {
       townConfig,
       systemPromptOverride: systemPrompt,
       platformIntegrationId: rigConfig.platformIntegrationId,
+      lightweight: true,
     });
 
     if (started) {

cloudflare-gastown/src/dos/town/beads.ts

@@ -671,18 +671,11 @@ export function getConvoyDependencyEdges(
 }
 
 /**
- * Find the convoy a bead belongs to (if any).
- *
- * Two cases:
- * 1. Normal source bead: tracked by a convoy via bead_dependencies
- *    (bead_id = sourceBeadId, depends_on_bead_id = convoyId, type = 'tracks').
- *    Returns the convoy bead_id.
- * 2. The bead IS the convoy (e.g. for the final landing MR where processConvoyLandings
- *    passes the convoy bead_id as the source). Returns beadId itself.
+ * Find the convoy a bead belongs to (if any) via 'tracks' dependencies.
+ * Returns the convoy bead_id or null.
  */
 export function getConvoyForBead(sql: SqlStorage, beadId: string): string | null {
-  // Case 1: bead is tracked by a convoy
-  const trackRows = [
+  const rows = [
     ...query(
       sql,
       /* sql */ `
@@ -694,24 +687,8 @@ export function getConvoyForBead(sql: SqlStorage, beadId: string): string | null
       [beadId]
     ),
   ];
-  if (trackRows.length > 0) {
-    return z.object({ depends_on_bead_id: z.string() }).parse(trackRows[0]).depends_on_bead_id;
-  }
-
-  // Case 2: bead is itself a convoy (has convoy_metadata)
-  const metaRows = [
-    ...query(
-      sql,
-      /* sql */ `
-        SELECT 1 FROM ${convoy_metadata}
-        WHERE ${convoy_metadata.bead_id} = ?
-      `,
-      [beadId]
-    ),
-  ];
-  if (metaRows.length > 0) return beadId;
-
-  return null;
+  if (rows.length === 0) return null;
+  return z.object({ depends_on_bead_id: z.string() }).parse(rows[0]).depends_on_bead_id;
 }
 
 /**

cloudflare-gastown/src/dos/town/container-dispatch.ts

@@ -240,6 +240,8 @@ export async function startAgentInContainer(
     platformIntegrationId?: string;
     /** For convoy beads: the convoy's feature branch to branch from instead of defaultBranch. */
     convoyFeatureBranch?: string;
+    /** Skip repo clone — use a lightweight workspace (for reasoning-only agents like triage). */
+    lightweight?: boolean;
     /** All rigs in the town (mayor only) — used to set up browse worktrees on fresh containers. */
     rigs?: Array<{
       rigId: string;
@@ -346,6 +348,7 @@ export async function startAgentInContainer(
         // For convoy agents, start from the convoy's feature branch so the
         // worktree includes all previously merged convoy work.
         startPoint: params.convoyFeatureBranch ? `origin/${params.convoyFeatureBranch}` : undefined,
+        lightweight: params.lightweight,
         rigs: params.rigs,
       }),
     });

cloudflare-gastown/src/dos/town/review-queue.ts

@@ -277,13 +277,10 @@ export function completeReviewWithResult(
     const mergeTimestamp = now();
     closeBead(sql, entry.bead_id, entry.agent_id);
 
-    // Explicitly trigger convoy progress for the source bead after the MR closes.
-    // closeBead → updateBeadStatus → updateConvoyProgress, but only if the source
-    // bead's status actually changes. If the polecat already closed the source bead
-    // before submitting to the review queue, the guard in updateBeadStatus short-
-    // circuits and updateConvoyProgress is never called. Calling it here directly
-    // ensures the convoy recounts after the MR bead is now closed (not in-flight),
-    // so the source bead passes the NOT EXISTS guard and counts toward closedCount.
+    // closeBead → updateBeadStatus short-circuits when completeReview already
+    // set the status to 'closed' via direct SQL, so updateConvoyProgress is
+    // never reached transitively. Call it explicitly to ensure the convoy
+    // recounts after the MR bead is closed.
     updateConvoyProgress(sql, entry.bead_id, mergeTimestamp);
 
     // If this was a convoy landing MR, also set landed_at on the convoy metadata

cloudflare-gastown/src/trpc/init.ts

@@ -36,3 +36,15 @@ export const gastownProcedure = procedure.use(async ({ ctx, next }) => {
   }
   return next({ ctx });
 });
+
+/**
+ * Admin-only procedure — requires `isAdmin` on the JWT. Used for admin
+ * panel endpoints that bypass per-user ownership checks (e.g. town-wide
+ * bead/agent listing for support diagnostics).
+ */
+export const adminProcedure = procedure.use(async ({ ctx, next }) => {
+  if (!ctx.isAdmin) {
+    throw new TRPCError({ code: 'FORBIDDEN', message: 'Admin access required' });
+  }
+  return next({ ctx });
+});

cloudflare-gastown/src/trpc/router.ts

@@ -8,7 +8,7 @@
 /* eslint-disable @typescript-eslint/await-thenable -- DO RPC stubs return Rpc.Promisified which is thenable at runtime */
 import { TRPCError } from '@trpc/server';
 import { z } from 'zod';
-import { router, gastownProcedure } from './init';
+import { router, gastownProcedure, adminProcedure } from './init';
 import { getTownDOStub } from '../dos/Town.do';
 import { getTownContainerStub } from '../dos/TownContainer.do';
 import { getGastownUserStub } from '../dos/GastownUser.do';
@@ -598,6 +598,104 @@ export const gastownRouter = router({
       const status = await townStub.getConvoyStatus(input.convoyId);
       return status ?? { ...convoy, beads: [] };
     }),
+
+  // ── Admin-only routes (bypass ownership checks) ──────────────────────
+
+  adminListBeads: adminProcedure
+    .input(
+      z.object({
+        townId: z.string().uuid(),
+        status: z.enum(['open', 'in_progress', 'closed', 'failed']).optional(),
+        type: z
+          .enum(['issue', 'message', 'escalation', 'merge_request', 'convoy', 'molecule', 'agent'])
+          .optional(),
+        limit: z.number().int().positive().max(500).default(200),
+      })
+    )
+    .output(z.array(RpcBeadOutput))
+    .query(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      return townStub.listBeads({
+        status: input.status,
+        type: input.type,
+        limit: input.limit,
+      });
+    }),
+
+  adminListAgents: adminProcedure
+    .input(z.object({ townId: z.string().uuid() }))
+    .output(z.array(RpcAgentOutput))
+    .query(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      return townStub.listAgents({});
+    }),
+
+  adminForceRestartContainer: adminProcedure
+    .input(z.object({ townId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const containerStub = getTownContainerStub(ctx.env, input.townId);
+      await containerStub.destroy();
+    }),
+
+  adminForceResetAgent: adminProcedure
+    .input(z.object({ townId: z.string().uuid(), agentId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      await townStub.unhookBead(input.agentId);
+      await townStub.updateAgentStatus(input.agentId, 'idle');
+    }),
+
+  adminForceCloseBead: adminProcedure
+    .input(z.object({ townId: z.string().uuid(), beadId: z.string().uuid() }))
+    .output(RpcBeadOutput)
+    .mutation(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      return townStub.closeBead(input.beadId, 'admin');
+    }),
+
+  adminForceFailBead: adminProcedure
+    .input(z.object({ townId: z.string().uuid(), beadId: z.string().uuid() }))
+    .output(RpcBeadOutput)
+    .mutation(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      return townStub.updateBeadStatus(input.beadId, 'failed', 'admin');
+    }),
+
+  adminGetAlarmStatus: adminProcedure
+    .input(z.object({ townId: z.string().uuid() }))
+    .output(RpcAlarmStatusOutput)
+    .query(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      await townStub.setTownId(input.townId);
+      return townStub.getAlarmStatus();
+    }),
+
+  adminGetTownEvents: adminProcedure
+    .input(
+      z.object({
+        townId: z.string().uuid(),
+        beadId: z.string().uuid().optional(),
+        since: z.string().optional(),
+        limit: z.number().int().positive().max(500).default(100),
+      })
+    )
+    .output(z.array(RpcBeadEventOutput))
+    .query(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      return townStub.listBeadEvents({
+        beadId: input.beadId,
+        since: input.since,
+        limit: input.limit,
+      });
+    }),
+
+  adminGetBead: adminProcedure
+    .input(z.object({ townId: z.string().uuid(), beadId: z.string().uuid() }))
+    .output(RpcBeadOutput.nullable())
+    .query(async ({ ctx, input }) => {
+      const townStub = getTownDOStub(ctx.env, input.townId);
+      return townStub.getBeadAsync(input.beadId);
+    }),
 });
 
 export type GastownRouter = typeof gastownRouter;

kiloclaw/src/schemas/instance-config.ts

@@ -43,6 +43,9 @@ export const InstanceConfigSchema = z.object({
   kilocodeApiKey: z.string().nullable().optional(),
   kilocodeApiKeyExpiresAt: z.string().nullable().optional(),
   kilocodeDefaultModel: z.string().nullable().optional(),
+  // TODO: Legacy hardcoded channel storage. Kept for backward compat with
+  // existing DO state and the decryptChannelTokens/buildEnvVars startup path.
+  // Migrate to read from encryptedSecrets via catalog, then remove.
   channels: z
     .object({
       telegramBotToken: EncryptedEnvelopeSchema.optional(),
@@ -66,6 +69,8 @@ export type InstanceConfig = z.infer<typeof InstanceConfigSchema>;
 export type EncryptedEnvelope = z.infer<typeof EncryptedEnvelopeSchema>;
 export type EncryptedChannelTokens = NonNullable<InstanceConfig['channels']>;
 
+// TODO: Legacy — no UI callers remain. Remove alongside patchChannels tRPC
+// mutation and PATCH /api/platform/channels worker route.
 export const ChannelsPatchSchema = z.object({
   userId: z.string().min(1),
   channels: z.object({