fix(gastown): restrict container restart/destroy to org owners, skip triage-request beads in Rule 1b

- forceRestartContainer and destroyContainer now check org owner/creator
  role before allowing the operation, matching updateTownConfig's auth
- reconciler Rule 1b skips gt:triage-request beads whose assignee is
  intentionally set without a hook (patrol routes them to specific agents)

Author: jrf0110

cloudflare-gastown/src/dos/town/reconciler.ts

@@ -648,6 +648,13 @@ export function reconcileBeads(sql: SqlStorage, opts?: { draining?: boolean }):
     // are handled by other subsystems and don't need dispatch.
     if (bead.assignee_agent_bead_id === 'system') continue;
 
+    // Skip triage-request beads — patrol.createTriageRequest() sets
+    // assignee_agent_bead_id to route the request to a specific agent,
+    // but hookBead() intentionally refuses to hook triage-request beads.
+    // Without this skip, the reconciler would clear the assignee on
+    // every tick because the hook will never exist.
+    if (bead.labels.includes('gt:triage-request')) continue;
+
     actions.push({
       type: 'clear_bead_assignee',
       bead_id: bead.bead_id,

cloudflare-gastown/src/trpc/router.ts

@@ -1071,6 +1071,19 @@ export const gastownRouter = router({
           message: 'Admins cannot restart containers for towns they do not own',
         });
       }
+      if (ownership.type === 'org') {
+        const townStub = getTownDOStub(ctx.env, input.townId);
+        const config = await townStub.getTownConfig();
+        const membership = getOrgMembership(ctx.orgMemberships, ownership.orgId);
+        const isOrgOwner = membership?.role === 'owner';
+        const isTownCreator = ctx.userId === config.created_by_user_id;
+        if (!isOrgOwner && !isTownCreator) {
+          throw new TRPCError({
+            code: 'FORBIDDEN',
+            message: 'Only town creators and org owners can restart containers',
+          });
+        }
+      }
       // stop() sends SIGTERM so the container's drain handler can run
       // drainAll() — nudging agents to commit/push WIP before exiting.
       const containerStub = getTownContainerStub(ctx.env, input.townId);
@@ -1087,6 +1100,19 @@ export const gastownRouter = router({
           message: 'Admins cannot destroy containers for towns they do not own',
         });
       }
+      if (ownership.type === 'org') {
+        const townStub = getTownDOStub(ctx.env, input.townId);
+        const config = await townStub.getTownConfig();
+        const membership = getOrgMembership(ctx.orgMemberships, ownership.orgId);
+        const isOrgOwner = membership?.role === 'owner';
+        const isTownCreator = ctx.userId === config.created_by_user_id;
+        if (!isOrgOwner && !isTownCreator) {
+          throw new TRPCError({
+            code: 'FORBIDDEN',
+            message: 'Only town creators and org owners can destroy containers',
+          });
+        }
+      }
       // destroy() sends SIGKILL — the container dies immediately with
       // no graceful drain. Use when the container is stuck or unresponsive.
       const containerStub = getTownContainerStub(ctx.env, input.townId);