(kiloclaw-admin): Add Destroy Machine functionality to the KiloClaw admin dash (#1550)

## Summary

Adds a "Destroy Machine" button to the KiloClaw admin instance detail
page that directly calls the Fly Machines API to force-destroy a machine
— equivalent to `fly machine destroy <id> -a <app> --force`.

**Why this exists:** The normal instance destroy flow goes through the
DO's teardown pipeline (machine → volume → cleanup). This button is an
admin escape hatch for when you need to delete the Fly machine directly
without triggering the full teardown.

**What it does NOT do:** This does not tear down the KiloClaw instance,
delete the Fly volume, or mark the instance as destroyed in the
database. Only the Fly machine is destroyed.

### Implementation

- **Platform route** (`POST /api/platform/destroy-fly-machine`): Calls
`DELETE /v1/apps/{app}/machines/{id}?force=true` on the Fly Machines API
using the worker's `FLY_API_TOKEN`. After a successful destroy, triggers
`forceRetryRecovery` on the DO to schedule an immediate reconcile alarm
— the DO will discover the machine is destroyed and clear its
`flyMachineId` state.
- **tRPC mutation** (`destroyFlyMachine`): Admin-only mutation that
proxies to the platform route and writes an audit log
(`kiloclaw.machine.destroy_fly`).
- **UI**: Orange "Destroy Machine" button in Machine Controls with a
confirmation dialog showing the machine ID and app name. After success,
the button shows a green "Machine Destroyed" state and is disabled. An
error toast is shown if `flyAppName` is missing from the DO state.
- **Observability**: `writeEvent` calls for success/failure (visible in
the DO & Reconcile Events table on the admin page), plus
`createKiloClawAdminAuditLog` for the audit trail.

### Reconciler fix: handle `"destroyed"` Fly state

`syncStatusWithFly` previously had no branch for the `"destroyed"` Fly
machine state. When a machine is force-destroyed via the Fly API, Fly
returns the machine with `state: "destroyed"` before it eventually
starts returning 404. Without this fix, the reconciler would no-op on
the `"destroyed"` state, leaving the stale `flyMachineId` in DO storage
until a later alarm cycle when Fly finally returns 404 and
`handleMachineGone` fires. The new `"destroyed"` branch mirrors
`handleMachineGone` — clears `flyMachineId`, sets status to `"stopped"`,
and persists immediately.

### New audit action

`kiloclaw.machine.destroy_fly` added to `KiloClawAdminAuditAction` enum.

## Verification

- [x] TypeScript compiles cleanly (`npx tsc --noEmit`)
- [x] Tested locally: destroy succeeds, Fly machine removed, DO
reconciles after alarm fires
- [x] 4 rounds of adversarial code review (code reviewer, silent failure
hunter, security auditor) with verification agents — converged to zero
new actionable findings
- [x] E2E manual testing

## Loom — Kilo team only
https://www.loom.com/share/7e898ec288da4e9a83d2554780622dd9

## Reviewer Notes

- The `forceRetryRecovery` call after destroy is fire-and-forget (caught
and warned). If it fails, the DO will still reconcile on its next
regular alarm. The response returns `ok: true` regardless — this was a
deliberate scoping decision to avoid threading a `reconcileTriggered`
flag through three layers.
- Until the reconcile task following machine destruction finishes
(should be fairly quick in the deployed env), the DO will log errors as
it has lost connection with the controller. The noise should be
relatively minimal and, as the reconcile alarm is set to _now_, it
should be resolved quickly.
- `isFlyMachineDestroyed` comes from `useMutation`'s `isSuccess` which
resets on component re-mount. A second click after re-mount would get a
Fly 404 error toast — not harmful, just redundant.

Author: evanjacobson

kiloclaw/src/durable-objects/kiloclaw-instance.test.ts

@@ -5122,6 +5122,40 @@ describe("syncStatusWithFly: backfill lastStartedAt on 'starting' → 'running'"
   });
 });
 
+describe("syncStatusWithFly: 'destroyed' Fly state clears flyMachineId", () => {
+  it("clears flyMachineId and sets status to 'stopped' when Fly reports destroyed", async () => {
+    const { instance, storage } = createInstance();
+    await seedRunning(storage);
+
+    (flyClient.getMachine as Mock).mockResolvedValue({
+      state: 'destroyed',
+      config: { mounts: [] },
+    });
+
+    await instance.alarm();
+
+    expect(storage._store.get('flyMachineId')).toBeNull();
+    expect(storage._store.get('status')).toBe('stopped');
+    expect(storage._store.get('lastStoppedAt')).toBeGreaterThan(0);
+    expect(storage._store.get('healthCheckFailCount')).toBe(0);
+  });
+
+  it("clears flyMachineId from 'stopped' status when Fly reports destroyed", async () => {
+    const { instance, storage } = createInstance();
+    await seedRunning(storage, { status: 'stopped', lastStoppedAt: Date.now() - 60_000 });
+
+    (flyClient.getMachine as Mock).mockResolvedValue({
+      state: 'destroyed',
+      config: { mounts: [] },
+    });
+
+    await instance.alarm();
+
+    expect(storage._store.get('flyMachineId')).toBeNull();
+    expect(storage._store.get('status')).toBe('stopped');
+  });
+});
+
 describe('reconcileStarting: transient Fly API errors respect starting timeout', () => {
   it("stays 'starting' on transient error when NOT timed out", async () => {
     const { instance, storage } = createInstance();

kiloclaw/src/durable-objects/kiloclaw-instance/reconcile.ts

@@ -777,6 +777,30 @@ export async function syncStatusWithFly(
     return;
   }
 
+  // destroyed means the Fly machine is gone — clear the stale ID immediately
+  // so the DO doesn't keep referencing a dead machine.
+  if (flyState === 'destroyed') {
+    rctx.log('sync_status_destroyed', {
+      old_state: state.status,
+      new_state: 'stopped',
+      fly_state: flyState,
+      machine_id: state.flyMachineId,
+    });
+    state.flyMachineId = null;
+    state.status = 'stopped';
+    state.lastStoppedAt = Date.now();
+    state.healthCheckFailCount = 0;
+    await ctx.storage.put(
+      storageUpdate({
+        flyMachineId: null,
+        status: 'stopped',
+        lastStoppedAt: state.lastStoppedAt,
+        healthCheckFailCount: 0,
+      })
+    );
+    return;
+  }
+
   // failed is definitively terminal — transition immediately without waiting for
   // SELF_HEAL_THRESHOLD consecutive checks like we do for stopped/created.
   if (flyState === 'failed' && state.status !== 'stopped') {

kiloclaw/src/routes/platform-destroy-fly-machine.test.ts

@@ -0,0 +1,221 @@
+import { describe, expect, it, vi, beforeEach, afterEach } from 'vitest';
+import { platform } from './platform';
+
+vi.mock('cloudflare:workers', () => ({
+  DurableObject: class {},
+  waitUntil: (p: Promise<unknown>) => p,
+}));
+
+const testUserId = 'user-1';
+const testAppName = 'acct-abc123';
+const testMachineId = 'd890abc123';
+
+function makeEnv(overrides: Record<string, unknown> = {}) {
+  const forceRetryRecovery = vi.fn().mockResolvedValue(undefined);
+  return {
+    env: {
+      FLY_API_TOKEN: 'fly-test-token',
+      KILOCLAW_INSTANCE: {
+        idFromName: (id: string) => id,
+        get: () => ({ forceRetryRecovery }),
+      },
+      KILOCLAW_AE: { writeDataPoint: vi.fn() },
+      KV_CLAW_CACHE: {
+        get: vi.fn().mockResolvedValue(null),
+        put: vi.fn().mockResolvedValue(undefined),
+        delete: vi.fn().mockResolvedValue(undefined),
+        list: vi.fn().mockResolvedValue({ keys: [], list_complete: true }),
+        getWithMetadata: vi.fn().mockResolvedValue({ value: null, metadata: null }),
+      },
+      ...overrides,
+    } as never,
+    forceRetryRecovery,
+  };
+}
+
+async function jsonBody(res: Response): Promise<Record<string, unknown>> {
+  return res.json();
+}
+
+function postJson(path: string, body: Record<string, unknown>) {
+  return {
+    path,
+    init: {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify(body),
+    },
+  };
+}
+
+describe('POST /destroy-fly-machine', () => {
+  let fetchSpy: ReturnType<typeof vi.fn<() => Promise<Response>>>;
+
+  beforeEach(() => {
+    fetchSpy = vi
+      .spyOn(globalThis, 'fetch')
+      .mockResolvedValue(new Response(null, { status: 200 })) as ReturnType<
+      typeof vi.fn<() => Promise<Response>>
+    >;
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it('returns 200 and calls Fly API DELETE with force=true', async () => {
+    const { env } = makeEnv();
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: testAppName,
+      machineId: testMachineId,
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(200);
+    const json = await jsonBody(resp);
+    expect(json).toEqual({ ok: true });
+
+    expect(fetchSpy).toHaveBeenCalledWith(
+      `https://api.machines.dev/v1/apps/${testAppName}/machines/${testMachineId}?force=true`,
+      {
+        method: 'DELETE',
+        headers: { Authorization: 'Bearer fly-test-token' },
+      }
+    );
+  });
+
+  it('returns 400 for appName containing URI-special characters, proving the schema is the guard against URL injection', async () => {
+    // encodeURIComponent is not needed on the URL construction because the Zod schema
+    // never admits any character that would be percent-encoded. This test proves that
+    // boundary: a value containing a URI-special character (space, %, +) is rejected
+    // at the schema layer and never reaches the Fly API call.
+    const { env } = makeEnv();
+    for (const badAppName of ['acct abc', 'acct%20abc', 'acct+abc', 'ACCT-ABC']) {
+      const { path, init } = postJson('/destroy-fly-machine', {
+        userId: testUserId,
+        appName: badAppName,
+        machineId: testMachineId,
+      });
+      const resp = await platform.request(path, init, env);
+      expect(resp.status).toBe(400);
+    }
+    // None of the bad inputs reached the Fly API
+    expect(fetchSpy).not.toHaveBeenCalled();
+  });
+
+  it('returns 400 for machineId containing URI-special characters, proving the schema is the guard against URL injection', async () => {
+    const { env } = makeEnv();
+    for (const badMachineId of ['d890 abc', 'd890%abc', 'd890+abc', 'D890ABC']) {
+      const { path, init } = postJson('/destroy-fly-machine', {
+        userId: testUserId,
+        appName: testAppName,
+        machineId: badMachineId,
+      });
+      const resp = await platform.request(path, init, env);
+      expect(resp.status).toBe(400);
+    }
+    expect(fetchSpy).not.toHaveBeenCalled();
+  });
+
+  it('triggers forceRetryRecovery after successful destroy', async () => {
+    const { env, forceRetryRecovery } = makeEnv();
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: testAppName,
+      machineId: testMachineId,
+    });
+    await platform.request(path, init, env);
+
+    expect(forceRetryRecovery).toHaveBeenCalled();
+  });
+
+  it('returns 503 when FLY_API_TOKEN is not configured', async () => {
+    const { env } = makeEnv({ FLY_API_TOKEN: undefined });
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: testAppName,
+      machineId: testMachineId,
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(503);
+    const json = await jsonBody(resp);
+    expect(json.error).toContain('FLY_API_TOKEN');
+  });
+
+  it('wraps Fly API error status and body in error message', async () => {
+    fetchSpy.mockResolvedValueOnce(new Response('machine not found', { status: 404 }));
+    const { env } = makeEnv();
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: testAppName,
+      machineId: testMachineId,
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(404);
+    const json = await jsonBody(resp);
+    // Implementation wraps the Fly response body: "Fly API error (${status}): ${body}"
+    expect(json.error).toBe('Fly API error (404): machine not found');
+  });
+
+  it('returns 400 for invalid appName format', async () => {
+    const { env } = makeEnv();
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: 'INVALID',
+      machineId: testMachineId,
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(400);
+    expect(fetchSpy).not.toHaveBeenCalled();
+  });
+
+  it('returns 400 for invalid machineId format', async () => {
+    const { env } = makeEnv();
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: testAppName,
+      machineId: 'BAD-ID!',
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(400);
+    expect(fetchSpy).not.toHaveBeenCalled();
+  });
+
+  it('returns 400 for missing userId', async () => {
+    const { env } = makeEnv();
+    const { path, init } = postJson('/destroy-fly-machine', {
+      appName: testAppName,
+      machineId: testMachineId,
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(400);
+    expect(fetchSpy).not.toHaveBeenCalled();
+  });
+
+  it('still returns ok when forceRetryRecovery fails', async () => {
+    const forceRetryRecovery = vi.fn().mockRejectedValue(new Error('DO unavailable'));
+    const { env } = makeEnv({
+      KILOCLAW_INSTANCE: {
+        idFromName: (id: string) => id,
+        get: () => ({ forceRetryRecovery }),
+      },
+    });
+    const { path, init } = postJson('/destroy-fly-machine', {
+      userId: testUserId,
+      appName: testAppName,
+      machineId: testMachineId,
+    });
+    const resp = await platform.request(path, init, env);
+
+    expect(resp.status).toBe(200);
+    const json = await jsonBody(resp);
+    expect(json).toEqual({ ok: true });
+    expect(forceRetryRecovery).toHaveBeenCalled();
+  });
+});

kiloclaw/src/routes/platform.ts

@@ -1378,4 +1378,70 @@ platform.put('/regions', async c => {
   return c.json({ ok: true, regions: result.data.regions, raw });
 });
 
+// POST /api/platform/destroy-fly-machine
+// This is for admin cleanup only.
+// It directly destroys a Fly machine via the Machines API (force=true).
+// It does not destroy the Fly app or volume.
+const DestroyFlyMachineSchema = z.object({
+  userId: z.string().min(1),
+  appName: z
+    .string()
+    .min(1)
+    .max(63)
+    .regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, 'Invalid Fly app name'),
+  machineId: z
+    .string()
+    .min(1)
+    .regex(/^[a-z0-9]+$/, 'Invalid Fly machine ID'),
+});
+
+platform.post('/destroy-fly-machine', async c => {
+  const result = await parseBody(c, DestroyFlyMachineSchema);
+  if ('error' in result) return result.error;
+
+  const { userId, appName, machineId } = result.data;
+  const apiToken = c.env.FLY_API_TOKEN;
+  if (!apiToken) {
+    return c.json({ error: 'FLY_API_TOKEN is not configured' }, 503);
+  }
+
+  const url = `https://api.machines.dev/v1/apps/${appName}/machines/${machineId}?force=true`;
+  try {
+    const resp = await fetch(url, {
+      method: 'DELETE',
+      headers: { Authorization: `Bearer ${apiToken}` },
+    });
+
+    if (!resp.ok) {
+      const body = await resp.text();
+      console.error(
+        `[platform] destroy-fly-machine failed (${resp.status}) app=${appName} machine=${machineId}:`,
+        body
+      );
+      return jsonError(`Fly API error (${resp.status}): ${body}`, resp.status);
+    }
+
+    console.log(`[platform] destroy-fly-machine ok: app=${appName} machine=${machineId}`);
+
+    // Trigger immediate reconcile so the DO discovers the machine is gone.
+    try {
+      await withDORetry(
+        instanceStubFactory(c.env, userId),
+        stub => stub.forceRetryRecovery(),
+        'forceRetryRecovery'
+      );
+    } catch (err) {
+      console.warn(
+        `[platform] destroy-fly-machine: forceRetryRecovery failed for user=${userId}:`,
+        err
+      );
+    }
+
+    return c.json({ ok: true });
+  } catch (err) {
+    const { message, status } = sanitizeError(err, 'destroy-fly-machine');
+    return jsonError(message, status);
+  }
+});
+
 export { platform };

packages/db/src/schema-types.ts

@@ -162,6 +162,7 @@ export const KiloClawAdminAuditAction = z.enum([
   'kiloclaw.gateway.restart',
   'kiloclaw.config.restore',
   'kiloclaw.doctor.run',
+  'kiloclaw.machine.destroy_fly',
 ]);
 
 export type KiloClawAdminAuditAction = z.infer<typeof KiloClawAdminAuditAction>;