Bug
The gastown worker exposes a debug dashboard at the worker root that was never intended to be public:
GET / — Renders a full HTML debug dashboard (dashboard.ui.ts, 1342 lines) showing town state, agent metadata, and bead information. This is the first thing anyone sees when they hit the worker URL.
Note: The /debug/towns/:townId/status endpoint is fine — it is protected by Cloudflare Access. The root route is the issue.
Fix
- Delete
GET / route at gastown.worker.ts:191. Replace with a simple JSON response ({ "service": "gastown", "status": "ok" }) or a redirect to the Kilo app.
- Delete
src/ui/dashboard.ui.ts (1342 lines of inline HTML/CSS/JS).
- Remove the
dashboardHtml import from gastown.worker.ts.
Files
src/gastown.worker.ts — line 191src/ui/dashboard.ui.ts — entire file (1342 lines)
Impact
Low security risk (Cloudflare Access protects the worker), but unprofessional — the debug dashboard is the landing page of the production worker.
Bug
The gastown worker exposes a debug dashboard at the worker root that was never intended to be public:
GET /— Renders a full HTML debug dashboard (dashboard.ui.ts, 1342 lines) showing town state, agent metadata, and bead information. This is the first thing anyone sees when they hit the worker URL.Note: The
/debug/towns/:townId/statusendpoint is fine — it is protected by Cloudflare Access. The root route is the issue.Fix
GET /route atgastown.worker.ts:191. Replace with a simple JSON response ({ "service": "gastown", "status": "ok" }) or a redirect to the Kilo app.src/ui/dashboard.ui.ts(1342 lines of inline HTML/CSS/JS).dashboardHtmlimport fromgastown.worker.ts.Files
src/gastown.worker.ts— line 191src/ui/dashboard.ui.ts— entire file (1342 lines)Impact
Low security risk (Cloudflare Access protects the worker), but unprofessional — the debug dashboard is the landing page of the production worker.