fix(gastown): remove unauthenticated debug dashboard from worker root

[jrf0110]

Summary

• Delete the debug dashboard UI (src/ui/dashboard.ui.ts, 1342 lines of inline HTML/CSS/JS) that was exposed unauthenticated at the worker root (GET /)
• Replace with a simple JSON health response: { "service": "gastown", "status": "ok" }
• Remove the dashboardHtml import from gastown.worker.ts

The debug dashboard showed town state, agent metadata, and bead information as the landing page of the production worker. While Cloudflare Access protects the worker, having a debug UI as the public-facing root is unprofessional.

The /debug/towns/:townId/status endpoint is left intact per the issue — it is protected by Cloudflare Access.

Verification

• pnpm typecheck — pending (will run after PR creation)
• pnpm lint — pending (will run after PR creation)
• Verified no other files reference dashboard.ui.ts or dashboardHtml

Visual Changes

N/A

Reviewer Notes

Straightforward deletion. The only change to gastown.worker.ts is removing the import and replacing the GET / handler from c.html(dashboardHtml()) to c.json({ service: 'gastown', status: 'ok' }).

Closes #1429

[kilo-code-bot]

Code Review Summary

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	0
WARNING	1
SUGGESTION	0

Issue Details (click to expand)

No issues on diff lines.

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File	Line	Issue
cloudflare-gastown/test/integration/http-api.test.ts	49	The integration test still expects GET / to return HTML containing Gastown Dashboard, so this route change will fail the HTTP API suite once tests are run.

Fix these issues in Kilo Cloud

Files Reviewed (2 files)

• cloudflare-gastown/src/gastown.worker.ts - 0 issues on diff lines
• cloudflare-gastown/src/ui/dashboard.ui.ts - 0 issues

---

_{Reviewed by gpt-5.4-20260305 · 339,270 tokens}