[ORCH-008] Kill Authority Implementation #114

New Issue

Closed

opened 2026-01-30 03:04:49 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-01-30 03:04:49 +00:00

Owner

Copy Link

Safety Critical: Kill Authority

Mosaic Stack MUST retain the ability to terminate any Orchestrator service (`apps/orchestrator/`) operation.

If the Orchestrator swarm goes rogue, Mosaic Stack can terminate everything.

Endpoints

Endpoint	Purpose	Auth
POST /api/orchestrator/tasks/:id/kill	Kill single task	Workspace member
POST /api/orchestrator/workspaces/:id/kill-all	Kill all tasks in workspace	Workspace admin
POST /api/orchestrator/emergency-stop	Global emergency stop	Super admin
DELETE /api/orchestrator/backends/:id	Revoke backend entirely	Super admin

Requirements

Hard Termination

• No graceful shutdown — immediate kill signal
• Orchestrator must honor kill within seconds
• Timeout + force if Orchestrator unresponsive

Audit Trail

All kill operations logged with:

[ ] Who initiated the kill
[ ] What was terminated (task IDs, session IDs)
[ ] Why (required reason field)
[ ] Timestamp
[ ] Task state at termination

UI Controls

[ ] Kill button per task (confirmation required)
[ ] Kill All button in workspace admin panel
[ ] Emergency Stop in super admin panel
[ ] Visual indicator for killed tasks

RBAC

• Workspace members can kill their own tasks
• Workspace admins can kill any task in workspace
• Super admin can emergency stop everything

Deliverables

[ ] Kill endpoint implementations
[ ] RBAC enforcement
[ ] Audit logging
[ ] UI integration (see #101)
[ ] Orchestrator kill signal implementation (see #102)

Dependencies

• #99 Task Dispatcher Service
• #102 Gateway Integration

Related

• #95 Agent Orchestration EPIC
• #101 Task Progress UI
• ORCH-117 (Killswitch implementation in Orchestrator)

## Safety Critical: Kill Authority **Mosaic Stack MUST retain the ability to terminate any Orchestrator service (\`apps/orchestrator/\`) operation.** If the Orchestrator swarm goes rogue, Mosaic Stack can terminate everything. ## Endpoints | Endpoint | Purpose | Auth | |----------|---------|------| | POST /api/orchestrator/tasks/:id/kill | Kill single task | Workspace member | | POST /api/orchestrator/workspaces/:id/kill-all | Kill all tasks in workspace | Workspace admin | | POST /api/orchestrator/emergency-stop | Global emergency stop | Super admin | | DELETE /api/orchestrator/backends/:id | Revoke backend entirely | Super admin | ## Requirements ### Hard Termination • No graceful shutdown — immediate kill signal • Orchestrator must honor kill within seconds • Timeout + force if Orchestrator unresponsive ### Audit Trail All kill operations logged with: [ ] Who initiated the kill [ ] What was terminated (task IDs, session IDs) [ ] Why (required reason field) [ ] Timestamp [ ] Task state at termination ### UI Controls [ ] Kill button per task (confirmation required) [ ] Kill All button in workspace admin panel [ ] Emergency Stop in super admin panel [ ] Visual indicator for killed tasks ### RBAC • Workspace members can kill their own tasks • Workspace admins can kill any task in workspace • Super admin can emergency stop everything ## Deliverables [ ] Kill endpoint implementations [ ] RBAC enforcement [ ] Audit logging [ ] UI integration (see #101) [ ] Orchestrator kill signal implementation (see #102) ## Dependencies • #99 Task Dispatcher Service • #102 Gateway Integration ## Related • #95 Agent Orchestration EPIC • #101 Task Progress UI • ORCH-117 (Killswitch implementation in Orchestrator)

jason.woltje added this to the M6-AgentOrchestration (0.0.6) milestone 2026-01-30 03:05:00 +00:00

jason.woltje referenced this issue 2026-01-30 03:05:31 +00:00

[ORCH-002] Task CRUD API #97

jason.woltje referenced this issue 2026-01-30 03:05:31 +00:00

[ORCH-004] Task Dispatcher Service #99

jason.woltje referenced this issue 2026-01-30 03:05:31 +00:00

[ORCH-005] ClawdBot Failure Handling #100

jason.woltje referenced this issue 2026-01-30 03:05:32 +00:00

[ORCH-006] Task Progress UI #101

jason.woltje referenced this issue 2026-02-02 18:58:34 +00:00

[ORCH-117] Killswitch implementation #218

jason.woltje referenced this issue from a commit 2026-02-02 19:00:53 +00:00

feat(M6): Set up orchestrator service foundation

jason.woltje closed this issue 2026-02-05 18:35:06 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

v0.0.21

v0.20.0

v0.0.15

v0.0.2

Labels

Clear labels

ai

AI/LLM integration

api

Backend/API work

api

auth

Authentication

database

database

Database/schema work

devops

Docker/deployment

docs

Documentation

frontend

graph

knowledge-module

migration

Data migration

orchestrator

Orchestrator service (apps/orchestrator/)

p0

Critical priority

p1

High priority

p2

Medium priority

p3

Low priority

performance

Performance work

phase-1

phase-2

phase-3

phase-4

phase-5

plugin

MoltBot plugin work

search

security

Security-related

setup

Initial setup

testing

Testing/QA

web

Frontend work

No Label

Milestone

No items

No Milestone M6-AgentOrchestration (0.0.6)

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#114