Kilo-Org · pandemicsyn · Feb 26, 2026 · Feb 25, 2026 · Feb 25, 2026 · Feb 26, 2026
diff --git a/kiloclaw/.dev.vars.example b/kiloclaw/.dev.vars.example
@@ -5,9 +5,9 @@
 NEXTAUTH_SECRET=dev-secret-change-me
 INTERNAL_API_SECRET=dev-internal-secret
 GATEWAY_TOKEN_SECRET=dev-gateway-secret-kiloclaw
-# Override WORKER_ENV to "development" for local dev.
-# Production default is set in wrangler.jsonc. This override disables JWT env
-# claim enforcement and uses "dev-" prefixed Fly app names.
+# Override WORKER_ENV to "development" for local development.
+# Production default is set in wrangler.jsonc. This selects the development
+# Fly app naming prefix ("dev-") for per-user app creation.
 WORKER_ENV=development
 
 # Optional: Override KiloCode base URL (dev)
@@ -54,6 +54,3 @@ OPENCLAW_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8795,http://claw
 # In wrangler dev, it connects to the remote Postgres via the Hyperdrive service.
 # To use a local Postgres instead, add "localConnectionString" to the hyperdrive
 # config in wrangler.jsonc (see https://developers.cloudflare.com/hyperdrive/configuration/local-development/).
-
-# Development
-DEV_MODE=true
diff --git a/kiloclaw/AGENTS.md b/kiloclaw/AGENTS.md
@@ -133,7 +133,6 @@ The alarm runs for ALL statuses (not just `running`). `destroying` short-circuit
 | `TELEGRAM_DM_POLICY`         | Telegram DM policy (passed through to machine)                                                                                                                          |
 | `DISCORD_DM_POLICY`          | Discord DM policy (passed through to machine)                                                                                                                           |
 | `OPENCLAW_ALLOWED_ORIGINS`   | Comma-separated origins for Control UI WebSocket (e.g., `http://localhost:3000,http://localhost:8795`). Production: `https://claw.kilo.ai,https://claw.kilosessions.ai` |
-| `DEV_MODE`                   | Enable dev mode features                                                                                                                                                |
 
 ### Fly.io Regions
 
@@ -245,7 +244,6 @@ User config is transported to the machine via environment variables set in the F
 | `KILOCODE_MODELS_JSON`     | User config (DO), JSON-serialized | Available model list                 |
 | `KILOCODE_API_BASE_URL`    | Worker env                        | API base URL override                |
 | `AUTO_APPROVE_DEVICES`     | Hardcoded `true`                  | Skip device pairing                  |
-| `OPENCLAW_DEV_MODE`        | Worker env (`DEV_MODE`)           | Dev mode features                    |
 | `TELEGRAM_DM_POLICY`       | Worker env                        | Telegram DM policy                   |
 | `DISCORD_DM_POLICY`        | Worker env                        | Discord DM policy                    |
 | `OPENCLAW_ALLOWED_ORIGINS` | Worker env                        | Control UI WebSocket allowed origins |

diff --git a/kiloclaw/DEVELOPMENT.md b/kiloclaw/DEVELOPMENT.md
@@ -129,7 +129,6 @@ user-provided encrypted secrets and channel tokens are silently skipped.
 
 | Variable     | Description                                                                                                                                                                               |
 | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `DEV_MODE`   | Set to `true` to skip JWT auth and enable `allowInsecureAuth` in the container. **Local dev only.**                                                                                       |
 | `WORKER_ENV` | Defaults to `"production"` in `wrangler.jsonc`. **Set to `"development"` in `.dev.vars` for local dev.** Controls JWT `env` claim matching and Fly app name prefixes (`dev-` vs `acct-`). |
 
 ### Optional
@@ -229,11 +228,7 @@ the WebSocket protocol (NOT as a URL parameter). See
 
 ## Local Dev Without Auth
 
-Set `DEV_MODE=true` in `.dev.vars`. This skips JWT validation and sets
-`OPENCLAW_DEV_MODE=true` in the container (bypasses device pairing).
-
-In dev mode the catch-all proxy returns 401 because no `userId` is derived
-(no JWT = no identity = no per-user sandbox). To test the full flow locally,
+To test the full flow locally without browser auth,
 use the platform API routes to provision and start an instance:
 
 ```bash

diff --git a/kiloclaw/src/auth/middleware.test.ts b/kiloclaw/src/auth/middleware.test.ts
@@ -77,14 +77,6 @@ describe('authMiddleware', () => {
     app = createTestApp();
   });
 
-  it('allows DEV_MODE bypass with synthetic userId', async () => {
-    const res = await app.request('/protected/whoami', {}, { DEV_MODE: 'true' } as never);
-    expect(res.status).toBe(200);
-    const body = await jsonBody(res);
-    expect(body.userId).toBe('dev@kilocode.ai');
-    expect(body.authToken).toBe('dev-token');
-  });
-
   it('rejects when no NEXTAUTH_SECRET is configured', async () => {
     const res = await app.request('/protected/whoami', {}, {} as never);
     expect(res.status).toBe(500);

diff --git a/kiloclaw/src/auth/middleware.ts b/kiloclaw/src/auth/middleware.ts
@@ -13,16 +13,8 @@ import { createDatabaseConnection, UserStore } from '../db';
  * 3. Verify HS256 with NEXTAUTH_SECRET; check version and env
  * 4. Validate apiTokenPepper against DB via Hyperdrive
  * 5. Set ctx.userId, ctx.authToken on context
- * 6. DEV_MODE bypass: synthetic userId 'dev@kilocode.ai'
  */
 export async function authMiddleware(c: Context<AppEnv>, next: Next) {
-  // DEV_MODE bypass
-  if (c.env.DEV_MODE === 'true') {
-    c.set('userId', 'dev@kilocode.ai');
-    c.set('authToken', 'dev-token');
-    return next();
-  }
-
   const secret = c.env.NEXTAUTH_SECRET;
   if (!secret) {
     console.error('[auth] NEXTAUTH_SECRET not configured');

diff --git a/kiloclaw/src/gateway/env.test.ts b/kiloclaw/src/gateway/env.test.ts
@@ -59,12 +59,6 @@ describe('buildEnvVars', () => {
     expect(result.env.AUTO_APPROVE_DEVICES).toBe('true');
   });
 
-  it('maps DEV_MODE to OPENCLAW_DEV_MODE in env bucket', async () => {
-    const env = createMockEnv({ DEV_MODE: 'true' });
-    const result = await buildEnvVars(env, SANDBOX_ID, SECRET);
-    expect(result.env.OPENCLAW_DEV_MODE).toBe('true');
-  });
-
   it('passes KILOCODE_API_BASE_URL override in env bucket', async () => {
     const env = createMockEnv({
       KILOCODE_API_BASE_URL: 'https://example.internal/openrouter/',
@@ -91,12 +85,11 @@ describe('buildEnvVars', () => {
   // ─── User config merging (Layers 2-4) ────────────────────────────────
 
   it('merges user plaintext env vars on top of platform defaults', async () => {
-    const env = createMockEnv({ DEV_MODE: 'true' });
+    const env = createMockEnv();
     const result = await buildEnvVars(env, SANDBOX_ID, SECRET, {
       envVars: { CUSTOM_VAR: 'custom-value', NODE_ENV: 'production' },
     });
 
-    expect(result.env.OPENCLAW_DEV_MODE).toBe('true');
     expect(result.env.CUSTOM_VAR).toBe('custom-value');
     expect(result.env.NODE_ENV).toBe('production');
   });

diff --git a/kiloclaw/src/gateway/env.ts b/kiloclaw/src/gateway/env.ts
@@ -70,7 +70,6 @@ export async function buildEnvVars(
   // Layer 1: Worker-level defaults (non-sensitive)
   const plainEnv: Record<string, string> = {};
 
-  if (env.DEV_MODE) plainEnv.OPENCLAW_DEV_MODE = env.DEV_MODE;
   if (env.KILOCODE_API_BASE_URL) plainEnv.KILOCODE_API_BASE_URL = env.KILOCODE_API_BASE_URL;
   plainEnv.KILOCODE_FEATURE = 'kilo-claw';
 

diff --git a/kiloclaw/src/index.ts b/kiloclaw/src/index.ts
@@ -75,12 +75,8 @@ function isPlatformRoute(c: Context<AppEnv>): boolean {
   return path === '/api/platform' || path.startsWith('/api/platform/');
 }
 
-/** Reject early if required secrets are missing (skip in dev mode). */
+/** Reject early if required secrets are missing. */
 async function requireEnvVars(c: Context<AppEnv>, next: Next) {
-  if (c.env.DEV_MODE === 'true') {
-    return next();
-  }
-
   // Platform routes need infra bindings but not AI provider keys
   if (isPlatformRoute(c)) {
     const missing: string[] = [];

diff --git a/kiloclaw/src/types.ts b/kiloclaw/src/types.ts
@@ -18,7 +18,6 @@ export type KiloClawEnv = {
 
   // KiloCode provider configuration
   KILOCODE_API_BASE_URL?: string;
-  DEV_MODE?: string;
   TELEGRAM_BOT_TOKEN?: string;
   TELEGRAM_DM_POLICY?: string;
   DISCORD_BOT_TOKEN?: string;

diff --git a/kiloclaw/start-openclaw.sh b/kiloclaw/start-openclaw.sh
@@ -169,11 +169,6 @@ if (process.env.OPENCLAW_GATEWAY_TOKEN) {
     config.gateway.auth.token = process.env.OPENCLAW_GATEWAY_TOKEN;
 }
 
-if (process.env.OPENCLAW_DEV_MODE === 'true') {
-    config.gateway.controlUi = config.gateway.controlUi || {};
-    config.gateway.controlUi.allowInsecureAuth = true;
-}
-
 // Allow Control UI connections from localhost without WebCrypto device identity.
 // This is a fallback for insecure HTTP contexts where SubtleCrypto is unavailable.
 // It does NOT bypass device pairing -- pairing is handled separately via the

diff --git a/kiloclaw/test/docker-image-testing.md b/kiloclaw/test/docker-image-testing.md
@@ -62,15 +62,6 @@ cd cloud/kiloclaw
 pnpm start
 ```
 
-**4. DEV_MODE consideration**
-
-- If `DEV_MODE=false` in `.dev.vars`, the worker requires real JWT auth from the
-  Cloud backend. Provision and access must go through the UI or use the platform
-  API with the internal API key.
-- If `DEV_MODE=true`, the worker sets userId to `dev@kilocode.ai` for all requests,
-  which won't match instances provisioned for real user IDs. Only use this for
-  quick smoke tests where auth doesn't matter.
-
 ### Verify services
 
 ```bash