Agent control plane Structured SSH · Git receipts · Human inspection
← All updates
Releases 0.1.50–0.1.57 June 13, 2026

Deleting safely in an agent-run platform

How dry runs, structured plans, user-commit protection, and repo deletion cascade make destructive operations inspectable.

Destructive operations are where an agent-friendly platform needs the most restraint. Mechanics moved deletion workflows toward plans, dry runs, explicit force flags, and deterministic ordering.

Delete commands started showing plans

0.1.50 added --dry-run to app, app-instance, and route deletion flows. Dry runs show which GitOps files would be removed, who last modified them, which live resources are involved, and whether --force would be required. The same release added app wait --gone, so users can observe cleanup after the deletion starts.

This builds on the user-commit protection added earlier: if a human last edited a file, Mechanics refuses to overwrite or delete it unless the caller makes the override explicit with --force.

Cross-system mutations became reviewed plans

0.1.56 generalized the pattern. App, route, addon, domain, and admin user removal paths moved behind structured plans and results. Domain removal gained dry-run support, and domain remove --detach preflights every route repoint before the first mutation, avoiding half-detached custom domains.

Addon deletion is intentionally stricter: it always requires --force, even when the GitOps write is otherwise safe, because the user is confirming data destruction. Dry-run output names the files, ownership, and destructive effect before anything changes.

Repo deletion became a cascade

0.1.57 added repo -r <name> delete for source-repository teardown. The command can run as a dry run, discovers apps using the repo image, deletes Mechanics-managed routes before apps, optionally removes exact-match container package versions with --packages, and deletes the Forgejo repository last.

The exclusions are just as important as the deletion list. Addons are not deleted by repo teardown because they can hold data and may outlive one source repository. Custom domain claims are not released either; route cleanup removes Gateway listeners, but domain ownership remains explicit until domain remove.

Destructive commands should be boring: preview the plan, require force for dangerous intent, then mutate in a known order.