fix(kiloclaw): escape admin override log reason

[kilo-code-bot]

Summary

• Replaces the admin size override set log reason encoding with an explicit JSON-string log formatter that escapes backslashes, quotes, and control characters.
• Resolves CodeQL alert 436 without changing persisted admin override metadata.

Verification

N/A (code-only log escaping change; no manual flow exercised).

Visual Changes

N/A

Reviewer Notes

• CodeQL alert: https://github.com/Kilo-Org/cloud/security/code-scanning/436

[kilo-code-bot]

Code Review Summary

Status: 2 Issues Found | Recommendation: Address before merge

Executive Summary

The clearAdminMachineSizeOverride method retains two JSON.stringify(input.reason) calls that are identical to the log-injection pattern this PR was created to fix.

Overview

Severity	Count
CRITICAL	0
WARNING	2
SUGGESTION	0

Other Observations — unfixed instances in unchanged lines (not in diff)

The PR fixes the pattern in setAdminMachineSizeOverride (line 3514) but leaves the same pattern in clearAdminMachineSizeOverride untouched:

File	Line	Issue
services/kiloclaw/src/durable-objects/kiloclaw-instance/index.ts	3554	WARNING: reason=${JSON.stringify(input.reason)} — no-op early-return branch of clearAdminMachineSizeOverride. Should be formatJsonLogString(input.reason).
services/kiloclaw/src/durable-objects/kiloclaw-instance/index.ts	3587	WARNING: reason=${JSON.stringify(input.reason)} — success branch of clearAdminMachineSizeOverride. Should be formatJsonLogString(input.reason).

These two call sites are functionally identical to the alert that triggered this PR (CodeQL alert 436). If the CodeQL query scans these lines too, they will continue to fire after this PR merges.

Files Reviewed (1 file)

• services/kiloclaw/src/durable-objects/kiloclaw-instance/index.ts — 2 issues

Fix these issues in Kilo Cloud

---

_{Reviewed by claude-4.6-sonnet-20260217 · 835,462 tokens}

_{Review guidance: REVIEW.md from base branch main}