destroy verb: CLI + admin socket + dashboard button; purges state + approvals

hive-c0re/src/lifecycle.rs

@@ -85,6 +85,25 @@ pub async fn kill(name: &str) -> Result<()> {
     run(&["stop", &container]).await
 }
 
+/// Fully tear down a sub-agent's container: stop + remove via `nixos-container
+/// destroy`, then clean our own systemd drop-in. Leaves it to the caller to
+/// wipe `/var/lib/hyperhive/...` state and the per-agent runtime dir.
+pub async fn destroy(name: &str) -> Result<()> {
+    validate(name)?;
+    let container = container_name(name);
+    // nixos-container destroy handles stop + removal of /var/lib/nixos-containers/<C>
+    // and /etc/nixos-containers/<C>.conf. Tolerate "no such container".
+    if let Err(e) = run(&["destroy", &container]).await {
+        tracing::warn!(error = ?e, "nixos-container destroy returned an error; continuing cleanup");
+    }
+    let dropin_dir = format!("/run/systemd/system/container@{container}.service.d");
+    if std::path::Path::new(&dropin_dir).exists() {
+        std::fs::remove_dir_all(&dropin_dir)
+            .with_context(|| format!("remove {dropin_dir}"))?;
+    }
+    Ok(())
+}
+
 pub async fn rebuild(
     name: &str,
     hyperhive_flake: &str,