fix: address Codex adversarial findings — cursor, opt-out, queries

- Sync cursor now advances on HTTP 2xx (not grep for "inserted")
- Update-check respects telemetry opt-out before pinging Supabase
- Dashboard queries use correct view column names (total_occurrences)
- Sync strips old-format "repo" field to prevent privacy leak

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

bin/gstack-community-dashboard

@@ -70,7 +70,7 @@ echo "Top skills (last 7 days)"
 echo "────────────────────────"
 
 # Query telemetry_events, group by skill
-EVENTS="$(query "telemetry_events" "select=skill&event_type=eq.skill_run&event_timestamp=gte.${WEEK_AGO}&limit=1000" 2>/dev/null || echo "[]")"
+EVENTS="$(query "telemetry_events" "select=skill,gstack_version&event_type=eq.skill_run&event_timestamp=gte.${WEEK_AGO}&limit=1000" 2>/dev/null || echo "[]")"
 
 if [ "$EVENTS" != "[]" ] && [ -n "$EVENTS" ]; then
   echo "$EVENTS" | grep -o '"skill":"[^"]*"' | awk -F'"' '{print $4}' | sort | uniq -c | sort -rn | head -10 | while read -r COUNT SKILL; do
@@ -85,11 +85,11 @@ echo ""
 echo "Top crash clusters"
 echo "──────────────────"
 
-CRASHES="$(query "crash_clusters" "select=error_class,gstack_version,count,unique_users&limit=5" 2>/dev/null || echo "[]")"
+CRASHES="$(query "crash_clusters" "select=error_class,gstack_version,total_occurrences,identified_users&limit=5" 2>/dev/null || echo "[]")"
 
 if [ "$CRASHES" != "[]" ] && [ -n "$CRASHES" ]; then
   echo "$CRASHES" | grep -o '"error_class":"[^"]*"' | awk -F'"' '{print $4}' | head -5 | while read -r ERR; do
-    C="$(echo "$CRASHES" | grep -o "\"error_class\":\"$ERR\"[^}]*\"count\":[0-9]*" | grep -o '"count":[0-9]*' | head -1 | grep -o '[0-9]*')"
+    C="$(echo "$CRASHES" | grep -o "\"error_class\":\"$ERR\"[^}]*\"total_occurrences\":[0-9]*" | grep -o '"total_occurrences":[0-9]*' | head -1 | grep -o '[0-9]*')"
     printf "  %-30s %s occurrences\n" "$ERR" "${C:-?}"
   done
 else

bin/gstack-telemetry-sync

@@ -81,7 +81,8 @@ while IFS= read -r LINE; do
     -e 's/,"_branch":"[^"]*"//g' \
     -e 's/"v":/"schema_version":/g' \
     -e 's/"ts":/"event_timestamp":/g' \
-    -e 's/"sessions":/"concurrent_sessions":/g')"
+    -e 's/"sessions":/"concurrent_sessions":/g' \
+    -e 's/,"repo":"[^"]*"//g')"
 
   # If anonymous tier, strip installation_id
   if [ "$TIER" = "anonymous" ]; then
@@ -106,19 +107,19 @@ BATCH="$BATCH]"
 [ "$COUNT" -eq 0 ] && exit 0
 
 # ─── POST to Supabase ────────────────────────────────────────
-RESPONSE="$(curl -sf --max-time 10 \
+HTTP_CODE="$(curl -s -o /dev/null -w '%{http_code}' --max-time 10 \
   -X POST "${ENDPOINT}/telemetry_events" \
   -H "Content-Type: application/json" \
   -H "apikey: ${ANON_KEY}" \
   -H "Authorization: Bearer ${ANON_KEY}" \
   -H "Prefer: return=minimal" \
-  -d "$BATCH" 2>/dev/null || true)"
+  -d "$BATCH" 2>/dev/null || echo "000")"
 
-# ─── Update cursor on success ────────────────────────────────
-if [ -n "$RESPONSE" ] && echo "$RESPONSE" | grep -q '"inserted"'; then
-  NEW_CURSOR=$(( CURSOR + COUNT ))
-  echo "$NEW_CURSOR" > "$CURSOR_FILE" 2>/dev/null || true
-fi
+# ─── Update cursor on success (2xx) ─────────────────────────
+case "$HTTP_CODE" in
+  2*) NEW_CURSOR=$(( CURSOR + COUNT ))
+      echo "$NEW_CURSOR" > "$CURSOR_FILE" 2>/dev/null || true ;;
+esac
 
 # Update rate limit marker
 touch "$RATE_FILE" 2>/dev/null || true

bin/gstack-update-check

@@ -149,7 +149,9 @@ if [ -z "${GSTACK_TELEMETRY_ENDPOINT:-}" ] && [ -f "$GSTACK_DIR/supabase/config.
 fi
 _SUPA_ENDPOINT="${GSTACK_TELEMETRY_ENDPOINT:-}"
 _SUPA_KEY="${GSTACK_SUPABASE_ANON_KEY:-}"
-if [ -n "$_SUPA_ENDPOINT" ] && [ -n "$_SUPA_KEY" ]; then
+# Respect telemetry opt-out — don't ping Supabase if user set telemetry: off
+_TEL_TIER="$("$GSTACK_DIR/bin/gstack-config" get telemetry 2>/dev/null || true)"
+if [ -n "$_SUPA_ENDPOINT" ] && [ -n "$_SUPA_KEY" ] && [ "${_TEL_TIER:-off}" != "off" ]; then
   _OS="$(uname -s | tr '[:upper:]' '[:lower:]')"
   curl -sf --max-time 5 \
     -X POST "${_SUPA_ENDPOINT}/update_checks" \