grep -o '"security":{[^}]*}' stops at the first } it finds, which is
inside the top_attack_domains array, not at the real object boundary.
Dashboard silently reported 0 attacks when there was actual data.
Prefer jq (standard on most systems) for the parse. Fall back to the
old regex if jq isn't installed — lossy but non-crashing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New bash CLI at bin/gstack-security-dashboard that consumes the security
section of the community-pulse edge function response and renders:
* Attacks detected last 7 days (total)
* Top attacked domains (up to 10)
* Top detection layers (which security stack layer catches most)
* Verdict distribution (block / warn / log_only split)
* Pointer to local log + user's telemetry mode
Two modes:
* Default — human-readable dashboard, same visual style as
bin/gstack-community-dashboard
* --json — machine-readable shape for scripts and CI
Graceful degradation when Supabase isn't configured: prints a helpful
message pointing to the local ~/.gstack/security/attempts.jsonl log.
Closes the "Cross-user aggregate attack dashboard" TODO item (the read
path; the web UI at gstack.gg/dashboard/security is still a separate
webapp project).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Garry Tan