The duration_reasonable CHECK constraint fails on existing rows with
56-year durations from the shell var bug. Move the prerequisite
UPDATE into the migration itself so it's self-contained.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolved 10 conflicted files:
- VERSION/package.json: kept 0.12.0.0 (feature branch version)
- CHANGELOG.md: preserved both branch entry and main's new entries
- supabase/config.sh: kept GSTACK_WEB_URL, accepted TELEMETRY_ENDPOINT removal
- bin/gstack-{community-dashboard,telemetry-log,telemetry-sync,update-check}:
took main's improved versions (edge function approach, safe cursor, UUID gen)
- supabase/functions/community-pulse: took main's count-based approach
- test/telemetry.test.ts: took main's structure with fingerprint field name
Post-merge fixes:
- Removed shadowed local RESOLVERS/functions in gen-skill-docs.ts (main's
resolver imports now take precedence for tier-based preamble, coverage gates)
- Added 3 missing E2E_TIERS entries (ship-plan-*, review-plan-completion)
- Updated telemetry test to match current prompt text
- Regenerated all SKILL.md files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: drop all anon RLS policies + revoke view access + add cache table
Migration 002 locks down the Supabase telemetry backend:
- Drops all SELECT, INSERT, UPDATE policies for the anon role
- Explicitly revokes SELECT on crash_clusters and skill_sequences views
- Drops stale error_message/failed_step columns (exist live but not in migration)
- Creates community_pulse_cache table for server-side aggregation caching
* feat: extend community-pulse with full dashboard data + server-side cache
community-pulse now returns top skills, crash clusters, version distribution,
and weekly active count in a single aggregated response. Results are cached
in the community_pulse_cache table (1-hour TTL) to prevent DoS via repeated
expensive queries.
* fix: route all telemetry through edge functions, not PostgREST
- gstack-telemetry-sync: POST to /functions/v1/telemetry-ingest instead of
/rest/v1/telemetry_events. Removes sed field-renaming (edge function expects
raw JSONL names). Parses inserted count — holds cursor if zero inserted.
- gstack-update-check: POST to /functions/v1/update-check.
- gstack-community-dashboard: calls community-pulse edge function instead of
direct PostgREST queries.
- config.sh: removes GSTACK_TELEMETRY_ENDPOINT, fixes misleading comment.
* test: RLS smoke test + telemetry field name verification
- verify-rls.sh: 9-check smoke test (5 reads + 3 inserts + 1 update)
verifying anon key is fully locked out after migration.
- telemetry.test.ts: verifies JSONL uses raw field names (v, ts, sessions)
that the edge function expects, not Postgres column names.
- README.md: fixes privacy claim to match actual RLS policy.
* chore: bump version and changelog (v0.11.16.0)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: pre-landing review fixes — JSONB field order, version filter, RLS verification
- Dashboard JSON parsing: use per-object grep instead of field-order-dependent
regex (JSONB doesn't preserve key order)
- Version distribution: filter to skill_run events only (was counting all types)
- verify-rls.sh: only 401/403 count as PASS (not empty 200 or 5xx); add
Authorization header to test as anon role properly
- Remove dead empty loop in community-pulse
* chore: untrack browse/dist binaries — 116MB of arm64-only Mach-O
These compiled Bun binaries only work on arm64 macOS, and ./setup
already rebuilds from source for every platform. They were tracked
despite .gitignore due to being committed before the ignore rule.
Untracking stops them from appearing as modified in every diff.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: tone down changelog — security hardening, not incident report
* fix: keep INSERT policies for old client compat, preserve extra columns
- Keep anon INSERT policies so pre-v0.11.16 clients can still sync
telemetry via PostgREST while new clients use edge functions
- Add error_message/failed_step columns to migration (reconcile repo
with live schema) instead of dropping them
- Security fix still lands: SELECT and UPDATE policies are dropped
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: sync package.json version with VERSION file (0.11.16.0)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
telemetry-sync POSTs directly to Supabase REST API (/rest/v1/telemetry_events),
not through this edge function. Two ingest paths = maintenance burden for zero
value. Identified during eng review.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Community tier auth, backup/restore, and test updates that were already
on this branch before the telemetry sprint. Includes updated telemetry
prompt test to match 3-option community tier flow.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- community-benchmarks: add .eq("source", "live") to telemetry_events query
- community-pulse: use distinct install_fingerprint count instead of raw
count, add source=live filter to all queries
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add source field (live/test/dev) to telemetry pipeline: --source flag in
gstack-telemetry-log, GSTACK_TELEMETRY_SOURCE env fallback, pass-through
in telemetry-sync, source=eq.live filter on all dashboard queries
- Replace SHA-256 installation_id with UUID install_fingerprint for all tiers
(not just community). Expand-contract migration: ADD new column + trigger
to copy installation_id, preserving backward compat with old clients
- Fix duration bug: persist _TEL_START to file via $PPID (stable across bash
blocks), cap durations at 86400s, reject negative values
- Ungate update-check pings from telemetry=off — sends only version + OS +
random UUID. Generate .install-id in update-check for telemetry=off users
- Migration 003: source columns, install_fingerprint, duration CHECK
constraint, indexes, recreated views with source filter, growth funnel
(first-seen based), materialized views for daily installs + version adoption
- E2E test isolation: session-runner sets GSTACK_TELEMETRY_SOURCE=test
- 8 new telemetry tests (source field, duration caps, fingerprint persistence)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds error_message (max 200 chars, e.g. "bun test: 3 tests failed")
and failed_step (e.g. "run_tests", "create_pr") to telemetry events.
Schema, ingest function, and local logger all updated. Makes crash
reports actionable instead of just "timeout — 252 occurrences".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- community-benchmarks: computes per-skill median/p25/p75 duration,
total runs, and success rate from last 30 days of telemetry events.
Upserts into community_benchmarks table, cached 1 hour.
- community-recommendations: co-occurrence-based skill suggestions
("used by X% of /qa users"). Cached 24 hours.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three bug fixes:
- Telemetry-sync now pings update_checks on successful event sync
(previously only in gstack-update-check on cache-miss path)
- community-pulse falls back to distinct session_id count when
update_checks is empty
- Dashboard queries session_id and shows unique session count
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds user_id, email, config/analytics/retro snapshots, and backup
versioning to installations. Creates community_benchmarks table with
public read + service-role write RLS. Foundation for authenticated
backup and community intelligence features.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add gstack-telemetry-log and gstack-analytics scripts
Local telemetry infrastructure for gstack usage tracking.
gstack-telemetry-log appends JSONL events with skill name, duration,
outcome, session ID, and platform info. Supports off/anonymous/community
privacy tiers. gstack-analytics renders a personal usage dashboard
from local data.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add telemetry preamble injection + opt-in prompt + epilogue
Extends generatePreamble() with telemetry start block (config read,
timer, session ID, .pending marker), opt-in prompt (gated by
.telemetry-prompted), and epilogue instructions for Claude to log
events after skill completion. Adds 5 telemetry tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: regenerate all SKILL.md files with telemetry blocks
Automated regeneration from gen-skill-docs.ts changes. All skills
now include telemetry start block, opt-in prompt, and epilogue.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add Supabase schema, edge functions, and SQL views
Telemetry backend infrastructure: telemetry_events table with RLS
(insert-only), installations table for retention tracking,
update_checks for install pings. Edge functions for update-check
(version + ping), telemetry-ingest (batch insert), and
community-pulse (weekly active count). SQL views for crash
clustering and skill co-occurrence sequences.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add telemetry-sync, community-dashboard, and integration tests
gstack-telemetry-sync: fire-and-forget JSONL → Supabase sync with
privacy tier field stripping, batch limits, and cursor tracking.
gstack-community-dashboard: CLI tool querying Supabase for skill
popularity, crash clusters, and version distribution.
19 integration tests covering all telemetry scripts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: session-specific .pending markers + crash_clusters view fix
Addresses Codex review findings:
- .pending race condition: use .pending-$SESSION_ID instead of
shared .pending file to prevent concurrent session interference
- crash_clusters view: add total_occurrences and anonymous_occurrences
columns since anonymous tier has no installation_id
- Added test: own session pending marker is not finalized
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: dual-attempt update check with Supabase install ping
Fires a parallel background curl to Supabase during the slow-path
version fetch. Logs upgrade_prompted event only on fresh fetches
(not cached replays) to avoid overcounting. GitHub remains the
primary version source — Supabase ping is fire-and-forget.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: integrate telemetry usage stats into /retro output
Retro now reads ~/.gstack/analytics/skill-usage.jsonl and includes
gstack usage metrics (skill run counts, top skills, success rate)
in the weekly retrospective output.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: move 'Skill usage telemetry' to Completed in TODOS.md
Implemented in this branch: local JSONL logging, opt-in prompt,
privacy tiers, Supabase backend, community dashboard, /retro
integration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: wire Supabase credentials and expose tables via Data API
Add supabase/config.sh with project URL and publishable key (safe to
commit — RLS restricts to INSERT only). Update telemetry-sync,
community-dashboard, and update-check to source the config and
include proper auth headers for the Supabase REST API.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add SELECT RLS policies to migration for community dashboard reads
All telemetry data is anonymous (no PII), so public reads via the
publishable key are safe. Needed for the community dashboard to
query skill popularity, crash clusters, and version distribution.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: bump version and changelog (v0.8.6)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: analytics backward-compatible with old JSONL format
Handle old-format events (no event_type field) alongside new format.
Skip hook_fire events. Fix grep -c whitespace issues and unbound
variable errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: map JSONL field names to Postgres columns in telemetry-sync
Local JSONL uses short names (v, ts, sessions) but the Supabase
table expects full names (schema_version, event_timestamp,
concurrent_sessions). Add sed mapping during field stripping.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address Codex adversarial findings — cursor, opt-out, queries
- Sync cursor now advances on HTTP 2xx (not grep for "inserted")
- Update-check respects telemetry opt-out before pinging Supabase
- Dashboard queries use correct view column names (total_occurrences)
- Sync strips old-format "repo" field to prevent privacy leak
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: add Privacy & Telemetry section to README
Transparent disclosure of what telemetry collects, what it never sends,
how to opt out, and a link to the schema so users can verify.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Garry Tan