feat: enhance bug report collection with frontend capture, os detection, offline queue and 30-day log cleanup

[dev01lay2]

Summary

Closes four gaps identified in the develop branch bug collection scheme:

P0 — Frontend error reporting

• New Tauri command capture_frontend_error (Rust + registered in invoke_handler!)
• api.captureFrontendError() wrapper in api.ts
• App.tsx handleUnhandled now fire-and-forgets a Sentry report in parallel with the existing Guidance LLM flow

P1 — OS version detection

• New src-tauri/src/bug_report/os_info.rs module with platform-aware os_version_string()
  • macOS: sw_vers -productVersion cached with OnceLock
  • Linux: PRETTY_NAME from /etc/os-release
  • Windows: registry CurrentBuildNumber → cmd /C ver → $OS env fallback
• Replaces the old OSTYPE/OS env-var guess in collector.rs

P2+P3 — Offline write-ahead queue + 30-day log cleanup

• New src-tauri/src/bug_report/queue.rs with QueueStore abstraction
• Files under <clawpal_dir>/bug_report/: pending.jsonl (max 100), dead_letter.jsonl (max 20, after 3 failed attempts), sent.jsonl (audit log), failures.jsonl
• capture() persists to disk first, then attempts immediate send; on success calls mark_sent()
• BugReportStats now exposes persisted_pending and dead_letter_count
• App startup (lib.rs setup) calls cleanup_old_logs() + flush()
• 30-day retention: sent.jsonl and failures.jsonl entries older than 30 days are pruned on every startup

P4 — Structured failure logging

• Send failures write a structured {ts, error} entry to failures.jsonl (also pruned after 30 days)

Tests

• queue.rs: enqueue_caps_pending_size, cleanup_prunes_old_failure_logs
• os_info.rs: linux_pretty_name_parser_handles_quotes (cfg-guarded)

[Keith-CY]

I found two issues that need fixing before merge.

• [P1] Do not persist bug reports when bug reporting is disabled.

  • In src-tauri/src/bug_report/collector.rs:261 the call to queue::enqueue(...) happens before any settings check.
  • capture() then calls enqueue_event(..., ignore_enabled=false, ...) and prepare_event drops sending when disabled, but the queued entry is already written to disk.
  • Impact: users who explicitly turned off bug reporting still have frontend/panic errors persisted (and may be sent later if reporting is re-enabled).
  • Fix: load settings and gate queue enqueue behind the same !ignore_enabled && settings.enabled check, or pass an enabled guard into queue operations.

• [P2] Queue file operations are not atomic and can lose entries under concurrency.

  • src-tauri/src/bug_report/queue.rs:137 (enqueue) and 163 (mark_sent) both do read-modify-write cycles with no locking.
  • Both functions load JSONL into memory, mutate, then rewrite the entire file using File::create.
  • Concurrent calls can interleave and overwrite each other (e.g., two enqueue calls both read the same snapshot and each writes back, dropping one event).
  • Fix: serialize queue mutations with a process-wide mutex or file lock around all enqueue/mark_sent/flush/cleanup writes.

[github-actions]

📊 Test Coverage Report

Metric	Base (develop)	PR (feat/bug-report-enhancements)	Delta
Lines	73.81% (5754/7796)	73.81% (5754/7796)	⚪ ±0.00%
Functions	67.52% (663/982)	67.52% (663/982)	⚪ ±0.00%
Regions	75.14% (9609/12788)	75.14% (9609/12788)	⚪ ±0.00%

Coverage measured by cargo llvm-cov (clawpal-core + clawpal-cli).

[dev01lay2]

Code Review — REQUEST_CHANGES

CI pending. Two blockers before merge.

---

🔴 BS 1 — enqueue does full read-modify-rewrite on every capture() call, with no lock

queue.rs QueueStore::enqueue

Each capture() triggers: read all of pending.jsonl → deserialise → push → full rewrite. Under high-frequency errors (e.g. broken SSH firing before the rate-limit kicks in), the async sender thread and the panic hook thread can both call enqueue concurrently → race on the file → corruption.

Fix: add a process-level Mutex<()> (static, same pattern as CollectorState) guarding all pending.jsonl mutations. Or use append-only for the hot path (like log_send_failure) and defer the cap-enforcement rewrite to flush.

---

🔴 BS 2 — mark_sent and flush both rewrite pending.jsonl without coordination → stale entries

collector.rs sender loop ~line 91, queue.rs flush

At startup, flush runs and rewrites pending.jsonl. Meanwhile the async sender thread may fire mark_sent for queue_entry_ids that were enqueued in a previous session but no longer exist in the current file — those entries silently no-op and stay in pending.jsonl, getting retried indefinitely.

Same fix as BS 1: a single process-level mutex on all pending.jsonl mutations eliminates both races.

---

🟡 NBS 1 — sanitize_text called twice on the same string

queue.rs line 150

enqueue sanitises message before writing to disk. capture() also passes message into build_event → sanitize_text for the Sentry payload. Two separate sanitise passes on the same input. If sanitize_text is ever non-idempotent the disk copy and the network copy will diverge. Consider calling sanitize_text once in capture() before branching.

---

🟡 NBS 2 — Linux os_version_string() not cached

os_info.rs Linux branch

macOS uses OnceLock ✅. Linux reads /etc/os-release on every call. Since this is called per-report and per-flush, add static VERSION: OnceLock<String> on the Linux branch too.

[github-actions]

📦 PR Build Artifacts

Platform	Download	Size
Windows-x64	📥 clawpal-Windows-x64	34.3 MB
Linux-x64	📥 clawpal-Linux-x64	186.9 MB
macOS-ARM64	📥 clawpal-macOS-ARM64	44.9 MB
macOS-x64	📥 clawpal-macOS-x64	45.5 MB

---

🔨 Built from 8e01496 · View workflow run
⚠️ Unsigned development builds — for testing only