feat: anonymous bug report collection with PII sanitization

[dev01lay2]

Summary

Add an anonymous, opt-out bug report collection feature. When ClawPal encounters errors above a configurable severity threshold, sanitized logs are automatically submitted to a third-party error tracking service.

Requirements

Core

• Default ON, user can toggle OFF in Settings
• Anonymous: no user identifiers, no IP tracking, no account info
• PII sanitization before any data leaves the device:
  • Strip API keys, tokens, passwords (regex patterns: sk-..., Bearer ..., token=...)
  • Strip file paths containing usernames (replace with ~ or <HOME>)
  • Strip SSH host/user/IP information
  • Strip Discord/Telegram user IDs and chat IDs
  • Strip email addresses
  • Strip custom base URLs (may reveal internal infrastructure)
• Severity-based filtering: only report errors at error or critical level (not info/warn)
• Rate limiting: max N reports per hour to avoid flooding

Third-party Service Options

Support multiple backends (user picks one or we default to Sentry):

1. Sentry (recommended default) — industry standard, has Rust SDK (sentry crate), free tier supports 5k events/month
2. GlitchTip — open-source Sentry-compatible, self-hostable, same DSN protocol
3. Custom HTTP endpoint — simple POST to a configurable URL for self-hosted setups

Settings UI

In the Settings page (preferences section), add a new card:

• Toggle: "Send anonymous bug reports" (default: on)
• Dropdown: reporting backend (Sentry / GlitchTip / Custom URL)
• Input: DSN or endpoint URL (hidden when using built-in Sentry)
• Info text explaining what data is collected and how it is sanitized
• Link: "View privacy policy" / "What data is sent?"

Data Collected (sanitized)

• Error message (sanitized)
• Error stack trace / backtrace (paths sanitized)
• ClawPal version
• OS type and version (no hostname)
• Rust panic info (if applicable)
• Severity level
• Timestamp
• A random session UUID (not tied to user identity, rotated each app launch)

Backend Implementation (Rust)

1. New module: src-tauri/src/bug_report/mod.rs
   • sanitize.rs — PII scrubbing functions with comprehensive regex
   • collector.rs — severity filter + rate limiter + event aggregation
   • reporter.rs — HTTP transport to Sentry/GlitchTip/custom
   • settings.rs — persist bug report preferences in app-preferences.json
2. New Tauri commands:
   • get_bug_report_settings / set_bug_report_settings
   • get_bug_report_stats (how many reports sent, last sent time)
   • test_bug_report_connection (send a test event)
3. Integration points:
   • Hook into existing logging::log_error() to capture error events
   • Hook into Rust panic handler for crash reports
   • Capture zeroclaw runtime errors

Frontend Implementation (React)

1. New component: src/components/BugReportSettings.tsx
2. Add to Settings page in the preferences section
3. i18n keys for both English and Chinese

Testing

• Unit tests for PII sanitization (100% coverage on sanitize module)
• Unit tests for severity filtering and rate limiting
• Integration test for Sentry event format
• Test that disabled setting prevents any HTTP calls

Non-goals

• No user-identifiable data should ever leave the device
• No tracking of usage patterns or feature analytics
• No automatic screenshots or screen recordings
• No collection of conversation content or chat messages

References

• Sentry Rust SDK: https://docs.sentry.io/platforms/rust/
• GlitchTip: https://glitchtip.com/
• Existing logging: src-tauri/src/logging.rs
• Existing preferences: src-tauri/src/commands/preferences.rs