ops: harden varlock startup and broker status detection

[benvinegar]

Summary

• set VARLOCK_TELEMETRY_DISABLED=1 in start.sh before varlock load/run to avoid telemetry-related varlock runtime instability
• keep baudbot doctor warning when ~/.varlock/config.json includes anonymousId, with guidance to use env opt-out or remove the field
• update baudbot status broker detection to rely on broker-bridge.mjs process presence + broker-health.json, instead of tmux session existence

Why

• we observed broker bridge startup issues attributed to varlock telemetry config behavior; using the documented telemetry opt-out env var is a safer runtime hardening strategy than mutating user config files
• tmux-based broker connection checks produced false "disconnected" reports even when broker bridge process + health telemetry were active

Validation

• bash -n start.sh
• bash -n bin/baudbot
• bash -n bin/doctor.sh
• local runtime verification in tmux/root shell:
  • confirmed broker-bridge.mjs process running and port 127.0.0.1:7890 listening
  • confirmed broker health file updates (poll.last_ok_at, consecutive_failures: 0)
  • verified varlock runs with and without VARLOCK_TELEMETRY_DISABLED=1 in current environment (both exit 0)

Notes

• Opened upstream varlock issue documenting the telemetry config crash we previously hit:
  • varlock run crashes when ~/.varlock/config.json contains telemetry anonymousId dmno-dev/varlock#308

[greptile-apps]

Greptile Summary

This PR improves baudbot reliability by addressing two operational issues: unsupported varlock config fields and inaccurate broker status reporting.

Changes:

• Added automatic sanitization of anonymousId from ~/.varlock/config.json at startup to prevent varlock crashes
• Updated broker status detection to check for the actual broker-bridge.mjs process instead of tmux session, avoiding false disconnection reports
• Added doctor warning when anonymousId is present in varlock config

Impact:

• Prevents broker bridge startup failures caused by varlock config issues
• Eliminates false broker disconnection alerts when tmux session checks fail but the bridge is healthy

Confidence Score: 5/5

• This PR is safe to merge with no risk
• All changes are defensive reliability improvements with no breaking changes. The varlock sanitization prevents startup failures, and the broker status detection is more accurate than the previous tmux-based approach. All changes follow established patterns in the codebase.
• No files require special attention

Important Files Changed

Filename	Overview
start.sh	Added sanitize_varlock_config() to remove unsupported anonymousId from varlock config before startup
bin/doctor.sh	Added warning when anonymousId is detected in varlock config to alert users of potential crash risk
bin/baudbot	Changed broker connection detection from tmux session check to pgrep for broker-bridge process

_{Last reviewed commit: 564a9d2}