Anonymous usage telemetry now on by default, Stripo values-field probe, slop detector catches a new viral opener
Three customer-facing changes in this release. Anonymous usage telemetry is now on by default in the Orbit MCPB — until now we collected nothing unless you'd manually set ORBIT_TELEMETRY=1, so the dashboard was blind to which skills and tools were actually being used. We send only the skill or tool slug, the MCPB version, and an opaque per-install ID. Never your prompts, your tool arguments, or your IP. There's a new install-time checkbox to opt out, and ORBIT_TELEMETRY=0 still works. A new orbit_probe_stripo_values tool empirically tests Stripo's `values` field against your live workspace — the gating step before we ship slot-aware overrides on orbit_compose_stripo_email. And the slop detector now catches the 'There's a specific kind of [feeling] that comes from…' viral opener template.
What shipped
•Behaviour change — the MCPB now sends anonymous usage telemetry by default. Each event carries: type (skill_load / tool_call / session_start / tool_error), the kebab-case slug of the skill or tool, the MCPB version, and a SHA-256-hashed install UUID stored locally at ~/.orbit/client-id. Nothing else. The endpoint is /api/mcp/telemetry on yourorbit.team and the contract is enforced server-side: payloads with anything resembling a prompt or tool argument are rejected.
•Opt-out paths — the MCPB install screen now shows a new 'Anonymous usage telemetry' checkbox (ticked by default). Untick it during install or any time afterwards via Claude Desktop's MCP settings. Power users can also set ORBIT_TELEMETRY=0 (or `false`/`no`/`off`) in the MCP config; the env var wins. When telemetry fires for the first time in a session, the MCP server log gets a one-line stderr disclosure noting it's enabled and how to opt out — visible in Claude Desktop's MCP server logs.
•Privacy posture unchanged. We have no IP column on the receiving table. The install ID is local to your machine and only ever appears in our database; it carries no name, no email, no fingerprint. We can answer 'how many distinct installs hit this skill last week' but not 'which person did it.' Reading mcp_telemetry rows isn't enough to identify anyone — by design.
•Endpoint — the MCPB now hits the apex domain (yourorbit.team/api/mcp/telemetry) directly rather than the legacy get. subdomain. Saves one redirect on every event and avoids any future intermittent issues with the apex-redirect chain.
•New tool — orbit_probe_stripo_values empirically validates Stripo's `values` field on POST /email against your live Stripo workspace. Creates up to 10 throwaway emails (all named 'Orbit · values-probe ·' for easy bulk-delete) covering baseline, per-module + top-level value placement, empty-string handling, script injection, Liquid passthrough, unknown keys, and HTML in slot values. Auto-picks Module A (no slot markup) and Module B (with slot markup) from your synced modules. Writes findings to <workspace>/outputs/stripo-values-probe/<timestamp>.md. This is the decision-blocking step before slot_values can be added to orbit_compose_stripo_email — without empirical proof of which slot-key shape Stripo actually honours, the override implementation would ship guessing.
•Slop detector — added the 'Specific-kind-of-X opener' rule. Catches every variant of 'There's a specific kind of [feeling] that comes from [cause]' — the viral 2025–26 emotional-essay opener template that's now spreading across Instagram captions, Reddit confessions, and LinkedIn reflection posts. Both the regex phrase rule and the token-skeleton variant fire, so paraphrases ('this is a particular sort of grief that arrives when…') get flagged too. Fix: name the feeling and its cause directly. Cut the framing.