Fix security, data integrity, and crash bugs

[kaiaiagent]

Summary

• Security: stop persisting user's full name in config — confirm now stores full_name_scanned: bool instead of the plaintext name in ~/.dataclaw/config.json
• Security: block publish when PII is found — confirm keeps stage at review (not confirmed) when PII scan has findings, so the publish gate actually enforces remediation
• Bug: Kimi double-hash — unresolved Kimi projects (where dir_name is already a hash) were being hashed again, silently dropping all their sessions. Now detects hash-shaped names via _is_kimi_project_hash()
• Bug: _normalize_timestamp assumed milliseconds — timestamps in seconds (e.g. from OpenCode SQLite) produced 1970 dates. Added > 1e12 heuristic
• Bug: _update_time_bounds assumed chronological order — now uses min/max so out-of-order entries produce correct time bounds
• Bug: Gemini token counts skipped _safe_int() — string or None token values would crash with TypeError
• Bug: _extract_user_content crashed on non-dict content blocks — added isinstance(b, dict) guard
• Bug: _find_export_file silently ignored nonexistent user-specified paths — now errors immediately with the path
• Bug: _handle_config falsiness check — --repo "" was silently ignored; fixed to is not None
• Bug: error messages only listed claude/codex/gemini — now uses _source_label() for all 7 sources
• Crash: .stat() race conditions in discovery functions when files disappear between glob and stat
• Cleanup: removed unused variable and redundant import in _scan_pii

Test plan

• All 290 existing tests pass
• New test: test_confirm_with_pii_findings_stays_in_review verifies stage gating
• New test: test_export_push_accepts_confirmed_full_name_scan verifies the boolean-based re-validation works end-to-end
• Manual test: run dataclaw confirm with PII present and verify publish is blocked until clean re-export

🤖 Generated with Claude Code