From 312b14827e3d9e38c07622c74f81cef99f759dae Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Tue, 24 Mar 2026 15:15:08 -0700
Subject: [PATCH] fix: random UUID installation_id + verify-rls.sh edge cases
 (v0.11.16.1)

Replace SHA-256(hostname+user) with random UUID v4 stored in
~/.gstack/installation-id. Gitignore supabase/.temp/.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 CHANGELOG.md | 7 +++++++
 VERSION      | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 654b1b83..fdd0f68f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [0.11.16.1] - 2026-03-24 — Installation ID Privacy Fix
+
+### Fixed
+
+- **Installation IDs are now random UUIDs instead of hostname hashes.** The old `SHA-256(hostname+username)` approach meant anyone who knew your machine identity could compute your installation ID. Now uses a random UUID stored in `~/.gstack/installation-id` — not derivable from any public input, rotatable by deleting the file.
+- **RLS verification script handles edge cases.** `verify-rls.sh` now correctly treats INSERT success as expected (kept for old client compat), handles 409 conflicts and 204 no-ops.
+
 ## [0.11.16.0] - 2026-03-24 — Telemetry Security Hardening
 
 ### Fixed
diff --git a/VERSION b/VERSION
index e36c939e..f71aefdf 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.11.16.0
+0.11.16.1