CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-06 05:35:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: replace SHA-256(hostname+user) installation_id with random UUID

Browse Source 
The old approach derived installation_id from hostname+username via
SHA-256, which meant anyone who knew your machine identity could
compute your exact ID. Now uses a random UUID v4 stored in
~/.gstack/installation-id — not derivable from any public input,
rotatable by deleting the file.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-24 15:12:07 -07:00
parent a7c1670b2a
commit b8b8f22686
2 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/telemetry.test.ts
+2 -2
View File
@@ -78,8 +78,8 @@ describe('gstack-telemetry-log', () => {
const events = parseJsonl();
expect(events).toHaveLength(1);
// installation_id should be a SHA-256 hash (64 hex chars)
expect(events[0].installation_id).toMatch(/^[a-f0-9]{64}$/);
// installation_id should be a UUID v4 (or hex fallback)
expect(events[0].installation_id).toMatch(/^[a-f0-9-]{32,36}$/);
});
test('installation_id is null for anonymous tier', () => {