Bug: 8-character hex instance IDs have 32-bit collision risk

[pinodeca]

Summary

short_id() in src/types.rs generates 8-character hex IDs (32 bits of entropy) by taking the last 8 characters of a UUID v4:

pub fn short_id() -> String {
    let uuid = Uuid::new_v4();
    uuid.to_string()
        .chars()
        .rev()
        .take(8)
        .collect::<String>()
        .chars()
        .rev()
        .collect()
}

With ~65,000 instances the birthday paradox gives a 50% collision probability. A collision causes a hard PRIMARY KEY violation on df.instances.id.

Severity

Low-Medium — not silent (PK violation surfaces as an error), but a production system at moderate throughput will hit this within months to years.

Fix

Drop short_id() and use a full UUID (or at minimum 16 hex characters / 64 bits of entropy). Full UUID eliminates the problem entirely and is the simplest fix.

[copilot-swe-agent]

The agent encountered an error and was unable to start working on this issue: Please try again later, or contact support if the problem persists. (Request id: DAC8:214752:6BEC50:8E81EF:6A16F995)

[crprashant]

Opened #238 to fix this — it replaces the 8-character short IDs with full canonical UUIDs (122 bits of entropy) for both df.instances and df.nodes IDs.

Highlights:

• The ID format is gated on the installed extversion: the 0.2.4 .so keeps emitting 8-char IDs against pre-0.2.4 schemas and switches to UUIDs only after ALTER EXTENSION UPDATE runs, so the binary stays backward compatible with already-shipped schemas.
• The six id columns widen VARCHAR(8) → TEXT, and the format CHECK constraints are relaxed to accept a legacy 8-char id or a canonical UUID, so existing rows stay valid and coexist with UUIDs after the upgrade.
• Ships an upgrade script sql/pg_durable--0.2.3--0.2.4.sql and bumps the extension to 0.2.4.

Verified locally: unit 171/0, e2e 33/33, upgrade 35/35 (schema comparison + binary backward compatibility), clippy and pgspot clean.