- Inspect current correlation middleware implementation in
services/api/src/correlation.rs. - Add validation logic:
- enforce maximum header value length
- accept only UUID v4 (parse + version check)
- If missing/invalid/too long: generate new UUID v4.
- Ensure the normalized UUID is recorded in tracing span and echoed back via
X-Request-Idresponse header. - Add/adjust unit tests for the middleware to cover:
- valid UUID v4 passes through
- malformed string replaced
- UUID v1/other versions replaced
- too-long header replaced
- Update any documentation/comments if needed.
- Run
cargo test -p services/api(or workspace-equivalent) to confirm tests pass.