[bug] idd-issue multi-finding: run_id second-precision collision + symlink overwrite hardening

[kiki830621]

Problem

From verification of #48:
Logic P1.2 + Security F3: run_id uses ISO-8601 second-precision timestamp as jsonl filename. Same-second invocations produce identical filename → silent audit trail overwrite, violating D2 contract ("per-invocation 一檔").
— Source: team:logic + team:security + team:devils-advocate (upgraded HIGH), Verify comment

Collision (P1 / HIGH)

Two invocations within the same second (parallel /loop, CI batch, two terminals) produce run_id = "2026-05-10T17:00:00" — second invocation silently overwrites the first's jsonl. The audit trail is permanently lost with no error or warning. IDD's audit trail is a core promise; silent loss is worse than a secret leak (secrets can be rotated; audit trail cannot be reconstructed).

TOCTOU symlink overwrite (MEDIUM)

Predictable filename at a known path: an attacker with local FS write access can pre-create a symlink at .claude/.idd/issue-runs/2026-05-12T10:00:00.jsonl pointing to ~/.ssh/authorized_keys. The skill's jq -n ... > $JSONL_PATH truncates-and-writes without checking for symlinks.

Type

bug

Expected

1. run_id format changed to sub-second or adds random suffix: 2026-05-10T17:00:00.123Z or 2026-05-10T17:00:00-a3f9
2. Jsonl write uses collision-detect semantics: set -C (noclobber) + retry with suffix, or mktemp-style
3. Symlink check before write: [ -L "$JSONL_PATH" ] && abort
4. Footer body updated to use new run_id format (jsonl ↔ footer ↔ comment_url alignment)

Related: #48