Welcome.nid has no non-empty contract; unset APN_NID silently breaks the tunnel-header prefix invariant

[bibonix]

welcome.proto defines string nid = 8 with this comment:

Node ID of the responding Node, taken verbatim from its APN_NID environment variable. The value carries a short prefix followed by a colon (e.g. "VLZ:" or "HTZ:") that the client surfaces in diagnostics and the tunnel header to hint at the hosting region.

The field is populated by reading APN_NID directly at the Node. Proto3 serialises an unset string field as its default value — the empty string — with no error. If a Node operator omits or leaves blank the APN_NID environment variable, the serialised Welcome carries nid = "". The client receives an empty string, silently violates the prefix-plus-colon format invariant, and writes a broken or empty routing hint into every tunnel header and diagnostic report for the session.

The flaw lives in welcome.proto at the nid = 8 field declaration. No proto-level or documentation-level contract enforces non-empty, so the Node runtime has no anchor to validate against.

The fix is a one-line addition to the nid comment: add an explicit non-empty contract ("must not be empty when status == OK") so that Node implementations know to reject or refuse to start when APN_NID is absent, mirroring the pattern that Peer.sni needs (issue #20).

[bibonix]

@yegor256 happy to clarify the proposed contract wording or the exact check a Node should perform at start-up if that would help.