1.0.1: post-release code-review correctness fixes In-tree code-review pass on the 1.0.0 codebase identified three correctness bugs and one documentation correction. No new features; no behaviour change for operators who weren't hit by the bugs. Recommended upgrade for all 1.0.0 adopters; required upgrade for any deployment fronted by a shared cache (LSCache, Varnish, Cloudflare full-page) where the request-ID corruption on cached responses (B5) was actively poisoning async-decorator data. - request_id validation in BeaconRequest: strict 16-hex regex, prevents oversize-payload abuse and cross-visitor request_id takeover. - Top-level try/catch in BeaconController::receive(): preserves the docblock 'never 5xx' contract under any pipeline failure. - Request-ID Server-Timing entry skipped on shared-cacheable responses: prevents cwv-rid from freezing into edge-cached payloads and corrupting async-decorator data across visitors. - PERFORMANCE.md sampling-rate clarification: documents the multiplied effective rate (sampling_rate * sampling_rate) honestly with corrected sizing tables. No schema changes. No new config keys. No update hooks.