fix: audit findings — reversible initials, instance tracking, live flags (v2.5.2–2.5.7)#33
Merged
Merged
Conversation
- New 'initials' mapping category; mask->unmask roundtrip now restores initials (was irreversible) - Initials regexes no longer match across newlines - Guard main PIB parser against re-masking already-masked surnames - Mapping written in document order for correct instance tracking - 27 new tests (tests/test_initials.py); version asserts made dynamic https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
- Repeated text dates now restore all occurrences on unmask (instances tracked via add_to_mapping instead of hardcoded [1]) - Engine's date_text path is deterministic now (duplicate copy never seeded the RNG) - _mask_date_text is an alias of mask_date_text (removed ~50-line dup) https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
- data_masking.MASK_* / DEBUG_MODE / PRESERVE_CASE / HASH_ALGORITHM delegate reads (PEP 562 __getattr__) and writes (module class swap) to masking.constants — restores pre-refactoring behavior where setting data_masking.MASK_NAMES=False actually disabled masking - Remove unused imports in masking/cli.py - 2 regression tests https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
Root rank_data.py is the single source of truth; modules/rank_data.py was an identical 636-line copy with no sync mechanism. Direction chosen because importing the modules package pulls security/cryptography, which must stay optional. https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
- README: masking/ and unmasking/ structure, initials feature, __main__.py invocation, version pointer to CHANGELOG - New threat model section: pseudonymization limits stated explicitly - Security recommendations: prefer --password-env over --password - Fix python -m mention in wrapper docstrings https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
Generated encryption passwords no longer land in redirected stdout, pipes or CI logs; shown once on stderr with an explicit warning. https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes from project audit (one version per commit)
[1,2,...]; engine date masking now deterministic; removed duplicated implementationMASK_*flags through the wrapper (restores pre-refactoring write behavior); dead imports removedmodules/rank_data.pyre-exports root copy (was 636-line duplicate)Test plan
https://claude.ai/code/session_01XT6iUWaQgahXDB9TWX9Bq7
Generated by Claude Code