Skip to content

v0.7.0: longitudinal date-shift, fail-closed face gate, honest claims#3

Merged
Ces107 merged 1 commit into
mainfrom
claude/dicom-anonymizer-critique-2BpzX
Jun 7, 2026
Merged

v0.7.0: longitudinal date-shift, fail-closed face gate, honest claims#3
Ces107 merged 1 commit into
mainfrom
claude/dicom-anonymizer-critique-2BpzX

Conversation

@Ces107

@Ces107 Ces107 commented Jun 7, 2026

Copy link
Copy Markdown
Owner

Addresses a critique of the project across functional, safety, and
credibility dimensions.

Functional (longitudinal cohorts — the declared audience):

  • Add deterministic per-patient date shifting (--date-shift). PS3.15
    Retain Modified Dates (CID 7050 113107): every DA/DT value is moved by
    one HMAC-derived per-patient offset, preserving inter-study intervals
    while hiding the absolute calendar position. Requires --salt; window via
    --date-shift-max-days. New module dcm_anon/dateshift.py; public shift_dates.
  • The independent verifier is told when dates were intentionally retained, so
    it no longer flags shifted dates while still catching every non-date
    identifier.
  • Block --date-shift + --manifest-mode hipaa: retaining dates under a Safe
    Harbor manifest would be a false compliance claim.

Safety (fail-closed gate that actually fails closed):

  • Recognizable-face gate previously fired only on an English keyword match,
    so a cranial CT/MR with a blank/coded/non-English description passed — a
    false negative in a safety gate. It now fires on any face-capable modality
    unless there is positive evidence of a non-cranial body part (accent-
    normalised, multilingual EN/ES/FR/DE/IT/PT). Ambiguity resolves to risk.
  • Independent verifier accept-set tightened: free-text words the tool never
    emits (ANONYMOUS/REMOVED) dropped, since they could only mask a real
    residual.

Credibility (easy claims must be exactly true):

  • Replace the stale "197 tests" claim with the real count, CI-enforced so it
    can never drift again; also pin CITATION.cff (was 0.4.0) to the single
    version source.
  • README opening now states plainly what the tool does and does not buy
    (technical de-id + auditable evidence; NOT your Art. 9(2) lawful basis),
    removing the apparent CNIL-framing contradiction.
  • Landing page no longer quotes firm prices for a tier that is not yet
    purchasable.

245 tests pass; ruff and mypy clean.

https://claude.ai/code/session_01NU8vvx26d3jxSMrb3cANju

@claude
v0.7.0: longitudinal date-shift, fail-closed face gate, honest claims
1fcaa26 
Addresses a critique of the project across functional, safety, and
credibility dimensions.

Functional (longitudinal cohorts — the declared audience):
- Add deterministic per-patient date shifting (--date-shift). PS3.15
  Retain Modified Dates (CID 7050 113107): every DA/DT value is moved by
  one HMAC-derived per-patient offset, preserving inter-study intervals
  while hiding the absolute calendar position. Requires --salt; window via
  --date-shift-max-days. New module dcm_anon/dateshift.py; public shift_dates.
- The independent verifier is told when dates were intentionally retained, so
  it no longer flags shifted dates while still catching every non-date
  identifier.
- Block --date-shift + --manifest-mode hipaa: retaining dates under a Safe
  Harbor manifest would be a false compliance claim.

Safety (fail-closed gate that actually fails closed):
- Recognizable-face gate previously fired only on an English keyword match,
  so a cranial CT/MR with a blank/coded/non-English description passed — a
  false negative in a safety gate. It now fires on any face-capable modality
  unless there is positive evidence of a non-cranial body part (accent-
  normalised, multilingual EN/ES/FR/DE/IT/PT). Ambiguity resolves to risk.
- Independent verifier accept-set tightened: free-text words the tool never
  emits (ANONYMOUS/REMOVED) dropped, since they could only mask a real
  residual.

Credibility (easy claims must be exactly true):
- Replace the stale "197 tests" claim with the real count, CI-enforced so it
  can never drift again; also pin CITATION.cff (was 0.4.0) to the single
  version source.
- README opening now states plainly what the tool does and does not buy
  (technical de-id + auditable evidence; NOT your Art. 9(2) lawful basis),
  removing the apparent CNIL-framing contradiction.
- Landing page no longer quotes firm prices for a tier that is not yet
  purchasable.

245 tests pass; ruff and mypy clean.

https://claude.ai/code/session_01NU8vvx26d3jxSMrb3cANju
@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 7, 2026

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@Ces107 Ces107 merged commit f61c39a into main Jun 7, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ces107 @claude