JMCP: Papers - jmcp/blind-anonymous-publication-mode-Y2CwaEKp#2
Closed
landigf wants to merge 1 commit into
Closed
Conversation
Owner
Author
|
Closing: will integrate valuable features directly on main to avoid cascade merge conflicts. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Now I have a complete picture. Here's the review:
JMCP Review — Blind Anonymous Publication Mode
Change Summary
This PR bootstraps the entire Papers platform (72 files, ~13.4k lines) with a blind-review anonymization layer as the central feature:
Contract layer (
packages/contracts): DefinesvisibilityMode: "public" | "blind"on papers.serializePublicPaper()nullsownerId,publicAuthorProfile, and scrubs asset filenames when mode is"blind". A runtime invariantassertBlindSafe()guards against regressions.Comment anonymization (
demo-store.ts:627):getPublicComments()stripsauthorProfilefrom all comments on blind papers.AI safety gate (
packages/ai):GrokProvider.assertSafe()hard-blocks any payload flaggedisBlindContentorcontainsPrivateDraftfrom being sent to the external LLM.Paper creation (
packages/db/src/index.ts:494): SetspublicAuthorProfile: nullat write time for blind papers.UI layer (
papers/[paperId]/page.tsx): Conditionally renders "Identity hidden for blind review" / "Blind participant" labels.Test coverage (
contracts/test): 5 targeted tests covering profile nulling, ownerId nulling, asset filename scrubbing, leak detection, and happy path.Validation Confidence: Medium-High
visibilityMode === "public"atindex.ts:463).Remaining Risks
storageKeynot scrubbedserializePublicPaperscrubsfileNamebut leavesasset.storageKeyintact (e.g."uploads/paper_1/draft.pdf"). If storageKeys are ever exposed in URLs or API responses, they could leak the owner's identity or internal structure.ownerIdnulled only on public pathPapertype always carriesownerId. ThepublicPaperSchemamarks it.nullable()butserializePublicPaperfor non-blind papers setsownerId: null— good. However, thepaperSchemastill includesownerIdas required string, so any code path that returns a rawPaperinstead ofPublicPaperwould leak ownership. No such path exists today, but there's no compile-time enforcement.authorProfilestripped, but the commentbodycould contain self-identifying text ("As I showed in my ICML 2025 paper..."). TheisBlindSafeflag is hardcodedtrue— no content analysis is performed.reviewerProfilenot anonymizedcreatePeerReview(index.ts:766) storesviewer.profileasreviewerProfile. For blind-mode submissions, reviewer identity is fully visible. This may be intentional (single-blind), but it's not documented.readDemoState/writeDemoStateuses read-modify-write on a JSON file with no locking. Concurrent requests can lose writes. Acceptable for demo, not for production.slugas side-channelslugify(title)-random4). Not identity-leaking, but the 4-char random suffix is weak against enumeration.Verdict
The blind-mode serialization boundary is well-structured and the assertion guard is a good defense-in-depth pattern. The main gap is
storageKeyleaking through the blind serialization — that should be scrubbed alongsidefileName. The reviewer identity question for peer reviews needs a product decision (single-blind vs double-blind) documented explicitly.