Gate claim search (D2): masked-email disambiguator (name-only search)#1073
Merged
Merged
Conversation
… search) Fixes the "many Pauls" problem (nobodies-collective#907): the claim search matched burner-name only with no disambiguator. Each result now shows a masked email (paul.smith@gmail.com -> p•••h@gmail.com) as a Detail sub-line, alongside the existing photo. Privacy: only a verified, OWNER-MADE-ORG-PUBLIC (AllActiveProfiles) email is ever surfaced — never a Board/coordinator/team-scoped address or a GDPR/merge tombstone — so nothing sensitive lands on the shared, role-less kiosk. If a person has no org-public email, the picker shows no disambiguator (photo still helps). Search stays name-only (PersonSearchFields.Name) — no email input, no confirmation oracle. The email is read per result (cached) and masked at the presentation layer, so the search and its response shape stay email-free. Mirrors the existing BuildSupervisorOptionsAsync loop; no new service/DTO surface; the picker view already renders Detail. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
39328c0 to
847cf06
Compare
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase D2 of the gate claim/PIN UX rework. Fixes nobodies-collective#907 (the "many Pauls" problem): the claim picker matched burner name only and showed no disambiguator, so same-named staff were indistinguishable.
What this does
Each claim-search result now shows a masked email as a disambiguator (plus the existing photo).
paul.smith@gmail.com→p•••h@gmail.com.AllActiveProfiles) visibility is ever surfaced — never a Board/coordinator/team-scoped address or a GDPR/merge tombstone. So nothing sensitive lands on the shared, role-lessGateTerminalkiosk. If a person has no org-public email, the picker shows no disambiguator (the photo still helps). This mirrors the codebase's Bio-bucket public-email rule.PersonSearchFields.Name) — you can't type an email to search, so there's no email-confirmation oracle.GetUserInfoAsync) and masked at the presentation layer, so the search and its response shape stay email-free. Mirrors the existingBuildSupervisorOptionsAsyncloop — no new service/DTO surface. The picker view already rendersDetail.Your call, Peter
The org-public restriction is deliberately conservative — it means the email hint only shows for people who made an address org-public, which may be few. If you want broader coverage (e.g. show any verified email, masked, accepting a bounded privacy posture on the kiosk), that's a one-line change — your call. Flagging rather than assuming.
Verification
Build clean · gate tests green ·
dotnet formatclean. Live-verified on the tablet viewport: aBoardOnlydev email correctly showed no hint; the same account switched to org-public then renderedd•••r@localhost. Peer-reviewed — this PR already folds in the reviewer's privacy fix (visibility filter) and tombstone guard.Not for merge without your review.
🤖 Generated with Claude Code