pathsafe 1.0.2__tar.gz → 1.0.4__tar.gz

{pathsafe-1.0.2 → pathsafe-1.0.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pathsafe
-Version: 1.0.2
+Version: 1.0.4
 Summary: Production-tested WSI anonymizer for pathology slide files
 Author: PathSafe Contributors
 License-Expression: Apache-2.0
@@ -41,11 +41,17 @@ Dynamic: license-file
 
 # PathSafe
 
+<p align="center">
+  <img src="pathsafe/assets/icon.png" alt="PathSafe icon" width="180">
+</p>
+
 **Remove patient information from pathology slide files... safely, automatically, and verifiably.**
 
 When pathology scanners create digital slide files, they often embed hidden patient data inside the file: accession numbers, scan dates, operator names, and even photographs of the slide label. This information is invisible when viewing the slide image, but anyone with the right tools can extract it. PathSafe finds and removes all of this hidden data so your slides are safe to share for research or education.
 
-PathSafe works with all major scanner brands, can process thousands of files at once, and double-checks its own work to make sure nothing was missed.
+PathSafe works with all major scanner brands, can process thousands of files at once, and can double-check its own work to make sure nothing was missed.
+
+> **v1.0.4 released** — Faster default runs (verify and checksum now opt-in), real-time per-phase progress in the GUI, I/O concurrency control for large batches, and a new SHA-256 checksum option.
 
 ---
 
@@ -57,7 +63,7 @@ PathSafe works with all major scanner brands, can process thousands of files at
 | **Works with all major scanners** | Hamamatsu (NDPI), Aperio (SVS), 3DHISTECH (MRXS), Roche/Ventana (BIF), Leica (SCN), DICOM, and other TIFF-based files |
 | **Erases label photos** | Many scanners take a photo of the physical slide label (which may show patient names) and hide it inside the file. PathSafe erases these photos |
 | **Keeps your originals safe** | PathSafe creates cleaned copies in a separate folder, so your original files are never touched |
-| **Double-checks everything** | After cleaning, PathSafe re-scans every file to confirm all patient data was actually removed |
+| **Double-checks everything** | Use Scan or Verify on your output folder to confirm all patient data was removed |
 | **Creates compliance reports** | Generates PDF reports and certificates documenting exactly what was found, what was removed, and proof that each file is clean |
 | **Easy to use** | A visual interface guides you through four simple steps with no typing commands required |
 | **Handles large batches** | Process hundreds or thousands of slides at once, with parallel processing to speed things up |
@@ -76,6 +82,18 @@ Download the installer for your platform. It creates a desktop shortcut and adds
 | **macOS** | [pathsafe-gui-macos.dmg](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-macos.dmg) |
 | **Linux** | [pathsafe-gui-linux.AppImage](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-linux.AppImage) |
 
+**General note**: Code-signing certificates for Windows and macOS are in the process of being added. Until then, your OS may show a first-run warning.
+
+**Windows note**: Windows may show a "Windows protected your PC" warning the first time. Click "More info" then "Run anyway".
+
+**macOS note**: After downloading, drag into your applications folder and input the following into the terminal:
+
+**sudo xattr -rd com.apple.quarantine "/Applications/PathSafe.app"**
+
+**open "/Applications/PathSafe.app"**
+
+**Linux note**: You may need to right-click > properties, and choose "Open/execute as program" the first time, or run `chmod +x` on the downloaded file.
+
 ### Option 2: Standalone executable (no installation needed)
 
 A single portable file you can run from anywhere, including USB drives.
@@ -86,38 +104,55 @@ A single portable file you can run from anywhere, including USB drives.
 | **macOS** | [pathsafe-gui-macos.dmg](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-macos.dmg) |
 | **Linux** | [pathsafe-gui-linux.AppImage](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-linux.AppImage) |
 
-**Windows note**: Windows may show a "Windows protected your PC" warning the first time. Click "More info" then "Run anyway".
+### Alternative: Install with Python
 
-**macOS note**: After downloading, drag into your applications folder and input the following into the terminal:
+For users who have Python installed (version 3.9 or newer):
+
+```
+pip install pathsafe[gui]
+```
 
-sudo xattr -rd com.apple.quarantine "/Applications/PathSafe.app"
+Then launch with `pathsafe gui` or use `pathsafe` for the command line.
 
-open "/Applications/PathSafe.app"
+### Uninstallation (Windows, macOS, Linux)
 
-**Linux note**: You may need to right-click > properties, and choose "Open/execute as program" the first time, or run `chmod +x` on the downloaded file.
+Use the steps below based on how PathSafe was installed.
 
-### Alternative: Install with Python
+#### Windows
 
-For users who have Python installed (version 3.9 or newer):
+- **Installed with `PathSafe-Setup.exe`**: Open **Settings > Apps > Installed apps**, find **PathSafe**, then click **Uninstall**.
+- **Standalone `pathsafe-gui-windows.exe`**: Delete the `.exe` file and any shortcuts you created.
+- **Optional settings cleanup**: Remove `HKEY_CURRENT_USER\Software\PathSafe\PathSafe` from the registry.
+
+#### macOS
 
+- **Installed app (`PathSafe.app`)**: Move `/Applications/PathSafe.app` to Trash, then empty Trash.
+- Delete any downloaded `.dmg` file if no longer needed.
+- **Optional settings cleanup**:
+
+```bash
+rm -f ~/Library/Preferences/com.PathSafe.PathSafe.plist
 ```
-pip install pathsafe[gui]
+
+#### Linux
+
+- **AppImage install**: Delete the `pathsafe-gui-linux.AppImage` file.
+- If you created desktop integration entries manually, delete those launcher/icon files from `~/.local/share/applications` and `~/.local/share/icons` if present.
+- **Optional settings cleanup**:
+
+```bash
+rm -f ~/.config/PathSafe/PathSafe.conf
 ```
 
-Then launch with `pathsafe gui` or use `pathsafe` for the command line.
+#### Python install (any platform)
 
-<details>
-<summary>Optional add-ons (click to expand)</summary>
+If PathSafe was installed with `pip`:
 
-| Install command | What it adds |
-|----------------|-------------|
-| `pip install pathsafe[gui]` | Graphical interface (recommended) |
-| `pip install pathsafe[dicom]` | Support for DICOM WSI files |
-| `pip install pathsafe[openslide]` | Enhanced format detection via OpenSlide |
-| `pip install pathsafe[convert]` | Format conversion (change file types) |
-| `pip install pathsafe[all]` | All of the above |
+```bash
+python -m pip uninstall pathsafe
+```
 
-</details>
+If it was installed inside a virtual environment, activate that environment first, or remove the full environment directory.
 
 ---
 
@@ -141,7 +176,7 @@ Pick the output folder where your cleaned copies will go. A default location is
 
 ### Step 4: Anonymize
 
-Click **Anonymize**. PathSafe copies your files to the output folder, removes all patient data from the copies, and automatically double-checks that everything was removed. **Your original files are never modified.**
+Click **Anonymize**. PathSafe copies your files to the output folder and removes all patient data from the copies. **Your original files are never modified.**
 
 A summary popup tells you exactly what happened after each step.
 
@@ -155,6 +190,7 @@ A summary popup tells you exactly what happened after each step.
 | **Use keyboard shortcuts** | Ctrl+O (open files), Ctrl+Shift+O (open folder), Ctrl+S (scan), Ctrl+R (anonymize), Ctrl+E (verify), Ctrl+I (file info), Ctrl+T (convert), Ctrl+L (save log), Esc (stop) |
 | **Speed up large batches** | Increase the Workers slider (try 2-4) |
 | **Preview without changing anything** | Check the "Dry run" box |
+| **Generate SHA-256 checksums** | Check the "SHA-256 checksum" box for audit-trail hashes |
 | **Add your institution name** | Fill in the Institution field (it appears on PDF reports and is remembered) |
 | **Save your results** | Use Save Log or Export JSON in the Actions menu |
 | **Convert file formats** | Use the Convert tab to change between NDPI, SVS, TIFF, PNG, and JPEG |
@@ -257,8 +293,8 @@ pathsafe gui             Launch the graphical interface
 | `--certificate FILE` / `-c` | Generate a compliance certificate (JSON + PDF) |
 | `--institution NAME` / `-i` | Institution name for PDF certificate headers |
 | `--format FORMAT` | Only process files of a specific format |
-| `--no-verify` | Skip the automatic re-scan after anonymization |
-| `--no-verify-integrity` | Skip image integrity checking (enabled by default) |
+| `--verify-integrity` | Verify image tile data integrity via SHA-256 checksums (off by default) |
+| `--checksum` | Compute SHA-256 checksum of each output file (off by default) |
 | `--no-reset-timestamps` | Keep original file timestamps (reset by default) |
 | `--log FILE` | Save all output to a log file |
 
@@ -364,6 +400,18 @@ PathSafe implements **Level IV** anonymization as defined by [Bisson et al. (202
 
 ---
 
+## Independent Verification
+
+A standalone verification script is included in the `tools/` directory. This script uses no PathSafe code and independently verifies that anonymized files contain no remaining patient data. It parses the TIFF binary structure from scratch, checks every IFD for label and macro images, scans all string and binary metadata tags, looks for EXIF and GPS sub-IFDs, and runs regex patterns against the raw file bytes.
+
+```bash
+python tools/independent_scanner.py /path/to/anonymized/file.svs
+```
+
+No dependencies required beyond Python 3.9+.
+
+---
+
 ## Dependencies
 
 If you use the downloadable installers (`.exe`, `.dmg`, `.AppImage`), you do not need to install Python dependencies manually.
@@ -397,4 +445,9 @@ Optional packages add extra features:
 
 Apache 2.0
 
+Maintained by Fernando Soto, MD.
+
+
+
+
 

{pathsafe-1.0.2 → pathsafe-1.0.4}/README.md

@@ -1,10 +1,16 @@
 # PathSafe
 
+<p align="center">
+  <img src="pathsafe/assets/icon.png" alt="PathSafe icon" width="180">
+</p>
+
 **Remove patient information from pathology slide files... safely, automatically, and verifiably.**
 
 When pathology scanners create digital slide files, they often embed hidden patient data inside the file: accession numbers, scan dates, operator names, and even photographs of the slide label. This information is invisible when viewing the slide image, but anyone with the right tools can extract it. PathSafe finds and removes all of this hidden data so your slides are safe to share for research or education.
 
-PathSafe works with all major scanner brands, can process thousands of files at once, and double-checks its own work to make sure nothing was missed.
+PathSafe works with all major scanner brands, can process thousands of files at once, and can double-check its own work to make sure nothing was missed.
+
+> **v1.0.4 released** — Faster default runs (verify and checksum now opt-in), real-time per-phase progress in the GUI, I/O concurrency control for large batches, and a new SHA-256 checksum option.
 
 ---
 
@@ -16,7 +22,7 @@ PathSafe works with all major scanner brands, can process thousands of files at
 | **Works with all major scanners** | Hamamatsu (NDPI), Aperio (SVS), 3DHISTECH (MRXS), Roche/Ventana (BIF), Leica (SCN), DICOM, and other TIFF-based files |
 | **Erases label photos** | Many scanners take a photo of the physical slide label (which may show patient names) and hide it inside the file. PathSafe erases these photos |
 | **Keeps your originals safe** | PathSafe creates cleaned copies in a separate folder, so your original files are never touched |
-| **Double-checks everything** | After cleaning, PathSafe re-scans every file to confirm all patient data was actually removed |
+| **Double-checks everything** | Use Scan or Verify on your output folder to confirm all patient data was removed |
 | **Creates compliance reports** | Generates PDF reports and certificates documenting exactly what was found, what was removed, and proof that each file is clean |
 | **Easy to use** | A visual interface guides you through four simple steps with no typing commands required |
 | **Handles large batches** | Process hundreds or thousands of slides at once, with parallel processing to speed things up |
@@ -35,6 +41,18 @@ Download the installer for your platform. It creates a desktop shortcut and adds
 | **macOS** | [pathsafe-gui-macos.dmg](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-macos.dmg) |
 | **Linux** | [pathsafe-gui-linux.AppImage](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-linux.AppImage) |
 
+**General note**: Code-signing certificates for Windows and macOS are in the process of being added. Until then, your OS may show a first-run warning.
+
+**Windows note**: Windows may show a "Windows protected your PC" warning the first time. Click "More info" then "Run anyway".
+
+**macOS note**: After downloading, drag into your applications folder and input the following into the terminal:
+
+**sudo xattr -rd com.apple.quarantine "/Applications/PathSafe.app"**
+
+**open "/Applications/PathSafe.app"**
+
+**Linux note**: You may need to right-click > properties, and choose "Open/execute as program" the first time, or run `chmod +x` on the downloaded file.
+
 ### Option 2: Standalone executable (no installation needed)
 
 A single portable file you can run from anywhere, including USB drives.
@@ -45,38 +63,55 @@ A single portable file you can run from anywhere, including USB drives.
 | **macOS** | [pathsafe-gui-macos.dmg](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-macos.dmg) |
 | **Linux** | [pathsafe-gui-linux.AppImage](https://github.com/DrSoma/PathSafe/releases/latest/download/pathsafe-gui-linux.AppImage) |
 
-**Windows note**: Windows may show a "Windows protected your PC" warning the first time. Click "More info" then "Run anyway".
+### Alternative: Install with Python
 
-**macOS note**: After downloading, drag into your applications folder and input the following into the terminal:
+For users who have Python installed (version 3.9 or newer):
+
+```
+pip install pathsafe[gui]
+```
 
-sudo xattr -rd com.apple.quarantine "/Applications/PathSafe.app"
+Then launch with `pathsafe gui` or use `pathsafe` for the command line.
 
-open "/Applications/PathSafe.app"
+### Uninstallation (Windows, macOS, Linux)
 
-**Linux note**: You may need to right-click > properties, and choose "Open/execute as program" the first time, or run `chmod +x` on the downloaded file.
+Use the steps below based on how PathSafe was installed.
 
-### Alternative: Install with Python
+#### Windows
 
-For users who have Python installed (version 3.9 or newer):
+- **Installed with `PathSafe-Setup.exe`**: Open **Settings > Apps > Installed apps**, find **PathSafe**, then click **Uninstall**.
+- **Standalone `pathsafe-gui-windows.exe`**: Delete the `.exe` file and any shortcuts you created.
+- **Optional settings cleanup**: Remove `HKEY_CURRENT_USER\Software\PathSafe\PathSafe` from the registry.
+
+#### macOS
 
+- **Installed app (`PathSafe.app`)**: Move `/Applications/PathSafe.app` to Trash, then empty Trash.
+- Delete any downloaded `.dmg` file if no longer needed.
+- **Optional settings cleanup**:
+
+```bash
+rm -f ~/Library/Preferences/com.PathSafe.PathSafe.plist
 ```
-pip install pathsafe[gui]
+
+#### Linux
+
+- **AppImage install**: Delete the `pathsafe-gui-linux.AppImage` file.
+- If you created desktop integration entries manually, delete those launcher/icon files from `~/.local/share/applications` and `~/.local/share/icons` if present.
+- **Optional settings cleanup**:
+
+```bash
+rm -f ~/.config/PathSafe/PathSafe.conf
 ```
 
-Then launch with `pathsafe gui` or use `pathsafe` for the command line.
+#### Python install (any platform)
 
-<details>
-<summary>Optional add-ons (click to expand)</summary>
+If PathSafe was installed with `pip`:
 
-| Install command | What it adds |
-|----------------|-------------|
-| `pip install pathsafe[gui]` | Graphical interface (recommended) |
-| `pip install pathsafe[dicom]` | Support for DICOM WSI files |
-| `pip install pathsafe[openslide]` | Enhanced format detection via OpenSlide |
-| `pip install pathsafe[convert]` | Format conversion (change file types) |
-| `pip install pathsafe[all]` | All of the above |
+```bash
+python -m pip uninstall pathsafe
+```
 
-</details>
+If it was installed inside a virtual environment, activate that environment first, or remove the full environment directory.
 
 ---
 
@@ -100,7 +135,7 @@ Pick the output folder where your cleaned copies will go. A default location is
 
 ### Step 4: Anonymize
 
-Click **Anonymize**. PathSafe copies your files to the output folder, removes all patient data from the copies, and automatically double-checks that everything was removed. **Your original files are never modified.**
+Click **Anonymize**. PathSafe copies your files to the output folder and removes all patient data from the copies. **Your original files are never modified.**
 
 A summary popup tells you exactly what happened after each step.
 
@@ -114,6 +149,7 @@ A summary popup tells you exactly what happened after each step.
 | **Use keyboard shortcuts** | Ctrl+O (open files), Ctrl+Shift+O (open folder), Ctrl+S (scan), Ctrl+R (anonymize), Ctrl+E (verify), Ctrl+I (file info), Ctrl+T (convert), Ctrl+L (save log), Esc (stop) |
 | **Speed up large batches** | Increase the Workers slider (try 2-4) |
 | **Preview without changing anything** | Check the "Dry run" box |
+| **Generate SHA-256 checksums** | Check the "SHA-256 checksum" box for audit-trail hashes |
 | **Add your institution name** | Fill in the Institution field (it appears on PDF reports and is remembered) |
 | **Save your results** | Use Save Log or Export JSON in the Actions menu |
 | **Convert file formats** | Use the Convert tab to change between NDPI, SVS, TIFF, PNG, and JPEG |
@@ -216,8 +252,8 @@ pathsafe gui             Launch the graphical interface
 | `--certificate FILE` / `-c` | Generate a compliance certificate (JSON + PDF) |
 | `--institution NAME` / `-i` | Institution name for PDF certificate headers |
 | `--format FORMAT` | Only process files of a specific format |
-| `--no-verify` | Skip the automatic re-scan after anonymization |
-| `--no-verify-integrity` | Skip image integrity checking (enabled by default) |
+| `--verify-integrity` | Verify image tile data integrity via SHA-256 checksums (off by default) |
+| `--checksum` | Compute SHA-256 checksum of each output file (off by default) |
 | `--no-reset-timestamps` | Keep original file timestamps (reset by default) |
 | `--log FILE` | Save all output to a log file |
 
@@ -323,6 +359,18 @@ PathSafe implements **Level IV** anonymization as defined by [Bisson et al. (202
 
 ---
 
+## Independent Verification
+
+A standalone verification script is included in the `tools/` directory. This script uses no PathSafe code and independently verifies that anonymized files contain no remaining patient data. It parses the TIFF binary structure from scratch, checks every IFD for label and macro images, scans all string and binary metadata tags, looks for EXIF and GPS sub-IFDs, and runs regex patterns against the raw file bytes.
+
+```bash
+python tools/independent_scanner.py /path/to/anonymized/file.svs
+```
+
+No dependencies required beyond Python 3.9+.
+
+---
+
 ## Dependencies
 
 If you use the downloadable installers (`.exe`, `.dmg`, `.AppImage`), you do not need to install Python dependencies manually.
@@ -356,4 +404,9 @@ Optional packages add extra features:
 
 Apache 2.0
 
+Maintained by Fernando Soto, MD.
+
+
+
+
 

{pathsafe-1.0.2 → pathsafe-1.0.4}/pathsafe/__init__.py

@@ -1,6 +1,6 @@
 """PathSafe -- Production-tested WSI anonymizer for pathology slide files."""
 
-__version__ = "1.0.2"
+__version__ = "1.0.4"
 
 from pathsafe.models import (
     AnonymizationResult,

{pathsafe-1.0.2 → pathsafe-1.0.4}/pathsafe/anonymizer.py

@@ -139,10 +139,13 @@ def _verify_image_integrity(filepath: Path, pre_hashes: dict) -> Optional[bool]:
 def anonymize_file(
     filepath: Path,
     output_path: Optional[Path] = None,
-    verify: bool = True,
+    verify: bool = False,
     dry_run: bool = False,
     reset_timestamps: bool = False,
     verify_integrity: bool = False,
+    phase_callback: Optional[Callable] = None,
+    io_semaphore: Optional[threading.Semaphore] = None,
+    compute_checksum: bool = False,
 ) -> AnonymizationResult:
     """Anonymize a single WSI file.
 
@@ -181,6 +184,8 @@ def anonymize_file(
 
     if dry_run:
         # Just scan, report what would be done
+        if phase_callback:
+            phase_callback("Scanning", filepath)
         scan_result = handler.scan(filepath)
         elapsed = (time.monotonic() - t0) * 1000
         return AnonymizationResult(
@@ -188,28 +193,63 @@ def anonymize_file(
             output_path=target,
             mode=mode,
             findings_cleared=len(scan_result.findings),
+            findings=scan_result.findings,
             verified=False,
             anonymization_time_ms=elapsed,
         )
 
     # Copy mode: copy file to output path first
     if mode == "copy":
-        target.parent.mkdir(parents=True, exist_ok=True)
-        shutil.copy2(str(filepath), str(target))
-        # MRXS: also copy companion data directory (slide/ next to slide.mrxs)
-        companion_dir = filepath.parent / filepath.stem
-        if companion_dir.is_dir():
-            target_companion = target.parent / target.stem
-            if not target_companion.exists():
-                shutil.copytree(str(companion_dir), str(target_companion))
+        if io_semaphore:
+            io_semaphore.acquire()
+        try:
+            if phase_callback:
+                phase_callback("Copying", filepath)
+            target.parent.mkdir(parents=True, exist_ok=True)
+            # Chunked copy with sub-progress reporting
+            src_size = os.path.getsize(str(filepath))
+            copied = 0
+            last_pct = -1
+            with open(str(filepath), 'rb') as fsrc, open(str(target), 'wb') as fdst:
+                while True:
+                    buf = fsrc.read(1_048_576)  # 1 MB chunks
+                    if not buf:
+                        break
+                    fdst.write(buf)
+                    copied += len(buf)
+                    if phase_callback and src_size > 0:
+                        new_pct = int(copied * 100 / src_size)
+                        if new_pct > last_pct:
+                            last_pct = new_pct
+                            phase_callback("Copying", filepath, copied / src_size)
+            shutil.copystat(str(filepath), str(target))
+            # MRXS: also copy companion data directory (slide/ next to slide.mrxs)
+            companion_dir = filepath.parent / filepath.stem
+            if companion_dir.is_dir():
+                target_companion = target.parent / target.stem
+                if not target_companion.exists():
+                    shutil.copytree(str(companion_dir), str(target_companion))
+        finally:
+            if io_semaphore:
+                io_semaphore.release()
 
     # Pre-hash tile data for integrity verification
     pre_hashes = {}
     if verify_integrity and not dry_run:
-        from pathsafe.tiff import compute_image_hashes
-        pre_hashes = compute_image_hashes(target)
+        if io_semaphore:
+            io_semaphore.acquire()
+        try:
+            if phase_callback:
+                phase_callback("Hashing tiles", filepath)
+            from pathsafe.tiff import compute_image_hashes
+            pre_hashes = compute_image_hashes(target)
+        finally:
+            if io_semaphore:
+                io_semaphore.release()
 
     # Anonymize
+    if phase_callback:
+        phase_callback("Anonymizing", filepath)
     try:
         findings = handler.anonymize(target)
     except Exception as e:
@@ -232,11 +272,21 @@ def anonymize_file(
     # Verify image tile data integrity
     integrity_result = None
     if verify_integrity and not dry_run:
-        integrity_result = _verify_image_integrity(target, pre_hashes)
+        if io_semaphore:
+            io_semaphore.acquire()
+        try:
+            if phase_callback:
+                phase_callback("Verifying integrity", filepath)
+            integrity_result = _verify_image_integrity(target, pre_hashes)
+        finally:
+            if io_semaphore:
+                io_semaphore.release()
 
     # Verify -- always re-scan when verify is enabled (not just when findings > 0)
     verified = False
     if verify:
+        if phase_callback:
+            phase_callback("Verifying clean", filepath)
         from pathsafe.verify import verify_file
         verify_result = verify_file(target)
         verified = verify_result.is_clean and not verify_result.error
@@ -245,20 +295,37 @@ def anonymize_file(
     from pathsafe.scanner import scan_filename_for_phi
     filename_has_phi = len(scan_filename_for_phi(target)) > 0
 
-    # Compute SHA-256 of the final output file (before timestamp reset
-    # so that opening the file doesn't update st_atime after reset)
+    # Finalize: compute SHA-256 (only when requested) and reset timestamps
     file_sha256 = None
-    try:
-        h = hashlib.sha256()
-        with open(str(target), 'rb') as fh:
-            while True:
-                chunk = fh.read(65536)
-                if not chunk:
-                    break
-                h.update(chunk)
-        file_sha256 = h.hexdigest()
-    except (OSError, FileNotFoundError):
-        pass
+    if compute_checksum:
+        if io_semaphore:
+            io_semaphore.acquire()
+        try:
+            if phase_callback:
+                phase_callback("Finalizing", filepath)
+            try:
+                target_size = os.path.getsize(str(target))
+                h = hashlib.sha256()
+                hashed = 0
+                last_pct = -1
+                with open(str(target), 'rb') as fh:
+                    while True:
+                        chunk = fh.read(65536)
+                        if not chunk:
+                            break
+                        h.update(chunk)
+                        hashed += len(chunk)
+                        if phase_callback and target_size > 0:
+                            new_pct = int(hashed * 100 / target_size)
+                            if new_pct > last_pct:
+                                last_pct = new_pct
+                                phase_callback("Finalizing", filepath, hashed / target_size)
+                file_sha256 = h.hexdigest()
+            except (OSError, FileNotFoundError):
+                pass
+        finally:
+            if io_semaphore:
+                io_semaphore.release()
 
     # Reset filesystem timestamps to epoch (removes temporal PHI)
     if reset_timestamps:
@@ -285,7 +352,8 @@ def anonymize_file(
     elapsed = (time.monotonic() - t0) * 1000
     return AnonymizationResult(
         source_path=filepath, output_path=target, mode=mode,
-        findings_cleared=len(findings), verified=verified,
+        findings_cleared=len(findings), findings=findings,
+        verified=verified,
         anonymization_time_ms=elapsed,
         image_integrity_verified=integrity_result,
         filename_has_phi=filename_has_phi,
@@ -335,7 +403,7 @@ def collect_wsi_files(path: Path, format_filter: Optional[str] = None) -> List[P
 def anonymize_batch(
     input_path: Path,
     output_dir: Optional[Path] = None,
-    verify: bool = True,
+    verify: bool = False,
     dry_run: bool = False,
     format_filter: Optional[str] = None,
     progress_callback: Optional[Callable] = None,
@@ -344,6 +412,8 @@ def anonymize_batch(
     verify_integrity: bool = False,
     stop_check: Optional[Callable] = None,
     file_list: Optional[List[Path]] = None,
+    phase_callback: Optional[Callable] = None,
+    compute_checksum: bool = False,
 ) -> BatchResult:
     """Anonymize a batch of WSI files.
 
@@ -359,6 +429,7 @@ def anonymize_batch(
         verify_integrity: If True, verify image tile data integrity via SHA-256.
         stop_check: Optional callable returning True to abort immediately.
         file_list: If provided, use these files instead of collecting from input_path.
+        phase_callback: Called with (phase_name, filepath) at each processing phase.
 
     Returns:
         BatchResult with summary statistics.
@@ -390,11 +461,13 @@ def anonymize_batch(
     if workers > 1 and total > 1:
         results = _batch_parallel(file_pairs, verify, dry_run, workers,
                                   progress_callback, batch, reset_timestamps,
-                                  verify_integrity, stop_check)
+                                  verify_integrity, stop_check,
+                                  phase_callback, compute_checksum)
     else:
         results = _batch_sequential(file_pairs, verify, dry_run,
                                     progress_callback, batch, reset_timestamps,
-                                    verify_integrity, stop_check)
+                                    verify_integrity, stop_check,
+                                    phase_callback, compute_checksum)
 
     batch.results = results
     batch.total_time_seconds = time.monotonic() - t0
@@ -410,6 +483,8 @@ def _batch_sequential(
     reset_timestamps: bool = False,
     verify_integrity: bool = False,
     stop_check: Optional[Callable] = None,
+    phase_callback: Optional[Callable] = None,
+    compute_checksum: bool = False,
 ) -> List[AnonymizationResult]:
     """Process files sequentially."""
     results = []
@@ -422,7 +497,9 @@ def _batch_sequential(
             result = anonymize_file(filepath, output_path=out, verify=verify,
                                     dry_run=dry_run,
                                     reset_timestamps=reset_timestamps,
-                                    verify_integrity=verify_integrity)
+                                    verify_integrity=verify_integrity,
+                                    phase_callback=phase_callback,
+                                    compute_checksum=compute_checksum)
         except Exception as e:
             result = AnonymizationResult(
                 source_path=filepath,
@@ -450,6 +527,8 @@ def _batch_parallel(
     reset_timestamps: bool = False,
     verify_integrity: bool = False,
     stop_check: Optional[Callable] = None,
+    phase_callback: Optional[Callable] = None,
+    compute_checksum: bool = False,
 ) -> List[AnonymizationResult]:
     """Process files in parallel using a thread pool.
 
@@ -457,6 +536,9 @@ def _batch_parallel(
     submission order for deterministic output.
     """
     total = len(file_pairs)
+    workers = min(workers, total)  # no point creating more threads than files
+    # Cap concurrent I/O to 1 to prevent disk thrashing (single disk)
+    io_semaphore = threading.Semaphore(1)
     # Pre-allocate results list to maintain order
     results = [None] * total
     lock = threading.Lock()
@@ -467,7 +549,10 @@ def _batch_parallel(
             return index, anonymize_file(filepath, output_path=out,
                                          verify=verify, dry_run=dry_run,
                                          reset_timestamps=reset_timestamps,
-                                         verify_integrity=verify_integrity)
+                                         verify_integrity=verify_integrity,
+                                         phase_callback=phase_callback,
+                                         io_semaphore=io_semaphore,
+                                         compute_checksum=compute_checksum)
         except Exception as e:
             return index, AnonymizationResult(
                 source_path=filepath,