It should be impossible to submit endorsements from an invalid user. Page save validation should test the user string.
Meanwhile, let's look at the user schema again.
20:09 <+halfak> what about "user: {gui: 123}" or "user: {ip: "123.110.0.1"}"? 20:09 <+halfak> That looks like the XML dump format to me
Let's do that. In fact, from https://www.mediawiki.org/xml/export-0.10.xsd
<element name="username" type="string" minOccurs="0"/> <element name="id" type="nonNegativeInteger" minOccurs="0"/> <element name="ip" type="string" minOccurs="0"/>
It would be even nicer if we support that exact schema for identifying users. Before we can do that, we need to confirm whether the hooks to suppress nasty usernames and handle renames can be integrated with JADE JSON.