cellstate_core/

redaction.rs

//! PII Redaction Types and Verification Registry
//!
//! This module provides the core types for PII redaction and the server-side
//! verification registry. Under Option A, the client scrubs + encrypts;
//! the server verifies consistency and stores ciphertext.
//!
//! # Key types
//!
//! - [`ScrubbedText`]: Text that has been through redaction. Private constructor.
//! - [`ScrubbedPayload`]: JSON payload that has been through redaction. Private constructor.
//! - [`RedactionManifest`]: Describes what was redacted (spans + vault inserts).
//! - [`RedactionRegistry`]: Server-side verifier + egress guard + redact-only fallback.

use serde::{Deserialize, Serialize};
use std::fmt;
use std::sync::OnceLock;
use uuid::Uuid;

// ============================================================================
// PII TYPE CLASSIFICATION
// ============================================================================

/// PII type classification for detected sensitive data.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum PiiType {
    Ssn,
    CreditCard,
    Email,
    Phone,
    AwsKey,
    PrivateKey,
    ConnectionString,
    Password,
    ApiKey,
    ServerPath,
    Custom,
}

impl fmt::Display for PiiType {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::Ssn => write!(f, "ssn"),
            Self::CreditCard => write!(f, "credit_card"),
            Self::Email => write!(f, "email"),
            Self::Phone => write!(f, "phone"),
            Self::AwsKey => write!(f, "aws_key"),
            Self::PrivateKey => write!(f, "private_key"),
            Self::ConnectionString => write!(f, "connection_string"),
            Self::Password => write!(f, "password"),
            Self::ApiKey => write!(f, "api_key"),
            Self::ServerPath => write!(f, "server_path"),
            Self::Custom => write!(f, "custom"),
        }
    }
}

// ============================================================================
// REDACTION SPAN
// ============================================================================

/// A single detected PII span within text.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct RedactionSpan {
    /// Unique token identifying this redacted value (links to vault).
    pub token_id: Uuid,
    /// Classification of the detected PII.
    pub pii_type: PiiType,
    /// Placeholder string inserted into the scrubbed text (e.g. `[REDACTED:ssn:abc12345]`).
    pub placeholder: String,
    /// Confidence score from the detector (0.0–1.0).
    pub confidence: f32,
}

// ============================================================================
// VAULT INSERT
// ============================================================================

/// Client-encrypted value for vault storage.
///
/// Produced by client-side WebCrypto. The server stores these as opaque bytes
/// and **never** generates ciphertext or holds decryption keys.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct VaultInsert {
    /// Token ID linking this ciphertext to a [`RedactionSpan`].
    pub token_id: Uuid,
    /// Classification of the encrypted PII.
    pub pii_type: PiiType,
    /// Client-side WebCrypto-encrypted original value.
    pub ciphertext: Vec<u8>,
}

// ============================================================================
// REDACTION MANIFEST
// ============================================================================

/// Manifest describing what was redacted. Accompanies scrubbed text.
///
/// NOTE: No `source_hash`. Hashing originals leaks low-entropy secrets
/// (SSN, phone numbers) via brute-force. Dropped by design.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct RedactionManifest {
    /// All PII spans detected and redacted.
    pub spans: Vec<RedactionSpan>,
    /// Client-encrypted vault inserts for spans that require reveal capability.
    pub vault_inserts: Vec<VaultInsert>,
}

impl RedactionManifest {
    /// Create an empty manifest (no redactions applied).
    pub fn empty() -> Self {
        Self {
            spans: Vec::new(),
            vault_inserts: Vec::new(),
        }
    }

    /// Whether any PII was detected and redacted.
    pub fn has_redactions(&self) -> bool {
        !self.spans.is_empty()
    }

    /// Count of redacted spans.
    pub fn span_count(&self) -> usize {
        self.spans.len()
    }

    /// Distinct PII types found.
    pub fn pii_types(&self) -> Vec<PiiType> {
        let mut types: Vec<PiiType> = self.spans.iter().map(|s| s.pii_type).collect();
        types.sort_by_key(|t| *t as u8);
        types.dedup();
        types
    }

    /// Token IDs for all redacted spans.
    pub fn token_ids(&self) -> Vec<Uuid> {
        self.spans.iter().map(|s| s.token_id).collect()
    }
}

// ============================================================================
// SCRUBBED TEXT
// ============================================================================

/// Text that has been through PII redaction.
///
/// **No public constructor.** Only produced by:
/// - Client-side `RedactionEngine` (primary path under Option A)
/// - Server-side `RedactionRegistry::scrub_redact_only()` (fallback for server-originated text)
/// - `ScrubbedText::from_verified()` (for text verified clean by the registry)
///
/// Implements `Clone` (once scrubbed, it's safe). Does NOT implement `AsRef<str>`.
#[derive(Clone, PartialEq, Serialize, Deserialize)]
pub struct ScrubbedText {
    text: String,
    manifest: RedactionManifest,
}

impl ScrubbedText {
    /// Access the redacted text content.
    pub fn as_redacted_str(&self) -> &str {
        &self.text
    }

    /// Access the redaction manifest.
    pub fn manifest(&self) -> &RedactionManifest {
        &self.manifest
    }

    /// Consume into the inner redacted string.
    pub fn into_string(self) -> String {
        self.text
    }

    /// Construct from text that has been verified clean by the registry.
    ///
    /// This is a `pub(crate)` constructor — only `RedactionRegistry` methods
    /// and tests within this crate can call it.
    pub(crate) fn new_verified(text: String, manifest: RedactionManifest) -> Self {
        Self { text, manifest }
    }
}

impl fmt::Debug for ScrubbedText {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "ScrubbedText(\"{}\")", self.text)
    }
}

impl fmt::Display for ScrubbedText {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str(&self.text)
    }
}

// ============================================================================
// SCRUBBED PAYLOAD
// ============================================================================

/// JSON payload that has been through PII redaction.
///
/// **No public constructor.** Same enforcement as [`ScrubbedText`].
#[derive(Clone, PartialEq, Serialize, Deserialize)]
pub struct ScrubbedPayload {
    value: serde_json::Value,
    manifest: RedactionManifest,
}

impl ScrubbedPayload {
    /// Access the redacted JSON value.
    pub fn as_value(&self) -> &serde_json::Value {
        &self.value
    }

    /// Access the redaction manifest.
    pub fn manifest(&self) -> &RedactionManifest {
        &self.manifest
    }

    /// Consume into the inner JSON value.
    pub fn into_value(self) -> serde_json::Value {
        self.value
    }

    /// Construct from a payload that has been verified clean.
    pub(crate) fn new_verified(value: serde_json::Value, manifest: RedactionManifest) -> Self {
        Self { value, manifest }
    }
}

impl fmt::Debug for ScrubbedPayload {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "ScrubbedPayload({} redactions)",
            self.manifest.span_count()
        )
    }
}

// ============================================================================
// VIOLATION TYPES
// ============================================================================

/// A PII pattern detected during verification (text claimed scrubbed but isn't).
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct PiiViolation {
    /// The type of PII that was detected.
    pub pii_type: PiiType,
    /// Byte offset where the violation starts (for diagnostics, never logged with value).
    pub byte_offset: usize,
    /// Length of the matched region in bytes.
    pub byte_len: usize,
    /// Confidence score of the detection.
    pub confidence: f32,
}

/// A consistency violation between manifest and payload.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct ManifestViolation {
    /// Human-readable description of the violation.
    pub reason: String,
    /// Token ID involved (if applicable).
    pub token_id: Option<Uuid>,
}

// ============================================================================
// PII DETECTOR (compiled regex)
// ============================================================================

/// A single PII detector: a compiled regex + metadata.
struct PiiDetector {
    pii_type: PiiType,
    regex: regex::Regex,
    confidence: f32,
}

/// Compiled detectors, built once at startup.
fn default_detectors() -> &'static [PiiDetector] {
    static DETECTORS: OnceLock<Vec<PiiDetector>> = OnceLock::new();
    DETECTORS.get_or_init(|| {
        vec![
            // SSN: 123-45-6789
            PiiDetector {
                pii_type: PiiType::Ssn,
                regex: regex::Regex::new(r"\b\d{3}-\d{2}-\d{4}\b").expect("valid SSN regex"),
                confidence: 0.95,
            },
            // Credit card: Visa (4xxx) or Mastercard (51-55xx)
            PiiDetector {
                pii_type: PiiType::CreditCard,
                regex: regex::Regex::new(r"\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})\b")
                    .expect("valid credit card regex"),
                confidence: 0.90,
            },
            // Email
            PiiDetector {
                pii_type: PiiType::Email,
                regex: regex::Regex::new(r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b")
                    .expect("valid email regex"),
                confidence: 0.85,
            },
            // Phone: US formats (xxx-xxx-xxxx, (xxx) xxx-xxxx, +1xxxxxxxxxx)
            PiiDetector {
                pii_type: PiiType::Phone,
                regex: regex::Regex::new(r"\b(?:\+1[-.]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b")
                    .expect("valid phone regex"),
                confidence: 0.80,
            },
            // AWS access key: AKIA followed by 16 uppercase alphanumeric
            PiiDetector {
                pii_type: PiiType::AwsKey,
                regex: regex::Regex::new(r"AKIA[0-9A-Z]{16}").expect("valid AWS key regex"),
                confidence: 0.95,
            },
            // Private key headers
            PiiDetector {
                pii_type: PiiType::PrivateKey,
                regex: regex::Regex::new(r"-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----")
                    .expect("valid private key regex"),
                confidence: 0.99,
            },
            // Connection strings: postgres://, mysql://, mongodb://, redis://
            PiiDetector {
                pii_type: PiiType::ConnectionString,
                regex: regex::Regex::new(
                    r"(?i)(?:postgres|mysql|mongodb|redis)://[^:]+:[^@]+@[^/\s]+",
                )
                .expect("valid connection string regex"),
                confidence: 0.95,
            },
            // Password in key=value or key: "value" patterns
            PiiDetector {
                pii_type: PiiType::Password,
                regex: regex::Regex::new(r#"(?i)password["']?\s*[:=]\s*["'][^"']+["']"#)
                    .expect("valid password pattern regex"),
                confidence: 0.85,
            },
            // API key in key=value patterns
            PiiDetector {
                pii_type: PiiType::ApiKey,
                regex: regex::Regex::new(r#"(?i)api[_-]?key["']?\s*[:=]\s*["'][^"']+["']"#)
                    .expect("valid API key pattern regex"),
                confidence: 0.85,
            },
            // Server paths (Unix)
            PiiDetector {
                pii_type: PiiType::ServerPath,
                regex: regex::Regex::new(r"/(?:home|var|usr|etc)/[a-zA-Z0-9_-]+/")
                    .expect("valid server path regex"),
                confidence: 0.70,
            },
        ]
    })
}

// ============================================================================
// REDACTION REGISTRY
// ============================================================================

/// Server-side PII verification registry and egress guard.
///
/// Under Option A, the client performs primary scrubbing. The registry's role:
/// 1. **Verify**: Check that text claimed to be scrubbed has no surviving PII.
/// 2. **Verify manifest**: Check consistency between manifest and payload.
/// 3. **Scrub (redact-only)**: Fallback for server-originated text where
///    client-side scrubbing wasn't possible. No vault inserts — permanent redaction.
pub struct RedactionRegistry {
    confidence_threshold: f32,
}

impl RedactionRegistry {
    /// Create a registry with default detectors and the given confidence threshold.
    pub fn with_defaults(confidence_threshold: f32) -> Self {
        // Force lazy init of compiled regexes at construction time
        let _ = default_detectors();
        Self {
            confidence_threshold,
        }
    }

    /// Default confidence threshold (0.8).
    pub fn default_threshold() -> f32 {
        0.8
    }

    /// VERIFY: Check that text claimed to be scrubbed has no surviving PII.
    ///
    /// Returns a list of violations (empty = text is clean).
    pub fn verify(&self, text: &str, confidence_threshold: f32) -> Vec<PiiViolation> {
        let mut violations = Vec::new();
        for detector in default_detectors() {
            if detector.confidence < confidence_threshold {
                continue;
            }
            for m in detector.regex.find_iter(text) {
                violations.push(PiiViolation {
                    pii_type: detector.pii_type,
                    byte_offset: m.start(),
                    byte_len: m.len(),
                    confidence: detector.confidence,
                });
            }
        }
        violations
    }

    /// VERIFY MANIFEST: Check that a manifest is consistent with a JSON payload.
    ///
    /// Checks:
    /// - Every span's placeholder string exists in the serialized payload.
    /// - Every span whose PII type requires encryption has a matching vault_insert.
    pub fn verify_manifest(
        &self,
        payload: &serde_json::Value,
        manifest: &RedactionManifest,
    ) -> Result<(), Vec<ManifestViolation>> {
        let mut violations = Vec::new();
        let payload_text = payload.to_string();

        for span in &manifest.spans {
            // Check placeholder exists in payload
            if !payload_text.contains(&span.placeholder) {
                violations.push(ManifestViolation {
                    reason: format!("placeholder '{}' not found in payload", span.placeholder),
                    token_id: Some(span.token_id),
                });
            }

            // Check vault insert exists for encrypted types
            if requires_vault_insert(span.pii_type) {
                let has_insert = manifest
                    .vault_inserts
                    .iter()
                    .any(|vi| vi.token_id == span.token_id);
                if !has_insert {
                    violations.push(ManifestViolation {
                        reason: format!(
                            "span {} ({}) requires vault insert but none provided",
                            span.token_id, span.pii_type
                        ),
                        token_id: Some(span.token_id),
                    });
                }
            }
        }

        // Check for orphan vault inserts (insert without matching span)
        for vi in &manifest.vault_inserts {
            let has_span = manifest.spans.iter().any(|s| s.token_id == vi.token_id);
            if !has_span {
                violations.push(ManifestViolation {
                    reason: format!("vault insert {} has no matching span", vi.token_id),
                    token_id: Some(vi.token_id),
                });
            }
        }

        if violations.is_empty() {
            Ok(())
        } else {
            Err(violations)
        }
    }

    /// SCRUB (server-side, redact-only): For server-originated text where
    /// client-side scrubbing wasn't possible.
    ///
    /// No vault inserts are produced — these redactions are **permanent**
    /// (no reveal possible). Use this only for server-generated content.
    pub fn scrub_redact_only(&self, text: &str, threshold: f32) -> ScrubbedText {
        let detectors = default_detectors();
        let mut matches = Vec::new();

        for detector in detectors {
            if detector.confidence < threshold {
                continue;
            }
            for m in detector.regex.find_iter(text) {
                matches.push(DetectedMatch {
                    pii_type: detector.pii_type,
                    start: m.start(),
                    end: m.end(),
                    confidence: detector.confidence,
                });
            }
        }

        // Sort by start position, then longest match wins for overlaps
        matches.sort_by(|a, b| a.start.cmp(&b.start).then_with(|| b.end.cmp(&a.end)));

        // Remove overlapping matches (longest match wins)
        let resolved = resolve_overlaps(&matches);

        // Build scrubbed text and manifest
        let mut result = String::with_capacity(text.len());
        let mut spans = Vec::with_capacity(resolved.len());
        let mut last_end = 0;

        for dm in &resolved {
            // Append text before this match
            result.push_str(&text[last_end..dm.start]);

            // Generate placeholder
            let token_id = Uuid::new_v4();
            let short_id = &token_id.to_string()[..8];
            let placeholder = format!("[REDACTED:{}:{}]", dm.pii_type, short_id);

            result.push_str(&placeholder);
            spans.push(RedactionSpan {
                token_id,
                pii_type: dm.pii_type,
                placeholder,
                confidence: dm.confidence,
            });
            last_end = dm.end;
        }
        result.push_str(&text[last_end..]);

        let manifest = RedactionManifest {
            spans,
            vault_inserts: Vec::new(), // redact-only: no vault inserts
        };

        ScrubbedText::new_verified(result, manifest)
    }

    /// Wrap text that has been externally verified as PII-clean into a `ScrubbedText`.
    ///
    /// Use this for text that arrived pre-scrubbed from the client SDK and passed
    /// server-side verification (verify + verify_manifest). The registry reference
    /// acts as a capability token — you can only produce `ScrubbedText` if you have
    /// access to a registry.
    pub fn mark_verified(&self, text: String, manifest: RedactionManifest) -> ScrubbedText {
        ScrubbedText::new_verified(text, manifest)
    }

    /// Wrap text known to be Cellstate-generated (no user data) as clean.
    ///
    /// Use for server-originated text that cannot contain user PII by construction
    /// (e.g. error messages, system prompt templates assembled from static strings).
    pub fn mark_static_clean(&self, text: String) -> ScrubbedText {
        ScrubbedText::new_verified(text, RedactionManifest::empty())
    }

    /// Scrub all string values in a JSON payload (redact-only, no vault inserts).
    pub fn scrub_payload_redact_only(
        &self,
        value: serde_json::Value,
        threshold: f32,
    ) -> ScrubbedPayload {
        let mut all_spans = Vec::new();
        let scrubbed_value = self.scrub_json_value(value, threshold, &mut all_spans);
        let manifest = RedactionManifest {
            spans: all_spans,
            vault_inserts: Vec::new(),
        };
        ScrubbedPayload::new_verified(scrubbed_value, manifest)
    }

    /// Recursively scrub string values in a JSON value.
    fn scrub_json_value(
        &self,
        value: serde_json::Value,
        threshold: f32,
        spans: &mut Vec<RedactionSpan>,
    ) -> serde_json::Value {
        match value {
            serde_json::Value::String(s) => {
                let scrubbed = self.scrub_redact_only(&s, threshold);
                spans.extend(scrubbed.manifest.spans);
                serde_json::Value::String(scrubbed.text)
            }
            serde_json::Value::Array(arr) => {
                let scrubbed_arr: Vec<serde_json::Value> = arr
                    .into_iter()
                    .map(|v| self.scrub_json_value(v, threshold, spans))
                    .collect();
                serde_json::Value::Array(scrubbed_arr)
            }
            serde_json::Value::Object(map) => {
                let scrubbed_map: serde_json::Map<String, serde_json::Value> = map
                    .into_iter()
                    .map(|(k, v)| (k, self.scrub_json_value(v, threshold, spans)))
                    .collect();
                serde_json::Value::Object(scrubbed_map)
            }
            other => other,
        }
    }
}

impl fmt::Debug for RedactionRegistry {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("RedactionRegistry")
            .field("confidence_threshold", &self.confidence_threshold)
            .field("detector_count", &default_detectors().len())
            .finish()
    }
}

// ============================================================================
// HELPERS
// ============================================================================

/// Whether a PII type requires a vault insert for reveal capability.
fn requires_vault_insert(pii_type: PiiType) -> bool {
    matches!(
        pii_type,
        PiiType::Ssn
            | PiiType::CreditCard
            | PiiType::Email
            | PiiType::Phone
            | PiiType::AwsKey
            | PiiType::PrivateKey
            | PiiType::ConnectionString
            | PiiType::Password
            | PiiType::ApiKey
    )
}

/// Internal: a detected match before overlap resolution.
#[derive(Debug, Clone)]
struct DetectedMatch {
    pii_type: PiiType,
    start: usize,
    end: usize,
    confidence: f32,
}

/// Resolve overlapping matches: longest match wins.
/// Input must be sorted by start position.
fn resolve_overlaps(matches: &[DetectedMatch]) -> Vec<DetectedMatch> {
    let mut resolved: Vec<DetectedMatch> = Vec::with_capacity(matches.len());
    for m in matches {
        if let Some(last) = resolved.last() {
            if m.start < last.end {
                // Overlap: keep the longer one
                if (m.end - m.start) > (last.end - last.start) {
                    resolved.pop();
                    resolved.push(m.clone());
                }
                // else: skip this shorter match
                continue;
            }
        }
        resolved.push(m.clone());
    }
    resolved
}

// ============================================================================
// TESTS
// ============================================================================

#[cfg(test)]
mod tests {
    use super::*;

    fn registry() -> RedactionRegistry {
        RedactionRegistry::with_defaults(0.8)
    }

    // ========================================================================
    // PiiType Display
    // ========================================================================

    #[test]
    fn pii_type_display() {
        assert_eq!(PiiType::Ssn.to_string(), "ssn");
        assert_eq!(PiiType::CreditCard.to_string(), "credit_card");
        assert_eq!(PiiType::Email.to_string(), "email");
        assert_eq!(PiiType::ConnectionString.to_string(), "connection_string");
    }

    // ========================================================================
    // RedactionManifest
    // ========================================================================

    #[test]
    fn empty_manifest() {
        let m = RedactionManifest::empty();
        assert!(!m.has_redactions());
        assert_eq!(m.span_count(), 0);
        assert!(m.pii_types().is_empty());
        assert!(m.token_ids().is_empty());
    }

    // ========================================================================
    // ScrubbedText: no public constructor
    // ========================================================================

    #[test]
    fn scrubbed_text_debug_shows_redacted() {
        let st = ScrubbedText::new_verified(
            "hello [REDACTED:ssn:abc12345]".to_string(),
            RedactionManifest::empty(),
        );
        let debug = format!("{:?}", st);
        assert!(debug.contains("ScrubbedText"));
        assert!(debug.contains("[REDACTED:ssn:abc12345]"));
    }

    #[test]
    fn scrubbed_text_display() {
        let st = ScrubbedText::new_verified("clean text".to_string(), RedactionManifest::empty());
        assert_eq!(st.to_string(), "clean text");
    }

    #[test]
    fn scrubbed_text_clone() {
        let st = ScrubbedText::new_verified("text".to_string(), RedactionManifest::empty());
        let cloned = st.clone();
        assert_eq!(st.as_redacted_str(), cloned.as_redacted_str());
    }

    // ========================================================================
    // Verify: detect surviving PII
    // ========================================================================

    #[test]
    fn verify_clean_text_returns_empty() {
        let r = registry();
        let violations = r.verify("Hello world, nothing sensitive here", 0.8);
        assert!(violations.is_empty());
    }

    #[test]
    fn verify_detects_ssn() {
        let r = registry();
        let violations = r.verify("My SSN is 123-45-6789", 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::Ssn);
    }

    #[test]
    fn verify_detects_credit_card() {
        let r = registry();
        let violations = r.verify("Card: 4111111111111111", 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::CreditCard);
    }

    #[test]
    fn verify_detects_email() {
        let r = registry();
        let violations = r.verify("Contact me at user@example.com", 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::Email);
    }

    #[test]
    fn verify_detects_aws_key() {
        let r = registry();
        let violations = r.verify("Key: AKIAIOSFODNN7EXAMPLE", 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::AwsKey);
    }

    #[test]
    fn verify_detects_private_key() {
        let r = registry();
        let violations = r.verify("-----BEGIN RSA PRIVATE KEY-----\nMIIEow...", 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::PrivateKey);
    }

    #[test]
    fn verify_detects_connection_string() {
        let r = registry();
        let violations = r.verify("postgres://user:pass@host/db", 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::ConnectionString);
    }

    #[test]
    fn verify_detects_password_pattern() {
        let r = registry();
        let violations = r.verify(r#"password: "hunter2""#, 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::Password);
    }

    #[test]
    fn verify_detects_api_key_pattern() {
        let r = registry();
        let violations = r.verify(r#"api_key: "sk-abc123def456""#, 0.8);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::ApiKey);
    }

    #[test]
    fn verify_detects_multiple() {
        let r = registry();
        let text = "SSN: 123-45-6789, Card: 4111111111111111";
        let violations = r.verify(text, 0.8);
        assert_eq!(violations.len(), 2);
        let types: Vec<PiiType> = violations.iter().map(|v| v.pii_type).collect();
        assert!(types.contains(&PiiType::Ssn));
        assert!(types.contains(&PiiType::CreditCard));
    }

    #[test]
    fn verify_respects_threshold() {
        let r = registry();
        // Server paths have 0.70 confidence — should be filtered at 0.8 threshold
        let violations = r.verify("/home/user/data/", 0.8);
        assert!(violations.is_empty());
        // But detected at 0.5 threshold
        let violations = r.verify("/home/user/data/", 0.5);
        assert_eq!(violations.len(), 1);
        assert_eq!(violations[0].pii_type, PiiType::ServerPath);
    }

    // ========================================================================
    // Verify manifest consistency
    // ========================================================================

    #[test]
    fn verify_manifest_valid() {
        let r = registry();
        let token = Uuid::new_v4();
        let manifest = RedactionManifest {
            spans: vec![RedactionSpan {
                token_id: token,
                pii_type: PiiType::Ssn,
                placeholder: "[REDACTED:ssn:abc12345]".to_string(),
                confidence: 0.95,
            }],
            vault_inserts: vec![VaultInsert {
                token_id: token,
                pii_type: PiiType::Ssn,
                ciphertext: vec![1, 2, 3],
            }],
        };
        let payload = serde_json::json!({"name": "test", "ssn": "[REDACTED:ssn:abc12345]"});
        assert!(r.verify_manifest(&payload, &manifest).is_ok());
    }

    #[test]
    fn verify_manifest_missing_placeholder() {
        let r = registry();
        let token = Uuid::new_v4();
        let manifest = RedactionManifest {
            spans: vec![RedactionSpan {
                token_id: token,
                pii_type: PiiType::Ssn,
                placeholder: "[REDACTED:ssn:abc12345]".to_string(),
                confidence: 0.95,
            }],
            vault_inserts: vec![VaultInsert {
                token_id: token,
                pii_type: PiiType::Ssn,
                ciphertext: vec![1, 2, 3],
            }],
        };
        // Payload doesn't contain the placeholder
        let payload = serde_json::json!({"name": "test", "ssn": "not redacted"});
        let err = r.verify_manifest(&payload, &manifest).unwrap_err();
        assert_eq!(err.len(), 1);
        assert!(err[0].reason.contains("not found in payload"));
    }

    #[test]
    fn verify_manifest_missing_vault_insert() {
        let r = registry();
        let token = Uuid::new_v4();
        let manifest = RedactionManifest {
            spans: vec![RedactionSpan {
                token_id: token,
                pii_type: PiiType::Ssn,
                placeholder: "[REDACTED:ssn:abc12345]".to_string(),
                confidence: 0.95,
            }],
            vault_inserts: vec![], // Missing!
        };
        let payload = serde_json::json!({"ssn": "[REDACTED:ssn:abc12345]"});
        let err = r.verify_manifest(&payload, &manifest).unwrap_err();
        assert_eq!(err.len(), 1);
        assert!(err[0].reason.contains("requires vault insert"));
    }

    #[test]
    fn verify_manifest_orphan_vault_insert() {
        let r = registry();
        let orphan_token = Uuid::new_v4();
        let manifest = RedactionManifest {
            spans: vec![],
            vault_inserts: vec![VaultInsert {
                token_id: orphan_token,
                pii_type: PiiType::Email,
                ciphertext: vec![4, 5, 6],
            }],
        };
        let payload = serde_json::json!({"clean": "data"});
        let err = r.verify_manifest(&payload, &manifest).unwrap_err();
        assert_eq!(err.len(), 1);
        assert!(err[0].reason.contains("no matching span"));
    }

    #[test]
    fn verify_manifest_server_path_no_vault_required() {
        let r = registry();
        let token = Uuid::new_v4();
        // ServerPath does NOT require vault insert
        let manifest = RedactionManifest {
            spans: vec![RedactionSpan {
                token_id: token,
                pii_type: PiiType::ServerPath,
                placeholder: "[REDACTED:server_path:abc12345]".to_string(),
                confidence: 0.70,
            }],
            vault_inserts: vec![], // OK — ServerPath doesn't require vault
        };
        let payload = serde_json::json!({"path": "[REDACTED:server_path:abc12345]"});
        assert!(r.verify_manifest(&payload, &manifest).is_ok());
    }

    // ========================================================================
    // Scrub redact-only
    // ========================================================================

    #[test]
    fn scrub_redact_only_clean_text() {
        let r = registry();
        let scrubbed = r.scrub_redact_only("Hello world", 0.8);
        assert_eq!(scrubbed.as_redacted_str(), "Hello world");
        assert!(!scrubbed.manifest().has_redactions());
    }

    #[test]
    fn scrub_redact_only_ssn() {
        let r = registry();
        let scrubbed = r.scrub_redact_only("SSN: 123-45-6789", 0.8);
        assert!(!scrubbed.as_redacted_str().contains("123-45-6789"));
        assert!(scrubbed.as_redacted_str().contains("[REDACTED:ssn:"));
        assert_eq!(scrubbed.manifest().span_count(), 1);
        assert_eq!(scrubbed.manifest().spans[0].pii_type, PiiType::Ssn);
        // No vault inserts (redact-only)
        assert!(scrubbed.manifest().vault_inserts.is_empty());
    }

    #[test]
    fn scrub_redact_only_multiple() {
        let r = registry();
        let text = "SSN: 123-45-6789, email: user@example.com";
        let scrubbed = r.scrub_redact_only(text, 0.8);
        assert!(!scrubbed.as_redacted_str().contains("123-45-6789"));
        assert!(!scrubbed.as_redacted_str().contains("user@example.com"));
        assert_eq!(scrubbed.manifest().span_count(), 2);
    }

    #[test]
    fn scrub_redact_only_preserves_surrounding_text() {
        let r = registry();
        let scrubbed = r.scrub_redact_only("before 123-45-6789 after", 0.8);
        let text = scrubbed.as_redacted_str();
        assert!(text.starts_with("before "));
        assert!(text.ends_with(" after"));
    }

    // ========================================================================
    // Overlap resolution: longest match wins
    // ========================================================================

    #[test]
    fn overlap_resolution_longest_wins() {
        // Manually test the overlap resolver with two overlapping ranges
        let matches = vec![
            DetectedMatch {
                pii_type: PiiType::ServerPath,
                start: 10,
                end: 30,
                confidence: 0.70,
            },
            DetectedMatch {
                pii_type: PiiType::ConnectionString,
                start: 5,
                end: 50,
                confidence: 0.95,
            },
        ];
        // Sort by start first (required by resolve_overlaps)
        let mut sorted = matches;
        sorted.sort_by(|a, b| a.start.cmp(&b.start).then_with(|| b.end.cmp(&a.end)));
        let resolved = resolve_overlaps(&sorted);
        // The longer ConnectionString match should win
        assert_eq!(resolved.len(), 1);
        assert_eq!(resolved[0].pii_type, PiiType::ConnectionString);
    }

    #[test]
    fn overlap_resolution_non_overlapping_preserved() {
        let r = registry();
        // SSN and email don't overlap — both should survive
        let text = "SSN: 123-45-6789 email: user@example.com";
        let scrubbed = r.scrub_redact_only(text, 0.8);
        assert_eq!(scrubbed.manifest().span_count(), 2);
    }

    // ========================================================================
    // Scrub JSON payload
    // ========================================================================

    #[test]
    fn scrub_payload_redact_only() {
        let r = registry();
        let payload = serde_json::json!({
            "name": "John",
            "ssn": "123-45-6789",
            "notes": ["Contact at user@example.com"]
        });
        let scrubbed = r.scrub_payload_redact_only(payload, 0.8);
        let v = scrubbed.as_value();
        // SSN scrubbed
        let ssn = v["ssn"].as_str().unwrap();
        assert!(!ssn.contains("123-45-6789"));
        assert!(ssn.contains("[REDACTED:ssn:"));
        // Email scrubbed in array
        let note = v["notes"][0].as_str().unwrap();
        assert!(!note.contains("user@example.com"));
        assert!(note.contains("[REDACTED:email:"));
        // Name preserved (not PII)
        assert_eq!(v["name"].as_str().unwrap(), "John");
        // Manifest has both spans
        assert_eq!(scrubbed.manifest().span_count(), 2);
    }

    #[test]
    fn scrub_payload_preserves_non_string_values() {
        let r = registry();
        let payload = serde_json::json!({
            "count": 42,
            "active": true,
            "data": null
        });
        let scrubbed = r.scrub_payload_redact_only(payload, 0.8);
        let v = scrubbed.as_value();
        assert_eq!(v["count"], 42);
        assert_eq!(v["active"], true);
        assert!(v["data"].is_null());
        assert!(!scrubbed.manifest().has_redactions());
    }

    // ========================================================================
    // Serde round-trip
    // ========================================================================

    #[test]
    fn manifest_serde_roundtrip() {
        let token = Uuid::new_v4();
        let manifest = RedactionManifest {
            spans: vec![RedactionSpan {
                token_id: token,
                pii_type: PiiType::Email,
                placeholder: "[REDACTED:email:abc12345]".to_string(),
                confidence: 0.85,
            }],
            vault_inserts: vec![VaultInsert {
                token_id: token,
                pii_type: PiiType::Email,
                ciphertext: vec![10, 20, 30],
            }],
        };
        let json = serde_json::to_string(&manifest).unwrap();
        let deserialized: RedactionManifest = serde_json::from_str(&json).unwrap();
        assert_eq!(manifest, deserialized);
    }

    #[test]
    fn pii_type_serde_snake_case() {
        let json = serde_json::to_string(&PiiType::CreditCard).unwrap();
        assert_eq!(json, "\"credit_card\"");
        let deserialized: PiiType = serde_json::from_str(&json).unwrap();
        assert_eq!(deserialized, PiiType::CreditCard);
    }
}