openlatch-client 0.0.1

/// Privacy filter module — regex-based credential masking with labeled placeholders.
///
/// # Overview
///
/// Every event's `tool_input` and `user_prompt` must be filtered before logging.
/// This module provides:
/// - Pattern-specific labeled masks per D-01 (e.g. `[AWS_KEY:AKIA***]`)
/// - Known-public prefix preservation per D-02 (AKIA, ghp_, sk-, etc.)
/// - Recursive JSON tree walking — only string leaf values, never keys (EVNT-04)
/// - 4KB truncation with `[TRUNCATED:<N>B]` marker applied after masking (EVNT-05)
/// - Custom extra_patterns support per D-03
///
/// # Performance
///
/// PERFORMANCE: Regexes compiled once at initialization via `OnceLock` — never per-request.
/// Privacy filter budget: <2ms p95 on a ~5KB JSON payload.
///
/// # Security
///
/// SECURITY: Only string leaf values are masked. JSON keys are never masked.
/// Pipeline order: mask THEN truncate — truncation cannot expose a partially-masked secret.
use std::sync::OnceLock;

use regex::Regex;
use tracing::warn;

/// Maximum size for string values before truncation (4KB per EVNT-05).
const MAX_STRING_BYTES: usize = 4096;

/// A compiled masking pattern with its label and prefix preservation length.
struct MaskPattern {
    regex: Regex,
    /// Label used in the masked output, e.g. "AWS_KEY" → "[AWS_KEY:AKIA***]"
    label: &'static str,
    /// How many bytes of the match to preserve as a public prefix (0 = no prefix).
    /// D-02: Preserve known-public prefixes in masks.
    prefix_len: usize,
}

/// Returns the built-in set of credential masking patterns.
///
/// Patterns are ordered by specificity — more specific patterns (longer, more constrained)
/// come before broader patterns to avoid partial masking issues.
fn builtin_patterns() -> Vec<MaskPattern> {
    vec![
        // AWS access key ID: AKIA followed by 16 uppercase alphanumeric chars
        MaskPattern {
            regex: Regex::new(r"AKIA[0-9A-Z]{16}").unwrap(),
            label: "AWS_KEY",
            prefix_len: 4, // "AKIA"
        },
        // GitHub PAT (fine-grained): github_pat_ followed by 82 alphanumeric/underscore chars
        // NOTE: Must come before ghp_ pattern — github_pat_ is more specific
        MaskPattern {
            regex: Regex::new(r"github_pat_[a-zA-Z0-9_]{82}").unwrap(),
            label: "GITHUB_TOKEN",
            prefix_len: 11, // "github_pat_"
        },
        // GitHub OAuth token: ghp_ followed by 36 alphanumeric chars
        MaskPattern {
            regex: Regex::new(r"ghp_[a-zA-Z0-9]{36}").unwrap(),
            label: "GITHUB_TOKEN",
            prefix_len: 4, // "ghp_"
        },
        // Stripe live key: sk_live_ followed by 24 alphanumeric chars
        // NOTE: Must come before OpenAI sk- pattern — sk_live_ is more specific
        MaskPattern {
            regex: Regex::new(r"sk_live_[0-9a-zA-Z]{24}").unwrap(),
            label: "STRIPE_KEY",
            prefix_len: 8, // "sk_live_"
        },
        // Stripe test key: sk_test_ followed by 24 alphanumeric chars
        MaskPattern {
            regex: Regex::new(r"sk_test_[0-9a-zA-Z]{24}").unwrap(),
            label: "STRIPE_KEY",
            prefix_len: 8, // "sk_test_"
        },
        // OpenAI API key: sk- followed by 48 alphanumeric chars
        MaskPattern {
            regex: Regex::new(r"sk-[a-zA-Z0-9]{48}").unwrap(),
            label: "OPENAI_KEY",
            prefix_len: 3, // "sk-"
        },
        // Slack token: xox[baprs]- followed by 10-48 alphanumeric/dash chars
        MaskPattern {
            regex: Regex::new(r"xox[baprs]-[0-9a-zA-Z\-]{10,48}").unwrap(),
            label: "SLACK_TOKEN",
            prefix_len: 5, // "xoxb-" (first 5 bytes of any xox?- prefix)
        },
        // Bearer token in Authorization header or value
        // SECURITY: No prefix preserved for bearer tokens — the value is fully opaque
        MaskPattern {
            regex: Regex::new(r"Bearer\s+[a-zA-Z0-9\-._~+/]+=*").unwrap(),
            label: "BEARER",
            prefix_len: 0,
        },
        // PEM private key block (RSA, EC, or generic OPENSSH)
        // SECURITY: The entire block including delimiters is masked
        MaskPattern {
            regex: Regex::new(
                r"-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |OPENSSH )?PRIVATE KEY-----",
            )
            .unwrap(),
            label: "PRIVATE_KEY",
            prefix_len: 0,
        },
    ]
}

/// Privacy filter that masks credentials in string values.
///
/// Create via [`PrivacyFilter::new`] with optional custom patterns.
/// Use [`filter_event_with`] for per-filter invocations (tests, multiple configs).
/// Use [`filter_event`] for the global singleton instance initialized by [`init_filter`].
pub struct PrivacyFilter {
    patterns: Vec<MaskPattern>,
}

impl PrivacyFilter {
    /// Creates a new `PrivacyFilter` with built-in patterns plus any custom extra patterns.
    ///
    /// # Arguments
    ///
    /// * `extra_patterns` — Additional regex pattern strings from config (D-03). Applied
    ///   additively after built-ins. Invalid regex patterns are skipped with a warning.
    pub fn new(extra_patterns: &[String]) -> Self {
        let mut patterns = builtin_patterns();
        for pat_str in extra_patterns {
            match Regex::new(pat_str) {
                Ok(regex) => {
                    patterns.push(MaskPattern {
                        regex,
                        label: "CUSTOM",
                        prefix_len: 0,
                    });
                }
                Err(e) => {
                    // T-01-03-02: ReDoS from config is accepted risk (self-inflicted).
                    // Invalid patterns are logged and skipped — never crash the daemon.
                    warn!(pattern = %pat_str, error = %e, "Skipping invalid privacy regex pattern");
                }
            }
        }
        Self { patterns }
    }
}

/// Global privacy filter singleton, initialized once via [`init_filter`].
static FILTER: OnceLock<PrivacyFilter> = OnceLock::new();

/// Initializes the global privacy filter singleton.
///
/// Must be called once at daemon startup before any calls to [`filter_event`].
/// Subsequent calls are no-ops (OnceLock guarantee).
///
/// # Arguments
///
/// * `extra_patterns` — Custom regex patterns from `config.toml` `extra_patterns` field.
pub fn init_filter(extra_patterns: &[String]) {
    FILTER.get_or_init(|| PrivacyFilter::new(extra_patterns));
}

/// Returns a reference to the global privacy filter.
///
/// # Panics
///
/// Panics if [`init_filter`] has not been called yet.
pub fn get_filter() -> &'static PrivacyFilter {
    FILTER
        .get()
        .expect("privacy filter not initialized — call init_filter() at startup")
}

/// Applies masking patterns to a single string value.
///
/// All patterns are applied in order. Each match is replaced with a labeled placeholder:
/// - With prefix: `[LABEL:prefix***]` (D-01, D-02)
/// - Without prefix: `[LABEL:***]`
///
/// PERFORMANCE: Uses `replace_all` from pre-compiled regexes. No allocation unless a match is found.
fn mask_string(s: &str, patterns: &[MaskPattern]) -> String {
    let mut result = s.to_string();
    for pat in patterns {
        result = pat
            .regex
            .replace_all(&result, |caps: &regex::Captures| {
                let matched = &caps[0];
                if pat.prefix_len > 0 && matched.len() >= pat.prefix_len {
                    // D-02: Preserve the known-public prefix for debuggability
                    let prefix = &matched[..pat.prefix_len];
                    format!("[{}:{}***]", pat.label, prefix)
                } else {
                    format!("[{}:***]", pat.label)
                }
            })
            .into_owned();
    }
    result
}

/// Truncates a string to `MAX_STRING_BYTES` and appends a truncation marker (EVNT-05).
///
/// Truncation is applied AFTER masking to ensure partially-masked secrets cannot be exposed
/// by truncation (T-01-03-03). UTF-8 character boundaries are respected.
///
/// # Format
///
/// `<first 4096 bytes>[TRUNCATED:<original_len>B]`
fn truncate_string(s: String) -> String {
    if s.len() > MAX_STRING_BYTES {
        let original_len = s.len();
        let mut truncated = s;
        truncated.truncate(MAX_STRING_BYTES);
        // Walk back to find a valid UTF-8 char boundary to avoid splitting multi-byte chars
        while !truncated.is_char_boundary(truncated.len()) {
            truncated.pop();
        }
        format!("{}[TRUNCATED:{}B]", truncated, original_len)
    } else {
        s
    }
}

/// Recursively walks a JSON value tree, masking and truncating all string leaf values.
///
/// # Rules (EVNT-04)
///
/// - `String` values: masked then truncated in place
/// - `Object` values: recurse into values only — **keys are never masked**
/// - `Array` values: recurse into each element
/// - All other types (number, bool, null): passed through unchanged
///
/// SECURITY: Only string leaf values are masked. JSON keys are never masked — this is
/// intentional so that field names remain visible for log analysis.
pub fn filter_value(value: &mut serde_json::Value, filter: &PrivacyFilter) {
    match value {
        serde_json::Value::String(s) => {
            let masked = mask_string(s, &filter.patterns);
            let truncated = truncate_string(masked);
            *s = truncated;
        }
        serde_json::Value::Object(map) => {
            // Recurse into values only — keys are structural metadata, not user content
            for v in map.values_mut() {
                filter_value(v, filter);
            }
        }
        serde_json::Value::Array(arr) => {
            for v in arr.iter_mut() {
                filter_value(v, filter);
            }
        }
        // Numbers, booleans, null — not filterable, pass through unchanged
        _ => {}
    }
}

/// Filters a JSON value using the global singleton filter.
///
/// Applies masking and truncation to all string leaf values in the JSON tree.
///
/// # Panics
///
/// Panics if [`init_filter`] has not been called. Prefer [`filter_event_with`] in tests.
pub fn filter_event(value: &mut serde_json::Value) {
    let filter = get_filter();
    filter_value(value, filter);
}

/// Filters a JSON value using the provided filter instance.
///
/// Preferred in tests to avoid global state dependencies.
pub fn filter_event_with(value: &mut serde_json::Value, filter: &PrivacyFilter) {
    filter_value(value, filter);
}

#[cfg(test)]
mod tests {
    use serde_json::json;

    use super::*;

    /// Helper: create a filter with no extra patterns for use in all tests.
    fn default_filter() -> PrivacyFilter {
        PrivacyFilter::new(&[])
    }

    // -------------------------------------------------------------------------
    // Test 1: AWS key masked to [AWS_KEY:AKIA***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_aws_key_masked_with_prefix() {
        let filter = default_filter();
        let mut val = json!("AKIA1234567890ABCDEF");
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[AWS_KEY:AKIA***]"));
    }

    // -------------------------------------------------------------------------
    // Test 2: GitHub token (ghp_) masked to [GITHUB_TOKEN:ghp_***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_github_token_ghp_masked_with_prefix() {
        let filter = default_filter();
        // ghp_ followed by exactly 36 alphanumeric chars
        let token = format!("ghp_{}", "a".repeat(36));
        let mut val = json!(token);
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[GITHUB_TOKEN:ghp_***]"));
    }

    // -------------------------------------------------------------------------
    // Test 3: GitHub PAT (github_pat_) masked to [GITHUB_TOKEN:github_pat_***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_github_pat_masked_with_prefix() {
        let filter = default_filter();
        // github_pat_ followed by exactly 82 alphanumeric/underscore chars
        let token = format!("github_pat_{}", "a".repeat(82));
        let mut val = json!(token);
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[GITHUB_TOKEN:github_pat_***]"));
    }

    // -------------------------------------------------------------------------
    // Test 4: OpenAI key masked to [OPENAI_KEY:sk-***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_openai_key_masked_with_prefix() {
        let filter = default_filter();
        // sk- followed by exactly 48 alphanumeric chars
        let key = format!("sk-{}", "a".repeat(48));
        let mut val = json!(key);
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[OPENAI_KEY:sk-***]"));
    }

    // -------------------------------------------------------------------------
    // Test 5: Slack token masked to [SLACK_TOKEN:xoxb-***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_slack_token_masked_with_prefix() {
        let filter = default_filter();
        let mut val = json!("xoxb-12345-abcde");
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[SLACK_TOKEN:xoxb-***]"));
    }

    // -------------------------------------------------------------------------
    // Test 6: Stripe live key masked to [STRIPE_KEY:sk_live_***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_stripe_live_key_masked_with_prefix() {
        let filter = default_filter();
        // sk_live_ followed by exactly 24 alphanumeric chars
        let key = format!("sk_live_{}", "a".repeat(24));
        let mut val = json!(key);
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[STRIPE_KEY:sk_live_***]"));
    }

    // -------------------------------------------------------------------------
    // Test 7: Bearer token masked to [BEARER:***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_bearer_token_masked_no_prefix() {
        let filter = default_filter();
        let mut val = json!("Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9");
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[BEARER:***]"));
    }

    // -------------------------------------------------------------------------
    // Test 8: PEM private key block masked to [PRIVATE_KEY:***]
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_private_key_block_masked() {
        let filter = default_filter();
        let pem =
            "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA\n-----END RSA PRIVATE KEY-----";
        let mut val = json!(pem);
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("[PRIVATE_KEY:***]"));
    }

    // -------------------------------------------------------------------------
    // Test 9: Nested JSON — inner value masked, keys untouched
    // -------------------------------------------------------------------------
    #[test]
    fn test_filter_value_nested_json_masks_leaf_not_keys() {
        let filter = default_filter();
        let mut val = json!({"a": {"b": "AKIA1234567890ABCDEF"}});
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!({"a": {"b": "[AWS_KEY:AKIA***]"}}));
    }

    // -------------------------------------------------------------------------
    // Test 10: Array of strings with secrets — all masked
    // -------------------------------------------------------------------------
    #[test]
    fn test_filter_value_array_all_secrets_masked() {
        let filter = default_filter();
        let token = format!("ghp_{}", "b".repeat(36));
        let mut val = json!(["AKIA1234567890ABCDEF", token]);
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!(["[AWS_KEY:AKIA***]", "[GITHUB_TOKEN:ghp_***]"]));
    }

    // -------------------------------------------------------------------------
    // Test 11: Non-secret strings pass through unchanged
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_non_secrets_pass_through() {
        let filter = default_filter();

        let mut val = json!("hello world");
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("hello world"));

        // "sk_not_a_key" does not match any pattern (too short for sk_live_ / sk_test_)
        let mut val2 = json!("sk_not_a_key");
        filter_event_with(&mut val2, &filter);
        assert_eq!(val2, json!("sk_not_a_key"));
    }

    // -------------------------------------------------------------------------
    // Test 12: Numbers, booleans, null pass through unchanged
    // -------------------------------------------------------------------------
    #[test]
    fn test_filter_value_non_string_types_pass_through() {
        let filter = default_filter();
        let mut val = json!({
            "count": 42,
            "flag": true,
            "nothing": null,
            "ratio": 1.5
        });
        let expected = val.clone();
        filter_event_with(&mut val, &filter);
        assert_eq!(val, expected);
    }

    // -------------------------------------------------------------------------
    // Test 13: String over 4096 bytes truncated with [TRUNCATED:<N>B] marker
    // -------------------------------------------------------------------------
    #[test]
    fn test_truncate_string_over_limit_adds_marker() {
        let filter = default_filter();
        // 4097 'x' chars — exceeds the 4096-byte limit
        let long_str: String = "x".repeat(4097);
        let original_len = long_str.len();
        let mut val = json!(long_str);
        filter_event_with(&mut val, &filter);

        let result = val.as_str().unwrap();
        assert!(
            result.ends_with(&format!("[TRUNCATED:{}B]", original_len)),
            "Expected truncation marker, got: {}",
            &result[result.len().saturating_sub(30)..]
        );
        // The content before the marker must be exactly 4096 'x' chars
        let marker = format!("[TRUNCATED:{}B]", original_len);
        let content = result.strip_suffix(&marker).unwrap();
        assert_eq!(content.len(), 4096);
        assert!(content.chars().all(|c| c == 'x'));
    }

    // -------------------------------------------------------------------------
    // Test 14: String exactly 4096 bytes is NOT truncated
    // -------------------------------------------------------------------------
    #[test]
    fn test_truncate_string_at_limit_not_truncated() {
        let filter = default_filter();
        let exact_str: String = "y".repeat(4096);
        let mut val = json!(exact_str.clone());
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!(exact_str));
    }

    // -------------------------------------------------------------------------
    // Test 15: Multiple secrets in one string — all masked
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_multiple_secrets_all_masked() {
        let filter = default_filter();
        let aws = "AKIA1234567890ABCDEF";
        let openai = format!("sk-{}", "c".repeat(48));
        let combined = format!("key1={} key2={}", aws, openai);
        let mut val = json!(combined);
        filter_event_with(&mut val, &filter);
        let result = val.as_str().unwrap();
        assert!(
            result.contains("[AWS_KEY:AKIA***]"),
            "AWS key should be masked"
        );
        assert!(
            result.contains("[OPENAI_KEY:sk-***]"),
            "OpenAI key should be masked"
        );
        assert!(
            !result.contains("AKIA1234567890ABCDEF"),
            "Raw AWS key must not be present"
        );
        assert!(
            !result.contains("sk-ccc"),
            "Raw OpenAI key must not be present"
        );
    }

    // -------------------------------------------------------------------------
    // Test 16: Custom extra pattern applied when provided
    // -------------------------------------------------------------------------
    #[test]
    fn test_filter_event_with_custom_pattern_applied() {
        let extra = vec!["MY_SECRET_[0-9]{6}".to_string()];
        let filter = PrivacyFilter::new(&extra);
        let mut val = json!("token=MY_SECRET_123456");
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!("token=[CUSTOM:***]"));
    }

    // -------------------------------------------------------------------------
    // Test 17: Empty string passes through unchanged
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_string_empty_string_unchanged() {
        let filter = default_filter();
        let mut val = json!("");
        filter_event_with(&mut val, &filter);
        assert_eq!(val, json!(""));
    }

    // -------------------------------------------------------------------------
    // Additional edge-case: masking order — THEN truncation (T-01-03-03)
    // -------------------------------------------------------------------------
    #[test]
    fn test_mask_then_truncate_order_preserved() {
        let filter = default_filter();
        // Build a string where the secret appears at the end and the full string > 4096 bytes.
        // If truncation ran first, the secret could be partially exposed.
        let padding: String = "a".repeat(4090);
        let combined = format!("{}AKIA1234567890ABCDEF", padding);
        assert!(combined.len() > 4096); // Ensure it's over the limit

        let mut val = json!(combined);
        filter_event_with(&mut val, &filter);
        let result = val.as_str().unwrap();

        // The raw secret must never appear in the output
        assert!(
            !result.contains("AKIA1234567890ABCDEF"),
            "Raw AWS key must not appear after filter"
        );
    }
}