kardo_core/anonymize/

mod.rs

//! Anonymization engine — strips sensitive data before sending to cloud AI.
//!
//! Detects and replaces file paths, author names, API keys, emails,
//! URLs with tokens, and custom user-defined patterns.

use regex::Regex;
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

/// The kind of sensitive data that was replaced.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub enum ReplacementKind {
    FilePath,
    AuthorName,
    CompanyName,
    ApiKey,
    Email,
    Url,
    Custom,
}

/// A single replacement made during anonymization.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Replacement {
    pub original: String,
    pub replacement: String,
    pub kind: ReplacementKind,
}

/// Result of anonymizing text: the cleaned text and a list of replacements.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AnonymizationResult {
    pub text: String,
    pub replacements: Vec<Replacement>,
}

/// Main anonymizer that detects and strips sensitive data from text.
pub struct Anonymizer {
    custom_patterns: Vec<String>,
}

impl Anonymizer {
    /// Create an anonymizer with no custom patterns.
    pub fn new() -> Self {
        Self {
            custom_patterns: Vec::new(),
        }
    }

    /// Create an anonymizer with additional user-defined regex patterns.
    pub fn with_custom_patterns(patterns: Vec<String>) -> Self {
        Self {
            custom_patterns: patterns,
        }
    }

    /// Anonymize text, returning the cleaned text and a replacement map.
    ///
    /// Applies detection in this order:
    /// 1. API keys (highest priority — avoid partial matches)
    /// 2. Emails
    /// 3. Author names (`@author`, `Author: Name <email>`)
    /// 4. File paths
    /// 5. URLs with auth tokens
    /// 6. Custom patterns
    pub fn anonymize(&self, text: &str) -> AnonymizationResult {
        let mut result = text.to_string();
        let mut replacements: Vec<Replacement> = Vec::new();
        // Track counters for each replacement kind
        let mut file_counter: u32 = 0;
        let mut author_counter: u32 = 0;
        let mut email_counter: u32 = 0;
        // Dedup map: original -> replacement string (so the same original always maps the same)
        let mut seen: HashMap<String, String> = HashMap::new();

        // 1. API keys
        result = self.anonymize_api_keys(&result, &mut replacements, &mut seen);

        // 2. Author names (before emails, since author lines contain emails)
        result = self.anonymize_authors(
            &result,
            &mut replacements,
            &mut author_counter,
            &mut email_counter,
            &mut seen,
        );

        // 3. Emails (standalone, not already caught by author)
        result = self.anonymize_emails(&result, &mut replacements, &mut email_counter, &mut seen);

        // 4. File paths
        result = self.anonymize_file_paths(&result, &mut replacements, &mut file_counter, &mut seen);

        // 5. URLs with auth tokens
        result = self.anonymize_urls(&result, &mut replacements, &mut seen);

        // 6. Custom patterns
        result = self.anonymize_custom(&result, &mut replacements, &mut seen);

        AnonymizationResult {
            text: result,
            replacements,
        }
    }

    /// De-anonymize text by reversing replacements.
    pub fn deanonymize(text: &str, replacements: &[Replacement]) -> String {
        let mut result = text.to_string();
        // Apply replacements in reverse order to handle overlapping placeholders
        for r in replacements.iter().rev() {
            result = result.replace(&r.replacement, &r.original);
        }
        result
    }

    // ── Private helpers ──

    fn anonymize_api_keys(
        &self,
        text: &str,
        replacements: &mut Vec<Replacement>,
        seen: &mut HashMap<String, String>,
    ) -> String {
        let mut result = text.to_string();

        // Pattern: OpenAI sk-... keys
        let sk_re = Regex::new(r"sk-[A-Za-z0-9_-]{20,}").unwrap();
        result = self.replace_pattern(&result, &sk_re, "[REDACTED_KEY]", ReplacementKind::ApiKey, replacements, seen);

        // Pattern: GitHub personal access tokens ghp_...
        let ghp_re = Regex::new(r"ghp_[A-Za-z0-9]{36,}").unwrap();
        result = self.replace_pattern(&result, &ghp_re, "[REDACTED_KEY]", ReplacementKind::ApiKey, replacements, seen);

        // Pattern: AWS access keys AKIA...
        let akia_re = Regex::new(r"AKIA[A-Z0-9]{16,}").unwrap();
        result = self.replace_pattern(&result, &akia_re, "[REDACTED_KEY]", ReplacementKind::ApiKey, replacements, seen);

        // Pattern: env var assignments like API_KEY=xxx, SECRET_KEY="xxx", TOKEN='xxx'
        let env_re = Regex::new(r#"(?i)([\w]*(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)[\w]*)[\s]*=[\s]*["']?([^\s"']+)["']?"#).unwrap();
        for caps in env_re.captures_iter(&result.clone()) {
            let full_match = caps.get(0).unwrap().as_str().to_string();
            let var_name = caps.get(1).unwrap().as_str();
            if !seen.contains_key(&full_match) {
                let replacement_text = format!("{}=[REDACTED_KEY]", var_name);
                seen.insert(full_match.clone(), replacement_text.clone());
                replacements.push(Replacement {
                    original: full_match.clone(),
                    replacement: replacement_text.clone(),
                    kind: ReplacementKind::ApiKey,
                });
            }
            let rep = seen.get(&full_match).unwrap().clone();
            result = result.replacen(&full_match, &rep, 1);
        }

        result
    }

    fn anonymize_authors(
        &self,
        text: &str,
        replacements: &mut Vec<Replacement>,
        author_counter: &mut u32,
        email_counter: &mut u32,
        seen: &mut HashMap<String, String>,
    ) -> String {
        let mut result = text.to_string();

        // Pattern: `Author: Name <email>` (git commit style)
        let git_author_re = Regex::new(r"(Author:\s*)([^<\n]+?)\s*<([^>]+)>").unwrap();
        for caps in git_author_re.captures_iter(&result.clone()) {
            let prefix = caps.get(1).unwrap().as_str();
            let name = caps.get(2).unwrap().as_str().trim().to_string();
            let email = caps.get(3).unwrap().as_str().to_string();
            let full_match = caps.get(0).unwrap().as_str().to_string();

            let name_rep = if let Some(r) = seen.get(&name) {
                r.clone()
            } else {
                *author_counter += 1;
                let r = format!("[AUTHOR_{}]", author_counter);
                seen.insert(name.clone(), r.clone());
                replacements.push(Replacement {
                    original: name.clone(),
                    replacement: r.clone(),
                    kind: ReplacementKind::AuthorName,
                });
                r
            };

            let email_rep = if let Some(r) = seen.get(&email) {
                r.clone()
            } else {
                *email_counter += 1;
                let r = format!("[EMAIL_{}]", email_counter);
                seen.insert(email.clone(), r.clone());
                replacements.push(Replacement {
                    original: email.clone(),
                    replacement: r.clone(),
                    kind: ReplacementKind::Email,
                });
                r
            };

            let replacement_text = format!("{}{} <{}>", prefix, name_rep, email_rep);
            result = result.replacen(&full_match, &replacement_text, 1);
        }

        // Pattern: `@author Name` (JSDoc style)
        let jsdoc_re = Regex::new(r"(@author\s+)([A-Z][a-z]+(?:\s+[A-Z][a-z]+)+)").unwrap();
        for caps in jsdoc_re.captures_iter(&result.clone()) {
            let prefix = caps.get(1).unwrap().as_str();
            let name = caps.get(2).unwrap().as_str().to_string();
            let full_match = caps.get(0).unwrap().as_str().to_string();

            let name_rep = if let Some(r) = seen.get(&name) {
                r.clone()
            } else {
                *author_counter += 1;
                let r = format!("[AUTHOR_{}]", author_counter);
                seen.insert(name.clone(), r.clone());
                replacements.push(Replacement {
                    original: name.clone(),
                    replacement: r.clone(),
                    kind: ReplacementKind::AuthorName,
                });
                r
            };

            let replacement_text = format!("{}{}", prefix, name_rep);
            result = result.replacen(&full_match, &replacement_text, 1);
        }

        result
    }

    fn anonymize_emails(
        &self,
        text: &str,
        replacements: &mut Vec<Replacement>,
        email_counter: &mut u32,
        seen: &mut HashMap<String, String>,
    ) -> String {
        let email_re = Regex::new(r"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}").unwrap();
        let mut result = text.to_string();

        for m in email_re.find_iter(&result.clone()) {
            let email = m.as_str().to_string();
            if !seen.contains_key(&email) {
                *email_counter += 1;
                let rep = format!("[EMAIL_{}]", email_counter);
                seen.insert(email.clone(), rep.clone());
                replacements.push(Replacement {
                    original: email.clone(),
                    replacement: rep,
                    kind: ReplacementKind::Email,
                });
            }
            let rep = seen.get(&email).unwrap().clone();
            result = result.replacen(&email, &rep, 1);
        }

        result
    }

    fn anonymize_file_paths(
        &self,
        text: &str,
        replacements: &mut Vec<Replacement>,
        file_counter: &mut u32,
        seen: &mut HashMap<String, String>,
    ) -> String {
        // Match absolute paths like /Users/name/project/src/file.ts
        // or relative paths like src/components/file.tsx, ./lib/utils.ts
        let path_re = Regex::new(
            r"(?:(?:/[a-zA-Z_][a-zA-Z0-9._-]*/)+[a-zA-Z0-9._-]+\.[a-zA-Z]{1,10}|\.{0,2}/(?:[a-zA-Z0-9._-]+/)+[a-zA-Z0-9._-]+\.[a-zA-Z]{1,10})"
        ).unwrap();

        let mut result = text.to_string();

        for m in path_re.find_iter(&result.clone()) {
            let path = m.as_str().to_string();
            if seen.contains_key(&path) {
                let rep = seen.get(&path).unwrap().clone();
                result = result.replacen(&path, &rep, 1);
                continue;
            }

            // Extract the extension
            let ext = path
                .rsplit('.')
                .next()
                .unwrap_or("txt");

            *file_counter += 1;
            let rep = format!("[PROJECT]/src/[FILE_{:03}].{}", file_counter, ext);
            seen.insert(path.clone(), rep.clone());
            replacements.push(Replacement {
                original: path.clone(),
                replacement: rep.clone(),
                kind: ReplacementKind::FilePath,
            });
            result = result.replacen(&path, &rep, 1);
        }

        result
    }

    fn anonymize_urls(
        &self,
        text: &str,
        replacements: &mut Vec<Replacement>,
        seen: &mut HashMap<String, String>,
    ) -> String {
        // Match URLs that contain tokens/keys in query params
        let url_re = Regex::new(
            r#"https?://[^\s<>"']+[?&](?:token|key|secret|access_token|api_key|auth)=[^\s<>"'&]+"#
        ).unwrap();

        let mut result = text.to_string();

        for m in url_re.find_iter(&result.clone()) {
            let url_str = m.as_str().to_string();
            if seen.contains_key(&url_str) {
                let rep = seen.get(&url_str).unwrap().clone();
                result = result.replacen(&url_str, &rep, 1);
                continue;
            }

            // Strip the token parameter but keep the domain
            if let Ok(parsed) = url::Url::parse(&url_str) {
                let domain = parsed.host_str().unwrap_or("unknown");
                let path = parsed.path();
                let rep = format!("https://{}{}?[TOKEN_REDACTED]", domain, path);
                seen.insert(url_str.clone(), rep.clone());
                replacements.push(Replacement {
                    original: url_str.clone(),
                    replacement: rep.clone(),
                    kind: ReplacementKind::Url,
                });
                result = result.replacen(&url_str, &rep, 1);
            }
        }

        result
    }

    fn anonymize_custom(
        &self,
        text: &str,
        replacements: &mut Vec<Replacement>,
        seen: &mut HashMap<String, String>,
    ) -> String {
        let mut result = text.to_string();

        for (i, pattern) in self.custom_patterns.iter().enumerate() {
            if let Ok(re) = Regex::new(pattern) {
                let placeholder = format!("[CUSTOM_{}]", i + 1);
                result = self.replace_pattern(
                    &result,
                    &re,
                    &placeholder,
                    ReplacementKind::Custom,
                    replacements,
                    seen,
                );
            }
        }

        result
    }

    /// Generic helper: replace all matches of `re` with `placeholder`, recording replacements.
    fn replace_pattern(
        &self,
        text: &str,
        re: &Regex,
        placeholder: &str,
        kind: ReplacementKind,
        replacements: &mut Vec<Replacement>,
        seen: &mut HashMap<String, String>,
    ) -> String {
        let mut result = text.to_string();

        for m in re.find_iter(&result.clone()) {
            let original = m.as_str().to_string();
            if !seen.contains_key(&original) {
                seen.insert(original.clone(), placeholder.to_string());
                replacements.push(Replacement {
                    original: original.clone(),
                    replacement: placeholder.to_string(),
                    kind: kind.clone(),
                });
            }
            let rep = seen.get(&original).unwrap().clone();
            result = result.replacen(&original, &rep, 1);
        }

        result
    }
}

impl Default for Anonymizer {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_anonymize_absolute_file_paths() {
        let anon = Anonymizer::new();
        let text = "Error in /Users/john/project/src/main.ts at line 42";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[PROJECT]/src/[FILE_001].ts"));
        assert!(!result.text.contains("/Users/john"));
        assert!(result.replacements.iter().any(|r| r.kind == ReplacementKind::FilePath));
    }

    #[test]
    fn test_anonymize_relative_file_paths() {
        let anon = Anonymizer::new();
        let text = "Check ./src/components/header.tsx for issues";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[PROJECT]/src/[FILE_001].tsx"));
        assert!(!result.text.contains("./src/components/header.tsx"));
    }

    #[test]
    fn test_anonymize_git_author() {
        let anon = Anonymizer::new();
        let text = "Author: John Smith <john.smith@example.com>";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[AUTHOR_1]"));
        assert!(result.text.contains("[EMAIL_1]"));
        assert!(!result.text.contains("John Smith"));
        assert!(!result.text.contains("john.smith@example.com"));
    }

    #[test]
    fn test_anonymize_jsdoc_author() {
        let anon = Anonymizer::new();
        let text = "/** @author Jane Doe */";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[AUTHOR_1]"));
        assert!(!result.text.contains("Jane Doe"));
    }

    #[test]
    fn test_anonymize_openai_api_key() {
        let anon = Anonymizer::new();
        let text = "OPENAI_API_KEY=sk-abc123def456ghi789jkl012mno345pqr678";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[REDACTED_KEY]"));
        assert!(!result.text.contains("sk-abc123def456ghi789jkl012mno345pqr678"));
    }

    #[test]
    fn test_anonymize_github_token() {
        let anon = Anonymizer::new();
        let text = "token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[REDACTED_KEY]"));
        assert!(!result.text.contains("ghp_"));
    }

    #[test]
    fn test_anonymize_aws_key() {
        let anon = Anonymizer::new();
        let text = "aws_access_key = AKIAIOSFODNN7EXAMPLE1";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[REDACTED_KEY]"));
        assert!(!result.text.contains("AKIAIOSFODNN7EXAMPLE1"));
    }

    #[test]
    fn test_anonymize_env_var_assignment() {
        let anon = Anonymizer::new();
        let text = r#"DATABASE_PASSWORD="my_super_secret""#;
        let result = anon.anonymize(text);
        assert!(result.text.contains("[REDACTED_KEY]"));
        assert!(!result.text.contains("my_super_secret"));
    }

    #[test]
    fn test_anonymize_email_standalone() {
        let anon = Anonymizer::new();
        let text = "Contact us at support@kardo.dev for help";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[EMAIL_1]"));
        assert!(!result.text.contains("support@kardo.dev"));
    }

    #[test]
    fn test_anonymize_url_with_token() {
        let anon = Anonymizer::new();
        let text = "Webhook: https://api.example.com/callback?token=abc123secret";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[TOKEN_REDACTED]"));
        assert!(!result.text.contains("abc123secret"));
        assert!(result.text.contains("api.example.com"));
    }

    #[test]
    fn test_roundtrip_deanonymize() {
        let anon = Anonymizer::new();
        let original = "Author: Alice Johnson <alice@corp.com> modified /Users/alice/project/src/app.ts";
        let result = anon.anonymize(original);
        // Ensure sensitive data is gone
        assert!(!result.text.contains("Alice Johnson"));
        assert!(!result.text.contains("alice@corp.com"));
        // Deanonymize
        let restored = Anonymizer::deanonymize(&result.text, &result.replacements);
        assert_eq!(restored, original);
    }

    #[test]
    fn test_custom_patterns() {
        let anon = Anonymizer::with_custom_patterns(vec![
            r"PROJ-\d{4}".to_string(),
        ]);
        let text = "Issue PROJ-1234 is related to PROJ-5678";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[CUSTOM_1]"));
        assert!(!result.text.contains("PROJ-1234"));
    }

    #[test]
    fn test_empty_string() {
        let anon = Anonymizer::new();
        let result = anon.anonymize("");
        assert_eq!(result.text, "");
        assert!(result.replacements.is_empty());
    }

    #[test]
    fn test_no_sensitive_data() {
        let anon = Anonymizer::new();
        let text = "This is a normal text with no sensitive data.";
        let result = anon.anonymize(text);
        assert_eq!(result.text, text);
        assert!(result.replacements.is_empty());
    }

    #[test]
    fn test_multiple_paths_increment_counter() {
        let anon = Anonymizer::new();
        let text = "Files: /home/user/project/src/a.ts and /home/user/project/src/b.rs";
        let result = anon.anonymize(text);
        assert!(result.text.contains("[FILE_001]"));
        assert!(result.text.contains("[FILE_002]"));
    }

    #[test]
    fn test_same_email_reuses_placeholder() {
        let anon = Anonymizer::new();
        let text = "Send to user@test.com and also user@test.com again";
        let result = anon.anonymize(text);
        // Both occurrences should use the same placeholder
        let count = result.text.matches("[EMAIL_1]").count();
        assert_eq!(count, 2);
        // Only one replacement entry
        let email_replacements: Vec<_> = result.replacements.iter()
            .filter(|r| r.kind == ReplacementKind::Email)
            .collect();
        assert_eq!(email_replacements.len(), 1);
    }
}