tryaudex_core/

policy.rs

use std::collections::HashMap;

use serde::{Deserialize, Serialize};

use crate::error::{AvError, Result};

/// AWS STS inline session policy size limit (bytes, after URL encoding).
/// STS rejects policies whose URL-encoded form exceeds 2048 bytes.
const MAX_POLICY_URL_ENCODED_SIZE: usize = 2048;

/// Network policy configuration for restricting credential usage by source IP/VPC.
#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct NetworkPolicy {
    /// Allowed source IP addresses or CIDR ranges (e.g. ["10.0.0.0/8", "203.0.113.5"])
    #[serde(default)]
    pub allowed_ips: Vec<String>,
    /// Allowed VPC IDs (e.g. ["vpc-abc123"])
    #[serde(default)]
    pub allowed_vpcs: Vec<String>,
    /// Allowed VPC endpoint IDs (e.g. ["vpce-abc123"])
    #[serde(default)]
    pub allowed_vpc_endpoints: Vec<String>,
}

impl NetworkPolicy {
    /// Validate that all entries in `allowed_ips` are well-formed IP addresses or
    /// CIDR ranges, and that wildcard ranges (`0.0.0.0/0`, `::/0`) are rejected
    /// because they make the restriction a no-op.
    pub fn validate(&self) -> Result<()> {
        // AWS IAM evaluates multiple Condition keys as AND. Combining
        // aws:SourceIp with aws:SourceVpc/aws:SourceVpce makes credentials
        // unusable: VPC traffic originates from private RFC-1918 addresses
        // that will never match an explicit public IP list, so the AND
        // condition can never be satisfied. Require mutual exclusivity.
        let has_ips = !self.allowed_ips.is_empty();
        let has_vpcs = !self.allowed_vpcs.is_empty() || !self.allowed_vpc_endpoints.is_empty();
        if has_ips && has_vpcs {
            return Err(AvError::InvalidPolicy(
                "NetworkPolicy: allowed_ips and allowed_vpcs/allowed_vpc_endpoints are mutually \
                 exclusive. AWS IAM evaluates Condition keys as AND, so combining source IPs with \
                 VPC conditions creates an unsatisfiable policy that will deny all requests. \
                 Use either IP-based or VPC-based restrictions, not both."
                    .to_string(),
            ));
        }

        // Wildcards that render the IP restriction meaningless
        const WILDCARDS: &[&str] = &["0.0.0.0/0", "::/0"];

        for entry in &self.allowed_ips {
            let s = entry.trim();

            if WILDCARDS.contains(&s) {
                return Err(AvError::InvalidPolicy(format!(
                    "NetworkPolicy: '{}' is a wildcard CIDR that makes the IP restriction a no-op",
                    s
                )));
            }

            if s.contains('/') {
                // CIDR notation — validate prefix and prefix length
                let mut parts = s.splitn(2, '/');
                let addr = parts.next().unwrap_or("");
                let prefix_len = parts.next().unwrap_or("");
                if !is_valid_ip(addr) {
                    return Err(AvError::InvalidPolicy(format!(
                        "NetworkPolicy: '{}' contains an invalid IP address in CIDR notation",
                        s
                    )));
                }
                let prefix: u8 = prefix_len.parse().map_err(|_| {
                    AvError::InvalidPolicy(format!(
                        "NetworkPolicy: '{}' has an invalid CIDR prefix length",
                        s
                    ))
                })?;
                let max_prefix = if addr.contains(':') { 128 } else { 32 };
                if prefix > max_prefix {
                    return Err(AvError::InvalidPolicy(format!(
                        "NetworkPolicy: '{}' has a prefix length exceeding {} for this address family",
                        s, max_prefix
                    )));
                }
            } else {
                // Plain IP address
                if !is_valid_ip(s) {
                    return Err(AvError::InvalidPolicy(format!(
                        "NetworkPolicy: '{}' is not a valid IP address or CIDR range",
                        s
                    )));
                }
            }
        }
        Ok(())
    }
}

/// Return true if `s` is a valid dotted-quad IPv4 or colon-separated IPv6 address.
fn is_valid_ip(s: &str) -> bool {
    s.parse::<std::net::IpAddr>().is_ok()
}

/// A parsed IAM action pattern like "s3:GetObject" or "lambda:Update*".
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ActionPattern {
    pub service: String,
    pub action: String,
}

impl ActionPattern {
    /// Parse a string like "s3:GetObject" into an ActionPattern.
    ///
    /// Both the service and action components must match `[a-zA-Z0-9*?-]+`
    /// to prevent opaque STS errors from malformed policy documents.
    pub fn parse(s: &str) -> Result<Self> {
        let parts: Vec<&str> = s.splitn(2, ':').collect();
        if parts.len() != 2 {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid action format '{}'. Expected 'service:Action' (e.g. 's3:GetObject')",
                s
            )));
        }
        let service = parts[0];
        let action = parts[1];
        if service.is_empty() || action.is_empty() {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid action '{}': service and action must not be empty",
                s
            )));
        }
        fn is_valid_component(c: &str) -> bool {
            c.chars()
                .all(|ch| ch.is_ascii_alphanumeric() || ch == '*' || ch == '?' || ch == '-')
        }
        if !is_valid_component(service) || !is_valid_component(action) {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid action '{}': components must match [a-zA-Z0-9*?-]+",
                s
            )));
        }
        Ok(Self {
            service: service.to_string(),
            action: action.to_string(),
        })
    }

    /// Convert to IAM action string (AWS format: service:Action).
    pub fn to_iam_action(&self) -> String {
        format!("{}:{}", self.service, self.action)
    }

    /// Parse a GCP permission like "storage.objects.get" or "compute.instances.list".
    ///
    /// Components are validated to contain only `[a-zA-Z0-9.*?-]+` to prevent
    /// null bytes or special characters from corrupting deny-list matching.
    pub fn parse_gcp(s: &str) -> Result<Self> {
        let pos = s.find('.').ok_or_else(|| {
            AvError::InvalidPolicy(format!(
                "Invalid GCP permission '{}'. Expected 'service.resource.verb' (e.g. 'storage.objects.get')",
                s
            ))
        })?;
        let service = &s[..pos];
        let action = &s[pos + 1..];
        if service.is_empty() || action.is_empty() {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid GCP permission '{}': service and action must not be empty",
                s
            )));
        }
        fn is_valid_gcp_component(c: &str) -> bool {
            c.chars().all(|ch| {
                ch.is_ascii_alphanumeric() || ch == '.' || ch == '*' || ch == '?' || ch == '-'
            })
        }
        if !is_valid_gcp_component(service) || !is_valid_gcp_component(action) {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid GCP permission '{}': components must match [a-zA-Z0-9.*?-]+",
                s
            )));
        }
        Ok(Self {
            service: service.to_string(),
            action: action.to_string(),
        })
    }

    /// Convert to GCP permission string (service.resource.verb).
    pub fn to_gcp_permission(&self) -> String {
        format!("{}.{}", self.service, self.action)
    }

    /// Parse an Azure permission like "Microsoft.Storage/storageAccounts/read".
    ///
    /// Components are validated to contain only `[a-zA-Z0-9./*?-]+` to prevent
    /// null bytes or special characters from corrupting deny-list matching.
    pub fn parse_azure(s: &str) -> Result<Self> {
        let pos = s.find('/').ok_or_else(|| {
            AvError::InvalidPolicy(format!(
                "Invalid Azure permission '{}'. Expected 'Microsoft.Service/resource/action' (e.g. 'Microsoft.Storage/storageAccounts/read')",
                s
            ))
        })?;
        let service = &s[..pos];
        let action = &s[pos + 1..];
        if service.is_empty() || action.is_empty() {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid Azure permission '{}': service and action must not be empty",
                s
            )));
        }
        fn is_valid_azure_component(c: &str) -> bool {
            c.chars().all(|ch| {
                ch.is_ascii_alphanumeric()
                    || ch == '.'
                    || ch == '/'
                    || ch == '*'
                    || ch == '?'
                    || ch == '-'
            })
        }
        if !is_valid_azure_component(service) || !is_valid_azure_component(action) {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid Azure permission '{}': components must match [a-zA-Z0-9./*?-]+",
                s
            )));
        }
        Ok(Self {
            service: service.to_string(),
            action: action.to_string(),
        })
    }

    /// Convert to Azure permission string (Microsoft.Service/resource/action).
    pub fn to_azure_permission(&self) -> String {
        format!("{}/{}", self.service, self.action)
    }

    /// Check if this pattern matches another action (for deny list checking).
    /// Supports wildcards: "iam:*" matches "iam:CreateRole", "*:*" matches everything,
    /// "s3:*Object" matches "s3:GetObject" and "s3:PutObject".
    ///
    /// AWS IAM and GCP actions are case-insensitive, so comparison is
    /// normalised to lowercase. R6-M26: Azure permissions preserve casing
    /// in role definitions and resource providers; blanket lowercasing
    /// could cause spurious deny-list matches against differently-cased
    /// operator tokens (e.g. a deny rule on
    /// `Microsoft.Storage/storageAccounts/write` comparing against a
    /// user-supplied `Microsoft.storage/storageaccounts/WRITE`). When
    /// either side looks like an Azure provider (service starts with
    /// `Microsoft.`), compare with case preserved on both sides so the
    /// match semantics mirror Azure's own service-provider identifiers.
    pub fn matches(&self, other: &ActionPattern) -> bool {
        let is_azure =
            self.service.starts_with("Microsoft.") || other.service.starts_with("Microsoft.");
        if is_azure {
            let service_match = self.service == "*" || self.service == other.service;
            let action_match = self.action == "*"
                || self.action == other.action
                || glob_match(&self.action, &other.action);
            return service_match && action_match;
        }
        let self_svc = self.service.to_ascii_lowercase();
        let other_svc = other.service.to_ascii_lowercase();
        let self_act = self.action.to_ascii_lowercase();
        let other_act = other.action.to_ascii_lowercase();
        let service_match = self_svc == "*" || self_svc == other_svc;
        let action_match =
            self_act == "*" || self_act == other_act || glob_match(&self_act, &other_act);
        service_match && action_match
    }
}

/// A scoped IAM policy built from user-specified allowed actions.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ScopedPolicy {
    pub actions: Vec<ActionPattern>,
    pub resources: Vec<String>,
}

impl ScopedPolicy {
    /// Parse a comma-separated allow string like "s3:GetObject,lambda:Update*".
    /// Optionally accepts resource ARNs to restrict beyond just actions.
    pub fn from_allow_str(allow: &str) -> Result<Self> {
        Self::from_allow_str_with_resources(allow, None)
    }

    /// Parse allow string with optional resource ARN restrictions.
    pub fn from_allow_str_with_resources(allow: &str, resources: Option<&str>) -> Result<Self> {
        let actions = allow
            .split(',')
            .map(|s| s.trim())
            .filter(|s| !s.is_empty())
            .map(ActionPattern::parse)
            .collect::<Result<Vec<_>>>()?;

        if actions.is_empty() {
            return Err(AvError::InvalidPolicy(
                "No valid actions provided".to_string(),
            ));
        }

        // Reject wildcard-all patterns that grant unrestricted access.
        if actions.iter().any(|a| a.service == "*" && a.action == "*") {
            return Err(AvError::InvalidPolicy(
                "Wildcard '*:*' grants all actions and is not permitted. \
                 Use specific service:action patterns."
                    .to_string(),
            ));
        }

        // Warn when a service wildcard is used for sensitive services.
        const SENSITIVE_SERVICES: &[&str] = &["iam", "sts", "organizations", "account"];
        for a in &actions {
            let svc_lower = a.service.to_lowercase();
            if a.action == "*" && SENSITIVE_SERVICES.contains(&svc_lower.as_str()) {
                tracing::warn!(
                    service = %a.service,
                    "Service wildcard '{}:*' grants all {} actions; consider restricting to specific actions",
                    a.service,
                    a.service,
                );
            }
        }

        let resources = match resources {
            Some(r) => {
                let parsed: Vec<String> = r
                    .split(',')
                    .map(|s| s.trim().to_string())
                    .filter(|s| !s.is_empty())
                    .collect();
                if parsed.is_empty() {
                    vec!["*".to_string()]
                } else {
                    parsed
                }
            }
            None => vec!["*".to_string()],
        };

        Ok(Self { actions, resources })
    }

    /// Parse a comma-separated GCP permissions string like "storage.objects.get,compute.instances.list".
    pub fn from_gcp_allow_str(allow: &str) -> Result<Self> {
        let actions = allow
            .split(',')
            .map(|s| s.trim())
            .filter(|s| !s.is_empty())
            .map(ActionPattern::parse_gcp)
            .collect::<Result<Vec<_>>>()?;

        if actions.is_empty() {
            return Err(AvError::InvalidPolicy(
                "No valid GCP permissions provided".to_string(),
            ));
        }

        // Reject wildcard-all patterns that grant unrestricted access.
        if actions.iter().any(|a| a.service == "*" && a.action == "*") {
            return Err(AvError::InvalidPolicy(
                "Wildcard '*:*' grants all actions and is not permitted. \
                 Use specific service:action patterns."
                    .to_string(),
            ));
        }

        // Warn on GCP sensitive service wildcards.
        // R6-M24: the previous list covered IAM/KMS/org basics but missed
        // billing/identity/secret/context services that can elevate
        // session impact well beyond the intended scope.
        const GCP_SENSITIVE_SERVICES: &[&str] = &[
            "iam",
            "resourcemanager",
            "orgpolicy",
            "cloudkms",
            "sts",
            "cloudbilling",
            "servicemanagement",
            "cloudidentity",
            "secretmanager",
            "accesscontextmanager",
        ];
        for a in &actions {
            if a.action.ends_with('*') && GCP_SENSITIVE_SERVICES.contains(&a.service.as_str()) {
                tracing::warn!(
                    service = %a.service,
                    "GCP service wildcard '{}.{}' grants broad IAM/admin permissions; consider restricting to specific actions",
                    a.service, a.action
                );
            }
        }

        Ok(Self {
            actions,
            resources: vec!["*".to_string()],
        })
    }

    /// Parse a comma-separated Azure permissions string like "Microsoft.Storage/storageAccounts/read".
    pub fn from_azure_allow_str(allow: &str) -> Result<Self> {
        let actions = allow
            .split(',')
            .map(|s| s.trim())
            .filter(|s| !s.is_empty())
            .map(ActionPattern::parse_azure)
            .collect::<Result<Vec<_>>>()?;

        if actions.is_empty() {
            return Err(AvError::InvalidPolicy(
                "No valid Azure permissions provided".to_string(),
            ));
        }

        // Reject wildcard-all patterns that grant unrestricted access.
        if actions.iter().any(|a| a.service == "*" && a.action == "*") {
            return Err(AvError::InvalidPolicy(
                "Wildcard '*:*' grants all actions and is not permitted. \
                 Use specific service:action patterns."
                    .to_string(),
            ));
        }

        // Warn on Azure sensitive service wildcards.
        // R6-M25: the previous list covered Authorization/ManagedIdentity/
        // KeyVault but missed several tenant/management services whose
        // wildcards grant subscription-wide control.
        const AZURE_SENSITIVE_SERVICES: &[&str] = &[
            "Microsoft.Authorization",
            "Microsoft.ManagedIdentity",
            "Microsoft.KeyVault",
            "Microsoft.Subscription",
            "Microsoft.Management",
            "Microsoft.PolicyInsights",
        ];
        for a in &actions {
            if a.action.ends_with('*') && AZURE_SENSITIVE_SERVICES.contains(&a.service.as_str()) {
                tracing::warn!(
                    service = %a.service,
                    "Azure service wildcard '{}/{}' grants broad IAM/RBAC permissions; consider restricting to specific actions",
                    a.service, a.action
                );
            }
        }

        Ok(Self {
            actions,
            resources: vec!["*".to_string()],
        })
    }

    /// Generate the AWS IAM policy JSON document for STS inline policy.
    pub fn to_iam_policy_json(&self) -> Result<String> {
        self.to_iam_policy_json_with_network(None)
    }

    /// Generate the AWS IAM policy JSON with a Deny statement that blocks
    /// the caller from removing or overwriting the given tag key. Used by
    /// `--tag-session` to keep agents from stripping the `tryaudex-session`
    /// marker mid-session and escaping cleanup.
    pub fn to_iam_policy_json_with_tag_lock(&self, tag_key: &str) -> Result<String> {
        self.to_iam_policy_json_with_network_and_tag_lock(None, Some(tag_key))
    }

    /// Full policy JSON with both network conditions and tag-lock deny.
    pub fn to_iam_policy_json_with_network_and_tag_lock(
        &self,
        network: Option<&NetworkPolicy>,
        tag_lock_key: Option<&str>,
    ) -> Result<String> {
        // Reuse the existing network logic for the Allow statement.
        let base_json = self.to_iam_policy_json_with_network(network)?;
        let tag_lock_key = match tag_lock_key {
            Some(k) => k,
            None => {
                check_policy_size(&base_json)?;
                return Ok(base_json);
            }
        };
        let mut doc: serde_json::Value =
            serde_json::from_str(&base_json).map_err(|e| AvError::InvalidPolicy(e.to_string()))?;
        let deny = serde_json::json!({
            "Sid": "DenyTryaudexTagRemoval",
            "Effect": "Deny",
            "Action": tag_mutation_actions(),
            "Resource": "*",
            "Condition": {
                "ForAnyValue:StringEquals": {
                    "aws:TagKeys": [tag_lock_key]
                }
            }
        });
        // R6-H6: Block sts:AssumeRole* unless the new session carries the
        // session tag. Without this, an agent could chain into a second
        // assume-role call and issue a fresh session that the cleanup flow
        // never tags — escaping tag-based revocation and ephemeral cleanup.
        // `Null: true` fires when the request does NOT contain the tag.
        let request_tag_key = format!("aws:RequestTag/{}", tag_lock_key);
        let mut null_cond = serde_json::Map::new();
        null_cond.insert(
            request_tag_key,
            serde_json::Value::String("true".to_string()),
        );
        let null_value = serde_json::Value::Object(null_cond);
        let deny_chain = serde_json::json!({
            "Sid": "DenyTryaudexRoleChaining",
            "Effect": "Deny",
            "Action": [
                "sts:AssumeRole",
                "sts:AssumeRoleWithWebIdentity",
                "sts:AssumeRoleWithSAML"
            ],
            "Resource": "*",
            "Condition": {
                "Null": null_value
            }
        });
        if let Some(stmts) = doc.get_mut("Statement").and_then(|s| s.as_array_mut()) {
            stmts.push(deny);
            stmts.push(deny_chain);
        }
        let json = serde_json::to_string_pretty(&doc)
            .map_err(|e| AvError::InvalidPolicy(e.to_string()))?;
        check_policy_size(&json)?;
        Ok(json)
    }

    /// Generate the AWS IAM policy JSON with optional network conditions.
    pub fn to_iam_policy_json_with_network(
        &self,
        network: Option<&NetworkPolicy>,
    ) -> Result<String> {
        let mut statement = serde_json::json!({
            "Effect": "Allow",
            "Action": self.actions.iter().map(|a| a.to_iam_action()).collect::<Vec<_>>(),
            "Resource": self.resources,
        });

        // Add network conditions if configured
        if let Some(net) = network {
            let mut conditions: HashMap<String, HashMap<String, serde_json::Value>> =
                HashMap::new();

            if !net.allowed_ips.is_empty() {
                let mut ip_cond = HashMap::new();
                ip_cond.insert(
                    "aws:SourceIp".to_string(),
                    serde_json::json!(net.allowed_ips),
                );
                conditions.insert("IpAddress".to_string(), ip_cond);
            }

            if !net.allowed_vpcs.is_empty() {
                let mut vpc_cond = HashMap::new();
                vpc_cond.insert(
                    "aws:SourceVpc".to_string(),
                    serde_json::json!(net.allowed_vpcs),
                );
                conditions
                    .entry("StringEquals".to_string())
                    .or_default()
                    .extend(vpc_cond);
            }

            if !net.allowed_vpc_endpoints.is_empty() {
                let mut vpce_cond = HashMap::new();
                vpce_cond.insert(
                    "aws:SourceVpce".to_string(),
                    serde_json::json!(net.allowed_vpc_endpoints),
                );
                conditions
                    .entry("StringEquals".to_string())
                    .or_default()
                    .extend(vpce_cond);
            }

            if !conditions.is_empty() {
                statement["Condition"] = serde_json::json!(conditions);
            }
        }

        let policy = serde_json::json!({
            "Version": "2012-10-17",
            "Statement": [statement]
        });
        let json = serde_json::to_string_pretty(&policy)
            .map_err(|e| AvError::InvalidPolicy(e.to_string()))?;

        check_policy_size(&json)?;
        Ok(json)
    }

    /// Check all actions against a deny list. Returns error if any action is denied.
    pub fn enforce_deny_list(&self, deny: &[String]) -> Result<()> {
        let deny_patterns: Vec<ActionPattern> = deny
            .iter()
            .filter_map(|d| match ActionPattern::parse(d) {
                Ok(p) => Some(p),
                Err(e) => {
                    tracing::warn!(pattern = %d, error = %e, "Skipping unparseable deny pattern");
                    None
                }
            })
            .collect();

        for action in &self.actions {
            for deny_pattern in &deny_patterns {
                if deny_pattern.matches(action) {
                    return Err(AvError::InvalidPolicy(format!(
                        "Action '{}' is blocked by deny list rule '{}'",
                        action.to_iam_action(),
                        deny_pattern.to_iam_action()
                    )));
                }
            }
        }
        Ok(())
    }

    /// Provider-aware deny list enforcement. Parses deny patterns using
    /// the correct format for each provider (colon-separated for AWS,
    /// dot-separated for GCP, slash-separated for Azure).
    pub fn enforce_deny_list_for_provider(
        &self,
        deny: &[String],
        provider: crate::session::CloudProvider,
    ) -> Result<()> {
        use crate::session::CloudProvider;
        let parser: fn(&str) -> Result<ActionPattern> = match provider {
            CloudProvider::Gcp => ActionPattern::parse_gcp,
            CloudProvider::Azure => ActionPattern::parse_azure,
            CloudProvider::Aws => ActionPattern::parse,
        };

        let deny_patterns: Vec<ActionPattern> = deny
            .iter()
            .filter_map(|d| match parser(d) {
                Ok(p) => Some(p),
                Err(e) => {
                    tracing::warn!(pattern = %d, error = %e, "Skipping unparseable deny pattern");
                    None
                }
            })
            .collect();

        for action in &self.actions {
            for deny_pattern in &deny_patterns {
                if deny_pattern.matches(action) {
                    let action_str = match provider {
                        CloudProvider::Gcp => action.to_gcp_permission(),
                        CloudProvider::Azure => action.to_azure_permission(),
                        CloudProvider::Aws => action.to_iam_action(),
                    };
                    let deny_str = match provider {
                        CloudProvider::Gcp => deny_pattern.to_gcp_permission(),
                        CloudProvider::Azure => deny_pattern.to_azure_permission(),
                        CloudProvider::Aws => deny_pattern.to_iam_action(),
                    };
                    return Err(AvError::InvalidPolicy(format!(
                        "Action '{}' is blocked by deny list rule '{}'",
                        action_str, deny_str
                    )));
                }
            }
        }
        Ok(())
    }

    /// List the services involved in this policy.
    pub fn services(&self) -> Vec<String> {
        let mut services: Vec<String> = self.actions.iter().map(|a| a.service.clone()).collect();
        services.sort();
        services.dedup();
        services
    }
}

/// Glob matching: `*` matches any sequence of characters, `?` matches a single
/// character. IAM uses both wildcards in action and resource patterns.
/// Uses an iterative two-pointer approach (O(n*m) worst case, no stack overflow).
fn glob_match(pattern: &str, text: &str) -> bool {
    let pat = pattern.as_bytes();
    let txt = text.as_bytes();
    let (mut pi, mut ti) = (0usize, 0usize);
    let (mut star_pi, mut star_ti) = (usize::MAX, 0usize);

    while ti < txt.len() {
        if pi < pat.len() && (pat[pi] == b'?' || pat[pi] == txt[ti]) {
            pi += 1;
            ti += 1;
        } else if pi < pat.len() && pat[pi] == b'*' {
            star_pi = pi;
            star_ti = ti;
            pi += 1; // try matching * with empty sequence first
        } else if star_pi != usize::MAX {
            // backtrack: let the last * consume one more character
            pi = star_pi + 1;
            star_ti += 1;
            ti = star_ti;
        } else {
            return false;
        }
    }
    // Consume trailing *'s in pattern
    while pi < pat.len() && pat[pi] == b'*' {
        pi += 1;
    }
    pi == pat.len()
}

/// List every AWS IAM action that could remove or overwrite a tag. The
/// Check that the final policy JSON fits within the STS URL-encoded size limit.
fn check_policy_size(pretty_json: &str) -> Result<()> {
    let doc: serde_json::Value =
        serde_json::from_str(pretty_json).map_err(|e| AvError::InvalidPolicy(e.to_string()))?;
    let compact = serde_json::to_string(&doc).map_err(|e| AvError::InvalidPolicy(e.to_string()))?;
    let encoded_len = urlencoding::encode(&compact).len();
    if encoded_len > MAX_POLICY_URL_ENCODED_SIZE {
        return Err(AvError::InvalidPolicy(format!(
            "Session policy is {} bytes URL-encoded (max {}). \
             Reduce the number of actions or split into multiple sessions.",
            encoded_len, MAX_POLICY_URL_ENCODED_SIZE
        )));
    }
    Ok(())
}

/// `aws:TagKeys` condition constrains these denies to actions where the
/// tryaudex-session key is the one being touched, so the agent can still
/// freely manage unrelated tags on their own resources.
fn tag_mutation_actions() -> Vec<&'static str> {
    vec![
        // ec2 uses a non-standard tag API
        "ec2:DeleteTags",
        "ec2:CreateTags",
        // Generic tagging APIs — cover the cross-service paths
        "tag:UntagResources",
        "tag:TagResources",
        // s3 — bucket-level and object-level tagging
        "s3:DeleteBucketTagging",
        "s3:PutBucketTagging",
        "s3:PutObjectTagging",
        "s3:DeleteObjectTagging",
        "s3:PutObjectVersionTagging",
        // per-service Untag* / Remove*Tags — common agent-accessible services
        "dynamodb:UntagResource",
        "dynamodb:TagResource",
        "sns:UntagResource",
        "sns:TagResource",
        "sqs:UntagQueue",
        "sqs:TagQueue",
        "lambda:UntagResource",
        "lambda:TagResource",
        "rds:RemoveTagsFromResource",
        "rds:AddTagsToResource",
        // IAM supports wildcards in action names, and Tag*/Untag* cover
        // Role, User, Policy, InstanceProfile, OpenIDConnectProvider, etc.
        // Using wildcards instead of listing each variant keeps the inlined
        // session policy under the STS 2048-byte URL-encoded limit once the
        // R6-H6 sts:AssumeRole chaining deny is also included.
        "iam:Untag*",
        "iam:Tag*",
        "secretsmanager:UntagResource",
        "secretsmanager:TagResource",
        "ssm:RemoveTagsFromResource",
        "ssm:AddTagsToResource",
        "cloudformation:UntagResource",
        "cloudformation:TagResource",
        "ecr:UntagResource",
        "ecr:TagResource",
        "kms:UntagResource",
        "kms:TagResource",
        "logs:UntagLogGroup",
        "logs:TagLogGroup",
        // STS session tagging
        "sts:TagSession",
        // ECS / EKS
        "ecs:UntagResource",
        "ecs:TagResource",
        "eks:UntagResource",
        "eks:TagResource",
        // ELB / ALB
        "elasticloadbalancing:RemoveTags",
        "elasticloadbalancing:AddTags",
        // NOTE: Additional services (ElastiCache, Route53, Redshift, CloudWatch,
        // EventBridge, SageMaker, Glue, etc.) are covered by the generic
        // `tag:UntagResources` / `tag:TagResources` entries above. Listing
        // every service would exceed the STS inline policy size limit (2048
        // bytes URL-encoded).
    ]
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_parse_action() {
        let action = ActionPattern::parse("s3:GetObject").unwrap();
        assert_eq!(action.service, "s3");
        assert_eq!(action.action, "GetObject");
    }

    #[test]
    fn test_parse_wildcard_action() {
        let action = ActionPattern::parse("lambda:Update*").unwrap();
        assert_eq!(action.service, "lambda");
        assert_eq!(action.action, "Update*");
    }

    #[test]
    fn test_invalid_action() {
        assert!(ActionPattern::parse("invalid").is_err());
    }

    #[test]
    fn test_from_allow_str() {
        let policy =
            ScopedPolicy::from_allow_str("s3:GetObject, lambda:UpdateFunctionCode").unwrap();
        assert_eq!(policy.actions.len(), 2);
    }

    #[test]
    fn test_from_allow_str_with_resources() {
        let policy = ScopedPolicy::from_allow_str_with_resources(
            "s3:GetObject",
            Some("arn:aws:s3:::my-bucket/*,arn:aws:s3:::my-bucket"),
        )
        .unwrap();
        assert_eq!(policy.resources.len(), 2);
        assert_eq!(policy.resources[0], "arn:aws:s3:::my-bucket/*");
        assert_eq!(policy.resources[1], "arn:aws:s3:::my-bucket");
    }

    #[test]
    fn test_from_allow_str_default_resources() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        assert_eq!(policy.resources, vec!["*"]);
    }

    #[test]
    fn test_to_iam_policy_json() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let json = policy.to_iam_policy_json().unwrap();
        assert!(json.contains("s3:GetObject"));
        assert!(json.contains("2012-10-17"));
    }

    #[test]
    fn tag_lock_appends_deny_statement_bound_to_key() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let json = policy
            .to_iam_policy_json_with_tag_lock("tryaudex-session")
            .unwrap();
        let doc: serde_json::Value = serde_json::from_str(&json).unwrap();
        let stmts = doc["Statement"].as_array().unwrap();
        // R6-H6 added a third statement blocking sts:AssumeRole chaining
        // without the session tag; the full policy is now Allow + tag
        // removal Deny + role chain Deny.
        assert_eq!(
            stmts.len(),
            3,
            "expected Allow + tag-removal Deny + role-chain Deny statements"
        );
        let deny = &stmts[1];
        assert_eq!(deny["Effect"], "Deny");
        assert_eq!(deny["Sid"], "DenyTryaudexTagRemoval");
        assert_eq!(
            deny["Condition"]["ForAnyValue:StringEquals"]["aws:TagKeys"][0],
            "tryaudex-session"
        );
        // Spot-check that the Deny action list covers the critical paths.
        let actions = deny["Action"].as_array().unwrap();
        let action_strs: Vec<&str> = actions.iter().filter_map(|v| v.as_str()).collect();
        assert!(action_strs.contains(&"ec2:DeleteTags"));
        assert!(action_strs.contains(&"tag:UntagResources"));
        assert!(action_strs.contains(&"s3:DeleteBucketTagging"));
        // After compression, IAM tag actions are covered by wildcards
        // rather than per-resource variants (kept the policy under the
        // STS 2048-byte URL-encoded limit with R6-H6 present).
        assert!(action_strs.contains(&"iam:Tag*"));
        assert!(action_strs.contains(&"iam:Untag*"));

        // R6-H6 role-chain deny statement.
        let role_chain_deny = &stmts[2];
        assert_eq!(role_chain_deny["Effect"], "Deny");
        assert_eq!(role_chain_deny["Sid"], "DenyTryaudexRoleChaining");
        let chain_actions = role_chain_deny["Action"].as_array().unwrap();
        let chain_action_strs: Vec<&str> =
            chain_actions.iter().filter_map(|v| v.as_str()).collect();
        assert!(chain_action_strs.contains(&"sts:AssumeRole"));
    }

    #[test]
    fn tag_lock_with_none_key_is_noop() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let base = policy.to_iam_policy_json_with_network(None).unwrap();
        let with_none = policy
            .to_iam_policy_json_with_network_and_tag_lock(None, None)
            .unwrap();
        assert_eq!(base, with_none);
    }

    #[test]
    fn test_wildcard_matches() {
        let deny = ActionPattern::parse("iam:*").unwrap();
        let action = ActionPattern::parse("iam:CreateRole").unwrap();
        assert!(deny.matches(&action));
    }

    #[test]
    fn test_prefix_wildcard_matches() {
        let deny = ActionPattern::parse("lambda:Update*").unwrap();
        let update = ActionPattern::parse("lambda:UpdateFunctionCode").unwrap();
        let get = ActionPattern::parse("lambda:GetFunction").unwrap();
        assert!(deny.matches(&update));
        assert!(!deny.matches(&get));
    }

    #[test]
    fn test_wildcard_no_cross_service() {
        let deny = ActionPattern::parse("iam:*").unwrap();
        let action = ActionPattern::parse("s3:GetObject").unwrap();
        assert!(!deny.matches(&action));
    }

    #[test]
    fn test_deny_list_blocks_action() {
        let policy = ScopedPolicy::from_allow_str("iam:CreateRole,s3:GetObject").unwrap();
        let deny = vec!["iam:*".to_string()];
        let result = policy.enforce_deny_list(&deny);
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("iam:CreateRole"));
    }

    #[test]
    fn test_deny_list_allows_safe_actions() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject,s3:ListBucket").unwrap();
        let deny = vec!["iam:*".to_string(), "organizations:*".to_string()];
        assert!(policy.enforce_deny_list(&deny).is_ok());
    }

    #[test]
    fn test_parse_gcp_permission() {
        let action = ActionPattern::parse_gcp("storage.objects.get").unwrap();
        assert_eq!(action.service, "storage");
        assert_eq!(action.action, "objects.get");
        assert_eq!(action.to_gcp_permission(), "storage.objects.get");
    }

    #[test]
    fn test_from_gcp_allow_str() {
        let policy =
            ScopedPolicy::from_gcp_allow_str("storage.objects.get, compute.instances.list")
                .unwrap();
        assert_eq!(policy.actions.len(), 2);
        assert_eq!(policy.actions[0].to_gcp_permission(), "storage.objects.get");
        assert_eq!(
            policy.actions[1].to_gcp_permission(),
            "compute.instances.list"
        );
    }

    #[test]
    fn test_gcp_permission_invalid() {
        assert!(ActionPattern::parse_gcp("invalidpermission").is_err());
    }

    #[test]
    fn test_parse_azure_permission() {
        let action = ActionPattern::parse_azure("Microsoft.Storage/storageAccounts/read").unwrap();
        assert_eq!(action.service, "Microsoft.Storage");
        assert_eq!(action.action, "storageAccounts/read");
        assert_eq!(
            action.to_azure_permission(),
            "Microsoft.Storage/storageAccounts/read"
        );
    }

    #[test]
    fn test_from_azure_allow_str() {
        let policy = ScopedPolicy::from_azure_allow_str(
            "Microsoft.Storage/storageAccounts/read, Microsoft.Compute/virtualMachines/read",
        )
        .unwrap();
        assert_eq!(policy.actions.len(), 2);
        assert_eq!(
            policy.actions[0].to_azure_permission(),
            "Microsoft.Storage/storageAccounts/read"
        );
        assert_eq!(
            policy.actions[1].to_azure_permission(),
            "Microsoft.Compute/virtualMachines/read"
        );
    }

    #[test]
    fn test_azure_permission_invalid() {
        assert!(ActionPattern::parse_azure("invalidpermission").is_err());
    }

    #[test]
    fn test_network_policy_ip_condition() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let network = NetworkPolicy {
            allowed_ips: vec!["10.0.0.0/8".to_string(), "203.0.113.5".to_string()],
            allowed_vpcs: vec![],
            allowed_vpc_endpoints: vec![],
        };
        let json = policy
            .to_iam_policy_json_with_network(Some(&network))
            .unwrap();
        assert!(json.contains("aws:SourceIp"));
        assert!(json.contains("10.0.0.0/8"));
        assert!(json.contains("IpAddress"));
    }

    #[test]
    fn test_network_policy_vpc_condition() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let network = NetworkPolicy {
            allowed_ips: vec![],
            allowed_vpcs: vec!["vpc-abc123".to_string()],
            allowed_vpc_endpoints: vec!["vpce-xyz789".to_string()],
        };
        let json = policy
            .to_iam_policy_json_with_network(Some(&network))
            .unwrap();
        assert!(json.contains("aws:SourceVpc"));
        assert!(json.contains("vpc-abc123"));
        assert!(json.contains("aws:SourceVpce"));
        assert!(json.contains("vpce-xyz789"));
        assert!(json.contains("StringEquals"));
    }

    #[test]
    fn test_no_network_policy() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let json = policy.to_iam_policy_json_with_network(None).unwrap();
        assert!(!json.contains("Condition"));
    }
}