import { logger } from './logger';

export interface RiskProfile {
  level: 'low' | 'medium' | 'high';
  confidence: number;
  reasons: string[];
}

export interface ModelRoute {
  model: 'opus-4.6' | 'kimi-k2' | 'sonnet-4';
  reason: string;
}

/**
 * Detects if input data is "dirty" (external/untrusted) and assigns risk level
 */
export class DirtyDataDetector {
  private static readonly HIGH_RISK_PATTERNS = [
    // Email patterns
    /^From:\s+/mi, // Email headers
    /^Subject:\s+/mi,
    /^To:\s+/mi,
    /^Reply-To:\s+/mi,
    
    // HTML/script injection patterns
    /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,
    /javascript:/gi,
    /on\w+\s*=/gi, // Event handlers like onclick, onload
    /data:text\/html/gi,
    
    // External URL patterns
    /^https?:\/\/[^\/]+/i, // External URLs at start
    /\b(https?:\/\/[^\s]+)/gi, // Any HTTP URLs
    
    // User upload patterns
    /\[ATTACHMENT\]|\[UPLOAD\]|file:\/\//gi,
    /\.(exe|dll|bat|cmd|scr|pif|vbs|js|jar|apk)$/i, // Suspicious file extensions
    
    // Scraping indicators
    /scraped\s+(from|at|on)\s+/i,
    /web\s+scraping/i,
    /crawled\s+content/i,
    /extracted\s+from\s+/i,
    
    // Form data patterns
    /form-data/i,
    /multipart\/form-data/i,
    /boundary=/i,
    
    // XSS patterns
    /<(iframe|object|embed|form)\b/i,
    /&lt;.*&gt;/g, // HTML entities
    
    // SQL injection patterns (basic)
    /(\bunion\b.*\bselect\b|\bdrop\s+table\b|\binsert\s+into\b|\bdelete\s+from\b)/i,
    
    // Potential prompt injection
    /ignore\s+previous\s+instructions/i,
    /system:\s*/i,
    /you\s+are\s+now\s+/i,
    /disregard\s+all\s+prior/i,
    /new\s+persona:/i,
    /roleplay\s+as/i,
  ];

  private static readonly MEDIUM_RISK_PATTERNS = [
    // Common web content patterns
    /&[a-z]+;/i, // HTML entities
    /<[^>]+>/g, // HTML tags
    /\[\d+\]/g, // Reference numbers
    
    // Markdown patterns (could be from external sources)
    /!\[.*?\]\(.*?\)/g, // Images
    /\[.*?\]\(.*?\)/g, // Links
    
    // JSON/XML patterns
    /^\s*\{/s, // JSON object start
    /^\s*\[/s, // JSON array start
    /^\s*</s, // XML start
    
    // API response patterns
    /"status":\s*\d+/i,
    /"error":\s*\{/i,
    /"data":\s*\[/i,
  ];

  private static readonly LOW_RISK_PATTERNS = [
    // Internal system patterns
    /^\[SYSTEM\]/i,
    /^\[INTERNAL\]/i,
    /^\[VETTED\]/i,
    
    // Known safe formats
    /^[\w\s.,!?-]+$/, // Plain text only
    /^\d{4}-\d{2}-\d{2}$/, // Date format
    /^\d+\.?\d*$/, // Numbers only
  ];

  /**
   * Analyze input data and return risk profile
   */
  static analyze(data: string, metadata?: Record<string, any>): RiskProfile {
    const reasons: string[] = [];
    let riskScore = 0;

    // Check for high-risk patterns
    for (const pattern of this.HIGH_RISK_PATTERNS) {
      if (pattern.test(data)) {
        riskScore += 3;
        reasons.push(`High-risk pattern detected: ${pattern.toString()}`);
      }
    }

    // Check for medium-risk patterns
    for (const pattern of this.MEDIUM_RISK_PATTERNS) {
      if (pattern.test(data)) {
        riskScore += 1;
        reasons.push(`Medium-risk pattern detected: ${pattern.toString()}`);
      }
    }

    // Check metadata for source indicators
    if (metadata) {
      if (metadata.source === 'email') {
        riskScore += 3;
        reasons.push('Source identified as email');
      }
      if (metadata.source === 'web-scraping') {
        riskScore += 3;
        reasons.push('Source identified as web scraping');
      }
      if (metadata.source === 'user-upload') {
        riskScore += 3;
        reasons.push('Source identified as user upload');
      }
      if (metadata.source === 'external-api') {
        riskScore += 2;
        reasons.push('Source identified as external API');
      }
      if (metadata.source === 'internal') {
        riskScore -= 2;
        reasons.push('Source identified as internal');
      }
      if (metadata.vetted === true) {
        riskScore = Math.max(0, riskScore - 3);
        reasons.push('Content marked as vetted');
      }
    }

    // Check for low-risk patterns (reduces score)
    for (const pattern of this.LOW_RISK_PATTERNS) {
      if (pattern.test(data)) {
        riskScore = Math.max(0, riskScore - 1);
        reasons.push(`Low-risk pattern detected: ${pattern.toString()}`);
      }
    }

    // Determine risk level based on score
    let level: 'low' | 'medium' | 'high';
    let confidence: number;

    if (riskScore >= 5) {
      level = 'high';
      confidence = Math.min(0.95, 0.7 + (riskScore * 0.05));
    } else if (riskScore >= 2) {
      level = 'medium';
      confidence = 0.7;
    } else {
      level = 'low';
      confidence = 0.9;
    }

    // Log the analysis
    logger.info('Risk analysis completed', {
      riskLevel: level,
      riskScore,
      confidence,
      reasons: reasons.slice(0, 3), // Log top 3 reasons
      dataLength: data.length,
      hasMetadata: !!metadata,
    });

    return {
      level,
      confidence,
      reasons,
    };
  }

  /**
   * Quick check if data is potentially dirty
   */
  static isPotentiallyDirty(data: string): boolean {
    // Fast pre-check for obvious dirty patterns
    return this.HIGH_RISK_PATTERNS.some(pattern => pattern.test(data));
  }
}