/**
 * Safety filter — determines if a query/response pair is safe to cache.
 * Prevents caching of PII, user-specific context, multi-turn follow-ups,
 * slash commands, and media content.
 */

export interface SafetyResult {
  isCacheable: boolean;
  flags: Record<string, boolean>;
}

// Patterns that indicate PII or user-specific context (never cache)
const PII_PATTERNS = [
  /@\w+/,                                    // @username mentions
  /\b\d{5,}\b/,                              // telegram IDs or long number sequences
  /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/, // full email addresses
  /\b\w+@\w+\b/,                            // partial email-like patterns (user@domain)
  /\b\d{3}[-.\s]?\d{3}[-.\s]?\d{4}\b/,      // phone numbers (US format)
  /\b\+\d{10,}\b/,                           // international phone numbers
  /\bid:\s*\d{6,}\b/i,                       // Telegram-style IDs (id: 1234567)
  /\btg:\/\//,                               // Telegram deep links
  /\b0x[a-fA-F0-9]{20,}\b/,                 // Ethereum/crypto wallet addresses
  /\b(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,}\b/,  // Bitcoin addresses
  /\b[A-Z0-9]{8,}-[A-Z0-9]{4,}\b/,          // Bet IDs / reference numbers
  /\b(ref|referral|affiliate)[:\s]*[A-Za-z0-9]+\b/i, // Affiliate/referral codes
  /\b(token|session|auth)[=:]\s*[A-Za-z0-9_-]{10,}\b/i, // Session tokens
];

const USER_SPECIFIC_PATTERNS = [
  /\b(my picks|my bets|my bankroll|my parlay|my account|my balance|my wallet|my portfolio)\b/i,
  /\b(you told me|you said|last time|earlier you|remember when|you mentioned|you recommended)\b/i,
  /\b(i bet|i wagered|i put|i placed|i took|i deposited|i withdrew)\b/i,
  /\b(my record|my streak|my history|my profit|my losses|my units)\b/i,
  /\b(my team|my favorite|my lineup|my roster)\b/i,
  /\b(send me|email me|text me|dm me|message me)\b/i,
];

// Response-specific patterns — block caching responses that address the user personally
const RESPONSE_PERSONAL_PATTERNS = [
  /\b(based on your|your previous|your betting|your bankroll|your picks|your history)\b/i,
  /\b(you previously|you asked|you mentioned|you told|as you requested|you said)\b/i,
  /\b(your account|your balance|your portfolio|your record|your streak)\b/i,
  /\b(I remember you|as we discussed|from our conversation)\b/i,
];

const SLASH_COMMAND_PATTERN = /^\//;
const MEDIA_PATTERN = /\[(sent image|media attached|photo|video|sticker|voice|document)/i;

// Minimum query length to be cacheable (short queries are likely follow-ups)
const MIN_QUERY_LENGTH = 15;

// Sports entity indicators (if present, more likely cacheable even if short)
const SPORTS_ENTITY_PATTERN = /\b(nba|nfl|nhl|mlb|ncaab|ncaaf|epl|spread|moneyline|total|props?|odds|over|under|points|rebounds|assists)\b/i;

// Team abbreviation pattern (3 uppercase letters)
const TEAM_ABBR_PATTERN = /\b[A-Z]{2,3}\b/;

export function checkSafety(query: string, response?: string): SafetyResult {
  const flags: Record<string, boolean> = {};

  // Check query
  if (SLASH_COMMAND_PATTERN.test(query.trim())) {
    flags.slash_command = true;
    return { isCacheable: false, flags };
  }

  if (MEDIA_PATTERN.test(query)) {
    flags.media_content = true;
    return { isCacheable: false, flags };
  }

  for (const pattern of PII_PATTERNS) {
    if (pattern.test(query)) {
      flags.pii_in_query = true;
      return { isCacheable: false, flags };
    }
  }

  for (const pattern of USER_SPECIFIC_PATTERNS) {
    if (pattern.test(query)) {
      flags.user_specific_query = true;
      return { isCacheable: false, flags };
    }
  }

  // Short queries without sports entities are likely follow-ups
  if (query.length < MIN_QUERY_LENGTH &&
      !SPORTS_ENTITY_PATTERN.test(query) &&
      !TEAM_ABBR_PATTERN.test(query)) {
    flags.short_no_entity = true;
    return { isCacheable: false, flags };
  }

  // Check response if provided
  if (response) {
    for (const pattern of PII_PATTERNS) {
      if (pattern.test(response)) {
        flags.pii_in_response = true;
        return { isCacheable: false, flags };
      }
    }

    for (const pattern of USER_SPECIFIC_PATTERNS) {
      if (pattern.test(response)) {
        flags.user_specific_response = true;
        return { isCacheable: false, flags };
      }
    }

    // Response-specific personal addressing patterns
    for (const pattern of RESPONSE_PERSONAL_PATTERNS) {
      if (pattern.test(response)) {
        flags.personal_response = true;
        return { isCacheable: false, flags };
      }
    }
  }

  return { isCacheable: true, flags };
}