<?php

declare(strict_types=1);

use App\Support\Audit\AuditContextSanitizer;

it('redacts protected audit fields recursively', function (): void {
    $sanitized = AuditContextSanitizer::sanitize([
        'token' => 'super-secret',
        'nested' => [
            'client_secret' => 'another-secret',
        ],
        'notes' => 'Authorization: Bearer abc.def.ghi',
    ]);

    expect(data_get($sanitized, 'token'))->toBe('[REDACTED]')
        ->and(data_get($sanitized, 'nested.client_secret'))->toBe('[REDACTED]')
        ->and(data_get($sanitized, 'notes'))->toBe('[REDACTED]');
});

it('truncates oversized strings and arrays before they reach the audit log', function (): void {
    $items = collect(range(1, 55))
        ->mapWithKeys(static fn (int $index): array => ["key_{$index}" => "value_{$index}"])
        ->all();

    $sanitized = AuditContextSanitizer::sanitize([
        'message' => str_repeat('x', 600),
        'items' => $items,
    ]);

    expect((string) data_get($sanitized, 'message'))->toEndWith(' [truncated]')
        ->and(data_get($sanitized, 'items.truncated'))->toBeTrue()
        ->and(array_key_exists('key_50', $sanitized['items']))->toBeTrue()
        ->and(array_key_exists('key_51', $sanitized['items']))->toBeFalse();
});