protectsField('snapshot', 'password'))->toBeTrue(); expect($service->protectsField('snapshot', 'clientSecret'))->toBeTrue(); expect($service->protectsField('snapshot', 'passwordMinimumLength'))->toBeFalse(); expect($service->protectsField('snapshot', 'tokenType'))->toBeFalse(); }); it('supports exact path-based protection decisions', function (): void { $service = app(SecretClassificationService::class); expect($service->protectsField('snapshot', 'password', '/wifi/password'))->toBeTrue(); expect($service->protectsField('snapshot', 'passwordMinimumLength', '/settings/passwordMinimumLength'))->toBeFalse(); });