aaaaa

app/agent/honeypot.py

@@ -396,34 +396,6 @@ class HoneypotAgent:
         )
         return natural_response
     
-    def _pick_unique_response(self, alternatives: List[str], messages: List[Dict] = None) -> str:
-        """
-        Pick a response that hasn't been used recently in the conversation.
-        
-        Args:
-            alternatives: List of possible responses
-            messages: Conversation history to check for recently used responses
-            
-        Returns:
-            A response that wasn't recently used (or random if all were used)
-        """
-        import random
-        
-        # Get recent agent messages (last 5) to avoid repetition
-        recent_agent_msgs = set()
-        if messages:
-            agent_msgs = [m.get("message", "").lower().strip() for m in messages if m.get("sender") == "agent"]
-            recent_agent_msgs = set(agent_msgs[-5:])  # Last 5 agent messages
-        
-        # Filter out alternatives that were recently used
-        available = [alt for alt in alternatives if alt.lower().strip() not in recent_agent_msgs]
-        
-        # If all were used, reset and pick any
-        if not available:
-            available = alternatives
-        
-        return random.choice(available)
-    
     def _filter_bot_response(
         self, 
         response: str, 
@@ -534,28 +506,35 @@ class HoneypotAgent:
         
         # PRIORITY 0: Handle OTP requests with VARIED responses
         if scammer_asking_otp:
-            # Combine all OTP alternatives and pick one that hasn't been used
-            all_otp_alternatives = [
-                # Confused responses
-                "OTP? I didn't receive any message on my phone. Can you send it again?",
-                "I don't see any OTP on my phone. Where does it come from?",
-                "What OTP? I checked my messages but nothing came. Please resend!",
-                "No OTP on my phone... Maybe give me your UPI and I'll send money directly?",
-                "OTP not received yet. Let me check again... No, nothing here!",
-                # Offer alternatives
-                "Still no OTP! Maybe network issue? Give me your UPI, I'll send directly!",
-                "I keep checking but no OTP! Can you call me? What's your number?",
-                "OTP still not coming! Let me do bank transfer instead - give me account number!",
-                "My phone is not getting OTP! Can I send money to your UPI instead?",
-                "Nothing received! Maybe give me your phone number and I'll call you?",
-                # Frustrated responses
-                "Sir I've checked 10 times, no OTP! My phone might have problem. Just give me UPI!",
-                "I don't know why OTP is not coming! Please just tell me where to send money!",
-                "OTP problem is frustrating me also! Let me call you - what's your number?",
-                "Forget OTP! Give me bank account, I'll do NEFT transfer directly!",
-                "This OTP is not working! Tell me another way to send the money!",
-            ]
-            return self._pick_unique_response(all_otp_alternatives, messages)
+            # Vary response based on how many times they've asked for OTP
+            if otp_ask_count <= 1:
+                # First time - be confused about OTP
+                alternatives = [
+                    "OTP? I didn't receive any message on my phone. Can you send it again?",
+                    "I don't see any OTP on my phone. Where does it come from?",
+                    "What OTP? I checked my messages but nothing came. Please resend!",
+                    "No OTP on my phone... Maybe give me your UPI and I'll send money directly?",
+                    "OTP not received yet. Let me check again... No, nothing here!",
+                ]
+            elif otp_ask_count <= 3:
+                # They've asked multiple times - offer alternatives
+                alternatives = [
+                    "Still no OTP! Maybe network issue? Give me your UPI, I'll send directly!",
+                    "I keep checking but no OTP! Can you call me? What's your number?",
+                    "OTP still not coming! Let me do bank transfer instead - give me account number!",
+                    "My phone is not getting OTP! Can I send money to your UPI instead?",
+                    "Nothing received! Maybe give me your phone number and I'll call you?",
+                ]
+            else:
+                # They've asked many times - get frustrated but still offer to pay
+                alternatives = [
+                    "Sir I've checked 10 times, no OTP! My phone might have problem. Just give me UPI!",
+                    "I don't know why OTP is not coming! Please just tell me where to send money!",
+                    "OTP problem is frustrating me also! Let me call you - what's your number?",
+                    "Forget OTP! Give me bank account, I'll do NEFT transfer directly!",
+                    "This OTP is not working! Tell me another way to send the money!",
+                ]
+            return random.choice(alternatives)
         
         # PRIORITY 1: Respond to scammer's question/confusion FIRST
         if scammer_asking_for_number:
@@ -567,7 +546,7 @@ class HoneypotAgent:
                 "I want to save YOUR number! What is your phone number?",
                 "Your contact number! Tell me, I'll save it and then send money!",
             ]
-            return self._pick_unique_response(alternatives, messages)
+            return random.choice(alternatives)
         
         if scammer_confused:
             # Scammer is confused - clarify what we want
@@ -595,7 +574,7 @@ class HoneypotAgent:
                     "Sorry, I don't understand technology well. Guide me step by step!",
                     "Can you explain again? I really want to do this correctly!",
                 ]
-            return self._pick_unique_response(alternatives, messages)
+            return random.choice(alternatives)
         
         if scammer_said_already_told:
             # Scammer frustrated that they already gave info - acknowledge and proceed
@@ -642,7 +621,7 @@ class HoneypotAgent:
                     "Apologies! I noted it wrong. Let me try again!",
                     "Yes, I remember now! Processing the payment...",
                 ]
-            return self._pick_unique_response(alternatives, messages)
+            return random.choice(alternatives)
         
         # PRIORITY 2: Respond based on what scammer just provided
         if gave_upi_now:
@@ -671,7 +650,7 @@ class HoneypotAgent:
                     "Noted! Last thing - confirm the beneficiary name?",
                     "OK! What name should I put for the transfer?",
                 ]
-            return self._pick_unique_response(alternatives, messages)
+            return random.choice(alternatives)
         
         if gave_number_now:
             # They just gave phone number - acknowledge and ask for what we don't have
@@ -699,7 +678,7 @@ class HoneypotAgent:
                     "Perfect! Confirm full name as per bank records?",
                     "Got it! What name will show on my transaction?",
                 ]
-            return self._pick_unique_response(alternatives, messages)
+            return random.choice(alternatives)
         
         # PRIORITY 3: Generate response based on what we still need
         # CORRECT ORDER: UPI -> Phone -> Bank Account -> IFSC -> Name (once only)
@@ -756,7 +735,7 @@ class HoneypotAgent:
                 "OK! Making the payment with these details.",
             ]
         
-        return self._pick_unique_response(alternatives, messages)
+        return random.choice(alternatives)
     
     def _generate_fallback_response(
         self, 
@@ -836,149 +815,159 @@ class HoneypotAgent:
         
         # PRIORITY 0: Handle OTP requests with varied responses
         if scammer_asking_otp:
-            # Combine all OTP alternatives and pick unique one
-            all_otp_alternatives = [
-                "OTP? I didn't receive any message. Can you send it again?",
-                "I don't see any OTP on my phone. Where does it come from?",
-                "What OTP? Nothing came to my phone. Please resend!",
-                "Still no OTP! Give me your UPI, I'll send money directly!",
-                "OTP not coming! Can you call me? What's your number?",
-                "OTP still not received! Let me do bank transfer - give me account!",
-                "Sir, no OTP even now! Just give me UPI or bank account!",
-                "Forget OTP! Tell me where to send money - UPI or bank!",
-                "OTP problem! Let me call you - what's your number?",
-                "My phone doesn't show any OTP. Maybe network problem?",
-                "I checked 5 times, no OTP! Can I just send to your UPI?",
-                "OTP not received! Give me your bank account, I'll do NEFT.",
-            ]
-            return self._pick_unique_response(all_otp_alternatives, all_messages)
+            if otp_ask_count <= 1:
+                return random.choice([
+                    "OTP? I didn't receive any message. Can you send it again?",
+                    "I don't see any OTP on my phone. Where does it come from?",
+                    "What OTP? Nothing came to my phone. Please resend!",
+                ])
+            elif otp_ask_count <= 3:
+                return random.choice([
+                    "Still no OTP! Give me your UPI, I'll send money directly!",
+                    "OTP not coming! Can you call me? What's your number?",
+                    "OTP still not received! Let me do bank transfer - give me account!",
+                ])
+            else:
+                return random.choice([
+                    "Sir, no OTP even now! Just give me UPI or bank account!",
+                    "Forget OTP! Tell me where to send money - UPI or bank!",
+                    "OTP problem! Let me call you - what's your number?",
+                ])
         
         # PRIORITY 1: Handle scammer's confusion or frustration
         if scammer_confused:
             if not has_upi:
-                alternatives = [
+                return random.choice([
                     "I want to send you money! Just tell me your UPI ID!",
                     "Sir, where should I send the payment? Give me UPI ID!",
                     "I'm ready to pay! Just tell me where - what's your UPI?",
-                ]
+                ])
             elif not has_phone:
-                alternatives = [
+                return random.choice([
                     "I want your phone number to call if there's problem!",
                     "Give me your number so I can confirm the payment!",
                     "What's your phone number? I'll call you after sending!",
-                ]
+                ])
             else:
-                alternatives = [
+                return random.choice([
                     "I'm trying to help you! What should I do next?",
                     "Tell me clearly - what exactly do you need from me?",
                     "Can you explain again? I really want to do this correctly!",
-                ]
-            return self._pick_unique_response(alternatives, all_messages)
+                ])
         
         if scammer_said_already:
             # When scammer says "I already sent", check what we ACTUALLY have
             if has_bank and has_ifsc:
                 # We have everything needed for bank transfer
-                alternatives = [
+                return random.choice([
                     "Yes yes, sorry! I see all the details now. Sending the payment!",
                     "Okay okay, I found everything! Processing the transfer now!",
                     "Apologies! I have account and IFSC. Making the payment now!",
                     "Yes, I see it now! Account number and IFSC noted. Transferring...",
-                ]
+                ])
             elif has_bank and not has_ifsc:
                 # We have bank but need IFSC
-                alternatives = [
+                return random.choice([
                     "Yes, I found the account! Just need IFSC code to complete the transfer.",
                     "Sorry, I see the account now! What's the IFSC code?",
                     "Got the account! My bank needs IFSC. Please share!",
-                ]
+                ])
             elif has_upi and has_phone and not has_bank:
                 # We have UPI and phone, need bank
-                alternatives = [
+                return random.choice([
                     "Yes, I have UPI and phone! But UPI is failing. Give me bank account?",
                     "Sorry, I found UPI! But it's showing error. What's your account number?",
                     "Got it! UPI not working. Can I do bank transfer? Account number?",
-                ]
+                ])
             elif has_upi and not has_phone:
-                alternatives = [
+                return random.choice([
                     "Sorry sorry! Yes, I see the UPI now! What's your phone number in case it fails?",
                     "Oh yes, I found it! Sending now. Give me your phone number also please!",
                     "Okay got it! I'm transferring now. What's your number?",
-                ]
+                ])
             elif has_upi and has_phone:
-                alternatives = [
+                return random.choice([
                     "Yes yes, sorry! I'm old and forgetful. I'm doing it now!",
                     "Okay okay, I found it! Let me try again. Please wait!",
                     "Apologies! I noted it wrong. Let me try again!",
-                ]
+                ])
             else:
-                alternatives = [
+                return random.choice([
                     "Sorry, my memory is bad! Please send the details one more time?",
                     "Arey, I couldn't find it! Can you please repeat?",
                     "I missed it, please tell me one more time!",
-                ]
-            return self._pick_unique_response(alternatives, all_messages)
+                ])
         
         # PRIORITY 2: Acknowledge what scammer just gave
         if gave_upi_now and not has_phone:
-            alternatives = [
+            return random.choice([
                 "Okay, got the UPI! Let me try. What's your phone number in case it fails?",
                 "Noted! Sending now. Also give me your number to call if there's problem.",
                 "Got it! What's your phone number? My son wants to verify first.",
-            ]
-            return self._pick_unique_response(alternatives, all_messages)
+            ])
         
         if gave_number_now and not has_upi:
-            alternatives = [
+            return random.choice([
                 "Saved your number! Now tell me where to send - what's your UPI ID?",
                 "Got your number! Now what's the UPI ID for the transfer?",
                 "Number noted! Tell me your UPI ID so I can send the payment.",
-            ]
-            return self._pick_unique_response(alternatives, all_messages)
+            ])
         
         # PRIORITY 3: Ask for what we still need
         # CORRECT ORDER: UPI -> Phone -> Bank Account -> IFSC -> Name (once only)
         if not has_upi:
-            alternatives = [
+            return random.choice([
                 "Okay, I understand! Where should I send the money? What's your UPI ID?",
                 "Yes, I'm ready! Tell me your UPI ID and I'll transfer!",
                 "I want to pay! Just give me your UPI ID!",
-            ]
+            ])
         elif not has_phone:
-            alternatives = [
+            return random.choice([
                 "I've noted the UPI! What's your phone number in case there's any issue?",
                 "Got it! Also give me your number - I'll call to confirm.",
                 "Okay! Sending now. What's your phone number for confirmation?",
-            ]
+            ])
         elif not has_bank:
             # Ask for bank account BEFORE IFSC
-            alternatives = [
+            return random.choice([
                 "UPI is not going through! What's your bank account number?",
                 "Getting error on UPI! Can you give your bank account number?",
                 "Payment stuck! Tell me your bank account number.",
-            ]
+            ])
         elif not has_ifsc:
             # Only ask for IFSC AFTER we have bank account
-            alternatives = [
+            return random.choice([
                 "Got the account number! What's the IFSC code?",
                 "Need IFSC code to complete the transfer. What is it?",
                 "Account noted! What's the IFSC code?",
-            ]
+            ])
         elif not already_asked_name:
             # Only ask for name ONCE
-            alternatives = [
+            return random.choice([
                 "Got all details! What name should appear on the transfer?",
                 "Almost done! What's the account holder name?",
                 "Just need to confirm - what's the beneficiary name?",
-            ]
+            ])
         else:
             # We have everything - confirm and proceed
-            alternatives = [
+            return random.choice([
                 "Perfect! I have all the details. Processing payment now.",
                 "Got everything! Let me send the money.",
                 "All noted! Making the transfer now.",
-            ]
-        return self._pick_unique_response(alternatives, all_messages)
+            ])
+        
+        # Build context from all messages for scam type detection
+        context = last_message
+        if all_messages:
+            context = " ".join(m.get("message", "") for m in all_messages)
+        
+        # Get context-aware response based on scam type
+        response = get_context_aware_response(context, turn_count, language)
+        if response:
+            return response
+        
+        # Fall back to persona sample
+        return get_sample_response(persona, language)
     
     def _extract_intelligence(self, state: HoneypotState) -> Dict[str, Any]:
         """

app/models/extractor.py

@@ -88,12 +88,8 @@ class IntelligenceExtractor:
             # Bank accounts: 9-18 digits (not starting with 0 typically)
             "bank_accounts": r"\b[1-9]\d{8,17}\b",
             
-            # IFSC codes: 4-5 letters + (0 or O) + 6 alphanumeric
-            # Handle common typos:
-            # - O instead of 0 in 5th position
-            # - Extra letter (e.g., SBIIN instead of SBIN)
-            # We're lenient here because we want to CAPTURE scammer data
-            "ifsc_codes": r"\b[A-Z]{4,5}[0O][A-Z0-9]{6}\b",
+            # IFSC codes: 4 letters + 0 + 6 alphanumeric
+            "ifsc_codes": r"\b[A-Z]{4}0[A-Z0-9]{6}\b",
             
             # Phone numbers: Indian mobile format with optional +91
             "phone_numbers": r"(?:\+91[\s\-]?)?(?:0)?[6-9]\d{9}\b",
@@ -165,22 +161,6 @@ class IntelligenceExtractor:
         intel["phone_numbers"] = self._normalize_phone_numbers(intel["phone_numbers"])
         intel["phishing_links"] = self._validate_phishing_links(intel["phishing_links"])
         
-        # Remove any bank accounts that are actually phone numbers
-        # Phone numbers are normalized to +91XXXXXXXXXX format
-        phone_digits = set()
-        for phone in intel["phone_numbers"]:
-            # Extract the 10-digit number from +91XXXXXXXXXX
-            digits = phone.replace("+91", "")
-            phone_digits.add(digits)
-            # Also add with 91 prefix in case it was captured that way
-            phone_digits.add("91" + digits)
-        
-        # Filter out bank accounts that match phone numbers
-        intel["bank_accounts"] = [
-            acc for acc in intel["bank_accounts"]
-            if acc not in phone_digits and acc[-10:] not in phone_digits
-        ]
-        
         # Use spaCy NER for additional entities if available
         if self.nlp is not None:
             self._extract_with_spacy(text, intel)
@@ -266,13 +246,6 @@ class IntelligenceExtractor:
         """
         Validate bank account numbers for precision >85% (AC-3.1.2).
         
-        Bank account numbers in India:
-        - SBI: 11 digits
-        - HDFC: 13-14 digits
-        - ICICI: 12 digits
-        - Axis: 15 digits
-        - Other banks: 9-18 digits
-        
         Args:
             accounts: List of potential account numbers
             
@@ -286,13 +259,13 @@ class IntelligenceExtractor:
             if len(account) < 9 or len(account) > 18:
                 continue
             
-            # Exclude exactly 10-digit numbers starting with 6,7,8,9 (Indian phone numbers)
-            if len(account) == 10 and account[0] in "6789":
+            # Exclude exactly 10 digits (likely phone numbers)
+            if len(account) == 10:
                 continue
             
-            # Exclude if it looks like +91 phone (starts with 91 + 6-9 and is 12 digits)
-            if len(account) == 12 and account[:2] == "91" and account[2] in "6789":
-                continue
+            # Exclude common patterns that aren't accounts
+            # OTPs are typically 4-6 digits (already excluded by length)
+            # PINs are 4-6 digits (already excluded)
             
             # Check for repeated digits (unlikely to be valid account)
             if len(set(account)) == 1:
@@ -307,68 +280,55 @@ class IntelligenceExtractor:
         return list(set(validated))
     
     def _is_sequential(self, number: str) -> bool:
-        """
-        Check if number is an OBVIOUS sequential pattern.
+        """Check if number is a sequential pattern."""
+        if len(number) < 9:
+            return False
         
-        IMPORTANT: For a honeypot, we WANT to capture ALL data scammers provide,
-        even if it looks like a test/sequential pattern. Scammers might use
-        obvious patterns, and we should still track them.
+        # Check ascending
+        ascending = "".join(str(i % 10) for i in range(len(number)))
+        if number == ascending[:len(number)]:
+            return True
+        
+        # Check descending
+        descending = "".join(str(9 - (i % 10)) for i in range(len(number)))
+        if number == descending[:len(number)]:
+            return True
         
-        Therefore, this function now returns False for all inputs.
-        We only reject all-same-digit patterns (handled in _validate_bank_accounts).
-        """
-        # DO NOT reject sequential patterns - capture all scammer data
-        # The honeypot's purpose is intelligence gathering, not validation
         return False
     
     def _validate_ifsc_codes(self, ifsc_codes: List[str]) -> List[str]:
         """
-        Validate IFSC codes - lenient to capture scammer data even with typos.
-        
-        Standard IFSC format: 4 letters + 0 + 6 alphanumeric (11 chars)
-        But we accept typos like:
-        - SBIIN0010789 (12 chars with extra letter)
-        - SBIN0O10789 (O instead of 0)
+        Validate IFSC codes for precision >95% (AC-3.1.3).
         
-        For a honeypot, we want to CAPTURE the data scammers provide.
+        IFSC format: 4 letters (bank code) + 0 + 6 alphanumeric (branch code)
         
         Args:
             ifsc_codes: List of potential IFSC codes
             
         Returns:
-            List of validated/normalized IFSC codes
+            List of validated IFSC codes
         """
         validated = []
         
         for ifsc in ifsc_codes:
             ifsc_upper = ifsc.upper()
             
-            # Accept 11-12 characters (allow for typos like SBIIN)
-            if len(ifsc_upper) < 11 or len(ifsc_upper) > 12:
+            # Must be exactly 11 characters
+            if len(ifsc_upper) != 11:
                 continue
             
-            # First 4 must be letters (bank code) - for 12 char, first 5 are letters
-            letter_prefix_len = 4 if len(ifsc_upper) == 11 else 5
-            if not ifsc_upper[:letter_prefix_len].isalpha():
+            # First 4 must be letters (bank code)
+            if not ifsc_upper[:4].isalpha():
                 continue
             
-            # Replace all O (letter) with 0 (zero) in numeric parts
-            fixed_suffix = ""
-            for char in ifsc_upper[letter_prefix_len:]:
-                if char == "O":
-                    fixed_suffix += "0"
-                else:
-                    fixed_suffix += char
-            
-            # Check that after the letter prefix, first char is 0
-            if fixed_suffix and fixed_suffix[0] != "0":
+            # 5th character must be 0
+            if ifsc_upper[4] != "0":
                 continue
             
-            # Rest must be alphanumeric
-            if not fixed_suffix[1:].isalnum():
+            # Last 6 must be alphanumeric (branch code)
+            if not ifsc_upper[5:].isalnum():
                 continue
             
-            # Store the original (we want to capture what scammer actually sent)
             validated.append(ifsc_upper)
         
         return list(set(validated))
@@ -419,9 +379,6 @@ class IntelligenceExtractor:
         """
         Validate and filter phishing links for precision >95% (AC-3.1.5).
         
-        In a scam context, we want to capture ALL links that aren't from
-        well-known legitimate domains, as they could be phishing attempts.
-        
         Args:
             links: List of potential phishing links
             
@@ -448,16 +405,13 @@ class IntelligenceExtractor:
                 else:
                     domain_clean = domain
                 
-                # Skip only well-known legitimate domains
+                # Skip legitimate domains
                 if domain_clean in LEGITIMATE_DOMAINS or domain in LEGITIMATE_DOMAINS:
                     continue
                 
-                # In a scam context, ANY unknown link is suspicious
-                # Since this is a honeypot system, we want to capture all links
-                # that scammers share - they're likely phishing attempts
-                is_suspicious = True
+                # Flag as suspicious if matches suspicious patterns
+                is_suspicious = False
                 
-                # Extra flags for definitely suspicious patterns
                 for pattern in SUSPICIOUS_DOMAIN_PATTERNS:
                     if re.search(pattern, link, re.IGNORECASE):
                         is_suspicious = True