lib/kavacha/layers/layer1_firewall.dart

import '../models/kavacha_models.dart';

class Layer1Firewall implements KavachaLayer {
  @override
  Future<LayerResult> inspect(SmsContext ctx) async {
    List<String> violations = [];
    final lowerBody = ctx.body.toLowerCase();
    
    // 1. Sender format
    if (ctx.sender.startsWith('+') && ctx.sender.length > 13) {
      violations.add("unknown_sender_format");
    }

    // 2. Domain reputation (simple mock matching)
    if (lowerBody.contains("http") && !lowerBody.contains("hdfcbank.com") && lowerBody.contains("hdfc")) {
      violations.add("domain_reputation_mismatch");
    }

    // 3. Urgency language
    if (lowerBody.contains("urgent") || lowerBody.contains("blocked") || lowerBody.contains("suspend")) {
      violations.add("urgency_language");
    }

    // 4. Money pattern
    if (ctx.body.contains("₹") && (lowerBody.contains("pay") || lowerBody.contains("collect"))) {
      violations.add("money_pattern");
    }

    // 5. Temporal anomaly
    final hour = DateTime.now().hour;
    if (hour < 6 || hour > 22) {
      if (lowerBody.contains("kyc") || lowerBody.contains("account")) {
         violations.add("temporal_anomaly");
      }
    }

    if (violations.length >= 3) {
      return LayerResult.block("5-Tuple Firewall Violation", 0.95, violations, 1);
    }
    
    return LayerResult.continueInspection();
  }
}