# behavioral_analyzer.py

import re

SEXTORTION_PATTERNS = [
    "i have access to all your devices",
    "i recorded you",
    "i installed a trojan",
    "i have your webcam",
    "masturbation",
    "adult websites",
    "send bitcoin",
    "btc",
    "wallet address",
    "48 hours",
    "countdown",
    "i will share the video",
    "i will expose",
]

def analyze_behavior(body: str):
    body_l = (body or "").lower()

    matched = [p for p in SEXTORTION_PATTERNS if p in body_l]

    if len(matched) >= 3:
        return {
            "dominant_attack": "sextortion",
            "confidence_score": 90,   # 🔥 authoritative
            "verdict": "🚨 Malicious",
            "findings": matched,
        }

    return {
        "dominant_attack": "None",
        "confidence_score": 0,
        "verdict": "Unknown",
        "findings": [],
    }

def behavioral_summary(result: dict) -> str:
    if result["dominant_attack"] == "sextortion":
        return (
            "Email exhibits sextortion behavior: claims of device compromise, "
            "recorded explicit content, cryptocurrency extortion, and urgency."
        )
    return "No strong behavioral threat detected."