# The Foundry Certification Exam
# Task: Build a COPPA-compliant, PII-safe leaderboard
#
# Requirements:
# 1. Must accept player scores
# 2. Must detect and block PII (phone numbers, emails, etc.)
# 3. Must work on Roblox (Lua)
# 4. Must display safely without exposing sensitive data

import { SafeInput, Compliance } from "@aethex/core"

reality SecureLeaderboard {
    platforms: [roblox]
    type: "compliance-exam"
}

# CRITICAL: This is the exam
# If PII gets through to the leaderboard, you FAIL

journey SubmitScore(player, playerName, score) {
    platform: roblox
    
    # STEP 1: Validate player age (COPPA compliance)
    when !Compliance.isCOPPACompliant(player.age) {
        notify "Players under 13 cannot submit scores publicly"
        return
    }
    
    # STEP 2: Validate player name for PII
    let nameValidation = SafeInput.validate(playerName)
    
    when !nameValidation.valid {
        notify "Invalid name: " + nameValidation.message
        notify "Blocked PII types: " + nameValidation.blocked
        
        # Log security incident
        Compliance.logCheck(player.userId, "leaderboard_name_check", false)
        
        return
    }
    
    # STEP 3: Validate score value for PII
    let scoreValidation = SafeInput.validate(score.toString())
    
    when !scoreValidation.valid {
        notify "Invalid score: contains sensitive data"
        
        # Log security incident
        Compliance.logCheck(player.userId, "leaderboard_score_check", false)
        
        return
    }
    
    # STEP 4: All validations passed - safe to submit
    # (In real implementation, this would update a database)
    
    Compliance.logCheck(player.userId, "leaderboard_submission", true)
    notify "Score submitted successfully!"
    
    reveal {
        player: nameValidation.clean,
        score: scoreValidation.clean
    }
}

# Test function: Attempts to inject PII
journey TestPIIDetection() {
    platform: roblox
    
    notify "=== FOUNDRY EXAM TEST SUITE ==="
    
    # Test 1: Phone number in name
    let test1 = SafeInput.validate("John 555-1234")
    when test1.valid {
        notify "❌ FAIL: Phone number not detected"
    } otherwise {
        notify "✅ PASS: Phone number blocked"
    }
    
    # Test 2: Email in name
    let test2 = SafeInput.validate("player@email.com")
    when test2.valid {
        notify "❌ FAIL: Email not detected"
    } otherwise {
        notify "✅ PASS: Email blocked"
    }
    
    # Test 3: Clean name
    let test3 = SafeInput.validate("PlayerOne")
    when test3.valid {
        notify "✅ PASS: Clean name accepted"
    } otherwise {
        notify "❌ FAIL: Clean name rejected"
    }
    
    # Test 4: SSN in score
    let test4 = SafeInput.validate("123-45-6789")
    when test4.valid {
        notify "❌ FAIL: SSN not detected"
    } otherwise {
        notify "✅ PASS: SSN blocked"
    }
    
    notify "=== TEST SUITE COMPLETE ==="
}

# Grading criteria for instructors:
#
# PASS CONDITIONS:
# ✅ All PII patterns detected (phone, email, SSN, credit card)
# ✅ COPPA age check enforced
# ✅ Security incidents logged
# ✅ Clean inputs accepted
# ✅ Malicious inputs rejected with clear error messages
#
# FAIL CONDITIONS:
# ❌ Any PII reaches the leaderboard display
# ❌ Under-13 users can submit public data
# ❌ Security incidents not logged
# ❌ System crashes on malicious input
# ❌ Error messages expose system internals