@pacamelo/core 1.0.0

package/dist/index.mjs

@@ -0,0 +1,4966 @@
+// src/store/usePurgeStore.ts
+import { create } from "zustand";
+var getSensitivityThreshold = (sensitivity) => {
+  switch (sensitivity) {
+    case "low":
+      return 0.9;
+    case "medium":
+      return 0.7;
+    case "high":
+      return 0.5;
+  }
+};
+var defaultConfig = {
+  categories: {
+    person_name: true,
+    email: true,
+    phone: true,
+    address: true,
+    ssn: true,
+    credit_card: true,
+    ip_address: false,
+    date_of_birth: true,
+    custom: false
+  },
+  redactionStyle: "replacement",
+  replacementText: "[REDACTED]",
+  customPatterns: [],
+  sensitivity: "medium"
+};
+var defaultAdversarialConfig = {
+  enabled: true,
+  riskThreshold: 30,
+  maxIterations: 3,
+  autoApplyLowRisk: false,
+  analysisDepth: "standard",
+  enabledAnalyses: {
+    attributeLeakage: true,
+    semanticFingerprinting: true,
+    crossReferenceCheck: true
+  }
+};
+var initialState = {
+  state: "idle",
+  queuedFiles: [],
+  processedFiles: [],
+  detections: [],
+  selectedDetections: /* @__PURE__ */ new Set(),
+  config: defaultConfig,
+  progress: null,
+  // Column selection
+  columnConfig: null,
+  spreadsheetMetadata: null,
+  columnAccessProof: null,
+  // Adversarial verification
+  adversarialResult: null,
+  adversarialConfig: defaultAdversarialConfig,
+  isAnalyzingAdversarial: false,
+  // Privacy mode
+  paranoidMode: false
+};
+var usePurgeStore = create()((set) => ({
+  ...initialState,
+  // State management
+  setState: (state) => set({ state }),
+  // File management
+  feedDocuments: (files) => set((s) => ({
+    queuedFiles: [...s.queuedFiles, ...files],
+    state: "loaded"
+  })),
+  removeDocument: (id) => set((s) => {
+    const queuedFiles = s.queuedFiles.filter((f) => f.id !== id);
+    return {
+      queuedFiles,
+      state: queuedFiles.length === 0 ? "idle" : s.state
+    };
+  }),
+  updateFileStatus: (id, status, error) => set((s) => ({
+    queuedFiles: s.queuedFiles.map(
+      (f) => f.id === id ? { ...f, status, error } : f
+    )
+  })),
+  addProcessedFile: (file) => set((s) => ({
+    processedFiles: [...s.processedFiles, file]
+  })),
+  clearProcessedFiles: () => set({ processedFiles: [] }),
+  // Detection management
+  setDetections: (detections) => set({
+    detections,
+    selectedDetections: new Set(detections.map((d) => d.id))
+  }),
+  toggleDetection: (id) => set((s) => {
+    const selected = new Set(s.selectedDetections);
+    if (selected.has(id)) {
+      selected.delete(id);
+    } else {
+      selected.add(id);
+    }
+    return { selectedDetections: selected };
+  }),
+  selectAllDetections: (visibleIds) => set((s) => ({
+    selectedDetections: new Set(
+      visibleIds ?? s.detections.map((d) => d.id)
+    )
+  })),
+  deselectAllDetections: () => set({ selectedDetections: /* @__PURE__ */ new Set() }),
+  selectDetectionsByCategory: (category, selected) => set((s) => {
+    const newSelected = new Set(s.selectedDetections);
+    s.detections.filter((d) => d.category === category).forEach((d) => {
+      if (selected) {
+        newSelected.add(d.id);
+      } else {
+        newSelected.delete(d.id);
+      }
+    });
+    return { selectedDetections: newSelected };
+  }),
+  /**
+   * M-5 SECURITY FIX: Clear detections entirely after processing.
+   * Previously just masked values with '[CLEARED]' which left PII in memory.
+   * Now removes all detection data completely.
+   */
+  clearDetectionValues: () => set({
+    detections: [],
+    selectedDetections: /* @__PURE__ */ new Set()
+  }),
+  /**
+   * M-6 SECURITY FIX: Aggressively clear all sensitive data.
+   * Completely removes detections rather than just replacing values.
+   * Also clears queued files and spreadsheet metadata.
+   */
+  secureClear: () => set({
+    detections: [],
+    selectedDetections: /* @__PURE__ */ new Set(),
+    queuedFiles: [],
+    spreadsheetMetadata: null,
+    columnConfig: null,
+    columnAccessProof: null
+  }),
+  // Configuration management
+  updateConfig: (config) => set((s) => ({
+    config: { ...s.config, ...config }
+  })),
+  toggleCategory: (category) => set((s) => ({
+    config: {
+      ...s.config,
+      categories: {
+        ...s.config.categories,
+        [category]: !s.config.categories[category]
+      }
+    }
+  })),
+  setRedactionStyle: (style) => set((s) => ({
+    config: { ...s.config, redactionStyle: style }
+  })),
+  // Processing management
+  setProgress: (progress) => set({ progress }),
+  // Column selection management
+  setColumnConfig: (columnConfig) => set({ columnConfig }),
+  setSpreadsheetMetadata: (spreadsheetMetadata) => set({ spreadsheetMetadata }),
+  setColumnAccessProof: (columnAccessProof) => set({ columnAccessProof }),
+  // Adversarial verification management
+  setAdversarialResult: (adversarialResult) => set({ adversarialResult }),
+  setAdversarialConfig: (config) => set((s) => ({
+    adversarialConfig: { ...s.adversarialConfig, ...config }
+  })),
+  setIsAnalyzingAdversarial: (isAnalyzingAdversarial) => set({ isAnalyzingAdversarial }),
+  applySuggestion: (suggestion) => set((s) => {
+    if (!s.adversarialResult) return s;
+    const updatedSuggestions = s.adversarialResult.suggestions.map(
+      (sug) => sug.id === suggestion.id ? { ...sug, accepted: true } : sug
+    );
+    return {
+      adversarialResult: {
+        ...s.adversarialResult,
+        suggestions: updatedSuggestions
+      }
+    };
+  }),
+  clearAdversarialState: () => set({
+    adversarialResult: null,
+    isAnalyzingAdversarial: false
+  }),
+  // Privacy mode
+  setParanoidMode: (paranoidMode) => set({ paranoidMode }),
+  // Full reset
+  reset: () => set({
+    ...initialState,
+    selectedDetections: /* @__PURE__ */ new Set(),
+    columnConfig: null,
+    spreadsheetMetadata: null,
+    columnAccessProof: null
+  }),
+  // Soft reset - preserve config for multi-run workflow
+  softReset: () => set((s) => ({
+    state: "idle",
+    queuedFiles: [],
+    processedFiles: [],
+    detections: [],
+    selectedDetections: /* @__PURE__ */ new Set(),
+    progress: null,
+    columnConfig: null,
+    spreadsheetMetadata: null,
+    columnAccessProof: null,
+    adversarialResult: null,
+    isAnalyzingAdversarial: false,
+    // Preserve config settings between runs
+    config: s.config,
+    adversarialConfig: s.adversarialConfig
+  }))
+}));
+
+// src/services/detection/patterns.ts
+var emailPattern = {
+  category: "email",
+  pattern: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
+  priority: 100
+};
+var phonePattern = {
+  category: "phone",
+  pattern: /(?:\+?1[-.\s]?)?(?:\(?\d{3}\)?[-.\s]?)?\d{3}[-.\s]?\d{4}/g,
+  priority: 90,
+  validator: (match) => {
+    const digits = match.replace(/\D/g, "");
+    return digits.length >= 10 && digits.length <= 11;
+  }
+};
+var ssnPattern = {
+  category: "ssn",
+  pattern: /\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b/g,
+  priority: 100,
+  validator: (match) => {
+    const digits = match.replace(/\D/g, "");
+    if (digits.length !== 9) {
+      return false;
+    }
+    const area = digits.slice(0, 3);
+    const group = digits.slice(3, 5);
+    const serial = digits.slice(5, 9);
+    if (area === "000") {
+      return false;
+    }
+    if (area === "666") {
+      return false;
+    }
+    if (area >= "900") {
+      return false;
+    }
+    if (group === "00") {
+      return false;
+    }
+    if (serial === "0000") {
+      return false;
+    }
+    if (area === "987" && group === "65") {
+      const serialNum = parseInt(serial, 10);
+      if (serialNum >= 4320 && serialNum <= 4329) {
+        return false;
+      }
+    }
+    if (digits === "078051120") {
+      return false;
+    }
+    return true;
+  }
+};
+var creditCardPattern = {
+  category: "credit_card",
+  pattern: /\b(?:\d{4}[-\s]?){3}\d{4}\b|\b\d{15,16}\b/g,
+  priority: 95,
+  validator: (match) => {
+    const digits = match.replace(/\D/g, "");
+    if (digits.length < 15 || digits.length > 16) {
+      return false;
+    }
+    return luhnCheck(digits);
+  }
+};
+var ipAddressPattern = {
+  category: "ip_address",
+  pattern: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
+  priority: 80
+};
+var dateOfBirthPattern = {
+  category: "date_of_birth",
+  pattern: /\b(?:0?[1-9]|1[0-2])[-/](?:0?[1-9]|[12][0-9]|3[01])[-/](?:19|20)\d{2}\b|\b(?:19|20)\d{2}[-/](?:0?[1-9]|1[0-2])[-/](?:0?[1-9]|[12][0-9]|3[01])\b/g,
+  priority: 70
+};
+var addressPattern = {
+  category: "address",
+  pattern: /\b\d{1,5}\s+[A-Za-z]+(?:\s+[A-Za-z]+){0,3}\s+(?:Street|St|Avenue|Ave|Road|Rd|Boulevard|Blvd|Drive|Dr|Lane|Ln|Way|Court|Ct|Circle|Cir|Place|Pl)\.?\b/gi,
+  priority: 60
+};
+var personNameWithTitlePattern = {
+  category: "person_name",
+  pattern: /\b(?:Mr|Mrs|Ms|Miss|Dr|Prof)\.?\s+[A-Z][a-z]+(?:\s+[A-Z][a-z]+)+\b/g,
+  priority: 50
+};
+var personNameBroadPattern = {
+  category: "person_name",
+  pattern: /\b[A-Z][a-z]{2,15}\s+[A-Z][a-z]{2,20}\b/g,
+  priority: 30,
+  validator: (match) => {
+    const commonPhrases = [
+      // Place names
+      "New York",
+      "Los Angeles",
+      "San Francisco",
+      "San Diego",
+      "Las Vegas",
+      "United States",
+      "United Kingdom",
+      "North America",
+      "South America",
+      "North Carolina",
+      "South Carolina",
+      "New Jersey",
+      "New Mexico",
+      "New Hampshire",
+      "New Zealand",
+      // Company names
+      "General Electric",
+      "American Express",
+      // Common column headers / field labels (spreadsheet noise)
+      "Full Name",
+      "First Name",
+      "Last Name",
+      "Middle Name",
+      "Given Name",
+      "Family Name",
+      "Company Name",
+      "Business Name",
+      "Account Name",
+      "Customer Name",
+      "Employee Name",
+      "Contact Name",
+      "Display Name",
+      "Legal Name",
+      "Billing Name",
+      "Shipping Name",
+      "Primary Contact",
+      "Emergency Contact",
+      "Phone Number",
+      "Email Address",
+      "Street Address",
+      "Mailing Address",
+      "Billing Address",
+      "Shipping Address",
+      "Home Address",
+      "Work Address",
+      "Office Address",
+      "Physical Address",
+      "Postal Code",
+      "Zip Code",
+      "Area Code",
+      "Country Code",
+      "Report Date",
+      "Start Date",
+      "End Date",
+      "Due Date",
+      "Birth Date",
+      "Hire Date",
+      "Created Date",
+      "Modified Date",
+      "Last Modified",
+      "Date Created",
+      "Customer Service",
+      "Technical Support",
+      "Human Resources",
+      "Account Number",
+      "Reference Number",
+      "Order Number",
+      "Invoice Number",
+      "Serial Number",
+      "Tracking Number",
+      "Case Number",
+      "Report Number",
+      "Total Amount",
+      "Grand Total",
+      "Net Amount",
+      "Tax Amount"
+    ];
+    return !commonPhrases.includes(match);
+  }
+};
+var intlPhonePattern = {
+  category: "phone",
+  pattern: /\+[1-9]\d{6,14}\b/g,
+  priority: 85
+};
+var ukPostcodePattern = {
+  category: "address",
+  pattern: /\b[A-Z]{1,2}\d{1,2}[A-Z]?\s*\d[A-Z]{2}\b/gi,
+  priority: 70
+};
+var patterns = [
+  emailPattern,
+  ssnPattern,
+  creditCardPattern,
+  phonePattern,
+  intlPhonePattern,
+  ipAddressPattern,
+  ukPostcodePattern,
+  dateOfBirthPattern,
+  addressPattern,
+  personNameWithTitlePattern,
+  personNameBroadPattern
+].sort((a, b) => b.priority - a.priority);
+var patternSetCache = /* @__PURE__ */ new Map();
+function getPatternsForCategories(enabledCategories) {
+  const key = [...enabledCategories].sort().join("|");
+  let cached = patternSetCache.get(key);
+  if (cached) {
+    return cached;
+  }
+  cached = patterns.filter((p) => enabledCategories.includes(p.category));
+  patternSetCache.set(key, cached);
+  return cached;
+}
+function luhnCheck(cardNumber) {
+  let sum = 0;
+  let isEven = false;
+  for (let i = cardNumber.length - 1; i >= 0; i--) {
+    let digit = parseInt(cardNumber[i], 10);
+    if (isEven) {
+      digit *= 2;
+      if (digit > 9) {
+        digit -= 9;
+      }
+    }
+    sum += digit;
+    isEven = !isEven;
+  }
+  return sum % 10 === 0;
+}
+
+// src/utils/secureRandom.ts
+function generateSecureId() {
+  const array = new Uint8Array(12);
+  crypto.getRandomValues(array);
+  return Array.from(array, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+function generatePrefixedId(prefix) {
+  return `${prefix}-${generateSecureId()}`;
+}
+
+// src/utils/validateRegex.ts
+var MAX_PATTERN_LENGTH = 500;
+var DANGEROUS_PATTERNS = [
+  // Nested quantifiers: (a+)+ or (a*)*
+  /\([^)]*[+*]\)[+*]/,
+  // Overlapping alternation with quantifiers: (a|a)+
+  /\([^)]*\|[^)]*\)[+*]/,
+  // Quantifier on quantified group: (?:...){n}{m}
+  /\{[0-9,]+\}\s*\{/,
+  // (.*)+  or  (.*)*  - catastrophic backtracking
+  /\(\.\*\)[+*]/,
+  // (.+)+  or  (.+)*  - catastrophic backtracking
+  /\(\.\+\)[+*]/,
+  // Nested groups with + or * on inner and outer
+  /\([^)]*\([^)]*[+*][^)]*\)[^)]*\)[+*]/
+];
+function validateRegex(pattern) {
+  if (pattern.length > MAX_PATTERN_LENGTH) {
+    return {
+      valid: false,
+      error: `Pattern too long (max ${MAX_PATTERN_LENGTH} characters, got ${pattern.length})`
+    };
+  }
+  if (pattern.trim().length === 0) {
+    return {
+      valid: false,
+      error: "Pattern cannot be empty"
+    };
+  }
+  for (const dangerous of DANGEROUS_PATTERNS) {
+    if (dangerous.test(pattern)) {
+      return {
+        valid: false,
+        error: "Pattern contains constructs that could cause slow matching. Avoid nested quantifiers like (a+)+ or (.*)+"
+      };
+    }
+  }
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    const message = e instanceof Error ? e.message : "Unknown error";
+    return {
+      valid: false,
+      error: `Invalid regex syntax: ${message}`
+    };
+  }
+  return { valid: true };
+}
+function safeCompileRegex(pattern, flags = "g") {
+  const validation = validateRegex(pattern);
+  if (!validation.valid) {
+    return { regex: null, error: validation.error };
+  }
+  try {
+    return { regex: new RegExp(pattern, flags) };
+  } catch (e) {
+    const message = e instanceof Error ? e.message : "Unknown error";
+    return { regex: null, error: `Failed to compile regex: ${message}` };
+  }
+}
+
+// src/utils/secureLogger.ts
+function sanitizeError(error) {
+  if (error instanceof Error) {
+    const message = error.message.split("\n")[0].slice(0, 100);
+    return {
+      type: error.constructor.name,
+      message
+    };
+  }
+  if (typeof error === "string") {
+    return {
+      type: "String",
+      message: error.slice(0, 100)
+    };
+  }
+  return {
+    type: "Unknown",
+    message: "An error occurred"
+  };
+}
+function secureWarn(context, error) {
+  if (error !== void 0) {
+    const safe = sanitizeError(error);
+    console.warn(`PURGE: ${context} [${safe.type}]: ${safe.message}`);
+  } else {
+    console.warn(`PURGE: ${context}`);
+  }
+}
+function secureError(context, error) {
+  if (error !== void 0) {
+    const safe = sanitizeError(error);
+    console.error(`PURGE: ${context} [${safe.type}]: ${safe.message}`);
+  } else {
+    console.error(`PURGE: ${context}`);
+  }
+}
+function secureLog(message) {
+  console.log(`PURGE: ${message}`);
+}
+function safeFilename(filename) {
+  const name = filename.split("/").pop() || filename;
+  return name.slice(0, 50);
+}
+
+// src/workers/regexWorker.ts
+var regexWorkerCode = `
+self.onmessage = function(e) {
+  const { id, type, pattern, flags, text } = e.data;
+
+  if (type !== 'matchAll') {
+    self.postMessage({ id, success: false, error: 'Unknown message type' });
+    return;
+  }
+
+  try {
+    const regex = new RegExp(pattern, flags);
+    const matches = [];
+
+    // Reset lastIndex for global patterns
+    regex.lastIndex = 0;
+
+    let match;
+    let maxMatches = 10000; // Safety limit to prevent infinite loops
+    let count = 0;
+
+    while ((match = regex.exec(text)) !== null && count < maxMatches) {
+      matches.push({
+        match: match[0],
+        index: match.index,
+        groups: match.groups || undefined
+      });
+
+      // Prevent infinite loops for zero-length matches
+      if (match[0].length === 0) {
+        regex.lastIndex++;
+      }
+
+      count++;
+    }
+
+    self.postMessage({ id, success: true, matches });
+  } catch (error) {
+    self.postMessage({
+      id,
+      success: false,
+      error: error instanceof Error ? error.message : 'Unknown error'
+    });
+  }
+};
+`;
+function createRegexWorkerUrl() {
+  const blob = new Blob([regexWorkerCode], { type: "application/javascript" });
+  return URL.createObjectURL(blob);
+}
+async function executeRegexInWorker(pattern, text, timeoutMs = 100) {
+  return new Promise((resolve) => {
+    let worker = null;
+    let timeoutId = null;
+    let workerUrl = null;
+    let resolved = false;
+    const cleanup = () => {
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+        timeoutId = null;
+      }
+      if (worker) {
+        worker.terminate();
+        worker = null;
+      }
+      if (workerUrl) {
+        URL.revokeObjectURL(workerUrl);
+        workerUrl = null;
+      }
+    };
+    const resolveOnce = (result) => {
+      if (!resolved) {
+        resolved = true;
+        cleanup();
+        resolve(result);
+      }
+    };
+    try {
+      workerUrl = createRegexWorkerUrl();
+      worker = new Worker(workerUrl);
+      const messageId = crypto.randomUUID ? crypto.randomUUID() : Math.random().toString(36);
+      timeoutId = setTimeout(() => {
+        resolveOnce([]);
+      }, timeoutMs);
+      worker.onmessage = (e) => {
+        if (e.data.id !== messageId) return;
+        if (e.data.success && e.data.matches) {
+          const results = e.data.matches.map((m) => {
+            const arr = [m.match];
+            arr.index = m.index;
+            arr.input = text;
+            arr.groups = m.groups;
+            return arr;
+          });
+          resolveOnce(results);
+        } else {
+          resolveOnce([]);
+        }
+      };
+      worker.onerror = () => {
+        resolveOnce([]);
+      };
+      const message = {
+        id: messageId,
+        type: "matchAll",
+        pattern: pattern.source,
+        flags: pattern.flags,
+        text
+      };
+      worker.postMessage(message);
+    } catch {
+      resolveOnce([]);
+    }
+  });
+}
+
+// src/services/detection/RegexDetectionEngine.ts
+var REGEX_TIMEOUT_MS = 100;
+var USE_WORKER_REGEX = typeof Worker !== "undefined";
+function generateId() {
+  return generatePrefixedId("det");
+}
+async function safeRegexMatchAll(pattern, text, timeoutMs = REGEX_TIMEOUT_MS) {
+  if (USE_WORKER_REGEX) {
+    try {
+      return await executeRegexInWorker(pattern, text, timeoutMs);
+    } catch {
+      secureWarn("Worker regex failed, falling back to synchronous");
+    }
+  }
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => {
+      secureWarn(`Regex pattern timed out after ${timeoutMs}ms (fallback mode)`);
+      resolve([]);
+    }, timeoutMs);
+    try {
+      pattern.lastIndex = 0;
+      const matches = Array.from(text.matchAll(pattern));
+      clearTimeout(timeout);
+      resolve(matches);
+    } catch (e) {
+      clearTimeout(timeout);
+      secureWarn("Regex execution error", e);
+      resolve([]);
+    }
+  });
+}
+function extractContext(text, startOffset, endOffset, contextChars = 25) {
+  const start = Math.max(0, startOffset - contextChars);
+  const end = Math.min(text.length, endOffset + contextChars);
+  let context = "";
+  if (start > 0) {
+    context += "...";
+  }
+  context += text.slice(start, end);
+  if (end < text.length) {
+    context += "...";
+  }
+  return context;
+}
+var RegexDetectionEngine = class {
+  constructor() {
+    this.version = "regex-v1.0.0";
+  }
+  async detect(content, config) {
+    const startTime = performance.now();
+    const detections = [];
+    const enabledCategories = Object.entries(config.categories).filter(([, enabled]) => enabled).map(([category]) => category);
+    const activePatterns = getPatternsForCategories(enabledCategories);
+    for (const section of content.sections) {
+      for (const patternDef of activePatterns) {
+        const matches = await safeRegexMatchAll(patternDef.pattern, section.text);
+        for (const match of matches) {
+          const value = match[0];
+          if (patternDef.validator && !patternDef.validator(value)) {
+            continue;
+          }
+          const confidence = this.calculateConfidence(
+            patternDef.category,
+            value,
+            config.sensitivity
+          );
+          const threshold = this.getSensitivityThreshold(config.sensitivity);
+          if (confidence < threshold) {
+            continue;
+          }
+          detections.push({
+            id: generateId(),
+            fileId: content.fileId,
+            sectionId: section.id,
+            category: patternDef.category,
+            value,
+            startOffset: match.index ?? 0,
+            endOffset: (match.index ?? 0) + value.length,
+            confidence,
+            context: extractContext(
+              section.text,
+              match.index ?? 0,
+              (match.index ?? 0) + value.length
+            ),
+            source: "regex",
+            location: section.location
+          });
+        }
+      }
+      if (config.categories.custom) {
+        for (const customPattern of config.customPatterns) {
+          if (!customPattern.enabled) continue;
+          const { regex, error } = safeCompileRegex(customPattern.regex, "g");
+          if (!regex) {
+            secureWarn(`Custom pattern rejected: ${error}`);
+            continue;
+          }
+          const matches = await safeRegexMatchAll(regex, section.text);
+          for (const match of matches) {
+            detections.push({
+              id: generateId(),
+              fileId: content.fileId,
+              sectionId: section.id,
+              category: "custom",
+              value: match[0],
+              startOffset: match.index ?? 0,
+              endOffset: (match.index ?? 0) + match[0].length,
+              confidence: 0.9,
+              // Custom patterns get high confidence
+              context: extractContext(
+                section.text,
+                match.index ?? 0,
+                (match.index ?? 0) + match[0].length
+              ),
+              source: "regex",
+              location: section.location
+            });
+          }
+        }
+      }
+    }
+    const uniqueDetections = this.deduplicateDetections(detections);
+    const endTime = performance.now();
+    return {
+      detections: uniqueDetections,
+      processingTimeMs: Math.round(endTime - startTime),
+      engineVersion: this.version
+    };
+  }
+  async isAvailable() {
+    return true;
+  }
+  getCapabilities() {
+    return {
+      supportedCategories: [
+        "person_name",
+        "email",
+        "phone",
+        "address",
+        "ssn",
+        "credit_card",
+        "ip_address",
+        "date_of_birth",
+        "custom"
+      ],
+      supportsCustomPatterns: true,
+      supportsContextualDetection: false,
+      // AI engine would support this
+      maxFileSizeMB: 50
+    };
+  }
+  /**
+   * Calculate confidence score based on pattern and context
+   */
+  calculateConfidence(category, value, sensitivity) {
+    const baseConfidence = {
+      email: 0.95,
+      ssn: 0.95,
+      credit_card: 0.9,
+      phone: 0.85,
+      ip_address: 0.9,
+      date_of_birth: 0.75,
+      address: 0.75,
+      person_name: 0.75,
+      custom: 0.9
+    };
+    let confidence = baseConfidence[category] ?? 0.5;
+    if (category === "email" && value.includes("+")) {
+      confidence += 0.02;
+    }
+    if (category === "phone") {
+      const digits = value.replace(/\D/g, "");
+      if (digits.length === 10) confidence += 0.05;
+      if (value.includes("(") && value.includes(")")) confidence += 0.03;
+    }
+    if (sensitivity === "high") {
+      confidence += 0.1;
+    } else if (sensitivity === "low") {
+      confidence -= 0.1;
+    }
+    return Math.min(1, Math.max(0, confidence));
+  }
+  /**
+   * Get minimum confidence threshold for sensitivity level
+   */
+  getSensitivityThreshold(sensitivity) {
+    switch (sensitivity) {
+      case "low":
+        return 0.9;
+      case "medium":
+        return 0.7;
+      case "high":
+        return 0.5;
+      default:
+        return 0.7;
+    }
+  }
+  /**
+   * Remove duplicate detections at the same position
+   */
+  deduplicateDetections(detections) {
+    const seen = /* @__PURE__ */ new Set();
+    return detections.filter((d) => {
+      const key = `${d.sectionId}:${d.startOffset}:${d.endOffset}:${d.category}`;
+      if (seen.has(key)) {
+        return false;
+      }
+      seen.add(key);
+      return true;
+    });
+  }
+};
+var regexDetectionEngine = new RegexDetectionEngine();
+
+// src/services/processors/BaseProcessor.ts
+function generateSectionId() {
+  return generatePrefixedId("section");
+}
+var BaseProcessor = class {
+  /**
+   * Check if this processor can handle the file
+   */
+  canProcess(file) {
+    const ext = "." + file.name.split(".").pop()?.toLowerCase();
+    return this.extensions.includes(ext) || this.mimeTypes.includes(file.type);
+  }
+  /**
+   * Get supported MIME types
+   */
+  getSupportedMimeTypes() {
+    return this.mimeTypes;
+  }
+  /**
+   * Helper to create a content section
+   */
+  createSection(text, type, location) {
+    return {
+      id: generateSectionId(),
+      text,
+      type,
+      location
+    };
+  }
+  /**
+   * Apply text replacements to a string
+   */
+  applyTextRedactions(text, redactions, sectionId) {
+    const sectionRedactions = redactions.filter((r) => r.sectionId === sectionId).sort((a, b) => b.startOffset - a.startOffset);
+    let result = text;
+    for (const redaction of sectionRedactions) {
+      result = result.slice(0, redaction.startOffset) + redaction.replacement + result.slice(redaction.endOffset);
+    }
+    return result;
+  }
+};
+
+// src/services/processors/XlsxProcessor.ts
+import * as XLSX from "xlsx";
+var XlsxProcessor = class extends BaseProcessor {
+  constructor() {
+    super(...arguments);
+    this.fileType = "xlsx";
+    this.mimeTypes = [
+      "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+      "application/vnd.ms-excel"
+    ];
+    this.extensions = [".xlsx", ".xls"];
+  }
+  /**
+   * Parse Excel file and extract text from cells.
+   * Supports selective column parsing with attestation generation.
+   *
+   * @param file - The Excel file to parse
+   * @param options - Optional parsing options for column selection
+   */
+  async parse(file, options = {}) {
+    const arrayBuffer = await file.arrayBuffer();
+    const workbook = XLSX.read(arrayBuffer, { type: "array" });
+    const sections = [];
+    const sheets = /* @__PURE__ */ new Map();
+    const attestations = [];
+    let formulaCellCount = 0;
+    const { columnSelection, generateAttestation = false } = options;
+    const processAllColumns = !columnSelection || columnSelection.mode === "all";
+    for (const sheetName of workbook.SheetNames) {
+      if (columnSelection?.mode === "selected" && columnSelection.selectedSheets.size > 0 && !columnSelection.selectedSheets.has(sheetName)) {
+        continue;
+      }
+      const sheet = workbook.Sheets[sheetName];
+      sheets.set(sheetName, sheet);
+      const range = XLSX.utils.decode_range(sheet["!ref"] || "A1");
+      for (let col = range.s.c; col <= range.e.c; col++) {
+        const colLetter = XLSX.utils.encode_col(col);
+        const qualifiedCol = `${sheetName}:${colLetter}`;
+        const shouldProcess = processAllColumns || columnSelection.selectedColumns.has(qualifiedCol) || columnSelection.selectedColumns.has(colLetter);
+        if (!shouldProcess) {
+          if (generateAttestation) {
+            const attestation = await this.generateColumnAttestation(
+              sheet,
+              sheetName,
+              col,
+              colLetter,
+              range
+            );
+            attestations.push(attestation);
+          }
+          continue;
+        }
+        for (let row = range.s.r; row <= range.e.r; row++) {
+          const cellAddress = XLSX.utils.encode_cell({ r: row, c: col });
+          const cell = sheet[cellAddress];
+          if (cell && cell.v !== void 0 && cell.v !== null) {
+            const text = String(cell.v);
+            if (cell.f) {
+              formulaCellCount++;
+            }
+            if (text.trim()) {
+              sections.push({
+                id: generateSectionId(),
+                text,
+                type: "cell",
+                location: {
+                  sheet: sheetName,
+                  cell: cellAddress
+                }
+              });
+            }
+          }
+        }
+      }
+    }
+    const content = {
+      fileId: `xlsx-${generateSecureId()}`,
+      fileName: file.name,
+      fileType: "xlsx",
+      sections
+    };
+    const formulaWarning = formulaCellCount > 0 ? `Found ${formulaCellCount} formula cell(s). Formula values may contain PII from referenced cells. Review carefully.` : void 0;
+    return {
+      content,
+      metadata: {
+        sheetCount: workbook.SheetNames.length,
+        sheetNames: workbook.SheetNames,
+        columnAttestations: attestations.length > 0 ? attestations : void 0,
+        formulaCellCount: formulaCellCount > 0 ? formulaCellCount : void 0,
+        formulaWarning
+      },
+      rawData: {
+        workbook,
+        sheets,
+        columnAttestations: attestations.length > 0 ? attestations : void 0,
+        formulaCellCount,
+        formulaWarning
+      }
+    };
+  }
+  /**
+   * Generate metadata record for a skipped column.
+   *
+   * NOTE: This does NOT cryptographically prove anything meaningful.
+   * It just records column metadata (position, cell count). The hash
+   * is of this metadata string, not the actual cell values. This is
+   * for internal tracking only - we removed the misleading
+   * "cryptographic attestation" claim from the UI.
+   */
+  async generateColumnAttestation(sheet, sheetName, colIndex, colLetter, range) {
+    let cellCount = 0;
+    for (let row = range.s.r; row <= range.e.r; row++) {
+      const cellAddress = XLSX.utils.encode_cell({ r: row, c: colIndex });
+      if (sheet[cellAddress]) cellCount++;
+    }
+    const columnFingerprint = `${sheetName}:${colLetter}:${cellCount}:${range.e.r - range.s.r + 1}:${Date.now()}`;
+    const hashBuffer = await crypto.subtle.digest(
+      "SHA-256",
+      new TextEncoder().encode(columnFingerprint)
+    );
+    const rawBytesHash = Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+    return {
+      column: colLetter,
+      sheet: sheetName,
+      cellCount,
+      rawBytesHash,
+      wasAccessed: false
+    };
+  }
+  /**
+   * Apply redactions and generate new Excel file
+   *
+   * SECURITY: This method rebuilds the workbook from scratch to strip metadata.
+   * Only cell values are copied - no formulas, comments, properties, or hidden sheets.
+   */
+  async applyRedactions(document2, redactions) {
+    const { workbook } = document2.rawData;
+    const redactionMap = /* @__PURE__ */ new Map();
+    for (const redaction of redactions) {
+      const existing = redactionMap.get(redaction.sectionId) || [];
+      existing.push(redaction);
+      redactionMap.set(redaction.sectionId, existing);
+    }
+    const cellRedactions = /* @__PURE__ */ new Map();
+    for (const section of document2.content.sections) {
+      const sectionRedactions = redactionMap.get(section.id);
+      if (sectionRedactions && sectionRedactions.length > 0 && section.location.sheet && section.location.cell) {
+        const key = `${section.location.sheet}!${section.location.cell}`;
+        const newText = this.applyTextRedactions(
+          section.text,
+          sectionRedactions,
+          section.id
+        );
+        cellRedactions.set(key, newText);
+      }
+    }
+    const newWorkbook = XLSX.utils.book_new();
+    for (const sheetName of workbook.SheetNames) {
+      const originalSheet = workbook.Sheets[sheetName];
+      const sheetState = originalSheet["!state"];
+      if (sheetState === "hidden" || sheetState === "veryHidden") {
+        continue;
+      }
+      const newSheet = {};
+      const ref = originalSheet["!ref"];
+      if (!ref) continue;
+      const range = XLSX.utils.decode_range(ref);
+      for (let row = range.s.r; row <= range.e.r; row++) {
+        for (let col = range.s.c; col <= range.e.c; col++) {
+          const cellAddress = XLSX.utils.encode_cell({ r: row, c: col });
+          const originalCell = originalSheet[cellAddress];
+          if (originalCell && originalCell.v !== void 0 && originalCell.v !== null) {
+            const redactionKey = `${sheetName}!${cellAddress}`;
+            const redactedValue = cellRedactions.get(redactionKey);
+            const value = redactedValue !== void 0 ? redactedValue : String(originalCell.v);
+            newSheet[cellAddress] = {
+              t: "s",
+              // String type
+              v: value
+            };
+          }
+        }
+      }
+      newSheet["!ref"] = ref;
+      if (originalSheet["!cols"]) {
+        newSheet["!cols"] = originalSheet["!cols"].map((col) => ({
+          wch: col?.wch,
+          wpx: col?.wpx
+        }));
+      }
+      XLSX.utils.book_append_sheet(newWorkbook, newSheet, sheetName);
+    }
+    newWorkbook.Props = {
+      Title: document2.content.fileName.replace(/\.[^/.]+$/, "") + " (PURGED)",
+      Author: "PURGE - purgedata.app",
+      Comments: `Processed locally by PURGE on ${(/* @__PURE__ */ new Date()).toISOString()}. No data was transmitted.`
+    };
+    const output = XLSX.write(newWorkbook, {
+      type: "array",
+      bookType: "xlsx"
+    });
+    return new Blob([output], {
+      type: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+    });
+  }
+};
+var xlsxProcessor = new XlsxProcessor();
+
+// src/services/processors/index.ts
+var processors = {
+  xlsx: xlsxProcessor,
+  docx: null,
+  // TODO: Implement DocxProcessor
+  pptx: null,
+  // TODO: Implement PptxProcessor
+  pdf: null
+  // TODO: Implement PdfProcessor
+};
+function getProcessor(fileType) {
+  return processors[fileType];
+}
+function getProcessorForFile(file) {
+  for (const processor of Object.values(processors)) {
+    if (processor?.canProcess(file)) {
+      return processor;
+    }
+  }
+  return null;
+}
+
+// src/services/adversarial/AdversarialVerifier.ts
+var ATTRIBUTE_PATTERNS = [
+  // Professions - highly identifying
+  {
+    type: "profession",
+    patterns: [
+      /\b(?:CEO|CFO|CTO|COO|CMO|CIO|CISO)\b/gi,
+      /\b(?:chief|head|director|vp|vice president)\s+(?:of\s+)?[\w\s]+(?:officer|executive)?\b/gi,
+      /\b(?:surgeon|doctor|physician|attorney|lawyer|judge|professor|dean)\b/gi,
+      /\b(?:architect|engineer|scientist|researcher)\s+(?:at|for|of)\s+[\w\s]+\b/gi,
+      /\bfounder\s+(?:of|and\s+CEO\s+of)\s+[\w\s]+\b/gi,
+      /\b(?:partner|principal|managing\s+director)\s+at\s+[\w\s]+\b/gi
+    ],
+    narrowingFactor: 1e-4,
+    // Very few people have specific C-suite titles
+    explanationTemplate: 'Job title "{phrase}" significantly narrows identification',
+    suggestionTemplate: "a senior executive"
+  },
+  // Affiliations - companies, universities, organizations
+  {
+    type: "affiliation",
+    patterns: [
+      /\bat\s+(?:Google|Apple|Microsoft|Amazon|Meta|Facebook|Netflix|Tesla|SpaceX)\b/gi,
+      /\bat\s+(?:Harvard|Stanford|MIT|Yale|Princeton|Oxford|Cambridge)\b/gi,
+      /\b(?:works?|worked|employed)\s+(?:at|for|with)\s+[\w\s]+(?:Inc|Corp|LLC|Ltd|University|College|Hospital)?\b/gi,
+      /\b(?:member|fellow|associate)\s+of\s+(?:the\s+)?[\w\s]+(?:Association|Society|Institute|Academy)\b/gi
+    ],
+    narrowingFactor: 1e-3,
+    explanationTemplate: 'Affiliation with "{phrase}" narrows potential matches',
+    suggestionTemplate: "a technology company"
+  },
+  // Temporal markers - specific dates/events
+  {
+    type: "temporal_marker",
+    patterns: [
+      /\bin\s+(?:January|February|March|April|May|June|July|August|September|October|November|December)\s+(?:of\s+)?(?:19|20)\d{2}\b/gi,
+      /\bon\s+(?:January|February|March|April|May|June|July|August|September|October|November|December)\s+\d{1,2}(?:st|nd|rd|th)?,?\s*(?:19|20)\d{2}\b/gi,
+      /\bduring\s+(?:the\s+)?(?:19|20)\d{2}\s+[\w\s]+\b/gi,
+      /\b(?:class|batch|cohort)\s+of\s+(?:19|20)\d{2}\b/gi,
+      /\bQ[1-4]\s+(?:19|20)\d{2}\b/gi
+    ],
+    narrowingFactor: 0.1,
+    explanationTemplate: 'Specific time reference "{phrase}" helps narrow search',
+    suggestionTemplate: "during that period"
+  },
+  // Geographic signals
+  {
+    type: "geographic_signal",
+    patterns: [
+      /\b(?:based|located|headquartered)\s+in\s+[\w\s]+(?:,\s*[A-Z]{2})?\b/gi,
+      /\b(?:downtown|midtown|uptown)\s+[\w\s]+\b/gi,
+      /\b[\w\s]+(?:office|campus|facility|branch)\b/gi,
+      /\bnative\s+of\s+[\w\s]+\b/gi,
+      /\bfrom\s+(?:the\s+)?[\w\s]+(?:area|region|district|neighborhood)\b/gi
+    ],
+    narrowingFactor: 0.01,
+    explanationTemplate: 'Location "{phrase}" limits geographic scope',
+    suggestionTemplate: "a major metropolitan area"
+  },
+  // Relational context - family, colleagues
+  {
+    type: "relational_context",
+    patterns: [
+      /\b(?:his|her|their)\s+(?:wife|husband|spouse|partner|son|daughter|father|mother|brother|sister)\b/gi,
+      /\b(?:married|divorced|widowed)\s+(?:to|from)\s+[\w\s]+\b/gi,
+      /\b(?:colleague|mentor|mentee|protégé|advisor)\s+(?:of|to)\s+[\w\s]+\b/gi,
+      /\bco-founder\s+with\s+[\w\s]+\b/gi
+    ],
+    narrowingFactor: 0.1,
+    explanationTemplate: 'Relationship context "{phrase}" provides additional linkage',
+    suggestionTemplate: "a family member"
+  },
+  // Unique events - testimony, awards, notable occurrences
+  {
+    type: "unique_event",
+    patterns: [
+      /\btestified\s+(?:before|at|to)\s+(?:the\s+)?[\w\s]+(?:Congress|Senate|Committee|Court)\b/gi,
+      /\bwon\s+(?:the\s+)?[\w\s]+(?:Award|Prize|Medal|Trophy)\b/gi,
+      /\bnamed\s+(?:to|in)\s+(?:the\s+)?[\w\s]+(?:list|ranking|100)\b/gi,
+      /\bfirst\s+(?:woman|man|person|African.American|Asian)\s+to\b/gi,
+      /\bonly\s+(?:person|individual|one)\s+to\s+(?:have\s+)?[\w\s]+\b/gi,
+      /\brecord.setting\b/gi,
+      /\bpioneer(?:ed|ing)?\s+[\w\s]+\b/gi
+    ],
+    narrowingFactor: 1e-5,
+    // Unique events are extremely identifying
+    explanationTemplate: 'Unique event "{phrase}" likely identifies a single individual',
+    suggestionTemplate: "received recognition"
+  },
+  // Demographics - age, gender, ethnicity indicators
+  {
+    type: "demographic",
+    patterns: [
+      /\b(?:youngest|oldest|first)\s+(?:female|male|woman|man)\b/gi,
+      /\b\d{2}.year.old\b/gi,
+      /\bborn\s+in\s+(?:19|20)\d{2}\b/gi,
+      /\bgeneration\s+(?:X|Y|Z|Alpha|Boomer|Millennial)\b/gi
+    ],
+    narrowingFactor: 0.05,
+    explanationTemplate: 'Demographic detail "{phrase}" narrows population',
+    suggestionTemplate: "an individual"
+  },
+  // Achievements - degrees, certifications, publications
+  {
+    type: "achievement",
+    patterns: [
+      /\bPhD\s+(?:in|from)\s+[\w\s]+\b/gi,
+      /\bauthor(?:ed)?\s+(?:of\s+)?["']?[\w\s]+["']?\b/gi,
+      /\bpublished\s+(?:in|by)\s+[\w\s]+\b/gi,
+      /\bpatent(?:ed|s)?\s+(?:for|on)\s+[\w\s]+\b/gi,
+      /\bfounded\s+[\w\s]+\b/gi,
+      /\binvented\s+[\w\s]+\b/gi
+    ],
+    narrowingFactor: 1e-3,
+    explanationTemplate: 'Achievement "{phrase}" is potentially searchable',
+    suggestionTemplate: "has relevant credentials"
+  },
+  // Public roles - elected officials, public figures
+  {
+    type: "public_role",
+    patterns: [
+      /\b(?:senator|congressman|congresswoman|representative|mayor|governor|president)\b/gi,
+      /\b(?:elected|appointed|nominated)\s+(?:to|as)\s+[\w\s]+\b/gi,
+      /\bserved\s+(?:on|as|in)\s+(?:the\s+)?[\w\s]+(?:board|committee|council|commission)\b/gi,
+      /\bformer\s+[\w\s]+(?:secretary|minister|ambassador|director)\b/gi
+    ],
+    narrowingFactor: 1e-4,
+    explanationTemplate: 'Public role "{phrase}" is easily searchable',
+    suggestionTemplate: "held a public position"
+  }
+];
+var SEARCHABILITY_PATTERNS = [
+  // Trivially searchable - direct quotes, exact events
+  {
+    pattern: /["'][\w\s]{10,}["']/g,
+    searchability: "trivial",
+    reason: "Exact quote can be searched directly"
+  },
+  {
+    pattern: /testified\s+(?:before|at|to)\s+[\w\s]+(?:on|about|regarding)\s+[\w\s]+/gi,
+    searchability: "trivial",
+    reason: "Congressional testimony is public record"
+  },
+  {
+    pattern: /(?:filed|settled|won|lost)\s+(?:a\s+)?(?:lawsuit|case|suit)\s+(?:against|with)\s+[\w\s]+/gi,
+    searchability: "trivial",
+    reason: "Legal proceedings are searchable"
+  },
+  {
+    pattern: /(?:awarded|received|won)\s+(?:the\s+)?[\w\s]+(?:Award|Prize|Medal)/gi,
+    searchability: "trivial",
+    reason: "Awards are typically announced publicly"
+  },
+  // Moderately searchable - combinations of attributes
+  {
+    pattern: /(?:CEO|CFO|CTO)\s+(?:of|at)\s+[\w\s]+/gi,
+    searchability: "moderate",
+    reason: "Executive titles at named companies are findable"
+  },
+  {
+    pattern: /(?:professor|researcher)\s+(?:of|at)\s+[\w\s]+University/gi,
+    searchability: "moderate",
+    reason: "Academic positions are often listed online"
+  },
+  // Difficult but possible
+  {
+    pattern: /(?:worked|employed)\s+(?:at|for)\s+[\w\s]+\s+(?:from|during|in)\s+[\w\s]+/gi,
+    searchability: "difficult",
+    reason: "Employment history with dates may appear in professional profiles"
+  }
+];
+var VULNERABLE_SOURCES = [
+  {
+    name: "LinkedIn",
+    dataTypes: ["employment history", "education", "skills", "connections"],
+    matchPatterns: [
+      /\bworked?\s+(?:at|for)\b/gi,
+      /\bemployed\b/gi,
+      /\b(?:CEO|CTO|CFO|Director|Manager|Engineer)\b/gi
+    ]
+  },
+  {
+    name: "Public Records",
+    dataTypes: ["property ownership", "court records", "voter registration"],
+    matchPatterns: [
+      /\bowned\s+property\b/gi,
+      /\bfiled\s+(?:lawsuit|bankruptcy)\b/gi,
+      /\bregistered\s+voter\b/gi
+    ]
+  },
+  {
+    name: "News Archives",
+    dataTypes: ["news mentions", "press releases", "interviews"],
+    matchPatterns: [
+      /\bannounced\b/gi,
+      /\bquoted\b/gi,
+      /\binterview(?:ed)?\b/gi,
+      /\btestified\b/gi
+    ]
+  },
+  {
+    name: "Academic Databases",
+    dataTypes: ["publications", "citations", "institutional affiliations"],
+    matchPatterns: [
+      /\bpublished\b/gi,
+      /\bprofessor\b/gi,
+      /\bresearcher\b/gi,
+      /\bPhD\b/gi
+    ]
+  },
+  {
+    name: "Corporate Filings",
+    dataTypes: ["SEC filings", "board memberships", "executive compensation"],
+    matchPatterns: [
+      /\b(?:CEO|CFO|CTO|COO|board)\b/gi,
+      /\bfiled\s+with\b/gi,
+      /\bpublic(?:ly)?\s+traded\b/gi
+    ]
+  }
+];
+var WORLD_POPULATION = 8e9;
+var POPULATION_MULTIPLIERS = {
+  profession: 1e-4,
+  // ~800,000 for a specific job title
+  affiliation: 1e-3,
+  // ~8,000,000 for a major company
+  temporal_marker: 0.1,
+  // Narrows to a year or period
+  geographic_signal: 0.01,
+  // ~80,000,000 for a city
+  relational_context: 0.1,
+  // Provides linkage, not direct ID
+  unique_event: 1e-5,
+  // ~80,000 or less for unique achievements
+  demographic: 0.05,
+  // Age/gender combo
+  achievement: 1e-3,
+  // Specific degrees/publications
+  public_role: 1e-4
+  // Public figures are findable
+};
+var AdversarialVerifier = class {
+  constructor(config) {
+    this.config = {
+      enabled: true,
+      riskThreshold: 30,
+      maxIterations: 3,
+      autoApplyLowRisk: false,
+      analysisDepth: "standard",
+      enabledAnalyses: {
+        attributeLeakage: true,
+        semanticFingerprinting: true,
+        crossReferenceCheck: true
+      },
+      ...config
+    };
+  }
+  /**
+   * Main entry point: analyze redacted content for re-identification risk
+   */
+  async analyze(sections, appliedRedactions) {
+    const startTime = performance.now();
+    const redactedText = this.simulateRedactedOutput(sections, appliedRedactions);
+    const leakedAttributes = this.config.enabledAnalyses.attributeLeakage ? this.extractLeakedAttributes(redactedText, sections) : [];
+    const semanticFingerprint = this.config.enabledAnalyses.semanticFingerprinting ? this.calculateSemanticFingerprint(redactedText, leakedAttributes) : this.emptySemanticFingerprint();
+    const crossReferenceRisk = this.config.enabledAnalyses.crossReferenceCheck ? this.assessCrossReferenceRisk(redactedText) : this.emptyCrossReferenceRisk();
+    const reidentificationConfidence = this.calculateOverallConfidence(
+      leakedAttributes,
+      semanticFingerprint,
+      crossReferenceRisk
+    );
+    const riskLevel = this.classifyRiskLevel(reidentificationConfidence);
+    const analysis = {
+      id: generateSecureId(),
+      timestamp: Date.now(),
+      reidentificationConfidence,
+      riskLevel,
+      leakedAttributes,
+      semanticFingerprint,
+      crossReferenceRisk,
+      sectionsAnalyzed: sections.map((s) => s.id),
+      processingTimeMs: performance.now() - startTime
+    };
+    const suggestions = this.generateSuggestions(analysis);
+    return {
+      analysis,
+      suggestions,
+      passesThreshold: reidentificationConfidence <= this.config.riskThreshold,
+      riskThreshold: this.config.riskThreshold,
+      iteration: 1
+    };
+  }
+  /**
+   * Simulate what the document looks like after redaction
+   */
+  simulateRedactedOutput(sections, redactions) {
+    const result = /* @__PURE__ */ new Map();
+    for (const section of sections) {
+      let text = section.text;
+      const sectionRedactions = redactions.filter((r) => r.sectionId === section.id).sort((a, b) => b.startOffset - a.startOffset);
+      for (const redaction of sectionRedactions) {
+        text = text.slice(0, redaction.startOffset) + "[REDACTED]" + text.slice(redaction.endOffset);
+      }
+      result.set(section.id, text);
+    }
+    return result;
+  }
+  /**
+   * Extract attributes that leak identity from redacted text
+   */
+  extractLeakedAttributes(redactedText, _sections) {
+    const attributes = [];
+    for (const [sectionId, text] of redactedText) {
+      for (const pattern of ATTRIBUTE_PATTERNS) {
+        for (const regex of pattern.patterns) {
+          regex.lastIndex = 0;
+          let match;
+          while ((match = regex.exec(text)) !== null) {
+            if (this.isInsideRedaction(text, match.index)) {
+              continue;
+            }
+            const phrase = match[0].trim();
+            if (phrase.length < 5) {
+              continue;
+            }
+            attributes.push({
+              type: pattern.type,
+              phrase,
+              narrowingFactor: pattern.narrowingFactor,
+              explanation: pattern.explanationTemplate.replace("{phrase}", phrase),
+              suggestion: pattern.suggestionTemplate,
+              location: {
+                sectionId,
+                startOffset: match.index,
+                endOffset: match.index + match[0].length
+              }
+            });
+          }
+        }
+      }
+    }
+    const seen = /* @__PURE__ */ new Set();
+    return attributes.filter((attr) => {
+      const key = `${attr.type}:${attr.phrase.toLowerCase()}`;
+      if (seen.has(key)) return false;
+      seen.add(key);
+      return true;
+    });
+  }
+  /**
+   * Check if a position is inside a [REDACTED] marker
+   */
+  isInsideRedaction(text, position) {
+    const redactionPattern = /\[REDACTED\]/g;
+    let match;
+    while ((match = redactionPattern.exec(text)) !== null) {
+      if (position >= match.index && position < match.index + match[0].length) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Calculate semantic fingerprint - how unique is this description?
+   */
+  calculateSemanticFingerprint(_redactedText, leakedAttributes) {
+    let populationSize = WORLD_POPULATION;
+    const drivers = [];
+    for (const attr of leakedAttributes) {
+      const narrowingFactor = POPULATION_MULTIPLIERS[attr.type] || attr.narrowingFactor;
+      const newPopulation = populationSize * narrowingFactor;
+      drivers.push({
+        phrase: attr.phrase,
+        impact: this.categorizeImpact(narrowingFactor),
+        narrowingFactor,
+        suggestion: attr.suggestion || "Consider generalizing this phrase"
+      });
+      populationSize = newPopulation;
+    }
+    drivers.sort((a, b) => {
+      const impactOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+      return impactOrder[a.impact] - impactOrder[b.impact];
+    });
+    const riskScore = Math.min(
+      100,
+      Math.max(0, 100 - Math.log10(Math.max(1, populationSize)) * 10)
+    );
+    return {
+      estimatedPopulationSize: Math.max(1, Math.round(populationSize)),
+      populationDescription: this.describePopulation(populationSize),
+      uniquenessDrivers: drivers.slice(0, 10),
+      // Top 10
+      riskScore,
+      riskLevel: this.classifyRiskLevel(riskScore)
+    };
+  }
+  /**
+   * Categorize the impact of a narrowing factor
+   */
+  categorizeImpact(factor) {
+    if (factor <= 1e-4) return "critical";
+    if (factor <= 1e-3) return "high";
+    if (factor <= 0.01) return "medium";
+    return "low";
+  }
+  /**
+   * Create human-readable population description
+   */
+  describePopulation(size) {
+    if (size <= 1) return "Single individual identifiable";
+    if (size <= 10) return "Fewer than 10 people match";
+    if (size <= 100) return "Fewer than 100 people match";
+    if (size <= 1e3) return "Approximately 1,000 people match";
+    if (size <= 1e4) return "Approximately 10,000 people match";
+    if (size <= 1e5) return "Approximately 100,000 people match";
+    if (size <= 1e6) return "Approximately 1 million people match";
+    return "Large population matches (lower risk)";
+  }
+  /**
+   * Assess cross-reference vulnerability
+   */
+  assessCrossReferenceRisk(redactedText) {
+    const fullText = Array.from(redactedText.values()).join(" ");
+    const searchableFragments = [];
+    const vulnerableSources = [];
+    for (const pattern of SEARCHABILITY_PATTERNS) {
+      pattern.pattern.lastIndex = 0;
+      let match;
+      while ((match = pattern.pattern.exec(fullText)) !== null) {
+        if (!this.isInsideRedaction(fullText, match.index)) {
+          searchableFragments.push({
+            fragment: match[0].trim(),
+            searchability: pattern.searchability,
+            reason: pattern.reason,
+            predictedResults: this.predictSearchResults(
+              match[0],
+              pattern.searchability
+            )
+          });
+        }
+      }
+    }
+    for (const source of VULNERABLE_SOURCES) {
+      const matchingDataPoints = [];
+      for (const pattern of source.matchPatterns) {
+        pattern.lastIndex = 0;
+        if (pattern.test(fullText)) {
+          matchingDataPoints.push(
+            ...source.dataTypes.filter(
+              (_dt) => source.matchPatterns.some((p) => {
+                p.lastIndex = 0;
+                return p.test(fullText);
+              })
+            )
+          );
+        }
+      }
+      if (matchingDataPoints.length > 0) {
+        vulnerableSources.push({
+          source: source.name,
+          matchLikelihood: this.assessMatchLikelihood(matchingDataPoints.length),
+          dataPoints: [...new Set(matchingDataPoints)]
+        });
+      }
+    }
+    const trivialCount = searchableFragments.filter(
+      (f) => f.searchability === "trivial"
+    ).length;
+    const moderateCount = searchableFragments.filter(
+      (f) => f.searchability === "moderate"
+    ).length;
+    const riskScore = Math.min(
+      100,
+      trivialCount * 30 + moderateCount * 15 + vulnerableSources.length * 10
+    );
+    return {
+      searchableFragments: searchableFragments.slice(0, 10),
+      vulnerableSources,
+      riskScore
+    };
+  }
+  /**
+   * Predict what a search might return
+   */
+  predictSearchResults(_fragment, searchability) {
+    switch (searchability) {
+      case "trivial":
+        return "Direct search likely returns exact match";
+      case "moderate":
+        return "Search combined with other context may identify";
+      case "difficult":
+        return "Requires additional context to narrow results";
+    }
+  }
+  /**
+   * Assess likelihood of database match
+   */
+  assessMatchLikelihood(dataPointCount) {
+    if (dataPointCount >= 3) return "certain";
+    if (dataPointCount === 2) return "likely";
+    if (dataPointCount === 1) return "possible";
+    return "unlikely";
+  }
+  /**
+   * Calculate overall re-identification confidence
+   */
+  calculateOverallConfidence(leakedAttributes, semanticFingerprint, crossReferenceRisk) {
+    const weights = {
+      semantic: 0.5,
+      // How unique is the description?
+      crossRef: 0.3,
+      // How searchable?
+      attributeCount: 0.2
+      // Raw attribute count factor
+    };
+    const attributeRisk = Math.min(100, leakedAttributes.length * 10);
+    return Math.round(
+      weights.semantic * semanticFingerprint.riskScore + weights.crossRef * crossReferenceRisk.riskScore + weights.attributeCount * attributeRisk
+    );
+  }
+  /**
+   * Classify risk level based on confidence score
+   */
+  classifyRiskLevel(confidence) {
+    if (confidence >= 80) return "critical";
+    if (confidence >= 60) return "high";
+    if (confidence >= 40) return "medium";
+    if (confidence >= 20) return "low";
+    return "minimal";
+  }
+  /**
+   * Generate suggestions for reducing risk
+   */
+  generateSuggestions(analysis) {
+    const suggestions = [];
+    let priority = 1;
+    for (const driver of analysis.semanticFingerprint.uniquenessDrivers) {
+      if (driver.impact === "critical" || driver.impact === "high") {
+        const attr = analysis.leakedAttributes.find(
+          (a) => a.phrase === driver.phrase
+        );
+        if (attr) {
+          suggestions.push({
+            id: generateSecureId(),
+            type: "generalize",
+            priority: priority++,
+            originalPhrase: driver.phrase,
+            suggestedReplacement: driver.suggestion,
+            expectedRiskReduction: this.estimateRiskReduction(driver.impact),
+            location: attr.location,
+            rationale: `This phrase narrows identification to approximately ${Math.round(
+              analysis.semanticFingerprint.estimatedPopulationSize * driver.narrowingFactor
+            ).toLocaleString()} people`,
+            accepted: false
+          });
+        }
+      }
+    }
+    for (const fragment of analysis.crossReferenceRisk.searchableFragments) {
+      if (fragment.searchability === "trivial") {
+        suggestions.push({
+          id: generateSecureId(),
+          type: "redact",
+          priority: priority++,
+          originalPhrase: fragment.fragment,
+          suggestedReplacement: "[CONTEXT REDACTED]",
+          expectedRiskReduction: 15,
+          location: {
+            sectionId: "",
+            // Would need to track this
+            startOffset: 0,
+            endOffset: 0
+          },
+          rationale: fragment.reason,
+          accepted: false
+        });
+      }
+    }
+    return suggestions.sort((a, b) => a.priority - b.priority).slice(0, 10);
+  }
+  /**
+   * Estimate risk reduction from applying a suggestion
+   */
+  estimateRiskReduction(impact) {
+    switch (impact) {
+      case "critical":
+        return 25;
+      case "high":
+        return 15;
+      case "medium":
+        return 8;
+      case "low":
+        return 3;
+    }
+  }
+  /**
+   * Empty semantic fingerprint for when analysis is disabled
+   */
+  emptySemanticFingerprint() {
+    return {
+      estimatedPopulationSize: WORLD_POPULATION,
+      populationDescription: "Analysis disabled",
+      uniquenessDrivers: [],
+      riskScore: 0,
+      riskLevel: "minimal"
+    };
+  }
+  /**
+   * Empty cross-reference risk for when analysis is disabled
+   */
+  emptyCrossReferenceRisk() {
+    return {
+      searchableFragments: [],
+      vulnerableSources: [],
+      riskScore: 0
+    };
+  }
+  /**
+   * Update configuration
+   */
+  setConfig(config) {
+    this.config = { ...this.config, ...config };
+  }
+  /**
+   * Get current configuration
+   */
+  getConfig() {
+    return { ...this.config };
+  }
+};
+var adversarialVerifier = new AdversarialVerifier();
+
+// src/hooks/useDocumentProcessor.ts
+import { useCallback as useCallback3, useRef, useState as useState3, useEffect as useEffect2 } from "react";
+
+// src/hooks/useFileEntropy.ts
+import { useCallback, useMemo, useState } from "react";
+var DEFAULT_BLOCK_SIZE = 256;
+var MAX_ENTROPY = 8;
+function calculateBlockEntropy(bytes) {
+  if (bytes.length === 0) return 0;
+  const freq = /* @__PURE__ */ new Map();
+  for (let i = 0; i < bytes.length; i++) {
+    const byte = bytes[i];
+    freq.set(byte, (freq.get(byte) || 0) + 1);
+  }
+  let entropy = 0;
+  const len = bytes.length;
+  for (const count of freq.values()) {
+    const p = count / len;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+function normalizeEntropy(entropy) {
+  return Math.min(1, Math.max(0, entropy / MAX_ENTROPY));
+}
+function blockContainsPII(blockOffset, blockSize, detections) {
+  const blockEnd = blockOffset + blockSize;
+  for (const detection of detections) {
+    if (detection.startOffset < blockEnd && detection.endOffset > blockOffset) {
+      return true;
+    }
+  }
+  return false;
+}
+function useFileEntropy(options = {}) {
+  const { blockSize = DEFAULT_BLOCK_SIZE } = options;
+  const [isCalculating, setIsCalculating] = useState(false);
+  const [error, setError] = useState(null);
+  const calculateEntropy = useCallback(
+    (bytes, detections = []) => {
+      if (bytes.length === 0) {
+        return {
+          blocks: [],
+          globalEntropy: 0,
+          maxEntropy: 0,
+          minEntropy: 0,
+          totalBytes: 0,
+          blockSize
+        };
+      }
+      const blocks = [];
+      let minEntropy = MAX_ENTROPY;
+      let maxEntropy = 0;
+      const numBlocks = Math.ceil(bytes.length / blockSize);
+      for (let i = 0; i < numBlocks; i++) {
+        const offset = i * blockSize;
+        const end = Math.min(offset + blockSize, bytes.length);
+        const blockBytes = bytes.slice(offset, end);
+        const entropy = calculateBlockEntropy(blockBytes);
+        const normalizedEntropy = normalizeEntropy(entropy);
+        minEntropy = Math.min(minEntropy, entropy);
+        maxEntropy = Math.max(maxEntropy, entropy);
+        blocks.push({
+          index: i,
+          entropy,
+          normalizedEntropy,
+          offset,
+          size: end - offset,
+          containsPII: blockContainsPII(offset, end - offset, detections)
+        });
+      }
+      const globalEntropy = calculateBlockEntropy(bytes);
+      return {
+        blocks,
+        globalEntropy,
+        maxEntropy,
+        minEntropy: blocks.length > 0 ? minEntropy : 0,
+        totalBytes: bytes.length,
+        blockSize
+      };
+    },
+    [blockSize]
+  );
+  const calculateFileEntropy = useCallback(
+    async (file, detections = []) => {
+      setIsCalculating(true);
+      setError(null);
+      try {
+        const arrayBuffer = await file.arrayBuffer();
+        const bytes = new Uint8Array(arrayBuffer);
+        return calculateEntropy(bytes, detections);
+      } catch (err) {
+        const error2 = err instanceof Error ? err : new Error("Failed to read file");
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsCalculating(false);
+      }
+    },
+    [calculateEntropy]
+  );
+  const calculateTextEntropy = useCallback(
+    (text, detections = []) => {
+      const encoder = new TextEncoder();
+      const bytes = encoder.encode(text);
+      return calculateEntropy(bytes, detections);
+    },
+    [calculateEntropy]
+  );
+  const compareEntropy = useCallback(
+    (before, after) => {
+      const changedRegions = [];
+      if (before && after) {
+        const minBlocks = Math.min(before.blocks.length, after.blocks.length);
+        let regionStart = null;
+        let regionDrop = 0;
+        for (let i = 0; i < minBlocks; i++) {
+          const entropyDrop = before.blocks[i].entropy - after.blocks[i].entropy;
+          if (entropyDrop > 1) {
+            if (regionStart === null) {
+              regionStart = i;
+              regionDrop = entropyDrop;
+            } else {
+              regionDrop = Math.max(regionDrop, entropyDrop);
+            }
+          } else if (regionStart !== null) {
+            changedRegions.push({
+              startBlock: regionStart,
+              endBlock: i - 1,
+              entropyDrop: regionDrop
+            });
+            regionStart = null;
+            regionDrop = 0;
+          }
+        }
+        if (regionStart !== null) {
+          changedRegions.push({
+            startBlock: regionStart,
+            endBlock: minBlocks - 1,
+            entropyDrop: regionDrop
+          });
+        }
+      }
+      return {
+        before,
+        after,
+        changedRegions
+      };
+    },
+    []
+  );
+  return useMemo(
+    () => ({
+      calculateEntropy,
+      calculateFileEntropy,
+      calculateTextEntropy,
+      compareEntropy,
+      isCalculating,
+      error
+    }),
+    [
+      calculateEntropy,
+      calculateFileEntropy,
+      calculateTextEntropy,
+      compareEntropy,
+      isCalculating,
+      error
+    ]
+  );
+}
+
+// src/hooks/useOfflineQuota.ts
+import { useState as useState2, useEffect, useCallback as useCallback2 } from "react";
+
+// src/services/quota/DeviceFingerprint.ts
+async function generateDeviceFingerprint() {
+  const components = [
+    // User agent (browser + OS)
+    navigator.userAgent,
+    // Language preference
+    navigator.language,
+    // Screen dimensions (stable across sessions)
+    `${screen.width}x${screen.height}x${screen.colorDepth}`,
+    // Timezone
+    Intl.DateTimeFormat().resolvedOptions().timeZone,
+    // Platform
+    navigator.platform,
+    // Hardware concurrency (CPU cores)
+    navigator.hardwareConcurrency?.toString() || "unknown",
+    // Device memory (if available)
+    navigator.deviceMemory?.toString() || "unknown"
+  ];
+  const canvasFingerprint = await getCanvasFingerprint();
+  if (canvasFingerprint) {
+    components.push(canvasFingerprint);
+  }
+  const combined = components.join("|");
+  const hash = await sha256(combined);
+  return hash.substring(0, 16);
+}
+async function getCanvasFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    canvas.width = 200;
+    canvas.height = 50;
+    const ctx = canvas.getContext("2d");
+    if (!ctx) return null;
+    ctx.textBaseline = "top";
+    ctx.font = "14px Arial";
+    ctx.fillStyle = "#f60";
+    ctx.fillRect(10, 1, 62, 20);
+    ctx.fillStyle = "#069";
+    ctx.fillText("PURGE", 15, 5);
+    ctx.fillStyle = "rgba(102, 204, 0, 0.7)";
+    ctx.fillText("quota", 60, 5);
+    const dataUrl = canvas.toDataURL();
+    return await sha256(dataUrl);
+  } catch {
+    return null;
+  }
+}
+async function sha256(message) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(message);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function verifyDeviceFingerprint(storedFingerprint) {
+  const currentFingerprint = await generateDeviceFingerprint();
+  if (currentFingerprint === storedFingerprint) {
+    return { matches: true, similarity: 1 };
+  }
+  let matching = 0;
+  for (let i = 0; i < Math.min(currentFingerprint.length, storedFingerprint.length); i++) {
+    if (currentFingerprint[i] === storedFingerprint[i]) {
+      matching++;
+    }
+  }
+  const similarity = matching / Math.max(currentFingerprint.length, storedFingerprint.length);
+  return {
+    matches: similarity >= 0.75,
+    similarity
+  };
+}
+
+// src/services/quota/OfflineQuotaStore.ts
+var LS_KEY = "purge_offline_quota";
+var IDB_NAME = "purge_quota_db";
+var IDB_STORE = "quota";
+var IDB_KEY = "current";
+var SCHEMA_VERSION = 1;
+var DEFAULT_TOKENS = 50;
+var HMAC_SALT = "purge_quota_v1_";
+async function deriveKey(fingerprint) {
+  const encoder = new TextEncoder();
+  const keyMaterial = encoder.encode(HMAC_SALT + fingerprint);
+  const rawKey = await crypto.subtle.importKey(
+    "raw",
+    keyMaterial,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign", "verify"]
+  );
+  return rawKey;
+}
+async function signState(state, fingerprint) {
+  const key = await deriveKey(fingerprint);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(JSON.stringify(state));
+  const signature = await crypto.subtle.sign("HMAC", key, data);
+  const signatureArray = Array.from(new Uint8Array(signature));
+  return signatureArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function verifySignature(signed, fingerprint) {
+  try {
+    const expectedSignature = await signState(signed.data, fingerprint);
+    return expectedSignature === signed.signature;
+  } catch {
+    return false;
+  }
+}
+function openDatabase() {
+  return new Promise((resolve, reject) => {
+    const request = indexedDB.open(IDB_NAME, 1);
+    request.onerror = () => reject(request.error);
+    request.onsuccess = () => resolve(request.result);
+    request.onupgradeneeded = (event) => {
+      const db = event.target.result;
+      if (!db.objectStoreNames.contains(IDB_STORE)) {
+        db.createObjectStore(IDB_STORE);
+      }
+    };
+  });
+}
+async function readFromIDB() {
+  try {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const tx = db.transaction(IDB_STORE, "readonly");
+      const store = tx.objectStore(IDB_STORE);
+      const request = store.get(IDB_KEY);
+      request.onerror = () => reject(request.error);
+      request.onsuccess = () => resolve(request.result || null);
+      tx.oncomplete = () => db.close();
+    });
+  } catch {
+    return null;
+  }
+}
+async function writeToIDB(signed) {
+  try {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const tx = db.transaction(IDB_STORE, "readwrite");
+      const store = tx.objectStore(IDB_STORE);
+      const request = store.put(signed, IDB_KEY);
+      request.onerror = () => reject(request.error);
+      tx.oncomplete = () => {
+        db.close();
+        resolve();
+      };
+    });
+  } catch {
+  }
+}
+async function clearIDB() {
+  try {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const tx = db.transaction(IDB_STORE, "readwrite");
+      const store = tx.objectStore(IDB_STORE);
+      const request = store.delete(IDB_KEY);
+      request.onerror = () => reject(request.error);
+      tx.oncomplete = () => {
+        db.close();
+        resolve();
+      };
+    });
+  } catch {
+  }
+}
+var OfflineQuotaStore = class {
+  constructor() {
+    this.cachedState = null;
+    this.fingerprint = null;
+  }
+  /**
+   * Initializes the store, loading existing state or creating new
+   */
+  async initialize() {
+    this.fingerprint = await generateDeviceFingerprint();
+    const state = await this.load();
+    if (state) {
+      this.cachedState = state;
+      return state;
+    }
+    const newState = await this.createInitialState();
+    this.cachedState = newState;
+    return newState;
+  }
+  /**
+   * Gets current tokens remaining (cached for performance)
+   */
+  getTokens() {
+    return this.cachedState?.tokensRemaining ?? 0;
+  }
+  /**
+   * Checks if processing is allowed
+   */
+  canProcess() {
+    return (this.cachedState?.tokensRemaining ?? 0) > 0;
+  }
+  /**
+   * Decrements quota by 1 token. Returns new remaining count.
+   * Throws if quota is exhausted.
+   */
+  async decrement() {
+    if (!this.cachedState || !this.fingerprint) {
+      throw new Error("QuotaStore not initialized");
+    }
+    if (this.cachedState.tokensRemaining <= 0) {
+      throw new QuotaExhaustedError("No tokens remaining");
+    }
+    const newState = {
+      ...this.cachedState,
+      tokensRemaining: this.cachedState.tokensRemaining - 1
+    };
+    await this.save(newState);
+    this.cachedState = newState;
+    return newState.tokensRemaining;
+  }
+  /**
+   * Resets quota to specified token count (used by refresh API)
+   */
+  async reset(tokens) {
+    if (!this.fingerprint) {
+      this.fingerprint = await generateDeviceFingerprint();
+    }
+    const newState = {
+      tokensRemaining: Math.min(tokens, DEFAULT_TOKENS),
+      lastRefresh: (/* @__PURE__ */ new Date()).toISOString(),
+      deviceFingerprint: this.fingerprint,
+      version: SCHEMA_VERSION
+    };
+    await this.save(newState);
+    this.cachedState = newState;
+  }
+  /**
+   * Loads and validates quota state from storage
+   */
+  async load() {
+    if (!this.fingerprint) {
+      this.fingerprint = await generateDeviceFingerprint();
+    }
+    const lsData = this.loadFromLocalStorage();
+    const idbData = await readFromIDB();
+    if (!lsData && !idbData) {
+      return null;
+    }
+    if (lsData && !idbData) {
+      const valid = await this.validateState(lsData);
+      if (valid) {
+        await writeToIDB(lsData);
+        return lsData.data;
+      }
+      await this.handleTampering("localStorage signature invalid");
+      return null;
+    }
+    if (!lsData && idbData) {
+      const valid = await this.validateState(idbData);
+      if (valid) {
+        this.saveToLocalStorage(idbData);
+        return idbData.data;
+      }
+      await this.handleTampering("IndexedDB signature invalid");
+      return null;
+    }
+    if (lsData && idbData) {
+      const lsValid = await this.validateState(lsData);
+      const idbValid = await this.validateState(idbData);
+      if (!lsValid && !idbValid) {
+        await this.handleTampering("Both storage locations tampered");
+        return null;
+      }
+      if (lsValid && !idbValid) {
+        await writeToIDB(lsData);
+        return lsData.data;
+      }
+      if (!lsValid && idbValid) {
+        this.saveToLocalStorage(idbData);
+        return idbData.data;
+      }
+      if (lsData.data.tokensRemaining !== idbData.data.tokensRemaining) {
+        const trustedState = lsData.data.tokensRemaining < idbData.data.tokensRemaining ? lsData : idbData;
+        this.saveToLocalStorage(trustedState);
+        await writeToIDB(trustedState);
+        return trustedState.data;
+      }
+      return lsData.data;
+    }
+    return null;
+  }
+  /**
+   * Saves quota state to both storage locations
+   */
+  async save(state) {
+    if (!this.fingerprint) {
+      throw new Error("Fingerprint not initialized");
+    }
+    const signature = await signState(state, this.fingerprint);
+    const signed = { data: state, signature };
+    this.saveToLocalStorage(signed);
+    await writeToIDB(signed);
+  }
+  /**
+   * Creates initial state for new users
+   */
+  async createInitialState() {
+    if (!this.fingerprint) {
+      this.fingerprint = await generateDeviceFingerprint();
+    }
+    const state = {
+      tokensRemaining: DEFAULT_TOKENS,
+      lastRefresh: (/* @__PURE__ */ new Date()).toISOString(),
+      deviceFingerprint: this.fingerprint,
+      version: SCHEMA_VERSION
+    };
+    await this.save(state);
+    return state;
+  }
+  /**
+   * Validates a signed state
+   */
+  async validateState(signed) {
+    if (!this.fingerprint) return false;
+    const signatureValid = await verifySignature(signed, this.fingerprint);
+    if (!signatureValid) return false;
+    const fpResult = await verifyDeviceFingerprint(signed.data.deviceFingerprint);
+    if (!fpResult.matches) return false;
+    if (signed.data.version !== SCHEMA_VERSION) {
+      return false;
+    }
+    if (signed.data.tokensRemaining < 0 || signed.data.tokensRemaining > DEFAULT_TOKENS) {
+      return false;
+    }
+    return true;
+  }
+  /**
+   * Handles detected tampering by resetting quota to 0
+   */
+  async handleTampering(reason) {
+    secureWarn(`Quota tampering detected: ${reason}`);
+    const zeroState = {
+      tokensRemaining: 0,
+      lastRefresh: (/* @__PURE__ */ new Date()).toISOString(),
+      deviceFingerprint: this.fingerprint || await generateDeviceFingerprint(),
+      version: SCHEMA_VERSION
+    };
+    await this.save(zeroState);
+    this.cachedState = zeroState;
+  }
+  /**
+   * LocalStorage helpers
+   */
+  loadFromLocalStorage() {
+    try {
+      const raw = localStorage.getItem(LS_KEY);
+      if (!raw) return null;
+      return JSON.parse(raw);
+    } catch {
+      return null;
+    }
+  }
+  saveToLocalStorage(signed) {
+    try {
+      localStorage.setItem(LS_KEY, JSON.stringify(signed));
+    } catch {
+    }
+  }
+  /**
+   * Clears all quota data (for testing/debugging)
+   */
+  async clear() {
+    localStorage.removeItem(LS_KEY);
+    await clearIDB();
+    this.cachedState = null;
+  }
+};
+var QuotaExhaustedError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "QuotaExhaustedError";
+  }
+};
+var offlineQuotaStore = new OfflineQuotaStore();
+
+// src/services/quota/QuotaRefreshAPI.ts
+async function checkOnlineStatus() {
+  if (!navigator.onLine) {
+    return false;
+  }
+  return true;
+}
+async function requestQuotaRefresh() {
+  const isOnline = await checkOnlineStatus();
+  if (!isOnline) {
+    return {
+      success: false,
+      reason: "offline"
+    };
+  }
+  return {
+    success: false,
+    reason: "not_authenticated"
+  };
+}
+
+// src/hooks/useOfflineQuota.ts
+function useOfflineQuota() {
+  const [tokensRemaining, setTokensRemaining] = useState2(0);
+  const [isInitialized, setIsInitialized] = useState2(false);
+  const [quotaError, setQuotaError] = useState2(null);
+  const [lastRefresh, setLastRefresh] = useState2(null);
+  useEffect(() => {
+    let mounted = true;
+    async function init() {
+      try {
+        const state = await offlineQuotaStore.initialize();
+        if (mounted) {
+          setTokensRemaining(state.tokensRemaining);
+          setLastRefresh(state.lastRefresh);
+          setIsInitialized(true);
+          setQuotaError(null);
+        }
+      } catch (error) {
+        if (mounted) {
+          setQuotaError(
+            error instanceof Error ? error.message : "Failed to initialize quota"
+          );
+          setIsInitialized(true);
+          setTokensRemaining(0);
+        }
+      }
+    }
+    init();
+    return () => {
+      mounted = false;
+    };
+  }, []);
+  const canProcessFile = useCallback2(() => {
+    if (!isInitialized) return false;
+    return offlineQuotaStore.canProcess();
+  }, [isInitialized]);
+  const consumeToken = useCallback2(async () => {
+    try {
+      const remaining = await offlineQuotaStore.decrement();
+      setTokensRemaining(remaining);
+      setQuotaError(null);
+    } catch (error) {
+      if (error instanceof QuotaExhaustedError) {
+        setTokensRemaining(0);
+        setQuotaError("Offline quota exhausted. Go online to continue.");
+      } else {
+        setQuotaError(
+          error instanceof Error ? error.message : "Failed to update quota"
+        );
+      }
+      throw error;
+    }
+  }, []);
+  const requestRefresh = useCallback2(async () => {
+    try {
+      const result = await requestQuotaRefresh();
+      if (result.success) {
+        await offlineQuotaStore.reset(result.tokens);
+        setTokensRemaining(result.tokens);
+        setLastRefresh((/* @__PURE__ */ new Date()).toISOString());
+        setQuotaError(null);
+      }
+      return result;
+    } catch (error) {
+      const errorResult = {
+        success: false,
+        reason: "api_error"
+      };
+      setQuotaError(
+        error instanceof Error ? error.message : "Failed to refresh quota"
+      );
+      return errorResult;
+    }
+  }, []);
+  return {
+    tokensRemaining,
+    isExhausted: tokensRemaining <= 0,
+    isInitialized,
+    canProcessFile,
+    consumeToken,
+    requestRefresh,
+    quotaError,
+    lastRefresh
+  };
+}
+
+// src/utils/partialMask.ts
+var MASK_CHAR = "*";
+function maskSSN(value) {
+  const digits = value.replace(/\D/g, "");
+  if (digits.length !== 9) {
+    return MASK_CHAR.repeat(value.length);
+  }
+  const last4 = digits.slice(-4);
+  return `${MASK_CHAR}${MASK_CHAR}${MASK_CHAR}-${MASK_CHAR}${MASK_CHAR}-${last4}`;
+}
+function maskCreditCard(value) {
+  const digits = value.replace(/\D/g, "");
+  if (digits.length < 15 || digits.length > 16) {
+    return MASK_CHAR.repeat(value.length);
+  }
+  const last4 = digits.slice(-4);
+  if (value.includes("-")) {
+    if (digits.length === 16) {
+      return `${MASK_CHAR.repeat(4)}-${MASK_CHAR.repeat(4)}-${MASK_CHAR.repeat(4)}-${last4}`;
+    }
+    return `${MASK_CHAR.repeat(4)}-${MASK_CHAR.repeat(6)}-${MASK_CHAR}${last4}`;
+  } else if (value.includes(" ")) {
+    if (digits.length === 16) {
+      return `${MASK_CHAR.repeat(4)} ${MASK_CHAR.repeat(4)} ${MASK_CHAR.repeat(4)} ${last4}`;
+    }
+    return `${MASK_CHAR.repeat(4)} ${MASK_CHAR.repeat(6)} ${MASK_CHAR}${last4}`;
+  }
+  return MASK_CHAR.repeat(digits.length - 4) + last4;
+}
+function maskEmail(value) {
+  const atIndex = value.indexOf("@");
+  if (atIndex < 1) {
+    return MASK_CHAR.repeat(value.length);
+  }
+  const localPart = value.slice(0, atIndex);
+  const domain = value.slice(atIndex);
+  if (localPart.length <= 1) {
+    return localPart + MASK_CHAR.repeat(3) + domain;
+  }
+  const firstChar = localPart[0];
+  const maskLength = Math.min(localPart.length - 1, 5);
+  return firstChar + MASK_CHAR.repeat(maskLength) + domain;
+}
+function maskPhone(value) {
+  const digits = value.replace(/\D/g, "");
+  if (digits.length < 10) {
+    return MASK_CHAR.repeat(value.length);
+  }
+  const last4 = digits.slice(-4);
+  if (value.includes("(") && value.includes(")")) {
+    return `(${MASK_CHAR.repeat(3)}) ${MASK_CHAR.repeat(3)}-${last4}`;
+  } else if (value.startsWith("+")) {
+    const countryCodeMatch = value.match(/^\+\d+/);
+    const countryCode = countryCodeMatch ? countryCodeMatch[0] : "+1";
+    return `${countryCode}-${MASK_CHAR.repeat(3)}-${MASK_CHAR.repeat(3)}-${last4}`;
+  } else if (value.includes("-")) {
+    return `${MASK_CHAR.repeat(3)}-${MASK_CHAR.repeat(3)}-${last4}`;
+  } else if (value.includes(".")) {
+    return `${MASK_CHAR.repeat(3)}.${MASK_CHAR.repeat(3)}.${last4}`;
+  }
+  return MASK_CHAR.repeat(digits.length - 4) + last4;
+}
+function maskAddress(value) {
+  const match = value.match(/^(\d+)\s+(.+)$/);
+  if (match) {
+    const [, houseNum, streetPart] = match;
+    return MASK_CHAR.repeat(houseNum.length) + " " + streetPart;
+  }
+  const words = value.split(/\s+/);
+  if (words.length > 1) {
+    words[0] = MASK_CHAR.repeat(words[0].length);
+    return words.join(" ");
+  }
+  return MASK_CHAR.repeat(value.length);
+}
+function maskPersonName(value) {
+  const parts = value.split(/\s+/);
+  return parts.map((part) => {
+    if (part.length === 0) return "";
+    if (/^(Mr|Mrs|Ms|Miss|Dr|Prof)\.?$/i.test(part)) {
+      return part;
+    }
+    if (part.length === 1) return part;
+    const firstChar = part[0];
+    const maskLength = Math.min(part.length - 1, 5);
+    return firstChar + MASK_CHAR.repeat(maskLength);
+  }).join(" ");
+}
+function maskIPAddress(value) {
+  const octets = value.split(".");
+  if (octets.length !== 4) {
+    return MASK_CHAR.repeat(value.length);
+  }
+  return `${MASK_CHAR.repeat(3)}.${MASK_CHAR.repeat(3)}.${MASK_CHAR.repeat(3)}.${octets[3]}`;
+}
+function maskDateOfBirth(value) {
+  if (/^\d{4}[-/]\d{1,2}[-/]\d{1,2}$/.test(value)) {
+    const year = value.slice(0, 4);
+    const sep = value.includes("-") ? "-" : "/";
+    return `${year}${sep}${MASK_CHAR}${MASK_CHAR}${sep}${MASK_CHAR}${MASK_CHAR}`;
+  }
+  const match = value.match(/^(\d{1,2})([-/])(\d{1,2})\2(\d{4})$/);
+  if (match) {
+    const [, , sep, , year] = match;
+    return `${MASK_CHAR}${MASK_CHAR}${sep}${MASK_CHAR}${MASK_CHAR}${sep}${year}`;
+  }
+  if (value.length >= 4) {
+    return MASK_CHAR.repeat(value.length - 4) + value.slice(-4);
+  }
+  return MASK_CHAR.repeat(value.length);
+}
+function maskCustom(value) {
+  if (value.length <= 4) {
+    return MASK_CHAR.repeat(value.length);
+  }
+  const visibleCount = Math.min(2, Math.floor(value.length / 4));
+  const start = value.slice(0, visibleCount);
+  const end = value.slice(-visibleCount);
+  const middleLength = value.length - visibleCount * 2;
+  return start + MASK_CHAR.repeat(middleLength) + end;
+}
+function getPartialMask(category, value) {
+  switch (category) {
+    case "ssn":
+      return maskSSN(value);
+    case "credit_card":
+      return maskCreditCard(value);
+    case "email":
+      return maskEmail(value);
+    case "phone":
+      return maskPhone(value);
+    case "address":
+      return maskAddress(value);
+    case "person_name":
+      return maskPersonName(value);
+    case "ip_address":
+      return maskIPAddress(value);
+    case "date_of_birth":
+      return maskDateOfBirth(value);
+    case "custom":
+      return maskCustom(value);
+    default:
+      if (value.length <= 2) {
+        return MASK_CHAR.repeat(value.length);
+      }
+      return value[0] + MASK_CHAR.repeat(value.length - 2) + value[value.length - 1];
+  }
+}
+
+// src/hooks/useDocumentProcessor.ts
+function getPurgedFilename(originalName) {
+  const safeName = originalName.replace(/[/\\]/g, "_");
+  const lastDot = safeName.lastIndexOf(".");
+  if (lastDot === -1) return `${safeName}_purged`;
+  return `${safeName.slice(0, lastDot)}_purged${safeName.slice(lastDot)}`;
+}
+function useDocumentProcessor() {
+  const [isProcessing, setIsProcessing] = useState3(false);
+  const [progress, setProgress] = useState3(null);
+  const [detections, setDetections] = useState3([]);
+  const [memoryStats, setMemoryStats] = useState3({
+    allocated: 0,
+    wiped: 0,
+    buffersCleared: 0,
+    totalBuffers: 0
+  });
+  const [entropyComparison, setEntropyComparison] = useState3({
+    before: null,
+    after: null,
+    changedRegions: []
+  });
+  const [isCalculatingEntropy, setIsCalculatingEntropy] = useState3(false);
+  const [contentSections, setContentSections] = useState3([]);
+  const buffersRef = useRef([]);
+  const originalBytesRef = useRef(null);
+  const parsedDocsRef = useRef(/* @__PURE__ */ new Map());
+  const updateFileStatus = usePurgeStore((s) => s.updateFileStatus);
+  const storeSetDetections = usePurgeStore((s) => s.setDetections);
+  const { calculateEntropy, compareEntropy } = useFileEntropy();
+  const { canProcessFile, consumeToken, tokensRemaining } = useOfflineQuota();
+  useEffect2(() => {
+    return () => {
+      if (originalBytesRef.current) {
+        originalBytesRef.current.fill(0);
+        originalBytesRef.current = null;
+      }
+      buffersRef.current.forEach((buffer) => {
+        new Uint8Array(buffer).fill(0);
+      });
+      buffersRef.current = [];
+      parsedDocsRef.current.clear();
+      secureLog("Memory cleanup on unmount");
+    };
+  }, []);
+  const scanFiles = useCallback3(
+    async (files, config, bypassQuota = false) => {
+      if (!bypassQuota) {
+        if (!canProcessFile()) {
+          throw new QuotaExhaustedError(
+            `Offline quota exhausted (${tokensRemaining} tokens remaining). Go online to refresh.`
+          );
+        }
+        if (tokensRemaining < files.length) {
+          throw new QuotaExhaustedError(
+            `Insufficient quota: ${tokensRemaining} tokens remaining, ${files.length} files queued. Go online to refresh.`
+          );
+        }
+      }
+      setIsProcessing(true);
+      setIsCalculatingEntropy(true);
+      const allDetections = [];
+      parsedDocsRef.current.clear();
+      setContentSections([]);
+      try {
+        for (let i = 0; i < files.length; i++) {
+          const file = files[i];
+          if (!canProcessFile()) {
+            updateFileStatus(file.id, "error", "Quota exhausted");
+            break;
+          }
+          setProgress({
+            currentFileIndex: i,
+            totalFiles: files.length,
+            currentFileName: file.name,
+            phase: "detecting",
+            percent: Math.round(i / files.length * 100)
+          });
+          updateFileStatus(file.id, "scanning");
+          const processor = getProcessorForFile(file.file);
+          if (!processor) {
+            updateFileStatus(file.id, "error", "Unsupported file format");
+            continue;
+          }
+          try {
+            const parsed = await processor.parse(file.file);
+            parsedDocsRef.current.set(file.id, parsed);
+            setContentSections((prev) => [...prev, ...parsed.content.sections]);
+            buffersRef.current.push(new ArrayBuffer(file.size));
+            setMemoryStats((s) => ({
+              ...s,
+              allocated: s.allocated + file.size,
+              totalBuffers: s.totalBuffers + 1
+            }));
+            if (i === 0) {
+              try {
+                const originalBytes = await file.file.arrayBuffer();
+                originalBytesRef.current = new Uint8Array(originalBytes);
+                const beforeEntropy = calculateEntropy(originalBytesRef.current, []);
+                setEntropyComparison((prev) => ({
+                  ...prev,
+                  before: beforeEntropy
+                }));
+              } catch (entropyError) {
+                secureWarn("Failed to calculate original entropy", entropyError);
+              }
+            }
+            const scanConfig = { ...config, sensitivity: "high" };
+            const result = await regexDetectionEngine.detect(parsed.content, scanConfig);
+            allDetections.push(...result.detections);
+            storeSetDetections([...allDetections]);
+            updateFileStatus(file.id, "detected");
+            if (!bypassQuota) {
+              await consumeToken();
+            }
+            if (i === 0 && originalBytesRef.current) {
+              const beforeEntropyWithPII = calculateEntropy(
+                originalBytesRef.current,
+                result.detections
+              );
+              setEntropyComparison((prev) => ({
+                ...prev,
+                before: beforeEntropyWithPII
+              }));
+              originalBytesRef.current.fill(0);
+              originalBytesRef.current = null;
+            }
+            setProgress(
+              (p) => p ? {
+                ...p,
+                percent: Math.round((i + 1) / files.length * 100)
+              } : null
+            );
+          } catch (error) {
+            secureWarn(`Error scanning file ${safeFilename(file.name)}`, error);
+            updateFileStatus(
+              file.id,
+              "error",
+              error instanceof Error ? error.message : "Processing failed"
+            );
+          }
+        }
+        setDetections(allDetections);
+        return allDetections;
+      } finally {
+        setIsProcessing(false);
+        setIsCalculatingEntropy(false);
+        setProgress(null);
+      }
+    },
+    [updateFileStatus, storeSetDetections, calculateEntropy, canProcessFile, consumeToken, tokensRemaining]
+  );
+  const processFiles = useCallback3(
+    async (files, selectedDetections, config) => {
+      setIsProcessing(true);
+      const processedFiles = [];
+      try {
+        for (let i = 0; i < files.length; i++) {
+          const file = files[i];
+          setProgress({
+            currentFileIndex: i,
+            totalFiles: files.length,
+            currentFileName: file.name,
+            phase: "redacting",
+            percent: Math.round(i / files.length * 50)
+          });
+          updateFileStatus(file.id, "purging");
+          const processor = getProcessorForFile(file.file);
+          if (!processor) {
+            updateFileStatus(file.id, "error", "Unsupported file format");
+            continue;
+          }
+          try {
+            let parsed = parsedDocsRef.current.get(file.id);
+            if (!parsed) {
+              secureWarn(`No cached parse for file ${safeFilename(file.name)}, re-parsing`);
+              parsed = await processor.parse(file.file);
+            }
+            const fileDetections = detections.filter(
+              (d) => d.fileId === parsed.content.fileId && selectedDetections.has(d.id)
+            );
+            const redactions = fileDetections.map((d) => ({
+              detectionId: d.id,
+              sectionId: d.sectionId,
+              startOffset: d.startOffset,
+              endOffset: d.endOffset,
+              replacement: getReplacementText(d, config)
+            }));
+            setProgress(
+              (p) => p ? {
+                ...p,
+                phase: "redacting",
+                percent: Math.round(50 + (i + 0.5) / files.length * 25)
+              } : null
+            );
+            const blob = await processor.applyRedactions(parsed, redactions);
+            setProgress(
+              (p) => p ? {
+                ...p,
+                phase: "finalizing",
+                percent: Math.round(75 + (i + 1) / files.length * 25)
+              } : null
+            );
+            const processedFile = {
+              id: generateSecureId(),
+              originalName: file.name,
+              purgedName: getPurgedFilename(file.name),
+              originalSize: file.size,
+              purgedSize: blob.size,
+              type: file.type,
+              blob,
+              detectionsRemoved: redactions.length,
+              timestamp: Date.now()
+            };
+            processedFiles.push(processedFile);
+            updateFileStatus(file.id, "complete");
+            if (i === 0) {
+              try {
+                setIsCalculatingEntropy(true);
+                const processedBytes = await blob.arrayBuffer();
+                const afterEntropy = calculateEntropy(new Uint8Array(processedBytes), []);
+                setEntropyComparison((prev) => {
+                  const comparison = compareEntropy(prev.before, afterEntropy);
+                  return comparison;
+                });
+              } catch (entropyError) {
+                secureWarn("Failed to calculate processed entropy", entropyError);
+              } finally {
+                setIsCalculatingEntropy(false);
+              }
+            }
+          } catch (error) {
+            secureWarn(`Error processing file ${safeFilename(file.name)}`, error);
+            updateFileStatus(
+              file.id,
+              "error",
+              error instanceof Error ? error.message : "Processing failed"
+            );
+          }
+        }
+        return processedFiles;
+      } finally {
+        setIsProcessing(false);
+        setProgress(null);
+      }
+    },
+    [detections, updateFileStatus, calculateEntropy, compareEntropy]
+  );
+  const wipeMemory = useCallback3(async () => {
+    const buffers = buffersRef.current;
+    const totalSize = memoryStats.allocated;
+    if (originalBytesRef.current) {
+      originalBytesRef.current.fill(0);
+      originalBytesRef.current = null;
+    }
+    if (buffers.length === 0) return;
+    let wiped = 0;
+    for (let i = 0; i < buffers.length; i++) {
+      const buffer = buffers[i];
+      const view = new Uint8Array(buffer);
+      view.fill(0);
+      wiped += buffer.byteLength;
+      setMemoryStats((s) => ({
+        ...s,
+        wiped,
+        buffersCleared: i + 1
+      }));
+      await new Promise((r) => setTimeout(r, 50));
+    }
+    buffersRef.current = [];
+    setMemoryStats({
+      allocated: totalSize,
+      wiped: totalSize,
+      buffersCleared: buffers.length,
+      totalBuffers: buffers.length
+    });
+  }, [memoryStats.allocated]);
+  return {
+    isProcessing,
+    progress,
+    detections,
+    memoryStats,
+    entropyComparison,
+    isCalculatingEntropy,
+    contentSections,
+    scanFiles,
+    processFiles,
+    wipeMemory
+  };
+}
+function getReplacementText(detection, config) {
+  switch (config.redactionStyle) {
+    case "blackout":
+      return "\u2588".repeat(Math.min(detection.value.length, 20));
+    case "replacement":
+      return config.replacementText || "[REDACTED]";
+    case "pseudonym":
+      return generatePseudonym(detection.category);
+    case "partial":
+      return getPartialMask(detection.category, detection.value);
+    default:
+      return "[REDACTED]";
+  }
+}
+function generatePseudonym(category) {
+  const pseudonyms = {
+    person_name: ["John Doe", "Jane Smith", "Bob Johnson", "Alice Williams"],
+    email: ["user@example.com", "contact@company.org", "info@domain.net"],
+    phone: ["(555) 000-0000", "555-123-4567", "+1-555-EXAMPLE"],
+    address: ["123 Example St, Anytown, USA 12345"],
+    ssn: ["XXX-XX-XXXX"],
+    credit_card: ["XXXX-XXXX-XXXX-XXXX"],
+    ip_address: ["0.0.0.0", "127.0.0.1"],
+    date_of_birth: ["01/01/1900"],
+    custom: ["[CUSTOM DATA]"]
+  };
+  const options = pseudonyms[category] || ["[REDACTED]"];
+  return options[Math.floor(Math.random() * options.length)];
+}
+
+// src/hooks/useOfflineEnforcement.ts
+import { useState as useState4, useEffect as useEffect3, useCallback as useCallback4, useRef as useRef2 } from "react";
+var EXTENSION_SECONDS = 30;
+var MAX_EXTENSIONS = 2;
+var WARNING_COUNTDOWN_SECONDS = 5;
+var ONLINE_CHECK_INTERVAL = 100;
+function forceCloseTab() {
+  if (typeof window !== "undefined") {
+    window.location.href = "about:blank";
+  }
+}
+function getInitialOnlineState() {
+  if (typeof navigator !== "undefined") {
+    return navigator.onLine;
+  }
+  return true;
+}
+function useOfflineEnforcement() {
+  const {
+    tokensRemaining,
+    isExhausted: quotaExhausted,
+    requestRefresh,
+    isInitialized: quotaInitialized
+  } = useOfflineQuota();
+  const [status, setStatus] = useState4(
+    getInitialOnlineState() ? "online_blocked" : "offline_ready"
+  );
+  const [isOnline, setIsOnline] = useState4(getInitialOnlineState());
+  const [countdownSeconds, setCountdownSeconds] = useState4(null);
+  const [hasDownloaded, setHasDownloaded] = useState4(false);
+  const [extensionsUsed, setExtensionsUsed] = useState4(0);
+  const [startedOnline, setStartedOnline] = useState4(false);
+  const countdownIntervalRef = useRef2(null);
+  const onlineCheckIntervalRef = useRef2(null);
+  const isStartingProcessingRef = useRef2(false);
+  useEffect3(() => {
+    if (quotaInitialized && quotaExhausted && !isOnline && status === "offline_ready") {
+      setStatus("quota_exhausted");
+    }
+  }, [quotaInitialized, quotaExhausted, isOnline, status]);
+  useEffect3(() => {
+    let mounted = true;
+    if (isOnline && quotaExhausted && quotaInitialized && (status === "online_blocked" || status === "quota_exhausted")) {
+      secureLog("Online with exhausted quota, attempting refresh...");
+      requestRefresh().then((result) => {
+        if (!mounted) {
+          secureLog("[CLEANUP] Quota refresh completed after unmount, ignoring");
+          return;
+        }
+        if (result.success) {
+          secureLog(`Quota refreshed: ${result.tokens} tokens`);
+          setStatus((currentStatus) => {
+            if (currentStatus === "online_acknowledged") {
+              secureLog("[RACE PREVENTED] Quota refreshed but user acknowledged risk - preserving online_acknowledged");
+              return currentStatus;
+            }
+            if (currentStatus !== "online_blocked" && currentStatus !== "quota_exhausted") {
+              secureLog(`[RACE PREVENTED] Quota refreshed but state is ${currentStatus} - not updating to online_blocked`);
+              return currentStatus;
+            }
+            return "online_blocked";
+          });
+        } else {
+          secureLog(`Quota refresh failed: ${result.reason}`);
+        }
+      }).catch((error) => {
+        if (!mounted) return;
+        secureError("Quota refresh error:", error);
+      });
+    }
+    return () => {
+      mounted = false;
+    };
+  }, [isOnline, quotaExhausted, quotaInitialized, requestRefresh, status]);
+  const canProcess = status === "online_acknowledged" || // Admin bypass - ignore quota
+  status === "processing" || // Currently processing
+  status === "offline_ready" && !quotaExhausted;
+  const clearCountdownInterval = useCallback4(() => {
+    if (countdownIntervalRef.current) {
+      clearInterval(countdownIntervalRef.current);
+      countdownIntervalRef.current = null;
+    }
+  }, []);
+  const startCountdown = useCallback4((seconds) => {
+    clearCountdownInterval();
+    setCountdownSeconds(seconds);
+    countdownIntervalRef.current = setInterval(() => {
+      setCountdownSeconds((prev) => {
+        if (prev === null || prev <= 1) {
+          clearCountdownInterval();
+          forceCloseTab();
+          return null;
+        }
+        return prev - 1;
+      });
+    }, 1e3);
+  }, [clearCountdownInterval]);
+  const handleOnlineChange = useCallback4((online) => {
+    setIsOnline(online);
+    if (online) {
+      switch (status) {
+        case "offline_ready":
+          setStatus("online_blocked");
+          break;
+        case "processing":
+          if (!startedOnline) {
+            setStatus("reconnected_abort");
+            clearCountdownInterval();
+          }
+          break;
+        case "awaiting_download":
+          if (!startedOnline) {
+            setStatus("reconnected_warning");
+            startCountdown(WARNING_COUNTDOWN_SECONDS);
+          }
+          break;
+        case "complete":
+          setStatus("reconnected_warning");
+          startCountdown(WARNING_COUNTDOWN_SECONDS);
+          break;
+        default:
+          break;
+      }
+    } else {
+      switch (status) {
+        case "online_blocked":
+          setStatus("offline_ready");
+          break;
+        case "reconnected_warning":
+          setStatus("awaiting_download");
+          clearCountdownInterval();
+          setCountdownSeconds(null);
+          break;
+        default:
+          break;
+      }
+    }
+  }, [status, startedOnline, clearCountdownInterval, startCountdown]);
+  useEffect3(() => {
+    const handleOnline = () => handleOnlineChange(true);
+    const handleOffline = () => handleOnlineChange(false);
+    window.addEventListener("online", handleOnline);
+    window.addEventListener("offline", handleOffline);
+    onlineCheckIntervalRef.current = setInterval(() => {
+      const currentOnline = navigator.onLine;
+      if (currentOnline !== isOnline) {
+        handleOnlineChange(currentOnline);
+      }
+    }, ONLINE_CHECK_INTERVAL);
+    return () => {
+      window.removeEventListener("online", handleOnline);
+      window.removeEventListener("offline", handleOffline);
+      if (onlineCheckIntervalRef.current) {
+        clearInterval(onlineCheckIntervalRef.current);
+      }
+    };
+  }, [isOnline, handleOnlineChange]);
+  useEffect3(() => {
+    return () => {
+      clearCountdownInterval();
+      if (onlineCheckIntervalRef.current) {
+        clearInterval(onlineCheckIntervalRef.current);
+      }
+    };
+  }, [clearCountdownInterval]);
+  const actions = {
+    startProcessing: useCallback4(async () => {
+      if (isStartingProcessingRef.current) {
+        secureWarn("startProcessing already in progress, ignoring duplicate call");
+        return;
+      }
+      isStartingProcessingRef.current = true;
+      try {
+        if (status === "offline_ready" && !isOnline) {
+          if ("serviceWorker" in navigator) {
+            try {
+              const registrations = await navigator.serviceWorker.getRegistrations();
+              if (registrations.length > 0) {
+                secureError("Service workers detected - blocking processing for privacy");
+                setStatus("sw_blocked");
+                return;
+              }
+            } catch (e) {
+              secureWarn("Could not check service workers", e);
+            }
+          }
+          setStartedOnline(false);
+          setStatus("processing");
+        } else if (status === "online_acknowledged") {
+          setStartedOnline(true);
+          setStatus("processing");
+        }
+      } finally {
+        isStartingProcessingRef.current = false;
+      }
+    }, [status, isOnline]),
+    completeProcessing: useCallback4(() => {
+      if (status === "processing") {
+        setStatus("awaiting_download");
+      }
+    }, [status]),
+    markDownloaded: useCallback4(() => {
+      setHasDownloaded(true);
+      if (!startedOnline) {
+        setStatus("complete");
+        setTimeout(() => {
+          forceCloseTab();
+        }, 500);
+      }
+    }, [startedOnline]),
+    extendCountdown: useCallback4(() => {
+      if (extensionsUsed >= MAX_EXTENSIONS) {
+        return false;
+      }
+      setExtensionsUsed((prev) => prev + 1);
+      clearCountdownInterval();
+      startCountdown(EXTENSION_SECONDS);
+      return true;
+    }, [extensionsUsed, clearCountdownInterval, startCountdown]),
+    forceClose: useCallback4(() => {
+      forceCloseTab();
+    }, []),
+    reset: useCallback4(() => {
+      clearCountdownInterval();
+      setStatus(navigator.onLine ? "online_blocked" : "offline_ready");
+      setCountdownSeconds(null);
+      setHasDownloaded(false);
+      setExtensionsUsed(0);
+      setStartedOnline(false);
+    }, [clearCountdownInterval]),
+    acknowledgeOnlineRisk: useCallback4(() => {
+      console.log("[ADMIN BYPASS] acknowledgeOnlineRisk called", { status, isOnline });
+      if (isOnline) {
+        console.log("[ADMIN BYPASS] \u2705 Acknowledging online risk, transitioning to online_acknowledged");
+        setStatus("online_acknowledged");
+      } else {
+        console.warn("[ADMIN BYPASS] \u274C Cannot acknowledge - browser reports offline", { status, isOnline });
+      }
+    }, [status, isOnline])
+  };
+  return {
+    state: {
+      status,
+      isOnline,
+      canProcess,
+      countdownSeconds,
+      hasDownloaded,
+      extensionsUsed,
+      maxExtensions: MAX_EXTENSIONS,
+      startedOnline,
+      quotaRemaining: tokensRemaining,
+      quotaExhausted
+    },
+    actions
+  };
+}
+
+// src/hooks/useFileHash.ts
+import { useState as useState5, useCallback as useCallback5 } from "react";
+function arrayBufferToHex(buffer) {
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function calculateSHA256(buffer) {
+  const hashBuffer = await crypto.subtle.digest("SHA-256", buffer);
+  return arrayBufferToHex(hashBuffer);
+}
+function truncateHash(hash) {
+  if (hash.length <= 20) return hash;
+  return `${hash.slice(0, 8)}...${hash.slice(-8)}`;
+}
+function useFileHash() {
+  const [state, setState] = useState5({
+    originalHash: null,
+    processedHash: null,
+    timestamp: null,
+    isHashing: false,
+    error: null
+  });
+  const hashOriginalFile = useCallback5(async (file) => {
+    setState((prev) => ({ ...prev, isHashing: true, error: null }));
+    try {
+      const buffer = await file.arrayBuffer();
+      const hash = await calculateSHA256(buffer);
+      setState((prev) => ({
+        ...prev,
+        originalHash: hash,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        isHashing: false
+      }));
+      return hash;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Failed to hash file";
+      setState((prev) => ({
+        ...prev,
+        isHashing: false,
+        error: errorMessage
+      }));
+      throw error;
+    }
+  }, []);
+  const hashProcessedBlob = useCallback5(async (blob) => {
+    setState((prev) => ({ ...prev, isHashing: true, error: null }));
+    try {
+      const buffer = await blob.arrayBuffer();
+      const hash = await calculateSHA256(buffer);
+      setState((prev) => ({
+        ...prev,
+        processedHash: hash,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        isHashing: false
+      }));
+      return hash;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Failed to hash blob";
+      setState((prev) => ({
+        ...prev,
+        isHashing: false,
+        error: errorMessage
+      }));
+      throw error;
+    }
+  }, []);
+  const reset = useCallback5(() => {
+    setState({
+      originalHash: null,
+      processedHash: null,
+      timestamp: null,
+      isHashing: false,
+      error: null
+    });
+  }, []);
+  const getComparisonResult = useCallback5(() => {
+    const { originalHash, processedHash } = state;
+    if (!originalHash && !processedHash) {
+      return {
+        hasBothHashes: false,
+        hashesMatch: false,
+        message: "No files have been hashed yet"
+      };
+    }
+    if (!originalHash) {
+      return {
+        hasBothHashes: false,
+        hashesMatch: false,
+        message: "Original file hash not calculated"
+      };
+    }
+    if (!processedHash) {
+      return {
+        hasBothHashes: false,
+        hashesMatch: false,
+        message: "Processed file hash not calculated"
+      };
+    }
+    const hashesMatch = originalHash === processedHash;
+    return {
+      hasBothHashes: true,
+      hashesMatch,
+      message: hashesMatch ? "File was not modified during processing" : "File was modified during processing (redactions applied)"
+    };
+  }, [state]);
+  return {
+    state,
+    hashOriginalFile,
+    hashProcessedBlob,
+    reset,
+    getComparisonResult
+  };
+}
+
+// src/hooks/useAdversarialAnalysis.ts
+import { useCallback as useCallback6, useEffect as useEffect4, useRef as useRef3 } from "react";
+function useAdversarialAnalysis(options = {}) {
+  const { autoAnalyze = false, debounceMs = 500 } = options;
+  const result = usePurgeStore((s) => s.adversarialResult);
+  const isAnalyzing = usePurgeStore((s) => s.isAnalyzingAdversarial);
+  const config = usePurgeStore((s) => s.adversarialConfig);
+  const detections = usePurgeStore((s) => s.detections);
+  const selectedDetections = usePurgeStore((s) => s.selectedDetections);
+  const setResult = usePurgeStore((s) => s.setAdversarialResult);
+  const setIsAnalyzing = usePurgeStore((s) => s.setIsAnalyzingAdversarial);
+  const setConfig = usePurgeStore((s) => s.setAdversarialConfig);
+  const storeSuggestion = usePurgeStore((s) => s.applySuggestion);
+  const clearState = usePurgeStore((s) => s.clearAdversarialState);
+  const debounceRef = useRef3(null);
+  const analyze = useCallback6(
+    async (sections, selected) => {
+      if (!config.enabled) {
+        return;
+      }
+      setIsAnalyzing(true);
+      try {
+        adversarialVerifier.setConfig(config);
+        const analysisResult = await adversarialVerifier.analyze(sections, selected);
+        if (result) {
+          analysisResult.previousConfidence = result.analysis.reidentificationConfidence;
+          analysisResult.iteration = result.iteration + 1;
+        }
+        setResult(analysisResult);
+      } catch (error) {
+        console.error("[Adversarial] Analysis failed:", error);
+      } finally {
+        setIsAnalyzing(false);
+      }
+    },
+    [config, result, setIsAnalyzing, setResult]
+  );
+  const applySuggestion = useCallback6(
+    (suggestion) => {
+      storeSuggestion(suggestion);
+    },
+    [storeSuggestion]
+  );
+  const applyAllSuggestions = useCallback6(() => {
+    if (!result) return;
+    for (const suggestion of result.suggestions) {
+      if (!suggestion.accepted) {
+        storeSuggestion(suggestion);
+      }
+    }
+  }, [result, storeSuggestion]);
+  const updateConfig = useCallback6(
+    (newConfig) => {
+      setConfig(newConfig);
+      adversarialVerifier.setConfig(newConfig);
+    },
+    [setConfig]
+  );
+  const clear = useCallback6(() => {
+    clearState();
+  }, [clearState]);
+  const dismiss = useCallback6(() => {
+    clearState();
+  }, [clearState]);
+  useEffect4(() => {
+    if (!autoAnalyze || !config.enabled) {
+      return;
+    }
+    if (debounceRef.current) {
+      clearTimeout(debounceRef.current);
+    }
+    const selected = detections.filter((d) => selectedDetections.has(d.id));
+    if (selected.length === 0) {
+      return;
+    }
+    debounceRef.current = setTimeout(() => {
+      console.log("[Adversarial] Auto-analyze triggered with", selected.length, "detections");
+    }, debounceMs);
+    return () => {
+      if (debounceRef.current) {
+        clearTimeout(debounceRef.current);
+      }
+    };
+  }, [autoAnalyze, config.enabled, debounceMs, detections, selectedDetections]);
+  return {
+    result,
+    isAnalyzing,
+    config,
+    analyze,
+    applySuggestion,
+    applyAllSuggestions,
+    updateConfig,
+    clear,
+    dismiss
+  };
+}
+
+// src/hooks/useSpreadsheetMetadata.ts
+import { useCallback as useCallback7 } from "react";
+import * as XLSX2 from "xlsx";
+function useSpreadsheetMetadata() {
+  const extractMetadata = useCallback7(
+    async (file, includeHeaders = true) => {
+      const arrayBuffer = await file.arrayBuffer();
+      const workbook = XLSX2.read(arrayBuffer, {
+        type: "array",
+        // Only read first row if headers needed, otherwise just structure
+        sheetRows: includeHeaders ? 1 : 0
+      });
+      const sheets = [];
+      let totalCells = 0;
+      let globalMinCol = "Z";
+      let globalMaxCol = "A";
+      for (const sheetName of workbook.SheetNames) {
+        const sheet = workbook.Sheets[sheetName];
+        if (!sheet["!ref"]) {
+          sheets.push({
+            name: sheetName,
+            columns: [],
+            rowCount: 0,
+            columnCount: 0
+          });
+          continue;
+        }
+        const range = XLSX2.utils.decode_range(sheet["!ref"]);
+        const rowCount = range.e.r - range.s.r + 1;
+        const columnCount = range.e.c - range.s.c + 1;
+        const columns = [];
+        for (let col = range.s.c; col <= range.e.c; col++) {
+          const colLetter = XLSX2.utils.encode_col(col);
+          columns.push(colLetter);
+          if (colLetter < globalMinCol) globalMinCol = colLetter;
+          if (colLetter > globalMaxCol) globalMaxCol = colLetter;
+        }
+        let sampleHeaders;
+        if (includeHeaders && range.s.r <= range.e.r) {
+          sampleHeaders = [];
+          for (let col = range.s.c; col <= range.e.c; col++) {
+            const cellAddr = XLSX2.utils.encode_cell({ r: range.s.r, c: col });
+            const cell = sheet[cellAddr];
+            sampleHeaders.push(
+              cell?.v !== void 0 ? String(cell.v) : ""
+            );
+          }
+        }
+        totalCells += rowCount * columnCount;
+        sheets.push({
+          name: sheetName,
+          columns,
+          rowCount,
+          columnCount,
+          sampleHeaders
+        });
+      }
+      return {
+        sheets,
+        totalCells,
+        columnRange: {
+          min: globalMinCol,
+          max: globalMaxCol
+        }
+      };
+    },
+    []
+  );
+  return { extractMetadata };
+}
+
+// src/hooks/useNetworkProof.ts
+import { useState as useState6, useEffect as useEffect5, useCallback as useCallback8, useRef as useRef4 } from "react";
+function generateId2() {
+  return generatePrefixedId("req");
+}
+function useNetworkProof() {
+  const [requests, setRequests] = useState6([]);
+  const [isRecording, setIsRecording] = useState6(false);
+  const observerRef = useRef4(null);
+  const originalFetchRef = useRef4(null);
+  const originalXHROpenRef = useRef4(null);
+  const originalBeaconRef = useRef4(null);
+  const originalWebSocketRef = useRef4(null);
+  const originalWorkerRef = useRef4(null);
+  const originalSharedWorkerRef = useRef4(null);
+  const originalRTCRef = useRef4(null);
+  const startRecording = useCallback8(() => {
+    setRequests([]);
+    setIsRecording(true);
+    try {
+      const observer = new PerformanceObserver((list) => {
+        const entries = list.getEntries();
+        entries.forEach((entry) => {
+          if (entry.name.includes("chrome-extension://")) return;
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: "GET",
+              // PerformanceObserver doesn't provide method
+              url: entry.name,
+              size: entry.transferSize || 0,
+              status: 200,
+              // Approximate
+              timestamp: entry.startTime
+            }
+          ]);
+        });
+      });
+      observer.observe({ entryTypes: ["resource"] });
+      observerRef.current = observer;
+    } catch {
+      console.warn("PerformanceObserver not supported");
+    }
+    if (!originalFetchRef.current) {
+      originalFetchRef.current = window.fetch;
+      window.fetch = async (input, init) => {
+        const url = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+        const method = init?.method || "GET";
+        const startTime = performance.now();
+        try {
+          const response = await originalFetchRef.current(input, init);
+          const clone = response.clone();
+          const body = await clone.blob();
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: method.toUpperCase(),
+              url,
+              size: body.size,
+              status: response.status,
+              timestamp: startTime
+            }
+          ]);
+          return response;
+        } catch (error) {
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: method.toUpperCase(),
+              url,
+              size: 0,
+              status: 0,
+              timestamp: startTime
+            }
+          ]);
+          throw error;
+        }
+      };
+    }
+    if (!originalXHROpenRef.current) {
+      originalXHROpenRef.current = XMLHttpRequest.prototype.open;
+      XMLHttpRequest.prototype.open = function(method, url, async, username, password) {
+        const startTime = performance.now();
+        this.addEventListener("load", () => {
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: method.toUpperCase(),
+              url: url.toString(),
+              size: this.response?.length || 0,
+              status: this.status,
+              timestamp: startTime
+            }
+          ]);
+        });
+        return originalXHROpenRef.current.call(this, method, url, async ?? true, username, password);
+      };
+    }
+    if (!originalBeaconRef.current && typeof navigator.sendBeacon === "function") {
+      originalBeaconRef.current = navigator.sendBeacon.bind(navigator);
+      navigator.sendBeacon = (url, data) => {
+        const size = data ? typeof data === "string" ? data.length : data.size || 0 : 0;
+        setRequests((prev) => [
+          ...prev,
+          {
+            id: generateId2(),
+            method: "BEACON",
+            url,
+            size,
+            status: 0,
+            // Beacon doesn't return status
+            timestamp: performance.now()
+          }
+        ]);
+        return originalBeaconRef.current(url, data);
+      };
+    }
+    if (!originalWebSocketRef.current) {
+      originalWebSocketRef.current = window.WebSocket;
+      const OriginalWS = window.WebSocket;
+      const PatchedWebSocket = class extends OriginalWS {
+        constructor(url, protocols) {
+          super(url, protocols);
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: "WEBSOCKET",
+              url: url.toString(),
+              size: 0,
+              status: 0,
+              timestamp: performance.now()
+            }
+          ]);
+        }
+      };
+      window.WebSocket = PatchedWebSocket;
+    }
+    if (!originalWorkerRef.current && typeof Worker !== "undefined") {
+      originalWorkerRef.current = window.Worker;
+      const OriginalWorker = window.Worker;
+      const PatchedWorker = class extends OriginalWorker {
+        constructor(scriptURL, options) {
+          super(scriptURL, options);
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: "WORKER",
+              url: scriptURL.toString(),
+              size: 0,
+              status: 0,
+              timestamp: performance.now()
+            }
+          ]);
+        }
+      };
+      window.Worker = PatchedWorker;
+    }
+    if (!originalSharedWorkerRef.current && typeof SharedWorker !== "undefined") {
+      originalSharedWorkerRef.current = window.SharedWorker;
+      const OriginalSharedWorker = window.SharedWorker;
+      const PatchedSharedWorker = class extends OriginalSharedWorker {
+        constructor(scriptURL, options) {
+          super(scriptURL, options);
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: "SHAREDWORKER",
+              url: scriptURL.toString(),
+              size: 0,
+              status: 0,
+              timestamp: performance.now()
+            }
+          ]);
+        }
+      };
+      window.SharedWorker = PatchedSharedWorker;
+    }
+    if (!originalRTCRef.current && typeof RTCPeerConnection !== "undefined") {
+      originalRTCRef.current = window.RTCPeerConnection;
+      const OriginalRTC = window.RTCPeerConnection;
+      const PatchedRTC = class extends OriginalRTC {
+        constructor(config) {
+          super(config);
+          const iceServers = config?.iceServers?.map(
+            (s) => Array.isArray(s.urls) ? s.urls.join(", ") : s.urls
+          ).join("; ") || "default";
+          setRequests((prev) => [
+            ...prev,
+            {
+              id: generateId2(),
+              method: "WEBRTC",
+              url: `ICE: ${iceServers}`,
+              size: 0,
+              status: 0,
+              timestamp: performance.now()
+            }
+          ]);
+        }
+      };
+      window.RTCPeerConnection = PatchedRTC;
+    }
+  }, []);
+  const stopRecording = useCallback8(() => {
+    setIsRecording(false);
+    if (observerRef.current) {
+      observerRef.current.disconnect();
+      observerRef.current = null;
+    }
+    if (originalFetchRef.current) {
+      window.fetch = originalFetchRef.current;
+      originalFetchRef.current = null;
+    }
+    if (originalXHROpenRef.current) {
+      XMLHttpRequest.prototype.open = originalXHROpenRef.current;
+      originalXHROpenRef.current = null;
+    }
+    if (originalBeaconRef.current) {
+      navigator.sendBeacon = originalBeaconRef.current;
+      originalBeaconRef.current = null;
+    }
+    if (originalWebSocketRef.current) {
+      window.WebSocket = originalWebSocketRef.current;
+      originalWebSocketRef.current = null;
+    }
+    if (originalWorkerRef.current) {
+      window.Worker = originalWorkerRef.current;
+      originalWorkerRef.current = null;
+    }
+    if (originalSharedWorkerRef.current) {
+      window.SharedWorker = originalSharedWorkerRef.current;
+      originalSharedWorkerRef.current = null;
+    }
+    if (originalRTCRef.current) {
+      window.RTCPeerConnection = originalRTCRef.current;
+      originalRTCRef.current = null;
+    }
+  }, []);
+  const clearRequests = useCallback8(() => {
+    setRequests([]);
+  }, []);
+  useEffect5(() => {
+    return () => {
+      stopRecording();
+    };
+  }, [stopRecording]);
+  const totalBytes = requests.reduce((sum, r) => sum + r.size, 0);
+  const requestCount = requests.length;
+  return {
+    requests,
+    isRecording,
+    startRecording,
+    stopRecording,
+    clearRequests,
+    totalBytes,
+    requestCount
+  };
+}
+
+// src/hooks/useEnhancedNetworkProof.ts
+import { useState as useState7, useEffect as useEffect6, useCallback as useCallback9, useRef as useRef5 } from "react";
+function generateId3() {
+  return generateSecureId();
+}
+function useEnhancedNetworkProof() {
+  const [state, setState] = useState7({
+    webSocketConnections: [],
+    webRTCConnections: [],
+    serviceWorkers: [],
+    beaconRequests: [],
+    hasConcerningActivity: false,
+    summary: "Not monitoring"
+  });
+  const [isMonitoring, setIsMonitoring] = useState7(false);
+  const originalWebSocket = useRef5(null);
+  const originalRTCPeerConnection = useRef5(null);
+  const originalSendBeacon = useRef5(null);
+  const updateSummary = useCallback9((currentState) => {
+    const issues = [];
+    if (currentState.webSocketConnections.length > 0) {
+      issues.push(`${currentState.webSocketConnections.length} WebSocket connection(s)`);
+    }
+    if (currentState.webRTCConnections.length > 0) {
+      issues.push(`${currentState.webRTCConnections.length} WebRTC connection(s)`);
+    }
+    if (currentState.serviceWorkers.length > 0) {
+      issues.push(`${currentState.serviceWorkers.length} Service Worker(s) registered`);
+    }
+    if (currentState.beaconRequests.length > 0) {
+      issues.push(`${currentState.beaconRequests.length} Beacon request(s)`);
+    }
+    if (issues.length === 0) {
+      return "No WebSocket, WebRTC, Service Workers, or Beacons detected";
+    }
+    return `Detected: ${issues.join(", ")}`;
+  }, []);
+  const startMonitoring = useCallback9(() => {
+    setIsMonitoring(true);
+    if (!originalWebSocket.current && typeof WebSocket !== "undefined") {
+      originalWebSocket.current = WebSocket;
+      const OriginalWebSocket = WebSocket;
+      window.WebSocket = function(url, protocols) {
+        const ws = new OriginalWebSocket(url, protocols);
+        setState((prev) => {
+          const newConnections = [
+            ...prev.webSocketConnections,
+            {
+              id: generateId3(),
+              url,
+              timestamp: Date.now(),
+              state: "connecting"
+            }
+          ];
+          return {
+            ...prev,
+            webSocketConnections: newConnections,
+            hasConcerningActivity: true,
+            summary: updateSummary({ ...prev, webSocketConnections: newConnections })
+          };
+        });
+        return ws;
+      };
+      Object.assign(window.WebSocket, OriginalWebSocket);
+    }
+    if (!originalRTCPeerConnection.current && typeof RTCPeerConnection !== "undefined") {
+      originalRTCPeerConnection.current = RTCPeerConnection;
+      const OriginalRTCPeerConnection = RTCPeerConnection;
+      window.RTCPeerConnection = function(config) {
+        const pc = new OriginalRTCPeerConnection(config);
+        setState((prev) => {
+          const newConnections = [
+            ...prev.webRTCConnections,
+            {
+              id: generateId3(),
+              timestamp: Date.now(),
+              type: "offer"
+            }
+          ];
+          return {
+            ...prev,
+            webRTCConnections: newConnections,
+            hasConcerningActivity: true,
+            summary: updateSummary({ ...prev, webRTCConnections: newConnections })
+          };
+        });
+        return pc;
+      };
+      window.RTCPeerConnection.prototype = OriginalRTCPeerConnection.prototype;
+      Object.assign(window.RTCPeerConnection, OriginalRTCPeerConnection);
+    }
+    if (!originalSendBeacon.current && typeof navigator.sendBeacon !== "undefined") {
+      originalSendBeacon.current = navigator.sendBeacon.bind(navigator);
+      navigator.sendBeacon = (url, data) => {
+        setState((prev) => {
+          const newBeacons = [
+            ...prev.beaconRequests,
+            {
+              id: generateId3(),
+              url,
+              timestamp: Date.now()
+            }
+          ];
+          return {
+            ...prev,
+            beaconRequests: newBeacons,
+            hasConcerningActivity: true,
+            summary: updateSummary({ ...prev, beaconRequests: newBeacons })
+          };
+        });
+        return originalSendBeacon.current(url, data);
+      };
+    }
+    setState((prev) => ({
+      ...prev,
+      summary: "Monitoring WebSocket, WebRTC, Beacons..."
+    }));
+  }, [updateSummary]);
+  const stopMonitoring = useCallback9(() => {
+    setIsMonitoring(false);
+    if (originalWebSocket.current) {
+      window.WebSocket = originalWebSocket.current;
+      originalWebSocket.current = null;
+    }
+    if (originalRTCPeerConnection.current) {
+      window.RTCPeerConnection = originalRTCPeerConnection.current;
+      originalRTCPeerConnection.current = null;
+    }
+    if (originalSendBeacon.current) {
+      navigator.sendBeacon = originalSendBeacon.current;
+      originalSendBeacon.current = null;
+    }
+    setState((prev) => ({
+      ...prev,
+      summary: updateSummary(prev)
+    }));
+  }, [updateSummary]);
+  const checkServiceWorkers = useCallback9(async () => {
+    if (!("serviceWorker" in navigator)) {
+      return;
+    }
+    try {
+      const registrations = await navigator.serviceWorker.getRegistrations();
+      const swInfo = registrations.map((reg) => ({
+        scriptURL: reg.active?.scriptURL || reg.installing?.scriptURL || reg.waiting?.scriptURL || "unknown",
+        state: reg.active?.state || reg.installing?.state || reg.waiting?.state || "unknown",
+        timestamp: Date.now()
+      }));
+      setState((prev) => {
+        const hasSW = swInfo.length > 0;
+        return {
+          ...prev,
+          serviceWorkers: swInfo,
+          hasConcerningActivity: prev.hasConcerningActivity || hasSW,
+          summary: updateSummary({ ...prev, serviceWorkers: swInfo })
+        };
+      });
+    } catch (error) {
+      console.warn("Could not check service workers:", error);
+    }
+  }, [updateSummary]);
+  const reset = useCallback9(() => {
+    stopMonitoring();
+    setState({
+      webSocketConnections: [],
+      webRTCConnections: [],
+      serviceWorkers: [],
+      beaconRequests: [],
+      hasConcerningActivity: false,
+      summary: "Not monitoring"
+    });
+  }, [stopMonitoring]);
+  useEffect6(() => {
+    return () => {
+      stopMonitoring();
+    };
+  }, [stopMonitoring]);
+  return {
+    state,
+    startMonitoring,
+    stopMonitoring,
+    checkServiceWorkers,
+    reset,
+    isMonitoring
+  };
+}
+
+// src/hooks/useStorageProof.ts
+import { useState as useState8, useCallback as useCallback10, useRef as useRef6 } from "react";
+var WATERMARK_KEY = "purge_watermark_test";
+function countLocalStorage() {
+  try {
+    return localStorage.length;
+  } catch {
+    return 0;
+  }
+}
+function countSessionStorage() {
+  try {
+    return sessionStorage.length;
+  } catch {
+    return 0;
+  }
+}
+async function countIndexedDB() {
+  try {
+    if ("indexedDB" in window && "databases" in indexedDB) {
+      const databases = await indexedDB.databases();
+      return databases.length;
+    }
+  } catch {
+  }
+  return 0;
+}
+function countCookies() {
+  try {
+    const cookies = document.cookie;
+    if (!cookies) return 0;
+    return cookies.split(";").filter((c) => c.trim()).length;
+  } catch {
+    return 0;
+  }
+}
+async function countCacheAPI() {
+  if (!("caches" in window)) return 0;
+  try {
+    const cacheNames = await caches.keys();
+    return cacheNames.length;
+  } catch {
+    return 0;
+  }
+}
+async function takeSnapshot() {
+  const [indexedDBCount, cacheAPICount] = await Promise.all([
+    countIndexedDB(),
+    countCacheAPI()
+  ]);
+  return {
+    localStorage: countLocalStorage(),
+    sessionStorage: countSessionStorage(),
+    indexedDB: indexedDBCount,
+    cookies: countCookies(),
+    cacheAPI: cacheAPICount,
+    watermarkPlanted: false,
+    watermarkVerified: false
+  };
+}
+function useStorageProof() {
+  const [beforeSnapshot, setBeforeSnapshot] = useState8(null);
+  const [afterSnapshot, setAfterSnapshot] = useState8(null);
+  const [watermarkStatus, setWatermarkStatus] = useState8("not_planted");
+  const watermarkValueRef = useRef6("");
+  const takeBeforeSnapshot = useCallback10(async () => {
+    const snapshot = await takeSnapshot();
+    setBeforeSnapshot(snapshot);
+    setAfterSnapshot(null);
+    setWatermarkStatus("not_planted");
+  }, []);
+  const takeAfterSnapshot = useCallback10(async () => {
+    const snapshot = await takeSnapshot();
+    setAfterSnapshot(snapshot);
+  }, []);
+  const plantWatermark = useCallback10(() => {
+    const value = `purge_test_${generateSecureId()}`;
+    watermarkValueRef.current = value;
+    try {
+      sessionStorage.setItem(WATERMARK_KEY, value);
+      setWatermarkStatus("planted");
+      setBeforeSnapshot(
+        (prev) => prev ? {
+          ...prev,
+          sessionStorage: prev.sessionStorage + 1,
+          watermarkPlanted: true
+        } : null
+      );
+    } catch {
+      setWatermarkStatus("failed");
+    }
+  }, []);
+  const verifyWatermark = useCallback10(() => {
+    try {
+      const storedValue = sessionStorage.getItem(WATERMARK_KEY);
+      if (storedValue === watermarkValueRef.current) {
+        sessionStorage.removeItem(WATERMARK_KEY);
+        setWatermarkStatus("verified");
+        setAfterSnapshot(
+          (prev) => prev ? {
+            ...prev,
+            watermarkVerified: true
+          } : null
+        );
+        return true;
+      } else {
+        setWatermarkStatus("failed");
+        return false;
+      }
+    } catch {
+      setWatermarkStatus("failed");
+      return false;
+    }
+  }, []);
+  const isDifferent = (() => {
+    if (!beforeSnapshot || !afterSnapshot) return false;
+    const expectedLocalStorage = beforeSnapshot.localStorage;
+    const expectedSessionStorage = beforeSnapshot.watermarkPlanted ? beforeSnapshot.sessionStorage - 1 : beforeSnapshot.sessionStorage;
+    const expectedIndexedDB = beforeSnapshot.indexedDB;
+    const expectedCookies = beforeSnapshot.cookies;
+    const expectedCacheAPI = beforeSnapshot.cacheAPI;
+    return afterSnapshot.localStorage !== expectedLocalStorage || afterSnapshot.sessionStorage !== expectedSessionStorage || afterSnapshot.indexedDB !== expectedIndexedDB || afterSnapshot.cookies !== expectedCookies || afterSnapshot.cacheAPI !== expectedCacheAPI;
+  })();
+  return {
+    beforeSnapshot,
+    afterSnapshot,
+    isDifferent,
+    watermarkStatus,
+    takeBeforeSnapshot,
+    takeAfterSnapshot,
+    plantWatermark,
+    verifyWatermark
+  };
+}
+
+// src/hooks/useAirplaneMode.ts
+import { useState as useState9, useEffect as useEffect7, useCallback as useCallback11, useRef as useRef7 } from "react";
+function detectPlatform() {
+  const ua = navigator.userAgent.toLowerCase();
+  const platform = navigator.platform?.toLowerCase() || "";
+  if (/iphone|ipad|android/i.test(ua)) return "mobile";
+  if (platform.includes("mac") || ua.includes("mac")) return "mac";
+  if (platform.includes("win") || ua.includes("win")) return "windows";
+  if (platform.includes("linux") || ua.includes("linux")) return "linux";
+  return "unknown";
+}
+function getOfflineInstructionsForPlatform(platform) {
+  switch (platform) {
+    case "mac":
+      return "Click the WiFi icon in your menu bar \u2192 Turn Wi-Fi Off, or press Option+click WiFi \u2192 Disconnect";
+    case "windows":
+      return "Click the WiFi icon in your taskbar \u2192 Click the connection \u2192 Disconnect, or enable Airplane Mode";
+    case "linux":
+      return "Click the network icon \u2192 Disable Wi-Fi, or run: nmcli radio wifi off";
+    case "mobile":
+      return "Swipe down for Control Center/Quick Settings \u2192 Enable Airplane Mode";
+    default:
+      return "Disable your WiFi or enable Airplane Mode in your system settings";
+  }
+}
+function useAirplaneMode() {
+  const [state, setState] = useState9({
+    isOnline: typeof navigator !== "undefined" ? navigator.onLine : true,
+    processingStartedOffline: false,
+    stayedOfflineDuringProcessing: false,
+    challengeAccepted: false,
+    isProcessing: false,
+    connectionLog: [],
+    proofInvalidated: false
+  });
+  const platform = useRef7(detectPlatform());
+  const logEvent = useCallback11((status, event) => {
+    setState((prev) => ({
+      ...prev,
+      connectionLog: [
+        ...prev.connectionLog,
+        {
+          timestamp: Date.now(),
+          status,
+          event
+        }
+      ]
+    }));
+  }, []);
+  const prevOnlineRef = useRef7(null);
+  useEffect7(() => {
+    const initialOnline = navigator.onLine;
+    prevOnlineRef.current = initialOnline;
+    logEvent(initialOnline ? "online" : "offline", "initial");
+    const handleOnline = () => {
+      if (prevOnlineRef.current === true) return;
+      prevOnlineRef.current = true;
+      setState((prev) => {
+        const newState = { ...prev, isOnline: true };
+        if (prev.isProcessing && prev.processingStartedOffline) {
+          newState.proofInvalidated = true;
+          newState.stayedOfflineDuringProcessing = false;
+        }
+        return newState;
+      });
+      logEvent("online", "change");
+    };
+    const handleOffline = () => {
+      if (prevOnlineRef.current === false) return;
+      prevOnlineRef.current = false;
+      setState((prev) => ({ ...prev, isOnline: false }));
+      logEvent("offline", "change");
+    };
+    window.addEventListener("online", handleOnline);
+    window.addEventListener("offline", handleOffline);
+    const pollInterval = setInterval(() => {
+      const currentOnline = navigator.onLine;
+      if (currentOnline !== prevOnlineRef.current) {
+        if (currentOnline) {
+          handleOnline();
+        } else {
+          handleOffline();
+        }
+      }
+    }, 2e3);
+    return () => {
+      window.removeEventListener("online", handleOnline);
+      window.removeEventListener("offline", handleOffline);
+      clearInterval(pollInterval);
+    };
+  }, [logEvent]);
+  const acceptChallenge = useCallback11(() => {
+    setState((prev) => ({ ...prev, challengeAccepted: true }));
+  }, []);
+  const startProcessing = useCallback11(() => {
+    const isCurrentlyOffline = !navigator.onLine;
+    setState((prev) => ({
+      ...prev,
+      isProcessing: true,
+      processingStartedOffline: isCurrentlyOffline,
+      stayedOfflineDuringProcessing: isCurrentlyOffline,
+      proofInvalidated: false
+    }));
+    logEvent(isCurrentlyOffline ? "offline" : "online", "processing_start");
+  }, [logEvent]);
+  const endProcessing = useCallback11(() => {
+    const isCurrentlyOffline = !navigator.onLine;
+    setState((prev) => ({
+      ...prev,
+      isProcessing: false,
+      // Only valid if started offline AND still offline
+      stayedOfflineDuringProcessing: prev.processingStartedOffline && isCurrentlyOffline && !prev.proofInvalidated
+    }));
+    logEvent(isCurrentlyOffline ? "offline" : "online", "processing_end");
+  }, [logEvent]);
+  const reset = useCallback11(() => {
+    setState({
+      isOnline: navigator.onLine,
+      processingStartedOffline: false,
+      stayedOfflineDuringProcessing: false,
+      challengeAccepted: false,
+      isProcessing: false,
+      connectionLog: [],
+      proofInvalidated: false
+    });
+  }, []);
+  const getStatusMessage = useCallback11(() => {
+    if (state.proofInvalidated) {
+      return "Connection was restored during processing - offline proof invalidated";
+    }
+    if (state.stayedOfflineDuringProcessing) {
+      return "Processed with NO INTERNET CONNECTION - strong privacy assurance";
+    }
+    if (state.processingStartedOffline && state.isProcessing) {
+      return "Processing offline - stay disconnected for valid proof";
+    }
+    if (!state.isOnline) {
+      return "You're offline - drop your file now for maximum privacy";
+    }
+    if (state.challengeAccepted) {
+      return "Go offline to prove files stay local";
+    }
+    return "Currently online - consider going offline for proof";
+  }, [state]);
+  const getOfflineInstructions = useCallback11(() => {
+    return getOfflineInstructionsForPlatform(platform.current);
+  }, []);
+  return {
+    state,
+    acceptChallenge,
+    startProcessing,
+    endProcessing,
+    reset,
+    getStatusMessage,
+    getOfflineInstructions
+  };
+}
+
+// src/hooks/useFirstTimeUser.ts
+import { useState as useState10, useEffect as useEffect8, useCallback as useCallback12 } from "react";
+var STORAGE_KEY = "purge_onboarding_completed";
+function useFirstTimeUser() {
+  const [isFirstTime, setIsFirstTime] = useState10(false);
+  const [isLoading, setIsLoading] = useState10(true);
+  useEffect8(() => {
+    try {
+      const hasCompleted = localStorage.getItem(STORAGE_KEY);
+      setIsFirstTime(hasCompleted !== "true");
+    } catch {
+      setIsFirstTime(false);
+    }
+    setIsLoading(false);
+  }, []);
+  const markOnboardingComplete = useCallback12(() => {
+    try {
+      localStorage.setItem(STORAGE_KEY, "true");
+    } catch {
+    }
+    setIsFirstTime(false);
+  }, []);
+  const resetOnboarding = useCallback12(() => {
+    try {
+      localStorage.removeItem(STORAGE_KEY);
+    } catch {
+    }
+    setIsFirstTime(true);
+  }, []);
+  return {
+    isFirstTime,
+    isLoading,
+    markOnboardingComplete,
+    resetOnboarding
+  };
+}
+
+// src/utils/maskPII.ts
+function maskPII(category, value) {
+  switch (category) {
+    case "email": {
+      const atIndex = value.indexOf("@");
+      if (atIndex === -1) return maskGeneric(value);
+      const local = value.slice(0, atIndex);
+      const domain = value.slice(atIndex + 1);
+      const maskedLocal = local.slice(0, 2) + "**";
+      const dotIndex = domain.lastIndexOf(".");
+      if (dotIndex === -1) return `${maskedLocal}@**`;
+      const ext = domain.slice(dotIndex);
+      const domainName = domain.slice(0, dotIndex);
+      const maskedDomain = "**" + domainName.slice(-2) + ext;
+      return `${maskedLocal}@${maskedDomain}`;
+    }
+    case "phone": {
+      const digits = value.replace(/\D/g, "");
+      if (digits.length < 4) return maskGeneric(value);
+      const lastFour = digits.slice(-4);
+      return `***-***-${lastFour.slice(0, 2)}${lastFour.slice(2)}`;
+    }
+    case "ssn": {
+      const digits = value.replace(/\D/g, "");
+      if (digits.length < 4) return maskGeneric(value);
+      return `***-**-**${digits.slice(-2)}`;
+    }
+    case "credit_card": {
+      const digits = value.replace(/\D/g, "");
+      if (digits.length < 4) return maskGeneric(value);
+      return `****-****-****-${digits.slice(-4)}`;
+    }
+    case "person_name": {
+      return value.split(/\s+/).map((part) => part.length > 0 ? part[0] + "***" : "").join(" ");
+    }
+    case "address": {
+      const words = value.split(/\s+/);
+      if (words.length < 2) return maskGeneric(value);
+      return words.map((w, i) => {
+        if (/^\d+$/.test(w)) return "***";
+        if (i === 0) return "***";
+        if (w.length > 4) return w.slice(0, 4) + "***";
+        return w;
+      }).join(" ");
+    }
+    case "date_of_birth": {
+      if (value.includes("/")) {
+        const parts = value.split("/");
+        if (parts.length === 3) {
+          return `**/${parts[1]}/**${parts[2].slice(-2)}`;
+        }
+      }
+      if (value.includes("-")) {
+        const parts = value.split("-");
+        if (parts.length === 3) {
+          return `****-${parts[1]}-**`;
+        }
+      }
+      return maskGeneric(value);
+    }
+    case "ip_address": {
+      const parts = value.split(".");
+      if (parts.length === 4) {
+        return `${parts[0]}.${parts[1]}.***.***`;
+      }
+      return maskGeneric(value);
+    }
+    case "custom":
+    default:
+      return maskGeneric(value);
+  }
+}
+function maskGeneric(value) {
+  const len = value.length;
+  if (len <= 4) return "****";
+  return value.slice(0, 2) + "***" + value.slice(-2);
+}
+function getCategoryLabel(category) {
+  const labels = {
+    person_name: "NAME",
+    email: "EMAIL",
+    phone: "PHONE",
+    address: "ADDRESS",
+    ssn: "SSN",
+    credit_card: "CARD",
+    ip_address: "IP",
+    date_of_birth: "DOB",
+    custom: "CUSTOM"
+  };
+  return labels[category] || "UNKNOWN";
+}
+function getCategoryIcon(category) {
+  const icons = {
+    person_name: "[N]",
+    email: "[@]",
+    phone: "[#]",
+    address: "[A]",
+    ssn: "[S]",
+    credit_card: "[$]",
+    ip_address: "[I]",
+    date_of_birth: "[D]",
+    custom: "[*]"
+  };
+  return icons[category] || "[?]";
+}
+
+// src/utils/fileMagic.ts
+var MAGIC_SIGNATURES = {
+  // Office Open XML formats (DOCX, XLSX, PPTX) are ZIP archives
+  // They all start with PK (0x50 0x4B 0x03 0x04)
+  docx: [[80, 75, 3, 4]],
+  xlsx: [[80, 75, 3, 4]],
+  pptx: [[80, 75, 3, 4]],
+  // PDF starts with %PDF-
+  pdf: [[37, 80, 68, 70, 45]]
+  // %PDF-
+};
+var EXPECTED_MIMES = {
+  docx: [
+    "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+    "application/octet-stream"
+    // Some browsers report this
+  ],
+  xlsx: [
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+    "application/vnd.ms-excel",
+    "application/octet-stream"
+  ],
+  pptx: [
+    "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+    "application/octet-stream"
+  ],
+  pdf: [
+    "application/pdf",
+    "application/octet-stream"
+  ]
+};
+function matchesMagicBytes(bytes, signatures) {
+  for (const signature of signatures) {
+    if (bytes.length < signature.length) continue;
+    let matches = true;
+    for (let i = 0; i < signature.length; i++) {
+      if (bytes[i] !== signature[i]) {
+        matches = false;
+        break;
+      }
+    }
+    if (matches) return true;
+  }
+  return false;
+}
+function getExtension(filename) {
+  const lastDot = filename.lastIndexOf(".");
+  if (lastDot === -1) return "";
+  return filename.slice(lastDot).toLowerCase();
+}
+var EXTENSION_MAP = {
+  ".docx": "docx",
+  ".xlsx": "xlsx",
+  ".pptx": "pptx",
+  ".pdf": "pdf"
+};
+async function validateFileType(file) {
+  const warnings = [];
+  const ext = getExtension(file.name);
+  const typeByExt = EXTENSION_MAP[ext];
+  if (!typeByExt) {
+    return {
+      valid: false,
+      fileType: null,
+      error: `Unsupported file extension: ${ext}`,
+      warnings
+    };
+  }
+  const expectedMimes = EXPECTED_MIMES[typeByExt];
+  if (!expectedMimes.includes(file.type) && file.type !== "") {
+    warnings.push(`Unexpected MIME type: ${file.type} (expected ${expectedMimes[0]})`);
+  }
+  try {
+    const headerSize = Math.max(...MAGIC_SIGNATURES[typeByExt].map((s) => s.length));
+    const header = await file.slice(0, headerSize).arrayBuffer();
+    const bytes = new Uint8Array(header);
+    const expectedSignatures = MAGIC_SIGNATURES[typeByExt];
+    if (!matchesMagicBytes(bytes, expectedSignatures)) {
+      const officeTypes = ["docx", "xlsx", "pptx"];
+      if (officeTypes.includes(typeByExt)) {
+        const isZip = matchesMagicBytes(bytes, [[80, 75, 3, 4]]);
+        if (!isZip) {
+          return {
+            valid: false,
+            fileType: null,
+            error: `File header does not match ${ext.toUpperCase()} format. File may be corrupted or misnamed.`,
+            warnings
+          };
+        }
+        warnings.push("File is a valid ZIP archive but specific Office format cannot be verified without parsing");
+      } else {
+        return {
+          valid: false,
+          fileType: null,
+          error: `File header does not match ${ext.toUpperCase()} format. File may be corrupted or misnamed.`,
+          warnings
+        };
+      }
+    }
+  } catch (error) {
+    warnings.push("Could not verify file header (file may be too small or corrupted)");
+  }
+  return {
+    valid: true,
+    fileType: typeByExt,
+    warnings
+  };
+}
+function hasValidExtension(filename) {
+  const ext = getExtension(filename);
+  return ext in EXTENSION_MAP;
+}
+function getFileTypeFromExtension(filename) {
+  const ext = getExtension(filename);
+  return EXTENSION_MAP[ext] || null;
+}
+
+// src/utils/download.ts
+function downloadFile(file) {
+  const url = URL.createObjectURL(file.blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = file.purgedName;
+  document.body.appendChild(a);
+  a.click();
+  document.body.removeChild(a);
+  URL.revokeObjectURL(url);
+}
+async function downloadFilesAsZip(files, zipName = "purged_files.zip") {
+  if (files.length === 0) return;
+  if (files.length === 1) {
+    downloadFile(files[0]);
+    return;
+  }
+  try {
+    const { zipSync, strToU8 } = await import("fflate");
+    const zipContents = {};
+    for (const file of files) {
+      const arrayBuffer = await file.blob.arrayBuffer();
+      zipContents[file.purgedName] = new Uint8Array(arrayBuffer);
+    }
+    const manifest = {
+      generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      files: files.map((f) => ({
+        originalName: f.originalName,
+        purgedName: f.purgedName,
+        originalSize: f.originalSize,
+        purgedSize: f.purgedSize,
+        detectionsRemoved: f.detectionsRemoved
+      })),
+      notice: "Files processed locally with PURGE. No data was transmitted to any server."
+    };
+    zipContents["_purge_manifest.json"] = strToU8(
+      JSON.stringify(manifest, null, 2)
+    );
+    const zipped = zipSync(zipContents, {
+      level: 6
+      // Balanced compression
+    });
+    const blob = new Blob([new Uint8Array(zipped)], { type: "application/zip" });
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement("a");
+    a.href = url;
+    a.download = zipName;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+  } catch (error) {
+    secureWarn("ZIP creation failed, falling back to individual downloads", error);
+    await downloadFilesSequentially(files);
+  }
+}
+async function downloadFilesSequentially(files, delayMs = 500) {
+  for (const file of files) {
+    downloadFile(file);
+    await new Promise((resolve) => setTimeout(resolve, delayMs));
+  }
+}
+
+// src/utils/hilbertCurve.ts
+function hilbertD2XY(n, d) {
+  if (n <= 0 || (n & n - 1) !== 0) {
+    throw new Error("Grid size n must be a positive power of 2");
+  }
+  if (d < 0 || d >= n * n) {
+    throw new Error(`Index d must be between 0 and ${n * n - 1}`);
+  }
+  let x = 0;
+  let y = 0;
+  let s = 1;
+  let rx;
+  let ry;
+  let t = d;
+  while (s < n) {
+    rx = 1 & t >> 1;
+    ry = 1 & (t ^ rx);
+    if (ry === 0) {
+      if (rx === 1) {
+        x = s - 1 - x;
+        y = s - 1 - y;
+      }
+      [x, y] = [y, x];
+    }
+    x += s * rx;
+    y += s * ry;
+    t = Math.floor(t / 4);
+    s *= 2;
+  }
+  return { x, y };
+}
+function hilbertXY2D(n, x, y) {
+  if (n <= 0 || (n & n - 1) !== 0) {
+    throw new Error("Grid size n must be a positive power of 2");
+  }
+  if (x < 0 || x >= n || y < 0 || y >= n) {
+    throw new Error(`Coordinates must be between 0 and ${n - 1}`);
+  }
+  let d = 0;
+  let s = n >> 1;
+  let rx;
+  let ry;
+  let tempX = x;
+  let tempY = y;
+  while (s > 0) {
+    rx = (tempX & s) > 0 ? 1 : 0;
+    ry = (tempY & s) > 0 ? 1 : 0;
+    d += s * s * (3 * rx ^ ry);
+    if (ry === 0) {
+      if (rx === 1) {
+        tempX = s - 1 - tempX;
+        tempY = s - 1 - tempY;
+      }
+      [tempX, tempY] = [tempY, tempX];
+    }
+    s >>= 1;
+  }
+  return d;
+}
+function getOptimalGridSize(blockCount) {
+  if (blockCount <= 0) return 1;
+  let n = 1;
+  while (n * n < blockCount) {
+    n *= 2;
+  }
+  return n;
+}
+
+// src/constants/categories.ts
+var categories = [
+  {
+    id: "person_name",
+    name: "Names",
+    description: "Personal names, first/last names",
+    icon: "N",
+    examples: ["John Smith", "Jane Doe", "Dr. Robert Johnson"],
+    defaultEnabled: true
+  },
+  {
+    id: "email",
+    name: "Email",
+    description: "Email addresses",
+    icon: "@",
+    examples: ["john@example.com", "jane.doe@company.org"],
+    defaultEnabled: true
+  },
+  {
+    id: "phone",
+    name: "Phone",
+    description: "Phone numbers in various formats",
+    icon: "#",
+    examples: ["(555) 123-4567", "+1-555-123-4567", "555.123.4567"],
+    defaultEnabled: true
+  },
+  {
+    id: "address",
+    name: "Address",
+    description: "Physical addresses, street addresses",
+    icon: "A",
+    examples: ["123 Main St, Anytown, USA 12345"],
+    defaultEnabled: true
+  },
+  {
+    id: "ssn",
+    name: "SSN",
+    description: "Social Security Numbers",
+    icon: "S",
+    examples: ["123-45-6789", "123456789"],
+    defaultEnabled: true
+  },
+  {
+    id: "credit_card",
+    name: "Credit Card",
+    description: "Credit/debit card numbers",
+    icon: "$",
+    examples: ["4111-1111-1111-1111", "4111111111111111"],
+    defaultEnabled: true
+  },
+  {
+    id: "ip_address",
+    name: "IP Address",
+    description: "IPv4 and IPv6 addresses",
+    icon: "IP",
+    examples: ["192.168.1.1", "10.0.0.1"],
+    defaultEnabled: false
+  },
+  {
+    id: "date_of_birth",
+    name: "Date of Birth",
+    description: "Birth dates in various formats",
+    icon: "D",
+    examples: ["01/15/1990", "January 15, 1990", "1990-01-15"],
+    defaultEnabled: true
+  }
+];
+var categoryMap = new Map(categories.map((c) => [c.id, c]));
+function getCategoryName(id) {
+  return categoryMap.get(id)?.name ?? id;
+}
+function getCategoryIcon2(id) {
+  return categoryMap.get(id)?.icon ?? "?";
+}
+
+// src/constants/platformInstructions.ts
+function detectPlatform2() {
+  if (typeof navigator === "undefined") return "unknown";
+  const ua = navigator.userAgent.toLowerCase();
+  if (/iphone|ipad|ipod/.test(ua)) return "ios";
+  if (/android/.test(ua)) return "android";
+  if (/macintosh|mac os x/.test(ua)) return "mac";
+  if (/windows/.test(ua)) return "windows";
+  return "unknown";
+}
+var PLATFORM_INSTRUCTIONS = {
+  mac: {
+    icon: "",
+    steps: [
+      "Click the WiFi icon in the menu bar",
+      'Select "Turn Wi-Fi Off"',
+      "Or press Option + click WiFi icon for quick toggle"
+    ]
+  },
+  windows: {
+    icon: "",
+    steps: [
+      "Click the network icon in the taskbar",
+      'Toggle "Wi-Fi" to Off',
+      'Or enable "Airplane mode"'
+    ]
+  },
+  ios: {
+    icon: "",
+    steps: [
+      "Swipe down from top-right for Control Center",
+      "Tap the airplane icon",
+      "Or go to Settings > Airplane Mode"
+    ]
+  },
+  android: {
+    icon: "",
+    steps: [
+      "Swipe down from the top of the screen",
+      'Tap "Airplane mode" in Quick Settings',
+      "Or go to Settings > Network > Airplane mode"
+    ]
+  },
+  unknown: {
+    icon: "",
+    steps: [
+      "Disconnect from WiFi",
+      "Or enable Airplane Mode",
+      "Or unplug your ethernet cable"
+    ]
+  }
+};
+
+// src/services/sessionSummary.ts
+import { jsPDF } from "jspdf";
+var DISCLAIMER = `
+IMPORTANT DISCLAIMER
+
+This document is a SESSION SUMMARY, NOT a proof certificate.
+All metrics shown are SELF-REPORTED by the PURGE application.
+
+For INDEPENDENT VERIFICATION, please:
+1. Enable Airplane Mode before processing files (strongest privacy indicator)
+2. Check your browser's Developer Tools > Network tab during processing
+3. Review the open-source code at github.com/Pacamelo/forge
+
+This summary cannot prove that files were not copied or uploaded.
+It only records what our monitoring detected during the session.
+`;
+function generateSessionId() {
+  return generatePrefixedId("PURGE");
+}
+function formatBytes(bytes) {
+  if (bytes === 0) return "0 bytes";
+  if (bytes < 1024) return `${bytes} bytes`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(2)} MB`;
+}
+function truncateHash2(hash) {
+  if (!hash || hash.length <= 20) return hash || "N/A";
+  return `${hash.slice(0, 12)}...${hash.slice(-12)}`;
+}
+function generateSessionSummaryPDF(data) {
+  const doc = new jsPDF();
+  const pageWidth = doc.internal.pageSize.getWidth();
+  let yPos = 20;
+  const margin = 15;
+  const lineHeight = 6;
+  const addText = (text, fontSize = 10, bold = false) => {
+    doc.setFontSize(fontSize);
+    if (bold) {
+      doc.setFont("helvetica", "bold");
+    } else {
+      doc.setFont("helvetica", "normal");
+    }
+    doc.text(text, margin, yPos);
+    yPos += lineHeight;
+  };
+  const addSection = (title) => {
+    yPos += 4;
+    doc.setDrawColor(0, 255, 0);
+    doc.line(margin, yPos, pageWidth - margin, yPos);
+    yPos += 6;
+    addText(title, 12, true);
+    yPos += 2;
+  };
+  const checkPage = () => {
+    if (yPos > 270) {
+      doc.addPage();
+      yPos = 20;
+    }
+  };
+  doc.setTextColor(0, 255, 0);
+  doc.setFontSize(18);
+  doc.setFont("helvetica", "bold");
+  doc.text("PURGE SESSION SUMMARY", margin, yPos);
+  yPos += 8;
+  doc.setFillColor(255, 200, 0);
+  doc.rect(margin, yPos, pageWidth - margin * 2, 12, "F");
+  doc.setTextColor(0, 0, 0);
+  doc.setFontSize(10);
+  doc.setFont("helvetica", "bold");
+  doc.text("NOT A PROOF CERTIFICATE - SELF-REPORTED DATA ONLY", pageWidth / 2, yPos + 8, {
+    align: "center"
+  });
+  yPos += 18;
+  doc.setTextColor(50, 50, 50);
+  addSection("SESSION INFORMATION");
+  addText(`Session ID: ${data.sessionId}`);
+  addText(`Timestamp: ${new Date(data.timestamp).toLocaleString()}`);
+  addText(`Browser: ${data.environment.browser}`);
+  addText(`Platform: ${data.environment.platform}`);
+  checkPage();
+  addSection("FILES PROCESSED");
+  if (data.files.length === 0) {
+    addText("No files were processed in this session.");
+  } else {
+    data.files.forEach((file, index) => {
+      checkPage();
+      addText(`${index + 1}. ${file.name}`, 10, true);
+      addText(`   Original Size: ${formatBytes(file.originalSize)}`);
+      addText(`   Processed Size: ${formatBytes(file.processedSize)}`);
+      addText(`   Detections Removed: ${file.detectionsRemoved}`);
+      addText(`   Original Hash: ${truncateHash2(file.originalHash)}`);
+      addText(`   Processed Hash: ${truncateHash2(file.processedHash)}`);
+      yPos += 2;
+    });
+  }
+  checkPage();
+  addSection("SELF-REPORTED METRICS");
+  const { selfReportedMetrics } = data;
+  const networkStatus = selfReportedMetrics.networkRequestsDetected === 0 ? "\u2713" : "\u26A0";
+  addText(
+    `${networkStatus} Network Requests Detected: ${selfReportedMetrics.networkRequestsDetected}`
+  );
+  const storageStatus = !selfReportedMetrics.storageChangesDetected ? "\u2713" : "\u26A0";
+  addText(
+    `${storageStatus} Storage Changes: ${selfReportedMetrics.storageChangesDetected ? "Detected" : "None detected"}`
+  );
+  const memoryStatus = selfReportedMetrics.memoryWipeCompleted ? "\u2713" : "\u25CB";
+  addText(
+    `${memoryStatus} Buffer Cleanup: ${selfReportedMetrics.memoryWipeCompleted ? "Completed (visual only)" : "Not completed"}`
+  );
+  const offlineStatus = selfReportedMetrics.wasOfflineDuringProcessing ? "\u2713" : "\u25CB";
+  addText(
+    `${offlineStatus} Offline Processing: ${selfReportedMetrics.wasOfflineDuringProcessing ? "YES - Processed with no internet" : "No - Was online during processing"}`
+  );
+  if (selfReportedMetrics.wasOfflineDuringProcessing) {
+    yPos += 2;
+    doc.setTextColor(0, 150, 0);
+    addText("   \u2192 Offline processing provides the strongest privacy indication.", 9);
+    doc.setTextColor(50, 50, 50);
+  }
+  checkPage();
+  addSection("HOW TO VERIFY INDEPENDENTLY");
+  addText("For stronger assurance that files never left your browser:", 10, true);
+  yPos += 2;
+  addText("1. AIRPLANE MODE CHALLENGE");
+  addText("   Enable Airplane Mode before dropping files into PURGE.");
+  addText("   Offline processing provides the strongest privacy assurance.");
+  yPos += 2;
+  addText("2. BROWSER DEVTOOLS");
+  addText("   Open Developer Tools (F12) \u2192 Network tab before processing.");
+  addText("   Watch for any requests containing your file data.");
+  yPos += 2;
+  addText("3. SOURCE CODE AUDIT");
+  addText("   Review the open-source code at github.com/Pacamelo/forge");
+  addText("   Verify there are no hidden network calls in the processing logic.");
+  checkPage();
+  addSection("DISCLAIMER");
+  doc.setFontSize(8);
+  const disclaimerLines = DISCLAIMER.trim().split("\n");
+  disclaimerLines.forEach((line) => {
+    if (yPos > 280) {
+      doc.addPage();
+      yPos = 20;
+    }
+    doc.text(line.trim(), margin, yPos);
+    yPos += 4;
+  });
+  const pageCount = doc.getNumberOfPages();
+  for (let i = 1; i <= pageCount; i++) {
+    doc.setPage(i);
+    doc.setFontSize(8);
+    doc.setTextColor(150, 150, 150);
+    doc.text(`Generated by PURGE | Page ${i} of ${pageCount}`, pageWidth / 2, 290, {
+      align: "center"
+    });
+  }
+  return doc.output("blob");
+}
+function downloadSessionSummary(data) {
+  const blob = generateSessionSummaryPDF(data);
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = `PURGE-Session-${data.sessionId}.pdf`;
+  document.body.appendChild(a);
+  a.click();
+  document.body.removeChild(a);
+  URL.revokeObjectURL(url);
+}
+export {
+  BaseProcessor,
+  OfflineQuotaStore,
+  PLATFORM_INSTRUCTIONS,
+  QuotaExhaustedError,
+  QuotaExhaustedError as QuotaExhaustedErrorClass,
+  RegexDetectionEngine,
+  XlsxProcessor,
+  adversarialVerifier,
+  categories,
+  categoryMap,
+  detectPlatform2 as detectPlatform,
+  downloadFile,
+  downloadFilesAsZip,
+  downloadSessionSummary,
+  generateDeviceFingerprint,
+  generatePrefixedId,
+  generateSectionId,
+  generateSecureId,
+  generateSessionId,
+  generateSessionSummaryPDF,
+  getCategoryIcon,
+  getCategoryIcon2 as getCategoryIconFromCategories,
+  getCategoryLabel,
+  getCategoryName,
+  getFileTypeFromExtension,
+  getOptimalGridSize,
+  getPartialMask,
+  getPatternsForCategories,
+  getProcessor,
+  getProcessorForFile,
+  getSensitivityThreshold,
+  hasValidExtension,
+  hilbertD2XY,
+  hilbertXY2D,
+  maskPII,
+  offlineQuotaStore,
+  regexDetectionEngine,
+  requestQuotaRefresh,
+  safeCompileRegex,
+  safeFilename,
+  secureError,
+  secureLog,
+  secureWarn,
+  truncateHash,
+  useAdversarialAnalysis,
+  useAirplaneMode,
+  useDocumentProcessor,
+  useEnhancedNetworkProof,
+  useFileEntropy,
+  useFileHash,
+  useFirstTimeUser,
+  useNetworkProof,
+  useOfflineEnforcement,
+  useOfflineQuota,
+  usePurgeStore,
+  useSpreadsheetMetadata,
+  useStorageProof,
+  validateFileType,
+  verifyDeviceFingerprint,
+  xlsxProcessor
+};
+/**
+ * @pacamelo/core
+ * Core PII detection and redaction engine for PURGE
+ *
+ * This package contains the data-processing logic for PURGE:
+ * - PII detection patterns and engine
+ * - Document parsers (XLSX, etc.)
+ * - Masking and redaction utilities
+ * - Security infrastructure
+ *
+ * Open source for transparency - users can verify exactly
+ * how their data is processed.
+ *
+ * @see https://github.com/Pacamelo/purge-core
+ * @license MIT
+ */