dpdp-erasure-cli 1.0.0

package/tests/fetch-dispatcher.test.ts

@@ -0,0 +1,213 @@
+import { describe, expect, it, vi } from "vitest";
+import { createFetchDispatcher } from "@modules/network";
+
+const apiUrl = "https://api.compliance.io/outbox";
+type FetchMock = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
+describe("Fetch Dispatcher Integration", () => {
+  /**
+   * Layman Terms:
+   * Tests the mailman. We make sure that when he tries to deliver a postcard (an HTTP POST request),
+   * he correctly tells us if the house accepted it (Status 200 OK) or if the door was locked (Error).
+   *
+   * Technical Terms:
+   * Validates the `createFetchDispatcher` transport layer. It mocks the global `fetch` API to ensure
+   * headers, abort signals, and payload serializations are correctly formatted according to the Outbox
+   * event contract.
+  */
+  it("successfully dispatches an outbox event and parses a 200 OK", async () => {
+    const mockFetch = vi.fn<FetchMock>(async () => new Response(null, { status: 200 }));
+    vi.spyOn(globalThis, "fetch").mockImplementation(mockFetch as any);
+
+    const dispatcher = createFetchDispatcher({
+      url: apiUrl,
+      token: "secret-token",
+      clientId: "worker-tenant-1",
+    });
+
+    const success = await dispatcher({
+      id: "evt-123",
+      idempotency_key: "ik-123",
+      user_uuid_hash: "hash-456",
+      event_type: "USER_VAULTED",
+      payload: {
+        request_id: "3dc5c993-2297-4138-906f-f8569d60c611",
+        subject_opaque_id: "usr_1",
+        event_timestamp: "2026-04-19T10:00:00.000Z",
+      },
+      previous_hash: "GENESIS",
+      current_hash: "abcd",
+      chain_status: "finalized",
+      status: "pending",
+      attempt_count: 0,
+      lease_token: null,
+      lease_expires_at: null,
+      next_attempt_at: new Date(),
+      processed_at: null,
+      last_error: null,
+      created_at: new Date(),
+      updated_at: new Date(),
+    });
+
+    expect(success).toBe(true);
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+
+    // Verify headers and body
+    const [url, requestInit] = mockFetch.mock.calls[0] as [string, RequestInit];
+    expect(url).toBe(apiUrl);
+    expect(requestInit.headers).toEqual({
+      "content-type": "application/json",
+      "x-client-id": "worker-tenant-1",
+      authorization: "Bearer secret-token",
+    });
+    expect(requestInit.redirect).toBe("error");
+    expect(JSON.parse(String(requestInit.body))).toMatchObject({
+      idempotency_key: "ik-123",
+      event_type: "USER_VAULTED",
+      request_id: "3dc5c993-2297-4138-906f-f8569d60c611",
+      subject_opaque_id: "usr_1",
+      payload: {
+        request_id: "3dc5c993-2297-4138-906f-f8569d60c611",
+        subject_opaque_id: "usr_1",
+        event_timestamp: "2026-04-19T10:00:00.000Z",
+      },
+    });
+  });
+
+  it("classifies 500 responses as retryable transport failures", async () => {
+    const mockFetch = vi.fn<FetchMock>(async () => new Response(null, { status: 500 }));
+
+    vi.spyOn(globalThis, "fetch").mockImplementation(mockFetch as any);
+
+    const dispatcher = createFetchDispatcher({
+      url: apiUrl,
+      token: "secret-token-2",
+      clientId: "worker-tenant-2",
+    });
+
+    await expect(
+      dispatcher({
+        id: "evt-123",
+        idempotency_key: "ik-123",
+        user_uuid_hash: "hash-456",
+        event_type: "USER_VAULTED",
+        payload: {
+          request_id: "3dc5c993-2297-4138-906f-f8569d60c611",
+          subject_opaque_id: "usr_1",
+          event_timestamp: "2026-04-19T10:00:00.000Z",
+        },
+        previous_hash: "GENESIS",
+        current_hash: "abcd",
+        chain_status: "finalized",
+        status: "pending",
+        attempt_count: 0,
+        lease_token: null,
+        lease_expires_at: null,
+        next_attempt_at: new Date(),
+        processed_at: null,
+        last_error: null,
+        created_at: new Date(),
+        updated_at: new Date(),
+      })
+    ).rejects.toMatchObject({
+      code: "OUTBOX_DELIVERY_FAILED",
+      retryable: true,
+      fatal: false,
+    });
+  });
+
+  it("classifies 401 responses as fatal configuration failures", async () => {
+    const mockFetch = vi.fn<FetchMock>(async () => new Response(null, { status: 401 }));
+
+    vi.spyOn(globalThis, "fetch").mockImplementation(mockFetch as any);
+
+    const dispatcher = createFetchDispatcher({
+      url: apiUrl,
+      token: "secret-token-2",
+      clientId: "worker-tenant-3",
+    });
+
+    await expect(
+      dispatcher({
+        id: "evt-401",
+        idempotency_key: "ik-401",
+        user_uuid_hash: "hash-401",
+        event_type: "USER_VAULTED",
+        payload: {
+          request_id: "3dc5c993-2297-4138-906f-f8569d60c611",
+          subject_opaque_id: "usr_1",
+          event_timestamp: "2026-04-19T10:00:00.000Z",
+        },
+        previous_hash: "GENESIS",
+        current_hash: "abcd",
+        chain_status: "finalized",
+        status: "pending",
+        attempt_count: 0,
+        lease_token: null,
+        lease_expires_at: null,
+        next_attempt_at: new Date(),
+        processed_at: null,
+        last_error: null,
+        created_at: new Date(),
+        updated_at: new Date(),
+      })
+    ).rejects.toMatchObject({
+      code: "OUTBOX_AUTH_REJECTED",
+      retryable: false,
+      fatal: true,
+    });
+  });
+
+  it("classifies stale WORM chain heads as retryable concurrency failures", async () => {
+    const mockFetch = vi.fn<FetchMock>(
+      async () =>
+        new Response(
+          JSON.stringify({
+            code: "API_OUTBOX_PREVIOUS_HASH_INVALID",
+            retryable: false,
+          }),
+          {
+            status: 409,
+            headers: { "content-type": "application/json" },
+          }
+        )
+    );
+
+    vi.spyOn(globalThis, "fetch").mockImplementation(mockFetch as any);
+
+    const dispatcher = createFetchDispatcher({
+      url: apiUrl,
+      token: "secret-token-3",
+      clientId: "worker-tenant-4",
+    });
+
+    await expect(
+      dispatcher({
+        id: "evt-409",
+        idempotency_key: "ik-409",
+        user_uuid_hash: "hash-409",
+        event_type: "NOTIFICATION_SENT",
+        payload: {
+          request_id: "3dc5c993-2297-4138-906f-f8569d60c611",
+          subject_opaque_id: "usr_1",
+          event_timestamp: "2026-04-19T10:00:00.000Z",
+        },
+        previous_hash: "stale-head",
+        current_hash: "abcd",
+        chain_status: "finalized",
+        status: "pending",
+        attempt_count: 0,
+        lease_token: null,
+        lease_expires_at: null,
+        next_attempt_at: new Date(),
+        processed_at: null,
+        last_error: null,
+        created_at: new Date(),
+        updated_at: new Date(),
+      })
+    ).rejects.toMatchObject({
+      code: "OUTBOX_DELIVERY_FAILED",
+      retryable: true,
+      fatal: false,
+    });
+  });
+});

package/tests/graph.test.ts

@@ -0,0 +1,84 @@
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { getDependencyGraph } from "@modules/db";
+import { createTestSql, dropSchemas, uniqueSchema } from "./helpers";
+import type { Sql } from "@/types";
+
+describe("Graph Engine (Database Crawler)", () => {
+  let sql: Sql;
+  const schema = uniqueSchema("graph");
+
+  beforeAll(async () => {
+    sql = createTestSql();
+
+    await dropSchemas(sql, schema);
+    await sql`CREATE SCHEMA ${sql(schema)}`;
+
+    await sql`CREATE TABLE ${sql(schema)}.users (id SERIAL PRIMARY KEY, email TEXT, full_name TEXT)`;
+    await sql`CREATE TABLE ${sql(schema)}.orders (id SERIAL PRIMARY KEY, user_id INTEGER REFERENCES ${sql(schema)}.users(id))`;
+    await sql`CREATE TABLE ${sql(schema)}.profiles (id SERIAL PRIMARY KEY, user_id INTEGER REFERENCES ${sql(schema)}.users(id))`;
+    await sql`CREATE TABLE ${sql(schema)}.shipping_addresses (id SERIAL PRIMARY KEY, order_id INTEGER REFERENCES ${sql(schema)}.orders(id))`;
+    await sql`CREATE TABLE ${sql(schema)}.address_verification_logs (id SERIAL PRIMARY KEY, address_id INTEGER REFERENCES ${sql(schema)}.shipping_addresses(id))`;
+    await sql`CREATE TABLE ${sql(schema)}.level_4 (id SERIAL PRIMARY KEY, log_id INTEGER REFERENCES ${sql(schema)}.address_verification_logs(id))`;
+    await sql`CREATE TABLE ${sql(schema)}.level_5 (id SERIAL PRIMARY KEY, l4_id INTEGER REFERENCES ${sql(schema)}.level_4(id))`;
+    await sql`CREATE TABLE ${sql(schema)}.orphan_table (id SERIAL PRIMARY KEY, data TEXT)`;
+    await sql`CREATE TABLE ${sql(schema)}.circ_a (id SERIAL PRIMARY KEY)`;
+    await sql`CREATE TABLE ${sql(schema)}.circ_b (id SERIAL PRIMARY KEY, a_id INTEGER REFERENCES ${sql(schema)}.circ_a(id))`;
+    await sql`ALTER TABLE ${sql(schema)}.circ_a ADD COLUMN b_id INTEGER REFERENCES ${sql(schema)}.circ_b(id)`;
+    await sql`CREATE TABLE ${sql(schema)}.cascade_root (id SERIAL PRIMARY KEY)`;
+    await sql`CREATE TABLE ${sql(schema)}.cascade_child (id SERIAL PRIMARY KEY, root_id INTEGER REFERENCES ${sql(schema)}.cascade_root(id) ON DELETE CASCADE)`;
+    await sql`CREATE TABLE ${sql(schema)}.set_null_root (id SERIAL PRIMARY KEY)`;
+    await sql`CREATE TABLE ${sql(schema)}.set_null_child (id SERIAL PRIMARY KEY, root_id INTEGER REFERENCES ${sql(schema)}.set_null_root(id) ON DELETE SET NULL)`;
+  });
+
+  afterAll(async () => {
+    await dropSchemas(sql, schema);
+    await sql.end();
+  });
+
+  it("maps a multi-level dependency graph without duplicate loop inflation", async () => {
+    const graph = await getDependencyGraph(sql, schema, "users");
+    const tableNames = graph.map((node) => node.table_name);
+
+    expect(tableNames).toContain(`${schema}.orders`);
+    expect(tableNames).toContain(`${schema}.profiles`);
+    expect(tableNames).toContain(`${schema}.shipping_addresses`);
+    expect(tableNames).toContain(`${schema}.address_verification_logs`);
+    expect(tableNames).toContain(`${schema}.level_5`);
+
+    const orderNode = graph.find((node) => node.table_name === `${schema}.orders`);
+    const shippingNode = graph.find((node) => node.table_name === `${schema}.shipping_addresses`);
+    const logNode = graph.find((node) => node.table_name === `${schema}.address_verification_logs`);
+    const level5Node = graph.find((node) => node.table_name === `${schema}.level_5`);
+
+    expect(orderNode?.depth).toBe(1);
+    expect(orderNode?.delete_action).toBe("NO_ACTION");
+    expect(shippingNode?.depth).toBe(2);
+    expect(logNode?.depth).toBe(3);
+    expect(level5Node?.depth).toBe(5);
+  });
+
+  it("returns an empty array for a table with zero dependencies", async () => {
+    await expect(getDependencyGraph(sql, schema, "orphan_table")).resolves.toEqual([]);
+  });
+
+  it("breaks cycles instead of looping until a depth guard happens to stop it", async () => {
+    const graph = await getDependencyGraph(sql, schema, "circ_a");
+    const nodesForCircB = graph.filter((node) => node.table_name === `${schema}.circ_b`);
+
+    expect(nodesForCircB).toHaveLength(1);
+    expect(nodesForCircB[0]?.depth).toBe(1);
+  });
+
+  it("fails closed when FK delete actions can silently mutate dependent data", async () => {
+    await expect(getDependencyGraph(sql, schema, "cascade_root")).rejects.toThrow(/ON DELETE CASCADE/i);
+    await expect(getDependencyGraph(sql, schema, "set_null_root")).rejects.toThrow(/ON DELETE SET_NULL/i);
+  });
+
+  it("fails closed when the recursion depth limit would truncate the graph", async () => {
+    await expect(getDependencyGraph(sql, schema, "users", { maxDepth: 3 })).rejects.toThrow(/safety limit/i);
+  });
+
+  it("fails clearly when the root table does not exist", async () => {
+    await expect(getDependencyGraph(sql, schema, "does_not_exist")).rejects.toThrow(/does not exist/i);
+  });
+});

package/tests/helpers/index.ts

@@ -0,0 +1,101 @@
+import postgres from "postgres";
+import { runMigrations } from "@modules/db";
+import type { Sql } from "@/types";
+
+export const TEST_DATABASE_URL = process.env.TEST_DATABASE_URL ?? "postgres://postgres:postgres@localhost:5432/postgres";
+
+export const TEST_SECRETS = {
+  kek: new Uint8Array(32).fill(0x42),
+  hmacKey: new Uint8Array(32).fill(0x24),
+};
+
+export function createTestSql(): Sql {
+  return postgres(TEST_DATABASE_URL);
+}
+
+export function uniqueSchema(prefix: string): string {
+  return `${prefix}_${globalThis.crypto.randomUUID().replace(/-/g, "").slice(0, 16)}`;
+}
+
+export async function dropSchemas(sql: Sql, ...schemas: string[]) {
+  for (const schema of schemas) {
+    await sql`DROP SCHEMA IF EXISTS ${sql(schema)} CASCADE`;
+  }
+}
+
+export async function createAppSchema(
+  sql: Sql,
+  schema: string,
+  options: { withDependencies?: boolean; withDeepDependencies?: boolean } = {}
+) {
+  await sql`CREATE SCHEMA ${sql(schema)}`;
+  await sql`
+    CREATE TABLE ${sql(schema)}.users (
+      id SERIAL PRIMARY KEY,
+      email TEXT NOT NULL,
+      full_name TEXT NOT NULL
+    )
+  `;
+
+  if (!options.withDependencies) {
+    return;
+  }
+
+  await sql`
+    CREATE TABLE ${sql(schema)}.orders (
+      id SERIAL PRIMARY KEY,
+      user_id INTEGER REFERENCES ${sql(schema)}.users(id),
+      amount DECIMAL NOT NULL
+    )
+  `;
+
+  await sql`
+    CREATE TABLE ${sql(schema)}.profiles (
+      id SERIAL PRIMARY KEY,
+      user_id INTEGER REFERENCES ${sql(schema)}.users(id),
+      bio TEXT
+    )
+  `;
+
+  if (!options.withDeepDependencies) {
+    return;
+  }
+
+  await sql`
+    CREATE TABLE ${sql(schema)}.shipping_addresses (
+      id SERIAL PRIMARY KEY,
+      order_id INTEGER REFERENCES ${sql(schema)}.orders(id),
+      street TEXT NOT NULL,
+      city TEXT NOT NULL
+    )
+  `;
+
+  await sql`
+    CREATE TABLE ${sql(schema)}.address_verification_logs (
+      id SERIAL PRIMARY KEY,
+      address_id INTEGER REFERENCES ${sql(schema)}.shipping_addresses(id),
+      verified_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `;
+}
+
+export async function insertUser(sql: Sql, schema: string, email: string, fullName: string): Promise<number> {
+  const rows = await sql<{ id: number }[]>`
+    INSERT INTO ${sql(schema)}.users (email, full_name)
+    VALUES (${email}, ${fullName})
+    RETURNING id
+  `;
+
+  return rows[0]!.id;
+}
+
+export async function prepareWorkerSchemas(
+  sql: Sql,
+  appSchema: string,
+  engineSchema: string,
+  options: { withDependencies?: boolean; withDeepDependencies?: boolean } = {}
+) {
+  await dropSchemas(sql, appSchema, engineSchema);
+  await createAppSchema(sql, appSchema, options);
+  await runMigrations(sql, engineSchema);
+}

package/tests/index-preflight.test.ts

@@ -0,0 +1,168 @@
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import type { WorkerConfig } from "@modules/config";
+import { assertIndexPreflight, collectIndexRequirements } from "@modules/bootstrap";
+import type { Sql } from "@/types";
+import { createTestSql, dropSchemas, uniqueSchema, TEST_SECRETS } from "./helpers";
+
+describe("Worker index preflight", () => {
+  let sql: Sql;
+  const schemasToDrop: string[] = [];
+
+  beforeAll(() => {
+    sql = createTestSql();
+  });
+
+  afterAll(async () => {
+    await dropSchemas(sql, ...schemasToDrop);
+    await sql.end();
+  });
+
+  async function setup() {
+    const schema = uniqueSchema("idx_preflight");
+    schemasToDrop.push(schema);
+    await dropSchemas(sql, schema);
+    await sql`CREATE SCHEMA ${sql(schema)}`;
+    await sql`
+      CREATE TABLE ${sql(schema)}.users (
+        id TEXT PRIMARY KEY,
+        tenant_id TEXT,
+        email TEXT NOT NULL,
+        full_name TEXT NOT NULL
+      )
+    `;
+    await sql`
+      CREATE TABLE ${sql(schema)}.transactions (
+        id BIGSERIAL PRIMARY KEY,
+        user_id TEXT NOT NULL,
+        amount NUMERIC NOT NULL
+      )
+    `;
+    await sql`
+      CREATE TABLE ${sql(schema)}.support_tickets (
+        id BIGSERIAL PRIMARY KEY,
+        user_id TEXT NOT NULL,
+        requester_email TEXT
+      )
+    `;
+
+    return schema;
+  }
+
+  function buildConfig(appSchema: string): WorkerConfig {
+    return {
+      version: "1",
+      database: {
+        app_schema: appSchema,
+        engine_schema: "engine",
+      },
+      compliance_policy: {
+        default_retention_years: 0,
+        notice_window_hours: 48,
+        retention_rules: [
+          {
+            rule_name: "PMLA_FINANCIAL",
+            legal_citation: "PMLA Sec 12",
+            if_has_data_in: ["transactions"],
+            retention_years: 10,
+          },
+        ],
+      },
+      graph: {
+        root_table: "users",
+        root_id_column: "id",
+        max_depth: 32,
+        root_pii_columns: {
+          email: "HMAC",
+          full_name: "STATIC_MASK",
+        },
+      },
+      satellite_targets: [
+        {
+          table: "support_tickets",
+          lookup_column: "user_id",
+          action: "redact",
+          masking_rules: {
+            requester_email: "HMAC",
+          },
+        },
+      ],
+      blob_targets: [],
+      rules: [
+        {
+          id: "dpdp_static",
+          targets: [
+            {
+              table: `${appSchema}.users`,
+              parent_columns: [],
+              child_columns: [],
+              primary_key_columns: ["id"],
+              pii_columns: ["email"],
+            },
+            {
+              table: `${appSchema}.support_tickets`,
+              parent: `${appSchema}.users`,
+              parent_columns: ["id"],
+              child_columns: ["user_id"],
+              primary_key_columns: ["id"],
+              action: "redact",
+              mutation_rules: {
+                requester_email: "HMAC",
+              },
+              pii_columns: ["requester_email"],
+            },
+          ],
+        },
+      ],
+      outbox: {
+        batch_size: 10,
+        lease_seconds: 30,
+        max_attempts: 3,
+        base_backoff_ms: 1000,
+      },
+      security: {
+        notification_lease_seconds: 120,
+        master_key_env: "DPDP_MASTER_KEY",
+        hmac_key_env: "DPDP_HMAC_KEY",
+      },
+      integrity: {
+        expected_schema_hash: "ab".repeat(32),
+      },
+      legal_attestation: {
+        dpo_identifier: "dpo@example.com",
+        configuration_version: "v1",
+        legal_review_date: "2026-05-01",
+        schema_hash: "ab".repeat(32),
+        acknowledgment: "Reviewed",
+      },
+      masterKey: TEST_SECRETS.kek,
+      hmacKey: TEST_SECRETS.hmacKey,
+    };
+  }
+
+  it("collects every runtime lookup that must be index-backed", async () => {
+    const schema = await setup();
+    const requirements = collectIndexRequirements(buildConfig(schema));
+    expect(requirements).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({ table: "users", columns: ["id"] }),
+        expect.objectContaining({ table: "transactions", columns: ["id"] }),
+        expect.objectContaining({ table: "support_tickets", columns: ["id"] }),
+        expect.objectContaining({ table: "support_tickets", columns: ["user_id"] }),
+      ])
+    );
+  });
+
+  it("fails closed when evidence or satellite lookups would table-scan", async () => {
+    const schema = await setup();
+    const config = buildConfig(schema);
+
+    await expect(assertIndexPreflight(sql, config)).rejects.toThrow(/missing index requirement/i);
+
+    await sql`CREATE INDEX ${sql(`${schema}_support_tickets_user_id_idx`)} ON ${sql(schema)}.support_tickets (user_id)`;
+
+    await expect(assertIndexPreflight(sql, config)).resolves.toEqual({
+      checked: expect.any(Number),
+      missing: [],
+    });
+  });
+});

package/tests/introspector-classifier.test.ts

@@ -0,0 +1,62 @@
+import { describe, expect, it } from "vitest";
+import {
+  classifyLeaf,
+  metadataScore,
+  validateAadhaar,
+  validateGstin,
+  validateLuhn,
+  validatePan,
+} from "@modules/introspector";
+
+describe("Introspector PII classifier", () => {
+  it("detects high-confidence Indian identity and payment identifiers", () => {
+    expect(validateAadhaar("2345-6789-1238")).toBe(true);
+    expect(classifyLeaf("2345-6789-1238")).toContain("aadhaar");
+    expect(classifyLeaf("2345-6789-1234")).not.toContain("aadhaar");
+
+    expect(validatePan("ABCPE1234F")).toBe(true);
+    expect(classifyLeaf("ABCPE1234F")).toContain("pan");
+    expect(classifyLeaf("ABCDE1234F")).not.toContain("pan");
+
+    expect(validateGstin("27ABCPE1234F1Z5")).toBe(true);
+    expect(classifyLeaf("27ABCPE1234F1Z5")).toContain("gstin");
+    expect(classifyLeaf("27ABCDE1234F1Z5")).not.toContain("gstin");
+
+    expect(validateLuhn("4111 1111 1111 1111")).toBe(true);
+    expect(classifyLeaf("4111 1111 1111 1111")).toContain("credit_card");
+    expect(classifyLeaf("4111 1111 1111 1112")).not.toContain("credit_card");
+  });
+
+  it("detects communication, account, and infrastructure identifiers", () => {
+    expect(classifyLeaf("person@example.com")).toContain("email");
+    expect(classifyLeaf("+91-9876543210")).toContain("indian_mobile");
+    expect(classifyLeaf("person.name@upi")).toContain("upi");
+    expect(classifyLeaf("HDFC0001234")).toContain("ifsc");
+    expect(classifyLeaf("P1234567")).toContain("indian_passport");
+    expect(classifyLeaf("ABC1234567")).toContain("voter_epic");
+    expect(classifyLeaf("203.0.113.10")).toContain("ipv4");
+    expect(classifyLeaf("2001:db8:85a3::8a2e:370:7334")).toContain("ipv6");
+    expect(classifyLeaf("00:1A:2B:3C:4D:5E")).toContain("mac_address");
+  });
+
+  it("requires metadata support for false-positive-prone numeric patterns", () => {
+    expect(classifyLeaf("123456789012")).not.toContain("bank_account");
+    expect(classifyLeaf("123456789012", "bank_account_number")).toContain("bank_account");
+
+    expect(classifyLeaf("1990-01-31")).not.toContain("date_of_birth");
+    expect(classifyLeaf("1990-01-31", "date_of_birth")).toContain("date_of_birth");
+
+    expect(classifyLeaf("KA0120111234567")).not.toContain("indian_driving_license");
+    expect(classifyLeaf("KA0120111234567", "driving_license_number")).toContain("indian_driving_license");
+
+    expect(classifyLeaf("560001")).not.toContain("indian_pin_code");
+    expect(classifyLeaf("560001", "postal_code")).toContain("indian_pin_code");
+  });
+
+  it("does not infer personal names without a dedicated NER model", () => {
+    expect(metadataScore("full_name")).toBe(0);
+    expect(metadataScore("first_name")).toBe(0);
+    expect(metadataScore("customer_name")).toBe(0);
+    expect(classifyLeaf("Priya Sharma")).toEqual([]);
+  });
+});