#[cfg(test)]
mod secrets_tests {
    use env_guard::secrets::{
        scan_file, redact_secret, format_secret_match,
        get_builtin_patterns, SecretSeverity
    };
    use std::fs;

    #[test]
    fn test_redact_secret_short() {
        assert_eq!(redact_secret("abc"), "***");
    }

    #[test]
    fn test_redact_secret_long() {
        let result = redact_secret("my-secret-api-key-12345");
        assert!(result.starts_with("my-s"));
        assert!(result.contains('*'));
        assert!(result.len() < 30);
    }

    #[test]
    fn test_redact_secret_exact_8_chars() {
        let result = redact_secret("12345678");
        assert_eq!(result, "********");
    }

    #[test]
    fn test_get_builtin_patterns() {
        let patterns = get_builtin_patterns();
        assert!(!patterns.is_empty());

        let has_aws = patterns.iter().any(|p| p.name.contains("AWS"));
        let has_github = patterns.iter().any(|p| p.name.contains("GitHub"));
        let has_jwt = patterns.iter().any(|p| p.name.contains("JWT"));

        assert!(has_aws);
        assert!(has_github);
        assert!(has_jwt);
    }

    #[test]
    fn test_scan_file_with_secrets() {
        let content = r#"
const apiKey = "sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
const password = "super_secret_password";
const awsKey = "AKIAIOSFODNN7EXAMPLE";
"#;
        let test_file = "test_secrets_temp.txt";
        fs::write(test_file, content).unwrap();

        let matches = scan_file(test_file, false).unwrap();

        assert!(!matches.is_empty());
        let has_api_key = matches.iter().any(|m| m.secret_type.contains("API") || m.secret_type.contains("OpenAI"));
        assert!(has_api_key);

        fs::remove_file(test_file).ok();
    }

    #[test]
    fn test_scan_file_without_secrets() {
        let content = r#"
const apiUrl = "https://api.example.com";
const port = 3000;
const debug = true;
"#;
        let test_file = "test_no_secrets_temp.txt";
        fs::write(test_file, content).unwrap();

        let matches = scan_file(test_file, false).unwrap();
        assert!(matches.is_empty());

        fs::remove_file(test_file).ok();
    }

    #[test]
    fn test_secret_severity_levels() {
        assert_eq!(SecretSeverity::Critical.as_str(), "CRITICAL");
        assert_eq!(SecretSeverity::High.as_str(), "HIGH");
        assert_eq!(SecretSeverity::Medium.as_str(), "MEDIUM");
        assert_eq!(SecretSeverity::Low.as_str(), "LOW");
    }

    #[test]
    fn test_github_token_pattern() {
        let content = r#"const token = "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";"#;
        let test_file = "test_github_temp.txt";
        fs::write(test_file, content).unwrap();

        let matches = scan_file(test_file, false).unwrap();
        let has_github = matches.iter().any(|m| m.secret_type.contains("GitHub"));

        assert!(has_github);

        fs::remove_file(test_file).ok();
    }

    #[test]
    fn test_jwt_pattern() {
        let content = r#"const jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U";"#;
        let test_file = "test_jwt_temp.txt";
        fs::write(test_file, content).unwrap();

        let matches = scan_file(test_file, false).unwrap();
        let has_jwt = matches.iter().any(|m| m.secret_type.contains("JWT"));

        assert!(has_jwt);

        fs::remove_file(test_file).ok();
    }
}