Spaces:

ysharma
/

OPF-SmartRedact-Paste

Running on Zero

App Files Files Community

OPF-SmartRedact-Paste / app.py

ysharma HF Staff

Update app.py

f78f0c3 verified 14 days ago

raw

history blame contribute delete

42.3 kB

	"""
	DLP Paste-Proxy — "Pastebin with a conscience"
	================================================

	A sleek paste-to-share service. The author pastes PII-rich text and gets
	a shareable URL. Recipients at that URL see the OPF-redacted version by
	default; a separate "reveal" link guarded by an unguessable token shows
	the original.

	Why gr.Server? We need four HTTP surfaces that don't map cleanly onto
	gr.Blocks event wiring:
	* @server.api create_paste - accept paste, run OPF, mint IDs
	(queued compute → @gradio/client)
	* GET /view/{id} - public redacted view page
	* GET /view/{id}?token=... - author's reveal page
	* GET /api/paste/{pid} - JSON lookup of an existing paste
	plus a background sweeper for auto-expiry.

	The create_paste endpoint is the only one that runs the OPF model,
	so it is the only one that needs Gradio's queue + ZeroGPU wiring —
	the other three are pure lookup/rendering and are served as plain
	FastAPI routes, which the gradio.Server blog recommends for static
	content.

	Storage is an in-process dict. That is fine for a public demo — the
	point is to illustrate the request-composition model; it is NOT a
	durable pastebin. Restarting the Space clears all pastes.
	"""

	from __future__ import annotations

	import html
	import json
	import os
	import secrets
	import threading
	import time
	from dataclasses import dataclass
	from typing import Optional

	import gradio as gr
	from fastapi.responses import HTMLResponse, JSONResponse

	# spaces is only available on Hugging Face Spaces; degrade gracefully
	# when running locally so `python app.py` still works off-GPU.
	try:
	import spaces
	_HAS_SPACES = True
	except ImportError:
	_HAS_SPACES = False

	from opf import predict_text

	# ── configuration ─────────────────────────────────────────────────

	MAX_PASTE_CHARS = int(os.getenv("MAX_PASTE_CHARS", "50000"))
	SWEEP_INTERVAL_SEC = int(os.getenv("SWEEP_INTERVAL_SEC", "30"))

	TTL_CHOICES: dict[str, Optional[int]] = {
	"never": None,
	"1h": 60 * 60,
	"24h": 60 * 60 * 24,
	"7d": 60 * 60 * 24 * 7,
	}

	CATEGORIES_META = {
	"private_person": {"color": "#E24B4A", "label": "Person"},
	"private_date": {"color": "#1E7DD1", "label": "Date"},
	"private_address": {"color": "#1D9E75", "label": "Address"},
	"private_email": {"color": "#0EA5A1", "label": "Email"},
	"account_number": {"color": "#BA7517", "label": "Account"},
	"private_url": {"color": "#D85A30", "label": "URL"},
	"secret": {"color": "#52525b", "label": "Secret"},
	"private_phone": {"color": "#639922", "label": "Phone"},
	}

	# ── paste store ───────────────────────────────────────────────────

	@dataclass
	class Paste:
	id: str
	reveal_token: str
	original: str
	redacted: str
	spans: list[dict]
	stats: dict
	created_at: float
	expires_at: Optional[float]
	views: int = 0
	reveals: int = 0


	PASTES: dict[str, Paste] = {}
	LOCK = threading.RLock()


	def _store_put(paste: Paste) -> None:
	with LOCK:
	PASTES[paste.id] = paste


	def _store_get(pid: str) -> Optional[Paste]:
	with LOCK:
	p = PASTES.get(pid)
	if p is None:
	return None
	if p.expires_at is not None and p.expires_at <= time.time():
	PASTES.pop(pid, None)
	return None
	return p


	def _sweep_loop() -> None:
	while True:
	time.sleep(SWEEP_INTERVAL_SEC)
	now = time.time()
	with LOCK:
	expired = [pid for pid, p in PASTES.items()
	if p.expires_at is not None and p.expires_at <= now]
	for pid in expired:
	PASTES.pop(pid, None)


	threading.Thread(target=_sweep_loop, daemon=True, name="paste-sweeper").start()


	# ── redaction ─────────────────────────────────────────────────────

	def redact(text: str, spans: list[dict]) -> str:
	"""Replace each detected span with <CATEGORY> right-to-left.

	Right-to-left preserves indices for earlier spans while we rewrite
	later ones (the v6 model output is non-overlapping, but we still
	sort defensively and drop any that would nest)."""
	out = text
	last_start: Optional[int] = None
	for sp in sorted(spans, key=lambda s: s["start"], reverse=True):
	s, e = sp["start"], sp["end"]
	if last_start is not None and e > last_start:
	continue # overlaps a later (earlier-in-text) span; skip
	placeholder = f"<{sp['label'].upper()}>"
	out = out[:s] + placeholder + out[e:]
	last_start = s
	return out


	def compute_stats(text: str, spans: list[dict]) -> dict:
	total = len(text)
	pii_chars = sum(s["end"] - s["start"] for s in spans)
	by_cat: dict[str, dict[str, int]] = {}
	for s in spans:
	c = s["label"]
	by_cat.setdefault(c, {"count": 0, "chars": 0})
	by_cat[c]["count"] += 1
	by_cat[c]["chars"] += s["end"] - s["start"]
	return {
	"total_chars": total,
	"pii_chars": pii_chars,
	"pii_percentage": round(pii_chars / total * 100, 1) if total else 0.0,
	"total_spans": len(spans),
	"categories": by_cat,
	}


	# ── OPF call (GPU-gated on HF Spaces) ─────────────────────────────

	if _HAS_SPACES:
	@spaces.GPU
	def analyze(text: str):
	return predict_text(text)
	else:
	def analyze(text: str):
	return predict_text(text)


	# ── gr.Server wiring ──────────────────────────────────────────────

	server = gr.Server()


	@server.get("/", response_class=HTMLResponse)
	async def home():
	return HTMLResponse(_COMPOSE_HTML)


	@server.api(name="create_paste")
	def create_paste_api(text: str, ttl: str = "never") -> dict:
	"""Scan text with the OPF model, mint a paste id + reveal token,
	and return all the metadata the caller needs to build share URLs.

	This is a @server.api route (not a plain FastAPI POST) because it
	runs the @spaces.GPU-decorated `analyze` — we want the request to
	go through Gradio's queue so concurrent callers don't stomp on
	each other's ZeroGPU allocations. Both the browser (via
	@gradio/client) and Python clients (via gradio_client) hit the
	same endpoint.
	"""
	text = (text or "").strip()
	if not text:
	return {"error": "Paste is empty"}
	if len(text) > MAX_PASTE_CHARS:
	return {"error": f"Paste exceeds {MAX_PASTE_CHARS:,} characters"}
	if ttl not in TTL_CHOICES:
	return {"error": f"Unknown ttl {ttl!r}"}

	try:
	source_text, spans = analyze(text)
	except Exception as exc:
	return {"error": f"OPF inference failed: {exc}"}

	redacted = redact(source_text, spans)
	stats = compute_stats(source_text, spans)

	pid = secrets.token_urlsafe(6)
	reveal_token = secrets.token_urlsafe(22)
	ttl_sec = TTL_CHOICES[ttl]
	now = time.time()
	expires_at = (now + ttl_sec) if ttl_sec is not None else None

	_store_put(Paste(
	id=pid, reveal_token=reveal_token,
	original=source_text, redacted=redacted,
	spans=spans, stats=stats,
	created_at=now, expires_at=expires_at,
	))

	return {
	"id": pid,
	"reveal_token": reveal_token,
	"view_path": f"/view/{pid}",
	"reveal_path": f"/view/{pid}?token={reveal_token}",
	"expires_at": expires_at,
	"stats": stats,
	"redacted": redacted, # let the frontend render a preview without a second round-trip
	"categories_meta": CATEGORIES_META,
	}


	@server.get("/view/{pid}", response_class=HTMLResponse)
	async def view_paste(pid: str, token: Optional[str] = None):
	p = _store_get(pid)
	if p is None:
	return HTMLResponse(_not_found_html(pid), status_code=404)

	revealed = bool(token) and secrets.compare_digest(token, p.reveal_token)

	with LOCK:
	if revealed:
	p.reveals += 1
	else:
	p.views += 1

	return HTMLResponse(_render_view(p, revealed))


	@server.get("/api/paste/{pid}")
	async def api_get_paste(pid: str, token: Optional[str] = None):
	"""Plain FastAPI read-only lookup — no compute, no queue needed."""
	p = _store_get(pid)
	if p is None:
	return JSONResponse({"error": "not found or expired"}, status_code=404)
	revealed = bool(token) and secrets.compare_digest(token, p.reveal_token)
	payload = {
	"id": p.id,
	"created_at": p.created_at,
	"expires_at": p.expires_at,
	"stats": p.stats,
	"views": p.views,
	"reveals": p.reveals,
	"redacted": p.redacted,
	}
	if revealed:
	payload["original"] = p.original
	payload["spans"] = p.spans
	return JSONResponse(payload)


	# ── HTML rendering ────────────────────────────────────────────────

	def _escape(text: str) -> str:
	return html.escape(text, quote=False)


	def _highlight_html(text: str, spans: list[dict]) -> str:
	"""Return HTML for text with each span wrapped in a colored mark,
	revealing the original content (used on the reveal page)."""
	pieces: list[str] = []
	cursor = 0
	for sp in sorted(spans, key=lambda s: s["start"]):
	s, e = sp["start"], sp["end"]
	if s < cursor or e <= s:
	continue
	if s > cursor:
	pieces.append(_escape(text[cursor:s]))
	meta = CATEGORIES_META.get(sp["label"])
	color = meta["color"] if meta else "#333"
	label = meta["label"] if meta else sp["label"]
	pieces.append(
	f'<mark class="pp-hi" data-cat="{_escape(sp["label"])}" '
	f'style="--cat:{color}" title="{_escape(label)}">'
	f'{_escape(text[s:e])}'
	f'<span class="pp-hi-tag">{_escape(label)}</span>'
	f'</mark>'
	)
	cursor = e
	if cursor < len(text):
	pieces.append(_escape(text[cursor:]))
	return "".join(pieces)


	def _redacted_html(redacted: str) -> str:
	"""Render the redacted version with <CATEGORY> placeholders as
	colored pills so readers can see what kind of data was stripped."""
	out: list[str] = []
	i = 0
	while i < len(redacted):
	lt = redacted.find("<", i)
	if lt == -1:
	out.append(_escape(redacted[i:]))
	break
	out.append(_escape(redacted[i:lt]))
	gt = redacted.find(">", lt + 1)
	if gt == -1:
	out.append(_escape(redacted[lt:]))
	break
	tag = redacted[lt + 1:gt]
	cat_key = tag.lower()
	meta = CATEGORIES_META.get(cat_key)
	if meta is None:
	out.append(_escape(redacted[lt:gt + 1]))
	else:
	out.append(
	f'<span class="pp-red" data-cat="{_escape(cat_key)}" '
	f'style="--cat:{meta["color"]}">'
	f'<span class="pp-red-dot"></span>{_escape(meta["label"])}'
	f'</span>'
	)
	i = gt + 1
	return "".join(out)


	def _format_expiry(paste: Paste) -> str:
	if paste.expires_at is None:
	return "does not expire"
	remaining = paste.expires_at - time.time()
	if remaining <= 0:
	return "expired"
	if remaining < 3600:
	return f"expires in {int(remaining // 60)} min"
	if remaining < 86400:
	return f"expires in {int(remaining // 3600)} h"
	return f"expires in {int(remaining // 86400)} d"


	def _render_view(p: Paste, revealed: bool) -> str:
	stats = p.stats
	badges_html = "".join(
	f'<span class="pp-badge" style="--cat:{CATEGORIES_META.get(cat, {"color": "#333"})["color"]}">'
	f'<span class="pp-badge-dot"></span>'
	f'{_escape(CATEGORIES_META.get(cat, {"label": cat})["label"])}'
	f'<span class="pp-badge-n">{info["count"]}</span>'
	f'</span>'
	for cat, info in sorted(stats["categories"].items(),
	key=lambda kv: -kv[1]["count"])
	) or '<span class="pp-muted">No PII detected in this paste.</span>'

	body_html = (
	_highlight_html(p.original, p.spans) if revealed
	else _redacted_html(p.redacted)
	)

	mode_banner = (
	'<div class="pp-banner pp-banner-reveal">'
	'<strong>Private reveal.</strong> This URL contains the reveal token — '
	'treat it like a password. Anyone with it sees the original text.'
	'</div>'
	if revealed else
	'<div class="pp-banner pp-banner-safe">'
	'<strong>Redacted view.</strong> Sensitive spans were stripped before '
	'this page was served. The original is only visible via the author\'s reveal link.'
	'</div>'
	)

	view_mode_label = "Original (revealed)" if revealed else "Redacted"

	replacements = {
	"__PID__": _escape(p.id),
	"__MODE__": _escape(view_mode_label),
	"__EXPIRY__": _escape(_format_expiry(p)),
	"__CREATED__": _escape(time.strftime(
	"%Y-%m-%d %H:%M UTC", time.gmtime(p.created_at))),
	"__VIEWS__": str(p.views),
	"__REVEALS__": str(p.reveals),
	"__PCT__": str(stats["pii_percentage"]),
	"__SPANS_N__": str(stats["total_spans"]),
	"__CHARS_N__": f'{stats["total_chars"]:,}',
	"__BADGES__": badges_html,
	"__BANNER__": mode_banner,
	"__BODY__": body_html,
	"__BODY_CLASS__": "pp-body-reveal" if revealed else "pp-body-redacted",
	}
	out = _VIEW_HTML
	for k, v in replacements.items():
	out = out.replace(k, v)
	return out


	def _not_found_html(pid: str) -> str:
	return _NOT_FOUND_HTML.replace("{{PID}}", _escape(pid))


	# ── compose page (paste editor) ───────────────────────────────────

	_CATEGORIES_JSON = json.dumps(CATEGORIES_META)

	_SHARED_CSS = r"""
	:root{
	--bg: #f7f7f8;
	--panel: #ffffff;
	--panel-2: #f1f1f3;
	--ink: #0a0a0a;
	--ink-dim: #3f3f46;
	--ink-faint: #70707a;
	--line: #e4e4e7;
	--line-strong: #d4d4d8;
	--accent: #0f8a5f;
	--accent-ink: #ffffff;
	--warn: #b45309;
	--primary-bg: #18181b;
	--primary-fg: #ffffff;
	--radius-lg: 12px;
	--radius-md: 8px;
	--radius-sm: 5px;
	--shadow-xs: 0 1px 1.5px rgba(10,10,10,.04);
	--shadow-sm: 0 1px 3px rgba(10,10,10,.06), 0 1px 2px rgba(10,10,10,.04);
	--shadow-md: 0 4px 14px rgba(10,10,10,.07), 0 1px 3px rgba(10,10,10,.04);
	--font-sans: 'Inter', system-ui, -apple-system, 'Segoe UI', sans-serif;
	--font-mono: 'JetBrains Mono', ui-monospace, SFMono-Regular, Menlo, Consolas, monospace;
	--font-serif: 'Instrument Serif', 'Source Serif 4', Georgia, serif;
	}
	@media (prefers-color-scheme: dark){
	:root{
	--bg: #0e0e11;
	--panel: #18181c;
	--panel-2: #1f1f24;
	--ink: #e8e8ea;
	--ink-dim: #a8a8ae;
	--ink-faint: #70707a;
	--line: rgba(255,255,255,0.08);
	--line-strong: rgba(255,255,255,0.18);
	--accent: #2bb77e;
	--accent-ink: #0e0e11;
	--warn: #eab308;
	--primary-bg: #f0f0f2;
	--primary-fg: #0e0e11;
	--shadow-xs: none;
	--shadow-sm: none;
	--shadow-md: none;
	}
	}
	,::before,*::after{box-sizing:border-box;margin:0;padding:0}
	html,body{height:100%}
	body{
	font-family:var(--font-sans);
	background:var(--bg);
	color:var(--ink);
	font-size:14px;line-height:1.55;
	-webkit-font-smoothing:antialiased;
	font-feature-settings:"cv11","ss01";
	}
	a{color:inherit;text-decoration:underline;text-decoration-color:var(--line-strong);text-underline-offset:3px}
	a:hover{text-decoration-color:var(--ink)}
	button{font:inherit;color:inherit;background:transparent;border:0;cursor:pointer}
	.pp-shell{max-width:1060px;margin:0 auto;padding:36px 20px 56px}
	.pp-brand{display:flex;align-items:center;gap:10px;margin-bottom:22px}
	.pp-brand-mark{
	width:26px;height:26px;border-radius:7px;
	background:var(--ink);color:var(--bg);
	display:grid;place-items:center;
	font-family:var(--font-mono);font-size:13px;font-weight:600;letter-spacing:-0.02em;
	}
	.pp-brand-name{font-size:13.5px;font-weight:500}
	.pp-brand-name .sub{color:var(--ink-faint);font-weight:400;margin-left:6px}
	.pp-caps{font-size:10.5px;font-weight:600;letter-spacing:0.09em;text-transform:uppercase;color:var(--ink-dim)}
	.pp-hero{margin-bottom:22px}
	.pp-hero h1{font-family:var(--font-serif);font-size:38px;line-height:1.08;letter-spacing:-0.015em;font-weight:500;margin-bottom:8px}
	.pp-hero p{color:var(--ink-dim);max-width:58ch;font-size:14px}
	.pp-banner{padding:10px 14px;border-radius:var(--radius-md);font-size:13px;line-height:1.5;border:0.5px solid var(--line-strong);margin-bottom:16px}
	.pp-banner strong{font-weight:600}
	.pp-banner-safe{background:color-mix(in srgb, var(--accent) 8%, transparent);border-color:color-mix(in srgb, var(--accent) 26%, var(--line-strong))}
	.pp-banner-reveal{background:color-mix(in srgb, var(--warn) 10%, transparent);border-color:color-mix(in srgb, var(--warn) 30%, var(--line-strong))}
	"""

	_COMPOSE_HTML = r"""<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width,initial-scale=1">
	<title>DLP Paste-Proxy — Pastebin with a conscience</title>
	<link rel="preconnect" href="https://fonts.googleapis.com">
	<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
	<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&family=Instrument+Serif:ital@0;1&display=swap" rel="stylesheet">
	<style>
	""" + _SHARED_CSS + r"""

	.pp-card{
	background:var(--panel);
	border:0.5px solid var(--line);
	border-radius:var(--radius-lg);
	box-shadow:var(--shadow-md);
	overflow:hidden;
	}
	.pp-card-head{
	padding:14px 18px;
	border-bottom:0.5px solid var(--line);
	display:flex;align-items:center;gap:10px;flex-wrap:wrap;
	}
	.pp-card-head h2{font-size:13.5px;font-weight:500;letter-spacing:-0.005em}
	.pp-spacer{flex:1}
	.pp-grid{
	display:grid;
	grid-template-columns:minmax(0,1fr) 280px;
	gap:0;
	}
	.pp-pane{padding:18px 20px 22px}
	.pp-pane + .pp-pane{border-left:0.5px solid var(--line);background:var(--panel-2)}
	.pp-textarea{
	width:100%;min-height:320px;
	font-family:var(--font-mono);font-size:13px;line-height:1.55;
	color:var(--ink);background:transparent;
	border:1px solid var(--line);border-radius:var(--radius-md);
	padding:14px 14px;resize:vertical;
	transition:border-color .15s,background .15s;
	}
	.pp-textarea::placeholder{color:var(--ink-faint)}
	.pp-textarea:focus{outline:none;border-color:var(--line-strong);background:color-mix(in srgb, var(--ink) 1.5%, transparent)}
	.pp-sub{color:var(--ink-faint);font-size:11.5px;font-family:var(--font-mono);margin-top:8px;display:flex;align-items:center;gap:10px;flex-wrap:wrap}
	.pp-sub .sep{opacity:.4}
	.pp-label{display:block;font-size:11px;font-weight:600;letter-spacing:0.07em;text-transform:uppercase;color:var(--ink-dim);margin:0 0 8px}
	.pp-ttl{display:flex;gap:4px;background:var(--panel);border:0.5px solid var(--line);padding:3px;border-radius:var(--radius-md)}
	.pp-ttl button{
	flex:1;padding:7px 0;font-size:12px;font-weight:500;color:var(--ink-dim);
	border-radius:5px;transition:background .12s,color .12s;
	}
	.pp-ttl button[aria-pressed="true"]{background:var(--ink);color:var(--bg)}
	.pp-ttl button:hover:not([aria-pressed="true"]){background:color-mix(in srgb, var(--ink) 4%, transparent);color:var(--ink)}
	.pp-hint{font-size:12px;color:var(--ink-faint);margin-top:8px;line-height:1.45}
	.pp-btn{
	font-size:13px;font-weight:500;padding:10px 14px;
	border:0.5px solid var(--line-strong);
	border-radius:var(--radius-md);
	background:var(--panel);color:var(--ink);
	display:inline-flex;align-items:center;justify-content:center;gap:8px;
	transition:background .12s,border-color .12s;
	}
	.pp-btn:hover:not(:disabled){background:color-mix(in srgb, var(--ink) 4%, var(--panel));border-color:var(--ink-dim)}
	.pp-btn:disabled{opacity:.55;cursor:not-allowed}
	.pp-btn-primary{background:var(--primary-bg);color:var(--primary-fg);border-color:var(--primary-bg);width:100%}
	.pp-btn-primary:hover:not(:disabled){background:color-mix(in srgb, var(--primary-bg) 88%, var(--ink));border-color:var(--primary-bg)}
	.pp-btn-arr{font-family:var(--font-mono);font-size:11px;opacity:.7}

	.pp-success{
	display:none;margin-top:24px;padding:22px 22px 24px;
	background:var(--panel);border:0.5px solid var(--line);border-radius:var(--radius-lg);box-shadow:var(--shadow-md);
	}
	.pp-success.on{display:block}
	.pp-success h3{font-family:var(--font-serif);font-size:22px;line-height:1.15;font-weight:500;margin-bottom:4px;letter-spacing:-0.01em}
	.pp-success .pp-caps{margin-bottom:14px;display:block}
	.pp-link{
	display:flex;align-items:stretch;gap:0;margin:8px 0 14px;
	border:0.5px solid var(--line);border-radius:var(--radius-md);overflow:hidden;background:var(--panel-2);
	}
	.pp-link input{
	flex:1;border:0;background:transparent;padding:10px 12px;
	font-family:var(--font-mono);font-size:12px;color:var(--ink);min-width:0;outline:none;
	}
	.pp-link button{
	border-left:0.5px solid var(--line);background:var(--panel);
	padding:0 14px;font-size:12px;font-weight:500;color:var(--ink-dim);
	transition:background .12s,color .12s;
	}
	.pp-link button:hover{background:color-mix(in srgb, var(--ink) 4%, var(--panel));color:var(--ink)}
	.pp-link-label{display:flex;align-items:baseline;gap:8px;font-size:13px;font-weight:500;margin-top:14px}
	.pp-link-label .hint{font-weight:400;color:var(--ink-faint);font-size:12px}
	.pp-link-label:first-of-type{margin-top:0}
	.pp-link-label .priv{
	font-family:var(--font-mono);font-size:10px;font-weight:600;letter-spacing:.06em;
	padding:2px 7px;border-radius:4px;
	background:color-mix(in srgb, var(--warn) 18%, transparent);
	color:color-mix(in srgb, var(--warn) 70%, var(--ink));
	text-transform:uppercase;
	}
	.pp-preview-row{display:grid;grid-template-columns:1fr 1fr;gap:12px;margin-top:16px}
	.pp-preview{background:var(--panel-2);border:0.5px solid var(--line);border-radius:var(--radius-md);padding:12px 14px 14px;font-family:var(--font-serif);font-size:14.5px;line-height:1.55;min-height:130px;max-height:260px;overflow:auto}
	.pp-preview .pp-caps{display:block;margin-bottom:8px;font-family:var(--font-sans);font-size:10px;color:var(--ink-faint)}
	.pp-err{display:none;margin-top:12px;padding:10px 12px;border-radius:var(--radius-md);background:color-mix(in srgb, #dc2626 9%, transparent);border:0.5px solid color-mix(in srgb, #dc2626 30%, var(--line-strong));color:#991b1b;font-size:13px}
	.pp-err.on{display:block}
	.pp-err code{font-family:var(--font-mono);font-size:12px}
	.pp-loading{display:none;align-items:center;gap:8px;color:var(--ink-dim);font-size:13px;margin-top:12px}
	.pp-loading.on{display:inline-flex}
	.pp-spin{width:12px;height:12px;border:1.5px solid color-mix(in srgb, var(--ink) 25%, transparent);border-top-color:var(--ink);border-radius:50%;animation:pp-spin 0.8s linear infinite}
	@keyframes pp-spin{to{transform:rotate(360deg)}}

	.pp-footer{
	margin-top:28px;padding-top:22px;border-top:0.5px solid var(--line);
	display:flex;justify-content:space-between;gap:16px;color:var(--ink-faint);font-size:12px;flex-wrap:wrap;
	}
	.pp-footer a{color:var(--ink-dim)}

	/* Pills & highlights used on view page (scoped so compose page can
	reuse the preview rendering to show what the redacted version
	looks like before the user commits) */
	.pp-red{
	display:inline-flex;align-items:center;gap:4px;
	font-family:var(--font-sans);font-size:12px;font-weight:500;
	padding:1px 7px 1px 6px;margin:0 1px;border-radius:3px;
	background:color-mix(in srgb, var(--cat, #666) 14%, transparent);
	color:color-mix(in srgb, var(--cat, #666) 62%, var(--ink));
	vertical-align:baseline;letter-spacing:-0.002em;
	border:0.5px solid color-mix(in srgb, var(--cat, #666) 28%, transparent);
	}
	.pp-red-dot{width:5px;height:5px;border-radius:50%;background:var(--cat,#666);flex:none}

	@media (max-width:820px){
	.pp-grid{grid-template-columns:1fr}
	.pp-pane + .pp-pane{border-left:0;border-top:0.5px solid var(--line)}
	.pp-preview-row{grid-template-columns:1fr}
	}
	</style>
	</head>
	<body>
	<div class="pp-shell">

	<div class="pp-brand">
	<div class="pp-brand-mark">P</div>
	<div class="pp-brand-name">DLP Paste-Proxy<span class="sub">pastebin with a conscience</span></div>
	</div>

	<div class="pp-hero">
	<h1>Paste sensitive text.<br>Share only the redacted view.</h1>
	<p>OpenAI Privacy Filter scans your paste for names, addresses, emails, phones, URLs, dates, account numbers, and secrets before minting a shareable link. Viewers see placeholders; only your private reveal link shows the original.</p>
	</div>

	<div class="pp-card">
	<div class="pp-card-head">
	<span class="pp-caps">Compose</span>
	<h2>New paste</h2>
	<span class="pp-spacer"></span>
	<span class="pp-sub" id="pp-char-count">0 / """ + f"{MAX_PASTE_CHARS:,}" + r""" chars</span>
	</div>
	<div class="pp-grid">
	<div class="pp-pane">
	<label class="pp-label" for="pp-text">Paste body</label>
	<textarea id="pp-text" class="pp-textarea" spellcheck="false"
	placeholder="Paste anything — a DM thread, a log line, an email, a support ticket. The OPF model labels each character span; placeholders replace the private parts before the URL is minted."></textarea>
	<div class="pp-sub">
	<span id="pp-cursor">line 1, col 1</span>
	<span class="sep">·</span>
	<span>no data leaves this server except as redacted placeholders</span>
	</div>
	</div>
	<div class="pp-pane">
	<label class="pp-label">Auto-expiry</label>
	<div class="pp-ttl" id="pp-ttl" role="tablist" aria-label="Expiration">
	<button type="button" data-ttl="never" aria-pressed="true">Never</button>
	<button type="button" data-ttl="1h" aria-pressed="false">1h</button>
	<button type="button" data-ttl="24h" aria-pressed="false">24h</button>
	<button type="button" data-ttl="7d" aria-pressed="false">7d</button>
	</div>
	<p class="pp-hint">A background sweeper deletes expired pastes on the server. Expired links 404.</p>

	<label class="pp-label" style="margin-top:20px">Create</label>
	<button type="button" id="pp-create" class="pp-btn pp-btn-primary">
	<span>Scan & mint link</span>
	<span class="pp-btn-arr">↵</span>
	</button>
	<div class="pp-loading" id="pp-loading">
	<span class="pp-spin"></span><span>Running OPF on your paste…</span>
	</div>
	<div class="pp-err" id="pp-err"></div>
	</div>
	</div>
	</div>

	<section class="pp-success" id="pp-success">
	<span class="pp-caps">Paste minted</span>
	<h3>Your paste is ready.</h3>

	<div class="pp-link-label">
	Shareable view link
	<span class="hint">redacted — give to recipients</span>
	</div>
	<div class="pp-link">
	<input id="pp-view-url" readonly value="">
	<button type="button" data-copy="pp-view-url">Copy</button>
	</div>

	<div class="pp-link-label">
	Private reveal link
	<span class="priv">author only</span>
	<span class="hint">shows original — keep it to yourself</span>
	</div>
	<div class="pp-link">
	<input id="pp-reveal-url" readonly value="">
	<button type="button" data-copy="pp-reveal-url">Copy</button>
	</div>

	<div class="pp-preview-row">
	<div class="pp-preview">
	<span class="pp-caps">What recipients will see</span>
	<div id="pp-preview-redacted"></div>
	</div>
	<div class="pp-preview" style="font-family:var(--font-sans);font-size:12.5px;line-height:1.5">
	<span class="pp-caps">Summary</span>
	<div id="pp-preview-summary"></div>
	</div>
	</div>
	</section>

	<footer class="pp-footer">
	<div>Powered by <a href="https://huggingface.co/openai/privacy-filter" target="_blank" rel="noopener">OpenAI Privacy Filter</a> · 1.5B params, 50M active, 128k context</div>
	<div><a href="#" id="pp-about">How this works →</a></div>
	</footer>
	</div>

	<script type="module">
	// ══════════════════════════════════════════════════════════════════
	// Gradio JS client — hits the queued @server.api create_paste route
	// so the OPF model call is serialized through Gradio's queue and
	// plays nicely with @spaces.GPU on ZeroGPU.
	// ══════════════════════════════════════════════════════════════════
	import { Client } from "https://cdn.jsdelivr.net/npm/@gradio/client/dist/index.min.js";

	const clientPromise = Client.connect(window.location.origin);

	const CATS = """ + _CATEGORIES_JSON + r""";
	const MAX = """ + str(MAX_PASTE_CHARS) + r""";

	const $text = document.getElementById('pp-text');
	const $cc = document.getElementById('pp-char-count');
	const $cur = document.getElementById('pp-cursor');
	const $ttl = document.getElementById('pp-ttl');
	const $btn = document.getElementById('pp-create');
	const $load = document.getElementById('pp-loading');
	const $err = document.getElementById('pp-err');
	const $ok = document.getElementById('pp-success');

	function updateCount(){
	const n = $text.value.length;
	$cc.textContent = n.toLocaleString() + ' / ' + MAX.toLocaleString() + ' chars';
	$cc.style.color = n > MAX ? '#b45309' : '';
	}
	function updateCursor(){
	const pos = $text.selectionStart;
	const lines = $text.value.slice(0, pos).split('\n');
	$cur.textContent = 'line ' + lines.length + ', col ' + (lines[lines.length-1].length + 1);
	}
	$text.addEventListener('input', updateCount);
	['keyup','click','focus','mouseup'].forEach(e => $text.addEventListener(e, updateCursor));

	let ttl = 'never';
	$ttl.addEventListener('click', (e) => {
	const b = e.target.closest('button'); if (!b) return;
	[...$ttl.querySelectorAll('button')].forEach(x => x.setAttribute('aria-pressed', x === b ? 'true' : 'false'));
	ttl = b.dataset.ttl;
	});

	function renderRedacted(redacted){
	let html = '';
	let i = 0;
	while (i < redacted.length){
	const lt = redacted.indexOf('<', i);
	if (lt === -1){ html += escapeHtml(redacted.slice(i)); break; }
	html += escapeHtml(redacted.slice(i, lt));
	const gt = redacted.indexOf('>', lt + 1);
	if (gt === -1){ html += escapeHtml(redacted.slice(lt)); break; }
	const tag = redacted.slice(lt+1, gt);
	const key = tag.toLowerCase();
	const meta = CATS[key];
	if (!meta){ html += escapeHtml(redacted.slice(lt, gt+1)); }
	else {
	html += '<span class="pp-red" data-cat="'+escapeHtml(key)+'" style="--cat:'+meta.color+'">'+
	'<span class="pp-red-dot"></span>'+escapeHtml(meta.label)+'</span>';
	}
	i = gt + 1;
	}
	return html;
	}
	function escapeHtml(s){ return s.replace(/[&<>"']/g, c => ({'&':'&','<':'<','>':'>','"':'"',"'":'''}[c])); }

	async function createPaste(){
	const text = $text.value.trim();
	$err.classList.remove('on'); $err.textContent = '';
	if (!text){ $err.classList.add('on'); $err.textContent = 'Paste is empty.'; return; }
	if (text.length > MAX){ $err.classList.add('on'); $err.textContent = 'Paste exceeds ' + MAX.toLocaleString() + ' characters.'; return; }

	$btn.disabled = true; $load.classList.add('on'); $ok.classList.remove('on');
	try{
	const client = await clientPromise;
	const result = await client.predict("/create_paste", { text, ttl });
	const data = result.data[0] \|\| {};
	if (data.error) throw new Error(data.error);

	const origin = window.location.origin;
	document.getElementById('pp-view-url').value = origin + data.view_path;
	document.getElementById('pp-reveal-url').value = origin + data.reveal_path;

	// create_paste already returns the redacted preview in-line, so
	// no second round-trip to /api/paste/{id} is needed here.
	document.getElementById('pp-preview-redacted').innerHTML = renderRedacted(data.redacted \|\| '');

	const s = data.stats;
	const cats = Object.entries(s.categories).sort((a,b) => b[1].count - a[1].count);
	const catHtml = cats.length
	? cats.map(([k,v]) => {
	const m = CATS[k] \|\| {label:k, color:'#333'};
	return '<span class="pp-red" style="--cat:'+m.color+';margin:2px 4px 2px 0"><span class="pp-red-dot"></span>'+escapeHtml(m.label)+' × '+v.count+'</span>';
	}).join('')
	: '<em style="color:var(--ink-faint)">No PII found in this paste.</em>';
	document.getElementById('pp-preview-summary').innerHTML =
	'<div style="display:flex;gap:18px;margin-bottom:10px;align-items:baseline"><div><div style="font-family:var(--font-serif);font-size:26px;letter-spacing:-0.02em;line-height:1">'+s.pii_percentage+'%</div><div class="pp-caps" style="margin-top:3px">PII density</div></div>'+
	'<div><div style="font-family:var(--font-serif);font-size:26px;letter-spacing:-0.02em;line-height:1">'+s.total_spans+'</div><div class="pp-caps" style="margin-top:3px">spans</div></div>'+
	'<div><div style="font-family:var(--font-serif);font-size:26px;letter-spacing:-0.02em;line-height:1">'+s.total_chars.toLocaleString()+'</div><div class="pp-caps" style="margin-top:3px">chars</div></div></div>'+
	'<div>'+catHtml+'</div>';

	$ok.classList.add('on');
	$ok.scrollIntoView({behavior:'smooth', block:'start'});
	} catch (e) {
	$err.classList.add('on');
	$err.textContent = e.message \|\| 'Failed to create paste.';
	} finally {
	$btn.disabled = false; $load.classList.remove('on');
	}
	}

	$btn.addEventListener('click', createPaste);
	$text.addEventListener('keydown', (e) => {
	if ((e.metaKey \|\| e.ctrlKey) && e.key === 'Enter'){ e.preventDefault(); createPaste(); }
	});

	document.addEventListener('click', (e) => {
	const b = e.target.closest('[data-copy]'); if (!b) return;
	const inp = document.getElementById(b.dataset.copy);
	inp.select(); navigator.clipboard.writeText(inp.value);
	const prev = b.textContent; b.textContent = 'Copied'; setTimeout(() => b.textContent = prev, 1200);
	});

	updateCount(); updateCursor();
	</script>
	</body>
	</html>
	"""

	# ── view page ─────────────────────────────────────────────────────

	_VIEW_HTML = r"""<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width,initial-scale=1">
	<title>Paste __PID__ — DLP Paste-Proxy</title>
	<link rel="preconnect" href="https://fonts.googleapis.com">
	<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
	<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&family=Instrument+Serif:ital@0;1&display=swap" rel="stylesheet">
	<style>
	""" + _SHARED_CSS + r"""

	.pp-view-head{
	display:flex;align-items:center;gap:10px;flex-wrap:wrap;margin-bottom:18px;
	padding:14px 16px;background:var(--panel);border:0.5px solid var(--line);
	border-radius:var(--radius-lg);box-shadow:var(--shadow-sm);
	}
	.pp-view-id{font-family:var(--font-mono);font-size:12.5px;color:var(--ink-dim);padding:3px 8px;background:var(--panel-2);border:0.5px solid var(--line);border-radius:5px}
	.pp-view-mode{font-size:11px;font-weight:600;letter-spacing:0.06em;text-transform:uppercase;padding:3px 8px;border-radius:4px;background:color-mix(in srgb,var(--ink) 8%,transparent);color:var(--ink-dim)}
	.pp-view-expiry{font-family:var(--font-mono);font-size:11.5px;color:var(--ink-faint)}

	.pp-stat-row{display:flex;gap:26px;flex-wrap:wrap;margin-left:auto;margin-right:0}
	.pp-stat{text-align:right}
	.pp-stat b{font-family:var(--font-serif);font-weight:500;font-size:22px;letter-spacing:-0.01em;display:block;line-height:1}
	.pp-stat span{font-size:10.5px;letter-spacing:0.08em;text-transform:uppercase;color:var(--ink-faint);font-weight:500}

	.pp-view-body{
	background:var(--panel);border:0.5px solid var(--line);border-radius:var(--radius-lg);
	box-shadow:var(--shadow-md);padding:28px 32px 30px;
	}
	.pp-body-redacted, .pp-body-reveal{
	font-family:var(--font-serif);font-size:17px;line-height:1.7;
	color:var(--ink);
	white-space:pre-wrap;word-wrap:break-word;
	}

	/* highlight (reveal mode) */
	.pp-hi{
	background:color-mix(in srgb, var(--cat,#666) 18%, transparent);
	color:var(--ink);
	border-radius:3px;padding:1px 3px;margin:0 1px;
	border:0.5px solid color-mix(in srgb, var(--cat,#666) 30%, transparent);
	position:relative;
	}
	.pp-hi-tag{
	font-family:var(--font-sans);font-size:9.5px;letter-spacing:0.07em;text-transform:uppercase;
	font-weight:600;color:var(--cat,#666);margin-left:4px;opacity:.72;
	}

	.pp-badges{display:flex;gap:8px;flex-wrap:wrap;margin-bottom:18px;padding-bottom:16px;border-bottom:0.5px solid var(--line)}
	.pp-badge{
	display:inline-flex;align-items:center;gap:6px;
	font-size:12px;font-weight:500;padding:4px 9px 4px 8px;
	border-radius:4px;background:color-mix(in srgb, var(--cat,#666) 10%, transparent);
	border:0.5px solid color-mix(in srgb, var(--cat,#666) 22%, transparent);
	color:var(--ink-dim);
	}
	.pp-badge-dot{width:6px;height:6px;border-radius:50%;background:var(--cat,#666)}
	.pp-badge-n{font-family:var(--font-mono);font-size:11px;color:var(--cat,#666);font-weight:600;margin-left:2px}
	.pp-muted{color:var(--ink-faint);font-size:13px}

	.pp-actions{display:flex;gap:10px;margin-top:16px;flex-wrap:wrap}
	.pp-btn{
	font-size:12.5px;font-weight:500;padding:8px 14px;
	border:0.5px solid var(--line-strong);border-radius:var(--radius-md);
	background:var(--panel);color:var(--ink);display:inline-flex;align-items:center;gap:8px;
	transition:background .12s,border-color .12s;
	}
	.pp-btn:hover{background:color-mix(in srgb, var(--ink) 4%, var(--panel));border-color:var(--ink-dim)}

	.pp-footer{margin-top:28px;padding-top:22px;border-top:0.5px solid var(--line);display:flex;justify-content:space-between;gap:16px;color:var(--ink-faint);font-size:12px;flex-wrap:wrap}
	</style>
	</head>
	<body>
	<div class="pp-shell">

	<div class="pp-brand">
	<a href="/" style="text-decoration:none;display:flex;align-items:center;gap:10px">
	<div class="pp-brand-mark">P</div>
	<div class="pp-brand-name">DLP Paste-Proxy<span class="sub">pastebin with a conscience</span></div>
	</a>
	</div>

	<div class="pp-view-head">
	<span class="pp-caps">Paste</span>
	<span class="pp-view-id">__PID__</span>
	<span class="pp-view-mode">__MODE__</span>
	<span class="pp-view-expiry">__CREATED__ · __EXPIRY__</span>

	<div class="pp-stat-row">
	<div class="pp-stat"><b>__PCT__%</b><span>PII density</span></div>
	<div class="pp-stat"><b>__SPANS_N__</b><span>spans</span></div>
	<div class="pp-stat"><b>__CHARS_N__</b><span>chars</span></div>
	</div>
	</div>

	__BANNER__

	<div class="pp-view-body">
	<div class="pp-badges">__BADGES__</div>
	<div class="__BODY_CLASS__">__BODY__</div>

	<div class="pp-actions">
	<button type="button" class="pp-btn" onclick="navigator.clipboard.writeText(window.location.href); this.textContent='Copied this link'">Copy this link</button>
	<a class="pp-btn" href="/">Create your own paste →</a>
	</div>
	</div>

	<footer class="pp-footer">
	<div>Recipients see placeholders. The author's reveal link shows the original inline.</div>
	<div>Views: __VIEWS__ · Reveals: __REVEALS__</div>
	</footer>
	</div>
	</body>
	</html>
	"""

	_NOT_FOUND_HTML = r"""<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width,initial-scale=1">
	<title>Paste not found — DLP Paste-Proxy</title>
	<link rel="preconnect" href="https://fonts.googleapis.com">
	<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
	<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&family=Instrument+Serif:ital@0;1&display=swap" rel="stylesheet">
	<style>
	""" + _SHARED_CSS + r"""
	.pp-404{
	background:var(--panel);border:0.5px solid var(--line);border-radius:var(--radius-lg);
	box-shadow:var(--shadow-md);padding:56px 40px;text-align:center;
	}
	.pp-404 h1{font-family:var(--font-serif);font-size:48px;font-weight:500;letter-spacing:-0.02em;line-height:1;margin-bottom:10px}
	.pp-404 p{color:var(--ink-dim);margin-bottom:22px;max-width:44ch;margin-left:auto;margin-right:auto}
	.pp-404 code{font-family:var(--font-mono);font-size:12.5px;background:var(--panel-2);padding:2px 8px;border-radius:4px}
	.pp-btn{font-size:13px;font-weight:500;padding:10px 16px;border:0.5px solid var(--line-strong);border-radius:var(--radius-md);background:var(--primary-bg);color:var(--primary-fg);display:inline-flex;align-items:center;gap:8px}
	</style>
	</head>
	<body>
	<div class="pp-shell">
	<div class="pp-brand">
	<a href="/" style="text-decoration:none;display:flex;align-items:center;gap:10px">
	<div class="pp-brand-mark">P</div>
	<div class="pp-brand-name">DLP Paste-Proxy<span class="sub">pastebin with a conscience</span></div>
	</a>
	</div>
	<div class="pp-404">
	<h1>Paste not found</h1>
	<p><code>{{PID}}</code> either never existed, expired by its TTL, or was evicted by a server restart. Pastes live in process memory for the demo.</p>
	<a class="pp-btn" href="/">Create a new paste →</a>
	</div>
	</div>
	</body>
	</html>
	"""


	# ── launch ────────────────────────────────────────────────────────

	if __name__ == "__main__":
	server.launch(server_name="0.0.0.0", server_port=7860)