docs: rename v0.1.1 to v0.2.0 in CHANGELOG

The Redactor introduces a new public API surface (RedactorInterface
plus per-game implementation), which under semver is a minor version
bump, not a patch. Correcting the changelog before the v0.1.1 tag is
re-pointed at v0.2.0 in a follow-up step.

.github/workflows/tests.yaml

@@ -27,7 +27,7 @@ jobs:
 
       - name: Set composer cache directory
         id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT"
 
       - name: Restore composer from cache
         uses: actions/cache@v4

CHANGELOG.md

@@ -0,0 +1,55 @@
+# Changelog
+
+All notable changes to `indifferentketchup/codex` are documented here.
+
+The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.2.0] — 2026-05-01
+
+Render-time PII redaction utility added on the same calendar day as v0.1.0. Cut as a minor version bump rather than a patch because it adds a new public API surface (`RedactorInterface` plus the per-game implementation), which under semver is a minor change, not a patch. Consumers (notably iblogs) pin to `^0.2.0` to opt into the redactor-aware version.
+
+### Added
+
+- `RedactorInterface` (`src/Util/RedactorInterface.php`) and `ProjectZomboidRedactor` (`src/Util/ProjectZomboid/ProjectZomboidRedactor.php`) — render-time PII filter that scrubs Steam IDs, player names, and world coordinates from Project Zomboid log content. Three independent toggles default to on. Designed as a string-in/string-out utility so consumers can apply it at any rendering or export step. Documented v1 limitations: in PvP combat lines, only the attacker's name and coords are redacted; victim's name and coords (after `hit`) are deferred to v2. In admin lines, `teleported X to <coords>` coordinates are not redacted in v1.
+- 65 new test methods across six files under `test/tests/Util/Redactor/` — per-category unit tests, combined / toggle / idempotence matrix, and integration coverage that drives all 11 existing PZ fixtures through the redactor end-to-end. Suite total: 260 tests, 492 assertions.
+- `docs/superpowers/specs/2026-04-30-redactor-design.md` flipped from "deferred" to "implemented" status. Plan committed at `docs/superpowers/plans/2026-05-01-redactor.md`.
+
+### Changed
+
+- New top-level `src/Util/` directory introduced. The Redactor is its first occupant; future utilities (e.g. tokenising redactor variants) land here.
+
+## [0.1.0] — 2026-05-01
+
+First public release. Codex is a generic PHP log parsing and analysis framework with full Project Zomboid server-log support across eight analysers. The Composer package name is `indifferentketchup/codex` (the repository directory and Gitea slug are `ik-codex`; the package name is not).
+
+### Added
+
+- **Framework foundation** — generic `Log` / `Entry` / `Line` / `Parser` / `Analyser` / `Detective` / `Insight` pipeline forked from upstream `aternos/codex` and renamed end-to-end to `IndifferentKetchup\Codex\*` in `66a2fcc`. Zero `Aternos\Codex\*` namespace references remain in `src/` or `test/`.
+- **`FilenameDetector`** at `IndifferentKetchup\Codex\Detective\FilenameDetector` — path-based detector that uses the new `LogFileInterface::getPath()` accessor to dispatch on a filename hint. Falls back to `false` for path-less log files (`StringLogFile`, `StreamLogFile`).
+- **Project Zomboid log subclasses (11)** under `IndifferentKetchup\Codex\Log\ProjectZomboid\*` covering every PZ server-log file type: a multi-line `ProjectZomboidServerLog` for `DebugLog-server.txt`, an abstract `ProjectZomboidEventLog` base for the ten single-line logs, and concrete subclasses for `admin.txt`, `BurdJournals.txt`, `chat.txt`, `ClientActionLog.txt`, `cmd.txt`, `item.txt`, `map.txt`, `PerkLog.txt`, `pvp.txt`, `user.txt`.
+- **Pattern classes (11)** under `IndifferentKetchup\Codex\Pattern\ProjectZomboid\*` holding regex string constants. Each `<Type>Pattern` carries a `LINE` regex used by `PatternParser`, plus named-group extractor regexes (`FIELDS`, `COMBAT`, `MOD_LOAD`, etc.) used by analysers.
+- **`ProjectZomboidDetective`** at `IndifferentKetchup\Codex\Detective\ProjectZomboid\ProjectZomboidDetective` — pre-registers all 11 log subclasses in its constructor with paired filename-hint plus content-signature detectors.
+- **Phase B.1 ServerLog analysers (3)**: `EngineVersionAnalyser` (extracts engine version, build hash, and build date from the server banner), `ModLoadAnalyser` (mod load order plus missing-mod problems with attached `ModMissingSolution`), `ServerExceptionAnalyser` (Java exception type and stack-trace body, coalesced by exception type).
+- **Phase B.2 PvP and Admin analysers (2)**: `PvpDamageAnalyser` (filters zombie hits and zero-damage rows at the regex itself), `AdminAuditAnalyser` (verb-pattern dispatch across six admin actions: added item, added xp, granted access, changed option, reloaded options, teleported).
+- **Phase B.3 deferred analysers (3)** — first custom `Analyser` subclasses in the tree, addressing logic that vanilla `PatternAnalyser` cannot express: `ConnectionFailureAnalyser` (event pairing across the file), `ItemDuplicationAnalyser` (sliding-window heuristic with `THRESHOLD_COUNT=5`, `THRESHOLD_WINDOW_SECONDS=10`), `SkillProgressionAnomalyAnalyser` (consecutive-snapshot delta with `THRESHOLD_DELTA=3`). All three threshold constants ship with rationale docblocks and are tunable via subclass override.
+- **Synthetic test fixtures** under `test/src/Games/ProjectZomboid/fixtures/`, hand-crafted from observed PZ log shapes with placeholder identifiers per the project's privacy rules: Steam IDs `76561198000000001`–`76561198000000004`, names `Player1` / `Player2` / `AdminUser` / `PlayerSuspect`, generic coords. No real-log content reaches the index.
+- **End-to-end tests** validating each Log subclass's parser, each analyser's insight emission, and the Detective's dispatch behaviour against the synthetic fixtures. Final count: **195 tests, 412 assertions**.
+- **Project documentation**: `CLAUDE.md` with framework architecture, pitfalls, and workflow conventions; `README.md` with worked Project Zomboid example and per-game support table; design specs and as-built plans for Phase B.1 / B.2 / B.3 plus a deferred-status spec for the codex `Redactor` utility, all under `docs/superpowers/`.
+
+### Changed
+
+- **Layout: components-outer with game suffix.** Every game's code lives at `IndifferentKetchup\Codex\<Component>\<Game>\*` for the existing components (`Analyser`, `Analysis`, `Detective`, `Log`, `Parser`, `Pattern`). This is option 1 from the Phase A Step 2 layout decision; option 3 (a flat `IndifferentKetchup\Codex\Games\<Game>\*` tree) was originally proposed and was **not** selected.
+- **`LICENSE`** retains the original `Copyright (c) 2019-2026 Aternos GmbH` line per MIT requirements; the LICENSE file is byte-for-byte unchanged from the upstream import.
+- **`composer.json`** rewritten in `aae016d`: package name `indifferentketchup/codex`, MIT license, generic-framework description, single author entry, PSR-4 autoload roots set to `IndifferentKetchup\Codex\` and the test-fixture / test-suite namespaces, PHP `>=8.4` require constraint, PHPUnit `^12` dev dependency.
+- **`tests.yaml`** uses the modern `$GITHUB_OUTPUT` workflow command instead of the deprecated `::set-output` (commit `60f12bc`). CI matrix runs PHP 8.4 and 8.5.
+- **`.gitignore`** excludes `Logs.zip` (real production log fixtures) and `.scratch/` (extracted reference logs), plus `.claude/` and `.claude.local.md` for personal Claude Code artefacts.
+
+### Deferred
+
+- **Other game implementations** — `Minecraft`, `Hytale`, and `SevenDaysToDie` are detective-stub-only. Each has a TODO `<Game>Detective` extending base `Detective`; their per-component subdirectories under `Analyser`, `Log`, `Parser`, and `Pattern` contain only `.gitkeep` placeholders. Real implementations land if and when fixtures and demand exist.
+- **Packagist publication** — v0.1.0 is consumable via Composer's `vcs` repository entry pointing at the Gitea remote. Pushing to Packagist is a separate decision and is not in scope for this release.
+
+[0.2.0]: https://git.indifferentketchup.com/indifferentketchup/ik-codex/releases/tag/v0.2.0
+[0.1.0]: https://git.indifferentketchup.com/indifferentketchup/ik-codex/releases/tag/v0.1.0

CLAUDE.md

@@ -48,6 +48,8 @@ Analysis of Insight[]
 - **`Detective`** ranks candidate Log subclasses by running each candidate's `getDetectors()` and picking the highest-scoring result (`bool|float`). It receives a `LogFile`, returns a constructed `Log` subclass.
 - **`PatternParser`** is regex-driven. Lines that don't match the LINE regex append to the previous `Entry` — this is the mechanism that handles multi-line records like Java stack traces under an ERROR header.
 - **`PatternAnalyser`** walks entries, runs each registered insight class's static `getPatterns()` against entry text via `preg_match_all`, and emits coalesced insights (equal insights bump a counter instead of duplicating).
+- **Custom `Analyser` subclasses** are the right move when analysis needs cross-entry state — pairing events, sliding-window thresholds, comparing consecutive snapshots. `PatternAnalyser` operates per-entry only and can't express those. Phase B.3 (`ConnectionFailureAnalyser`, `ItemDuplicationAnalyser`, `SkillProgressionAnomalyAnalyser`) shows the shape: extend `Analyser`, override `analyse()`, walk `$this->log` once, aggregate, then emit coalesced `Problem`/`Information` insights at the end. Tunable thresholds belong as `public const` constants on the subclass with the rationale in a docblock.
+- **`RedactorInterface`** is a render-time PII filter — string-in/string-out, configured per game, implemented at `src/Util/<Game>/<Game>Redactor.php`. Consumers call `redact(string $content): string` on a concrete instance before rendering or exporting log content.
 - Detectors available out of the box: `SinglePatternDetector`, `WeightedSinglePatternDetector`, `LinePatternDetector` (returns match ratio), `MultiPatternDetector` (AND), and the path-based `FilenameDetector` (uses `LogFileInterface::getPath()`, returns `false` when no path is available).
 
 ## Game subtrees
@@ -57,11 +59,14 @@ Layout is **components-outer with game suffix**, not games-outer:
 ```
 src/<Component>/<Game>/...   e.g. src/Log/ProjectZomboid/ProjectZomboidServerLog.php
 src/Pattern/<Game>/<Type>Pattern.php   (regex string constants; not a framework abstraction)
+src/Util/<Game>/...          e.g. src/Util/ProjectZomboid/ProjectZomboidRedactor.php
 test/tests/Games/<Game>/...
 test/src/Games/<Game>/fixtures/<type>-minimal.txt   (synthetic fixtures only)
 ```
 
-Scaffolded games: `Minecraft`, `Hytale`, `SevenDaysToDie` (stubs only — empty `.gitkeep`s plus a TODO `<Game>Detective` extending base `Detective`). `ProjectZomboid` is fully implemented (11 log subclasses, 11 pattern classes, detective wired with all 11, synthetic fixtures, dispatch tests).
+`src/Util/` is the sixth top-level component directory, introduced post-v0.1.0-tag. Its first occupant is the Redactor; future game-agnostic utilities (tokenising redactor variants, etc.) land here too.
+
+Scaffolded games: `Minecraft`, `Hytale`, `SevenDaysToDie` (stubs only — empty `.gitkeep`s plus a TODO `<Game>Detective` extending base `Detective`). `ProjectZomboid` is fully implemented: 11 log subclasses, 11 pattern classes, detective wired with all 11, synthetic fixtures, dispatch tests, plus the analyser surface — 11 `PatternAnalyser`-driven Insight classes under `src/Analysis/ProjectZomboid/` and 3 custom `Analyser` subclasses under `src/Analyser/ProjectZomboid/` for cross-entry / threshold logic.
 
 `src/Pattern/` is **not a framework abstraction** — patterns are plain `string` class constants. Each `<Type>Pattern` typically holds a `LINE` constant for the parser plus named-group extractor constants (`FIELDS`, `COMBAT`, `MOD_LOAD`, etc.) for analysers.
 
@@ -69,6 +74,11 @@ Scaffolded games: `Minecraft`, `Hytale`, `SevenDaysToDie` (stubs only — empty
 
 - Two abstract bases: `ProjectZomboidLog` (`TIME_FORMAT = 'd-m-y H:i:s.v'`, UTC default, `makePatternParser()` helper) and `ProjectZomboidEventLog` (marker for the ten single-line logs; `ProjectZomboidServerLog` extends the parent directly because it permits multi-line entries).
 - `ProjectZomboidDetective::__construct()` pre-registers all 11 log classes — instantiate it and call `setLogFile(...)->detect()`.
+- Each Log subclass's `getDefaultAnalyser()` returns one of:
+  - A custom `Analyser` subclass (cross-entry logic): `UserLog → ConnectionFailureAnalyser`, `ItemLog → ItemDuplicationAnalyser`, `PerkLog → SkillProgressionAnomalyAnalyser`.
+  - A configured `PatternAnalyser` (per-entry pattern matching): `ServerLog`, `PvpLog`, `AdminLog` register their respective Insight classes.
+  - An empty `PatternAnalyser` for logs with no analysers yet: `ChatLog`, `ClientActionLog`, `CmdLog`, `MapLog`, `BurdJournalsLog`. These are wiring stubs awaiting future analysis work.
+- **`ProjectZomboidRedactor`** at `src/Util/ProjectZomboid/ProjectZomboidRedactor.php` — concrete `RedactorInterface` implementation. Downstream consumers call `redact(string): string` to scrub Steam IDs (zeroed placeholder), player names (`<player>`), and world coordinates (`0,0,0`) from log content. Three independent toggle methods default to on: `redactSteamIds(bool)`, `redactPlayerNames(bool)`, `redactCoordinates(bool)`. Pass order (Steam ID → player name → coords) is mandatory and enforced internally — see Pitfall 5.
 
 ### Standard test template for a Log subclass
 
@@ -80,6 +90,7 @@ At minimum: (1) entry count after `parse()` matches the synthetic fixture's line
 2. **PHPUnit 12 requires the `#[DataProvider('methodName')]` attribute.** The legacy `@dataProvider` annotation silently passes zero args and fails with `ArgumentCountError`.
 3. **`Level::fromString()` defaults to `Level::INFO` for unknown tokens.** Project Zomboid log levels map: `LOG`/`INFO` → INFO; `WARN` → WARNING; `ERROR` → ERROR.
 4. **`PatternParser` matches array** must declare a match-type for **every** capture group in the regex (`TIME`, `LEVEL`, or `PREFIX`); otherwise the parser throws on the unmapped index. Use non-capturing groups `(?:...)` for fields you want to skip.
+5. **`ProjectZomboidRedactor` pass order is mandatory.** `PLAYER_AFTER_STEAMID_REGEX` anchors on the already-redacted Steam ID placeholder — it will not match raw Steam IDs. Do NOT swap the Steam ID and player-name passes, and do NOT stub out the Steam ID pass while leaving the player-name pass enabled.
 
 ## Workflow conventions
 

README.md

@@ -1,13 +1,112 @@
 # IndifferentKetchup Codex
 
-A generic PHP log parsing and analysis framework. Provides interfaces and base implementations for reading log files, detecting log types, parsing entries into structured form, analysing them for problems and information, and printing results.
+Generic PHP log parsing and analysis framework. Reads a log file, detects which log type it is, parses entries (including multi-line records like Java stack traces), runs the type-specific analysers, and returns structured `Information` and `Problem` insights with attached `Solution`s where applicable.
 
-## Installation
+Originally a fork of [`aternos/codex`](https://github.com/aternosorg/codex); the framework is intentionally game-agnostic. The reference implementation in this tree is Project Zomboid server logs.
+
+## Install
 
 ```
 composer require indifferentketchup/codex
 ```
 
+Requires PHP `>=8.4`. No third-party runtime dependencies.
+
+## Quick start
+
+Given a Project Zomboid `DebugLog-server.txt`:
+
+```php
+<?php
+require __DIR__ . '/vendor/autoload.php';
+
+use IndifferentKetchup\Codex\Detective\ProjectZomboid\ProjectZomboidDetective;
+use IndifferentKetchup\Codex\Log\File\PathLogFile;
+
+$detective = new ProjectZomboidDetective();
+$detective->setLogFile(new PathLogFile('2026-04-30_14-00_DebugLog-server.txt'));
+
+$log = $detective->detect();
+$log->parse();
+$analysis = $log->analyse();
+
+echo $log->getTitle(), "\n\n";
+
+foreach ($analysis->getInformation() as $info) {
+    echo "[INFO] ", $info->getMessage(), "\n";
+}
+
+foreach ($analysis->getProblems() as $problem) {
+    echo "[PROBLEM] ", $problem->getMessage(), "\n";
+    foreach ($problem->getSolutions() as $solution) {
+        echo "          -> ", $solution->getMessage(), "\n";
+    }
+}
+```
+
+For a session with mod issues and a server-side exception, output looks roughly like:
+
+```
+Project Zomboid Debug Server Log
+
+[INFO] Engine version: 42.16.3 (build <hash>, <build date>)
+[INFO] Mod loaded: <mod_id>
+[INFO] Mod loaded: <other_mod_id>
+[PROBLEM] Required mod "<missing>" not found.
+          -> Subscribe to mod "<missing>" or remove its ID from the Mods= line in serverconfig.ini.
+[PROBLEM] Exception thrown: java.nio.file.NoSuchFileException
+```
+
+If the log content arrives without a filesystem path (clipboard paste, web upload, stream), use `StringLogFile` or `StreamLogFile` instead of `PathLogFile`. The detective falls back to content signatures when the filename hint is absent.
+
+## Redaction
+
+Before rendering or exporting log content, pass it through `ProjectZomboidRedactor` to strip PII:
+
+```php
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+
+$redactor = new ProjectZomboidRedactor();
+$safe = $redactor->redact($logContent);
+```
+
+This scrubs three categories in a fixed pass order: Steam IDs are replaced with a zeroed placeholder, player names with `<player>`, and world coordinates with `0,0,0`. All three passes are on by default; opt out per category with `redactSteamIds(bool)`, `redactPlayerNames(bool)`, or `redactCoordinates(bool)`.
+
+Documented v1 limitations: in PvP combat lines, only the attacker's name and coords are redacted — the victim's name and coords (appearing after `hit`) are deferred to v2. In admin lines, `teleported X to <coords>` coordinates are not redacted in v1.
+
+## Architecture
+
+```
+LogFile → Log → parse() → Entry[] of Line[] → analyse() → Analysis of Insight[]
+                                                          └── Information | Problem(+Solutions)
+```
+
+- **`Detective`** ranks candidate `Log` subclasses by running each candidate's static `getDetectors()` and picking the highest-scoring result. Each game ships its own `<Game>Detective` that pre-registers its log classes.
+- **`PatternParser`** is regex-driven; lines that don't match the entry-start regex append to the previous `Entry`, which is how multi-line records (Java stack traces, indented warnings) are kept intact.
+- **Analysers** come in two flavours: configured `PatternAnalyser` instances for per-entry pattern matching, and custom subclasses of `Analyser` for cross-entry logic (pairing events, sliding-window thresholds, snapshot comparisons).
+- **Insights** are either `Information` (label + value) or `Problem` (with attached `Solution`s). Equal insights coalesce via a counter, so repeated patterns don't produce duplicate output.
+
+Patterns live as plain `string` constants under `src/Pattern/<Game>/` — there is no `PatternInterface`. Each game adds files under `src/<Component>/<Game>/` (components-outer, game-suffixed). Full extension guide and conventions in [`CLAUDE.md`](CLAUDE.md).
+
+## Game support
+
+| Game | State |
+|---|---|
+| Project Zomboid | Full: 11 log subclasses across all the file types a server emits; analysers covering engine version, mod loading, server exceptions, PvP combat, admin audit, connection failures, item duplication, skill progression anomalies |
+| Minecraft | Stub only — `MinecraftDetective` skeleton, no log subclasses yet |
+| Hytale | Stub only |
+| Seven Days To Die | Stub only |
+
+The framework itself is generic — adding a new game means writing the same shape of files Project Zomboid demonstrates, not modifying anything in `src/{Analyser,Analysis,Detective,Log,Parser,Printer,Pattern}/` outside the new game's subdirectory.
+
+## Developing
+
+`composer test` runs the suite. PHP and Composer are not required on the host — invocations wrap in the official `composer:latest` Docker image (PHP 8.5). See [`CLAUDE.md`](CLAUDE.md) for the wrapped command, file layout, and the workflow conventions used in this repo.
+
 ## Source
 
 <https://git.indifferentketchup.com/indifferentketchup/ik-codex>
+
+## License
+
+MIT — see [`LICENSE`](LICENSE).

docs/superpowers/plans/2026-04-30-pz-analysers-deferred.md

@@ -0,0 +1,74 @@
+# ProjectZomboid Phase B.3 Deferred Analysers — As-Built Plan
+
+> Retroactive: written 2026-05-01.
+
+This document is a historical record of how Phase B.3 (the three deferred analysers from the original Step D candidate list) was implemented. The corresponding design spec is `docs/superpowers/specs/2026-04-30-pz-analysers-deferred-design.md`. The work is complete and merged to `master`; checkboxes are pre-checked.
+
+**Goal:** Land three custom `Analyser` subclasses under `src/Analyser/ProjectZomboid/` (the first non-empty contents of that directory), three `Problem` subclasses under `src/Analysis/ProjectZomboid/`, threshold constants documented inline as `public const`, fixture extensions to exercise trigger and non-trigger paths, and e2e tests verifying the analysers' behaviour against the fixtures.
+
+**Architecture:** Custom subclasses of the framework's abstract `Analyser`. Each overrides `analyse()` to walk `$this->log` once, aggregate cross-entry state, and emit coalesced `Problem` insights at the end. This is the first deviation from Phase B.1/B.2's vanilla-`PatternAnalyser` pattern; the reasoning is recorded in the design spec and in `CLAUDE.md`.
+
+**Tech Stack:** PHP 8.4+, PHPUnit 12, Composer (root package: `indifferentketchup/codex`). PHP/Composer not installed on host — all command invocations wrap in `docker run --rm -v "$(pwd):/app" -w /app -u "$(id -u):$(id -g)" composer:latest …`.
+
+---
+
+## Tasks
+
+### Task 0 — Pre-checkpoint
+
+- [x] Empty checkpoint commit: `c444e85 pre-phase-B.3 checkpoint`
+
+### Task 1 — `ConnectionFailureAnalyser` (UserLog)
+
+Pairing logic: walk the log, count `attempting to join` and `allowed to join` events per Steam ID, emit a `ConnectionFailureProblem` for any Steam ID whose attempt count exceeds its allowed count.
+
+- [x] Add `src/Analysis/ProjectZomboid/ConnectionFailureProblem.php` (Steam ID, player, unmatched count; `isEqual` coalesces by Steam ID)
+- [x] Add `src/Analyser/ProjectZomboid/ConnectionFailureAnalyser.php` — first file in this directory; the `.gitkeep` placeholder is removed in this commit
+- [x] Wire `ProjectZomboidUserLog::getDefaultAnalyser()` to return `new ConnectionFailureAnalyser()` and drop the now-unused `PatternAnalyser` import
+- [x] Add `test/tests/Games/ProjectZomboid/Analyser/UserLogAnalysisTest.php` — asserts Player1 (`76561198000000001`) is flagged with `unmatchedAttempts == 1` and Player2 (`76561198000000002`) is not flagged
+- [x] `composer test` green: 188 tests, 392 assertions
+- [x] Commit: `73e9ca6 Add ConnectionFailureAnalyser`
+
+Design note inside the analyser docblock: "attempting to join used queue" rows are surfaced as failures in v1 because a long queue wait is indistinguishable from a real failure without timing context. Tunable in v2 if false positives become noisy.
+
+### Task 2 — `ItemDuplicationAnalyser` (ItemLog)
+
+Sliding-window heuristic over `(steamid, item)` groups, restricted to positive-delta events. Negative-delta rows (drops/transfers) are filtered out.
+
+- [x] Add `src/Analysis/ProjectZomboid/ItemDuplicationProblem.php` (Steam ID, player, item, event count; `isEqual` coalesces by `(steamid, item)`)
+- [x] Add `src/Analyser/ProjectZomboid/ItemDuplicationAnalyser.php` with two threshold constants and rationale docblocks: `THRESHOLD_COUNT = 5`, `THRESHOLD_WINDOW_SECONDS = 10`
+- [x] Wire `ProjectZomboidItemLog::getDefaultAnalyser()` to return `new ItemDuplicationAnalyser()`; drop unused `PatternAnalyser` import
+- [x] Extend `test/src/Games/ProjectZomboid/fixtures/item-minimal.txt`: append 6 Bullets9mm events at sub-second timestamps `19:50:00.001`–`.006` for AdminUser (trigger), plus 4 Plank events scattered `20:00:00`–`20:03:00` for Player1 (sub-threshold)
+- [x] Bump entry-count assertion in `ProjectZomboidItemLogTest::testParsesEachLineAsAnEntry`: 10 → 20
+- [x] Add `test/tests/Games/ProjectZomboid/Analyser/ItemLogAnalysisTest.php` — asserts one `ItemDuplicationProblem` (AdminUser + Bullets9mm + 6 events), zero for the Plank group, and the threshold constants are positive
+- [x] `composer test` green: 191 tests, 400 assertions
+- [x] Commit: `ba3fae8 Add ItemDuplicationAnalyser`
+
+Implementation note: the analyser uses a two-pointer sliding window per group, which is O(n) per group after the initial sort. `Entry::getTime()` returns integer Unix seconds (sub-second precision dropped); the burst events all collapse to the same Unix-second value so any positive window catches them.
+
+### Task 3 — `SkillProgressionAnomalyAnalyser` (PerkLog)
+
+Compare consecutive perks-snapshot rows per Steam ID; emit a problem for any single skill that gained more than `THRESHOLD_DELTA` levels between snapshots.
+
+- [x] Add `src/Analysis/ProjectZomboid/SkillProgressionAnomalyProblem.php` (Steam ID, player, skill, fromLevel, toLevel, delta; `isEqual` coalesces by `(steamid, skill)`)
+- [x] Add `src/Analyser/ProjectZomboid/SkillProgressionAnomalyAnalyser.php` with `THRESHOLD_DELTA = 3` and a rationale docblock about PZ's slow skill leveling
+- [x] Wire `ProjectZomboidPerkLog::getDefaultAnalyser()` to return `new SkillProgressionAnomalyAnalyser()`; drop unused `PatternAnalyser` import
+- [x] Extend `test/src/Games/ProjectZomboid/fixtures/perk-minimal.txt`: append PlayerSuspect (Steam ID `76561198000000004`) with two snapshots — Strength 2→10 (+8 trigger), Fitness 2→8 (+6 trigger), Maintenance 0→3 (+3 boundary, does not trigger because comparison is strict `>`)
+- [x] Bump entry-count assertion in `ProjectZomboidPerkLogTest::testParsesEachLineAsAnEntry`: 6 → 10
+- [x] Add `test/tests/Games/ProjectZomboid/Analyser/PerkLogAnalysisTest.php` — asserts exactly two problems for PlayerSuspect (Strength + Fitness, sorted), no problem for Maintenance, no problems for single-snapshot Player1/Player2, and the threshold constant is positive
+- [x] `composer test` green: 195 tests, 412 assertions
+- [x] Commit: `0c90e40 Add SkillProgressionAnomalyAnalyser`
+
+Filtering note: the analyser skips event-token rows (`Login`, `Logout`, `LevelUp`) by checking that the bracketed event field contains a `Skill=N` pair via `PerkPattern::PERK_PAIR`. Only true perks-snapshot rows enter the comparison.
+
+---
+
+## Done condition (met)
+
+After Task 3, `composer test` reports **195 tests, 412 assertions, all green** under PHPUnit 12.5.6 / PHP 8.5.5. All eight Step D candidate analysers (Phase B.1's three ServerLog + Phase B.2's seven PvP/Admin + Phase B.3's three deferred) are operational across their respective Log subclasses.
+
+The directory `src/Analyser/ProjectZomboid/` now contains real code for the first time; its `.gitkeep` placeholder was removed in `73e9ca6`.
+
+## Deviations from the original plan
+
+None this phase. The 4-commit count and the per-analyser shape both match what was committed-to in chat before execution. No silent breakages, no missing closing braces. The only observation worth recording is that the planned commit count was inclusive of the pre-checkpoint, and the actual commit ordering matched the plan exactly.

docs/superpowers/plans/2026-04-30-pz-analysers-pvp-admin.md

@@ -0,0 +1,116 @@
+# ProjectZomboid Phase B.2 Analysers — As-Built Plan
+
+> Retroactive: written 2026-05-01.
+
+This document is a historical record of how Phase B.2 (PvP combat detection + admin verb dispatch) was implemented. The corresponding design spec is `docs/superpowers/specs/2026-04-30-pz-analysers-pvp-admin-design.md`. The work is complete and merged to `master`; checkboxes are pre-checked.
+
+**Goal:** Land seven new `Information` insight classes (one for PvP combat, six for admin verbs) under `src/Analysis/ProjectZomboid/`, plus seven new pattern constants on `PvpPattern` / `AdminPattern`, then wire `ProjectZomboidPvpLog` and `ProjectZomboidAdminLog` default analysers to register them.
+
+**Architecture:** Vanilla `PatternAnalyser` configured with the new insight classes. No custom `Analyser` subclasses (deferred to Phase B.3). `Entry::__toString()` joins lines with `\n`, but B.2 logs are single-line per entry so multi-line behaviour doesn't apply here.
+
+**Tech Stack:** PHP 8.4+, PHPUnit 12, Composer (root package: `indifferentketchup/codex`). PHP/Composer not installed on host — all command invocations wrap in `docker run --rm -v "$(pwd):/app" -w /app -u "$(id -u):$(id -g)" composer:latest …`.
+
+---
+
+## Tasks
+
+### Task 0 — Pre-checkpoint
+
+- [x] Empty checkpoint commit: `df62da1 pre-phase-B.2 checkpoint`
+
+### Task 1 — `PvpDamageInformation` + `PvpPattern::COMBAT_REAL`
+
+- [x] Add `PvpPattern::COMBAT_REAL` constant (combat regex with negative lookahead on weapon and positive-non-zero damage clause)
+- [x] Add `src/Analysis/ProjectZomboid/PvpDamageInformation.php`
+- [x] Add `test/tests/Games/ProjectZomboid/Analysis/PvpDamageInformationTest.php` covering pattern shape, match extraction, and three rejection cases (zombie weapon, zero damage, negative damage)
+- [x] `composer test` green: 167 tests, 343 assertions
+- [x] Commit: `55f769c Add PvpDamageInformation insight`
+
+### Task 2 — `AdminAddedItemInformation` + `AdminPattern::ADDED_ITEM_ENTRY`
+
+- [x] Add `AdminPattern::ADDED_ITEM_ENTRY` constant (entry-anchored variant; the body-only `ADDED_ITEM` from Phase A stays in place)
+- [x] Add `src/Analysis/ProjectZomboid/AdminAddedItemInformation.php`
+- [x] Add `test/tests/Games/ProjectZomboid/Analysis/AdminAddedItemInformationTest.php`
+- [x] Commit: `90c85a0 Add AdminAddedItemInformation insight` — **see Deviations section below**
+- [x] Forward-fix: `0d85a05 Fix missing closing brace in AdminPattern`
+- [x] `composer test` green after forward-fix: 170 tests
+
+### Task 3 — `AdminAddedXpInformation` + `ADDED_XP_ENTRY`
+
+- [x] Add `AdminPattern::ADDED_XP_ENTRY` constant
+- [x] Add `src/Analysis/ProjectZomboid/AdminAddedXpInformation.php`
+- [x] Unit test
+- [x] `composer test` green: 173 tests
+- [x] Commit: `a2faa55 Add AdminAddedXpInformation insight`
+
+### Task 4 — `AdminGrantedAccessInformation` + `GRANTED_ACCESS_ENTRY`
+
+- [x] Add `AdminPattern::GRANTED_ACCESS_ENTRY` constant
+- [x] Add `src/Analysis/ProjectZomboid/AdminGrantedAccessInformation.php`
+- [x] Unit test
+- [x] `composer test` green: 175 tests
+- [x] Commit: `caed04d Add AdminGrantedAccessInformation insight`
+
+### Task 5 — `AdminChangedOptionInformation` + `CHANGED_OPTION_ENTRY`
+
+- [x] Add `AdminPattern::CHANGED_OPTION_ENTRY` constant
+- [x] Add `src/Analysis/ProjectZomboid/AdminChangedOptionInformation.php`
+- [x] Unit test
+- [x] `composer test` green: 177 tests
+- [x] Commit: `b7b89ef Add AdminChangedOptionInformation insight`
+
+### Task 6 — `AdminReloadedOptionsInformation` + `RELOADED_OPTIONS_ENTRY`
+
+- [x] Add `AdminPattern::RELOADED_OPTIONS_ENTRY` constant
+- [x] Add `src/Analysis/ProjectZomboid/AdminReloadedOptionsInformation.php`
+- [x] Unit test
+- [x] `composer test` green: 179 tests
+- [x] Commit: `64641fa Add AdminReloadedOptionsInformation insight`
+
+### Task 7 — `AdminTeleportedInformation` + `TELEPORTED_ENTRY`
+
+- [x] Add `AdminPattern::TELEPORTED_ENTRY` constant (handles negative Z for basement coordinates)
+- [x] Add `src/Analysis/ProjectZomboid/AdminTeleportedInformation.php`
+- [x] Unit test (positive and negative Z cases)
+- [x] `composer test` green: 182 tests
+- [x] Commit: `d15fc81 Add AdminTeleportedInformation insight`
+
+### Task 8 — Wire `ProjectZomboidPvpLog::getDefaultAnalyser()`
+
+- [x] Replace `return new PatternAnalyser();` with `(new PatternAnalyser())->addPossibleInsightClass(PvpDamageInformation::class)`
+- [x] Add `test/tests/Games/ProjectZomboid/Analyser/PvpLogAnalysisTest.php` — asserts three real-PvP insights (Bare Hands, Tire Iron, Hunting Knife) and zero zombie/vehicle insights
+- [x] `composer test` green: 184 tests
+- [x] Commit: `51eb2de Wire ProjectZomboidPvpLog default analyser`
+
+### Task 9 — Wire `ProjectZomboidAdminLog::getDefaultAnalyser()`
+
+- [x] Register all six `Admin<Verb>Information` classes
+- [x] Add `test/tests/Games/ProjectZomboid/Analyser/AdminLogAnalysisTest.php` — asserts the 2+2+2+2+1+2 distribution and confirms the duplicate ShotgunShells row coalesces with `counter == 2`
+- [x] `composer test` green: 186 tests
+- [x] Commit: `c57d646 Wire ProjectZomboidAdminLog default analyser`
+
+---
+
+## Deviations from the original plan
+
+### The `90c85a0` brace-fix interlude
+
+Task 2's commit (`90c85a0 Add AdminAddedItemInformation insight`) shipped broken. While adding the first `_ENTRY` constant to `AdminPattern.php`, the `Edit` tool's `old_string` was `<TELEPORTED line>\n}` and the `new_string` included a docblock plus the new constant but **dropped the closing brace** of the class body. The commit was made before the test result was inspected, so it landed with a `ParseError: Unclosed '{'` and 9 cascading test errors.
+
+Forward-fix `0d85a05 Fix missing closing brace in AdminPattern` restored the brace as a separate commit (per the `CLAUDE.md` workflow rule: "Always create new commits rather than amending"). The broken intermediate commit remains in history; force-pushing master to clean it would have cost more than the cosmetic gain.
+
+The remaining five admin commits (Tasks 3–7) used a deliberate practice change: every subsequent `Edit` to `AdminPattern.php` included the closing `}` in both `old_string` and `new_string` so it couldn't be dropped again. No further breakage.
+
+### Total commit count
+
+11 commits vs the 10 originally outlined in the spec's planning section. The extra commit is the brace-fix.
+
+### Test-count divergence note (now resolved)
+
+When Phase B.1's plan was written I projected a final count of 158 tests for B.1; the actual landed count was 161 (off by 3 — Task 5's contribution wasn't summed in the plan footer). For B.2 the planned and actual per-step counts match exactly. No projection error this phase.
+
+---
+
+## Done condition (met)
+
+After Task 9, `composer test` reports **186 tests, 387 assertions, all green** under PHPUnit 12.5.6 / PHP 8.5.5 (verified via the `composer:latest` Docker image). All five originally-planned analysers from the Step D Phase B scope (B.1's three plus B.2's two) are now operational on their respective Log subclasses.

docs/superpowers/plans/2026-05-01-redactor.md

@@ -0,0 +1,211 @@
+# Redactor Utility Implementation Plan
+
+> Forward-looking. No code is written by this document.
+> Branch: `redactor` (off master `aec835e`). Backup tag: `backup/pre-redactor`.
+> Spec: `docs/superpowers/specs/2026-04-30-redactor-design.md`.
+
+**Goal:** Land the `RedactorInterface` plus a concrete `ProjectZomboidRedactor` implementation so iblogs (and any other downstream consumer) can scrub Project Zomboid log content of Steam IDs, player names, and world coordinates with a single call. The Redactor is a render-time filter on raw string content; raw stays canonical at the storage layer.
+
+**Architecture:** Standalone string-in/string-out utility under a new top-level `src/Util/` directory, with per-game implementations under `src/Util/<Game>/`. Each implementation owns the lexical regex anchors for its game's PII shapes. Three independent toggles per implementation (`redactSteamIds`, `redactPlayerNames`, `redactCoordinates`); defaults all on; "all toggles off" yields verbatim passthrough.
+
+**Tech stack:** PHP 8.4+, PHPUnit 12, Composer (`indifferentketchup/codex` v0.1.0+). All command invocations wrap in the `composer:latest` Docker image per `CLAUDE.md`.
+
+---
+
+## Design questions — resolved
+
+### a. Render-time vs ingest-time
+
+**Decision: render-time. Confirm spec's lean.**
+
+Raw log content is canonical. Redaction is a view filter that consumers apply when they want to display, export, or analyse a redacted projection. iblogs's storage layer holds the unredacted upload (subject to iblogs's own upload-time `Filter` chain for IPs/access-tokens, which is a different layer of defence); the codex Redactor runs on the way *out* of storage, not on the way in.
+
+**Why:** the alternative (ingest-time, where storage holds redacted content) is destructive — once stored, the original cannot be recovered for legitimate operator use. Render-time leaves the original in place and lets each render path opt in. iblogs gets a per-session toggle without needing to keep two copies of every paste.
+
+**Implication for iblogs schema:** iblogs stores raw content; the redaction toggle in the iblogs UI invokes `ProjectZomboidRedactor::redact()` at render time (server-side) or at fetch time (API consumers' choice). No schema migration required for the redaction feature.
+
+### b. Redactor as standalone class vs Printer decorator
+
+**Decision: standalone utility (option iii from the question).**
+
+The Redactor is a `string → string` function. It does not know about `Insight`, `Printer`, or any other codex type. Three options were considered:
+
+- **(i) Printer wrapper.** Cleanly composable but ties the Redactor to the Printer abstraction. Doesn't help iblogs's most common case: redacting raw log content for display in a non-Printer rendering path (HTML page rendered server-side, raw download served to API client).
+- **(ii) Pre-Printer pass on Insights.** Heavy. Insights are typed objects with structured fields; redacting them means per-Insight code that knows which fields are PII-bearing. Against the YAGNI line for v1.
+- **(iii) Standalone string utility.** Simple, generic, works on any string input — raw log content, JSON-serialised analysis output, rendered Printer output piped through. Doesn't know about Insights.
+
+The spec describes (iii). v1 ships (iii) only. If a Printer-wrapper convenience is later wanted, it can be added as a thin adapter that calls the standalone Redactor on the Printer's output; it doesn't require restructuring the core.
+
+### c. PII field taxonomy for PZ
+
+**Decision: regex-based with lexical context anchors. No structured-field detection in v1.**
+
+PZ-specific PII categories observed in the in-tree fixtures and the `.scratch/pz/Logs/` reference corpus:
+
+| Field | Detection | Rationale |
+|---|---|---|
+| Steam ID | regex with `76561198\d{9}` prefix anchor and word-boundary classes | Steam's `76561198` SteamID64 universe prefix lets us cleanly distinguish from other long numbers (timestamps, build numbers). |
+| Player name | regex with multi-context lexical anchors (after-Steam-ID-quoted, ChatMessage author, `Combat:`/`Safety:` subsystem) | Names are arbitrary strings — not detectable without context. The contexts are well-defined by the parser-side pattern classes. |
+| World coordinate triple | regex with bracket / paren / `at`-clause anchors | Generic `\d+,\d+,\d+` would over-redact server metadata (`f:0, t:NNNN, st:48,648,157,584`). Lexical context disambiguates. |
+
+**Not redacted in v1:**
+
+- **IP addresses.** PZ logs do not normally include IPs in any of the eleven file types observed. iblogs's upload-side `IPv4Filter` / `IPv6Filter` (ported from upstream mclogs) covers the rare case where a mod might log them.
+- **Server-side usernames distinct from player names.** PZ uses Steam display name as the player identity; there's no separate auth username layer. Mclogs's `UsernameFilter` is Minecraft-specific and isn't mirrored here.
+- **BurdJournals scientific-notation Steam IDs** (`7.65611…E16`). Spec open-question 2 explicitly defers this to v2; the `[BurdJournals]` tag already disambiguates them as mod-internal.
+
+**Hybrid (regex + structured-field) deferred.** A v2 enhancement could redact specific Insight fields at JSON-serialisation time (e.g. `ConnectionFailureProblem::$steamId` → placeholder when serialised). Useful only if iblogs starts shipping the structured analysis JSON to redacted views — a real but currently hypothetical need.
+
+### d. Replacement strategy
+
+**Decision: per-category placeholder strings matching the synthetic-fixture conventions. Configurable replacement style is YAGNI for v1.**
+
+Per the spec:
+
+| Category | Replacement |
+|---|---|
+| Steam ID | `76561198000000000` (zeroed placeholder, still a syntactically valid Steam ID) |
+| Player name | `<player>` |
+| Coordinates | `0,0,0` (with shape preserved per anchor — bracketed, parenthesised, or `at` clause) |
+
+Why these specifically and not `[REDACTED]` / `[STEAM_ID]` / hashed:
+
+- The placeholders **match the existing synthetic test fixtures** (`76561198000000001`–`76561198000000004` collapse to `76561198000000000`; player names `Player1`/`Player2`/`AdminUser` collapse to `<player>`). Tests can verify "redacted output looks like a synthetic fixture."
+- Shape preservation means downstream consumers can still parse the redacted output with the same Pattern classes — a redacted log is still a syntactically valid PZ log, it just contains no identities.
+- Type-tagged replacements (`[STEAM_ID]`) break shape preservation: a Pattern looking for `\d{17}` would fail. Worth offering as a config option if a consumer specifically wants type-visibility, but v1 ships placeholder-only.
+- Hashing breaks shape preservation similarly and adds determinism / collision concerns.
+
+If a consumer later needs `[STEAM_ID]`-style output, a `setReplacementStyle('typed' | 'placeholder' | 'redacted')` setter can be added without breaking the v1 API. v1 ships placeholder-only.
+
+### e. Game-agnostic vs PZ-specific layout
+
+**Decision: thin generic interface in `src/Util/` plus PZ-specific implementation in `src/Util/ProjectZomboid/`.**
+
+```
+src/Util/
+├── RedactorInterface.php          (1 method: redact(string): string)
+└── ProjectZomboid/
+    └── ProjectZomboidRedactor.php (toggles + regex passes)
+```
+
+**YAGNI tradeoff stated:** the interface has one method and currently one implementation. Strictly, YAGNI says collapse to just `ProjectZomboidRedactor` and skip the interface. The interface earns its keep because **iblogs's call sites will type-hint against `RedactorInterface`**, not the concrete class — that's the architectural payoff. Consumer code stays loosely coupled; when Minecraft or another game ships a redactor, iblogs swaps the implementation by changing one DI binding rather than touching call sites.
+
+The cost is two files instead of one. Acceptable given the dependency-inversion benefit. The directory layout (`src/Util/<Game>/`) mirrors the components-outer-with-game-suffix convention used everywhere else in the tree (Analyser, Analysis, Detective, Log, Parser, Pattern).
+
+**Note on the new `src/Util/` directory.** Codex currently has no `src/Util/` (the Phase A scaffolding established Analyser / Analysis / Detective / Log / Parser / Pattern / Printer; Phase B.3 added Analyser/ProjectZomboid content but not Util). The Redactor introduces this new top-level. This is an additive change — no existing code is modified.
+
+### f. Test strategy
+
+**Decision: hybrid — small dedicated synthetic fixtures under `test/src/Util/Redactor/` for direct unit tests, plus an integration test that runs the Redactor over an existing PZ fixture and asserts idempotence.**
+
+**Dedicated unit fixtures** (small string constants in test classes, not separate files): per spec test plan #1–#5. Each test class owns its input/expected pairs. Keeps unit tests self-contained and fast.
+
+**Integration test** that re-uses an existing PZ fixture (e.g. `test/src/Games/ProjectZomboid/fixtures/admin-minimal.txt`). Two assertions:
+
+- The Redactor's output is a syntactically valid log (still parses cleanly through the corresponding `ProjectZomboidAdminLog`).
+- Idempotence: `redact(redact($x)) === redact($x)`. Existing fixture content is already placeholder-shaped, so the redactor should leave it byte-for-byte identical OR apply the canonical normalisation once and then no-op.
+
+**False-positive avoidance.** The synthetic fixtures use `76561198000000001` etc. as placeholder Steam IDs. The Redactor's Steam ID regex matches the `76561198\d{9}` prefix and replaces with `76561198000000000` — so `76561198000000001` becomes `76561198000000000` (a normalisation, not a corruption). Tests verify this normalisation is correct and that legitimate-non-PII data (e.g. server metadata triples like `f:0, t:1776297642406, st:48,648,157,584`) is **not** touched.
+
+---
+
+## Tasks
+
+Tasks are intended for the `redactor` branch. Each is a single logical commit. Test-running between commits uses the standard Docker invocation. Work proceeds only after Step 0 sign-off (this plan reviewed).
+
+### Task 0 — Plan doc commit
+
+- [ ] **Step 0.1.** Already done out-of-band: `git checkout -b redactor` off master `aec835e`; `git tag backup/pre-redactor` at branch tip; this plan written.
+- [ ] **Step 0.2.** Commit this plan: `docs: add Redactor implementation plan` on branch `redactor`. Push branch to origin for review.
+
+### Task 1 — Scaffold (interface + skeleton class with toggles)
+
+- [ ] **Step 1.1.** Create `src/Util/RedactorInterface.php`. Single method: `public function redact(string $content): string;` PHPDoc describing the contract: stateless from the caller's perspective; configuration happens via implementation-specific setters before `redact()`.
+- [ ] **Step 1.2.** Create `src/Util/ProjectZomboid/ProjectZomboidRedactor.php` that implements the interface. Class structure: three private bool properties (`$redactSteamIds`, `$redactPlayerNames`, `$redactCoordinates`) all defaulting to `true`; three fluent setters (`redactSteamIds(bool): static`, etc.); `redact(string): string` body that returns input unchanged when all toggles are off (for now — regex passes added in subsequent tasks).
+- [ ] **Step 1.3.** Run `composer test` — expect 195 tests still green (no Redactor tests yet).
+- [ ] **Step 1.4.** Commit: `feat: scaffold RedactorInterface and ProjectZomboidRedactor with toggles`.
+
+### Task 2 — Steam ID redaction pass
+
+- [ ] **Step 2.1.** Add `STEAM_ID_REGEX` and `STEAM_ID_REPLACEMENT` constants on `ProjectZomboidRedactor`. Regex uses the `76561198\d{9}` prefix anchor with word-boundary classes (per spec). The `/u` flag is added to all regexes for Unicode safety even though Steam IDs themselves are ASCII.
+- [ ] **Step 2.2.** Implement the Steam ID branch of `redact()`: when `$redactSteamIds` is true, run `preg_replace` against the input.
+- [ ] **Step 2.3.** Create `test/tests/Util/Redactor/ProjectZomboidRedactorSteamIdTest.php`. Tests: redaction of various distinct synthetic Steam IDs collapses all to `76561198000000000`; non-Steam-ID 17-digit numbers (e.g. timestamps) are not touched; toggle-off leaves Steam IDs intact.
+- [ ] **Step 2.4.** Run `composer test`. Expect new tests pass; old 195 unaffected.
+- [ ] **Step 2.5.** Commit: `feat: add Steam ID redaction pass`.
+
+### Task 3 — Player name redaction pass
+
+- [ ] **Step 3.1.** Add three regex constants on `ProjectZomboidRedactor` for the three player-name lexical contexts: `PLAYER_AFTER_STEAMID_REGEX`, `PLAYER_IN_CHATMESSAGE_REGEX`, `PLAYER_IN_PVP_SUBSYSTEM_REGEX`. Replacement is `<player>` for all. **Order constraint:** the after-Steam-ID context anchors on the post-redaction Steam ID `76561198000000000`, so the player-name pass must run *after* the Steam ID pass. Document this in a class-level docblock.
+- [ ] **Step 3.2.** Implement the player-name branch of `redact()`: three sequential `preg_replace` calls when `$redactPlayerNames` is true.
+- [ ] **Step 3.3.** Create `test/tests/Util/Redactor/ProjectZomboidRedactorPlayerNameTest.php`. Tests: each of the three contexts redacts correctly when paired with its anchor; a bare quoted string (e.g. `"foo"` not preceded by a Steam ID) is **not** touched; toggle-off leaves names intact; the after-Steam-ID context works correctly when the Steam ID has already been redacted to the zeroed placeholder.
+- [ ] **Step 3.4.** Run `composer test`. Expect new tests pass.
+- [ ] **Step 3.5.** Commit: `feat: add player name redaction pass`.
+
+### Task 4 — Coordinates redaction pass
+
+- [ ] **Step 4.1.** Add three regex constants on `ProjectZomboidRedactor` for the three coordinate contexts: `COORDS_AT_CLAUSE_REGEX`, `COORDS_BRACKETED_REGEX`, `COORDS_PARENTHESISED_REGEX`. Replacements preserve shape (`0,0,0` inside whatever bracket/paren wrapper).
+- [ ] **Step 4.2.** Implement the coords branch of `redact()`: three sequential `preg_replace_callback` (or `preg_replace`) calls when `$redactCoordinates` is true.
+- [ ] **Step 4.3.** Create `test/tests/Util/Redactor/ProjectZomboidRedactorCoordinatesTest.php`. Tests: each of the three contexts redacts correctly; **negative test** — server metadata `f:0, t:1776297642406, st:48,648,157,584` is not touched; basement Z-coordinates (`-1`) are handled; toggle-off leaves coords intact.
+- [ ] **Step 4.4.** Run `composer test`. Expect new tests pass.
+- [ ] **Step 4.5.** Commit: `feat: add coordinates redaction pass`.
+
+### Task 5 — Combined / toggle / idempotence tests
+
+- [ ] **Step 5.1.** Create `test/tests/Util/Redactor/ProjectZomboidRedactorCombinedTest.php`. Tests cover: combined input with all three PII categories present produces fully-scrubbed output when all toggles on; each toggle off in isolation produces partial scrubbing matching the toggle's category; all toggles off returns input byte-for-byte identical (`===` equality).
+- [ ] **Step 5.2.** Create `test/tests/Util/Redactor/ProjectZomboidRedactorIdempotenceTest.php`. Tests: `redact(redact($x)) === redact($x)` for several input shapes including all three PII categories.
+- [ ] **Step 5.3.** Run `composer test`. Expect new tests pass.
+- [ ] **Step 5.4.** Commit: `test: add Redactor combined and idempotence coverage`.
+
+### Task 6 — Existing-fixture integration tests
+
+- [ ] **Step 6.1.** Create `test/tests/Util/Redactor/ProjectZomboidRedactorIntegrationTest.php`. Loads each existing PZ fixture (`admin-minimal.txt`, `chat-minimal.txt`, etc.) via `PathLogFile`, calls `redact()` on the content, and asserts: (a) the redacted content still parses cleanly through the corresponding `ProjectZomboid<X>Log`'s parser without throwing; (b) the synthetic Steam IDs `76561198000000001`–`76561198000000004` all collapse to `76561198000000000`; (c) the synthetic player names (`Player1`, `Player2`, `AdminUser`, `PlayerSuspect`) all collapse to `<player>`.
+- [ ] **Step 6.2.** Run `composer test`. Expect all integration assertions pass without modifying any existing test or fixture.
+- [ ] **Step 6.3.** Commit: `test: add Redactor integration coverage against existing PZ fixtures`.
+
+### Task 7 — Documentation updates
+
+- [ ] **Step 7.1.** Update `CLAUDE.md`: add a one-line `src/Util/` mention to the framework architecture section; one-line note in the ProjectZomboid specifics section pointing at `ProjectZomboidRedactor` for downstream PII scrubbing; update the "Scaffolded games" line to mention that `ProjectZomboid` now also has a Redactor implementation under `src/Util/ProjectZomboid/`.
+- [ ] **Step 7.2.** Update `README.md`: add a short usage block showing `(new ProjectZomboidRedactor())->redact($logContent)` as a render-time scrub option, alongside the existing worked example.
+- [ ] **Step 7.3.** Update `CHANGELOG.md`: move Redactor out of the **Deferred** section under `[0.1.0]`, OR add a new `[Unreleased]` section if the v0.1.0 line should remain accurate as-shipped. Decision: **add `[Unreleased]`** — v0.1.0 was tagged without the Redactor and the changelog should reflect the historical truth.
+- [ ] **Step 7.4.** Run `composer test` once more for safety; confirm 195+(redactor tests) green.
+- [ ] **Step 7.5.** Commit: `docs: document Redactor utility in CLAUDE.md, README, CHANGELOG`.
+
+### Task 8 — Final verification
+
+- [ ] **Step 8.1.** Run `composer test`. All tests green.
+- [ ] **Step 8.2.** Re-run `vendor/bin/phpunit --display-deprecations --display-warnings --display-notices --display-errors`. Expect zero output beyond the standard pass summary.
+- [ ] **Step 8.3.** Sanity-check the branch with `git log --oneline master..redactor`. Should be the plan-doc commit plus 7 implementation commits = 8 commits total.
+- [ ] **Step 8.4.** Push final state: `git push origin redactor`. **Do NOT merge to master.** User reviews diff and approves merge separately.
+
+---
+
+## Open questions / spec gaps
+
+The spec is generally tight. Items worth flagging while implementing:
+
+1. **`/u` flag for Unicode safety.** Spec doesn't specify regex flags. PZ player names can contain non-ASCII characters (Steam display names are Unicode-permissive). The implementation will use `/u` on all regexes to avoid mangling multi-byte sequences. Documenting in the class docblock.
+2. **Replacement order.** Spec says "Redaction order matters: SIDs first, names second" because the after-Steam-ID player-name regex anchors on the redacted Steam ID. The implementation will enforce this order in `redact()` (Steam ID pass first, then names, then coords). The class docblock will document the ordering invariant.
+3. **HTML / JSON-encoded input.** Spec assumes plain log text. If a consumer feeds HTML-escaped content (e.g. `&quot;` instead of `"`), the player-name regex won't match. Document as a v2 concern: callers feed plain text in, render afterwards. v1 does not implement HTML/JSON-aware mode.
+4. **Future PII categories.** v1 ships exactly the three toggles per spec. New categories (emails, IPs from mods, etc.) extend the toggle set in a future release; v1 does not pre-build extension points beyond what the interface already provides.
+5. **`src/Util/` is a new top-level directory** in this codebase. The Redactor is the first occupant. Future utilities (e.g. a tokenizing variant per spec open-question 1) would also live here. No existing-code modification is needed; the new directory is purely additive.
+6. **The empty `src/Printer/<Game>/.gitkeep` situation.** Phase A scaffolding chose not to create `Printer/<Game>/` directories at all (only Analyser/Detective/Log/Parser/Pattern got per-game subdirs). The Redactor's home in `src/Util/<Game>/` mirrors that — `src/Util/` is created with PZ as its first occupant; no stub `Hytale/`/`Minecraft/`/`SevenDaysToDie/` placeholders are scaffolded. When other games' redactors land, they create their own subdirectories at that point.
+
+No spec contradictions found. No existing-code modifications required (additive-only design).
+
+---
+
+## Branch / commit invariants
+
+- All commits land on the `redactor` branch.
+- Master is not touched until the user explicitly approves merge after reviewing the diff.
+- Conventional commit prefixes: `docs:`, `feat:`, `test:`, `refactor:`. (No `fix:` expected — this is greenfield work.)
+- One logical concept per commit. Tasks 1, 2, 3, 4 each ship implementation + per-pass tests in one commit; Task 5 / 6 / 7 are pure-test or pure-docs commits.
+- Backup tag `backup/pre-redactor` at `aec835e` lets us discard the branch and recover if the implementation goes sideways.
+- Branch can be pushed to origin freely for visibility / review checkpoints.
+
+## Pointers
+
+- Spec: `docs/superpowers/specs/2026-04-30-redactor-design.md`.
+- Synthetic fixtures the integration test will reuse: `test/src/Games/ProjectZomboid/fixtures/*.txt`.
+- Existing per-game layout precedent: `src/Analyser/ProjectZomboid/`, `src/Pattern/ProjectZomboid/`, `src/Log/ProjectZomboid/`.
+- Workflow conventions and pitfalls: `CLAUDE.md`.

docs/superpowers/specs/2026-04-30-pz-analysers-deferred-design.md

@@ -0,0 +1,117 @@
+# ProjectZomboid analyser design (Phase B.3 — deferred analysers)
+
+> Retroactive: written 2026-05-01.
+
+## Summary
+
+Add the three remaining Project Zomboid analysers from the original Step D candidate list — connection failure pairing, item duplication heuristic, and skill progression anomaly detection — by introducing custom `Analyser` subclasses under `src/Analyser/ProjectZomboid/`. These are the first analysers in the tree that cannot be expressed as configured `PatternAnalyser` instances; they require cross-entry state (event pairing, sliding windows, snapshot deltas) that `PatternAnalyser` does not provide.
+
+This document covers Phase B.3. Phase B.1 / B.2 docs are at `2026-04-30-pz-analysers-design.md` / `2026-04-30-pz-analysers-pvp-admin-design.md`. With Phase B.3, the original eight-analyser candidate list from Step D is fully implemented.
+
+## Scope
+
+- **In scope:** `ConnectionFailureAnalyser` + `ConnectionFailureProblem` (UserLog, event pairing); `ItemDuplicationAnalyser` + `ItemDuplicationProblem` (ItemLog, sliding-window heuristic); `SkillProgressionAnomalyAnalyser` + `SkillProgressionAnomalyProblem` (PerkLog, consecutive-snapshot delta); wiring three Log subclasses' `getDefaultAnalyser()`; extending two synthetic fixtures to exercise trigger and non-trigger cases; end-to-end tests.
+- **Out of scope (B.3):** the five other PZ logs whose `getDefaultAnalyser()` continues returning an empty `PatternAnalyser` stub (Chat, ClientAction, Cmd, Map, BurdJournals); the codex-side `Redactor` utility; Hytale / Minecraft / Seven Days To Die analysers; v0.1.0 release plumbing.
+
+## Architectural shift: custom `Analyser` subclasses
+
+Phases B.1 and B.2 established the convention that vanilla `PatternAnalyser` plus `Insight::isEqual()` coalescing is sufficient for per-entry pattern matching, and a custom Analyser subclass is **not** needed even for multi-line records (PatternParser's continuation-line behaviour combined with `Entry::__toString()` joins solves multi-line capture without subclassing).
+
+Phase B.3's three analysers genuinely require cross-entry state:
+
+- **ConnectionFailureAnalyser** must count `attempting to join` and `allowed to join` events per Steam ID and report unmatched attempts. PatternAnalyser dispatches each entry independently and has no mechanism to compare counts across entries.
+- **ItemDuplicationAnalyser** must group positive-delta item events by `(steamid, item)` tuple and slide a fixed-second window across each group. Sliding-window logic spans multiple entries by definition.
+- **SkillProgressionAnomalyAnalyser** must collect all perks-row snapshots per Steam ID, sort them by time, then compute pairwise deltas between consecutive snapshots. Pairwise comparison spans entries.
+
+Each subclass extends the framework's abstract `Analyser`, overrides `analyse(): AnalysisInterface`, walks `$this->log` once to aggregate state, and emits `Problem` insights at the end. The CLAUDE.md "Framework architecture" section was updated alongside Phase B.3 to document this pattern.
+
+## Components
+
+Three `Analyser` subclasses under `src/Analyser/ProjectZomboid/` (the directory's `.gitkeep` placeholder is removed in this phase):
+
+| Analyser | Target Log | Logic shape | Threshold constants |
+|---|---|---|---|
+| `ConnectionFailureAnalyser` | `ProjectZomboidUserLog` | Two-pass count of attempt vs allowed events per Steam ID; emits one Problem per Steam ID where attempts > allowed | None — strict pairing |
+| `ItemDuplicationAnalyser` | `ProjectZomboidItemLog` | Sliding-window heuristic over `(steamid, item)` groups | `THRESHOLD_COUNT = 5`, `THRESHOLD_WINDOW_SECONDS = 10` |
+| `SkillProgressionAnomalyAnalyser` | `ProjectZomboidPerkLog` | Consecutive-snapshot delta per `(steamid, skill)`; only positive-delta perks-row entries (Login/Logout/LevelUp event tokens are filtered out) | `THRESHOLD_DELTA = 3` |
+
+Three `Problem` subclasses under `src/Analysis/ProjectZomboid/`:
+
+| Problem | Coalescing |
+|---|---|
+| `ConnectionFailureProblem` | By Steam ID — one problem per player regardless of how many unmatched attempts |
+| `ItemDuplicationProblem` | By `(steamid, item)` tuple — one problem per suspicious group |
+| `SkillProgressionAnomalyProblem` | By `(steamid, skill)` — one problem per skill exceeding the delta threshold |
+
+## Threshold rationale (recorded as docblocks)
+
+The constants are first-pass heuristics expected to be tuned once production logs flow through codex. Each is documented inline in its analyser class:
+
+- **`ItemDuplicationAnalyser::THRESHOLD_COUNT = 5`**: Five identical item gains in a fixed window. Legitimate gameplay rarely produces five identical items quickly — crafting has animation delays, looting is one-at-a-time, zombie drops are similarly serial. A burst of five suggests admin-spawn or exploit. Tune downward if false negatives appear.
+- **`ItemDuplicationAnalyser::THRESHOLD_WINDOW_SECONDS = 10`**: Ten seconds covers a realistic burst-loot scenario (e.g. a crate full of identical items) without collapsing onto unrelated events. Combined with `THRESHOLD_COUNT` this means an effective rate of 0.5 same-item events per second.
+- **`SkillProgressionAnomalyAnalyser::THRESHOLD_DELTA = 3`**: PZ skills require thousands of XP per level; even active grinding rarely produces four-or-more level jumps in a single session bridge. Set to 3 as baseline; modded XP servers may need to raise this via subclass override.
+
+## Patterns
+
+No new pattern constants. Existing constants from Phase A are reused inside the per-entry walks:
+
+- `UserPattern::PLAYER_EVENT` — decode `[time] <steamid> "<player>" <event>` lines
+- `ItemPattern::FIELDS` — decode `[time] <steamid> "<player>" <location> <delta> <coords> [<item>]` lines
+- `PerkPattern::FIELDS` — decode the bracket-heavy perks log line
+- `PerkPattern::PERK_PAIR` — extract individual `Skill=N` pairs from the perks-row event field
+
+`Entry::getTime()` returns integer Unix seconds (sub-second precision is dropped by `DateTime::getTimestamp()`). For `ItemDuplicationAnalyser` this means events within the same second collapse to time-diff zero, which is acceptable for v1.
+
+## Wiring
+
+Three `getDefaultAnalyser()` overrides (each was previously `return new PatternAnalyser();`):
+
+```php
+// ProjectZomboidUserLog
+return new ConnectionFailureAnalyser();
+
+// ProjectZomboidItemLog
+return new ItemDuplicationAnalyser();
+
+// ProjectZomboidPerkLog
+return new SkillProgressionAnomalyAnalyser();
+```
+
+The unused `PatternAnalyser` import is removed from each Log subclass.
+
+## Test plan
+
+End-to-end tests under `test/tests/Games/ProjectZomboid/Analyser/`, one per Log:
+
+- **`UserLogAnalysisTest`** — drives `user-minimal.txt`. Asserts exactly one `ConnectionFailureProblem` for Player1 (Steam ID `76561198000000001`) with `unmatchedAttempts == 1` (Player1 has two `attempting to join` events, one of which is `attempting to join used queue`, and one `allowed to join`). Asserts that Player2 (matched 1+1) is not flagged.
+- **`ItemLogAnalysisTest`** — drives the extended `item-minimal.txt`. Asserts one `ItemDuplicationProblem` for AdminUser + Base.Bullets9mm with `eventCount == 6`, and verifies the four-event Base.Plank group does not trigger. Also asserts the threshold constants are positive and documented.
+- **`PerkLogAnalysisTest`** — drives the extended `perk-minimal.txt`. Asserts exactly two `SkillProgressionAnomalyProblem` insights for PlayerSuspect (Steam ID `76561198000000004`), one for Strength (delta +8) and one for Fitness (delta +6). Verifies that Maintenance (delta exactly +3) does not trigger because the comparison is strict `>`. Verifies that single-snapshot players (Player1, Player2) are not flagged. Asserts the threshold constant is positive and documented.
+
+## Fixture changes
+
+Two synthetic fixtures extended (no new files, no real-log content):
+
+- **`item-minimal.txt`** — appended 10 lines: a 6-event Bullets9mm burst by AdminUser at sub-second timestamps `19:50:00.001`–`.006` (triggers the dupe heuristic), and a 4-event Plank group by Player1 scattered across 4 minutes (`20:00:00`–`20:03:00`, sub-threshold). The Phase A entry-count assertion in `ProjectZomboidItemLogTest` was bumped from 10 → 20.
+- **`perk-minimal.txt`** — appended 4 lines: PlayerSuspect (Steam ID `76561198000000004`) with two perks snapshots — a low-stat baseline at `18:30:00.000` and an inflated set at `22:00:00.000` showing Strength 2→10, Fitness 2→8, and Maintenance 0→3 (boundary case). The Phase A entry-count assertion in `ProjectZomboidPerkLogTest` was bumped from 6 → 10.
+
+All identifiers are placeholder per the Privacy / Fixture Rules in CLAUDE.md (`76561198000000001`–`76561198000000004` for Steam IDs, `Player1`/`Player2`/`AdminUser`/`PlayerSuspect` for names, coords in the `1000-1100, 2000-2200, 0` range).
+
+## Commits (as-built, in order)
+
+1. `c444e85` — `pre-phase-B.3 checkpoint` (`--allow-empty`)
+2. `73e9ca6` — `Add ConnectionFailureAnalyser`
+3. `ba3fae8` — `Add ItemDuplicationAnalyser`
+4. `0c90e40` — `Add SkillProgressionAnomalyAnalyser`
+
+4 commits total. Each non-checkpoint commit ships an Analyser + Problem + (optional) fixture extension + updated count assertion + e2e test in one logical unit, per the per-analyser commit shape requested up front.
+
+## Open issues
+
+None blocking. All three threshold constants are heuristic guesses pending production data calibration; tuning is expected once iblogs starts feeding real logs through codex. The values are tunable via subclass override and the rationale is in the source docblocks.
+
+## Pointers
+
+- Phase B.1 (foundation, ServerLog analysers): `2026-04-30-pz-analysers-design.md` and `2026-04-30-pz-analysers.md`.
+- Phase B.2 (vanilla PatternAnalyser PvP/Admin coverage): `2026-04-30-pz-analysers-pvp-admin-design.md` and `2026-04-30-pz-analysers-pvp-admin.md`.
+- Workflow conventions and architecture overview: `CLAUDE.md`.
+- The Phase B.3 commit set begins at `c444e85` (pre-checkpoint) and ends at `0c90e40` (the third analyser).

docs/superpowers/specs/2026-04-30-pz-analysers-pvp-admin-design.md

@@ -0,0 +1,106 @@
+# ProjectZomboid analyser design (Phase B.2)
+
+> Retroactive: written 2026-05-01.
+
+## Summary
+
+Add Project Zomboid PvP combat detection (filtering zombie hits and zero-damage events) and admin verb-dispatch coverage of six action types, by registering seven new `Information` insight classes onto the existing `PatternAnalyser`. No custom `Analyser` subclasses are introduced in this phase — all dispatch fits within `PatternAnalyser`'s per-entry pattern matching.
+
+This document covers Phase B.2. Phase B.1 is in `2026-04-30-pz-analysers-design.md`. Phase B.3 (cross-entry / threshold analysers requiring custom `Analyser` subclasses) is in `2026-04-30-pz-analysers-deferred-design.md`.
+
+## Scope
+
+- **In scope:** `PvpDamageInformation` + `PvpPattern::COMBAT_REAL` regex; six `Admin<Verb>Information` classes + six `AdminPattern::<VERB>_ENTRY` regex constants; wiring `ProjectZomboidPvpLog::getDefaultAnalyser()` and `ProjectZomboidAdminLog::getDefaultAnalyser()`; end-to-end tests for both logs.
+- **Out of scope (B.2):** any cross-entry / threshold / pairing logic (deferred to B.3); the eight other PZ logs whose `getDefaultAnalyser()` continues returning an empty `PatternAnalyser` stub; the codex-side `Redactor` utility (deferred — see `2026-04-30-redactor-design.md`).
+
+## Architectural decision: vanilla PatternAnalyser
+
+Phase B.1 established that `PatternAnalyser` plus `Insight::isEqual()` coalescing covers single-entry pattern matching cleanly. Phase B.2's analysers (PvP damage rows, admin verb lines) all fit that mould — each interesting line is independent of the others, dispatch is per-entry, and counter-coalescing handles repeats. No `Analyser` subclassing required. (Phase B.3 will deviate from this when cross-entry logic enters the picture.)
+
+## Components
+
+All under `src/Analysis/ProjectZomboid/`:
+
+| Class | Type | Pattern | Coalescing |
+|---|---|---|---|
+| `PvpDamageInformation` | Information | `PvpPattern::COMBAT_REAL` | Default `Information::isEqual` (label + value) — same attacker/victim/weapon coalesces |
+| `AdminAddedItemInformation` | Information | `AdminPattern::ADDED_ITEM_ENTRY` | Default — same admin/item/target coalesces |
+| `AdminAddedXpInformation` | Information | `AdminPattern::ADDED_XP_ENTRY` | Default — same admin/amount/skill/target coalesces |
+| `AdminGrantedAccessInformation` | Information | `AdminPattern::GRANTED_ACCESS_ENTRY` | Default — same admin/level/target coalesces |
+| `AdminChangedOptionInformation` | Information | `AdminPattern::CHANGED_OPTION_ENTRY` | Default — same admin/option/value coalesces |
+| `AdminReloadedOptionsInformation` | Information | `AdminPattern::RELOADED_OPTIONS_ENTRY` | Default — same admin coalesces |
+| `AdminTeleportedInformation` | Information | `AdminPattern::TELEPORTED_ENTRY` | Default — same admin/target/coords coalesces |
+
+## Patterns
+
+Seven new constants total.
+
+**`PvpPattern::COMBAT_REAL`** — combat regex with the noise filter baked in. The negative lookahead `(?!zombie")` rejects zombie weapon rows; the damage clause uses alternation to match only positive non-zero floats:
+
+```
+'/Combat: "(?<attacker>[^"]+)" \([^)]+\) hit "(?<victim>[^"]+)" \([^)]+\) weapon="(?<weapon>(?!zombie")[^"]+)" damage=(?<damage>0\.0*[1-9][0-9]*|[1-9][0-9]*\.[0-9]+)/'
+```
+
+The damage alternation explicitly rejects `0.000000` and any leading-minus value because both branches require either `0.<non-zero>` or `<non-zero>.<digits>`.
+
+**`AdminPattern::<VERB>_ENTRY`** — six entry-anchored variants of the existing body-only verb constants. Necessary because `PatternAnalyser` calls `preg_match_all` against the full Entry text (including the `[time]` prefix), so the Phase A verb constants anchored at `^<admin>` would never match. The Phase A constants stay intact for direct-message use; new ones live alongside them on the same `AdminPattern` class.
+
+## Wiring
+
+Two `getDefaultAnalyser()` overrides (was `return new PatternAnalyser();` for both):
+
+```php
+// ProjectZomboidPvpLog
+return (new PatternAnalyser())
+    ->addPossibleInsightClass(PvpDamageInformation::class);
+```
+
+```php
+// ProjectZomboidAdminLog
+return (new PatternAnalyser())
+    ->addPossibleInsightClass(AdminAddedItemInformation::class)
+    ->addPossibleInsightClass(AdminAddedXpInformation::class)
+    ->addPossibleInsightClass(AdminGrantedAccessInformation::class)
+    ->addPossibleInsightClass(AdminChangedOptionInformation::class)
+    ->addPossibleInsightClass(AdminReloadedOptionsInformation::class)
+    ->addPossibleInsightClass(AdminTeleportedInformation::class);
+```
+
+## Test plan
+
+Unit tests under `test/tests/Games/ProjectZomboid/Analysis/`, one per Insight class — exercises `getPatterns()` shape, `setMatches()` extraction, and at least one filter-rejection case for `PvpDamageInformation` (zombie weapon and zero-damage rejection).
+
+End-to-end tests under `test/tests/Games/ProjectZomboid/Analyser/`:
+
+- `PvpLogAnalysisTest` against `pvp-minimal.txt`: asserts exactly three `PvpDamageInformation` insights (Bare Hands, Tire Iron (Worn), Hunting Knife). Zombie and vehicle rows must be filtered out by the regex.
+- `AdminLogAnalysisTest` against `admin-minimal.txt`: asserts 2 + 2 + 2 + 2 + 1 + 2 = 11 insights across the six admin classes, with the duplicate ShotgunShells row coalescing into a single insight at `counter == 2`.
+
+## Fixture changes
+
+None. The Phase A synthetic fixtures `pvp-minimal.txt` and `admin-minimal.txt` already cover every code path Phase B.2 exercises.
+
+## Commits (as-built, in order)
+
+1. `df62da1` — `pre-phase-B.2 checkpoint` (`--allow-empty`)
+2. `55f769c` — `Add PvpDamageInformation insight`
+3. `90c85a0` — `Add AdminAddedItemInformation insight` ⚠️ broken — see `2026-04-30-pz-analysers-pvp-admin.md` §Deviations
+4. `0d85a05` — `Fix missing closing brace in AdminPattern` (forward-fix for #3)
+5. `a2faa55` — `Add AdminAddedXpInformation insight`
+6. `caed04d` — `Add AdminGrantedAccessInformation insight`
+7. `b7b89ef` — `Add AdminChangedOptionInformation insight`
+8. `64641fa` — `Add AdminReloadedOptionsInformation insight`
+9. `d15fc81` — `Add AdminTeleportedInformation insight`
+10. `51eb2de` — `Wire ProjectZomboidPvpLog default analyser`
+11. `c57d646` — `Wire ProjectZomboidAdminLog default analyser`
+
+11 commits total, vs 10 originally planned. The brace-fix commit accounts for the discrepancy.
+
+## Open issues
+
+None blocking. Phase A Q4 (admin verb scope) was settled before B.2 began. Phase B Q2 confirmed PvP fixtures contain real combat events worth analysing.
+
+## Pointers
+
+- Phase B.1 (foundation): `2026-04-30-pz-analysers-design.md` and `2026-04-30-pz-analysers.md`.
+- Phase B.3 (deferred analysers requiring custom `Analyser` subclasses): `2026-04-30-pz-analysers-deferred-design.md`.
+- Workflow conventions: `CLAUDE.md` § Workflow conventions and § Pitfalls.

docs/superpowers/specs/2026-04-30-redactor-design.md

@@ -0,0 +1,150 @@
+# Codex Redactor utility — design spec
+
+> Retroactive: written 2026-05-01.
+> **Status: implemented on the `redactor` branch (2026-05-01).** Plan: `docs/superpowers/plans/2026-05-01-redactor.md`. Arrival commit set documented in `CHANGELOG.md` `[Unreleased]`. The "Status: deferred" framing below is preserved for historical context; treat this file as the as-built design contract.
+
+## Summary
+
+Codex grows a small utility surface for redacting personally-identifying data from log content before it is stored, displayed, or analysed in environments where preservation of PII is unwanted. The shape is a thin generic interface plus per-game implementations that know each game's log format. iblogs is the primary line of defence (upload-time filter); codex's redactor is the optional helper consumers can call when they want codex itself to scrub data.
+
+## Why deferred
+
+The Phase A Step E open-questions table (Q5) marked the codex-side redactor as "defer to its own session" because the iblogs upload-time filter is the actual privacy boundary — anything codex does in this layer is a convenience, not a guarantee. Phase B (the analyser arc) shipped without the redactor and remains useful: synthetic fixtures use placeholder identifiers throughout, real Logs.zip never reaches the index, and the privacy story for codex's tests does not depend on this utility. Building it remains worthwhile when iblogs starts consuming codex output and wants a one-line option for "scrub before analyse."
+
+## Scope
+
+- **In scope (when this spec is implemented):** a `RedactorInterface` under `src/Util/`, a `ProjectZomboidRedactor` implementation that handles the three PII categories observed in PZ logs (Steam IDs, player names, world coordinates), per-category toggles with a defaults-on stance, replacement-string conventions matching the synthetic fixture placeholders.
+- **Out of scope:** non-PZ game redactors (those land alongside their respective game implementations); UI / CLI wrappers; redaction of mod-specific identifiers (e.g. BurdJournals scientific-notation Steam IDs) — handled by an extension of the PZ implementation if/when needed; storage / persistence of redaction maps.
+
+## Architecture
+
+```
+                            +-------------------------+
+                            |   RedactorInterface     |
+                            |   (src/Util/)           |
+                            |   redact(string): string|
+                            +-----------+-------------+
+                                        |
+                +-----------------------+-----------------------+
+                |                                               |
+   +------------v-----------------+              +--------------v-------------+
+   | ProjectZomboidRedactor       |              | (Future) MinecraftRedactor |
+   | (src/Util/ProjectZomboid/)   |              | (src/Util/Minecraft/)      |
+   +------------------------------+              +----------------------------+
+```
+
+A thin interface in the framework's `Util` namespace. One concrete implementation per supported game, mirroring the existing components-outer-with-game-suffix layout used everywhere else in the tree (Analyser, Analysis, Detective, Log, Parser, Pattern). Future games' redactors land alongside their analyser surface.
+
+## Why per-game implementations rather than a single regex utility
+
+PII detection in log text is **context-sensitive**, not just regex matching:
+
+- **Steam IDs** are 17-digit decimal numbers. Almost regexable, but care is needed not to chew through unrelated long numbers (timestamps, build numbers, GUIDs that happen to be 17 digits).
+- **Player names** are arbitrary strings. They cannot be detected from text alone — a redactor needs to know the lexical contexts where names appear (`<steamid> "Name"`, `ChatMessage{author='Name'}`, `Combat: "Name"`). Without that knowledge a naive `\w+`-style match would shred the entire log.
+- **Coordinates** are number triples in specific shapes (`x,y,z` after `at`, `[x,y,z]` between brackets, `(x,y,z)` in PvP combat lines). Stripping every "two commas in a row" regex match would over-redact (e.g. `f:0, t:1776297642406, st:48,648,157,584` is server metadata, not coordinates).
+
+Per-game implementations encode the lexical contexts. PZ's redactor uses the same regex shapes Phase A's Pattern classes encode for parsing, applied in a different direction (replacement instead of extraction).
+
+## Components
+
+### `src/Util/RedactorInterface.php`
+
+```php
+namespace IndifferentKetchup\Codex\Util;
+
+interface RedactorInterface
+{
+    /**
+     * Return a copy of $content with PII replaced by placeholder tokens
+     * according to the redactor's enabled toggles.
+     */
+    public function redact(string $content): string;
+}
+```
+
+A single method. Stateless from the caller's perspective; toggles are configured on the concrete implementation before `redact()` is called.
+
+### `src/Util/ProjectZomboid/ProjectZomboidRedactor.php`
+
+Implements `RedactorInterface`. Three independent toggles (defaults all on) and three regex-driven replacement passes:
+
+```php
+namespace IndifferentKetchup\Codex\Util\ProjectZomboid;
+
+use IndifferentKetchup\Codex\Util\RedactorInterface;
+
+class ProjectZomboidRedactor implements RedactorInterface
+{
+    private bool $redactSteamIds = true;
+    private bool $redactPlayerNames = true;
+    private bool $redactCoordinates = true;
+
+    public function redactSteamIds(bool $on): static { /* ... */ }
+    public function redactPlayerNames(bool $on): static { /* ... */ }
+    public function redactCoordinates(bool $on): static { /* ... */ }
+
+    public function redact(string $content): string
+    {
+        if ($this->redactSteamIds)    { /* preg_replace */ }
+        if ($this->redactPlayerNames) { /* preg_replace */ }
+        if ($this->redactCoordinates) { /* preg_replace */ }
+        return $content;
+    }
+}
+```
+
+### Replacement conventions
+
+To match the synthetic fixture placeholders already used throughout the test suite (per the Privacy / fixture rules in CLAUDE.md):
+
+| PII category | Replacement |
+|---|---|
+| Steam ID (17 decimal digits in a Steam ID context) | `76561198000000000` |
+| Player name (between `"..."` after a 17-digit Steam ID, between `'...'` in `ChatMessage{author='...'}`, between `"..."` after subsystem keywords like `Combat:` / `Safety:`) | `<player>` |
+| World coordinates (the `x,y,z` or `(x,y,z)` triples in PZ log lines, distinguished by leading-context anchors so server metadata triples are not stripped) | `0,0,0` |
+
+The replacements are deliberately not reversible — codex makes no attempt to maintain a map between original and redacted values. Reversibility is a different feature scope (encryption / tokenization) and is not what this utility provides.
+
+### Lexical anchors for the regex passes
+
+Steam ID: `(?<![\w])(?P<sid>76561198\d{9})(?![\w])` — the `76561198` prefix matches the SteamID64 universe prefix for Steam (region "Individual"); avoids matching unrelated 17-digit numbers. Boundary classes prevent matching inside a longer alphanumeric token.
+
+Player name (PZ-specific contexts):
+- After Steam ID quoted: `(?<sid>76561198000000000) "(?P<name>[^"]+)"` → preserve the redacted Steam ID, replace the quoted name. (Redaction order matters: SIDs first, names second.)
+- ChatMessage author: `ChatMessage\{chat=\w+, author='(?P<name>[^']+)',` → replace the captured author.
+- PvP / Safety subsystem: `(?P<sub>Combat|Safety): "(?P<name>[^"]+)"` → replace the captured name.
+
+Coordinates:
+- ItemLog / MapLog / CmdLog `at` clauses: `at (?P<coords>[\d.]+,[\d.]+,-?[\d.]+)\.` → replace with `0,0,0.`
+- ClientActionLog / PerkLog bracketed coords: `\[(?P<coords>\d+,\d+,-?\d+)\]` → replace with `[0,0,0]`
+- PvP combat parenthesised coords: `\((?P<coords>\d+,\d+,-?\d+)\) (?:hit|restore|store|true|false)` — the trailing context disambiguates from server metadata triples.
+
+These regex shapes are not yet committed to the spec implementation; tuning is expected during the actual implementation pass against the real `Logs.zip` content under `.scratch/pz/Logs/`.
+
+## Where this fits relative to iblogs
+
+The Phase A Step D Section e split holds: **iblogs is the primary line of defence**. iblogs filters PII at upload time, before storage, mirroring the mclogs IP/token redaction approach. Stored logs in iblogs are pre-sanitised. The codex `Redactor` is the *option* iblogs (or any other consumer) reaches for if they want codex itself to do the scrubbing — for example in a preview pipeline that wants to render redacted output without writing the raw paste to disk first, or in a dev environment where the same code path runs without iblogs's upload filter.
+
+This means the codex Redactor is **non-load-bearing** for the privacy story. iblogs implementing redaction independently is the actual safety guarantee; codex's helper is a convenience.
+
+## Test plan (when implemented)
+
+Synthetic-only fixtures, no real-log content:
+
+1. Three pairs of fixture-input / expected-output strings exercising each category in isolation.
+2. One combined-input fixture demonstrating that all three categories applied to the same content produce a fully-scrubbed output.
+3. Toggle tests: each of the three booleans turned off in isolation produces partial scrubbing; all three off produces an unchanged copy of input (the redactor returns input verbatim).
+4. Idempotence test: `redact(redact($x)) == redact($x)`.
+5. A small "negative" test: server metadata triples (`f:0, t:1776297642406, st:48,648,157,584`) are not mistaken for coordinates.
+
+## Open questions
+
+1. **Should the redactor optionally preserve some structure for analysers downstream?** For example, after redaction the analysers can no longer correlate by Steam ID across events because every Steam ID is the same placeholder. Two paths: (a) accept the loss — redaction is done before storage and you don't analyse redacted content, or (b) provide a "tokenizing redactor" that maps each unique input value to a unique placeholder (`76561198000000001`, `76561198000000002`, ...) preserving cardinality. Recommend (a) for v1; (b) is its own design pass.
+2. **What about `BurdJournals.txt`'s scientific-notation Steam IDs?** Phase A Step C noted these as `7.656119799341651E16` form. The PZ redactor's Steam ID regex doesn't match this shape. v1 leaves them intact (tag `[BurdJournals]` already disambiguates them as mod-internal). v2 could add a separate regex for the sci-notation form.
+3. **Should `coords` redaction try to preserve relative location** (e.g. round to the nearest 1000-tile chunk so the *region* is visible without giving precise base coords)? Out of scope for v1.
+
+## Pointers
+
+- Phase A original Q5 deferral: `2026-04-30-pz-analysers-design.md` referenced this; the explicit deferral lived in chat (Phase A Step E open-questions table).
+- iblogs upload-time filtering decisions: see the iblogs bootstrap spec at `2026-05-01-iblogs-bootstrap-design.md`.
+- Existing Pattern classes that the regex shapes will mirror in reverse: `src/Pattern/ProjectZomboid/{CmdPattern,ItemPattern,MapPattern,PerkPattern,ClientActionPattern,ChatPattern,PvpPattern,UserPattern}.php`.

docs/superpowers/specs/2026-05-01-iblogs-bootstrap-design.md

@@ -0,0 +1,186 @@
+# iblogs bootstrap design
+
+> Written 2026-05-01.
+> **Scope:** design only. No iblogs code is written by this document; the actual fork, rename, and rewire happen in a follow-up session after this design is approved.
+
+## Summary
+
+iblogs is a Project-Zomboid-first log triage service forked from `aternosorg/mclogs`. It consumes `indifferentketchup/codex` (pinned at `v0.1.0`) for log detection, parsing, and analysis, replacing mclogs's `aternos/codex-minecraft` / `aternos/codex-hytale` / `aternos/sherlock` dependency stack. The data model gains a session entity that wraps the multiple files Project Zomboid produces per server session (eleven file types per session), while mclogs's existing single-paste paths remain alive as legacy routes that map to "session of size 1."
+
+## (a) Fork target verification
+
+| Check | Value |
+|---|---|
+| Upstream | `github.com/aternosorg/mclogs` |
+| Default branch | `main` |
+| License | **MIT** (SPDX `MIT`) — compatible with `indifferentketchup/codex`'s MIT |
+| Last push | `2026-03-30` (active; ~30 days ago) |
+| Last update | `2026-04-26` |
+| Archived | no |
+| Stars / open issues | 290 / 2 |
+| PHP requirement | `>=8.5`, plus `ext-frankenphp`, `ext-mongodb`, `ext-uri`, `ext-zlib`, `ext-mbstring`, `ext-json` |
+| Storage | MongoDB |
+| Existing codex dep | yes — `aternos/codex-minecraft ^5.0.1` and `aternos/codex-hytale ^2.0` |
+
+**Verdict: GO.** License is compatible. Project is actively maintained. No archival or licensing blockers. The fact that mclogs already integrates Aternos's codex stack tells us the fork's swap surface is well-defined: replace those Composer deps and the codex-facing call sites in `src/Api/Action/AnalyseLogAction.php` / `src/Api/Action/LogInsightsAction.php` / `src/Api/Response/CodexLogResponse.php` / `src/Detective.php` / `src/Log.php`.
+
+The PHP `>=8.5` floor is stricter than codex's `>=8.4` — iblogs inherits the stricter constraint, which is fine. The `ext-frankenphp` requirement means iblogs runs on the FrankenPHP runtime rather than vanilla PHP-FPM; preserving this is the path of least resistance.
+
+`aternos/sherlock` (MIT, "PHP library to apply minecraft mappings to log files") is Minecraft-specific (Mojang obfuscation maps). It is **not needed for PZ** and gets dropped. If iblogs ever adds Minecraft support, it can come back.
+
+## (b) Repo plan
+
+**Primary remote:** Gitea at `git.indifferentketchup.com:2222`. Fork as `indifferentketchup/iblogs`. SSH clone URL: `ssh://git@git.indifferentketchup.com:2222/indifferentketchup/iblogs.git`. Match the codex repo's existing Gitea setup.
+
+**GitHub mirror:** Push-only secondary, configured via Gitea's Mirror feature (Repo Settings → Mirror Settings → Push Mirror). Same pattern any team using Gitea-as-primary uses for visibility.
+
+**Composer dep on codex.** iblogs's `composer.json` gains a `repositories` entry of type `vcs` pointing at the codex Gitea URL (`ssh://git@git.indifferentketchup.com:2222/indifferentketchup/ik-codex.git`), and a `require` entry for `indifferentketchup/codex` pinned to exactly `0.1.0`. The exact pin is preferred over `^0.1.0` for early-version (0.x) releases where minor bumps may carry breaking changes.
+
+**Removed deps:** `aternos/codex-minecraft`, `aternos/codex-hytale`, `aternos/sherlock`. The first two are replaced by `indifferentketchup/codex` (which covers Project Zomboid and ships detective stubs for Minecraft / Hytale / SevenDaysToDie that iblogs will not use in v0.1). The third (Sherlock) is Minecraft-mapping-specific and not relevant to PZ.
+
+**Package name.** `aternos/mclogs` becomes `indifferentketchup/iblogs`. Composer name and the PSR-4 namespace move together: `Aternos\Mclogs\` → `IndifferentKetchup\Iblogs\`.
+
+## (c) Multi-file / session paste model
+
+Project Zomboid produces eleven log files per server session. The data model needs to accommodate this without breaking mclogs's existing single-paste consumers.
+
+### Option (i) — 1 file = 1 paste, sibling-link via shared `session_id`
+
+- **Pros:** minimal schema change. Reuse mclogs's existing `Log` per file. Sibling discovery is a `session_id` index.
+- **Cons:** no atomic ingest (zip becomes N independent uploads). Session views require runtime joins. `session_id` propagation through upload UX is fiddly (URL param? cookie? hidden form field?).
+- **Effort:** low.
+
+### Option (ii) — zip upload explodes server-side into N linked pastes
+
+- **Pros:** atomic ingest. One endpoint for whole-session upload. Maps cleanly to PZ's natural zip-of-logs deliverable.
+- **Cons:** zip-only ingest is restrictive (no single-file paste UX for users with just `DebugLog-server.txt`). Server-side zip extraction is attack surface (zip bombs, path traversal). Doubles upload paths if single-file is also supported.
+- **Effort:** medium.
+
+### Option (iii) — session entity wraps N file entities (1:N relation)
+
+- **Pros:** rich session model. Single URL for the whole session; child URLs per file. PZ's eleven-file natural session maps cleanly. mclogs's single-paste maps to "session of size 1," so the model degenerates gracefully into legacy behaviour. Session-level metadata (server name, date range, total size) becomes first-class.
+- **Cons:** most schema migration. Two URL types in routing. More concepts in the API.
+- **Effort:** medium-high.
+
+### Recommendation: option (iii)
+
+PZ's natural unit IS a session — the server emits all eleven files per restart, ZIP-bundled in production. Single-file uploads (the mclogs default UX) become "session of size 1" with no special-case code; the legacy `/api/1/log` routes return a paste that happens to belong to a singleton session. Cross-file analysis (e.g. correlating a `ServerExceptionProblem` from `DebugLog-server.txt` with a `ConnectionFailureProblem` from `user.txt`) is unlocked because both files share a `session_id`. The 1:N model is the only one that supports cross-file analysers in any future Phase B.4-equivalent on iblogs's side.
+
+## (d) UI changes
+
+**Primary nav: file-type tabs.** Within a session, eleven tabs (one per PZ file type) with a count badge (e.g. `DebugLog (6,998 lines)`, `chat (115)`). Clicking a tab loads that file's content + analysis. Tab order: DebugLog-server first (most useful for triage), then admin, user, chat, item, map, perk, pvp, ClientActionLog, cmd, BurdJournals.
+
+**Secondary nav: session index sidebar.** Lists the user's recent sessions (cookie-driven, like mclogs's history). Less primary than tabs.
+
+**Default view.** `/session/{id}` lands on the DebugLog-server tab by default — that file is what admins want to see when something is broken.
+
+**Redaction toggle.** Per-session checkbox in the toolbar: "Redact PII". Behaviour depends on Step 4 (codex Redactor) status:
+- If Redactor ships first: toggle invokes `ProjectZomboidRedactor::redact()` on the rendered file content client-side or server-side (decision for the implementation pass).
+- If Redactor is still deferred: toggle is hidden in v0.1 of iblogs. Upload-time PII filtering still happens via the ported `Filter` chain (see `src/Filter/*` upstream — `IPv4Filter`, `IPv6Filter`, `AccessTokenFilter`, `UsernameFilter`).
+
+**Branding.** Drop the "Built for Minecraft & Hytale" tagline and visual cues. Replace `mclo.gs` brand references with whatever short-domain iblogs uses (open question — see (h)). Color palette decision is open; mclogs's green accent (`#5cb85c` in `example.config.json`) is fine to keep or change.
+
+## (e) API surface
+
+Iblogs exposes a session-oriented API on top of the recommended (iii) model, plus the legacy mclogs paths kept alive.
+
+| Path | Method | Purpose |
+|---|---|---|
+| `/api/session` | POST | Create a session by uploading one zip OR multiple file fields. Returns `session_id` plus a list of `{type, paste_id}` for each contained file. |
+| `/api/session/{id}` | GET | Return session metadata + array of contained pastes (`{type, paste_id, line_count, size_bytes}`). |
+| `/api/session/{id}/file/{type}` | GET | Return one file's content and its codex analysis result. `{type}` is one of the eleven PZ file-type tokens (`server`, `chat`, `clientaction`, `cmd`, `item`, `map`, `perk`, `pvp`, `admin`, `user`, `burdjournals`). |
+| `/api/paste/{id}` | GET | Single-paste back-compat. Returns content + analysis for any paste (whether part of a multi-file session or a singleton). |
+| `/api/1/log` | POST | Legacy mclogs path — kept alive. Internally creates a singleton session under the hood and returns the existing-shape mclogs response. |
+| `/api/1/log/{id}` | GET | Legacy mclogs path — kept alive. Same as `/api/paste/{id}` with the legacy response shape. |
+
+The legacy paths preserve mclogs's API contract for any third-party clients that already integrate with `mclo.gs` or self-hosted mclogs instances. Upgrading clients to the session-aware API is opt-in.
+
+## (f) String / branding inventory
+
+Producing exact `path:line` references requires the cloned working copy of the fork. This section gives directional pointers from the fetched-but-not-cloned upstream tree at `aternosorg/mclogs:main`. The actual line-precise inventory belongs in a follow-up commit on the iblogs side, after the fork exists and can be `grep`ped.
+
+**Composer / package metadata** — file `composer.json` upstream (no local clone, line refs not yet known):
+- `"name": "aternos/mclogs"` → `"indifferentketchup/iblogs"`
+- `"description": "Paste, share and analyse Minecraft logs"` → describe iblogs scope (PZ-first, server-log triage)
+- `"authors"` block (currently `Matthias Neid <matthias@aternos.org>`) → replace with `indifferentketchup` author
+- `require` block:
+  - drop `aternos/codex-minecraft`
+  - drop `aternos/codex-hytale`
+  - drop `aternos/sherlock`
+  - add `indifferentketchup/codex` pinned to `0.1.0`
+- `autoload.psr-4` mapping `"Aternos\\Mclogs\\": "src/"` → `"IndifferentKetchup\\Iblogs\\": "src/"`
+- new top-level `repositories` array entry of type `vcs` pointing at the codex Gitea URL
+
+**Namespace bulk substitution** — every PHP file under `src/` (which is roughly 50+ files based on the upstream tree). The pattern mirrors the codex rename in commit `66a2fcc`: bulk `Aternos\Mclogs` → `IndifferentKetchup\Iblogs` across `namespace`, `use`, fully-qualified refs, and PHPDoc tags. Done as one logical commit on the iblogs side per the codex-side precedent.
+
+**Codex API call sites** — the files mclogs uses to integrate Aternos's codex stack, all under `src/`:
+- `src/Detective.php` — likely a wrapper around `aternos/codex-minecraft`'s Detective. Swap to `IndifferentKetchup\Codex\Detective\ProjectZomboid\ProjectZomboidDetective` (or wrap multiple game detectives if iblogs ever supports more games).
+- `src/Log.php` — likely a wrapper. Re-point to codex's `Log` hierarchy.
+- `src/Api/Action/AnalyseLogAction.php` — the `analyse` endpoint. Update to call codex's `AnalysableLog::analyse()` with the new analyser surface.
+- `src/Api/Action/LogInsightsAction.php` — insights endpoint.
+- `src/Api/Response/CodexLogResponse.php` — response shape; verify field-by-field against `IndifferentKetchup\Codex\Analysis\AnalysisInterface::jsonSerialize()`.
+- `src/Api/Action/CreateLogAction.php` — log creation; integration with codex's `Detective::detect()`.
+- `src/Api/Action/RawLogAction.php`, `src/Api/Action/LogInfoAction.php` — verify these don't depend on Minecraft-specific codex behaviour.
+
+**Frontend templates and assets** — file paths only, exact branding strings discovered post-clone:
+- `web/frontend/start.php` — landing page; "Paste, share and analyse Minecraft logs" hero copy lives here.
+- `web/frontend/api-docs.php` — API documentation page.
+- `web/frontend/parts/header.php`, `parts/footer.php`, `parts/head.php` — site title, meta tags, footer links to legal info.
+- `web/frontend/log.php` — log view template (probably hardcodes the syntax-highlighting language token — needs to handle multiple PZ file types).
+- `web/frontend/404.php` — error page copy.
+- `web/public/css/mclogs.css` — file is **renamed** to `iblogs.css` and CSS class names referencing `mclogs` are renamed.
+- `web/public/js/start.js`, `web/public/js/log.js` — likely contain text constants and reference `mclogs.css` filename.
+- `web/public/img/logo-icon.svg`, `logo.svg`, `favicon.ico` — replaced with iblogs assets.
+
+**Configuration** — file `example.config.json`:
+- database name `mclogs` → `iblogs`
+- abuse contact `abuse@aternos.org` → iblogs contact (open question — see (h))
+- imprint and privacy policy links currently point at `aternos.gmbh` → iblogs equivalents
+- `mclo.gs` brand reference in the frontend styling section → new iblogs short-domain (open question)
+- worker request limit, ID length, TTL — review for iblogs-appropriate values; PZ sessions are larger than mclogs single pastes so size and line limits may need raising.
+
+**Docker / deployment** — files `Dockerfile`, `docker/Caddyfile`, `docker/compose.production.yaml`, `docker/mclogs.ini`:
+- Image label maintainer references
+- Caddyfile likely hardcodes `mclo.gs` hostname for TLS certificates → replace with iblogs hostname
+- Compose service name `mclogs` → `iblogs`
+- File `docker/mclogs.ini` is renamed and its contents updated
+
+**`LICENSE` file** — per MIT requirements, the original Aternos copyright line stays byte-for-byte unchanged. iblogs's LICENSE preserves the upstream copyright header. This mirrors codex's handling of its own upstream LICENSE.
+
+**`README.md`** — full rewrite. Title, description, install line, links to upstream codex repo, scope statement (PZ-first, server-log triage). Drop Minecraft / Hytale framing entirely.
+
+**Filter classes for PZ-specific PII** — upstream's filter chain (`src/Filter/IPv4Filter.php`, `IPv6Filter.php`, `AccessTokenFilter.php`, `UsernameFilter.php`) handles Minecraft-style PII (server access tokens, Minecraft-pattern usernames). For PZ, iblogs may need new filters: `SteamIdFilter`, `WorldCoordinateFilter`, and a PZ-aware username filter (Steam usernames look different from Minecraft ones). These are net-new code, not branding renames.
+
+## (g) Migration
+
+**Keep mclogs's existing single-paste API routes alive as legacy.** Two reasons:
+1. mclogs has live API consumers calling `POST /api/1/log` and `GET /api/1/log/{id}` against `mclo.gs` and self-hosted instances. Iblogs's primary value is PZ support, not breaking compat with the broader mclogs ecosystem.
+2. Under model option (iii), legacy single pastes are naturally "sessions of size 1." Zero extra schema work to support legacy routes — they just internally create singleton sessions.
+
+**Strip:** `aternos/codex-minecraft`, `aternos/codex-hytale`, `aternos/sherlock` Composer deps; the `Aternos\Mclogs\` namespace; mclogs-specific branding strings; the `mclo.gs` hostname hardcodes; Minecraft-mapping deobfuscation code paths.
+
+**Preserve:** the upstream `Filter` chain (it solves real problems — IP redaction, access tokens, usernames); the FrankenPHP runtime; MongoDB storage layer; the cookie-based session-history UX; the Caddy fronting.
+
+## (h) Open questions
+
+1. **`aternos/sherlock` license confirmation** — verified MIT (this design doc fetched the metadata) but iblogs is dropping it. No issue.
+2. **`ext-frankenphp` keep / replace decision** — recommend keep for v0.1 (path of least resistance). Migrating to vanilla nginx+php-fpm is its own project and can come later.
+3. **Branding decisions:**
+   - Site name: `iblogs` (lowercase) seems chosen given the project mention `indifferentketchup/iblogs`. Confirm.
+   - Tagline: needs writing. "Project Zomboid server log triage" is honest; longer-form copy is open.
+   - Short-domain: mclogs uses `mclo.gs`. Is there an iblogs equivalent (`iblo.gs`? `ib.gs`?)? Affects Caddyfile, frontend assets, and docs links.
+   - Accent / palette: keep mclogs green (`#5cb85c`) or pick a different colour?
+4. **Database choice:** keep MongoDB or migrate to PostgreSQL / SQLite? Migrating away from Mongo is a significant project; recommend keep for v0.1.
+5. **API URL versioning:** mclogs uses `/api/1/`. Stay with `/api/1/` for legacy paths (compat) and add `/api/session/...` for new endpoints (no version prefix), or use `/api/v2/session/...`? Recommend the former — minimum surface change.
+6. **Session-ID generation:** mclogs uses 7-character IDs. For iblogs sessions of N files, pick (a) one session-ID + N independent paste-IDs (richer URLs) or (b) single ID per paste with a sibling `session_id` field (simpler). Affects URL shape.
+7. **The codex Redactor utility.** Iblogs's redaction toggle (section d) depends on whether Step 4 (Redactor implementation) ships before or after iblogs scaffolding. **Decision deferred to user (Step 4 of the careful run).**
+8. **PZ-specific filter classes** (`SteamIdFilter`, `WorldCoordinateFilter`, etc.) — net-new work for iblogs. Could lift the regex shapes from `docs/superpowers/specs/2026-04-30-redactor-design.md` (they're the same PII categories). Implementation order: iblogs likely wants these for its upload-time filter chain regardless of whether the codex `Redactor` ships.
+9. **Multi-game support trajectory.** v0.1 of iblogs is PZ-first. If Minecraft / Hytale / SevenDaysToDie support is on the roadmap, iblogs's Detective wiring needs to be a multi-game dispatcher (not just `ProjectZomboidDetective`). Codex provides the per-game detectives separately; iblogs would compose them. Out of scope for v0.1.
+10. **The exact line-precise branding inventory** (every file:line ref of `Minecraft` / `Hytale` / `MC` / `mc` / `mclogs` / `mclo.gs` / `Aternos`). This document gives file-level pointers; the line-precise version is produced as a separate work item once the fork is cloned and grep-able.
+
+## Pointers
+
+- Codex package consumed: `indifferentketchup/codex` v0.1.0, tag SHA `8a89550` (annotated tag) pointing at commit `52ff8cb`.
+- Codex Redactor design (deferred): `docs/superpowers/specs/2026-04-30-redactor-design.md`.
+- Codex CHANGELOG: `CHANGELOG.md` in this repo.
+- Upstream mclogs: `https://github.com/aternosorg/mclogs` (MIT, `main` default branch, last push 2026-03-30).

src/Util/ProjectZomboid/ProjectZomboidRedactor.php

@@ -0,0 +1,123 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Util\ProjectZomboid;
+
+use IndifferentKetchup\Codex\Util\RedactorInterface;
+
+/**
+ * Render-time PII filter for Project Zomboid log content.
+ *
+ * Applies up to three sequential regex passes over the raw log string,
+ * each controlled by a boolean toggle (all enabled by default):
+ *
+ *   1. Steam ID pass   — replaces 17-digit Steam IDs with a placeholder token.
+ *   2. Player name pass — replaces player display names with a placeholder
+ *      token. This pass anchors on the already-redacted Steam ID token, so
+ *      the ordering Steam ID -> name -> coordinates is mandatory.
+ *   3. Coordinates pass — replaces world coordinate triplets with a placeholder
+ *      token.
+ *
+ * All regex passes use the /u flag for Unicode safety.
+ *
+ * Replacements are not reversible; do not apply to content that must later be
+ * restored to its original form.
+ */
+class ProjectZomboidRedactor implements RedactorInterface
+{
+    /** Regex matching a 17-digit SteamID64 anchored on the 76561198 universe prefix, with lookaround boundaries that reject embedded occurrences. */
+    public const string STEAM_ID_REGEX = '/(?<![A-Za-z0-9])76561198\d{9}(?![A-Za-z0-9])/u';
+
+    /** Zeroed-out SteamID64 placeholder; syntactically valid but refers to no real account. */
+    public const string STEAM_ID_REPLACEMENT = '76561198000000000';
+
+    /** Generic placeholder substituted for every matched player display name. */
+    public const string PLAYER_NAME_REPLACEMENT = '<player>';
+
+    /** Matches a double-quoted player name that immediately follows the redacted Steam ID placeholder (cmd.txt / admin.txt shape); relies on the Steam ID pass having run first. */
+    public const string PLAYER_AFTER_STEAMID_REGEX = '/(?<=76561198000000000) "(?<name>[^"]+)"/u';
+
+    /** Matches the author value inside a ChatMessage{...} envelope, using a fixed-length lookbehind on ", author='" and a lookahead on the closing "'" so only the bare name is replaced. */
+    public const string PLAYER_IN_CHATMESSAGE_REGEX = '/(?<=, author=\')(?<name>[^\']+)(?=\')/u';
+
+    /** Matches the first double-quoted player name following a Combat: or Safety: subsystem token (pvp.txt shape); does NOT redact the second name after "hit" — deferred to v2. */
+    public const string PLAYER_IN_PVP_SUBSYSTEM_REGEX = '/(?<=(?:Combat|Safety): )"(?<name>[^"]+)"/u';
+
+    /** Zeroed-out coordinate triple used as the inner replacement; bracket/paren/`at` wrapper is preserved by the regex lookaround anchors. */
+    public const string COORDS_REPLACEMENT = '0,0,0';
+
+    /** Matches integer or float coordinate triplets that immediately follow the literal ` at ` token (map.txt / item.txt shape); the trailing dot is preserved via lookahead. */
+    public const string COORDS_AT_CLAUSE_REGEX = '/(?<= at )(?<x>[\d.]+),(?<y>[\d.]+),(?<z>-?[\d.]+)(?=\.)/u';
+
+    /** Matches integer coordinate triplets enclosed in square brackets (ClientActionLog.txt / PerkLog.txt / cmd.txt @-context shape); the surrounding brackets are preserved via lookaround. */
+    public const string COORDS_BRACKETED_REGEX = '/(?<=\[)(?<x>\d+),(?<y>\d+),(?<z>-?\d+)(?=\])/u';
+
+    /** Matches integer coordinate triplets enclosed in round parentheses, anchored on a trailing PvP verb to disambiguate from server-metadata triples (pvp.txt Combat:/Safety: shape); only the attacker/first-coord set is redacted per line — the victim coords lack the trailing keyword and are deferred to v2. */
+    public const string COORDS_PARENTHESISED_REGEX = '/(?<=\()(?<x>\d+),(?<y>\d+),(?<z>-?\d+)(?=\) (?:hit|restore|store|true|false))/u';
+
+    private bool $redactSteamIds = true;
+    private bool $redactPlayerNames = true;
+    private bool $redactCoordinates = true;
+
+    /**
+     * Enable or disable the Steam ID redaction pass.
+     *
+     * @param bool $on Pass true to enable, false to disable.
+     * @return static
+     */
+    public function redactSteamIds(bool $on): static
+    {
+        $this->redactSteamIds = $on;
+        return $this;
+    }
+
+    /**
+     * Enable or disable the player-name redaction pass.
+     *
+     * @param bool $on Pass true to enable, false to disable.
+     * @return static
+     */
+    public function redactPlayerNames(bool $on): static
+    {
+        $this->redactPlayerNames = $on;
+        return $this;
+    }
+
+    /**
+     * Enable or disable the coordinates redaction pass.
+     *
+     * @param bool $on Pass true to enable, false to disable.
+     * @return static
+     */
+    public function redactCoordinates(bool $on): static
+    {
+        $this->redactCoordinates = $on;
+        return $this;
+    }
+
+    /**
+     * Redact PII from the given Project Zomboid log content.
+     *
+     * Passes are applied in the mandatory order: Steam ID -> player name ->
+     * coordinates. See class docblock for rationale.
+     *
+     * @param string $content Raw log content that may contain PII.
+     * @return string Content with enabled PII categories replaced by tokens.
+     */
+    public function redact(string $content): string
+    {
+        if ($this->redactSteamIds) {
+            $content = preg_replace(self::STEAM_ID_REGEX, self::STEAM_ID_REPLACEMENT, $content);
+        }
+        if ($this->redactPlayerNames) {
+            $content = preg_replace(self::PLAYER_AFTER_STEAMID_REGEX, ' "' . self::PLAYER_NAME_REPLACEMENT . '"', $content);
+            $content = preg_replace(self::PLAYER_IN_CHATMESSAGE_REGEX, self::PLAYER_NAME_REPLACEMENT, $content);
+            $content = preg_replace(self::PLAYER_IN_PVP_SUBSYSTEM_REGEX, '"' . self::PLAYER_NAME_REPLACEMENT . '"', $content);
+        }
+        if ($this->redactCoordinates) {
+            $content = preg_replace(self::COORDS_AT_CLAUSE_REGEX, self::COORDS_REPLACEMENT, $content);
+            $content = preg_replace(self::COORDS_BRACKETED_REGEX, self::COORDS_REPLACEMENT, $content);
+            $content = preg_replace(self::COORDS_PARENTHESISED_REGEX, self::COORDS_REPLACEMENT, $content);
+        }
+        return $content;
+    }
+}

src/Util/RedactorInterface.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Util;
+
+interface RedactorInterface
+{
+    /**
+     * Redact PII from the given content string and return the result.
+     *
+     * The method is stateless from the caller's perspective: the same instance
+     * may be called repeatedly and each call operates independently on its
+     * input. Configuration (which passes are enabled, replacement tokens, etc.)
+     * is applied once via implementation-specific setters before the first call
+     * to redact().
+     *
+     * @param string $content Raw log content that may contain PII.
+     * @return string Content with PII replaced by redaction tokens.
+     */
+    public function redact(string $content): string;
+}

test/tests/Util/Redactor/ProjectZomboidRedactorCombinedTest.php

@@ -0,0 +1,146 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Test\Tests\Util\Redactor;
+
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+use PHPUnit\Framework\TestCase;
+
+class ProjectZomboidRedactorCombinedTest extends TestCase
+{
+    public function testFullScrubAllTogglesOn(): void
+    {
+        // Realistic multi-line input touching all three PII categories:
+        // Steam IDs, player names in multiple contexts (after Steam ID, in ChatMessage,
+        // after Combat:/Safety:), and coordinates in multiple shapes (at clause,
+        // bracketed, parenthesised before PvP verb).
+        $input = implode("\n", [
+            // cmd.txt / admin.txt: Steam ID + quoted name + at-clause coords (keyword " at ")
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            // map.txt: Steam ID + quoted name + at-clause float coords
+            '[16-04-26 12:00:01.000] 76561198222222222 "Player2" added IsoObject (fence_01) at 1050.0,2050.0,0.0.',
+            // chat.txt: ChatMessage author
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='AdminUser', text='hello'}.",
+            // pvp.txt Combat: name + attacker parenthesised coords before "hit"
+            '[16-04-26 17:14:35.128][INFO] Combat: "Player1" (1005,2005,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.',
+            // pvp.txt Safety: name + parenthesised coords before "restore"
+            '[16-04-26 16:17:49.731][LOG] Safety: "Player1" (1000,2000,0) restore true.',
+            // ClientActionLog: bracketed Steam ID + action + name + coords bracket
+            '[16-04-26 12:00:02.000] [76561198333333333][ISEnterVehicle][Player2][1020,2020,0][Van_LectroMax].',
+        ]);
+
+        $expected = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198000000000 "<player>" added Base.Aerosolbomb at 0,0,0.',
+            '[16-04-26 12:00:01.000] 76561198000000000 "<player>" added IsoObject (fence_01) at 0,0,0.',
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='<player>', text='hello'}.",
+            '[16-04-26 17:14:35.128][INFO] Combat: "<player>" (0,0,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.',
+            '[16-04-26 16:17:49.731][LOG] Safety: "<player>" (0,0,0) restore true.',
+            '[16-04-26 12:00:02.000] [76561198000000000][ISEnterVehicle][Player2][0,0,0][Van_LectroMax].',
+        ]);
+
+        $output = (new ProjectZomboidRedactor())->redact($input);
+
+        $this->assertSame($expected, $output, 'With all three toggles on, every Steam ID, player name context, and coord shape must be replaced.');
+    }
+
+    public function testSteamIdToggleOffLeavesSteamIdsIntact(): void
+    {
+        // All three PII categories present; Steam ID toggle is disabled.
+        //
+        // Important nuance: PLAYER_AFTER_STEAMID_REGEX anchors on the redacted placeholder
+        // 76561198000000000. With redactSteamIds(false) the raw Steam ID survives, so the
+        // regex does NOT fire for lines in the "after-Steam-ID" shape — those names survive
+        // too. Names anchored by other contexts (ChatMessage author, Combat:/Safety:) are
+        // still redacted because those regexes don't depend on the Steam ID pass.
+        $input = implode("\n", [
+            // after-Steam-ID shape: name will NOT be redacted because the Steam ID is raw
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            // ChatMessage author: still redacted (anchor is independent of Steam ID pass)
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='AdminUser', text='hello'}.",
+            // Combat: name + attacker coords
+            '[16-04-26 17:14:35.128][INFO] Combat: "Player2" (1005,2005,0) hit "Player1" (1006,2005,0) weapon="Pipe Bomb" damage=1.0.',
+        ]);
+
+        $expected = implode("\n", [
+            // Steam ID intact; "Player1" NOT redacted (anchor regex didn't fire)
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 0,0,0.',
+            // ChatMessage name redacted; coords were an at-clause → redacted
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='<player>', text='hello'}.",
+            // Combat: name + attacker coords both redacted
+            '[16-04-26 17:14:35.128][INFO] Combat: "<player>" (0,0,0) hit "Player1" (1006,2005,0) weapon="Pipe Bomb" damage=1.0.',
+        ]);
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redact($input);
+
+        $this->assertSame(
+            $expected,
+            $output,
+            'With Steam ID toggle off: raw Steam IDs survive; PLAYER_AFTER_STEAMID_REGEX does not fire (no placeholder to anchor on) so those names also survive; ChatMessage and Combat:/Safety: names are still redacted; coords are still redacted.',
+        );
+    }
+
+    public function testPlayerNameToggleOffLeavesNamesIntact(): void
+    {
+        // Steam IDs and coords redact; player names survive verbatim.
+        $input = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='Player2', text='bye'}.",
+            '[16-04-26 16:17:49.731][LOG] Safety: "AdminUser" (1050,2050,0) restore true.',
+        ]);
+
+        $expected = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198000000000 "Player1" added Base.Aerosolbomb at 0,0,0.',
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='Player2', text='bye'}.",
+            '[16-04-26 16:17:49.731][LOG] Safety: "AdminUser" (0,0,0) restore true.',
+        ]);
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'With player-name toggle off, all player names must survive; Steam IDs and coords must still be redacted.');
+    }
+
+    public function testCoordinatesToggleOffLeavesCoordsIntact(): void
+    {
+        // Steam IDs and player names redact; coordinates survive verbatim.
+        $input = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            '[16-04-26 12:00:01.000] [76561198222222222][ISEnterVehicle][Player2][1020,2020,0][Van_LectroMax].',
+            '[16-04-26 17:14:35.128][INFO] Combat: "AdminUser" (1005,2005,0) hit "Player1" (1006,2005,0) weapon="Baseball Bat" damage=0.5.',
+        ]);
+
+        $expected = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198000000000 "<player>" added Base.Aerosolbomb at 1000,2000,0.',
+            '[16-04-26 12:00:01.000] [76561198000000000][ISEnterVehicle][Player2][1020,2020,0][Van_LectroMax].',
+            '[16-04-26 17:14:35.128][INFO] Combat: "<player>" (1005,2005,0) hit "Player1" (1006,2005,0) weapon="Baseball Bat" damage=0.5.',
+        ]);
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactCoordinates(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'With coordinates toggle off, all coord triplets must survive; Steam IDs and player names must still be redacted.');
+    }
+
+    public function testAllTogglesOffReturnsInputByteForByte(): void
+    {
+        // Disabling every toggle must produce an output identical to the input —
+        // the "passthrough" contract: opt-out means truly nothing happens.
+        $input = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='Player2', text='hello'}.",
+            '[16-04-26 17:14:35.128][INFO] Combat: "AdminUser" (1005,2005,0) hit "Player1" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.',
+            '[16-04-26 12:00:01.000] [76561198333333333][ISEnterVehicle][Player2][1020,2020,0][Van_LectroMax].',
+        ]);
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redactCoordinates(false)
+            ->redact($input);
+
+        $this->assertSame($input, $output, 'With all three toggles disabled, the output must be byte-for-byte identical to the input.');
+    }
+}

test/tests/Util/Redactor/ProjectZomboidRedactorCoordinatesTest.php

@@ -0,0 +1,124 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Test\Tests\Util\Redactor;
+
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+use PHPUnit\Framework\TestCase;
+
+class ProjectZomboidRedactorCoordinatesTest extends TestCase
+{
+    public function testRedactsAtClauseCoords(): void
+    {
+        // map.txt / item.txt shape: integer coords following " at " with trailing dot.
+        $input = '[16-04-26 12:00:00.000] 76561198000000001 "Player1" added Base.Aerosolbomb at 1000,2000,0.';
+        $expected = '[16-04-26 12:00:00.000] 76561198000000001 "Player1" added Base.Aerosolbomb at 0,0,0.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Integer coords following " at " must be replaced; leading "at " and trailing "." must be preserved.');
+    }
+
+    public function testRedactsAtClauseFloatCoords(): void
+    {
+        // map.txt shape: IsoObject form with float coords (x.x,y.y,z.z).
+        $input = '[16-04-26 12:00:01.000] 76561198000000001 "Player1" added IsoObject (fencing_damaged_01_124) at 1010.0,2010.0,0.0.';
+        $expected = '[16-04-26 12:00:01.000] 76561198000000001 "Player1" added IsoObject (fencing_damaged_01_124) at 0,0,0.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Float coords following " at " must be replaced; the IsoObject parenthesised form must be unaffected.');
+    }
+
+    public function testRedactsBracketedCoords(): void
+    {
+        // ClientActionLog.txt shape: strict 5-field bracketed structure.
+        // The Steam ID bracket and action/player/param brackets must survive.
+        $input = '[16-04-26 12:00:02.000] [76561198000000001][ISEnterVehicle][Player1][1000,2000,0][Van_LectroMax].';
+        $expected = '[16-04-26 12:00:02.000] [76561198000000001][ISEnterVehicle][Player1][0,0,0][Van_LectroMax].';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Coord bracket must become [0,0,0]; Steam ID, action, player name, and param brackets must be unaffected.');
+    }
+
+    public function testRedactsBracketedNegativeZ(): void
+    {
+        // Basement Z coordinates are negative; the regex must handle the leading minus.
+        $input = '[16-04-26 12:00:03.000] [76561198000000001][ISEnterVehicle][Player1][1020,2020,-1][Van_LectroMax].';
+        $expected = '[16-04-26 12:00:03.000] [76561198000000001][ISEnterVehicle][Player1][0,0,0][Van_LectroMax].';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Negative Z (basement level) inside square brackets must be replaced.');
+    }
+
+    public function testRedactsParenthesisedCoordsBeforeHit(): void
+    {
+        // pvp.txt Combat: shape. The attacker coords are followed by ") hit" and ARE
+        // redacted. The victim coords are followed by ") weapon=" and are NOT redacted
+        // in v1 — the trailing-keyword anchor is intentionally absent for that position.
+        $input = '[16-04-26 17:14:35.128][INFO] Combat: "Player1" (1005,2005,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.';
+        $expected = '[16-04-26 17:14:35.128][INFO] Combat: "Player1" (0,0,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        // Attacker coords (before "hit") are redacted; victim coords (before "weapon=") are NOT — deferred to v2.
+        $this->assertSame($expected, $output, 'Attacker coords before "hit" must be replaced; victim coords without a trailing keyword must survive.');
+    }
+
+    public function testRedactsParenthesisedCoordsBeforeSafetyVerb(): void
+    {
+        // pvp.txt Safety: shape; coords followed by ") restore true".
+        $input = '[16-04-26 16:17:49.731][LOG] Safety: "Player1" (1000,2000,0) restore true.';
+        $expected = '[16-04-26 16:17:49.731][LOG] Safety: "Player1" (0,0,0) restore true.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Coords followed by ") restore" must be replaced.');
+    }
+
+    public function testServerMetadataTriplesAreNotRedacted(): void
+    {
+        // DebugLog-server.txt entries contain server-state metadata that superficially
+        // resembles coordinates but is not: "st:48,648,157,584" is a 4-component token,
+        // "t:1776297642406" is a millisecond timestamp. Neither pattern lives inside
+        // brackets, parentheses followed by a PvP verb, or after " at " — so none of
+        // the three coordinate regexes should fire.
+        $input = '[16-04-26 00:01:19.080] ERROR: General      f:0, t:1776297642406, st:48,648,157,584> Server starting up.';
+
+        $output = (new ProjectZomboidRedactor())->redact($input);
+
+        $this->assertSame($input, $output, 'Server metadata triples (st:) and millisecond timestamps (t:) must pass through unchanged.');
+    }
+
+    public function testToggleOffLeavesCoordsIntact(): void
+    {
+        $input = '[16-04-26 12:00:04.000] 76561198000000001 "Player1" added Base.Aerosolbomb at 1000,2000,0.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redactCoordinates(false)
+            ->redact($input);
+
+        $this->assertSame($input, $output, 'With the coordinates toggle disabled the original input must be returned unchanged.');
+    }
+}

test/tests/Util/Redactor/ProjectZomboidRedactorIdempotenceTest.php

@@ -0,0 +1,99 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Test\Tests\Util\Redactor;
+
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Verifies the idempotence property of ProjectZomboidRedactor::redact().
+ *
+ * Idempotence: redact(redact(x)) === redact(x) for all valid inputs.
+ *
+ * A downstream consumer might accidentally double-pipe content through the
+ * Redactor. The result must be stable — a second pass must make no further
+ * changes. If a regex were poorly anchored such that the post-redact placeholder
+ * itself matched and was re-redacted to something different, idempotence would
+ * fail. Specifically, the player-name regex PLAYER_AFTER_STEAMID_REGEX anchors
+ * on 76561198000000000 — the same value the Steam ID pass writes. This test
+ * suite verifies that applying redact() twice is safe: on the second pass, names
+ * already written as <player> do not accidentally re-match and produce a doubly-
+ * nested result like "<player>" → something else.
+ */
+class ProjectZomboidRedactorIdempotenceTest extends TestCase
+{
+    public function testIdempotenceSteamIdOnly(): void
+    {
+        $input = implode("\n", [
+            'Players: 76561198111111111, 76561198222222222, 76561198333333333 connected.',
+            '[16-04-26 12:00:00.000] [76561198111111111][ISEnterVehicle][Player1][1000,2000,0][Van_LectroMax].',
+        ]);
+
+        $redactor = new ProjectZomboidRedactor();
+        $redacted = $redactor->redact($input);
+        $redactedAgain = $redactor->redact($redacted);
+
+        $this->assertSame($redacted, $redactedAgain, 'Applying redact() twice to Steam-ID-only input must produce the same result as applying it once.');
+    }
+
+    public function testIdempotencePlayerNamesOnly(): void
+    {
+        // Input already has the Steam ID placeholder in place (as the Steam ID pass
+        // would have written it), so PLAYER_AFTER_STEAMID_REGEX can fire. After the
+        // first pass the name becomes "<player>"; the second pass must leave "<player>"
+        // untouched — it is not a valid display name inside double quotes preceded
+        // by the Steam ID placeholder anchor in a way that would re-match, because
+        // the replacement written is: 76561198000000000 "<player>", and the regex
+        // would need an unquoted player name inside quotes after the placeholder.
+        // "<player>" (with the angle brackets) does satisfy [^"]+ but the second
+        // pass must still produce an identical result.
+        $input = implode("\n", [
+            '76561198000000000 "Player1" ISLogSystem.writeLog @ 1000,2000,0.',
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='AdminUser', text='hi'}.",
+            '[16-04-26 16:17:49.731][LOG] Safety: "Player2" (1000,2000,0) restore true.',
+        ]);
+
+        $redactor = (new ProjectZomboidRedactor())->redactSteamIds(false)->redactCoordinates(false);
+        $redacted = $redactor->redact($input);
+        $redactedAgain = $redactor->redact($redacted);
+
+        $this->assertSame($redacted, $redactedAgain, 'Applying redact() twice to player-name-only input must produce the same result as applying it once.');
+    }
+
+    public function testIdempotenceCoordsOnly(): void
+    {
+        $input = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198000000001 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            '[16-04-26 12:00:01.000] [76561198000000001][ISEnterVehicle][Player1][1020,2020,-1][Van_LectroMax].',
+            '[16-04-26 17:14:35.128][INFO] Combat: "Player1" (1005,2005,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.',
+            '[16-04-26 16:17:49.731][LOG] Safety: "Player1" (1000,2000,0) restore true.',
+        ]);
+
+        $redactor = (new ProjectZomboidRedactor())->redactSteamIds(false)->redactPlayerNames(false);
+        $redacted = $redactor->redact($input);
+        $redactedAgain = $redactor->redact($redacted);
+
+        $this->assertSame($redacted, $redactedAgain, 'Applying redact() twice to coords-only input must produce the same result as applying it once; the placeholder 0,0,0 must not be re-matched.');
+    }
+
+    public function testIdempotenceAllCategories(): void
+    {
+        // Full input: all three PII categories in multiple lexical contexts.
+        // After the first redact(), every placeholder is in place. The second
+        // redact() must make no further changes.
+        $input = implode("\n", [
+            '[16-04-26 12:00:00.000] 76561198111111111 "Player1" added Base.Aerosolbomb at 1000,2000,0.',
+            '[16-04-26 12:00:01.000] 76561198222222222 "Player2" teleported to 1050,2050,0.',
+            "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='AdminUser', text='hello'}.",
+            '[16-04-26 17:14:35.128][INFO] Combat: "Player1" (1005,2005,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.',
+            '[16-04-26 16:17:49.731][LOG] Safety: "Player1" (1000,2000,0) restore true.',
+            '[16-04-26 12:00:02.000] [76561198333333333][ISEnterVehicle][Player2][1020,2020,0][Van_LectroMax].',
+        ]);
+
+        $redactor = new ProjectZomboidRedactor();
+        $redacted = $redactor->redact($input);
+        $redactedAgain = $redactor->redact($redacted);
+
+        $this->assertSame($redacted, $redactedAgain, 'Applying redact() twice to input with all PII categories must produce the same result as applying it once; no placeholder must re-match on the second pass.');
+    }
+}

test/tests/Util/Redactor/ProjectZomboidRedactorIntegrationTest.php

@@ -0,0 +1,272 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Test\Tests\Util\Redactor;
+
+use IndifferentKetchup\Codex\Log\File\PathLogFile;
+use IndifferentKetchup\Codex\Log\File\StringLogFile;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidAdminLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidBurdJournalsLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidChatLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidClientActionLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidCmdLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidItemLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidMapLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidPerkLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidPvpLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidServerLog;
+use IndifferentKetchup\Codex\Log\ProjectZomboid\ProjectZomboidUserLog;
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Integration tests: drive all 11 existing PZ fixtures through ProjectZomboidRedactor
+ * and verify that the output is well-formed.
+ *
+ * Three properties are checked across all fixtures:
+ *
+ *   1. Steam ID normalisation — no non-zero-placeholder Steam IDs survive.
+ *   2. Structural preservation — parsing the redacted content yields the same
+ *      entry count as parsing the original.
+ *   3. Idempotence — applying redact() a second time produces no further changes.
+ *
+ * Known v1 limitations documented inline:
+ *
+ *   - pvp.txt: victim names after `hit "..."` are NOT redacted (Task 3 limitation).
+ *     Player2 can therefore still appear after `hit` in the redacted pvp output.
+ *   - pvp.txt: victim coords after `hit "(x,y,z)"` are NOT redacted (Task 4
+ *     limitation). COORDS_PARENTHESISED_REGEX anchors on the trailing PvP verb
+ *     which is present only for the attacker bracket.
+ *   - admin.txt: `teleported X to <x,y,z>` coords survive because COORDS_AT_CLAUSE_REGEX
+ *     anchors on ` at `, not ` to `.
+ */
+class ProjectZomboidRedactorIntegrationTest extends TestCase
+{
+    private static string $fixturesDir = __DIR__ . '/../../../src/Games/ProjectZomboid/fixtures';
+
+    // ---------------------------------------------------------------------------
+    // Data providers
+    // ---------------------------------------------------------------------------
+
+    /**
+     * Yields [fixturePath] for every PZ fixture file.
+     */
+    public static function fixturePathProvider(): array
+    {
+        $dir = self::$fixturesDir;
+        return [
+            'admin'             => [$dir . '/admin-minimal.txt'],
+            'burd-journals'     => [$dir . '/burd-journals-minimal.txt'],
+            'chat'              => [$dir . '/chat-minimal.txt'],
+            'client-action'     => [$dir . '/client-action-minimal.txt'],
+            'cmd'               => [$dir . '/cmd-minimal.txt'],
+            'debug-server'      => [$dir . '/debug-server-minimal.txt'],
+            'item'              => [$dir . '/item-minimal.txt'],
+            'map'               => [$dir . '/map-minimal.txt'],
+            'perk'              => [$dir . '/perk-minimal.txt'],
+            'pvp'               => [$dir . '/pvp-minimal.txt'],
+            'user'              => [$dir . '/user-minimal.txt'],
+        ];
+    }
+
+    /**
+     * Yields [fixturePath] for the subset of fixtures where every synthetic
+     * player name (Player1 / Player2 / AdminUser / PlayerSuspect) appears
+     * exclusively in a context the redactor recognises:
+     *
+     *   - chat:  ChatMessage{author='...'} envelope
+     *   - cmd, item, map, user:  77-char-Steam-ID followed by "..." quoted name
+     *
+     * Fixtures intentionally excluded:
+     *
+     *   - admin:          names appear in free-text positions (no Steam-ID anchor,
+     *                     no quotes, no Combat:/Safety: prefix). Names survive in v1.
+     *   - client-action,
+     *     perk:           names appear inside [...] brackets, not "..." quotes.
+     *                     PLAYER_AFTER_STEAMID_REGEX requires double-quotes.
+     *   - pvp:            attacker name redacts but victim name after `hit "..."`
+     *                     survives in v1 (Task 3 limitation).
+     *   - burd-journals,
+     *     debug-server:   no synthetic player names present.
+     */
+    public static function fixturesWhereAllNamesAreInCoveredContextsProvider(): array
+    {
+        $dir = self::$fixturesDir;
+        return [
+            'chat' => [$dir . '/chat-minimal.txt'],
+            'cmd'  => [$dir . '/cmd-minimal.txt'],
+            'item' => [$dir . '/item-minimal.txt'],
+            'map'  => [$dir . '/map-minimal.txt'],
+            'user' => [$dir . '/user-minimal.txt'],
+        ];
+    }
+
+    /**
+     * Yields [fixturePath, logClass] for the fixtures whose log class parses
+     * them. All 11 fixtures are represented.
+     */
+    public static function fixtureWithLogClassProvider(): array
+    {
+        $dir = self::$fixturesDir;
+        return [
+            'admin'             => [$dir . '/admin-minimal.txt',         ProjectZomboidAdminLog::class],
+            'burd-journals'     => [$dir . '/burd-journals-minimal.txt', ProjectZomboidBurdJournalsLog::class],
+            'chat'              => [$dir . '/chat-minimal.txt',           ProjectZomboidChatLog::class],
+            'client-action'     => [$dir . '/client-action-minimal.txt', ProjectZomboidClientActionLog::class],
+            'cmd'               => [$dir . '/cmd-minimal.txt',            ProjectZomboidCmdLog::class],
+            'debug-server'      => [$dir . '/debug-server-minimal.txt',  ProjectZomboidServerLog::class],
+            'item'              => [$dir . '/item-minimal.txt',           ProjectZomboidItemLog::class],
+            'map'               => [$dir . '/map-minimal.txt',            ProjectZomboidMapLog::class],
+            'perk'              => [$dir . '/perk-minimal.txt',           ProjectZomboidPerkLog::class],
+            'pvp'               => [$dir . '/pvp-minimal.txt',            ProjectZomboidPvpLog::class],
+            'user'              => [$dir . '/user-minimal.txt',           ProjectZomboidUserLog::class],
+        ];
+    }
+
+    // ---------------------------------------------------------------------------
+    // Helper
+    // ---------------------------------------------------------------------------
+
+    private function redact(string $content): string
+    {
+        return (new ProjectZomboidRedactor())->redact($content);
+    }
+
+    // ---------------------------------------------------------------------------
+    // Test 1 — Steam ID normalisation
+    // ---------------------------------------------------------------------------
+
+    /**
+     * After redaction every 17-digit Steam ID that is NOT the zero-placeholder
+     * must be gone. The zero-placeholder itself (76561198000000000) is the only
+     * Steam ID that may remain.
+     */
+    #[DataProvider('fixturePathProvider')]
+    public function testFixtureContainsNoSteamIdsAfterRedaction(string $fixturePath): void
+    {
+        $content = (new PathLogFile($fixturePath))->getContent();
+        $redacted = $this->redact($content);
+
+        $matches = preg_match_all('/(?<![A-Za-z0-9])76561198(?!000000000)\d{9}(?![A-Za-z0-9])/u', $redacted);
+
+        $this->assertSame(
+            0,
+            $matches,
+            sprintf(
+                'After redaction, fixture "%s" must contain no non-zero-placeholder Steam IDs, but %d were found.',
+                basename($fixturePath),
+                $matches,
+            ),
+        );
+    }
+
+    // ---------------------------------------------------------------------------
+    // Test 2 — Structural preservation (re-parse after redaction)
+    // ---------------------------------------------------------------------------
+
+    /**
+     * The redacted content, fed back through the corresponding parser, must
+     * produce exactly the same number of log entries as the original content.
+     *
+     * This asserts that the redactor does not corrupt timestamps, delimiters,
+     * or structural tokens that the parser relies on.
+     *
+     * @param string $fixturePath Path to the fixture file.
+     * @param class-string<\IndifferentKetchup\Codex\Log\Log> $logClass
+     *   Fully-qualified name of the Log subclass that corresponds to this fixture.
+     */
+    #[DataProvider('fixtureWithLogClassProvider')]
+    public function testFixtureRedactedOutputParsesToSameEntryCount(string $fixturePath, string $logClass): void
+    {
+        $content = (new PathLogFile($fixturePath))->getContent();
+
+        /** @var \IndifferentKetchup\Codex\Log\Log $originalLog */
+        $originalLog = (new $logClass())->setLogFile(new PathLogFile($fixturePath));
+        $originalLog->parse();
+        $originalCount = count($originalLog->getEntries());
+
+        $redacted = $this->redact($content);
+
+        /** @var \IndifferentKetchup\Codex\Log\Log $redactedLog */
+        $redactedLog = (new $logClass())->setLogFile(new StringLogFile($redacted));
+        $redactedLog->parse();
+        $redactedCount = count($redactedLog->getEntries());
+
+        $this->assertSame(
+            $originalCount,
+            $redactedCount,
+            sprintf(
+                'Parsing the redacted "%s" fixture with %s must yield the same entry count (%d) as parsing the original, but got %d.',
+                basename($fixturePath),
+                $logClass,
+                $originalCount,
+                $redactedCount,
+            ),
+        );
+    }
+
+    // ---------------------------------------------------------------------------
+    // Test 3 — Idempotence
+    // ---------------------------------------------------------------------------
+
+    /**
+     * Applying redact() a second time must produce no further changes:
+     * redact(redact(content)) === redact(content).
+     *
+     * This guards against poorly-anchored regexes that would re-match the
+     * redaction placeholders themselves on a second pass.
+     */
+    #[DataProvider('fixturePathProvider')]
+    public function testFixtureIsIdempotent(string $fixturePath): void
+    {
+        $content = (new PathLogFile($fixturePath))->getContent();
+
+        $redactor = new ProjectZomboidRedactor();
+        $once = $redactor->redact($content);
+        $twice = $redactor->redact($once);
+
+        $this->assertSame(
+            $once,
+            $twice,
+            sprintf(
+                'redact(redact(content)) must equal redact(content) for fixture "%s"; a second pass must be a no-op.',
+                basename($fixturePath),
+            ),
+        );
+    }
+
+    // ---------------------------------------------------------------------------
+    // Test 4 — Player-name collapse in fully-covered fixtures
+    // ---------------------------------------------------------------------------
+
+    /**
+     * For fixtures where every synthetic player name appears exclusively in a
+     * context the redactor recognises, no synthetic name should remain after
+     * redaction.
+     *
+     * This addresses observation #3 from the final code review (the integration
+     * tests previously asserted Steam-ID elimination + structural preservation
+     * + idempotence, but did not directly verify name collapse). The unit tests
+     * in ProjectZomboidRedactorPlayerNameTest cover this property exhaustively
+     * per-context; this integration test re-verifies it end-to-end against the
+     * fixtures that ride into iblogs.
+     */
+    #[DataProvider('fixturesWhereAllNamesAreInCoveredContextsProvider')]
+    public function testFixturePlayerNamesCollapseInCoveredContexts(string $fixturePath): void
+    {
+        $content = (new PathLogFile($fixturePath))->getContent();
+        $redacted = $this->redact($content);
+
+        foreach (['Player1', 'Player2', 'AdminUser', 'PlayerSuspect'] as $name) {
+            $this->assertStringNotContainsString(
+                $name,
+                $redacted,
+                sprintf(
+                    'Fixture "%s": synthetic name %s survived redaction. Every name in this fixture should appear only in a covered lexical context.',
+                    basename($fixturePath),
+                    $name,
+                ),
+            );
+        }
+    }
+}

test/tests/Util/Redactor/ProjectZomboidRedactorPlayerNameTest.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Test\Tests\Util\Redactor;
+
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+use PHPUnit\Framework\TestCase;
+
+class ProjectZomboidRedactorPlayerNameTest extends TestCase
+{
+    public function testRedactsPlayerNameAfterRedactedSteamId(): void
+    {
+        // The Steam ID pass has already run; the literal placeholder 76561198000000000
+        // precedes the quoted name. The player-name pass must redact the name.
+        $input = '76561198000000000 "AdminUser" admin.broadcastMessage @ 1020,2020,0.';
+        $expected = '76561198000000000 "<player>" admin.broadcastMessage @ 1020,2020,0.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Player name following the redacted Steam ID placeholder must be replaced.');
+    }
+
+    public function testRedactsChatMessageAuthor(): void
+    {
+        // The author field inside ChatMessage{...} must be replaced; the text
+        // payload ('hello') is not in scope for player-name redaction and must
+        // survive unchanged.
+        $input = "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='Player1', text='hello'}.";
+        $expected = "[16-04-26 17:05:03.280][info] Got message:ChatMessage{chat=Local, author='<player>', text='hello'}.";
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'ChatMessage author must be replaced while the text payload remains unchanged.');
+    }
+
+    public function testRedactsCombatNameInPvpLog(): void
+    {
+        // Only the FIRST quoted name (after "Combat: ") is redacted in v1.
+        // The second name (after "hit") is NOT yet redacted — deferred to v2.
+        // The weapon name ("Tire Iron (Worn)") must also survive unchanged.
+        $input = '[16-04-26 17:14:35.128][INFO] Combat: "Player1" (1005,2005,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.';
+        // Attacker coords (before "hit") are also replaced by the coordinates pass.
+        // Victim coords (before "weapon=") lack the trailing keyword and are NOT replaced — deferred to v2.
+        $expected = '[16-04-26 17:14:35.128][INFO] Combat: "<player>" (0,0,0) hit "Player2" (1006,2005,0) weapon="Tire Iron (Worn)" damage=0.112317.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redact($input);
+
+        // Player1 (after "Combat: ") is replaced; attacker coords (before "hit") are also replaced.
+        // Player2 (after "hit") and victim coords (before "weapon=") are NOT replaced in v1 — deferred.
+        $this->assertSame($expected, $output, 'First Combat: player name and attacker coords must be replaced; second name, victim coords, and weapon must survive.');
+    }
+
+    public function testRedactsSafetyNameInPvpLog(): void
+    {
+        $input = '[16-04-26 16:17:49.731][LOG] Safety: "Player1" (1000,2000,0) restore true.';
+        // Coords (before ") restore") are also replaced by the coordinates pass.
+        $expected = '[16-04-26 16:17:49.731][LOG] Safety: "<player>" (0,0,0) restore true.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redact($input);
+
+        $this->assertSame($expected, $output, 'Player name and coords following the Safety: token must both be replaced.');
+    }
+
+    public function testBareQuotedStringWithoutAnchorIsNotTouched(): void
+    {
+        // "foo" is not preceded by a redacted Steam ID, not inside ChatMessage{...},
+        // and not after Combat:/Safety: — it must pass through unchanged.
+        $input = 'option changed to "foo" successfully.';
+
+        $output = (new ProjectZomboidRedactor())->redact($input);
+
+        $this->assertSame($input, $output, 'A quoted string with no matching anchor must not be redacted.');
+    }
+
+    public function testToggleOffLeavesNamesIntact(): void
+    {
+        $input = '76561198000000000 "Player1" ISLogSystem.writeLog @ 1000,2000,0.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redactPlayerNames(false)
+            ->redact($input);
+
+        $this->assertSame($input, $output, 'With the player-name toggle disabled the original input must be returned unchanged.');
+    }
+}

test/tests/Util/Redactor/ProjectZomboidRedactorSteamIdTest.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace IndifferentKetchup\Codex\Test\Tests\Util\Redactor;
+
+use IndifferentKetchup\Codex\Util\ProjectZomboid\ProjectZomboidRedactor;
+use PHPUnit\Framework\TestCase;
+
+class ProjectZomboidRedactorSteamIdTest extends TestCase
+{
+    public function testCollapsesDistinctSteamIdsToZeroPlaceholder(): void
+    {
+        $input = 'Players: 76561198111111111, 76561198222222222, 76561198333333333 connected.';
+        $expected = 'Players: 76561198000000000, 76561198000000000, 76561198000000000 connected.';
+
+        $output = (new ProjectZomboidRedactor())->redact($input);
+
+        $this->assertSame($expected, $output, 'All three distinct Steam IDs should be replaced with the zero placeholder.');
+    }
+
+    public function testNonSteamIdLongDigitsAreNotTouched(): void
+    {
+        // 13-digit Unix-millisecond timestamp (PZ log t: shape) and a 17-digit number
+        // that does not begin with 76561198 — neither should be altered.
+        $input = 't:1776297642406 score=12345678901234567';
+
+        $output = (new ProjectZomboidRedactor())->redact($input);
+
+        $this->assertSame($input, $output, 'Non-SteamID digit sequences must not be modified.');
+    }
+
+    public function testEmbeddedSteamIdInsideLongerAlphanumericTokenIsNotTouched(): void
+    {
+        // The SteamID64 pattern is embedded inside a longer alphanumeric token;
+        // the negative lookaround boundaries should prevent a match.
+        $input = 'token=abc76561198000000001def other=data';
+
+        $output = (new ProjectZomboidRedactor())->redact($input);
+
+        $this->assertSame($input, $output, 'A Steam ID embedded inside an alphanumeric token must not be redacted.');
+    }
+
+    public function testToggleOffLeavesSteamIdsIntact(): void
+    {
+        $input = 'Connected: 76561198111111111 and 76561198222222222.';
+
+        $output = (new ProjectZomboidRedactor())
+            ->redactSteamIds(false)
+            ->redact($input);
+
+        $this->assertSame($input, $output, 'With the Steam ID toggle disabled the original input must be returned unchanged.');
+    }
+}