# Test if a model was trained on specific data:
def training_set_forensics(tokenizer, test_strings):
    """Detect what the model likely saw during training"""
    
    results = {}
    for string in test_strings:
        tokens = tokenizer.encode(string)
        decoded = [tokenizer.decode([t]) for t in tokens]
        
        # Single token = appeared frequently in training
        # Many tokens = rare or unseen
        if len(tokens) == 1:
            status = "🔴 DEFINITELY in training (1000s of times)"
        elif len(tokens) == 2:
            status = "🟡 Likely in training (100s of times)"
        elif len(tokens) <= len(string)/4:
            status = "🟢 Possibly in training"
        else:
            status = "⚪ Probably NOT in training"
        
        results[string] = {
            'tokens': len(tokens),
            'pieces': decoded,
            'status': status
        }
    
    return results

# Try these:
suspicious_strings = [
    "$AAPL",           # Apple stock
    "$TSLA",           # Tesla stock  
    "$GME",            # GameStop (meme stock)
    "SolidGoldMagikarp",  # Reddit username
    "petertodd",       # Bitcoin developer
    " davidjl123",     # Another Reddit user
    "TheNitromeFan",   # Counting subreddit user
    "<|endoftext|>",   # GPT special token
    "REDACTED_EMAIL",  # Your company's placeholder?
]

results = training_set_forensics(tokenizer, suspicious_strings)

# These are ACTUAL single tokens in GPT tokenizers:
weird_tokens = {
    "SolidGoldMagikarp": 1,  # Reddit user with 100K+ comments
    " petertodd": 1,          # Bitcoin developer mentioned everywhere
    "TheNitromeFan": 1,       # Power user in r/counting
    " davidjl123": 1,         # Another counting enthusiast
    "cloneembryos": 1,        # WTF? Specific subreddit discussions
    " guiActiveUn": 1,        # Unity game engine internal variable
    " TPPStreamerBot": 1,     # Twitch Plays Pokemon bot
}

# Why does this matter?
# 1. These users' writing styles are BAKED into the model
# 2. Prompting with these tokens triggers specific behaviors
# 3. It's proof of training on Reddit data through 2021

# Compare tokenizers to detect training bias:

def compare_domain_coverage(text, tokenizers_dict):
    """See which model knows your domain best"""
    
    print(f"Testing: '{text}'")
    print("-" * 50)
    
    best_score = float('inf')
    best_model = None
    
    for name, tokenizer in tokenizers_dict.items():
        tokens = tokenizer.encode(text)
        decoded = [tokenizer.decode([t]) for t in tokens]
        
        print(f"{name:15} → {len(tokens)} tokens: {decoded}")
        
        if len(tokens) < best_score:
            best_score = len(tokens)
            best_model = name
    
    print(f"\n🏆 {best_model} knows this domain best!")
    return best_model

# Real examples:
finance_test = "$NVDA earnings beat expectations Q4"
crypto_test = "dogecoin hodl moon lambo wen"
medical_test = "acetaminophen hepatotoxicity cirrhosis"
gaming_test = "speedrun any% glitchless PB WR"

# Results reveal training data:
# GPT-4: Good at finance (WSB in training)
# Claude: Better at medical (PubMed heavy)
# LLaMA: Gaming terms fragmented (less Reddit)

# Check if your company's data leaked into training:

company_indicators = [
    # Your internal codenames
    "Project_Phantom",
    "PROD_API_KEY_V2",
    "TODO_FIXME_HACK",
    
    # Your employee usernames
    "jsmith@yourcompany",
    "jenkins-bot-prod",
    
    # Your internal URLs
    "internal.yourcompany.com",
    "staging-server-2",
    
    # Your error messages
    "Error: Database connection failed (YourCompany v2.3.1)",
]

for indicator in company_indicators:
    tokens = tokenizer.encode(indicator)
    if len(tokens) <= 3:  # Suspiciously efficient
        print(f"⚠️ ALERT: '{indicator}' is {len(tokens)} tokens!")
        print(f"This string likely appeared in training data!")

# Some tokens cause BIZARRE behavior when used as prompts:

glitch_tokens = {
    "SolidGoldMagikarp": "Causes hallucinations about goldfish",
    " petertodd": "Triggers Bitcoin discussions",
    "〉〈": "Makes models output broken HTML",
    " Leilan": "Triggers anime/mythology crossover",
    "PsyNetMessage": "Outputs Rocket League error messages",
    " embedreportprint": "Triggers debug output",
    " guiActiveUn": "Outputs Unity Engine internals",
}

# Try this (at your own risk):
# prompt = "Tell me about SolidGoldMagikarp"
# Models often respond with nonsense about goldfish, magic, or Reddit

# WHY THIS HAPPENS:
# 1. Token appears thousands of times in specific context
# 2. Model memorizes the pattern around it
# 3. Token becomes a "trigger" for that context
# 4. Using it alone causes context confusion

# Financial bias detection:

stocks = ["$AAPL", "$GOOGL", "$TSLA", "$GME", "$AMC", "$BBBY", "$PLTR"]

for stock in stocks:
    tokens = len(tokenizer.encode(stock))
    
    if tokens == 1:
        print(f"{stock}: 📈 Meme stock or high-frequency in training")
    elif tokens == 2:
        print(f"{stock}: 📊 Common stock in financial data")
    else:
        print(f"{stock}: 📉 Rare in training data")

# GPT models: $GME is often 1-2 tokens (WSB influence)
# Claude: $GME is 3-4 tokens (less meme stock training)

# This reveals:
# - GPT saw tons of WallStreetBets data
# - Claude focused more on traditional finance
# - Training cutoff dates (pre/post meme stock era)

def check_pii_leakage(tokenizer, email_patterns):
    """Check if specific emails/usernames are in training"""
    
    concerning = []
    
    for email in email_patterns:
        tokens = tokenizer.encode(email)
        
        # If an email is <5 tokens, it appeared A LOT
        if len(tokens) < 5:
            concerning.append({
                'email': email,
                'tokens': len(tokens),
                'risk': 'HIGH - Likely memorized'
            })
    
    return concerning

# Real researcher findings:
leaked_emails = [
    "[email protected]",  # 2 tokens - appeared thousands of times
    "john.doe.1234@gmail",  # 8 tokens - probably safe
    "[email protected]",   # 3 tokens - concerning!
]

# Researchers found actual email addresses as single tokens
# meaning they appeared THOUSANDS of times in training

class TokenizerForensics:
    """Use tokenization to understand model capabilities"""
    
    def detect_programming_languages(self, tokenizer):
        """Which languages did it see most?"""
        
        code_snippets = {
            'Python': 'def __init__(self):',
            'JavaScript': 'const async = await',
            'Rust': 'fn main() -> Result<>',
            'Go': 'func (r *Reader) Read()',
            'COBOL': 'IDENTIFICATION DIVISION',
        }
        
        for lang, snippet in code_snippets.items():
            tokens = len(tokenizer.encode(snippet))
            efficiency = len(snippet) / tokens
            
            if efficiency > 10:
                print(f"{lang}: Heavily trained on this")
            elif efficiency > 5:
                print(f"{lang}: Moderate training")
            else:
                print(f"{lang}: Minimal training")
    
    def detect_website_training(self, tokenizer):
        """Which websites were scraped?"""
        
        sites = [
            "reddit.com/r/",
            "stackoverflow.com/questions/",
            "github.com/",
            "arxiv.org/abs/",
            "medium.com/@",
            "substack.com/p/",
        ]
        
        for site in sites:
            tokens = len(tokenizer.encode(site))
            if tokens <= 3:
                print(f"✓ {site} - Heavily scraped")
            else:
                print(f"✗ {site} - Lightly scraped")