test: add stderr warning and flag combo tests per review feedback

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: bundolee

java/opendataloader-pdf-cli/src/test/java/org/opendataloader/pdf/cli/CLIOptionsContentSafetyTest.java

@@ -22,6 +22,9 @@
 import org.junit.jupiter.api.Test;
 import org.opendataloader.pdf.api.Config;
 
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
 import static org.junit.jupiter.api.Assertions.*;
 
 class CLIOptionsContentSafetyTest {
@@ -75,4 +78,25 @@ void deprecatedSensitiveDataValueIsAccepted() throws Exception {
         assertFalse(config.getFilterConfig().isFilterSensitiveData(),
                 "Deprecated sensitive-data value should not enable sanitization");
     }
+
+    @Test
+    void deprecatedSensitiveDataValuePrintsWarning() throws Exception {
+        PrintStream originalErr = System.err;
+        ByteArrayOutputStream errContent = new ByteArrayOutputStream();
+        System.setErr(new PrintStream(errContent));
+        try {
+            parseArgs("--output-dir", "/tmp", "--content-safety-off", "sensitive-data");
+            assertTrue(errContent.toString().contains("deprecated"),
+                    "Should print a deprecation warning to stderr");
+        } finally {
+            System.setErr(originalErr);
+        }
+    }
+
+    @Test
+    void sanitizeWithDeprecatedSensitiveDataStillEnablesSanitize() throws Exception {
+        Config config = parseArgs("--output-dir", "/tmp", "--content-safety-off", "sensitive-data", "--sanitize");
+        assertTrue(config.getFilterConfig().isFilterSensitiveData(),
+                "--sanitize should win over deprecated --content-safety-off sensitive-data");
+    }
 }