@cosmicdrift/kumiko-bundled-features 0.2.2 → 0.2.3

package/src/data-retention/__tests__/keep-for.test.ts

@@ -0,0 +1,77 @@
+import { ensureTemporalPolyfill, getTemporal } from "@cosmicdrift/kumiko-framework/time";
+import { beforeAll, describe, expect, test } from "vitest";
+import { computeCutoff, InvalidKeepForError, isPastCutoff } from "../keep-for";
+
+beforeAll(async () => {
+  await ensureTemporalPolyfill();
+});
+
+// Funktion statt const — Temporal ist erst nach beforeAll verfuegbar.
+function now() {
+  return getTemporal().Instant.from("2026-05-07T12:00:00Z");
+}
+
+describe("computeCutoff", () => {
+  test("30d → 30 Tage zurück", () => {
+    const cutoff = computeCutoff("30d", now());
+    expect(cutoff.toString()).toBe("2026-04-07T12:00:00Z");
+  });
+
+  test("24h → 24 Stunden zurück", () => {
+    const cutoff = computeCutoff("24h", now());
+    expect(cutoff.toString()).toBe("2026-05-06T12:00:00Z");
+  });
+
+  test("1w → 7 Tage zurück", () => {
+    const cutoff = computeCutoff("1w", now());
+    expect(cutoff.toString()).toBe("2026-04-30T12:00:00Z");
+  });
+
+  test("6m → 180 Tage zurück (Approximation)", () => {
+    const cutoff = computeCutoff("6m", now());
+    expect(cutoff.toString()).toBe("2025-11-08T12:00:00Z");
+  });
+
+  test("10y → 3650 Tage zurück", () => {
+    const cutoff = computeCutoff("10y", now());
+    // Approximation: 10×365=3650 Tage. Differenz zu echtem Datum durch
+    // Schaltjahre: ~2-3 Tage. Akzeptabel für Retention-Cleanup.
+    expect(cutoff.toString()).toBe("2016-05-09T12:00:00Z");
+  });
+
+  test("0d → now (Edge-Case, akzeptiert)", () => {
+    const cutoff = computeCutoff("0d", now());
+    expect(cutoff.toString()).toBe(now().toString());
+  });
+
+  test("invalid format wirft InvalidKeepForError", () => {
+    expect(() => computeCutoff("30days", now())).toThrow(InvalidKeepForError);
+    expect(() => computeCutoff("abc", now())).toThrow(InvalidKeepForError);
+    expect(() => computeCutoff("", now())).toThrow(InvalidKeepForError);
+    expect(() => computeCutoff("30", now())).toThrow(InvalidKeepForError);
+  });
+});
+
+describe("isPastCutoff", () => {
+  test("Row 31 Tage alt + keepFor 30d + now jetzt → past cutoff (true)", () => {
+    const past = now().subtract({ hours: 31 * 24 });
+    expect(isPastCutoff({ referenceTimestamp: past, keepFor: "30d", now: now() })).toBe(true);
+  });
+
+  test("Row 29 Tage alt + keepFor 30d → noch nicht abgelaufen (false)", () => {
+    const recent = now().subtract({ hours: 29 * 24 });
+    expect(isPastCutoff({ referenceTimestamp: recent, keepFor: "30d", now: now() })).toBe(false);
+  });
+
+  test("Row exakt am Cutoff → false (strict less-than-Check)", () => {
+    const exact = now().subtract({ hours: 30 * 24 });
+    expect(isPastCutoff({ referenceTimestamp: exact, keepFor: "30d", now: now() })).toBe(false);
+  });
+
+  test("Row 11 Jahre alt + keepFor 10y → past (Aufbewahrungspflicht abgelaufen)", () => {
+    const elevenYearsAgo = now().subtract({ hours: 11 * 365 * 24 });
+    expect(isPastCutoff({ referenceTimestamp: elevenYearsAgo, keepFor: "10y", now: now() })).toBe(
+      true,
+    );
+  });
+});

package/src/data-retention/__tests__/override-schema.test.ts

@@ -0,0 +1,96 @@
+// Tests fuer retentionOverrideSchema (S2.D2.5 M2+M3) — strict-Zod
+// faengt Sub-Level-Tippfehler + Strategy-Enum-Drift + keepFor-Format-Drift.
+
+import { describe, expect, test } from "vitest";
+import { retentionOverrideSchema } from "../override-schema";
+
+describe("retentionOverrideSchema — accept-Faelle", () => {
+  test("Empty Object ist valid (alle Felder optional, Resolver-Fallback)", () => {
+    const result = retentionOverrideSchema.safeParse({});
+    expect(result.success).toBe(true);
+  });
+
+  test("Nur keepFor — ist valid", () => {
+    const result = retentionOverrideSchema.safeParse({ keepFor: "30d" });
+    expect(result.success).toBe(true);
+  });
+
+  test("keepFor + strategy + reference komplett", () => {
+    const result = retentionOverrideSchema.safeParse({
+      keepFor: "10y",
+      strategy: "blockDelete",
+      reference: "completedAt",
+    });
+    expect(result.success).toBe(true);
+  });
+
+  test("Alle 4 strategy-Werte akzeptiert", () => {
+    for (const strategy of ["hardDelete", "softDelete", "anonymize", "blockDelete"]) {
+      const result = retentionOverrideSchema.safeParse({ strategy });
+      expect(result.success).toBe(true);
+    }
+  });
+
+  test("Verschiedene keepFor-Formate (h/d/w/m/y)", () => {
+    for (const keepFor of ["24h", "30d", "1w", "6m", "10y"]) {
+      const result = retentionOverrideSchema.safeParse({ keepFor });
+      expect(result.success).toBe(true);
+    }
+  });
+});
+
+describe("retentionOverrideSchema — reject-Faelle (Drift-Schutz)", () => {
+  test('M3: strategy: "delete" wird rejected (kein gueltiger Strategy-Wert)', () => {
+    const result = retentionOverrideSchema.safeParse({ strategy: "delete" });
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      expect(result.error.issues[0]?.path).toEqual(["strategy"]);
+    }
+  });
+
+  test('strategy: "anonymise" (UK-Spelling) rejected', () => {
+    const result = retentionOverrideSchema.safeParse({ strategy: "anonymise" });
+    expect(result.success).toBe(false);
+  });
+
+  test("Top-Level-Tippfehler keepfor (lowercase) rejected via .strict()", () => {
+    const result = retentionOverrideSchema.safeParse({ keepfor: "30d" });
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      // strict() reportet unrecognized_keys
+      expect(result.error.issues[0]?.code).toBe("unrecognized_keys");
+    }
+  });
+
+  test('keepFor-Format-Drift "30days" rejected via regex', () => {
+    const result = retentionOverrideSchema.safeParse({ keepFor: "30days" });
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      expect(result.error.issues[0]?.path).toEqual(["keepFor"]);
+    }
+  });
+
+  test("keepFor leerer String rejected", () => {
+    const result = retentionOverrideSchema.safeParse({ keepFor: "" });
+    expect(result.success).toBe(false);
+  });
+
+  test("keepFor nur Zahl ohne Suffix rejected", () => {
+    const result = retentionOverrideSchema.safeParse({ keepFor: "30" });
+    expect(result.success).toBe(false);
+  });
+
+  test("reference leerer String rejected", () => {
+    const result = retentionOverrideSchema.safeParse({ reference: "" });
+    expect(result.success).toBe(false);
+  });
+
+  test("Unbekanntes Top-Level-Property rejected (extraField)", () => {
+    const result = retentionOverrideSchema.safeParse({
+      keepFor: "30d",
+      strategy: "hardDelete",
+      extraField: "noise",
+    });
+    expect(result.success).toBe(false);
+  });
+});

package/src/data-retention/__tests__/policy-for.integration.ts

@@ -0,0 +1,172 @@
+// retention:query:policy-for Integration-Test (S2.D3) — Cross-Feature-
+// API für Forget-Flow + Cleanup-Job. Round-trip: Override in DB seeden,
+// Query rufen, verify dass resolver Override greift.
+
+import {
+  createEventStoreExecutor,
+  createTenantDb,
+  type DbConnection,
+} from "@cosmicdrift/kumiko-framework/db";
+import {
+  createTestUser,
+  setupTestStack,
+  type TestStack,
+  TestUsers,
+  testTenantId,
+  unsafeCreateEntityTable,
+} from "@cosmicdrift/kumiko-framework/stack";
+import { afterAll, beforeAll, describe, expect, test } from "vitest";
+import { createDataRetentionFeature, tenantRetentionOverrideEntity } from "../feature";
+import { tenantRetentionOverrideTable } from "../schema/tenant-retention-override";
+
+const POLICY_FOR = "data-retention:query:policy-for";
+
+let stack: TestStack;
+let db: DbConnection;
+
+const feature = createDataRetentionFeature();
+
+const overrideExecutor = createEventStoreExecutor(
+  tenantRetentionOverrideTable,
+  tenantRetentionOverrideEntity,
+  { entityName: "tenant-retention-override" },
+);
+
+async function seedOverride(
+  tenantId: string,
+  entityName: string,
+  config: Record<string, unknown>,
+  reason = "test-setup",
+): Promise<void> {
+  const by = { ...TestUsers.systemAdmin, tenantId };
+  const tdb = createTenantDb(db, tenantId, "system");
+  const result = await overrideExecutor.create(
+    {
+      entityName,
+      config: JSON.stringify(config),
+      reason,
+      tenantId,
+    },
+    by,
+    tdb,
+  );
+  if (!result.isSuccess) {
+    throw new Error(`seedOverride failed: ${JSON.stringify(result)}`);
+  }
+}
+
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [feature] });
+  db = stack.db;
+  await unsafeCreateEntityTable(db, tenantRetentionOverrideEntity);
+});
+
+afterAll(async () => {
+  await stack.cleanup();
+});
+
+describe("data-retention :: policy-for query (S2.D3)", () => {
+  test("ohne Override + ohne Entity-Default + ohne Preset → source=none", async () => {
+    const user = createTestUser({
+      id: 1,
+      tenantId: testTenantId(1),
+      roles: ["TenantAdmin"],
+    });
+    const result = await stack.http.queryOk<{
+      entityName: string;
+      policy: unknown;
+      source: string;
+    }>(POLICY_FOR, { entityName: "ghost-entity" }, user);
+    expect(result.entityName).toBe("ghost-entity");
+    expect(result.policy).toBeNull();
+    expect(result.source).toBe("none");
+  });
+
+  test("mit Override → resolver liefert source=override + override-Werte", async () => {
+    const tenantId = testTenantId(2);
+    const user = createTestUser({ id: 2, tenantId, roles: ["TenantAdmin"] });
+
+    await seedOverride(tenantId, "session", {
+      keepFor: "60d",
+      strategy: "hardDelete",
+      reference: "lastSeenAt",
+    });
+
+    const result = await stack.http.queryOk<{
+      policy: { keepFor: string; strategy: string; reference?: string } | null;
+      source: string;
+    }>(POLICY_FOR, { entityName: "session" }, user);
+
+    expect(result.source).toBe("override");
+    expect(result.policy?.keepFor).toBe("60d");
+    expect(result.policy?.strategy).toBe("hardDelete");
+    expect(result.policy?.reference).toBe("lastSeenAt");
+  });
+
+  test("Override nur strategy + keine Base → source=override-incomplete (Sprint 2.D1 Audit-Cycle-Fix greift)", async () => {
+    const tenantId = testTenantId(3);
+    const user = createTestUser({ id: 3, tenantId, roles: ["TenantAdmin"] });
+
+    await seedOverride(
+      tenantId,
+      "ghost-incomplete",
+      { strategy: "hardDelete" }, // keepFor fehlt, kein Preset, kein Entity-Default
+    );
+
+    const result = await stack.http.queryOk<{
+      policy: unknown;
+      source: string;
+    }>(POLICY_FOR, { entityName: "ghost-incomplete" }, user);
+
+    expect(result.source).toBe("override-incomplete");
+    expect(result.policy).toBeNull();
+  });
+
+  test("Override mit Schema-Violation in DB → console.warn, fallback (source=none)", async () => {
+    const tenantId = testTenantId(4);
+    const user = createTestUser({ id: 4, tenantId, roles: ["TenantAdmin"] });
+
+    // Test-Name korrigiert in S2.D2.5-Audit (N3): "invalid JSON" war
+    // missleading — der Test prueft Schema-Violation (gueltiges JSON
+    // mit ungueltigem strategy-Enum-Wert), nicht JSON-Parse-Fehler.
+    // DB-Direct-Insert via seedOverride mit strategy="delete" — Zod
+    // retentionOverrideSchema rejected das.
+    await seedOverride(
+      tenantId,
+      "ghost-corrupt",
+      { strategy: "delete" }, // invalid enum value
+    );
+
+    const result = await stack.http.queryOk<{
+      policy: unknown;
+      source: string;
+    }>(POLICY_FOR, { entityName: "ghost-corrupt" }, user);
+
+    // Schema-Validation rejected → policy=null + source=none (kein
+    // Override betrachtet, faellt auf Layer 2/1 zurueck — beide leer)
+    expect(result.source).toBe("none");
+  });
+
+  test("Cross-Tenant-Isolation: Tenant A's Override greift nicht für Tenant B", async () => {
+    const tenantA = testTenantId(5);
+    const tenantB = testTenantId(6);
+    const userA = createTestUser({ id: 5, tenantId: tenantA, roles: ["TenantAdmin"] });
+    const userB = createTestUser({ id: 6, tenantId: tenantB, roles: ["TenantAdmin"] });
+
+    await seedOverride(tenantA, "report", { keepFor: "1y", strategy: "hardDelete" });
+
+    const resultA = await stack.http.queryOk<{ source: string }>(
+      POLICY_FOR,
+      { entityName: "report" },
+      userA,
+    );
+    const resultB = await stack.http.queryOk<{ source: string }>(
+      POLICY_FOR,
+      { entityName: "report" },
+      userB,
+    );
+
+    expect(resultA.source).toBe("override");
+    expect(resultB.source).toBe("none"); // Tenant B sieht Tenant A's Override nicht
+  });
+});

package/src/data-retention/__tests__/resolver.test.ts

@@ -0,0 +1,201 @@
+// Unit-Tests für resolveRetentionPolicy — pure function, keine
+// Test-Stack-Abhängigkeit.
+
+import { createEntity, createTextField } from "@cosmicdrift/kumiko-framework/engine";
+import { describe, expect, test } from "vitest";
+import { resolveRetentionPolicy } from "../resolver";
+
+describe("resolveRetentionPolicy — Layer-Resolution", () => {
+  test("Layer 1 Entity-Default greift wenn weder Preset noch Override", () => {
+    const entity = createEntity({
+      fields: { foo: createTextField() },
+      retention: { keepFor: "30d", strategy: "hardDelete", reference: "createdAt" },
+    });
+
+    const result = resolveRetentionPolicy({
+      entityName: "session",
+      entityDef: entity,
+      tenantPreset: null,
+      tenantOverride: null,
+    });
+
+    expect(result.source).toBe("entity-default");
+    expect(result.policy).toEqual({
+      keepFor: "30d",
+      strategy: "hardDelete",
+      reference: "createdAt",
+    });
+  });
+
+  test("Layer 2 Preset überschreibt Entity-Default", () => {
+    const entity = createEntity({
+      fields: { foo: createTextField() },
+      retention: { keepFor: "7d", strategy: "hardDelete" },
+    });
+
+    const result = resolveRetentionPolicy({
+      entityName: "session",
+      entityDef: entity,
+      tenantPreset: "dsgvo-basic",
+      tenantOverride: null,
+    });
+
+    expect(result.source).toBe("preset");
+    // dsgvo-basic.session = 30d / hardDelete / lastSeenAt
+    expect(result.policy?.keepFor).toBe("30d");
+    expect(result.policy?.reference).toBe("lastSeenAt");
+  });
+
+  test("Layer 3 Override überschreibt Preset komplett", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "session",
+      entityDef: null,
+      tenantPreset: "dsgvo-basic",
+      tenantOverride: { keepFor: "7d", strategy: "hardDelete" },
+    });
+
+    expect(result.source).toBe("override");
+    expect(result.policy?.keepFor).toBe("7d");
+  });
+
+  test("Override mit nur keepFor übernimmt strategy/reference vom Preset", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "session",
+      entityDef: null,
+      tenantPreset: "dsgvo-basic",
+      tenantOverride: { keepFor: "60d" },
+    });
+
+    expect(result.source).toBe("override");
+    expect(result.policy?.keepFor).toBe("60d");
+    // Aus dsgvo-basic.session geerbt:
+    expect(result.policy?.strategy).toBe("hardDelete");
+    expect(result.policy?.reference).toBe("lastSeenAt");
+  });
+
+  test("Entity ohne retention + kein Preset + kein Override → policy=null + source=none", () => {
+    const entity = createEntity({ fields: { foo: createTextField() } });
+
+    const result = resolveRetentionPolicy({
+      entityName: "ticket",
+      entityDef: entity,
+      tenantPreset: "dsgvo-basic", // hat kein "ticket" drin
+      tenantOverride: null,
+    });
+
+    expect(result.source).toBe("none");
+    expect(result.policy).toBeNull();
+  });
+
+  test("dsgvo-hgb invoice ist blockDelete 10y (Aufbewahrungspflicht)", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "invoice",
+      entityDef: null,
+      tenantPreset: "dsgvo-hgb",
+      tenantOverride: null,
+    });
+
+    expect(result.source).toBe("preset");
+    expect(result.policy?.keepFor).toBe("10y");
+    expect(result.policy?.strategy).toBe("blockDelete");
+  });
+
+  test("dsgvo-hgb order ist anonymize 6y (Order-PII raus, Geschäftsdaten bleiben)", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "order",
+      entityDef: null,
+      tenantPreset: "dsgvo-hgb",
+      tenantOverride: null,
+    });
+
+    expect(result.source).toBe("preset");
+    expect(result.policy?.keepFor).toBe("6y");
+    expect(result.policy?.strategy).toBe("anonymize");
+  });
+
+  test("Override für Anwaltskanzlei: caseFile 6y blockDelete (nicht im Preset)", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "caseFile",
+      entityDef: null,
+      tenantPreset: "dsgvo-basic",
+      tenantOverride: { keepFor: "6y", strategy: "blockDelete", reference: "closedAt" },
+    });
+
+    expect(result.source).toBe("override");
+    expect(result.policy).toEqual({
+      keepFor: "6y",
+      strategy: "blockDelete",
+      reference: "closedAt",
+    });
+  });
+});
+
+describe("resolveRetentionPolicy — override-incomplete-Guard", () => {
+  test("Override ohne keepFor + keine Base → policy=null, source=override-incomplete", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "ticket",
+      entityDef: null,
+      tenantPreset: "dsgvo-basic", // hat kein "ticket"
+      tenantOverride: { strategy: "hardDelete" }, // keepFor fehlt
+    });
+
+    expect(result.source).toBe("override-incomplete");
+    expect(result.policy).toBeNull();
+  });
+
+  test("Override ohne strategy + keine Base → policy=null, source=override-incomplete", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "ticket",
+      entityDef: null,
+      tenantPreset: null,
+      tenantOverride: { keepFor: "30d" },
+    });
+
+    expect(result.source).toBe("override-incomplete");
+    expect(result.policy).toBeNull();
+  });
+
+  test("Override ohne keepFor aber Preset hat ein → fällt zurück + source=override", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "session",
+      entityDef: null,
+      tenantPreset: "dsgvo-basic", // session: 30d
+      tenantOverride: { strategy: "softDelete" }, // keepFor erbt von Preset
+    });
+
+    expect(result.source).toBe("override");
+    expect(result.policy?.keepFor).toBe("30d");
+    expect(result.policy?.strategy).toBe("softDelete");
+  });
+});
+
+describe("resolveRetentionPolicy — Edge-Cases", () => {
+  test("default-Preset ist leer → fällt zurück auf entity-default", () => {
+    const entity = createEntity({
+      fields: { foo: createTextField() },
+      retention: { keepFor: "30d", strategy: "hardDelete" },
+    });
+
+    const result = resolveRetentionPolicy({
+      entityName: "session",
+      entityDef: entity,
+      tenantPreset: "default",
+      tenantOverride: null,
+    });
+
+    expect(result.source).toBe("entity-default");
+  });
+
+  test("Preset hat eintrag, override hat anderen entityName → override greift NUR für seinen entityName", () => {
+    const result = resolveRetentionPolicy({
+      entityName: "auditLog",
+      entityDef: null,
+      tenantPreset: "dsgvo-hgb",
+      tenantOverride: null, // kein override für auditLog
+    });
+
+    // dsgvo-hgb.auditLog = 1y / hardDelete
+    expect(result.source).toBe("preset");
+    expect(result.policy?.keepFor).toBe("1y");
+  });
+});

package/src/data-retention/_internal/parse-override.ts

@@ -0,0 +1,33 @@
+// Geteilter Override-Parser fuer policy-for-Query und resolve-for-tenant-
+// Helper. War vorher 1:1 in beiden Files dupliziert (Memory
+// `feedback_bulk_patterns` — Drift-Risiko bei Schema-Aenderungen).
+
+import { retentionOverrideSchema } from "../override-schema";
+import type { RetentionOverride } from "../resolver";
+
+export function parseRetentionOverrideOrNull(
+  raw: string | null,
+  tenantId: string,
+  callerLabel: string,
+): RetentionOverride | null {
+  if (!raw || raw.trim() === "") return null;
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (e) {
+    // biome-ignore lint/suspicious/noConsole: operator visibility for DB-corruption edge-case
+    console.warn(
+      `[${callerLabel}] tenant ${tenantId}: stored override is not valid JSON, ignoring. Reason: ${(e as Error).message}`,
+    );
+    return null;
+  }
+  const validation = retentionOverrideSchema.safeParse(parsed);
+  if (!validation.success) {
+    // biome-ignore lint/suspicious/noConsole: operator visibility for schema-drift
+    console.warn(
+      `[${callerLabel}] tenant ${tenantId}: stored override fails schema validation, ignoring. Issue: ${validation.error.issues[0]?.path.join(".")}: ${validation.error.issues[0]?.message}`,
+    );
+    return null;
+  }
+  return validation.data;
+}

package/src/data-retention/feature.ts

@@ -0,0 +1,57 @@
+import { defineFeature, type FeatureDefinition } from "@cosmicdrift/kumiko-framework/engine";
+import { policyForQuery } from "./handlers/policy-for.query";
+import { tenantRetentionOverrideEntity } from "./schema/tenant-retention-override";
+
+export { retentionOverrideSchema } from "./override-schema";
+export {
+  RETENTION_PRESETS,
+  type RetentionPreset,
+  type RetentionPresetKey,
+  SELECTABLE_RETENTION_PRESETS,
+} from "./presets";
+export {
+  type ResolveForTenantArgs,
+  resolveRetentionPolicyForTenant,
+} from "./resolve-for-tenant";
+export {
+  type EffectiveRetentionPolicy,
+  type ResolveRetentionPolicyArgs,
+  type RetentionOverride,
+  resolveRetentionPolicy,
+} from "./resolver";
+export {
+  tenantRetentionOverrideEntity,
+  tenantRetentionOverrideTable,
+} from "./schema/tenant-retention-override";
+
+// data-retention — automatisierte Aufbewahrung + Löschung pro Entity.
+//
+// Sprint 2.D1 (this commit):
+//   - 3-Schicht-Resolver (Entity-Default → Tenant-Preset → Tenant-Override)
+//   - Retention-Presets (dsgvo-basic, dsgvo-hgb, swiss-dsg, default)
+//   - tenantRetentionOverride-Entity für per-Tenant Edge-Cases
+//
+// Sprint 2.D2 (kommt):
+//   - Cleanup-Job mit Batch-Logik
+//   - Anonymize-Strategy + blockDelete-Frist-Check
+//
+// Sprint 2.D3 (kommt):
+//   - r.exposesApi("retention.policyFor") für user-data-rights
+//
+// Cross-Feature-Hinweis: Plan-Roadmap docs/plans/datenschutz/
+// core-data-retention.md — Forget-Flow konsultiert blockDelete via
+// retention.policyFor → anonymize statt hardDelete bei Aufbewahrungs-
+// pflicht. Das Wiring kommt in Sprint 2.U5.
+export function createDataRetentionFeature(): FeatureDefinition {
+  return defineFeature("data-retention", (r) => {
+    r.entity("tenant-retention-override", tenantRetentionOverrideEntity);
+
+    // S2.D3: Cross-Feature-API fuer Forget-Flow + Cleanup-Job
+    r.exposesApi("retention.policyFor");
+    r.queryHandler(policyForQuery);
+
+    // S2.D2b wird hier den Cleanup-Job registrieren:
+    //   r.job("retention-cleanup", { trigger: { cron: "0 3 * * *" } }, ...)
+    // + tenant-config-key fuer Preset-Auswahl.
+  });
+}