@cosmicdrift/kumiko-bundled-features 0.64.0 → 0.66.0

package/src/user-data-rights/index.ts

@@ -1,5 +1,8 @@
 export { createUserDataRightsFeature, type UserDataRightsOptions } from "./feature";
 export type { SendDeletionVerificationEmailFn } from "./handlers/request-deletion-by-email.write";
+// #494 Bestandsdaten-Reconcile — Apps rufen das einmalig vor dem Re-Enable
+// von read_users-Rebuilds (siehe lib-Doc).
+export { backfillUserLifecycleEvents } from "./lib/update-user-lifecycle";
 export type {
   SendExportFailedEmailFn,
   SendExportReadyEmailFn,

package/src/user-data-rights/lib/update-user-lifecycle.ts

@@ -0,0 +1,100 @@
+import { fetchOne, selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+import { createEventStoreExecutor, createTenantDb } from "@cosmicdrift/kumiko-framework/db";
+import { createSystemUser, type TenantId } from "@cosmicdrift/kumiko-framework/engine";
+import { InternalError } from "@cosmicdrift/kumiko-framework/errors";
+import { USER_STATUS, userEntity, userTable } from "../../user";
+
+// #494 — Lifecycle-Mutationen der user-Entity MUESSEN als `user.updated`-Event
+// laufen. Roh per updateMany geschrieben, wischt ein read_users-Rebuild sie
+// weg (er replayt nur `user.created` -> status faellt auf den Default zurueck;
+// gracePeriodEnd/pendingDeletionRequestId/Deleted gehen verloren = DSGVO-
+// Datenverlust).
+//
+// Das Event MUSS in denselben (tenant_id, aggregate_id)-Stream wie
+// `user.created` landen, sonst splittet das Aggregat ueber Tenants und der
+// Rebuild rekonstruiert nichts. Die user-Entity laeuft `r.systemScope()`, ihre
+// Events landen aber auf einem konkreten Tenant-Stream (siehe
+// auth-email-password/stream-tenant.ts; Root-Cause-Fix tracked in #497). Darum:
+// Rescope auf den Stream-Tenant des Users — den des `user.created`-Events,
+// NICHT `event.user.tenantId` (das ist der aktive Tenant zur Lifecycle-Zeit und
+// kann abweichen).
+const userExecutor = createEventStoreExecutor(userTable, userEntity, { entityName: "user" });
+
+// Stream-Tenant = die framework-injizierte tenant_id der read_users-Row. Der
+// Reducer setzt sie aus `user.created`.tenantId, ein Rebuild rekonstruiert sie
+// daraus — sie IST also der Stream-Key des Aggregats. Die Row direkt zu lesen
+// (statt das created-Event zu joinen) deckt auch direkt-geseedete Rows ab.
+async function streamTenantOf(conn: DbRunner, userId: string): Promise<TenantId | null> {
+  const row = await fetchOne<{ tenantId?: string }>(conn, userTable, { id: userId });
+  // @cast-boundary db-row — tenant_id ist eine TenantId-shaped uuid-Spalte.
+  return row?.tenantId ? (row.tenantId as TenantId) : null;
+}
+
+// `conn` ist ctx.db.raw (regulaere Handler) ODER die offene tx (forget-cleanup
+// Sub-Tx) — so bleibt der Event-Append atomar mit dem umgebenden Write.
+export async function updateUserLifecycle(
+  conn: DbRunner,
+  userId: string,
+  changes: Record<string, unknown>,
+): Promise<void> {
+  const streamTenantId = await streamTenantOf(conn, userId);
+  if (!streamTenantId) {
+    throw new InternalError({
+      message: `read_users row ${userId} has no tenant_id — cannot rescope lifecycle write to its stream tenant`,
+    });
+  }
+
+  // Rescope BEIDE Achsen auf den Stream-Tenant: der db-Arg treibt loadById +
+  // den Stream-Read, der user-Arg die Event-tenantId + Ownership. Nur beide
+  // zusammen halten created + updated auf einem Stream.
+  const tenantDb = createTenantDb(conn, streamTenantId, "tenant");
+  const result = await userExecutor.update(
+    { id: userId, changes },
+    createSystemUser(streamTenantId),
+    tenantDb,
+    { skipOptimisticLock: true },
+  );
+
+  if (!result.isSuccess) {
+    throw new InternalError({
+      message: `user lifecycle update failed for ${userId}: ${result.error.code}`,
+    });
+  }
+}
+
+// #494 Bestandsdaten-Reconcile: Rows, deren Lifecycle-State der alte
+// raw-updateMany-Pfad gesetzt hat, haben kein `user.updated`-Event — ein
+// Rebuild wuerde sie auf die `user.created`-Defaults zuruecksetzen. Diese
+// Funktion emittiert pro divergenter Row ein `user.updated` mit dem aktuellen
+// Live-State, sodass Event-Log und Live-Tabelle wieder uebereinstimmen.
+// MUSS einmalig ueber den Bestand laufen, BEVOR eine App read_users-Rebuilds
+// re-enabled. Idempotent gegen State (ein zweiter Lauf haengt ein identisches
+// user.updated an — harmlos, last-write-wins beim Replay).
+// ponytail: full read_users-Scan, in JS gefiltert — einmalige Migration, kein
+// Index/Streaming noetig. Bei Millionen-Rows: batchen.
+export async function backfillUserLifecycleEvents(conn: DbRunner): Promise<number> {
+  const rows = (await selectMany(conn, userTable, {})) as Array<{
+    id: string;
+    status: string;
+    gracePeriodEnd: unknown;
+    pendingDeletionRequestId: unknown;
+  }>;
+
+  let backfilled = 0;
+  for (const row of rows) {
+    const divergent =
+      row.status !== USER_STATUS.Active ||
+      row.gracePeriodEnd != null ||
+      row.pendingDeletionRequestId != null;
+    if (!divergent) continue;
+
+    await updateUserLifecycle(conn, row.id, {
+      status: row.status,
+      gracePeriodEnd: row.gracePeriodEnd,
+      pendingDeletionRequestId: row.pendingDeletionRequestId,
+    });
+    backfilled++;
+  }
+  return backfilled;
+}

package/src/user-data-rights/run-forget-cleanup.ts

@@ -32,7 +32,7 @@
 // gefailten Hooks bleibt im DeletionRequested-Status (next Lauf
 // retried automatisch).
 
-import { fetchOne, selectMany, updateMany } from "@cosmicdrift/kumiko-framework/bun-db";
+import { fetchOne, selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
 import {
   EXT_USER_DATA,
@@ -47,6 +47,7 @@ import { resolveRetentionPolicyForTenant } from "../data-retention";
 import { tenantMembershipsTable } from "../tenant";
 import { USER_STATUS, userTable } from "../user";
 import { selectUsersDueForForgetCleanup } from "./db/queries/forget-cleanup";
+import { updateUserLifecycle } from "./lib/update-user-lifecycle";
 
 type Instant = InstanceType<ReturnType<typeof getTemporal>["Instant"]>;
 
@@ -281,7 +282,7 @@ async function processUser(args: {
       // geworfen hat, kommen wir hier nicht an — die Tx rollback'd
       // alles, der User bleibt im DeletionRequested-Status, naechster
       // Run retried.
-      await updateMany(tx, userTable, { status: USER_STATUS.Deleted }, { id: userId });
+      await updateUserLifecycle(tx, userId, { status: USER_STATUS.Deleted });
       txSucceeded = true;
     });
   } catch (e) {

package/src/user-data-rights/web/__tests__/privacy-center-screen.test.tsx

@@ -0,0 +1,256 @@
+// Render-Test gegen echte i18n-Bundles (fängt fehlende Keys — der Screen
+// darf nie rohe "userDataRights.privacyCenter.*"-Keys zeigen) plus QN-Wiring
+// (die dispatchten Query-/Handler-Namen) und die status-getriebenen Branches.
+// Provider-Wrapper lokal (Dependency-Richtung renderer-web → bundled-features
+// verbietet test-utils-Import).
+
+import { describe, expect, test } from "bun:test";
+import { createStore, type Dispatcher, type DispatcherStatus } from "@cosmicdrift/kumiko-headless";
+import {
+  createStaticLocaleResolver,
+  DispatcherProvider,
+  kumikoDefaultTranslations,
+  type LiveEventSubscriber,
+  LiveEventsProvider,
+  LocaleProvider,
+  PrimitivesProvider,
+  TokensProvider,
+} from "@cosmicdrift/kumiko-renderer";
+import { defaultPrimitives, defaultTokens } from "@cosmicdrift/kumiko-renderer-web";
+import { fireEvent, render, waitFor } from "@testing-library/react";
+import type { ReactNode } from "react";
+import { UserQueries } from "../../../user";
+import {
+  EXPORT_JOB_STATUS,
+  USER_ME_QUERY,
+  UserDataRightsHandlers,
+  UserDataRightsQueries,
+} from "../../constants";
+import { EXPORT_JOB_STATUS as SCHEMA_EXPORT_JOB_STATUS } from "../../schema/export-job";
+import { defaultTranslations } from "../i18n";
+import { formatDate, PrivacyCenterScreen } from "../privacy-center-screen";
+
+const stubLiveEvents: LiveEventSubscriber = () => () => {};
+const stubTokens = {
+  tokens: defaultTokens,
+  mode: "light" as const,
+  setMode: () => {},
+  toggleMode: () => {},
+};
+const stubResolver = createStaticLocaleResolver();
+
+type QueryResponses = {
+  readonly me: Record<string, unknown>;
+  readonly exportStatus?: unknown;
+  readonly auditLog?: unknown;
+};
+
+function makeDispatcher(
+  responses: QueryResponses,
+  writes: Array<{ type: string; payload: unknown }>,
+): Dispatcher {
+  const statusStore = createStore<DispatcherStatus>("online");
+  const query = (async (type: string) => {
+    if (type === USER_ME_QUERY) return { isSuccess: true, data: responses.me };
+    if (type === UserDataRightsQueries.exportStatus) {
+      return { isSuccess: true, data: responses.exportStatus ?? { hasJob: false } };
+    }
+    if (type === UserDataRightsQueries.myAuditLog) {
+      return { isSuccess: true, data: responses.auditLog ?? { rows: [] } };
+    }
+    return { isSuccess: true, data: null };
+  }) as unknown as Dispatcher["query"];
+  const write = (async (type: string, payload: unknown) => {
+    writes.push({ type, payload });
+    return { isSuccess: true, data: {} };
+  }) as unknown as Dispatcher["write"];
+  return {
+    write,
+    query,
+    batch: (async () => ({ isSuccess: true, results: [] })) as unknown as Dispatcher["batch"],
+    statusStore,
+    pendingWrites: () => [],
+    pendingFiles: () => [],
+  } as unknown as Dispatcher; // @cast-boundary test-stub
+}
+
+function renderCenter(responses: QueryResponses): {
+  view: ReturnType<typeof render>;
+  writes: Array<{ type: string; payload: unknown }>;
+} {
+  const writes: Array<{ type: string; payload: unknown }> = [];
+  const wrapper = ({ children }: { readonly children: ReactNode }): ReactNode => (
+    <TokensProvider value={stubTokens}>
+      <LocaleProvider
+        resolver={stubResolver}
+        fallbackBundles={[defaultTranslations, kumikoDefaultTranslations]}
+      >
+        <PrimitivesProvider value={defaultPrimitives}>
+          <LiveEventsProvider value={stubLiveEvents}>
+            <DispatcherProvider dispatcher={makeDispatcher(responses, writes)}>
+              {children}
+            </DispatcherProvider>
+          </LiveEventsProvider>
+        </PrimitivesProvider>
+      </LocaleProvider>
+    </TokensProvider>
+  );
+  const view = render(<PrivacyCenterScreen />, { wrapper });
+  return { view, writes };
+}
+
+const activeMe = {
+  id: "00000000-0000-4000-8000-000000000042",
+  email: "marc@example.com",
+  status: "active",
+  gracePeriodEnd: null,
+};
+
+async function waitForMount(view: ReturnType<typeof render>): Promise<void> {
+  await waitFor(() => {
+    if (view.queryByTestId("privacy-center-screen") === null) {
+      throw new Error("not mounted yet");
+    }
+  });
+}
+
+// QUARANTINED (#457-Klasse): diese Render-Tests laufen lokal grün (13/13 isoliert,
+// 82/88 mit allen bundled-features-web-Tests parallel), failen aber auf CI-Linux
+// unter bun-`concurrency=8`. Diagnose aus dem CI-Log: parallele Test-FILES teilen
+// sich das eine globale happy-dom `document`; der globale `afterEach` aus
+// `test-setup/dom.preload.ts` (`cleanup()` + `document.body.replaceChildren()`)
+// eines parallel laufenden Tests wischt die in-flight gerenderte DOM eines anderen
+// weg → die `await`-Assertions hier finden den Screen-Stand eines Nachbar-Tests
+// (sichtbar: alle Fails zeigen denselben active-state Screen statt der eigenen
+// Test-Daten). Nicht aus diesem File fixbar — gleiche Architektur-Flake, wegen der
+// `deletion-screens.test.tsx` im selben Verzeichnis quarantäniert ist. Un-skip,
+// sobald das framework-weite Test-Isolation-Problem (#457) gelöst ist. Die
+// QN-Drift-Pins + formatDate unten decken die CI-stabile Verdrahtungs-Korrektheit ab.
+describe.skip("PrivacyCenterScreen", () => {
+  test("aktiver User: alle vier Sektionen, Texte übersetzt (keine rohen Keys)", async () => {
+    const { view } = renderCenter({ me: activeMe });
+    await waitForMount(view);
+    expect(view.getByTestId("privacy-export")).toBeTruthy();
+    expect(view.getByTestId("privacy-audit")).toBeTruthy();
+    expect(view.getByTestId("privacy-restriction")).toBeTruthy();
+    expect(view.getByTestId("privacy-deletion")).toBeTruthy();
+    expect(view.getByTestId("privacy-export-request")).toBeTruthy();
+    expect(view.getByTestId("privacy-audit-empty")).toBeTruthy();
+    expect(view.getByTestId("privacy-restriction-restrict")).toBeTruthy();
+    expect(view.getByTestId("privacy-deletion-delete")).toBeTruthy();
+    expect(view.container.textContent).not.toContain("userDataRights.privacyCenter");
+  });
+
+  test("export done: Download-Link auf den by-job-Pfad + Verfügbar-bis-Datum", async () => {
+    const { view } = renderCenter({
+      me: activeMe,
+      exportStatus: {
+        hasJob: true,
+        job: { id: "job-123", status: EXPORT_JOB_STATUS.Done, expiresAt: "2026-07-11T00:00:00Z" },
+      },
+    });
+    await waitForMount(view);
+    const link = view.getByTestId("privacy-export-download") as HTMLAnchorElement;
+    expect(link.getAttribute("href")).toBe("/user-export/by-job/job-123");
+    const ready = view.getByTestId("privacy-export-ready");
+    expect(ready.textContent).toContain("2026-07-11");
+    expect(ready.textContent).not.toContain("T00:00");
+  });
+
+  test("export failed: Fehler-Banner + Re-Request möglich", async () => {
+    const { view } = renderCenter({
+      me: activeMe,
+      exportStatus: { hasJob: true, job: { id: "job-9", status: EXPORT_JOB_STATUS.Failed } },
+    });
+    await waitForMount(view);
+    expect(view.getByTestId("privacy-export-failed")).toBeTruthy();
+    expect(view.getByTestId("privacy-export-request")).toBeTruthy();
+  });
+
+  test("export pending: in-progress Banner, kein Request-Button", async () => {
+    const { view } = renderCenter({
+      me: activeMe,
+      exportStatus: { hasJob: true, job: { id: "job-1", status: EXPORT_JOB_STATUS.Pending } },
+    });
+    await waitForMount(view);
+    expect(view.getByTestId("privacy-export-pending")).toBeTruthy();
+    expect(view.queryByTestId("privacy-export-request")).toBeNull();
+  });
+
+  test("audit rows rendern mit type + datum", async () => {
+    const { view } = renderCenter({
+      me: activeMe,
+      auditLog: {
+        rows: [
+          {
+            id: "ev-1",
+            type: "user.created",
+            aggregateType: "user",
+            createdAt: "2026-06-01T08:00:00Z",
+          },
+        ],
+      },
+    });
+    await waitForMount(view);
+    const rows = view.getAllByTestId("privacy-audit-row");
+    expect(rows.length).toBe(1);
+    expect(rows[0]?.textContent).toContain("user.created");
+    expect(rows[0]?.textContent).toContain("2026-06-01");
+  });
+
+  test("deletionRequested: Frist-Banner + Abbrechen statt Lösch-Button", async () => {
+    const { view } = renderCenter({
+      me: { ...activeMe, status: "deletionRequested", gracePeriodEnd: "2026-07-11T00:00:00Z" },
+    });
+    await waitForMount(view);
+    const banner = view.getByTestId("privacy-deletion-requested");
+    expect(banner.textContent).toContain("2026-07-11");
+    expect(banner.textContent).not.toContain("{date}");
+    expect(banner.textContent).not.toContain("T00:00");
+    expect(view.queryByTestId("privacy-deletion-delete")).toBeNull();
+    expect(view.getByTestId("privacy-deletion-cancel")).toBeTruthy();
+  });
+
+  test("restricted: Info-Banner statt Einschränken-Button", async () => {
+    const { view } = renderCenter({ me: { ...activeMe, status: "restricted" } });
+    await waitForMount(view);
+    expect(view.getByTestId("privacy-restriction-active")).toBeTruthy();
+    expect(view.queryByTestId("privacy-restriction-restrict")).toBeNull();
+  });
+
+  test("Export-Request dispatcht den korrekten Handler-QN", async () => {
+    const { view, writes } = renderCenter({ me: activeMe });
+    await waitForMount(view);
+    fireEvent.click(view.getByTestId("privacy-export-request"));
+    await waitFor(() => {
+      if (writes.length === 0) throw new Error("no write dispatched");
+    });
+    expect(writes[0]?.type).toBe(UserDataRightsHandlers.requestExport);
+  });
+});
+
+describe("QN-Drift-Pins (client-Konstanten vs. Feature-Originale)", () => {
+  test("USER_ME_QUERY spiegelt UserQueries.me", () => {
+    expect(USER_ME_QUERY).toBe(UserQueries.me);
+  });
+
+  test("EXPORT_JOB_STATUS-Mirror deckt sich mit dem Schema-Original", () => {
+    expect(EXPORT_JOB_STATUS).toEqual(SCHEMA_EXPORT_JOB_STATUS);
+  });
+});
+
+describe("formatDate", () => {
+  test("ISO instant → date part only (strips time + Z)", () => {
+    expect(formatDate("2026-07-11T00:00:00.000Z")).toBe("2026-07-11");
+  });
+
+  test("null / undefined / empty → em dash", () => {
+    expect(formatDate(null)).toBe("—");
+    expect(formatDate(undefined)).toBe("—");
+    expect(formatDate("")).toBe("—");
+  });
+
+  test("date-only string without time → returned as-is", () => {
+    expect(formatDate("2026-07-11")).toBe("2026-07-11");
+  });
+});

package/src/user-data-rights/web/client-plugin.tsx

@@ -0,0 +1,30 @@
+// @runtime client
+// Client-Feature-Factory für user-data-rights. Liefert den
+// PrivacyCenterScreen (gemappt auf die Screen-id "privacy-center") +
+// Default-Translations. Apps hängen es in
+// createKumikoApp({ clientFeatures: [userDataRightsClient()] }) ein; der
+// Screen wird server-seitig vom Feature dormant als custom-Screen
+// registriert (r.screen), die App platziert ihn via r.nav.
+
+import { mergeTranslations, type TranslationsByLocale } from "@cosmicdrift/kumiko-renderer";
+import type { ClientFeatureDefinition } from "@cosmicdrift/kumiko-renderer-web";
+import { PRIVACY_CENTER_SCREEN_ID, USER_DATA_RIGHTS_FEATURE } from "../constants";
+import { defaultTranslations } from "./i18n";
+import { PrivacyCenterScreen } from "./privacy-center-screen";
+
+export type UserDataRightsClientOptions = {
+  /** Key-weise Overrides über die Default-Bundles (de/en). */
+  readonly translations?: TranslationsByLocale;
+};
+
+export function userDataRightsClient(
+  options?: UserDataRightsClientOptions,
+): ClientFeatureDefinition {
+  return {
+    name: USER_DATA_RIGHTS_FEATURE,
+    translations: mergeTranslations(defaultTranslations, options?.translations ?? {}),
+    components: {
+      [PRIVACY_CENTER_SCREEN_ID]: PrivacyCenterScreen,
+    },
+  };
+}

package/src/user-data-rights/web/i18n.ts

@@ -31,6 +31,54 @@ export const defaultTranslations: TranslationsByLocale = {
     "userDataRights.deletion.confirm.missingToken":
       "Kein Token im Link gefunden. Bitte öffne den Link aus der E-Mail erneut.",
     "userDataRights.deletion.confirm.error": "Etwas ist schief gegangen. Bitte erneut versuchen.",
+
+    "userDataRights.privacyCenter.title": "Datenschutz",
+    "userDataRights.privacyCenter.intro":
+      "Verwalte deine Rechte nach DSGVO: Datenauskunft, Export, Einschränkung und Löschung deines Kontos.",
+    "userDataRights.privacyCenter.loading": "Lädt …",
+    "userDataRights.privacyCenter.loadError": "Deine Daten konnten nicht geladen werden.",
+    "userDataRights.privacyCenter.errors.generic":
+      "Etwas ist schief gegangen. Bitte erneut versuchen.",
+
+    "userDataRights.privacyCenter.export.title": "Daten exportieren (Art. 20)",
+    "userDataRights.privacyCenter.export.intro":
+      "Fordere eine Kopie deiner Daten an. Die Erstellung läuft im Hintergrund; sobald sie fertig ist, kannst du sie hier herunterladen.",
+    "userDataRights.privacyCenter.export.request": "Daten-Export anfordern",
+    "userDataRights.privacyCenter.export.requesting": "Wird angefordert …",
+    "userDataRights.privacyCenter.export.pending":
+      "Dein Export wird erstellt. Bitte später erneut schauen.",
+    "userDataRights.privacyCenter.export.failed":
+      "Die letzte Export-Erstellung ist fehlgeschlagen. Du kannst es erneut versuchen.",
+    "userDataRights.privacyCenter.export.ready": "Dein Export ist fertig.",
+    "userDataRights.privacyCenter.export.download": "Export herunterladen",
+    "userDataRights.privacyCenter.export.availableUntil": "Verfügbar bis {date}",
+    "userDataRights.privacyCenter.export.requestNew": "Neuen Export anfordern",
+
+    "userDataRights.privacyCenter.restriction.title": "Verarbeitung einschränken (Art. 18)",
+    "userDataRights.privacyCenter.restriction.explainer":
+      "Friere dein Konto ein: Die Verarbeitung deiner Daten wird pausiert und du wirst abgemeldet. Das Aufheben der Einschränkung ist danach nur über den Support möglich.",
+    "userDataRights.privacyCenter.restriction.restrict": "Konto einschränken",
+    "userDataRights.privacyCenter.restriction.dialogTitle": "Konto wirklich einschränken?",
+    "userDataRights.privacyCenter.restriction.dialogDescription":
+      "Du wirst sofort abgemeldet und kannst dich nicht mehr anmelden, bis der Support die Einschränkung aufhebt.",
+    "userDataRights.privacyCenter.restriction.restricted":
+      "Dein Konto ist eingeschränkt. Wende dich an den Support, um die Einschränkung aufzuheben.",
+
+    "userDataRights.privacyCenter.deletion.title": "Konto löschen (Art. 17)",
+    "userDataRights.privacyCenter.deletion.explainer":
+      "Beantrage die Löschung deines Kontos. Bis zum Ablauf der Frist kannst du die Löschung wieder abbrechen.",
+    "userDataRights.privacyCenter.deletion.delete": "Konto löschen",
+    "userDataRights.privacyCenter.deletion.requested": "Dein Konto wird am {date} gelöscht.",
+    "userDataRights.privacyCenter.deletion.cancel": "Löschung abbrechen",
+    "userDataRights.privacyCenter.deletion.cancelSuccess": "Die Löschung wurde abgebrochen.",
+    "userDataRights.privacyCenter.deletion.dialogTitle": "Konto wirklich löschen?",
+    "userDataRights.privacyCenter.deletion.dialogDescription":
+      "Mit dem Bestätigen startet die Lösch-Frist. Du kannst die Löschung bis zu ihrem Ablauf wieder abbrechen.",
+
+    "userDataRights.privacyCenter.audit.title": "Aktivitätsprotokoll (Art. 15)",
+    "userDataRights.privacyCenter.audit.intro":
+      "Die letzten Ereignisse zu deinem Konto über alle Tenants hinweg.",
+    "userDataRights.privacyCenter.audit.empty": "Noch keine Ereignisse.",
   },
   en: {
     "userDataRights.deletion.request.title": "Request account deletion",
@@ -56,5 +104,52 @@ export const defaultTranslations: TranslationsByLocale = {
     "userDataRights.deletion.confirm.missingToken":
       "No token found in the link. Please open the link from the email again.",
     "userDataRights.deletion.confirm.error": "Something went wrong. Please try again.",
+
+    "userDataRights.privacyCenter.title": "Privacy",
+    "userDataRights.privacyCenter.intro":
+      "Manage your GDPR rights: access, export, restrict, and delete your account.",
+    "userDataRights.privacyCenter.loading": "Loading …",
+    "userDataRights.privacyCenter.loadError": "Your data could not be loaded.",
+    "userDataRights.privacyCenter.errors.generic": "Something went wrong. Please try again.",
+
+    "userDataRights.privacyCenter.export.title": "Export your data (Art. 20)",
+    "userDataRights.privacyCenter.export.intro":
+      "Request a copy of your data. It is prepared in the background; once ready you can download it here.",
+    "userDataRights.privacyCenter.export.request": "Request data export",
+    "userDataRights.privacyCenter.export.requesting": "Requesting …",
+    "userDataRights.privacyCenter.export.pending":
+      "Your export is being prepared. Please check back later.",
+    "userDataRights.privacyCenter.export.failed":
+      "The last export failed to build. You can try again.",
+    "userDataRights.privacyCenter.export.ready": "Your export is ready.",
+    "userDataRights.privacyCenter.export.download": "Download export",
+    "userDataRights.privacyCenter.export.availableUntil": "Available until {date}",
+    "userDataRights.privacyCenter.export.requestNew": "Request a new export",
+
+    "userDataRights.privacyCenter.restriction.title": "Restrict processing (Art. 18)",
+    "userDataRights.privacyCenter.restriction.explainer":
+      "Freeze your account: processing of your data is paused and you are signed out. Lifting the restriction afterwards is only possible via support.",
+    "userDataRights.privacyCenter.restriction.restrict": "Restrict account",
+    "userDataRights.privacyCenter.restriction.dialogTitle": "Restrict your account?",
+    "userDataRights.privacyCenter.restriction.dialogDescription":
+      "You will be signed out immediately and cannot sign in again until support lifts the restriction.",
+    "userDataRights.privacyCenter.restriction.restricted":
+      "Your account is restricted. Contact support to lift the restriction.",
+
+    "userDataRights.privacyCenter.deletion.title": "Delete account (Art. 17)",
+    "userDataRights.privacyCenter.deletion.explainer":
+      "Request deletion of your account. Until the grace period ends you can cancel the deletion.",
+    "userDataRights.privacyCenter.deletion.delete": "Delete account",
+    "userDataRights.privacyCenter.deletion.requested": "Your account will be deleted on {date}.",
+    "userDataRights.privacyCenter.deletion.cancel": "Cancel deletion",
+    "userDataRights.privacyCenter.deletion.cancelSuccess": "The deletion was cancelled.",
+    "userDataRights.privacyCenter.deletion.dialogTitle": "Delete your account?",
+    "userDataRights.privacyCenter.deletion.dialogDescription":
+      "Confirming starts the deletion grace period. You can cancel the deletion until it ends.",
+
+    "userDataRights.privacyCenter.audit.title": "Activity log (Art. 15)",
+    "userDataRights.privacyCenter.audit.intro":
+      "The most recent events on your account across all tenants.",
+    "userDataRights.privacyCenter.audit.empty": "No events yet.",
   },
 };

package/src/user-data-rights/web/index.ts

@@ -5,8 +5,10 @@
 // Seite (defineFeature, Handler) lebt unter `.../user-data-rights` und hat
 // keine React-/DOM-Deps.
 
+export { type UserDataRightsClientOptions, userDataRightsClient } from "./client-plugin";
 export type { ConfirmAccountDeletionScreenProps } from "./confirm-deletion-screen";
 export { ConfirmAccountDeletionScreen } from "./confirm-deletion-screen";
 export { defaultTranslations } from "./i18n";
+export { formatDate, PrivacyCenterScreen } from "./privacy-center-screen";
 export type { RequestAccountDeletionScreenProps } from "./request-deletion-screen";
 export { RequestAccountDeletionScreen } from "./request-deletion-screen";