@cosmicdrift/kumiko-bundled-features 0.87.3 → 0.88.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/package.json +6 -6
  2. package/src/user-data-rights/__tests__/inspector-screens.boot.test.ts +65 -0
  3. package/src/user-data-rights/feature.ts +14 -0
  4. package/src/user-data-rights/handlers/download-attempt-list.query.ts +11 -0
  5. package/src/user-data-rights/handlers/export-job-detail.query.ts +7 -0
  6. package/src/user-data-rights/handlers/export-job-list.query.ts +8 -0
  7. package/src/user-data-rights/screens.ts +71 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cosmicdrift/kumiko-bundled-features",
3
- "version": "0.87.3",
3
+ "version": "0.88.0",
4
4
  "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
5
5
  "license": "BUSL-1.1",
6
6
  "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -86,11 +86,11 @@
86
86
  "./step-dispatcher": "./src/step-dispatcher/index.ts"
87
87
  },
88
88
  "dependencies": {
89
- "@cosmicdrift/kumiko-dispatcher-live": "0.87.3",
90
- "@cosmicdrift/kumiko-framework": "0.87.3",
91
- "@cosmicdrift/kumiko-headless": "0.87.3",
92
- "@cosmicdrift/kumiko-renderer": "0.87.3",
93
- "@cosmicdrift/kumiko-renderer-web": "0.87.3",
89
+ "@cosmicdrift/kumiko-dispatcher-live": "0.88.0",
90
+ "@cosmicdrift/kumiko-framework": "0.88.0",
91
+ "@cosmicdrift/kumiko-headless": "0.88.0",
92
+ "@cosmicdrift/kumiko-renderer": "0.88.0",
93
+ "@cosmicdrift/kumiko-renderer-web": "0.88.0",
94
94
  "@mollie/api-client": "^4.5.0",
95
95
  "@node-rs/argon2": "^2.0.2",
96
96
  "@types/nodemailer": "^8.0.0",
package/src/user-data-rights/__tests__/inspector-screens.boot.test.ts ADDED
@@ -0,0 +1,65 @@
1
+ import { describe, expect, test } from "bun:test";
2
+ import { validateBoot } from "@cosmicdrift/kumiko-framework/engine";
3
+ import { createComplianceProfilesFeature } from "../../compliance-profiles/feature";
4
+ import { createConfigFeature } from "../../config/feature";
5
+ import { createDataRetentionFeature } from "../../data-retention/feature";
6
+ import { createSessionsFeature } from "../../sessions/feature";
7
+ import { createUserFeature } from "../../user/feature";
8
+ import { createUserDataRightsFeature } from "../feature";
9
+
10
+ // Read-only GDPR inspector screens live IN user-data-rights (the boot-validator
11
+ // forbids cross-feature screen ownership). The validator checks screen structure
12
+ // — entity-local binding, columns/fields exist on the entity, rowAction targets
13
+ // resolve — so a clean boot proves the entityList/entityEdit defs bind to the
14
+ // real event-sourced entities and the convention list/detail QNs exist. The
15
+ // entities (export-job, download-attempt) are r.entity, not direct-write stores,
16
+ // so an entityList binding is rebuild-safe (unlike jobs/sessions read-models).
17
+
18
+ describe("user-data-rights read-only inspector screens", () => {
19
+ const features = [
20
+ createConfigFeature(),
21
+ createUserFeature(),
22
+ createSessionsFeature(),
23
+ createDataRetentionFeature(),
24
+ createComplianceProfilesFeature(),
25
+ createUserDataRightsFeature(),
26
+ ];
27
+
28
+ test("the assembled feature set boot-validates", () => {
29
+ expect(() => validateBoot(features)).not.toThrow();
30
+ });
31
+
32
+ test("ships SystemAdmin-gated list + detail screens", () => {
33
+ const f = createUserDataRightsFeature();
34
+ expect(Object.keys(f.screens)).toEqual(
35
+ expect.arrayContaining(["export-job-list", "export-job-detail", "download-attempt-list"]),
36
+ );
37
+ const list = f.screens["export-job-list"];
38
+ expect(list?.type).toBe("entityList");
39
+ expect(list?.access).toEqual({ roles: ["SystemAdmin"] });
40
+ });
41
+
42
+ test("export-job detail is strictly read-only (no create/delete, every field readOnly)", () => {
43
+ const f = createUserDataRightsFeature();
44
+ const edit = f.screens["export-job-detail"];
45
+ expect(edit?.type).toBe("entityEdit");
46
+ if (edit?.type === "entityEdit") {
47
+ expect(edit.allowCreate).toBe(false);
48
+ expect(edit.allowDelete).toBe(false);
49
+ const fields = edit.layout.sections.flatMap((s) => ("fields" in s ? s.fields : []));
50
+ expect(fields.length).toBeGreaterThan(0);
51
+ expect(fields.every((field) => typeof field === "object" && field.readOnly === true)).toBe(
52
+ true,
53
+ );
54
+ }
55
+ });
56
+
57
+ test("convention list/detail handlers resolve the screen QNs", () => {
58
+ const f = createUserDataRightsFeature();
59
+ // entityList → user-data-rights:query:export-job:list; entityEdit detail →
60
+ // :export-job:detail; download-attempt list → :download-attempt:list.
61
+ expect(Object.keys(f.queryHandlers)).toEqual(
62
+ expect.arrayContaining(["export-job:list", "export-job:detail", "download-attempt:list"]),
63
+ );
64
+ });
65
+ });
package/src/user-data-rights/feature.ts CHANGED
@@ -8,8 +8,11 @@ import {
8
8
  import { PRIVACY_CENTER_SCREEN_ID } from "./constants";
9
9
  import { cancelDeletionWrite } from "./handlers/cancel-deletion.write";
10
10
  import { createConfirmDeletionByTokenHandler } from "./handlers/confirm-deletion-by-token.write";
11
+ import { downloadAttemptListQuery } from "./handlers/download-attempt-list.query";
11
12
  import { downloadByJobQuery } from "./handlers/download-by-job.query";
12
13
  import { downloadByTokenQuery } from "./handlers/download-by-token.query";
14
+ import { exportJobDetailQuery } from "./handlers/export-job-detail.query";
15
+ import { exportJobListQuery } from "./handlers/export-job-list.query";
13
16
  import { exportStatusQuery } from "./handlers/export-status.query";
14
17
  import { liftRestrictionWrite } from "./handlers/lift-restriction.write";
15
18
  import { listDownloadAttemptsQuery } from "./handlers/list-download-attempts.query";
@@ -36,6 +39,7 @@ import { runForgetCleanup, type SendDeletionExecutedEmailFn } from "./run-forget
36
39
  import { downloadAttemptEntity } from "./schema/download-attempt";
37
40
  import { exportDownloadTokenEntity } from "./schema/download-token";
38
41
  import { exportJobEntity } from "./schema/export-job";
42
+ import { downloadAttemptListScreen, exportJobDetailScreen, exportJobListScreen } from "./screens";
39
43
 
40
44
  // user-data-rights — DSGVO Art. 15 (Auskunft) + Art. 17 (Löschung) +
41
45
  // Art. 18 (Restriction) + Art. 20 (Portabilität) als Core-Feature.
@@ -222,6 +226,16 @@ export function createUserDataRightsFeature(opts: UserDataRightsOptions = {}): F
222
226
  r.queryHandler(myAuditLogQuery);
223
227
  r.queryHandler(listDownloadAttemptsQuery);
224
228
 
229
+ // Read-only operator inspector over the GDPR read-models (SystemAdmin).
230
+ // Convention list/detail handlers so entityList/entityEdit resolve by QN;
231
+ // the screens stay inert until an app navs them (opt-in at wire time).
232
+ r.queryHandler(exportJobListQuery);
233
+ r.queryHandler(exportJobDetailQuery);
234
+ r.queryHandler(downloadAttemptListQuery);
235
+ r.screen(exportJobListScreen);
236
+ r.screen(exportJobDetailScreen);
237
+ r.screen(downloadAttemptListScreen);
238
+
225
239
  // Dormant Self-Service-Screen (Art. 15/17/18/20): Export, Aktivitäts-
226
240
  // protokoll, Einschränkung, Löschung in einem Screen. Kein r.nav — die
227
241
  // App platziert ihn im eingeloggten Bereich. Die React-Component kommt
package/src/user-data-rights/handlers/download-attempt-list.query.ts ADDED
@@ -0,0 +1,11 @@
1
+ import { access, defineEntityListHandler } from "@cosmicdrift/kumiko-framework/engine";
2
+ import { downloadAttemptEntity } from "../schema/download-attempt";
3
+
4
+ // SystemAdmin operator view of invalid download attempts (DPO brute-force
5
+ // triage). A bespoke list-download-attempts query already exists but sits on a
6
+ // non-convention QN; entityList needs the convention `download-attempt:list`.
7
+ export const downloadAttemptListQuery = defineEntityListHandler(
8
+ "download-attempt",
9
+ downloadAttemptEntity,
10
+ { access: { roles: access.systemAdmin } },
11
+ );
package/src/user-data-rights/handlers/export-job-detail.query.ts ADDED
@@ -0,0 +1,7 @@
1
+ import { access, defineEntityDetailHandler } from "@cosmicdrift/kumiko-framework/engine";
2
+ import { exportJobEntity } from "../schema/export-job";
3
+
4
+ // Detail fetch backing the read-only export-job inspector screen.
5
+ export const exportJobDetailQuery = defineEntityDetailHandler("export-job", exportJobEntity, {
6
+ access: { roles: access.systemAdmin },
7
+ });
package/src/user-data-rights/handlers/export-job-list.query.ts ADDED
@@ -0,0 +1,8 @@
1
+ import { access, defineEntityListHandler } from "@cosmicdrift/kumiko-framework/engine";
2
+ import { exportJobEntity } from "../schema/export-job";
3
+
4
+ // SystemAdmin operator view of GDPR Art. 20 export jobs. Read-only inspector —
5
+ // rows are created by the user's request-export flow, never through this handler.
6
+ export const exportJobListQuery = defineEntityListHandler("export-job", exportJobEntity, {
7
+ access: { roles: access.systemAdmin },
8
+ });
package/src/user-data-rights/screens.ts ADDED
@@ -0,0 +1,71 @@
1
+ import type {
2
+ EntityEditScreenDefinition,
3
+ EntityListScreenDefinition,
4
+ } from "@cosmicdrift/kumiko-framework/engine";
5
+
6
+ // Read-only operator inspector for the GDPR data-rights read-models. All
7
+ // screens are SystemAdmin-gated and inert until an app navs them — the feature
8
+ // only registers them, the app opts in per screen via r.nav (see the
9
+ // mount-inspector-screens guide). The entities are event-sourced r.entity rows,
10
+ // so binding entityList/entityEdit to them is safe (no direct-write rebuild
11
+ // hazard like jobs/sessions).
12
+
13
+ // Read-only field shorthand for the detail screens — every field is display-only.
14
+ const ro = (field: string) => ({ field, readOnly: true });
15
+
16
+ export const exportJobListScreen: EntityListScreenDefinition = {
17
+ id: "export-job-list",
18
+ type: "entityList",
19
+ entity: "export-job",
20
+ columns: ["userId", "status", "requestedAt", "completedAt", "expiresAt"],
21
+ rowActions: [
22
+ {
23
+ kind: "navigate",
24
+ id: "view",
25
+ label: "kumiko.actions.view",
26
+ screen: "export-job-detail",
27
+ entityId: "id",
28
+ },
29
+ ],
30
+ searchable: false,
31
+ access: { roles: ["SystemAdmin"] },
32
+ };
33
+
34
+ export const exportJobDetailScreen: EntityEditScreenDefinition = {
35
+ id: "export-job-detail",
36
+ type: "entityEdit",
37
+ entity: "export-job",
38
+ layout: {
39
+ sections: [
40
+ {
41
+ columns: 2,
42
+ fields: [
43
+ ro("userId"),
44
+ ro("requestedFromTenantId"),
45
+ ro("status"),
46
+ ro("requestedAt"),
47
+ ro("startedAt"),
48
+ ro("completedAt"),
49
+ ro("expiresAt"),
50
+ ro("downloadStorageKey"),
51
+ ro("bytesWritten"),
52
+ ro("errorMessage"),
53
+ ],
54
+ },
55
+ ],
56
+ },
57
+ // Inspector is strictly read-only: no export-job:create/update/delete handler
58
+ // exists, and the export lifecycle is driven by the worker, not an operator.
59
+ allowCreate: false,
60
+ allowDelete: false,
61
+ access: { roles: ["SystemAdmin"] },
62
+ };
63
+
64
+ export const downloadAttemptListScreen: EntityListScreenDefinition = {
65
+ id: "download-attempt-list",
66
+ type: "entityList",
67
+ entity: "download-attempt",
68
+ columns: ["attemptedAt", "result", "via", "ip", "attemptedByUserId", "jobId"],
69
+ searchable: false,
70
+ access: { roles: ["SystemAdmin"] },
71
+ };