npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.87.3 → 0.89.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.87.3 → 0.89.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-bundled-features",
-  "version": "0.87.3",
+  "version": "0.89.0",
   "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -86,11 +86,11 @@
     "./step-dispatcher": "./src/step-dispatcher/index.ts"
   },
   "dependencies": {
-    "@cosmicdrift/kumiko-dispatcher-live": "0.87.3",
-    "@cosmicdrift/kumiko-framework": "0.87.3",
-    "@cosmicdrift/kumiko-headless": "0.87.3",
-    "@cosmicdrift/kumiko-renderer": "0.87.3",
-    "@cosmicdrift/kumiko-renderer-web": "0.87.3",
+    "@cosmicdrift/kumiko-dispatcher-live": "0.89.0",
+    "@cosmicdrift/kumiko-framework": "0.89.0",
+    "@cosmicdrift/kumiko-headless": "0.89.0",
+    "@cosmicdrift/kumiko-renderer": "0.89.0",
+    "@cosmicdrift/kumiko-renderer-web": "0.89.0",
     "@mollie/api-client": "^4.5.0",
     "@node-rs/argon2": "^2.0.2",
     "@types/nodemailer": "^8.0.0",

package/src/data-retention/__tests__/cleanup-cron-registration.test.ts ADDED Viewed

@@ -0,0 +1,23 @@
+// Beweist dass der retention-cleanup-Cron mit perTenant-Fan-out in der
+// komponierten Registry landet. Ohne perTenant feuert der Cron global einmal,
+// ctx hat keinen Tenant → der Handler returnt sofort → es wird NICHTS
+// bereinigt (silent no-op). r.job geht durch einen anderen Pfad als der
+// synthetische soft-delete-cleanup-Job, deshalb hier explizit gepinnt.
+import { describe, expect, test } from "bun:test";
+import { createRegistry } from "@cosmicdrift/kumiko-framework/engine";
+import { createDataRetentionFeature } from "../feature";
+const RETENTION_CLEANUP_JOB = "data-retention:job:retention-cleanup";
+describe("retention-cleanup cron registration", () => {
+  test("perTenant + daily trigger + skip-concurrency ueberleben die Komposition", () => {
+    const registry = createRegistry([createDataRetentionFeature()]);
+    const job = registry.getJob(RETENTION_CLEANUP_JOB);
+    expect(job).toBeDefined();
+    expect(job?.perTenant).toBe(true);
+    expect(job?.trigger).toEqual({ cron: "0 3 * * *" });
+    expect(job?.concurrency).toBe("skip");
+  });
+});

package/src/data-retention/__tests__/resolve-tenant-preset.test.ts ADDED Viewed

@@ -0,0 +1,57 @@
+// Unit-Test fuer die Preset-Ableitung aus dem Compliance-Profile (Layer 2).
+// Der DB-gebundene "present → derive"-Pfad wird im Integrationstest
+// (retention-cleanup.integration.test.ts) gegen echtes Postgres geprueft;
+// hier nur die pure Map + der Soft-Gate (compliance-profiles nicht gemountet).
+import { describe, expect, test } from "bun:test";
+import { COMPLIANCE_PROFILES } from "@cosmicdrift/kumiko-framework/compliance";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+import type { Registry, TenantId } from "@cosmicdrift/kumiko-framework/engine";
+import { RETENTION_PRESETS } from "../presets";
+import { PROFILE_TO_PRESET, resolveTenantRetentionPreset } from "../resolve-tenant-preset";
+describe("PROFILE_TO_PRESET map", () => {
+  test("deckt jeden ComplianceProfileKey ab", () => {
+    for (const key of Object.keys(COMPLIANCE_PROFILES)) {
+      expect(PROFILE_TO_PRESET[key as keyof typeof PROFILE_TO_PRESET]).toBeDefined();
+    }
+  });
+  test("mappt nur auf echte RetentionPreset-Keys", () => {
+    for (const preset of Object.values(PROFILE_TO_PRESET)) {
+      expect(RETENTION_PRESETS[preset]).toBeDefined();
+    }
+  });
+  test("swiss-dsg ist namensgleich, EU/DE mappen auf ihr Regime", () => {
+    expect(PROFILE_TO_PRESET["swiss-dsg"]).toBe("swiss-dsg");
+    expect(PROFILE_TO_PRESET["eu-dsgvo"]).toBe("dsgvo-basic");
+    expect(PROFILE_TO_PRESET["de-hr-dsgvo-hgb"]).toBe("dsgvo-hgb");
+    expect(PROFILE_TO_PRESET["minimal-no-region"]).toBe("default");
+  });
+});
+describe("resolveTenantRetentionPreset soft-gate", () => {
+  test("compliance-profiles nicht gemountet → null (ohne DB-Zugriff)", async () => {
+    let dbTouched = false;
+    const db = new Proxy(
+      {},
+      {
+        get() {
+          dbTouched = true;
+          throw new Error("DB must not be touched when compliance-profiles is absent");
+        },
+      },
+    ) as unknown as DbRunner;
+    const registry = { getEntity: () => undefined } as unknown as Registry;
+    const preset = await resolveTenantRetentionPreset({
+      db,
+      registry,
+      tenantId: "t1" as TenantId,
+    });
+    expect(preset).toBeNull();
+    expect(dbTouched).toBe(false);
+  });
+});

package/src/data-retention/__tests__/resolver.test.ts CHANGED Viewed

@@ -188,13 +188,13 @@ describe("resolveRetentionPolicy — Edge-Cases", () => {
   test("Preset hat eintrag, override hat anderen entityName → override greift NUR für seinen entityName", () => {
     const result = resolveRetentionPolicy({
-      entityName: "auditLog",
+      entityName: "audit-log",
       entityDef: null,
       tenantPreset: "dsgvo-hgb",
-      tenantOverride: null, // kein override für auditLog
+      tenantOverride: null, // kein override für audit-log
     });
-    // dsgvo-hgb.auditLog = 1y / hardDelete
+    // dsgvo-hgb["audit-log"] = 1y / hardDelete
     expect(result.source).toBe("preset");
     expect(result.policy?.keepFor).toBe("1y");
   });

package/src/data-retention/__tests__/retention-cleanup.integration.test.ts ADDED Viewed

@@ -0,0 +1,188 @@
+// S2.D2b — retention-cleanup gegen echtes Postgres.
+//
+// Verifiziert NICHT nur "alte Rows weg", sondern vor allem die Negativ-Faelle,
+// in denen sich Datenverlust-Bugs verstecken:
+//   - Rows INNERHALB der Retention bleiben
+//   - Rows eines ANDEREN Tenants bleiben (perTenant-Scope)
+//   - Entity OHNE Policy bleibt unangetastet
+//   - Policy mit nicht-existenter reference-Spalte → skip statt Mass-Delete
+//
+// Deckt zudem den createdAt→insertedAt-Alias (Boot-Validator erlaubt
+// "createdAt", die Spalte heisst aber inserted_at) und beide aktiven
+// Strategien (hardDelete batched, softDelete).
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "bun:test";
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import { createEntity, createTextField, defineFeature } from "@cosmicdrift/kumiko-framework/engine";
+import {
+  setupTestStack,
+  type TestStack,
+  unsafeCreateEntityTable,
+} from "@cosmicdrift/kumiko-framework/stack";
+import { getTemporal } from "@cosmicdrift/kumiko-framework/time";
+import { createDataRetentionFeature, tenantRetentionOverrideEntity } from "../feature";
+import { runRetentionCleanup } from "../run-retention-cleanup";
+// hardDelete, default-reference (createdAt → alias insertedAt → Spalte inserted_at).
+const widgetEntity = createEntity({
+  table: "read_c7_widget",
+  fields: { label: createTextField({ required: true }) },
+  retention: { keepFor: "30d", strategy: "hardDelete" },
+});
+// softDelete-Strategy → setzt is_deleted/deleted_at (Entity ist softDelete).
+const gadgetEntity = createEntity({
+  table: "read_c7_gadget",
+  softDelete: true,
+  fields: { label: createTextField({ required: true }) },
+  retention: { keepFor: "30d", strategy: "softDelete" },
+});
+// Keine Policy → darf nie angefasst werden.
+const plainEntity = createEntity({
+  table: "read_c7_plain",
+  fields: { label: createTextField({ required: true }) },
+});
+// reference="lastSeenAt" ist Boot-valide (Framework-Timestamp-Allowlist), aber
+// die Spalte existiert auf diesem Entity nicht → Guard muss skippen.
+const staleEntity = createEntity({
+  table: "read_c7_stale",
+  fields: { label: createTextField({ required: true }) },
+  retention: { keepFor: "30d", strategy: "hardDelete", reference: "lastSeenAt" },
+});
+const c7Feature = defineFeature("c7-retention-fixtures", (r) => {
+  r.entity("c7-widget", widgetEntity);
+  r.entity("c7-gadget", gadgetEntity);
+  r.entity("c7-plain", plainEntity);
+  r.entity("c7-stale", staleEntity);
+});
+const T1 = "11111111-1111-1111-1111-111111111111";
+const T2 = "22222222-2222-2222-2222-222222222222";
+let stack: TestStack;
+let now: ReturnType<ReturnType<typeof getTemporal>["Now"]["instant"]>;
+let pastIso: string;
+let withinIso: string;
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [createDataRetentionFeature(), c7Feature] });
+  for (const e of [
+    tenantRetentionOverrideEntity,
+    widgetEntity,
+    gadgetEntity,
+    plainEntity,
+    staleEntity,
+  ]) {
+    await unsafeCreateEntityTable(stack.db, e);
+  }
+  now = getTemporal().Now.instant();
+  pastIso = now.subtract({ hours: 60 * 24 }).toString(); // 60d alt → ueber Cutoff
+  withinIso = now.subtract({ hours: 10 * 24 }).toString(); // 10d alt → innerhalb
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+async function seed(table: string, tenantId: string, label: string, insertedAtIso: string) {
+  await asRawClient(stack.db).unsafe(
+    `INSERT INTO ${table} (tenant_id, label, inserted_at) VALUES ($1, $2, $3::timestamptz)`,
+    [tenantId, label, insertedAtIso],
+  );
+}
+async function labels(table: string, tenantId: string): Promise<string[]> {
+  const rows = (await asRawClient(stack.db).unsafe(
+    `SELECT label FROM ${table} WHERE tenant_id = $1 ORDER BY label`,
+    [tenantId],
+  )) as { label: string }[];
+  return rows.map((r) => r.label);
+}
+async function liveGadgetLabels(tenantId: string): Promise<string[]> {
+  const rows = (await asRawClient(stack.db).unsafe(
+    `SELECT label FROM read_c7_gadget WHERE tenant_id = $1 AND is_deleted = false ORDER BY label`,
+    [tenantId],
+  )) as { label: string }[];
+  return rows.map((r) => r.label);
+}
+beforeEach(async () => {
+  for (const t of ["read_c7_widget", "read_c7_gadget", "read_c7_plain", "read_c7_stale"]) {
+    await asRawClient(stack.db).unsafe(`DELETE FROM ${t}`);
+  }
+});
+describe("runRetentionCleanup :: real postgres", () => {
+  test("hardDelete entfernt nur abgelaufene Rows DES Tenants, behaelt frische + Fremd-Tenant", async () => {
+    await seed("read_c7_widget", T1, "expired-t1", pastIso);
+    await seed("read_c7_widget", T1, "fresh-t1", withinIso);
+    await seed("read_c7_widget", T2, "expired-t2", pastIso);
+    const result = await runRetentionCleanup({
+      db: stack.db,
+      registry: stack.registry,
+      tenantId: T1,
+      tenantPreset: null,
+      now,
+    });
+    expect(result.hardDeleted).toBe(1);
+    expect(await labels("read_c7_widget", T1)).toEqual(["fresh-t1"]); // within bleibt
+    expect(await labels("read_c7_widget", T2)).toEqual(["expired-t2"]); // Fremd-Tenant bleibt
+  });
+  test("softDelete markiert abgelaufene Rows, frische bleiben live", async () => {
+    await seed("read_c7_gadget", T1, "expired", pastIso);
+    await seed("read_c7_gadget", T1, "fresh", withinIso);
+    const result = await runRetentionCleanup({
+      db: stack.db,
+      registry: stack.registry,
+      tenantId: T1,
+      tenantPreset: null,
+      now,
+    });
+    expect(result.softDeleted).toBe(1);
+    expect(await liveGadgetLabels(T1)).toEqual(["fresh"]);
+    // Row physisch noch da (nur is_deleted=true).
+    expect(await labels("read_c7_gadget", T1)).toEqual(["expired", "fresh"]);
+  });
+  test("Entity ohne Policy bleibt komplett unangetastet", async () => {
+    await seed("read_c7_plain", T1, "ancient", pastIso);
+    await runRetentionCleanup({
+      db: stack.db,
+      registry: stack.registry,
+      tenantId: T1,
+      tenantPreset: null,
+      now,
+    });
+    expect(await labels("read_c7_plain", T1)).toEqual(["ancient"]);
+  });
+  test("fehlende reference-Spalte → skip statt Mass-Delete", async () => {
+    await seed("read_c7_stale", T1, "should-survive", pastIso);
+    const result = await runRetentionCleanup({
+      db: stack.db,
+      registry: stack.registry,
+      tenantId: T1,
+      tenantPreset: null,
+      now,
+    });
+    expect(await labels("read_c7_stale", T1)).toEqual(["should-survive"]);
+    expect(result.skipped).toContainEqual({
+      entityName: "c7-stale",
+      reason: "missing_reference_column",
+    });
+    expect(result.hardDeleted).toBe(0);
+  });
+});

package/src/data-retention/feature.ts CHANGED Viewed

@@ -1,5 +1,7 @@
 import { defineFeature, type FeatureDefinition } from "@cosmicdrift/kumiko-framework/engine";
 import { policyForQuery } from "./handlers/policy-for.query";
+import { resolveTenantRetentionPreset } from "./resolve-tenant-preset";
+import { runRetentionCleanup } from "./run-retention-cleanup";
 import { tenantRetentionOverrideEntity } from "./schema/tenant-retention-override";
 export { retentionOverrideSchema } from "./override-schema";
@@ -13,12 +15,22 @@ export {
   type ResolveForTenantArgs,
   resolveRetentionPolicyForTenant,
 } from "./resolve-for-tenant";
+export {
+  type ResolveTenantPresetArgs,
+  resolveTenantRetentionPreset,
+} from "./resolve-tenant-preset";
 export {
   type EffectiveRetentionPolicy,
   type ResolveRetentionPolicyArgs,
   type RetentionOverride,
   resolveRetentionPolicy,
 } from "./resolver";
+export {
+  type RetentionCleanupSkip,
+  type RunRetentionCleanupArgs,
+  type RunRetentionCleanupResult,
+  runRetentionCleanup,
+} from "./run-retention-cleanup";
 export {
   tenantRetentionOverrideEntity,
   tenantRetentionOverrideTable,
@@ -31,11 +43,12 @@ export {
 //   - Retention-Presets (dsgvo-basic, dsgvo-hgb, swiss-dsg, default)
 //   - tenantRetentionOverride-Entity für per-Tenant Edge-Cases
 //
-// Sprint 2.D2 (kommt):
-//   - Cleanup-Job mit Batch-Logik
-//   - Anonymize-Strategy + blockDelete-Frist-Check
+// Sprint 2.D2b (this commit):
+//   - retention-cleanup-Cron (perTenant) — hardDelete (batched) + softDelete
+//   - Layer-2-Preset aus dem Compliance-Profile abgeleitet (soft-dep)
+//   - anonymize deferred (Idempotenz-Marker, siehe run-retention-cleanup.ts)
 //
-// Sprint 2.D3 (kommt):
+// Sprint 2.D3 (done):
 //   - r.exposesApi("retention.policyFor") für user-data-rights
 //
 // Cross-Feature-Hinweis: Plan-Roadmap docs/plans/datenschutz/
@@ -58,8 +71,46 @@ export function createDataRetentionFeature(): FeatureDefinition {
     r.exposesApi("retention.policyFor");
     r.queryHandler(policyForQuery);
-    // S2.D2b wird hier den Cleanup-Job registrieren:
-    //   r.job("retention-cleanup", { trigger: { cron: "0 3 * * *" } }, ...)
-    // + tenant-config-key fuer Preset-Auswahl.
+    // S2.D2b — autonomer Retention-Cleanup. perTenant-Fan-out (ein Run pro
+    // aktivem Tenant, wie soft-delete-cleanup): die job-DB ist NICHT
+    // tenant-scoped, deshalb scoped der Runner jeden Delete explizit per
+    // tenantId. Ohne diesen Cron werden Retention-Regeln zwar konfiguriert,
+    // aber nie ausgefuehrt.
+    r.job(
+      "retention-cleanup",
+      { trigger: { cron: "0 3 * * *" }, perTenant: true, concurrency: "skip" },
+      async (_payload, ctx) => {
+        if (!ctx.db || !ctx.registry) {
+          throw new Error(
+            "retention-cleanup: ctx.db + ctx.registry required (JobContext incomplete)",
+          );
+        }
+        const tenantId = ctx.systemUser?.tenantId ?? ctx._tenantId;
+        if (tenantId === undefined) {
+          // skip: cron fired without a perTenant fan-out tenant — nothing scoped
+          return;
+        }
+        const T = (await import("@cosmicdrift/kumiko-framework/time")).getTemporal();
+        const cleanupDb = ctx.db as import("@cosmicdrift/kumiko-framework/db").DbConnection; // @cast-boundary db-operator
+        const tenantPreset = await resolveTenantRetentionPreset({
+          db: cleanupDb,
+          registry: ctx.registry,
+          tenantId,
+        });
+        const result = await runRetentionCleanup({
+          db: cleanupDb,
+          registry: ctx.registry,
+          tenantId,
+          tenantPreset,
+          now: T.Now.instant(),
+        });
+        if (result.anonymizeDeferred.length > 0 || result.skipped.length > 0) {
+          // biome-ignore lint/suspicious/noConsole: operator-visibility for deferred/skipped entities
+          console.warn(
+            `[data-retention:retention-cleanup] tenant=${tenantId} anonymizeDeferred=${result.anonymizeDeferred.join(",") || "-"} skipped=${result.skipped.map((s) => `${s.entityName}:${s.reason}`).join(",") || "-"}`,
+          );
+        }
+      },
+    );
   });
 }

package/src/data-retention/presets.ts CHANGED Viewed

@@ -34,18 +34,18 @@ export const RETENTION_PRESETS: Readonly<Record<RetentionPresetKey, RetentionPre
   // DSGVO Basic — Datenminimierung ohne Buchhaltungspflichten.
   "dsgvo-basic": {
-    auditLog: { keepFor: "1y", strategy: "hardDelete", reference: "createdAt" },
+    "audit-log": { keepFor: "1y", strategy: "hardDelete", reference: "createdAt" },
     session: { keepFor: "30d", strategy: "hardDelete", reference: "lastSeenAt" },
-    httpLog: { keepFor: "90d", strategy: "hardDelete", reference: "createdAt" },
+    "http-log": { keepFor: "90d", strategy: "hardDelete", reference: "createdAt" },
   },
   // DSGVO + HGB — deutsche Aufbewahrungspflichten überlagert. Order
   // wird anonymisiert (PII raus, Geschäftsdaten bleiben), Invoice +
   // Booking sind blockDelete bis 10 Jahre, dann Anonymize.
   "dsgvo-hgb": {
-    auditLog: { keepFor: "1y", strategy: "hardDelete", reference: "createdAt" },
+    "audit-log": { keepFor: "1y", strategy: "hardDelete", reference: "createdAt" },
     session: { keepFor: "30d", strategy: "hardDelete", reference: "lastSeenAt" },
-    httpLog: { keepFor: "90d", strategy: "hardDelete", reference: "createdAt" },
+    "http-log": { keepFor: "90d", strategy: "hardDelete", reference: "createdAt" },
     invoice: { keepFor: "10y", strategy: "blockDelete", reference: "createdAt" },
     booking: { keepFor: "10y", strategy: "blockDelete", reference: "createdAt" },
     contract: { keepFor: "6y", strategy: "blockDelete", reference: "createdAt" },
@@ -54,7 +54,7 @@ export const RETENTION_PRESETS: Readonly<Record<RetentionPresetKey, RetentionPre
   // Schweizer DSG — ähnlich DSGVO mit OR Art. 958f Aufbewahrung.
   "swiss-dsg": {
-    auditLog: { keepFor: "1y", strategy: "hardDelete", reference: "createdAt" },
+    "audit-log": { keepFor: "1y", strategy: "hardDelete", reference: "createdAt" },
     session: { keepFor: "30d", strategy: "hardDelete", reference: "lastSeenAt" },
     invoice: { keepFor: "10y", strategy: "blockDelete", reference: "createdAt" },
   },

package/src/data-retention/resolve-for-tenant.ts CHANGED Viewed

@@ -10,6 +10,7 @@ import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
 import type { Registry, TenantId } from "@cosmicdrift/kumiko-framework/engine";
 import { parseRetentionOverrideOrNull } from "./_internal/parse-override";
+import type { RetentionPresetKey } from "./presets";
 import { type EffectiveRetentionPolicy, resolveRetentionPolicy } from "./resolver";
 import { tenantRetentionOverrideTable } from "./schema/tenant-retention-override";
@@ -18,6 +19,13 @@ export interface ResolveForTenantArgs {
   readonly registry: Registry;
   readonly tenantId: TenantId;
   readonly entityName: string;
+  /**
+   * Layer 2 — Tenant-Preset, vom Caller aufgeloest (retention-cleanup-Cron
+   * leitet ihn aus dem Compliance-Profile ab, siehe resolve-tenant-preset.ts).
+   * null = kein Preset, Resolver faellt auf Entity-Default (Layer 1) +
+   * Tenant-Override (Layer 3) zurueck.
+   */
+  readonly tenantPreset?: RetentionPresetKey | null;
 }
 export async function resolveRetentionPolicyForTenant(
@@ -36,13 +44,10 @@ export async function resolveRetentionPolicyForTenant(
   const entityDef = args.registry.getEntity(args.entityName) ?? null;
-  // Layer 2 (Tenant-Preset) kommt mit S2.D2b. Bis dahin null.
-  const tenantPreset = null;
   return resolveRetentionPolicy({
     entityName: args.entityName,
     entityDef,
-    tenantPreset,
+    tenantPreset: args.tenantPreset ?? null,
     tenantOverride,
   });
 }

package/src/data-retention/resolve-tenant-preset.ts ADDED Viewed

@@ -0,0 +1,51 @@
+// Leitet den Layer-2 Retention-Preset eines Tenants aus seinem Compliance-
+// Profile ab. Der retention-cleanup-Cron ruft das pro fan-out-Tenant.
+//
+// **Soft-Dependency:** data-retention bleibt standalone-mountbar. Nur wenn
+// compliance-profiles mit-gemountet ist (seine Entity registriert), wird ein
+// Preset abgeleitet — sonst null, dann greifen ausschliesslich Entity-Defaults
+// (Layer 1) + per-Entity Tenant-Overrides (Layer 3). Kein r.requires, damit
+// eine App data-retention auch ohne Compliance-Profiles nutzen kann.
+//
+// Die Map ist intentional: Compliance-Profile (Region) und Retention-Preset
+// sind beide um dieselben drei Regimes gebaut (EU/CH/DE-HGB). swiss-dsg ist
+// sogar namensgleich. minimal-no-region → "default" (No-Op-Preset).
+import type { ComplianceProfileKey } from "@cosmicdrift/kumiko-framework/compliance";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+import type { Registry, TenantId } from "@cosmicdrift/kumiko-framework/engine";
+import { resolveProfileForTenant } from "../compliance-profiles";
+import type { RetentionPresetKey } from "./presets";
+// r.entity-Name aus compliance-profiles/feature.ts — Probe ob das Feature
+// gemountet ist, bevor wir seine Tabelle lesen (sonst wirft fetchOne).
+const COMPLIANCE_PROFILE_ENTITY = "tenant-compliance-profile";
+const PROFILE_TO_PRESET: Readonly<Record<ComplianceProfileKey, RetentionPresetKey>> = {
+  "eu-dsgvo": "dsgvo-basic",
+  "de-hr-dsgvo-hgb": "dsgvo-hgb",
+  "swiss-dsg": "swiss-dsg",
+  "minimal-no-region": "default",
+} satisfies Readonly<Record<ComplianceProfileKey, RetentionPresetKey>>;
+export interface ResolveTenantPresetArgs {
+  readonly db: DbRunner;
+  readonly registry: Registry;
+  readonly tenantId: TenantId;
+}
+export async function resolveTenantRetentionPreset(
+  args: ResolveTenantPresetArgs,
+): Promise<RetentionPresetKey | null> {
+  if (!args.registry.getEntity(COMPLIANCE_PROFILE_ENTITY)) {
+    return null;
+  }
+  // resolveProfileForTenant liest die 1:1-Profile-Row des Tenants (boot-DB,
+  // by tenantId gefiltert) und faellt auf minimal-no-region zurueck wenn der
+  // Tenant noch kein Profile gewaehlt hat.
+  const effective = await resolveProfileForTenant({ db: args.db, tenantId: args.tenantId });
+  return PROFILE_TO_PRESET[effective.profile.key] ?? null;
+}
+// Exportiert fuer den Unit-Test (Map-Vollstaendigkeit gegen ComplianceProfileKey).
+export { PROFILE_TO_PRESET };