npm - @nestarc/data-subject - Versions diffs - 0.1.0 - Mend

@nestarc/data-subject 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/LICENSE +21 -0
package/README.md +351 -0
package/dist/data-subject.module.d.ts +19 -0
package/dist/data-subject.module.js +55 -0
package/dist/data-subject.service.d.ts +35 -0
package/dist/data-subject.service.js +162 -0
package/dist/erase-runner.d.ts +10 -0
package/dist/erase-runner.js +114 -0
package/dist/errors.d.ts +16 -0
package/dist/errors.js +34 -0
package/dist/export-runner.d.ts +14 -0
package/dist/export-runner.js +34 -0
package/dist/index.d.ts +18 -0
package/dist/index.js +36 -0
package/dist/legal-basis.d.ts +4 -0
package/dist/legal-basis.js +22 -0
package/dist/policy-compiler.d.ts +11 -0
package/dist/policy-compiler.js +50 -0
package/dist/prisma/from-prisma.d.ts +23 -0
package/dist/prisma/from-prisma.js +42 -0
package/dist/registry.d.ts +14 -0
package/dist/registry.js +27 -0
package/dist/storage/artifact-storage.interface.d.ts +7 -0
package/dist/storage/artifact-storage.interface.js +2 -0
package/dist/storage/in-memory-artifact-storage.d.ts +9 -0
package/dist/storage/in-memory-artifact-storage.js +14 -0
package/dist/storage/in-memory-request-storage.d.ts +12 -0
package/dist/storage/in-memory-request-storage.js +38 -0
package/dist/storage/request-storage.interface.d.ts +10 -0
package/dist/storage/request-storage.interface.js +2 -0
package/dist/types.d.ts +68 -0
package/dist/types.js +2 -0
package/package.json +59 -0

package/dist/erase-runner.js ADDED Viewed

@@ -0,0 +1,114 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EraseRunner = void 0;
+const errors_1 = require("./errors");
+class EraseRunner {
+    registry;
+    constructor(registry) {
+        this.registry = registry;
+    }
+    async run(subjectId, tenantId) {
+        const entities = [];
+        const retained = [];
+        const verificationResidual = [];
+        for (const entry of this.registry.list()) {
+            const outcome = classify(entry.policy);
+            let affected = 0;
+            if (outcome.rowStrategy === 'delete') {
+                affected = await entry.executor.erase(subjectId, tenantId, {
+                    rowLevel: entry.policy.rowLevel,
+                    deleteFields: outcome.deleteFields,
+                });
+            }
+            else if (outcome.rowStrategy === 'anonymize') {
+                affected = await entry.executor.anonymize(subjectId, tenantId, outcome.updateMap);
+            }
+            else {
+                const rows = await entry.executor.select(subjectId, tenantId);
+                affected = rows.length;
+            }
+            const rowsAfter = await entry.executor.select(subjectId, tenantId);
+            for (const item of outcome.retained) {
+                retained.push({
+                    entityName: entry.policy.entityName,
+                    field: item.field,
+                    legalBasis: item.legalBasis,
+                    count: rowsAfter.length,
+                });
+            }
+            if (outcome.rowStrategy === 'delete' &&
+                entry.policy.rowLevel === 'delete-row' &&
+                rowsAfter.length > 0) {
+                verificationResidual.push({
+                    entityName: entry.policy.entityName,
+                    count: rowsAfter.length,
+                });
+            }
+            entities.push({
+                entityName: entry.policy.entityName,
+                affected,
+                strategy: outcome.summaryStrategy,
+            });
+        }
+        if (verificationResidual.length > 0) {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.VerificationFailed, `residual rows: ${verificationResidual
+                .map((entry) => `${entry.entityName}(${entry.count})`)
+                .join(', ')}`);
+        }
+        return { stats: { entities, retained, verificationResidual } };
+    }
+}
+exports.EraseRunner = EraseRunner;
+function classify(policy) {
+    const updateMap = {};
+    const deleteFields = [];
+    const retained = [];
+    const strategies = new Set();
+    for (const [field, entry] of Object.entries(policy.fields)) {
+        const normalized = normalize(entry);
+        strategies.add(normalized.strategy);
+        if (normalized.strategy === 'anonymize') {
+            updateMap[field] = normalized.replacement;
+        }
+        if (normalized.strategy === 'delete') {
+            deleteFields.push(field);
+            updateMap[field] = null;
+        }
+        if (normalized.strategy === 'retain') {
+            retained.push({
+                field,
+                legalBasis: normalized.legalBasis,
+            });
+        }
+    }
+    const rowStrategy = chooseRowStrategy(strategies);
+    const summaryStrategy = strategies.size > 1 ? 'mixed' : rowStrategy;
+    return { rowStrategy, summaryStrategy, deleteFields, updateMap, retained };
+}
+function chooseRowStrategy(strategies) {
+    if (strategies.size === 1 && strategies.has('delete')) {
+        return 'delete';
+    }
+    if (strategies.size === 1 && strategies.has('retain')) {
+        return 'retain';
+    }
+    return 'anonymize';
+}
+function normalize(entry) {
+    if (entry === 'delete') {
+        return { strategy: 'delete' };
+    }
+    if (entry.strategy === 'anonymize') {
+        return {
+            strategy: 'anonymize',
+            replacement: entry.replacement,
+        };
+    }
+    if (entry.strategy === 'retain') {
+        return {
+            strategy: 'retain',
+            legalBasis: entry.legalBasis,
+        };
+    }
+    return { strategy: 'delete' };
+}

package/dist/errors.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export declare const DataSubjectErrorCode: {
+    readonly SubjectNotFound: "dsr_subject_not_found";
+    readonly UnregisteredEntity: "dsr_unregistered_entity";
+    readonly InvalidPolicy: "dsr_invalid_policy";
+    readonly VerificationFailed: "dsr_verification_failed";
+    readonly AnonymizeDynamicReplacement: "dsr_anonymize_dynamic_replacement";
+    readonly EntityAlreadyRegistered: "dsr_entity_already_registered";
+    readonly RequestConflict: "dsr_request_conflict";
+    readonly RequestNotFound: "dsr_request_not_found";
+};
+export type DataSubjectErrorCode = (typeof DataSubjectErrorCode)[keyof typeof DataSubjectErrorCode];
+export declare class DataSubjectError extends Error {
+    readonly code: DataSubjectErrorCode;
+    readonly httpStatus: number;
+    constructor(code: DataSubjectErrorCode, reason?: string);
+}

package/dist/errors.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataSubjectError = exports.DataSubjectErrorCode = void 0;
+exports.DataSubjectErrorCode = {
+    SubjectNotFound: 'dsr_subject_not_found',
+    UnregisteredEntity: 'dsr_unregistered_entity',
+    InvalidPolicy: 'dsr_invalid_policy',
+    VerificationFailed: 'dsr_verification_failed',
+    AnonymizeDynamicReplacement: 'dsr_anonymize_dynamic_replacement',
+    EntityAlreadyRegistered: 'dsr_entity_already_registered',
+    RequestConflict: 'dsr_request_conflict',
+    RequestNotFound: 'dsr_request_not_found',
+};
+const HTTP_STATUS = {
+    dsr_subject_not_found: 404,
+    dsr_unregistered_entity: 500,
+    dsr_invalid_policy: 500,
+    dsr_verification_failed: 500,
+    dsr_anonymize_dynamic_replacement: 500,
+    dsr_entity_already_registered: 500,
+    dsr_request_conflict: 409,
+    dsr_request_not_found: 404,
+};
+class DataSubjectError extends Error {
+    code;
+    httpStatus;
+    constructor(code, reason) {
+        super(reason ? `${code}: ${reason}` : code);
+        this.name = 'DataSubjectError';
+        this.code = code;
+        this.httpStatus = HTTP_STATUS[code];
+    }
+}
+exports.DataSubjectError = DataSubjectError;

package/dist/export-runner.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { Registry } from './registry';
+import type { ArtifactStorage } from './storage/artifact-storage.interface';
+import type { RequestStats } from './types';
+export interface ExportResult {
+    artifactHash: string;
+    artifactUrl: string;
+    stats: RequestStats;
+}
+export declare class ExportRunner {
+    private readonly registry;
+    private readonly artifacts;
+    constructor(registry: Registry, artifacts: ArtifactStorage);
+    run(requestId: string, subjectId: string, tenantId: string): Promise<ExportResult>;
+}

package/dist/export-runner.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExportRunner = void 0;
+const node_crypto_1 = require("node:crypto");
+const jszip_1 = __importDefault(require("jszip"));
+class ExportRunner {
+    registry;
+    artifacts;
+    constructor(registry, artifacts) {
+        this.registry = registry;
+        this.artifacts = artifacts;
+    }
+    async run(requestId, subjectId, tenantId) {
+        const zip = new jszip_1.default();
+        const entities = [];
+        for (const entry of this.registry.list()) {
+            const rows = await entry.executor.select(subjectId, tenantId);
+            zip.file(`${entry.policy.entityName}.json`, JSON.stringify(rows, null, 2));
+            entities.push({
+                entityName: entry.policy.entityName,
+                affected: rows.length,
+                strategy: 'export',
+            });
+        }
+        const body = await zip.generateAsync({ type: 'nodebuffer' });
+        const artifactHash = (0, node_crypto_1.createHash)('sha256').update(body).digest('hex');
+        const artifactUrl = await this.artifacts.put(`${requestId}.zip`, body, 'application/zip');
+        return { artifactHash, artifactUrl, stats: { entities } };
+    }
+}
+exports.ExportRunner = ExportRunner;

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+export * from './types';
+export * from './errors';
+export { validateLegalBasis } from './legal-basis';
+export type { LegalBasisOptions } from './legal-basis';
+export { compilePolicy } from './policy-compiler';
+export type { CompileOptions, PolicySpec } from './policy-compiler';
+export { Registry } from './registry';
+export type { RegisterInput } from './registry';
+export { DataSubjectService } from './data-subject.service';
+export type { DataSubjectServiceDeps } from './data-subject.service';
+export { DATA_SUBJECT_REGISTRY, DataSubjectModule, } from './data-subject.module';
+export type { DataSubjectModuleOptions } from './data-subject.module';
+export type { RequestStorage } from './storage/request-storage.interface';
+export { InMemoryRequestStorage } from './storage/in-memory-request-storage';
+export type { ArtifactStorage } from './storage/artifact-storage.interface';
+export { InMemoryArtifactStorage } from './storage/in-memory-artifact-storage';
+export { fromPrisma } from './prisma/from-prisma';
+export type { FromPrismaOptions, PrismaDelegate } from './prisma/from-prisma';

package/dist/index.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromPrisma = exports.InMemoryArtifactStorage = exports.InMemoryRequestStorage = exports.DataSubjectModule = exports.DATA_SUBJECT_REGISTRY = exports.DataSubjectService = exports.Registry = exports.compilePolicy = exports.validateLegalBasis = void 0;
+__exportStar(require("./types"), exports);
+__exportStar(require("./errors"), exports);
+var legal_basis_1 = require("./legal-basis");
+Object.defineProperty(exports, "validateLegalBasis", { enumerable: true, get: function () { return legal_basis_1.validateLegalBasis; } });
+var policy_compiler_1 = require("./policy-compiler");
+Object.defineProperty(exports, "compilePolicy", { enumerable: true, get: function () { return policy_compiler_1.compilePolicy; } });
+var registry_1 = require("./registry");
+Object.defineProperty(exports, "Registry", { enumerable: true, get: function () { return registry_1.Registry; } });
+var data_subject_service_1 = require("./data-subject.service");
+Object.defineProperty(exports, "DataSubjectService", { enumerable: true, get: function () { return data_subject_service_1.DataSubjectService; } });
+var data_subject_module_1 = require("./data-subject.module");
+Object.defineProperty(exports, "DATA_SUBJECT_REGISTRY", { enumerable: true, get: function () { return data_subject_module_1.DATA_SUBJECT_REGISTRY; } });
+Object.defineProperty(exports, "DataSubjectModule", { enumerable: true, get: function () { return data_subject_module_1.DataSubjectModule; } });
+var in_memory_request_storage_1 = require("./storage/in-memory-request-storage");
+Object.defineProperty(exports, "InMemoryRequestStorage", { enumerable: true, get: function () { return in_memory_request_storage_1.InMemoryRequestStorage; } });
+var in_memory_artifact_storage_1 = require("./storage/in-memory-artifact-storage");
+Object.defineProperty(exports, "InMemoryArtifactStorage", { enumerable: true, get: function () { return in_memory_artifact_storage_1.InMemoryArtifactStorage; } });
+var from_prisma_1 = require("./prisma/from-prisma");
+Object.defineProperty(exports, "fromPrisma", { enumerable: true, get: function () { return from_prisma_1.fromPrisma; } });

package/dist/legal-basis.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export interface LegalBasisOptions {
+    strict?: boolean;
+}
+export declare function validateLegalBasis(value: string, opts?: LegalBasisOptions): string | null;

package/dist/legal-basis.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateLegalBasis = validateLegalBasis;
+const STRICT_FORMAT = /^[a-z][a-z0-9-]*:[^\s].*$/i;
+function validateLegalBasis(value, opts = {}) {
+    if (!value || value.trim().length === 0) {
+        return 'legalBasis is empty';
+    }
+    if (opts.strict) {
+        if (!value.includes(':')) {
+            return 'legalBasis missing scheme (expected "scheme:reference")';
+        }
+        const [, ref] = value.split(':', 2);
+        if (!ref || ref.trim().length === 0) {
+            return 'legalBasis missing reference after scheme';
+        }
+        if (!STRICT_FORMAT.test(value)) {
+            return 'legalBasis does not match "scheme:reference" format';
+        }
+    }
+    return null;
+}

package/dist/policy-compiler.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { EntityPolicy, PolicyEntry } from './types';
+export interface CompileOptions {
+    strictLegalBasis?: boolean;
+}
+export interface PolicySpec {
+    entityName: string;
+    subjectField: string;
+    rowLevel?: 'delete-row' | 'delete-fields';
+    fields: Record<string, PolicyEntry>;
+}
+export declare function compilePolicy(spec: PolicySpec, opts?: CompileOptions): EntityPolicy;

package/dist/policy-compiler.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.compilePolicy = compilePolicy;
+const errors_1 = require("./errors");
+const legal_basis_1 = require("./legal-basis");
+function compilePolicy(spec, opts = {}) {
+    const fields = {};
+    for (const [name, raw] of Object.entries(spec.fields)) {
+        fields[name] = normalizeEntry(spec.entityName, name, raw, opts);
+    }
+    return {
+        entityName: spec.entityName,
+        subjectField: spec.subjectField,
+        rowLevel: spec.rowLevel ?? 'delete-fields',
+        fields,
+    };
+}
+function normalizeEntry(entityName, fieldName, entry, opts) {
+    if (entry === 'delete') {
+        return { strategy: 'delete' };
+    }
+    if (entry.strategy === 'delete') {
+        return { strategy: 'delete' };
+    }
+    if (entry.strategy === 'anonymize') {
+        if (typeof entry.replacement === 'function') {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.AnonymizeDynamicReplacement, `${entityName}.${fieldName}: replacement must be static`);
+        }
+        return { strategy: 'anonymize', replacement: entry.replacement };
+    }
+    if (entry.strategy === 'retain') {
+        const basis = entry.legalBasis;
+        if (!basis) {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.InvalidPolicy, `${entityName}.${fieldName}: retain requires legalBasis`);
+        }
+        const validationError = (0, legal_basis_1.validateLegalBasis)(basis, {
+            strict: opts.strictLegalBasis,
+        });
+        if (validationError) {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.InvalidPolicy, `${entityName}.${fieldName}: ${validationError}`);
+        }
+        return {
+            strategy: 'retain',
+            legalBasis: basis,
+            until: entry.until,
+            pseudonymize: entry.pseudonymize ?? 'none',
+        };
+    }
+    throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.InvalidPolicy, `${entityName}.${fieldName}: unknown strategy`);
+}

package/dist/prisma/from-prisma.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { EntityExecutor } from '../types';
+export interface PrismaDelegate {
+    findMany(args: {
+        where: Record<string, unknown>;
+    }): Promise<Record<string, unknown>[]>;
+    deleteMany(args: {
+        where: Record<string, unknown>;
+    }): Promise<{
+        count: number;
+    }>;
+    updateMany(args: {
+        where: Record<string, unknown>;
+        data: Record<string, unknown>;
+    }): Promise<{
+        count: number;
+    }>;
+}
+export interface FromPrismaOptions {
+    delegate: PrismaDelegate;
+    subjectField: string;
+    tenantField?: string;
+}
+export declare function fromPrisma(opts: FromPrismaOptions): EntityExecutor;

package/dist/prisma/from-prisma.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromPrisma = fromPrisma;
+function fromPrisma(opts) {
+    const { delegate, subjectField, tenantField } = opts;
+    const whereFor = (subjectId, tenantId) => {
+        const where = { [subjectField]: subjectId };
+        if (tenantField) {
+            where[tenantField] = tenantId;
+        }
+        return where;
+    };
+    return {
+        async select(subjectId, tenantId) {
+            return delegate.findMany({ where: whereFor(subjectId, tenantId) });
+        },
+        async erase(subjectId, tenantId, plan) {
+            if (plan.rowLevel === 'delete-row') {
+                const result = await delegate.deleteMany({
+                    where: whereFor(subjectId, tenantId),
+                });
+                return result.count;
+            }
+            const data = Object.fromEntries(plan.deleteFields.map((field) => [field, null]));
+            if (Object.keys(data).length === 0) {
+                return 0;
+            }
+            const result = await delegate.updateMany({
+                where: whereFor(subjectId, tenantId),
+                data,
+            });
+            return result.count;
+        },
+        async anonymize(subjectId, tenantId, replacements) {
+            const result = await delegate.updateMany({
+                where: whereFor(subjectId, tenantId),
+                data: replacements,
+            });
+            return result.count;
+        },
+    };
+}

package/dist/registry.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { type CompileOptions, type PolicySpec } from './policy-compiler';
+import type { EntityExecutor, RegisteredEntity } from './types';
+export interface RegisterInput {
+    policy: PolicySpec;
+    executor: EntityExecutor;
+}
+export declare class Registry {
+    private readonly opts;
+    private readonly entries;
+    constructor(opts?: CompileOptions);
+    register(input: RegisterInput): void;
+    get(name: string): RegisteredEntity | undefined;
+    list(): RegisteredEntity[];
+}

package/dist/registry.js ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Registry = void 0;
+const errors_1 = require("./errors");
+const policy_compiler_1 = require("./policy-compiler");
+class Registry {
+    opts;
+    entries = new Map();
+    constructor(opts = {}) {
+        this.opts = opts;
+    }
+    register(input) {
+        const name = input.policy.entityName;
+        if (this.entries.has(name)) {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.EntityAlreadyRegistered, `entity ${name} already registered`);
+        }
+        const compiled = (0, policy_compiler_1.compilePolicy)(input.policy, this.opts);
+        this.entries.set(name, { policy: compiled, executor: input.executor });
+    }
+    get(name) {
+        return this.entries.get(name);
+    }
+    list() {
+        return [...this.entries.values()];
+    }
+}
+exports.Registry = Registry;

package/dist/storage/artifact-storage.interface.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export interface ArtifactStorage {
+    put(key: string, body: Buffer, contentType: string): Promise<string>;
+    get(key: string): Promise<{
+        body: Buffer;
+        contentType: string;
+    } | null>;
+}

package/dist/storage/artifact-storage.interface.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/storage/in-memory-artifact-storage.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { ArtifactStorage } from './artifact-storage.interface';
+export declare class InMemoryArtifactStorage implements ArtifactStorage {
+    private readonly store;
+    put(key: string, body: Buffer, contentType: string): Promise<string>;
+    get(key: string): Promise<{
+        body: Buffer;
+        contentType: string;
+    } | null>;
+}

package/dist/storage/in-memory-artifact-storage.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryArtifactStorage = void 0;
+class InMemoryArtifactStorage {
+    store = new Map();
+    async put(key, body, contentType) {
+        this.store.set(key, { body, contentType });
+        return `memory://${key}`;
+    }
+    async get(key) {
+        return this.store.get(key) ?? null;
+    }
+}
+exports.InMemoryArtifactStorage = InMemoryArtifactStorage;

package/dist/storage/in-memory-request-storage.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { DataSubjectRequest, RequestState } from '../types';
+import type { RequestStorage } from './request-storage.interface';
+export declare class InMemoryRequestStorage implements RequestStorage {
+    private readonly store;
+    insert(req: DataSubjectRequest): Promise<void>;
+    update(id: string, patch: Partial<DataSubjectRequest>): Promise<void>;
+    findById(id: string): Promise<DataSubjectRequest | null>;
+    listByTenant(tenantId: string, opts?: {
+        state?: RequestState;
+    }): Promise<DataSubjectRequest[]>;
+    listOverdue(now: Date): Promise<DataSubjectRequest[]>;
+}

package/dist/storage/in-memory-request-storage.js ADDED Viewed

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryRequestStorage = void 0;
+const errors_1 = require("../errors");
+const PENDING = ['created', 'validating', 'processing'];
+class InMemoryRequestStorage {
+    store = new Map();
+    async insert(req) {
+        if (this.store.has(req.id)) {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.RequestConflict, `duplicate id: ${req.id}`);
+        }
+        this.store.set(req.id, { ...req });
+    }
+    async update(id, patch) {
+        const request = this.store.get(id);
+        if (!request) {
+            throw new errors_1.DataSubjectError(errors_1.DataSubjectErrorCode.RequestNotFound, `request ${id} not found`);
+        }
+        Object.assign(request, patch);
+    }
+    async findById(id) {
+        const request = this.store.get(id);
+        return request ? { ...request } : null;
+    }
+    async listByTenant(tenantId, opts = {}) {
+        return [...this.store.values()]
+            .filter((request) => request.tenantId === tenantId)
+            .filter((request) => (opts.state ? request.state === opts.state : true))
+            .map((request) => ({ ...request }));
+    }
+    async listOverdue(now) {
+        return [...this.store.values()]
+            .filter((request) => PENDING.includes(request.state) &&
+            request.dueAt.getTime() < now.getTime())
+            .map((request) => ({ ...request }));
+    }
+}
+exports.InMemoryRequestStorage = InMemoryRequestStorage;

package/dist/storage/request-storage.interface.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { DataSubjectRequest, RequestState } from '../types';
+export interface RequestStorage {
+    insert(req: DataSubjectRequest): Promise<void>;
+    update(id: string, patch: Partial<DataSubjectRequest>): Promise<void>;
+    findById(id: string): Promise<DataSubjectRequest | null>;
+    listByTenant(tenantId: string, opts?: {
+        state?: RequestState;
+    }): Promise<DataSubjectRequest[]>;
+    listOverdue(now: Date): Promise<DataSubjectRequest[]>;
+}

package/dist/storage/request-storage.interface.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+export type Strategy = 'delete' | 'anonymize' | 'retain';
+export type RequestEntityStrategy = Strategy | 'mixed' | 'export';
+export type RowLevel = 'delete-row' | 'delete-fields';
+export type PolicyEntry = 'delete' | {
+    strategy: 'delete';
+} | {
+    strategy: 'anonymize';
+    replacement: string | number | null;
+} | {
+    strategy: 'retain';
+    legalBasis: string;
+    until?: string;
+    pseudonymize?: 'hmac' | 'none';
+};
+export interface EntityPolicy {
+    entityName: string;
+    subjectField: string;
+    rowLevel: RowLevel;
+    fields: Record<string, PolicyEntry>;
+}
+export interface ErasePlan {
+    rowLevel: RowLevel;
+    deleteFields: string[];
+}
+export interface EntityExecutor {
+    select(subjectId: string, tenantId: string): Promise<Record<string, unknown>[]>;
+    erase(subjectId: string, tenantId: string, plan: ErasePlan): Promise<number>;
+    anonymize(subjectId: string, tenantId: string, replacements: Record<string, unknown>): Promise<number>;
+}
+export interface RegisteredEntity {
+    policy: EntityPolicy;
+    executor: EntityExecutor;
+}
+export type RequestType = 'export' | 'erase';
+export type RequestState = 'created' | 'validating' | 'processing' | 'completed' | 'failed';
+export interface DataSubjectRequest {
+    id: string;
+    tenantId: string;
+    subjectId: string;
+    type: RequestType;
+    state: RequestState;
+    createdAt: Date;
+    dueAt: Date;
+    completedAt: Date | null;
+    failedAt: Date | null;
+    failureReason: string | null;
+    artifactHash: string | null;
+    artifactUrl: string | null;
+    stats: RequestStats | null;
+    requestedBy: string | null;
+}
+export interface RequestStats {
+    entities: Array<{
+        entityName: string;
+        affected: number;
+        strategy: RequestEntityStrategy;
+    }>;
+    retained?: Array<{
+        entityName: string;
+        field: string;
+        legalBasis: string;
+        count: number;
+    }>;
+    verificationResidual?: Array<{
+        entityName: string;
+        count: number;
+    }>;
+}

package/dist/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });