@openpolicy/sdk 0.0.16 → 0.0.18

package/dist/auto-collected.d.ts

@@ -0,0 +1,26 @@
+//#region src/auto-collected.d.ts
+/**
+ * Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite
+ * build. The plugin intercepts this module's resolution and replaces it with
+ * the scanned categories, so the literal default below is only used as a
+ * fallback when no auto-collect plugin is active — in which case spreading
+ * it into `dataCollected` is a no-op.
+ *
+ * @example
+ * ```ts
+ * import { dataCollected, defineConfig } from "@openpolicy/sdk";
+ *
+ * export default defineConfig({
+ *   privacy: {
+ *     dataCollected: {
+ *       ...dataCollected,
+ *       "Manually-tracked Category": ["Field A"],
+ *     },
+ *   },
+ * });
+ * ```
+ */
+declare const dataCollected: Record<string, string[]>;
+//#endregion
+export { dataCollected };
+//# sourceMappingURL=auto-collected.d.ts.map

package/dist/auto-collected.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-collected.d.ts","names":[],"sources":["../src/auto-collected.ts"],"mappings":";;AAqBA;;;;;;;;;;;;;;;;;;;;cAAa,aAAA,EAAe,MAAA"}

package/dist/auto-collected.js

@@ -0,0 +1,27 @@
+//#region src/auto-collected.ts
+/**
+* Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite
+* build. The plugin intercepts this module's resolution and replaces it with
+* the scanned categories, so the literal default below is only used as a
+* fallback when no auto-collect plugin is active — in which case spreading
+* it into `dataCollected` is a no-op.
+*
+* @example
+* ```ts
+* import { dataCollected, defineConfig } from "@openpolicy/sdk";
+*
+* export default defineConfig({
+*   privacy: {
+*     dataCollected: {
+*       ...dataCollected,
+*       "Manually-tracked Category": ["Field A"],
+*     },
+*   },
+* });
+* ```
+*/
+const dataCollected = {};
+//#endregion
+export { dataCollected };
+
+//# sourceMappingURL=auto-collected.js.map

package/dist/auto-collected.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-collected.js","names":[],"sources":["../src/auto-collected.ts"],"sourcesContent":["/**\n * Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite\n * build. The plugin intercepts this module's resolution and replaces it with\n * the scanned categories, so the literal default below is only used as a\n * fallback when no auto-collect plugin is active — in which case spreading\n * it into `dataCollected` is a no-op.\n *\n * @example\n * ```ts\n * import { dataCollected, defineConfig } from \"@openpolicy/sdk\";\n *\n * export default defineConfig({\n *   privacy: {\n *     dataCollected: {\n *       ...dataCollected,\n *       \"Manually-tracked Category\": [\"Field A\"],\n *     },\n *   },\n * });\n * ```\n */\nexport const dataCollected: Record<string, string[]> = {};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,gBAA0C,EAAE"}

package/dist/index.d.ts

@@ -1,5 +1,9 @@
+import { dataCollected } from "./auto-collected.js";
+
 //#region ../core/dist/index.d.ts
 type Jurisdiction = "us" | "eu" | "ca" | "au" | "nz" | "other";
+type UserRight = "access" | "rectification" | "erasure" | "portability" | "restriction" | "objection" | "opt_out_sale" | "non_discrimination";
+type LegalBasis = "consent" | "contract" | "legal_obligation" | "vital_interests" | "public_task" | "legitimate_interests";
 type CompanyConfig = {
   name: string;
   legalName: string;
@@ -10,7 +14,7 @@ type PrivacyPolicyConfig = {
   effectiveDate: string;
   company: CompanyConfig;
   dataCollected: Record<string, string[]>;
-  legalBasis: string;
+  legalBasis: LegalBasis | LegalBasis[];
   retention: Record<string, string>;
   cookies: {
     essential: boolean;
@@ -20,8 +24,9 @@ type PrivacyPolicyConfig = {
   thirdParties: {
     name: string;
     purpose: string;
+    policyUrl?: string;
   }[];
-  userRights: string[];
+  userRights: UserRight[];
   jurisdictions: Jurisdiction[];
   children?: {
     underAge: number;
@@ -99,15 +104,14 @@ type TermsOfServiceConfig = {
   };
   privacyPolicyUrl?: string;
 };
+type CookiePolicyCookies = {
+  essential: boolean;
+  [key: string]: boolean;
+};
 type CookiePolicyConfig = {
   effectiveDate: string;
   company: CompanyConfig;
-  cookies: {
-    essential: boolean;
-    analytics: boolean;
-    functional: boolean;
-    marketing: boolean;
-  };
+  cookies: CookiePolicyCookies;
   thirdParties?: {
     name: string;
     purpose: string;
@@ -128,8 +132,209 @@ type OpenPolicyConfig = {
   cookie?: Omit<CookiePolicyConfig, "company">;
 };
 //#endregion
+//#region src/collecting.d.ts
+/**
+ * Declares data collected at the point of storage. Returns `value` unchanged
+ * at runtime — the Vite plugin / CLI static analyser (OP-152) will scan calls
+ * to `collecting()` at build time and merge the declarations into the
+ * compiled privacy policy.
+ *
+ * The third argument is a plain object literal whose **keys** are field names
+ * matching your stored value (for convenient access without a typed callback)
+ * and whose **values** are the human-readable labels used in the compiled
+ * policy. Only the string values are used by the analyser; the object is
+ * never evaluated at runtime. This shape lets you:
+ *   - keep `value` matching your ORM/table schema exactly,
+ *   - describe fields with friendly labels for the policy,
+ *   - omit fields from the policy by leaving them out of the label record
+ *     (e.g. `hashedPassword`).
+ *
+ * The category argument and the string values of the label record must be
+ * string literals — dynamic values are silently skipped by the analyser.
+ *
+ * @example
+ * ```ts
+ * import { collecting } from "@openpolicy/sdk";
+ *
+ * export async function createUser(name: string, email: string) {
+ *   return db.insert(users).values(
+ *     collecting(
+ *       "Account Information",
+ *       { name, email }, // real ORM columns — returned unchanged
+ *       { name: "Name", email: "Email address" },
+ *     ),
+ *   );
+ * }
+ * ```
+ */
+declare function collecting<T>(_category: string, value: T, _label: Partial<Record<keyof T, string>>): T;
+//#endregion
+//#region src/compliance.d.ts
+declare const Compliance: {
+  readonly GDPR: {
+    readonly jurisdictions: Jurisdiction[];
+    readonly legalBasis: LegalBasis[];
+    readonly userRights: UserRight[];
+  };
+  readonly CCPA: {
+    readonly jurisdictions: Jurisdiction[];
+    readonly userRights: UserRight[];
+  };
+};
+//#endregion
+//#region src/data.d.ts
+declare const DataCategories: {
+  readonly AccountInfo: {
+    readonly "Account Information": readonly ["Name", "Email address"];
+  };
+  readonly SessionData: {
+    readonly "Session Data": readonly ["IP address", "User agent", "Browser type"];
+  };
+  readonly PaymentInfo: {
+    readonly "Payment Information": readonly ["Card last 4 digits", "Billing name", "Billing address"];
+  };
+  readonly UsageData: {
+    readonly "Usage Data": readonly ["Pages visited", "Features used", "Time spent"];
+  };
+  readonly DeviceInfo: {
+    readonly "Device Information": readonly ["Device type", "Operating system", "Browser version"];
+  };
+  readonly LocationData: {
+    readonly "Location Data": readonly ["Country", "City", "Timezone"];
+  };
+  readonly Communications: {
+    readonly Communications: readonly ["Email content", "Support tickets"];
+  };
+};
+declare const Retention: {
+  readonly UntilAccountDeletion: "Until account deletion";
+  readonly UntilSessionExpiry: "Until session expiry";
+  readonly ThirtyDays: "30 days";
+  readonly NinetyDays: "90 days";
+  readonly OneYear: "1 year";
+  readonly ThreeYears: "3 years";
+  readonly AsRequiredByLaw: "As required by applicable law";
+};
+declare const Rights: {
+  readonly Access: "access";
+  readonly Rectification: "rectification";
+  readonly Erasure: "erasure";
+  readonly Portability: "portability";
+  readonly Restriction: "restriction";
+  readonly Objection: "objection";
+  readonly OptOutSale: "opt_out_sale";
+  readonly NonDiscrimination: "non_discrimination";
+};
+declare const LegalBases: {
+  readonly Consent: "consent";
+  readonly Contract: "contract";
+  readonly LegalObligation: "legal_obligation";
+  readonly VitalInterests: "vital_interests";
+  readonly PublicTask: "public_task";
+  readonly LegitimateInterests: "legitimate_interests";
+};
+//#endregion
+//#region src/providers.d.ts
+declare const Providers: {
+  Stripe: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Paddle: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  LemonSqueezy: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  PayPal: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  GoogleAnalytics: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  PostHog: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Plausible: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Mixpanel: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Vercel: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Cloudflare: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  AWS: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Auth0: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Clerk: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Resend: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Postmark: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  SendGrid: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Loops: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Sentry: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+  Datadog: {
+    name: string;
+    purpose: string;
+    policyUrl: string;
+  };
+};
+//#endregion
 //#region src/index.d.ts
 declare function defineConfig(config: OpenPolicyConfig): OpenPolicyConfig;
 //#endregion
-export { type CookiePolicyConfig, type OpenPolicyConfig, type PrivacyPolicyConfig, type TermsOfServiceConfig, defineConfig };
+export { Compliance, type CookiePolicyConfig, DataCategories, LegalBases, type LegalBasis, type OpenPolicyConfig, type PrivacyPolicyConfig, Providers, Retention, Rights, type TermsOfServiceConfig, type UserRight, collecting, dataCollected, defineConfig };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":["OutputFormat","CompileOptions","formats","Jurisdiction","CompanyConfig","name","legalName","address","contact","PrivacyPolicyConfig","Record","effectiveDate","company","dataCollected","legalBasis","retention","cookies","essential","analytics","marketing","thirdParties","purpose","userRights","jurisdictions","children","underAge","noticeUrl","DisputeResolutionMethod","TermsOfServiceConfig","acceptance","methods","eligibility","minimumAge","jurisdictionRestrictions","accounts","registrationRequired","userResponsibleForCredentials","companyCanTerminate","prohibitedUses","userContent","usersOwnContent","licenseGrantedToCompany","licenseDescription","companyCanRemoveContent","intellectualProperty","companyOwnsService","usersMayNotCopy","payments","hasPaidFeatures","refundPolicy","priceChangesNotice","availability","noUptimeGuarantee","maintenanceWindows","termination","userCanTerminate","effectOfTermination","disclaimers","serviceProvidedAsIs","noWarranties","limitationOfLiability","excludesIndirectDamages","liabilityCap","indemnification","userIndemnifiesCompany","scope","thirdPartyServices","disputeResolution","method","venue","classActionWaiver","governingLaw","jurisdiction","changesPolicy","noticeMethod","noticePeriodDays","privacyPolicyUrl","CookiePolicyConfig","functional","policyUrl","trackingTechnologies","consentMechanism","hasBanner","hasPreferencePanel","canWithdraw","PolicyInput","type","OpenPolicyConfig","Omit","privacy","terms","cookie","isOpenPolicyConfig","value","ValidationIssue","level","message","NodeContext","reason","TextNode","context","BoldNode","ItalicNode","LinkNode","href","InlineNode","HeadingNode","ParagraphNode","ListItemNode","ListNode","ordered","items","ContentNode","DocumentSection","id","content","PolicyType","Document","policyType","sections","Node","heading","levelOrContext","text","bold","italic","link","p","li","ul","ol","section","compile","input","validatePrivacyPolicy","config","validateCookiePolicy","validateTermsOfService","expandOpenPolicyConfig"],"sources":["../../core/dist/index.d.ts","../src/index.ts"],"mappings":";KAKKG,YAAAA;AAAAA,KACAC,aAAAA;EACHC,IAAAA;EACAC,SAAAA;EACAC,OAAAA;EACAC,OAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACHE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTS,aAAAA,EAAeH,MAAAA;EACfI,UAAAA;EACAC,SAAAA,EAAWL,MAAAA;EACXM,OAAAA;IACEC,SAAAA;IACAC,SAAAA;IACAC,SAAAA;EAAAA;EAEFC,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;EAAAA;EAEFC,UAAAA;EACAC,aAAAA,EAAepB,YAAAA;EACfqB,QAAAA;IACEC,QAAAA;IACAC,SAAAA;EAAAA;AAAAA;AAAAA,KAGCC,uBAAAA;AAAAA,KACAC,oBAAAA;EACHjB,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTyB,UAAAA;IACEC,OAAAA;EAAAA;EAEFC,WAAAA;IACEC,UAAAA;IACAC,wBAAAA;EAAAA;EAEFC,QAAAA;IACEC,oBAAAA;IACAC,6BAAAA;IACAC,mBAAAA;EAAAA;EAEFC,cAAAA;EACAC,WAAAA;IACEC,eAAAA;IACAC,uBAAAA;IACAC,kBAAAA;IACAC,uBAAAA;EAAAA;EAEFC,oBAAAA;IACEC,kBAAAA;IACAC,eAAAA;EAAAA;EAEFC,QAAAA;IACEC,eAAAA;IACAC,YAAAA;IACAC,kBAAAA;EAAAA;EAEFC,YAAAA;IACEC,iBAAAA;IACAC,kBAAAA;EAAAA;EAEFC,WAAAA;IACEjB,mBAAAA;IACAkB,gBAAAA;IACAC,mBAAAA;EAAAA;EAEFC,WAAAA;IACEC,mBAAAA;IACAC,YAAAA;EAAAA;EAEFC,qBAAAA;IACEC,uBAAAA;IACAC,YAAAA;EAAAA;EAEFC,eAAAA;IACEC,sBAAAA;IACAC,KAAAA;EAAAA;EAEFC,kBAAAA;IACE7D,IAAAA;IACAgB,OAAAA;EAAAA;EAEF8C,iBAAAA;IACEC,MAAAA,EAAQzC,uBAAAA;IACR0C,KAAAA;IACAC,iBAAAA;EAAAA;EAEFC,YAAAA;IACEC,YAAAA;EAAAA;EAEFC,aAAAA;IACEC,YAAAA;IACAC,gBAAAA;EAAAA;EAEFC,gBAAAA;AAAAA;AAAAA,KAEGC,kBAAAA;EACHlE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTY,OAAAA;IACEC,SAAAA;IACAC,SAAAA;IACA4D,UAAAA;IACA3D,SAAAA;EAAAA;EAEFC,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACA0D,SAAAA;EAAAA;EAEFC,oBAAAA;EACAC,gBAAAA;IACEC,SAAAA;IACAC,kBAAAA;IACAC,WAAAA;EAAAA;EAEF7D,aAAAA,EAAepB,YAAAA;AAAAA;AAAAA,KASZoF,gBAAAA;EACH3E,OAAAA,EAASR,aAAAA;EACTqF,OAAAA,GAAUD,IAAAA,CAAK/E,mBAAAA;EACfiF,KAAAA,GAAQF,IAAAA,CAAK5D,oBAAAA;EACb+D,MAAAA,GAASH,IAAAA,CAAKX,kBAAAA;AAAAA;;;iBCjIA,YAAA,CAAa,MAAA,EAAQ,gBAAA,GAAmB,gBAAA"}
+{"version":3,"file":"index.d.ts","names":["OutputFormat","CompileOptions","formats","Jurisdiction","UserRight","LegalBasis","CompanyConfig","name","legalName","address","contact","PrivacyPolicyConfig","Record","effectiveDate","company","dataCollected","legalBasis","retention","cookies","essential","analytics","marketing","thirdParties","purpose","policyUrl","userRights","jurisdictions","children","underAge","noticeUrl","DisputeResolutionMethod","TermsOfServiceConfig","acceptance","methods","eligibility","minimumAge","jurisdictionRestrictions","accounts","registrationRequired","userResponsibleForCredentials","companyCanTerminate","prohibitedUses","userContent","usersOwnContent","licenseGrantedToCompany","licenseDescription","companyCanRemoveContent","intellectualProperty","companyOwnsService","usersMayNotCopy","payments","hasPaidFeatures","refundPolicy","priceChangesNotice","availability","noUptimeGuarantee","maintenanceWindows","termination","userCanTerminate","effectOfTermination","disclaimers","serviceProvidedAsIs","noWarranties","limitationOfLiability","excludesIndirectDamages","liabilityCap","indemnification","userIndemnifiesCompany","scope","thirdPartyServices","disputeResolution","method","venue","classActionWaiver","governingLaw","jurisdiction","changesPolicy","noticeMethod","noticePeriodDays","privacyPolicyUrl","CookiePolicyCookies","key","CookiePolicyConfig","trackingTechnologies","consentMechanism","hasBanner","hasPreferencePanel","canWithdraw","PolicyInput","type","OpenPolicyConfig","Omit","privacy","terms","cookie","isOpenPolicyConfig","value","ValidationIssue","level","message","CookieConsent","CookieConsentStatus","acceptAll","config","rejectAll","NodeContext","reason","TextNode","context","BoldNode","ItalicNode","LinkNode","href","InlineNode","HeadingNode","ParagraphNode","ListItemNode","ListNode","ordered","items","ContentNode","DocumentSection","id","content","PolicyType","Document","policyType","sections","Node","heading","levelOrContext","text","bold","italic","link","p","li","ul","ol","section","compile","input","validatePrivacyPolicy","validateCookiePolicy","validateTermsOfService","expandOpenPolicyConfig"],"sources":["../../core/dist/index.d.ts","../src/collecting.ts","../src/compliance.ts","../src/data.ts","../src/providers.ts","../src/index.ts"],"mappings":";;;KAKKG,YAAAA;AAAAA,KACAC,SAAAA;AAAAA,KACAC,UAAAA;AAAAA,KACAC,aAAAA;EACHC,IAAAA;EACAC,SAAAA;EACAC,OAAAA;EACAC,OAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACHE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTS,aAAAA,EAAeH,MAAAA;EACfI,UAAAA,EAAYX,UAAAA,GAAaA,UAAAA;EACzBY,SAAAA,EAAWL,MAAAA;EACXM,OAAAA;IACEC,SAAAA;IACAC,SAAAA;IACAC,SAAAA;EAAAA;EAEFC,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACAC,SAAAA;EAAAA;EAEFC,UAAAA,EAAYrB,SAAAA;EACZsB,aAAAA,EAAevB,YAAAA;EACfwB,QAAAA;IACEC,QAAAA;IACAC,SAAAA;EAAAA;AAAAA;AAAAA,KAGCC,uBAAAA;AAAAA,KACAC,oBAAAA;EACHlB,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACT0B,UAAAA;IACEC,OAAAA;EAAAA;EAEFC,WAAAA;IACEC,UAAAA;IACAC,wBAAAA;EAAAA;EAEFC,QAAAA;IACEC,oBAAAA;IACAC,6BAAAA;IACAC,mBAAAA;EAAAA;EAEFC,cAAAA;EACAC,WAAAA;IACEC,eAAAA;IACAC,uBAAAA;IACAC,kBAAAA;IACAC,uBAAAA;EAAAA;EAEFC,oBAAAA;IACEC,kBAAAA;IACAC,eAAAA;EAAAA;EAEFC,QAAAA;IACEC,eAAAA;IACAC,YAAAA;IACAC,kBAAAA;EAAAA;EAEFC,YAAAA;IACEC,iBAAAA;IACAC,kBAAAA;EAAAA;EAEFC,WAAAA;IACEjB,mBAAAA;IACAkB,gBAAAA;IACAC,mBAAAA;EAAAA;EAEFC,WAAAA;IACEC,mBAAAA;IACAC,YAAAA;EAAAA;EAEFC,qBAAAA;IACEC,uBAAAA;IACAC,YAAAA;EAAAA;EAEFC,eAAAA;IACEC,sBAAAA;IACAC,KAAAA;EAAAA;EAEFC,kBAAAA;IACE9D,IAAAA;IACAgB,OAAAA;EAAAA;EAEF+C,iBAAAA;IACEC,MAAAA,EAAQzC,uBAAAA;IACR0C,KAAAA;IACAC,iBAAAA;EAAAA;EAEFC,YAAAA;IACEC,YAAAA;EAAAA;EAEFC,aAAAA;IACEC,YAAAA;IACAC,gBAAAA;EAAAA;EAEFC,gBAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACH7D,SAAAA;EAAAA,CACC8D,GAAAA;AAAAA;AAAAA,KAEEC,kBAAAA;EACHrE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTY,OAAAA,EAAS8D,mBAAAA;EACT1D,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACAC,SAAAA;EAAAA;EAEF2D,oBAAAA;EACAC,gBAAAA;IACEC,SAAAA;IACAC,kBAAAA;IACAC,WAAAA;EAAAA;EAEF7D,aAAAA,EAAevB,YAAAA;AAAAA;AAAAA,KASZuF,gBAAAA;EACH5E,OAAAA,EAASR,aAAAA;EACTsF,OAAAA,GAAUD,IAAAA,CAAKhF,mBAAAA;EACfkF,KAAAA,GAAQF,IAAAA,CAAK5D,oBAAAA;EACb+D,MAAAA,GAASH,IAAAA,CAAKT,kBAAAA;AAAAA;;;;;;AAzIO;;;;;AAEN;;;;;AACH;;;;;AACC;;;;;;;;;;AAKN;;;;;;iBCsBO,UAAA,GAAA,CACf,SAAA,UACA,KAAA,EAAO,CAAA,EACP,MAAA,EAAQ,OAAA,CAAQ,MAAA,OAAa,CAAA,aAC3B,CAAA;;;cCpCU,UAAA;EAAA;4BAEc,YAAA;IAAA,qBACe,UAAA;IAAA,qBAQnC,SAAA;EAAA;EAAA;4BAGoB,YAAA;IAAA,qBAMpB,SAAA;EAAA;AAAA;;;cCpBM,cAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;cA4BA,SAAA;EAAA;;;;;;;;cAUA,MAAA;EAAA;;;;;;;;;cAWA,UAAA;EAAA;;;;;;;;;cCjDA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBCeG,YAAA,CAAa,MAAA,EAAQ,gBAAA,GAAmB,gBAAA"}

package/dist/index.js

@@ -1,8 +1,230 @@
+import { dataCollected } from "./auto-collected.js";
+//#region src/collecting.ts
+/**
+* Declares data collected at the point of storage. Returns `value` unchanged
+* at runtime — the Vite plugin / CLI static analyser (OP-152) will scan calls
+* to `collecting()` at build time and merge the declarations into the
+* compiled privacy policy.
+*
+* The third argument is a plain object literal whose **keys** are field names
+* matching your stored value (for convenient access without a typed callback)
+* and whose **values** are the human-readable labels used in the compiled
+* policy. Only the string values are used by the analyser; the object is
+* never evaluated at runtime. This shape lets you:
+*   - keep `value` matching your ORM/table schema exactly,
+*   - describe fields with friendly labels for the policy,
+*   - omit fields from the policy by leaving them out of the label record
+*     (e.g. `hashedPassword`).
+*
+* The category argument and the string values of the label record must be
+* string literals — dynamic values are silently skipped by the analyser.
+*
+* @example
+* ```ts
+* import { collecting } from "@openpolicy/sdk";
+*
+* export async function createUser(name: string, email: string) {
+*   return db.insert(users).values(
+*     collecting(
+*       "Account Information",
+*       { name, email }, // real ORM columns — returned unchanged
+*       { name: "Name", email: "Email address" },
+*     ),
+*   );
+* }
+* ```
+*/
+function collecting(_category, value, _label) {
+	return value;
+}
+//#endregion
+//#region src/compliance.ts
+const Compliance = {
+	GDPR: {
+		jurisdictions: ["eu"],
+		legalBasis: ["legitimate_interests"],
+		userRights: [
+			"access",
+			"rectification",
+			"erasure",
+			"portability",
+			"restriction",
+			"objection"
+		]
+	},
+	CCPA: {
+		jurisdictions: ["ca"],
+		userRights: [
+			"access",
+			"erasure",
+			"opt_out_sale",
+			"non_discrimination"
+		]
+	}
+};
+//#endregion
+//#region src/data.ts
+const DataCategories = {
+	AccountInfo: { "Account Information": ["Name", "Email address"] },
+	SessionData: { "Session Data": [
+		"IP address",
+		"User agent",
+		"Browser type"
+	] },
+	PaymentInfo: { "Payment Information": [
+		"Card last 4 digits",
+		"Billing name",
+		"Billing address"
+	] },
+	UsageData: { "Usage Data": [
+		"Pages visited",
+		"Features used",
+		"Time spent"
+	] },
+	DeviceInfo: { "Device Information": [
+		"Device type",
+		"Operating system",
+		"Browser version"
+	] },
+	LocationData: { "Location Data": [
+		"Country",
+		"City",
+		"Timezone"
+	] },
+	Communications: { Communications: ["Email content", "Support tickets"] }
+};
+const Retention = {
+	UntilAccountDeletion: "Until account deletion",
+	UntilSessionExpiry: "Until session expiry",
+	ThirtyDays: "30 days",
+	NinetyDays: "90 days",
+	OneYear: "1 year",
+	ThreeYears: "3 years",
+	AsRequiredByLaw: "As required by applicable law"
+};
+const Rights = {
+	Access: "access",
+	Rectification: "rectification",
+	Erasure: "erasure",
+	Portability: "portability",
+	Restriction: "restriction",
+	Objection: "objection",
+	OptOutSale: "opt_out_sale",
+	NonDiscrimination: "non_discrimination"
+};
+const LegalBases = {
+	Consent: "consent",
+	Contract: "contract",
+	LegalObligation: "legal_obligation",
+	VitalInterests: "vital_interests",
+	PublicTask: "public_task",
+	LegitimateInterests: "legitimate_interests"
+};
+//#endregion
+//#region src/providers.ts
+const Providers = {
+	Stripe: {
+		name: "Stripe",
+		purpose: "Payment processing",
+		policyUrl: "https://stripe.com/privacy"
+	},
+	Paddle: {
+		name: "Paddle",
+		purpose: "Payment processing and subscription management",
+		policyUrl: "https://www.paddle.com/legal/privacy"
+	},
+	LemonSqueezy: {
+		name: "Lemon Squeezy",
+		purpose: "Payment processing and subscription management",
+		policyUrl: "https://www.lemonsqueezy.com/privacy"
+	},
+	PayPal: {
+		name: "PayPal",
+		purpose: "Payment processing",
+		policyUrl: "https://www.paypal.com/webapps/mpp/ua/privacy-full"
+	},
+	GoogleAnalytics: {
+		name: "Google Analytics",
+		purpose: "Usage analytics",
+		policyUrl: "https://policies.google.com/privacy"
+	},
+	PostHog: {
+		name: "PostHog",
+		purpose: "Product analytics and session recording",
+		policyUrl: "https://posthog.com/privacy"
+	},
+	Plausible: {
+		name: "Plausible Analytics",
+		purpose: "Privacy-friendly usage analytics",
+		policyUrl: "https://plausible.io/privacy"
+	},
+	Mixpanel: {
+		name: "Mixpanel",
+		purpose: "Product analytics and event tracking",
+		policyUrl: "https://mixpanel.com/legal/privacy-policy"
+	},
+	Vercel: {
+		name: "Vercel",
+		purpose: "Hosting and deployment infrastructure",
+		policyUrl: "https://vercel.com/legal/privacy-policy"
+	},
+	Cloudflare: {
+		name: "Cloudflare",
+		purpose: "CDN, DNS, and security services",
+		policyUrl: "https://www.cloudflare.com/privacypolicy/"
+	},
+	AWS: {
+		name: "Amazon Web Services",
+		purpose: "Cloud infrastructure and hosting",
+		policyUrl: "https://aws.amazon.com/privacy/"
+	},
+	Auth0: {
+		name: "Auth0",
+		purpose: "Authentication and identity management",
+		policyUrl: "https://auth0.com/privacy"
+	},
+	Clerk: {
+		name: "Clerk",
+		purpose: "Authentication and user management",
+		policyUrl: "https://clerk.com/privacy"
+	},
+	Resend: {
+		name: "Resend",
+		purpose: "Transactional email delivery",
+		policyUrl: "https://resend.com/legal/privacy-policy"
+	},
+	Postmark: {
+		name: "Postmark",
+		purpose: "Transactional email delivery",
+		policyUrl: "https://wildbit.com/privacy-policy"
+	},
+	SendGrid: {
+		name: "SendGrid",
+		purpose: "Transactional email delivery",
+		policyUrl: "https://www.twilio.com/en-us/legal/privacy"
+	},
+	Loops: {
+		name: "Loops",
+		purpose: "Email marketing and automation",
+		policyUrl: "https://loops.so/privacy"
+	},
+	Sentry: {
+		name: "Sentry",
+		purpose: "Error monitoring and performance tracking",
+		policyUrl: "https://sentry.io/privacy/"
+	},
+	Datadog: {
+		name: "Datadog",
+		purpose: "Infrastructure monitoring and observability",
+		policyUrl: "https://www.datadoghq.com/legal/privacy/"
+	}
+};
+//#endregion
 //#region src/index.ts
 function defineConfig(config) {
 	return config;
 }
 //#endregion
-export { defineConfig };
+export { Compliance, DataCategories, LegalBases, Providers, Retention, Rights, collecting, dataCollected, defineConfig };
 
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../src/index.ts"],"sourcesContent":["import type { OpenPolicyConfig } from \"@openpolicy/core\";\n\nexport type {\n\tCookiePolicyConfig,\n\tOpenPolicyConfig,\n\tPrivacyPolicyConfig,\n\tTermsOfServiceConfig,\n} from \"@openpolicy/core\";\n\nexport function defineConfig(config: OpenPolicyConfig): OpenPolicyConfig {\n\treturn config;\n}\n"],"mappings":";AASA,SAAgB,aAAa,QAA4C;AACxE,QAAO"}
+{"version":3,"file":"index.js","names":[],"sources":["../src/collecting.ts","../src/compliance.ts","../src/data.ts","../src/providers.ts","../src/index.ts"],"sourcesContent":["/**\n * Declares data collected at the point of storage. Returns `value` unchanged\n * at runtime — the Vite plugin / CLI static analyser (OP-152) will scan calls\n * to `collecting()` at build time and merge the declarations into the\n * compiled privacy policy.\n *\n * The third argument is a plain object literal whose **keys** are field names\n * matching your stored value (for convenient access without a typed callback)\n * and whose **values** are the human-readable labels used in the compiled\n * policy. Only the string values are used by the analyser; the object is\n * never evaluated at runtime. This shape lets you:\n *   - keep `value` matching your ORM/table schema exactly,\n *   - describe fields with friendly labels for the policy,\n *   - omit fields from the policy by leaving them out of the label record\n *     (e.g. `hashedPassword`).\n *\n * The category argument and the string values of the label record must be\n * string literals — dynamic values are silently skipped by the analyser.\n *\n * @example\n * ```ts\n * import { collecting } from \"@openpolicy/sdk\";\n *\n * export async function createUser(name: string, email: string) {\n *   return db.insert(users).values(\n *     collecting(\n *       \"Account Information\",\n *       { name, email }, // real ORM columns — returned unchanged\n *       { name: \"Name\", email: \"Email address\" },\n *     ),\n *   );\n * }\n * ```\n */\nexport function collecting<T>(\n\t_category: string,\n\tvalue: T,\n\t_label: Partial<Record<keyof T, string>>,\n): T {\n\treturn value;\n}\n","import type { Jurisdiction, LegalBasis, UserRight } from \"@openpolicy/core\";\n\nexport const Compliance = {\n\tGDPR: {\n\t\tjurisdictions: [\"eu\"] as Jurisdiction[],\n\t\tlegalBasis: [\"legitimate_interests\"] as LegalBasis[],\n\t\tuserRights: [\n\t\t\t\"access\",\n\t\t\t\"rectification\",\n\t\t\t\"erasure\",\n\t\t\t\"portability\",\n\t\t\t\"restriction\",\n\t\t\t\"objection\",\n\t\t] as UserRight[],\n\t},\n\tCCPA: {\n\t\tjurisdictions: [\"ca\"] as Jurisdiction[],\n\t\tuserRights: [\n\t\t\t\"access\",\n\t\t\t\"erasure\",\n\t\t\t\"opt_out_sale\",\n\t\t\t\"non_discrimination\",\n\t\t] as UserRight[],\n\t},\n} as const;\n","import type { LegalBasis, UserRight } from \"@openpolicy/core\";\n\nexport const DataCategories = {\n\tAccountInfo: { \"Account Information\": [\"Name\", \"Email address\"] },\n\tSessionData: {\n\t\t\"Session Data\": [\"IP address\", \"User agent\", \"Browser type\"],\n\t},\n\tPaymentInfo: {\n\t\t\"Payment Information\": [\n\t\t\t\"Card last 4 digits\",\n\t\t\t\"Billing name\",\n\t\t\t\"Billing address\",\n\t\t],\n\t},\n\tUsageData: {\n\t\t\"Usage Data\": [\"Pages visited\", \"Features used\", \"Time spent\"],\n\t},\n\tDeviceInfo: {\n\t\t\"Device Information\": [\n\t\t\t\"Device type\",\n\t\t\t\"Operating system\",\n\t\t\t\"Browser version\",\n\t\t],\n\t},\n\tLocationData: { \"Location Data\": [\"Country\", \"City\", \"Timezone\"] },\n\tCommunications: {\n\t\tCommunications: [\"Email content\", \"Support tickets\"],\n\t},\n} as const;\n\nexport const Retention = {\n\tUntilAccountDeletion: \"Until account deletion\",\n\tUntilSessionExpiry: \"Until session expiry\",\n\tThirtyDays: \"30 days\",\n\tNinetyDays: \"90 days\",\n\tOneYear: \"1 year\",\n\tThreeYears: \"3 years\",\n\tAsRequiredByLaw: \"As required by applicable law\",\n} as const;\n\nexport const Rights = {\n\tAccess: \"access\",\n\tRectification: \"rectification\",\n\tErasure: \"erasure\",\n\tPortability: \"portability\",\n\tRestriction: \"restriction\",\n\tObjection: \"objection\",\n\tOptOutSale: \"opt_out_sale\",\n\tNonDiscrimination: \"non_discrimination\",\n} as const satisfies Record<string, UserRight>;\n\nexport const LegalBases = {\n\tConsent: \"consent\",\n\tContract: \"contract\",\n\tLegalObligation: \"legal_obligation\",\n\tVitalInterests: \"vital_interests\",\n\tPublicTask: \"public_task\",\n\tLegitimateInterests: \"legitimate_interests\",\n} as const satisfies Record<string, LegalBasis>;\n","type Provider = { name: string; purpose: string; policyUrl?: string };\n\nexport const Providers = {\n\t// Payments\n\tStripe: {\n\t\tname: \"Stripe\",\n\t\tpurpose: \"Payment processing\",\n\t\tpolicyUrl: \"https://stripe.com/privacy\",\n\t},\n\tPaddle: {\n\t\tname: \"Paddle\",\n\t\tpurpose: \"Payment processing and subscription management\",\n\t\tpolicyUrl: \"https://www.paddle.com/legal/privacy\",\n\t},\n\tLemonSqueezy: {\n\t\tname: \"Lemon Squeezy\",\n\t\tpurpose: \"Payment processing and subscription management\",\n\t\tpolicyUrl: \"https://www.lemonsqueezy.com/privacy\",\n\t},\n\tPayPal: {\n\t\tname: \"PayPal\",\n\t\tpurpose: \"Payment processing\",\n\t\tpolicyUrl: \"https://www.paypal.com/webapps/mpp/ua/privacy-full\",\n\t},\n\n\t// Analytics\n\tGoogleAnalytics: {\n\t\tname: \"Google Analytics\",\n\t\tpurpose: \"Usage analytics\",\n\t\tpolicyUrl: \"https://policies.google.com/privacy\",\n\t},\n\tPostHog: {\n\t\tname: \"PostHog\",\n\t\tpurpose: \"Product analytics and session recording\",\n\t\tpolicyUrl: \"https://posthog.com/privacy\",\n\t},\n\tPlausible: {\n\t\tname: \"Plausible Analytics\",\n\t\tpurpose: \"Privacy-friendly usage analytics\",\n\t\tpolicyUrl: \"https://plausible.io/privacy\",\n\t},\n\tMixpanel: {\n\t\tname: \"Mixpanel\",\n\t\tpurpose: \"Product analytics and event tracking\",\n\t\tpolicyUrl: \"https://mixpanel.com/legal/privacy-policy\",\n\t},\n\n\t// Infrastructure\n\tVercel: {\n\t\tname: \"Vercel\",\n\t\tpurpose: \"Hosting and deployment infrastructure\",\n\t\tpolicyUrl: \"https://vercel.com/legal/privacy-policy\",\n\t},\n\tCloudflare: {\n\t\tname: \"Cloudflare\",\n\t\tpurpose: \"CDN, DNS, and security services\",\n\t\tpolicyUrl: \"https://www.cloudflare.com/privacypolicy/\",\n\t},\n\tAWS: {\n\t\tname: \"Amazon Web Services\",\n\t\tpurpose: \"Cloud infrastructure and hosting\",\n\t\tpolicyUrl: \"https://aws.amazon.com/privacy/\",\n\t},\n\n\t// Auth\n\tAuth0: {\n\t\tname: \"Auth0\",\n\t\tpurpose: \"Authentication and identity management\",\n\t\tpolicyUrl: \"https://auth0.com/privacy\",\n\t},\n\tClerk: {\n\t\tname: \"Clerk\",\n\t\tpurpose: \"Authentication and user management\",\n\t\tpolicyUrl: \"https://clerk.com/privacy\",\n\t},\n\n\t// Email\n\tResend: {\n\t\tname: \"Resend\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://resend.com/legal/privacy-policy\",\n\t},\n\tPostmark: {\n\t\tname: \"Postmark\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://wildbit.com/privacy-policy\",\n\t},\n\tSendGrid: {\n\t\tname: \"SendGrid\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://www.twilio.com/en-us/legal/privacy\",\n\t},\n\tLoops: {\n\t\tname: \"Loops\",\n\t\tpurpose: \"Email marketing and automation\",\n\t\tpolicyUrl: \"https://loops.so/privacy\",\n\t},\n\n\t// Monitoring\n\tSentry: {\n\t\tname: \"Sentry\",\n\t\tpurpose: \"Error monitoring and performance tracking\",\n\t\tpolicyUrl: \"https://sentry.io/privacy/\",\n\t},\n\tDatadog: {\n\t\tname: \"Datadog\",\n\t\tpurpose: \"Infrastructure monitoring and observability\",\n\t\tpolicyUrl: \"https://www.datadoghq.com/legal/privacy/\",\n\t},\n} satisfies Record<string, Provider>;\n","import type { OpenPolicyConfig } from \"@openpolicy/core\";\n\nexport type {\n\tCookiePolicyConfig,\n\tLegalBasis,\n\tOpenPolicyConfig,\n\tPrivacyPolicyConfig,\n\tTermsOfServiceConfig,\n\tUserRight,\n} from \"@openpolicy/core\";\n\nexport { dataCollected } from \"./auto-collected\";\nexport { collecting } from \"./collecting\";\nexport { Compliance } from \"./compliance\";\nexport { DataCategories, LegalBases, Retention, Rights } from \"./data\";\nexport { Providers } from \"./providers\";\n\nexport function defineConfig(config: OpenPolicyConfig): OpenPolicyConfig {\n\treturn config;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCA,SAAgB,WACf,WACA,OACA,QACI;AACJ,QAAO;;;;ACrCR,MAAa,aAAa;CACzB,MAAM;EACL,eAAe,CAAC,KAAK;EACrB,YAAY,CAAC,uBAAuB;EACpC,YAAY;GACX;GACA;GACA;GACA;GACA;GACA;GACA;EACD;CACD,MAAM;EACL,eAAe,CAAC,KAAK;EACrB,YAAY;GACX;GACA;GACA;GACA;GACA;EACD;CACD;;;ACtBD,MAAa,iBAAiB;CAC7B,aAAa,EAAE,uBAAuB,CAAC,QAAQ,gBAAgB,EAAE;CACjE,aAAa,EACZ,gBAAgB;EAAC;EAAc;EAAc;EAAe,EAC5D;CACD,aAAa,EACZ,uBAAuB;EACtB;EACA;EACA;EACA,EACD;CACD,WAAW,EACV,cAAc;EAAC;EAAiB;EAAiB;EAAa,EAC9D;CACD,YAAY,EACX,sBAAsB;EACrB;EACA;EACA;EACA,EACD;CACD,cAAc,EAAE,iBAAiB;EAAC;EAAW;EAAQ;EAAW,EAAE;CAClE,gBAAgB,EACf,gBAAgB,CAAC,iBAAiB,kBAAkB,EACpD;CACD;AAED,MAAa,YAAY;CACxB,sBAAsB;CACtB,oBAAoB;CACpB,YAAY;CACZ,YAAY;CACZ,SAAS;CACT,YAAY;CACZ,iBAAiB;CACjB;AAED,MAAa,SAAS;CACrB,QAAQ;CACR,eAAe;CACf,SAAS;CACT,aAAa;CACb,aAAa;CACb,WAAW;CACX,YAAY;CACZ,mBAAmB;CACnB;AAED,MAAa,aAAa;CACzB,SAAS;CACT,UAAU;CACV,iBAAiB;CACjB,gBAAgB;CAChB,YAAY;CACZ,qBAAqB;CACrB;;;ACxDD,MAAa,YAAY;CAExB,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,cAAc;EACb,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,iBAAiB;EAChB,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,SAAS;EACR,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,WAAW;EACV,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,YAAY;EACX,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,KAAK;EACJ,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,SAAS;EACR,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD;;;AC5FD,SAAgB,aAAa,QAA4C;AACxE,QAAO"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@openpolicy/sdk",
-	"version": "0.0.16",
+	"version": "0.0.18",
 	"type": "module",
 	"description": "Public API for defining privacy policies with OpenPolicy",
 	"license": "GPL-3.0-only",
@@ -20,7 +20,7 @@
 		}
 	},
 	"scripts": {
-		"dev": "rolldown -c --watch",
+		"dev": "rolldown --watch -c",
 		"build": "rolldown -c",
 		"check-types": "tsc --noEmit",
 		"test": "bun test"