@openpolicy/sdk 0.0.18 → 0.0.20

package/README.md

@@ -88,6 +88,16 @@ The SDK exports types and helper functions for _defining_ policies. To compile t
 
 Full field reference and guides: [openpolicy.sh/docs](https://openpolicy.sh/docs)
 
+## AI Agents
+
+If you use an AI coding agent (Claude Code, Cursor, Copilot, etc.), run:
+
+```sh
+npx @tanstack/intent@latest install
+```
+
+This installs skill files that give your agent accurate, up-to-date guidance for OpenPolicy APIs.
+
 ## Links
 
 - [GitHub](https://github.com/jamiedavenport/openpolicy)

package/dist/auto-collected.d.ts

@@ -21,6 +21,32 @@
  * ```
  */
 declare const dataCollected: Record<string, string[]>;
+/**
+ * Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite
+ * build. The plugin intercepts this module's resolution and replaces it with
+ * the third-party services discovered via `thirdParty()` calls, so the literal
+ * default below is only used as a fallback when no auto-collect plugin is
+ * active — in which case spreading it into `thirdParties` is a no-op.
+ *
+ * @example
+ * ```ts
+ * import { thirdParties, defineConfig } from "@openpolicy/sdk";
+ *
+ * export default defineConfig({
+ *   privacy: {
+ *     thirdParties: [
+ *       ...thirdParties,
+ *       { name: "Manually-added Service", purpose: "Analytics", policyUrl: "https://example.com/privacy" },
+ *     ],
+ *   },
+ * });
+ * ```
+ */
+declare const thirdParties: {
+  name: string;
+  purpose: string;
+  policyUrl: string;
+}[];
 //#endregion
-export { dataCollected };
+export { dataCollected, thirdParties };
 //# sourceMappingURL=auto-collected.d.ts.map

package/dist/auto-collected.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auto-collected.d.ts","names":[],"sources":["../src/auto-collected.ts"],"mappings":";;AAqBA;;;;;;;;;;;;;;;;;;;;cAAa,aAAA,EAAe,MAAA"}
+{"version":3,"file":"auto-collected.d.ts","names":[],"sources":["../src/auto-collected.ts"],"mappings":";;AAqBA;;;;;AAuBA;;;;;;;;;;;;;;;cAvBa,aAAA,EAAe,MAAA;;;;;;;;;;;;;;;;;;;;;;cAuBf,YAAA;EACZ,IAAA;EACA,OAAA;EACA,SAAA;AAAA"}

package/dist/auto-collected.js

@@ -21,7 +21,29 @@
 * ```
 */
 const dataCollected = {};
+/**
+* Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite
+* build. The plugin intercepts this module's resolution and replaces it with
+* the third-party services discovered via `thirdParty()` calls, so the literal
+* default below is only used as a fallback when no auto-collect plugin is
+* active — in which case spreading it into `thirdParties` is a no-op.
+*
+* @example
+* ```ts
+* import { thirdParties, defineConfig } from "@openpolicy/sdk";
+*
+* export default defineConfig({
+*   privacy: {
+*     thirdParties: [
+*       ...thirdParties,
+*       { name: "Manually-added Service", purpose: "Analytics", policyUrl: "https://example.com/privacy" },
+*     ],
+*   },
+* });
+* ```
+*/
+const thirdParties = [];
 //#endregion
-export { dataCollected };
+export { dataCollected, thirdParties };
 
 //# sourceMappingURL=auto-collected.js.map

package/dist/auto-collected.js.map

@@ -1 +1 @@
-{"version":3,"file":"auto-collected.js","names":[],"sources":["../src/auto-collected.ts"],"sourcesContent":["/**\n * Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite\n * build. The plugin intercepts this module's resolution and replaces it with\n * the scanned categories, so the literal default below is only used as a\n * fallback when no auto-collect plugin is active — in which case spreading\n * it into `dataCollected` is a no-op.\n *\n * @example\n * ```ts\n * import { dataCollected, defineConfig } from \"@openpolicy/sdk\";\n *\n * export default defineConfig({\n *   privacy: {\n *     dataCollected: {\n *       ...dataCollected,\n *       \"Manually-tracked Category\": [\"Field A\"],\n *     },\n *   },\n * });\n * ```\n */\nexport const dataCollected: Record<string, string[]> = {};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,gBAA0C,EAAE"}
+{"version":3,"file":"auto-collected.js","names":[],"sources":["../src/auto-collected.ts"],"sourcesContent":["/**\n * Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite\n * build. The plugin intercepts this module's resolution and replaces it with\n * the scanned categories, so the literal default below is only used as a\n * fallback when no auto-collect plugin is active — in which case spreading\n * it into `dataCollected` is a no-op.\n *\n * @example\n * ```ts\n * import { dataCollected, defineConfig } from \"@openpolicy/sdk\";\n *\n * export default defineConfig({\n *   privacy: {\n *     dataCollected: {\n *       ...dataCollected,\n *       \"Manually-tracked Category\": [\"Field A\"],\n *     },\n *   },\n * });\n * ```\n */\nexport const dataCollected: Record<string, string[]> = {};\n\n/**\n * Placeholder populated by `@openpolicy/vite-auto-collect` during a Vite\n * build. The plugin intercepts this module's resolution and replaces it with\n * the third-party services discovered via `thirdParty()` calls, so the literal\n * default below is only used as a fallback when no auto-collect plugin is\n * active — in which case spreading it into `thirdParties` is a no-op.\n *\n * @example\n * ```ts\n * import { thirdParties, defineConfig } from \"@openpolicy/sdk\";\n *\n * export default defineConfig({\n *   privacy: {\n *     thirdParties: [\n *       ...thirdParties,\n *       { name: \"Manually-added Service\", purpose: \"Analytics\", policyUrl: \"https://example.com/privacy\" },\n *     ],\n *   },\n * });\n * ```\n */\nexport const thirdParties: {\n\tname: string;\n\tpurpose: string;\n\tpolicyUrl: string;\n}[] = [];\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,gBAA0C,EAAE;;;;;;;;;;;;;;;;;;;;;;AAuBzD,MAAa,eAIP,EAAE"}

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { dataCollected } from "./auto-collected.js";
+import { dataCollected, thirdParties } from "./auto-collected.js";
 
 //#region ../core/dist/index.d.ts
 type Jurisdiction = "us" | "eu" | "ca" | "au" | "nz" | "other";
@@ -333,8 +333,11 @@ declare const Providers: {
   };
 };
 //#endregion
+//#region src/third-parties.d.ts
+declare function thirdParty(_name: string, _purpose: string, _policyUrl: string): void;
+//#endregion
 //#region src/index.d.ts
 declare function defineConfig(config: OpenPolicyConfig): OpenPolicyConfig;
 //#endregion
-export { Compliance, type CookiePolicyConfig, DataCategories, LegalBases, type LegalBasis, type OpenPolicyConfig, type PrivacyPolicyConfig, Providers, Retention, Rights, type TermsOfServiceConfig, type UserRight, collecting, dataCollected, defineConfig };
+export { Compliance, type CookiePolicyConfig, DataCategories, LegalBases, type LegalBasis, type OpenPolicyConfig, type PrivacyPolicyConfig, Providers, Retention, Rights, type TermsOfServiceConfig, type UserRight, collecting, dataCollected, defineConfig, thirdParties, thirdParty };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":["OutputFormat","CompileOptions","formats","Jurisdiction","UserRight","LegalBasis","CompanyConfig","name","legalName","address","contact","PrivacyPolicyConfig","Record","effectiveDate","company","dataCollected","legalBasis","retention","cookies","essential","analytics","marketing","thirdParties","purpose","policyUrl","userRights","jurisdictions","children","underAge","noticeUrl","DisputeResolutionMethod","TermsOfServiceConfig","acceptance","methods","eligibility","minimumAge","jurisdictionRestrictions","accounts","registrationRequired","userResponsibleForCredentials","companyCanTerminate","prohibitedUses","userContent","usersOwnContent","licenseGrantedToCompany","licenseDescription","companyCanRemoveContent","intellectualProperty","companyOwnsService","usersMayNotCopy","payments","hasPaidFeatures","refundPolicy","priceChangesNotice","availability","noUptimeGuarantee","maintenanceWindows","termination","userCanTerminate","effectOfTermination","disclaimers","serviceProvidedAsIs","noWarranties","limitationOfLiability","excludesIndirectDamages","liabilityCap","indemnification","userIndemnifiesCompany","scope","thirdPartyServices","disputeResolution","method","venue","classActionWaiver","governingLaw","jurisdiction","changesPolicy","noticeMethod","noticePeriodDays","privacyPolicyUrl","CookiePolicyCookies","key","CookiePolicyConfig","trackingTechnologies","consentMechanism","hasBanner","hasPreferencePanel","canWithdraw","PolicyInput","type","OpenPolicyConfig","Omit","privacy","terms","cookie","isOpenPolicyConfig","value","ValidationIssue","level","message","CookieConsent","CookieConsentStatus","acceptAll","config","rejectAll","NodeContext","reason","TextNode","context","BoldNode","ItalicNode","LinkNode","href","InlineNode","HeadingNode","ParagraphNode","ListItemNode","ListNode","ordered","items","ContentNode","DocumentSection","id","content","PolicyType","Document","policyType","sections","Node","heading","levelOrContext","text","bold","italic","link","p","li","ul","ol","section","compile","input","validatePrivacyPolicy","validateCookiePolicy","validateTermsOfService","expandOpenPolicyConfig"],"sources":["../../core/dist/index.d.ts","../src/collecting.ts","../src/compliance.ts","../src/data.ts","../src/providers.ts","../src/index.ts"],"mappings":";;;KAKKG,YAAAA;AAAAA,KACAC,SAAAA;AAAAA,KACAC,UAAAA;AAAAA,KACAC,aAAAA;EACHC,IAAAA;EACAC,SAAAA;EACAC,OAAAA;EACAC,OAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACHE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTS,aAAAA,EAAeH,MAAAA;EACfI,UAAAA,EAAYX,UAAAA,GAAaA,UAAAA;EACzBY,SAAAA,EAAWL,MAAAA;EACXM,OAAAA;IACEC,SAAAA;IACAC,SAAAA;IACAC,SAAAA;EAAAA;EAEFC,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACAC,SAAAA;EAAAA;EAEFC,UAAAA,EAAYrB,SAAAA;EACZsB,aAAAA,EAAevB,YAAAA;EACfwB,QAAAA;IACEC,QAAAA;IACAC,SAAAA;EAAAA;AAAAA;AAAAA,KAGCC,uBAAAA;AAAAA,KACAC,oBAAAA;EACHlB,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACT0B,UAAAA;IACEC,OAAAA;EAAAA;EAEFC,WAAAA;IACEC,UAAAA;IACAC,wBAAAA;EAAAA;EAEFC,QAAAA;IACEC,oBAAAA;IACAC,6BAAAA;IACAC,mBAAAA;EAAAA;EAEFC,cAAAA;EACAC,WAAAA;IACEC,eAAAA;IACAC,uBAAAA;IACAC,kBAAAA;IACAC,uBAAAA;EAAAA;EAEFC,oBAAAA;IACEC,kBAAAA;IACAC,eAAAA;EAAAA;EAEFC,QAAAA;IACEC,eAAAA;IACAC,YAAAA;IACAC,kBAAAA;EAAAA;EAEFC,YAAAA;IACEC,iBAAAA;IACAC,kBAAAA;EAAAA;EAEFC,WAAAA;IACEjB,mBAAAA;IACAkB,gBAAAA;IACAC,mBAAAA;EAAAA;EAEFC,WAAAA;IACEC,mBAAAA;IACAC,YAAAA;EAAAA;EAEFC,qBAAAA;IACEC,uBAAAA;IACAC,YAAAA;EAAAA;EAEFC,eAAAA;IACEC,sBAAAA;IACAC,KAAAA;EAAAA;EAEFC,kBAAAA;IACE9D,IAAAA;IACAgB,OAAAA;EAAAA;EAEF+C,iBAAAA;IACEC,MAAAA,EAAQzC,uBAAAA;IACR0C,KAAAA;IACAC,iBAAAA;EAAAA;EAEFC,YAAAA;IACEC,YAAAA;EAAAA;EAEFC,aAAAA;IACEC,YAAAA;IACAC,gBAAAA;EAAAA;EAEFC,gBAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACH7D,SAAAA;EAAAA,CACC8D,GAAAA;AAAAA;AAAAA,KAEEC,kBAAAA;EACHrE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTY,OAAAA,EAAS8D,mBAAAA;EACT1D,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACAC,SAAAA;EAAAA;EAEF2D,oBAAAA;EACAC,gBAAAA;IACEC,SAAAA;IACAC,kBAAAA;IACAC,WAAAA;EAAAA;EAEF7D,aAAAA,EAAevB,YAAAA;AAAAA;AAAAA,KASZuF,gBAAAA;EACH5E,OAAAA,EAASR,aAAAA;EACTsF,OAAAA,GAAUD,IAAAA,CAAKhF,mBAAAA;EACfkF,KAAAA,GAAQF,IAAAA,CAAK5D,oBAAAA;EACb+D,MAAAA,GAASH,IAAAA,CAAKT,kBAAAA;AAAAA;;;;;;AAzIO;;;;;AAEN;;;;;AACH;;;;;AACC;;;;;;;;;;AAKN;;;;;;iBCsBO,UAAA,GAAA,CACf,SAAA,UACA,KAAA,EAAO,CAAA,EACP,MAAA,EAAQ,OAAA,CAAQ,MAAA,OAAa,CAAA,aAC3B,CAAA;;;cCpCU,UAAA;EAAA;4BAEc,YAAA;IAAA,qBACe,UAAA;IAAA,qBAQnC,SAAA;EAAA;EAAA;4BAGoB,YAAA;IAAA,qBAMpB,SAAA;EAAA;AAAA;;;cCpBM,cAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;cA4BA,SAAA;EAAA;;;;;;;;cAUA,MAAA;EAAA;;;;;;;;;cAWA,UAAA;EAAA;;;;;;;;;cCjDA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBCeG,YAAA,CAAa,MAAA,EAAQ,gBAAA,GAAmB,gBAAA"}
+{"version":3,"file":"index.d.ts","names":["OutputFormat","CompileOptions","formats","Jurisdiction","UserRight","LegalBasis","CompanyConfig","name","legalName","address","contact","PrivacyPolicyConfig","Record","effectiveDate","company","dataCollected","legalBasis","retention","cookies","essential","analytics","marketing","thirdParties","purpose","policyUrl","userRights","jurisdictions","children","underAge","noticeUrl","DisputeResolutionMethod","TermsOfServiceConfig","acceptance","methods","eligibility","minimumAge","jurisdictionRestrictions","accounts","registrationRequired","userResponsibleForCredentials","companyCanTerminate","prohibitedUses","userContent","usersOwnContent","licenseGrantedToCompany","licenseDescription","companyCanRemoveContent","intellectualProperty","companyOwnsService","usersMayNotCopy","payments","hasPaidFeatures","refundPolicy","priceChangesNotice","availability","noUptimeGuarantee","maintenanceWindows","termination","userCanTerminate","effectOfTermination","disclaimers","serviceProvidedAsIs","noWarranties","limitationOfLiability","excludesIndirectDamages","liabilityCap","indemnification","userIndemnifiesCompany","scope","thirdPartyServices","disputeResolution","method","venue","classActionWaiver","governingLaw","jurisdiction","changesPolicy","noticeMethod","noticePeriodDays","privacyPolicyUrl","CookiePolicyCookies","key","CookiePolicyConfig","trackingTechnologies","consentMechanism","hasBanner","hasPreferencePanel","canWithdraw","PolicyInput","type","OpenPolicyConfig","Omit","privacy","terms","cookie","isOpenPolicyConfig","value","ValidationIssue","level","message","CookieConsent","CookieConsentStatus","acceptAll","config","rejectAll","NodeContext","reason","TextNode","context","BoldNode","ItalicNode","LinkNode","href","InlineNode","HeadingNode","ParagraphNode","ListItemNode","ListNode","ordered","items","ContentNode","DocumentSection","id","content","PolicyType","Document","policyType","sections","Node","heading","levelOrContext","text","bold","italic","link","p","li","ul","ol","section","compile","input","validatePrivacyPolicy","validateCookiePolicy","validateTermsOfService","expandOpenPolicyConfig"],"sources":["../../core/dist/index.d.ts","../src/collecting.ts","../src/compliance.ts","../src/data.ts","../src/providers.ts","../src/third-parties.ts","../src/index.ts"],"mappings":";;;KAKKG,YAAAA;AAAAA,KACAC,SAAAA;AAAAA,KACAC,UAAAA;AAAAA,KACAC,aAAAA;EACHC,IAAAA;EACAC,SAAAA;EACAC,OAAAA;EACAC,OAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACHE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTS,aAAAA,EAAeH,MAAAA;EACfI,UAAAA,EAAYX,UAAAA,GAAaA,UAAAA;EACzBY,SAAAA,EAAWL,MAAAA;EACXM,OAAAA;IACEC,SAAAA;IACAC,SAAAA;IACAC,SAAAA;EAAAA;EAEFC,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACAC,SAAAA;EAAAA;EAEFC,UAAAA,EAAYrB,SAAAA;EACZsB,aAAAA,EAAevB,YAAAA;EACfwB,QAAAA;IACEC,QAAAA;IACAC,SAAAA;EAAAA;AAAAA;AAAAA,KAGCC,uBAAAA;AAAAA,KACAC,oBAAAA;EACHlB,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACT0B,UAAAA;IACEC,OAAAA;EAAAA;EAEFC,WAAAA;IACEC,UAAAA;IACAC,wBAAAA;EAAAA;EAEFC,QAAAA;IACEC,oBAAAA;IACAC,6BAAAA;IACAC,mBAAAA;EAAAA;EAEFC,cAAAA;EACAC,WAAAA;IACEC,eAAAA;IACAC,uBAAAA;IACAC,kBAAAA;IACAC,uBAAAA;EAAAA;EAEFC,oBAAAA;IACEC,kBAAAA;IACAC,eAAAA;EAAAA;EAEFC,QAAAA;IACEC,eAAAA;IACAC,YAAAA;IACAC,kBAAAA;EAAAA;EAEFC,YAAAA;IACEC,iBAAAA;IACAC,kBAAAA;EAAAA;EAEFC,WAAAA;IACEjB,mBAAAA;IACAkB,gBAAAA;IACAC,mBAAAA;EAAAA;EAEFC,WAAAA;IACEC,mBAAAA;IACAC,YAAAA;EAAAA;EAEFC,qBAAAA;IACEC,uBAAAA;IACAC,YAAAA;EAAAA;EAEFC,eAAAA;IACEC,sBAAAA;IACAC,KAAAA;EAAAA;EAEFC,kBAAAA;IACE9D,IAAAA;IACAgB,OAAAA;EAAAA;EAEF+C,iBAAAA;IACEC,MAAAA,EAAQzC,uBAAAA;IACR0C,KAAAA;IACAC,iBAAAA;EAAAA;EAEFC,YAAAA;IACEC,YAAAA;EAAAA;EAEFC,aAAAA;IACEC,YAAAA;IACAC,gBAAAA;EAAAA;EAEFC,gBAAAA;AAAAA;AAAAA,KAEGC,mBAAAA;EACH7D,SAAAA;EAAAA,CACC8D,GAAAA;AAAAA;AAAAA,KAEEC,kBAAAA;EACHrE,aAAAA;EACAC,OAAAA,EAASR,aAAAA;EACTY,OAAAA,EAAS8D,mBAAAA;EACT1D,YAAAA;IACEf,IAAAA;IACAgB,OAAAA;IACAC,SAAAA;EAAAA;EAEF2D,oBAAAA;EACAC,gBAAAA;IACEC,SAAAA;IACAC,kBAAAA;IACAC,WAAAA;EAAAA;EAEF7D,aAAAA,EAAevB,YAAAA;AAAAA;AAAAA,KASZuF,gBAAAA;EACH5E,OAAAA,EAASR,aAAAA;EACTsF,OAAAA,GAAUD,IAAAA,CAAKhF,mBAAAA;EACfkF,KAAAA,GAAQF,IAAAA,CAAK5D,oBAAAA;EACb+D,MAAAA,GAASH,IAAAA,CAAKT,kBAAAA;AAAAA;;;;;;AAzIO;;;;;AAEN;;;;;AACH;;;;;AACC;;;;;;;;;;AAKN;;;;;;iBCsBO,UAAA,GAAA,CACf,SAAA,UACA,KAAA,EAAO,CAAA,EACP,MAAA,EAAQ,OAAA,CAAQ,MAAA,OAAa,CAAA,aAC3B,CAAA;;;cCpCU,UAAA;EAAA;4BAEc,YAAA;IAAA,qBACe,UAAA;IAAA,qBAQnC,SAAA;EAAA;EAAA;4BAGoB,YAAA;IAAA,qBAMpB,SAAA;EAAA;AAAA;;;cCpBM,cAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;cA4BA,SAAA;EAAA;;;;;;;;cAUA,MAAA;EAAA;;;;;;;;;cAWA,UAAA;EAAA;;;;;;;;;cCjDA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBCFG,UAAA,CACf,KAAA,UACA,QAAA,UACA,UAAA;;;iBCee,YAAA,CAAa,MAAA,EAAQ,gBAAA,GAAmB,gBAAA"}

package/dist/index.js

@@ -1,4 +1,4 @@
-import { dataCollected } from "./auto-collected.js";
+import { dataCollected, thirdParties } from "./auto-collected.js";
 //#region src/collecting.ts
 /**
 * Declares data collected at the point of storage. Returns `value` unchanged
@@ -220,11 +220,14 @@ const Providers = {
 	}
 };
 //#endregion
+//#region src/third-parties.ts
+function thirdParty(_name, _purpose, _policyUrl) {}
+//#endregion
 //#region src/index.ts
 function defineConfig(config) {
 	return config;
 }
 //#endregion
-export { Compliance, DataCategories, LegalBases, Providers, Retention, Rights, collecting, dataCollected, defineConfig };
+export { Compliance, DataCategories, LegalBases, Providers, Retention, Rights, collecting, dataCollected, defineConfig, thirdParties, thirdParty };
 
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../src/collecting.ts","../src/compliance.ts","../src/data.ts","../src/providers.ts","../src/index.ts"],"sourcesContent":["/**\n * Declares data collected at the point of storage. Returns `value` unchanged\n * at runtime — the Vite plugin / CLI static analyser (OP-152) will scan calls\n * to `collecting()` at build time and merge the declarations into the\n * compiled privacy policy.\n *\n * The third argument is a plain object literal whose **keys** are field names\n * matching your stored value (for convenient access without a typed callback)\n * and whose **values** are the human-readable labels used in the compiled\n * policy. Only the string values are used by the analyser; the object is\n * never evaluated at runtime. This shape lets you:\n *   - keep `value` matching your ORM/table schema exactly,\n *   - describe fields with friendly labels for the policy,\n *   - omit fields from the policy by leaving them out of the label record\n *     (e.g. `hashedPassword`).\n *\n * The category argument and the string values of the label record must be\n * string literals — dynamic values are silently skipped by the analyser.\n *\n * @example\n * ```ts\n * import { collecting } from \"@openpolicy/sdk\";\n *\n * export async function createUser(name: string, email: string) {\n *   return db.insert(users).values(\n *     collecting(\n *       \"Account Information\",\n *       { name, email }, // real ORM columns — returned unchanged\n *       { name: \"Name\", email: \"Email address\" },\n *     ),\n *   );\n * }\n * ```\n */\nexport function collecting<T>(\n\t_category: string,\n\tvalue: T,\n\t_label: Partial<Record<keyof T, string>>,\n): T {\n\treturn value;\n}\n","import type { Jurisdiction, LegalBasis, UserRight } from \"@openpolicy/core\";\n\nexport const Compliance = {\n\tGDPR: {\n\t\tjurisdictions: [\"eu\"] as Jurisdiction[],\n\t\tlegalBasis: [\"legitimate_interests\"] as LegalBasis[],\n\t\tuserRights: [\n\t\t\t\"access\",\n\t\t\t\"rectification\",\n\t\t\t\"erasure\",\n\t\t\t\"portability\",\n\t\t\t\"restriction\",\n\t\t\t\"objection\",\n\t\t] as UserRight[],\n\t},\n\tCCPA: {\n\t\tjurisdictions: [\"ca\"] as Jurisdiction[],\n\t\tuserRights: [\n\t\t\t\"access\",\n\t\t\t\"erasure\",\n\t\t\t\"opt_out_sale\",\n\t\t\t\"non_discrimination\",\n\t\t] as UserRight[],\n\t},\n} as const;\n","import type { LegalBasis, UserRight } from \"@openpolicy/core\";\n\nexport const DataCategories = {\n\tAccountInfo: { \"Account Information\": [\"Name\", \"Email address\"] },\n\tSessionData: {\n\t\t\"Session Data\": [\"IP address\", \"User agent\", \"Browser type\"],\n\t},\n\tPaymentInfo: {\n\t\t\"Payment Information\": [\n\t\t\t\"Card last 4 digits\",\n\t\t\t\"Billing name\",\n\t\t\t\"Billing address\",\n\t\t],\n\t},\n\tUsageData: {\n\t\t\"Usage Data\": [\"Pages visited\", \"Features used\", \"Time spent\"],\n\t},\n\tDeviceInfo: {\n\t\t\"Device Information\": [\n\t\t\t\"Device type\",\n\t\t\t\"Operating system\",\n\t\t\t\"Browser version\",\n\t\t],\n\t},\n\tLocationData: { \"Location Data\": [\"Country\", \"City\", \"Timezone\"] },\n\tCommunications: {\n\t\tCommunications: [\"Email content\", \"Support tickets\"],\n\t},\n} as const;\n\nexport const Retention = {\n\tUntilAccountDeletion: \"Until account deletion\",\n\tUntilSessionExpiry: \"Until session expiry\",\n\tThirtyDays: \"30 days\",\n\tNinetyDays: \"90 days\",\n\tOneYear: \"1 year\",\n\tThreeYears: \"3 years\",\n\tAsRequiredByLaw: \"As required by applicable law\",\n} as const;\n\nexport const Rights = {\n\tAccess: \"access\",\n\tRectification: \"rectification\",\n\tErasure: \"erasure\",\n\tPortability: \"portability\",\n\tRestriction: \"restriction\",\n\tObjection: \"objection\",\n\tOptOutSale: \"opt_out_sale\",\n\tNonDiscrimination: \"non_discrimination\",\n} as const satisfies Record<string, UserRight>;\n\nexport const LegalBases = {\n\tConsent: \"consent\",\n\tContract: \"contract\",\n\tLegalObligation: \"legal_obligation\",\n\tVitalInterests: \"vital_interests\",\n\tPublicTask: \"public_task\",\n\tLegitimateInterests: \"legitimate_interests\",\n} as const satisfies Record<string, LegalBasis>;\n","type Provider = { name: string; purpose: string; policyUrl?: string };\n\nexport const Providers = {\n\t// Payments\n\tStripe: {\n\t\tname: \"Stripe\",\n\t\tpurpose: \"Payment processing\",\n\t\tpolicyUrl: \"https://stripe.com/privacy\",\n\t},\n\tPaddle: {\n\t\tname: \"Paddle\",\n\t\tpurpose: \"Payment processing and subscription management\",\n\t\tpolicyUrl: \"https://www.paddle.com/legal/privacy\",\n\t},\n\tLemonSqueezy: {\n\t\tname: \"Lemon Squeezy\",\n\t\tpurpose: \"Payment processing and subscription management\",\n\t\tpolicyUrl: \"https://www.lemonsqueezy.com/privacy\",\n\t},\n\tPayPal: {\n\t\tname: \"PayPal\",\n\t\tpurpose: \"Payment processing\",\n\t\tpolicyUrl: \"https://www.paypal.com/webapps/mpp/ua/privacy-full\",\n\t},\n\n\t// Analytics\n\tGoogleAnalytics: {\n\t\tname: \"Google Analytics\",\n\t\tpurpose: \"Usage analytics\",\n\t\tpolicyUrl: \"https://policies.google.com/privacy\",\n\t},\n\tPostHog: {\n\t\tname: \"PostHog\",\n\t\tpurpose: \"Product analytics and session recording\",\n\t\tpolicyUrl: \"https://posthog.com/privacy\",\n\t},\n\tPlausible: {\n\t\tname: \"Plausible Analytics\",\n\t\tpurpose: \"Privacy-friendly usage analytics\",\n\t\tpolicyUrl: \"https://plausible.io/privacy\",\n\t},\n\tMixpanel: {\n\t\tname: \"Mixpanel\",\n\t\tpurpose: \"Product analytics and event tracking\",\n\t\tpolicyUrl: \"https://mixpanel.com/legal/privacy-policy\",\n\t},\n\n\t// Infrastructure\n\tVercel: {\n\t\tname: \"Vercel\",\n\t\tpurpose: \"Hosting and deployment infrastructure\",\n\t\tpolicyUrl: \"https://vercel.com/legal/privacy-policy\",\n\t},\n\tCloudflare: {\n\t\tname: \"Cloudflare\",\n\t\tpurpose: \"CDN, DNS, and security services\",\n\t\tpolicyUrl: \"https://www.cloudflare.com/privacypolicy/\",\n\t},\n\tAWS: {\n\t\tname: \"Amazon Web Services\",\n\t\tpurpose: \"Cloud infrastructure and hosting\",\n\t\tpolicyUrl: \"https://aws.amazon.com/privacy/\",\n\t},\n\n\t// Auth\n\tAuth0: {\n\t\tname: \"Auth0\",\n\t\tpurpose: \"Authentication and identity management\",\n\t\tpolicyUrl: \"https://auth0.com/privacy\",\n\t},\n\tClerk: {\n\t\tname: \"Clerk\",\n\t\tpurpose: \"Authentication and user management\",\n\t\tpolicyUrl: \"https://clerk.com/privacy\",\n\t},\n\n\t// Email\n\tResend: {\n\t\tname: \"Resend\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://resend.com/legal/privacy-policy\",\n\t},\n\tPostmark: {\n\t\tname: \"Postmark\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://wildbit.com/privacy-policy\",\n\t},\n\tSendGrid: {\n\t\tname: \"SendGrid\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://www.twilio.com/en-us/legal/privacy\",\n\t},\n\tLoops: {\n\t\tname: \"Loops\",\n\t\tpurpose: \"Email marketing and automation\",\n\t\tpolicyUrl: \"https://loops.so/privacy\",\n\t},\n\n\t// Monitoring\n\tSentry: {\n\t\tname: \"Sentry\",\n\t\tpurpose: \"Error monitoring and performance tracking\",\n\t\tpolicyUrl: \"https://sentry.io/privacy/\",\n\t},\n\tDatadog: {\n\t\tname: \"Datadog\",\n\t\tpurpose: \"Infrastructure monitoring and observability\",\n\t\tpolicyUrl: \"https://www.datadoghq.com/legal/privacy/\",\n\t},\n} satisfies Record<string, Provider>;\n","import type { OpenPolicyConfig } from \"@openpolicy/core\";\n\nexport type {\n\tCookiePolicyConfig,\n\tLegalBasis,\n\tOpenPolicyConfig,\n\tPrivacyPolicyConfig,\n\tTermsOfServiceConfig,\n\tUserRight,\n} from \"@openpolicy/core\";\n\nexport { dataCollected } from \"./auto-collected\";\nexport { collecting } from \"./collecting\";\nexport { Compliance } from \"./compliance\";\nexport { DataCategories, LegalBases, Retention, Rights } from \"./data\";\nexport { Providers } from \"./providers\";\n\nexport function defineConfig(config: OpenPolicyConfig): OpenPolicyConfig {\n\treturn config;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCA,SAAgB,WACf,WACA,OACA,QACI;AACJ,QAAO;;;;ACrCR,MAAa,aAAa;CACzB,MAAM;EACL,eAAe,CAAC,KAAK;EACrB,YAAY,CAAC,uBAAuB;EACpC,YAAY;GACX;GACA;GACA;GACA;GACA;GACA;GACA;EACD;CACD,MAAM;EACL,eAAe,CAAC,KAAK;EACrB,YAAY;GACX;GACA;GACA;GACA;GACA;EACD;CACD;;;ACtBD,MAAa,iBAAiB;CAC7B,aAAa,EAAE,uBAAuB,CAAC,QAAQ,gBAAgB,EAAE;CACjE,aAAa,EACZ,gBAAgB;EAAC;EAAc;EAAc;EAAe,EAC5D;CACD,aAAa,EACZ,uBAAuB;EACtB;EACA;EACA;EACA,EACD;CACD,WAAW,EACV,cAAc;EAAC;EAAiB;EAAiB;EAAa,EAC9D;CACD,YAAY,EACX,sBAAsB;EACrB;EACA;EACA;EACA,EACD;CACD,cAAc,EAAE,iBAAiB;EAAC;EAAW;EAAQ;EAAW,EAAE;CAClE,gBAAgB,EACf,gBAAgB,CAAC,iBAAiB,kBAAkB,EACpD;CACD;AAED,MAAa,YAAY;CACxB,sBAAsB;CACtB,oBAAoB;CACpB,YAAY;CACZ,YAAY;CACZ,SAAS;CACT,YAAY;CACZ,iBAAiB;CACjB;AAED,MAAa,SAAS;CACrB,QAAQ;CACR,eAAe;CACf,SAAS;CACT,aAAa;CACb,aAAa;CACb,WAAW;CACX,YAAY;CACZ,mBAAmB;CACnB;AAED,MAAa,aAAa;CACzB,SAAS;CACT,UAAU;CACV,iBAAiB;CACjB,gBAAgB;CAChB,YAAY;CACZ,qBAAqB;CACrB;;;ACxDD,MAAa,YAAY;CAExB,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,cAAc;EACb,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,iBAAiB;EAChB,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,SAAS;EACR,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,WAAW;EACV,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,YAAY;EACX,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,KAAK;EACJ,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,SAAS;EACR,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD;;;AC5FD,SAAgB,aAAa,QAA4C;AACxE,QAAO"}
+{"version":3,"file":"index.js","names":[],"sources":["../src/collecting.ts","../src/compliance.ts","../src/data.ts","../src/providers.ts","../src/third-parties.ts","../src/index.ts"],"sourcesContent":["/**\n * Declares data collected at the point of storage. Returns `value` unchanged\n * at runtime — the Vite plugin / CLI static analyser (OP-152) will scan calls\n * to `collecting()` at build time and merge the declarations into the\n * compiled privacy policy.\n *\n * The third argument is a plain object literal whose **keys** are field names\n * matching your stored value (for convenient access without a typed callback)\n * and whose **values** are the human-readable labels used in the compiled\n * policy. Only the string values are used by the analyser; the object is\n * never evaluated at runtime. This shape lets you:\n *   - keep `value` matching your ORM/table schema exactly,\n *   - describe fields with friendly labels for the policy,\n *   - omit fields from the policy by leaving them out of the label record\n *     (e.g. `hashedPassword`).\n *\n * The category argument and the string values of the label record must be\n * string literals — dynamic values are silently skipped by the analyser.\n *\n * @example\n * ```ts\n * import { collecting } from \"@openpolicy/sdk\";\n *\n * export async function createUser(name: string, email: string) {\n *   return db.insert(users).values(\n *     collecting(\n *       \"Account Information\",\n *       { name, email }, // real ORM columns — returned unchanged\n *       { name: \"Name\", email: \"Email address\" },\n *     ),\n *   );\n * }\n * ```\n */\nexport function collecting<T>(\n\t_category: string,\n\tvalue: T,\n\t_label: Partial<Record<keyof T, string>>,\n): T {\n\treturn value;\n}\n","import type { Jurisdiction, LegalBasis, UserRight } from \"@openpolicy/core\";\n\nexport const Compliance = {\n\tGDPR: {\n\t\tjurisdictions: [\"eu\"] as Jurisdiction[],\n\t\tlegalBasis: [\"legitimate_interests\"] as LegalBasis[],\n\t\tuserRights: [\n\t\t\t\"access\",\n\t\t\t\"rectification\",\n\t\t\t\"erasure\",\n\t\t\t\"portability\",\n\t\t\t\"restriction\",\n\t\t\t\"objection\",\n\t\t] as UserRight[],\n\t},\n\tCCPA: {\n\t\tjurisdictions: [\"ca\"] as Jurisdiction[],\n\t\tuserRights: [\n\t\t\t\"access\",\n\t\t\t\"erasure\",\n\t\t\t\"opt_out_sale\",\n\t\t\t\"non_discrimination\",\n\t\t] as UserRight[],\n\t},\n} as const;\n","import type { LegalBasis, UserRight } from \"@openpolicy/core\";\n\nexport const DataCategories = {\n\tAccountInfo: { \"Account Information\": [\"Name\", \"Email address\"] },\n\tSessionData: {\n\t\t\"Session Data\": [\"IP address\", \"User agent\", \"Browser type\"],\n\t},\n\tPaymentInfo: {\n\t\t\"Payment Information\": [\n\t\t\t\"Card last 4 digits\",\n\t\t\t\"Billing name\",\n\t\t\t\"Billing address\",\n\t\t],\n\t},\n\tUsageData: {\n\t\t\"Usage Data\": [\"Pages visited\", \"Features used\", \"Time spent\"],\n\t},\n\tDeviceInfo: {\n\t\t\"Device Information\": [\n\t\t\t\"Device type\",\n\t\t\t\"Operating system\",\n\t\t\t\"Browser version\",\n\t\t],\n\t},\n\tLocationData: { \"Location Data\": [\"Country\", \"City\", \"Timezone\"] },\n\tCommunications: {\n\t\tCommunications: [\"Email content\", \"Support tickets\"],\n\t},\n} as const;\n\nexport const Retention = {\n\tUntilAccountDeletion: \"Until account deletion\",\n\tUntilSessionExpiry: \"Until session expiry\",\n\tThirtyDays: \"30 days\",\n\tNinetyDays: \"90 days\",\n\tOneYear: \"1 year\",\n\tThreeYears: \"3 years\",\n\tAsRequiredByLaw: \"As required by applicable law\",\n} as const;\n\nexport const Rights = {\n\tAccess: \"access\",\n\tRectification: \"rectification\",\n\tErasure: \"erasure\",\n\tPortability: \"portability\",\n\tRestriction: \"restriction\",\n\tObjection: \"objection\",\n\tOptOutSale: \"opt_out_sale\",\n\tNonDiscrimination: \"non_discrimination\",\n} as const satisfies Record<string, UserRight>;\n\nexport const LegalBases = {\n\tConsent: \"consent\",\n\tContract: \"contract\",\n\tLegalObligation: \"legal_obligation\",\n\tVitalInterests: \"vital_interests\",\n\tPublicTask: \"public_task\",\n\tLegitimateInterests: \"legitimate_interests\",\n} as const satisfies Record<string, LegalBasis>;\n","type Provider = { name: string; purpose: string; policyUrl?: string };\n\nexport const Providers = {\n\t// Payments\n\tStripe: {\n\t\tname: \"Stripe\",\n\t\tpurpose: \"Payment processing\",\n\t\tpolicyUrl: \"https://stripe.com/privacy\",\n\t},\n\tPaddle: {\n\t\tname: \"Paddle\",\n\t\tpurpose: \"Payment processing and subscription management\",\n\t\tpolicyUrl: \"https://www.paddle.com/legal/privacy\",\n\t},\n\tLemonSqueezy: {\n\t\tname: \"Lemon Squeezy\",\n\t\tpurpose: \"Payment processing and subscription management\",\n\t\tpolicyUrl: \"https://www.lemonsqueezy.com/privacy\",\n\t},\n\tPayPal: {\n\t\tname: \"PayPal\",\n\t\tpurpose: \"Payment processing\",\n\t\tpolicyUrl: \"https://www.paypal.com/webapps/mpp/ua/privacy-full\",\n\t},\n\n\t// Analytics\n\tGoogleAnalytics: {\n\t\tname: \"Google Analytics\",\n\t\tpurpose: \"Usage analytics\",\n\t\tpolicyUrl: \"https://policies.google.com/privacy\",\n\t},\n\tPostHog: {\n\t\tname: \"PostHog\",\n\t\tpurpose: \"Product analytics and session recording\",\n\t\tpolicyUrl: \"https://posthog.com/privacy\",\n\t},\n\tPlausible: {\n\t\tname: \"Plausible Analytics\",\n\t\tpurpose: \"Privacy-friendly usage analytics\",\n\t\tpolicyUrl: \"https://plausible.io/privacy\",\n\t},\n\tMixpanel: {\n\t\tname: \"Mixpanel\",\n\t\tpurpose: \"Product analytics and event tracking\",\n\t\tpolicyUrl: \"https://mixpanel.com/legal/privacy-policy\",\n\t},\n\n\t// Infrastructure\n\tVercel: {\n\t\tname: \"Vercel\",\n\t\tpurpose: \"Hosting and deployment infrastructure\",\n\t\tpolicyUrl: \"https://vercel.com/legal/privacy-policy\",\n\t},\n\tCloudflare: {\n\t\tname: \"Cloudflare\",\n\t\tpurpose: \"CDN, DNS, and security services\",\n\t\tpolicyUrl: \"https://www.cloudflare.com/privacypolicy/\",\n\t},\n\tAWS: {\n\t\tname: \"Amazon Web Services\",\n\t\tpurpose: \"Cloud infrastructure and hosting\",\n\t\tpolicyUrl: \"https://aws.amazon.com/privacy/\",\n\t},\n\n\t// Auth\n\tAuth0: {\n\t\tname: \"Auth0\",\n\t\tpurpose: \"Authentication and identity management\",\n\t\tpolicyUrl: \"https://auth0.com/privacy\",\n\t},\n\tClerk: {\n\t\tname: \"Clerk\",\n\t\tpurpose: \"Authentication and user management\",\n\t\tpolicyUrl: \"https://clerk.com/privacy\",\n\t},\n\n\t// Email\n\tResend: {\n\t\tname: \"Resend\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://resend.com/legal/privacy-policy\",\n\t},\n\tPostmark: {\n\t\tname: \"Postmark\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://wildbit.com/privacy-policy\",\n\t},\n\tSendGrid: {\n\t\tname: \"SendGrid\",\n\t\tpurpose: \"Transactional email delivery\",\n\t\tpolicyUrl: \"https://www.twilio.com/en-us/legal/privacy\",\n\t},\n\tLoops: {\n\t\tname: \"Loops\",\n\t\tpurpose: \"Email marketing and automation\",\n\t\tpolicyUrl: \"https://loops.so/privacy\",\n\t},\n\n\t// Monitoring\n\tSentry: {\n\t\tname: \"Sentry\",\n\t\tpurpose: \"Error monitoring and performance tracking\",\n\t\tpolicyUrl: \"https://sentry.io/privacy/\",\n\t},\n\tDatadog: {\n\t\tname: \"Datadog\",\n\t\tpurpose: \"Infrastructure monitoring and observability\",\n\t\tpolicyUrl: \"https://www.datadoghq.com/legal/privacy/\",\n\t},\n} satisfies Record<string, Provider>;\n","export function thirdParty(\n\t_name: string,\n\t_purpose: string,\n\t_policyUrl: string,\n): void {\n\treturn;\n}\n","import type { OpenPolicyConfig } from \"@openpolicy/core\";\n\nexport type {\n\tCookiePolicyConfig,\n\tLegalBasis,\n\tOpenPolicyConfig,\n\tPrivacyPolicyConfig,\n\tTermsOfServiceConfig,\n\tUserRight,\n} from \"@openpolicy/core\";\n\nexport { dataCollected, thirdParties } from \"./auto-collected\";\nexport { collecting } from \"./collecting\";\nexport { Compliance } from \"./compliance\";\nexport { DataCategories, LegalBases, Retention, Rights } from \"./data\";\nexport { Providers } from \"./providers\";\nexport { thirdParty } from \"./third-parties\";\n\nexport function defineConfig(config: OpenPolicyConfig): OpenPolicyConfig {\n\treturn config;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCA,SAAgB,WACf,WACA,OACA,QACI;AACJ,QAAO;;;;ACrCR,MAAa,aAAa;CACzB,MAAM;EACL,eAAe,CAAC,KAAK;EACrB,YAAY,CAAC,uBAAuB;EACpC,YAAY;GACX;GACA;GACA;GACA;GACA;GACA;GACA;EACD;CACD,MAAM;EACL,eAAe,CAAC,KAAK;EACrB,YAAY;GACX;GACA;GACA;GACA;GACA;EACD;CACD;;;ACtBD,MAAa,iBAAiB;CAC7B,aAAa,EAAE,uBAAuB,CAAC,QAAQ,gBAAgB,EAAE;CACjE,aAAa,EACZ,gBAAgB;EAAC;EAAc;EAAc;EAAe,EAC5D;CACD,aAAa,EACZ,uBAAuB;EACtB;EACA;EACA;EACA,EACD;CACD,WAAW,EACV,cAAc;EAAC;EAAiB;EAAiB;EAAa,EAC9D;CACD,YAAY,EACX,sBAAsB;EACrB;EACA;EACA;EACA,EACD;CACD,cAAc,EAAE,iBAAiB;EAAC;EAAW;EAAQ;EAAW,EAAE;CAClE,gBAAgB,EACf,gBAAgB,CAAC,iBAAiB,kBAAkB,EACpD;CACD;AAED,MAAa,YAAY;CACxB,sBAAsB;CACtB,oBAAoB;CACpB,YAAY;CACZ,YAAY;CACZ,SAAS;CACT,YAAY;CACZ,iBAAiB;CACjB;AAED,MAAa,SAAS;CACrB,QAAQ;CACR,eAAe;CACf,SAAS;CACT,aAAa;CACb,aAAa;CACb,WAAW;CACX,YAAY;CACZ,mBAAmB;CACnB;AAED,MAAa,aAAa;CACzB,SAAS;CACT,UAAU;CACV,iBAAiB;CACjB,gBAAgB;CAChB,YAAY;CACZ,qBAAqB;CACrB;;;ACxDD,MAAa,YAAY;CAExB,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,cAAc;EACb,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,iBAAiB;EAChB,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,SAAS;EACR,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,WAAW;EACV,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,YAAY;EACX,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,KAAK;EACJ,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,UAAU;EACT,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,OAAO;EACN,MAAM;EACN,SAAS;EACT,WAAW;EACX;CAGD,QAAQ;EACP,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD,SAAS;EACR,MAAM;EACN,SAAS;EACT,WAAW;EACX;CACD;;;AC7GD,SAAgB,WACf,OACA,UACA,YACO;;;ACcR,SAAgB,aAAa,QAA4C;AACxE,QAAO"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@openpolicy/sdk",
-	"version": "0.0.18",
+	"version": "0.0.20",
 	"type": "module",
 	"description": "Public API for defining privacy policies with OpenPolicy",
 	"license": "GPL-3.0-only",
@@ -11,7 +11,8 @@
 	},
 	"files": [
 		"dist",
-		"README.md"
+		"README.md",
+		"skills"
 	],
 	"exports": {
 		".": {
@@ -28,6 +29,10 @@
 	"dependencies": {},
 	"devDependencies": {
 		"@openpolicy/core": "workspace:*",
-		"@openpolicy/tooling": "workspace:*"
-	}
+		"@openpolicy/tooling": "workspace:*",
+		"@tanstack/intent": "^0.0.29"
+	},
+	"keywords": [
+		"tanstack-intent"
+	]
 }

package/skills/annotate-data-collection/SKILL.md

@@ -0,0 +1,240 @@
+---
+name: annotate-data-collection
+description: >
+  Mark data collection points in source code with collecting(category, value,
+  labels) so the autoCollect() Vite plugin can populate privacy.dataCollected
+  automatically at build time via static AST analysis. All arguments must be
+  string literals. Spread the dataCollected sentinel from @openpolicy/sdk into
+  the config for plugin output to take effect.
+type: core
+library: openpolicy
+library_version: "0.0.19"
+requires:
+  - openpolicy/vite-setup
+sources:
+  - jamiedavenport/openpolicy:packages/sdk/src/auto-collected.ts
+  - jamiedavenport/openpolicy:packages/vite-auto-collect/src/analyse.ts
+---
+
+This skill builds on openpolicy/vite-setup. Read it first.
+
+## How it works
+
+`collecting(category, value, labels)` is a **pass-through at runtime** — it returns `value` unchanged. Its purpose is to serve as a static marker. During a Vite build, `autoCollect()` scans your source files using oxc-parser, finds every `collecting()` call, and merges the extracted category/label data into the `dataCollected` virtual module exported from `@openpolicy/sdk`.
+
+The scanned data only reaches your policy config if you import the `dataCollected` sentinel and spread it into `privacy.dataCollected`. Without the spread, all collected annotations are silently discarded.
+
+**Critical constraint: every argument that the plugin reads must be a string literal.** The AST scanner does not evaluate expressions. Variables, template literals, and computed values are silently skipped with no warning.
+
+## Setup
+
+Install and wire `autoCollect()` first (see openpolicy/vite-setup). Then follow these three steps:
+
+**Step 1 — Annotate a data collection point in your app code:**
+
+```ts
+// src/users/create.ts
+import { collecting } from "@openpolicy/sdk";
+
+export async function createUser(name: string, email: string) {
+  return db.insert(users).values(
+    collecting(
+      "Account Information",          // category — must be a string literal
+      { name, email },                // value — returned unchanged at runtime
+      { name: "Name", email: "Email address" }, // labels — values must be string literals
+    ),
+  );
+}
+```
+
+**Step 2 — Spread the sentinel into your config:**
+
+```ts
+// openpolicy.ts
+import { defineConfig, dataCollected } from "@openpolicy/sdk";
+
+export default defineConfig({
+  company: {
+    name: "Acme",
+    legalName: "Acme, Inc.",
+    address: "123 Main St, San Francisco, CA 94105",
+    contact: "privacy@acme.com",
+  },
+  privacy: {
+    effectiveDate: "2026-01-01",
+    dataCollected: {
+      ...dataCollected,              // populated by autoCollect() at build time
+      // add manually-tracked categories here if needed
+    },
+  },
+});
+```
+
+**Step 3 — Verify the plugin is active in vite.config.ts:**
+
+```ts
+// vite.config.ts
+import { defineConfig } from "vite";
+import { autoCollect } from "@openpolicy/vite-auto-collect";
+
+export default defineConfig({
+  plugins: [autoCollect()],
+});
+```
+
+At build time, `autoCollect()` scans `src/` for `collecting()` calls and injects the result into the `dataCollected` sentinel before your config module is evaluated.
+
+## Core Patterns
+
+### 1. Basic annotation
+
+Wrap the value you are storing at any data collection point. The third argument maps your field names to human-readable policy labels. Fields you omit from the label record are not included in the policy.
+
+```ts
+import { collecting } from "@openpolicy/sdk";
+
+// Database insert
+const row = collecting(
+  "Contact Information",
+  { email, phone },
+  { email: "Email address", phone: "Phone number" },
+);
+await db.insert(contacts).values(row);
+
+// Form submission
+const payload = collecting(
+  "Support Request",
+  { subject, body, userId },
+  { subject: "Subject line", body: "Message content" },
+  // userId omitted — not included in the policy
+);
+```
+
+### 2. Using DataCategories presets
+
+`DataCategories` provides preset category names and label arrays aligned with common GDPR/CCPA categories. Use these to keep your annotations consistent with the generated policy text.
+
+```ts
+import { collecting, DataCategories } from "@openpolicy/sdk";
+
+// DataCategories.AccountInfo = { "Account Information": ["Name", "Email address"] }
+// Use the category string from the preset key
+const user = collecting(
+  "Account Information",
+  { name, email },
+  { name: "Name", email: "Email address" },
+);
+
+// DataCategories.SessionData = { "Session Data": ["IP address", "User agent", "Browser type"] }
+const session = collecting(
+  "Session Data",
+  { ip, userAgent },
+  { ip: "IP address", userAgent: "User agent" },
+);
+```
+
+Available presets: `AccountInfo`, `SessionData`, `PaymentInfo`, `UsageData`, `DeviceInfo`, `LocationData`, `Communications`.
+
+Note: `DataCategories` values are objects for spreading into `dataCollected` manually; the string keys are the category names to use in `collecting()` calls.
+
+### 3. Spreading the sentinel into config
+
+The sentinel must be spread with `...dataCollected` — not assigned directly. You can add manually-tracked categories alongside the auto-collected ones.
+
+```ts
+import { defineConfig, dataCollected } from "@openpolicy/sdk";
+
+export default defineConfig({
+  company: { /* ... */ },
+  privacy: {
+    effectiveDate: "2026-01-01",
+    dataCollected: {
+      ...dataCollected,                              // auto-collected at build time
+      "Analytics": ["Page views", "Click events"],  // manually declared
+    },
+    jurisdictions: ["eu", "us"],
+    legalBasis: "legitimate_interests",
+    userRights: ["access", "erasure", "portability"],
+  },
+});
+```
+
+## Common Mistakes
+
+### MISTAKE 1 (HIGH) — Dynamic values in `collecting()` arguments
+
+The plugin uses static AST analysis and only recognises string literal nodes. Any non-literal — a variable, template literal, or computed expression — causes the entire call to be silently skipped. No warning is emitted.
+
+```ts
+// WRONG: variable in category position — silently skipped
+const category = "Account Information";
+collecting(category, { name, email }, { name: "Name", email: "Email address" });
+
+// WRONG: template literal — silently skipped
+collecting(`${"Account"} Information`, { name, email }, { name: "Name", email: "Email address" });
+
+// WRONG: dynamic label value — silently skipped
+const label = "Email address";
+collecting("Account Information", { name, email }, { name: "Name", email: label });
+```
+
+```ts
+// CORRECT: every argument the plugin reads is a string literal
+collecting(
+  "Account Information",
+  { name, email },
+  { name: "Name", email: "Email address" },
+);
+```
+
+The `value` argument (second position) is never read by the scanner and can be any expression.
+
+### MISTAKE 2 (HIGH) — Not spreading `dataCollected` into the config
+
+Even with `collecting()` calls throughout your codebase and `autoCollect()` wired up in Vite, the plugin output has no effect unless you import `dataCollected` from `@openpolicy/sdk` and spread it into `privacy.dataCollected`. Without the spread the sentinel is an empty object `{}` and the policy compiles with no auto-collected data.
+
+```ts
+// WRONG: sentinel not imported or spread
+export default defineConfig({
+  privacy: {
+    dataCollected: {
+      "Account Information": ["Email"],  // only manually-declared items appear
+    },
+  },
+});
+```
+
+```ts
+// CORRECT: sentinel imported and spread
+import { defineConfig, dataCollected } from "@openpolicy/sdk";
+
+export default defineConfig({
+  privacy: {
+    dataCollected: {
+      ...dataCollected,                  // auto-collected entries merged here
+      "Account Information": ["Email"],  // any manual additions
+    },
+  },
+});
+```
+
+### MISTAKE 3 (MEDIUM) — Calling `collecting()` with fewer than 3 arguments
+
+The plugin requires all three positional arguments: `category`, `value`, and `labels`. Calls with fewer than 3 arguments are silently skipped by the scanner. There is no runtime error because `collecting()` is a pass-through — it still returns `value` — but the call is never recorded in the policy.
+
+```ts
+// WRONG: missing labels argument — silently skipped by plugin
+collecting("Account Information", { name, email });
+
+// WRONG: only one argument — silently skipped
+collecting("Account Information");
+```
+
+```ts
+// CORRECT: all three arguments present
+collecting(
+  "Account Information",
+  { name, email },
+  { name: "Name", email: "Email address" },
+);
+```