@tantainnovative/ndpr-toolkit 1.0.0

package/dist/setupTests.d.ts

@@ -0,0 +1,2 @@
+import '@testing-library/jest-dom';
+import '@testing-library/jest-dom/extend-expect';

package/dist/types/breach.d.ts

@@ -0,0 +1,239 @@
+/**
+ * Represents a data breach category
+ */
+export interface BreachCategory {
+    /**
+     * Unique identifier for the category
+     */
+    id: string;
+    /**
+     * Display name for the category
+     */
+    name: string;
+    /**
+     * Description of this breach category
+     */
+    description: string;
+    /**
+     * Default severity level for this category
+     */
+    defaultSeverity: 'low' | 'medium' | 'high' | 'critical';
+}
+/**
+ * Represents a data breach report
+ */
+export interface BreachReport {
+    /**
+     * Unique identifier for the breach report
+     */
+    id: string;
+    /**
+     * Title/summary of the breach
+     */
+    title: string;
+    /**
+     * Detailed description of the breach
+     */
+    description: string;
+    /**
+     * Category of the breach
+     */
+    category: string;
+    /**
+     * Timestamp when the breach was discovered
+     */
+    discoveredAt: number;
+    /**
+     * Timestamp when the breach occurred (if known)
+     */
+    occurredAt?: number;
+    /**
+     * Timestamp when the breach was reported internally
+     */
+    reportedAt: number;
+    /**
+     * Person who reported the breach
+     */
+    reporter: {
+        name: string;
+        email: string;
+        department: string;
+        phone?: string;
+    };
+    /**
+     * Systems or data affected by the breach
+     */
+    affectedSystems: string[];
+    /**
+     * Types of data involved in the breach
+     */
+    dataTypes: string[];
+    /**
+     * Estimated number of data subjects affected
+     */
+    estimatedAffectedSubjects?: number;
+    /**
+     * Whether the breach is ongoing or contained
+     */
+    status: 'ongoing' | 'contained' | 'resolved';
+    /**
+     * Initial actions taken to address the breach
+     */
+    initialActions?: string;
+    /**
+     * Attachments related to the breach (e.g., screenshots, logs)
+     */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+        addedAt: number;
+    }>;
+}
+/**
+ * Represents a risk assessment for a data breach
+ */
+export interface RiskAssessment {
+    /**
+     * Unique identifier for the risk assessment
+     */
+    id: string;
+    /**
+     * ID of the breach this assessment is for
+     */
+    breachId: string;
+    /**
+     * Timestamp when the assessment was conducted
+     */
+    assessedAt: number;
+    /**
+     * Person who conducted the assessment
+     */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /**
+     * Confidentiality impact (1-5)
+     */
+    confidentialityImpact: number;
+    /**
+     * Integrity impact (1-5)
+     */
+    integrityImpact: number;
+    /**
+     * Availability impact (1-5)
+     */
+    availabilityImpact: number;
+    /**
+     * Likelihood of harm to data subjects (1-5)
+     */
+    harmLikelihood: number;
+    /**
+     * Severity of potential harm to data subjects (1-5)
+     */
+    harmSeverity: number;
+    /**
+     * Overall risk score
+     */
+    overallRiskScore: number;
+    /**
+     * Risk level based on the overall score
+     */
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /**
+     * Whether the breach is likely to result in a risk to the rights and freedoms of data subjects
+     */
+    risksToRightsAndFreedoms: boolean;
+    /**
+     * Whether the breach is likely to result in a high risk to the rights and freedoms of data subjects
+     */
+    highRisksToRightsAndFreedoms: boolean;
+    /**
+     * Justification for the risk assessment
+     */
+    justification: string;
+}
+/**
+ * Represents notification requirements for a data breach
+ */
+export interface NotificationRequirement {
+    /**
+     * Whether NITDA notification is required
+     */
+    nitdaNotificationRequired: boolean;
+    /**
+     * Deadline for NITDA notification (72 hours from discovery)
+     */
+    nitdaNotificationDeadline: number;
+    /**
+     * Whether data subject notification is required
+     */
+    dataSubjectNotificationRequired: boolean;
+    /**
+     * Justification for the notification decision
+     */
+    justification: string;
+}
+/**
+ * Represents a notification sent to NITDA
+ */
+export interface RegulatoryNotification {
+    /**
+     * Unique identifier for the notification
+     */
+    id: string;
+    /**
+     * ID of the breach this notification is for
+     */
+    breachId: string;
+    /**
+     * Timestamp when the notification was sent
+     */
+    sentAt: number;
+    /**
+     * Method used to send the notification
+     */
+    method: 'email' | 'portal' | 'letter' | 'other';
+    /**
+     * Reference number assigned by NITDA (if available)
+     */
+    referenceNumber?: string;
+    /**
+     * Contact person at NITDA
+     */
+    nitdaContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /**
+     * Content of the notification
+     */
+    content: string;
+    /**
+     * Attachments included with the notification
+     */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+    }>;
+    /**
+     * Follow-up communications with NITDA
+     */
+    followUps?: Array<{
+        timestamp: number;
+        direction: 'sent' | 'received';
+        content: string;
+        attachments?: Array<{
+            id: string;
+            name: string;
+            type: string;
+            url: string;
+        }>;
+    }>;
+}

package/dist/types/consent.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Represents a consent option that can be presented to users
+ */
+export interface ConsentOption {
+    /**
+     * Unique identifier for the consent option
+     */
+    id: string;
+    /**
+     * Display label for the consent option
+     */
+    label: string;
+    /**
+     * Detailed description of what this consent option covers
+     */
+    description: string;
+    /**
+     * Whether this consent option is required (cannot be declined)
+     */
+    required: boolean;
+    /**
+     * Default state of the consent option
+     * @default false
+     */
+    defaultValue?: boolean;
+}
+/**
+ * Represents the user's consent settings
+ */
+export interface ConsentSettings {
+    /**
+     * Map of consent option IDs to boolean values indicating consent status
+     */
+    consents: Record<string, boolean>;
+    /**
+     * Timestamp when consent was last updated
+     */
+    timestamp: number;
+    /**
+     * Version of the consent form that was accepted
+     */
+    version: string;
+    /**
+     * Method used to collect consent (e.g., "banner", "settings", "api")
+     */
+    method: string;
+    /**
+     * Whether the user has actively made a choice (as opposed to default settings)
+     */
+    hasInteracted: boolean;
+}
+/**
+ * Represents the storage mechanism for consent settings
+ */
+export interface ConsentStorageOptions {
+    /**
+     * Storage key for consent settings
+     * @default "ndpr_consent"
+     */
+    storageKey?: string;
+    /**
+     * Storage type to use
+     * @default "localStorage"
+     */
+    storageType?: 'localStorage' | 'sessionStorage' | 'cookie';
+    /**
+     * Cookie options (only used when storageType is "cookie")
+     */
+    cookieOptions?: {
+        /**
+         * Domain for the cookie
+         */
+        domain?: string;
+        /**
+         * Path for the cookie
+         * @default "/"
+         */
+        path?: string;
+        /**
+         * Expiration days for the cookie
+         * @default 365
+         */
+        expires?: number;
+        /**
+         * Whether the cookie should be secure
+         * @default true
+         */
+        secure?: boolean;
+        /**
+         * SameSite attribute for the cookie
+         * @default "Lax"
+         */
+        sameSite?: 'Strict' | 'Lax' | 'None';
+    };
+}

package/dist/types/dpia.d.ts

@@ -0,0 +1,196 @@
+/**
+ * Represents a question in the DPIA questionnaire
+ */
+export interface DPIAQuestion {
+    /**
+     * Unique identifier for the question
+     */
+    id: string;
+    /**
+     * The text of the question
+     */
+    text: string;
+    /**
+     * Additional guidance for answering the question
+     */
+    guidance?: string;
+    /**
+     * Type of input required for the answer
+     */
+    type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale';
+    /**
+     * Options for select, radio, or checkbox questions
+     */
+    options?: Array<{
+        value: string;
+        label: string;
+        riskLevel?: 'low' | 'medium' | 'high';
+    }>;
+    /**
+     * For scale questions, the minimum value
+     */
+    minValue?: number;
+    /**
+     * For scale questions, the maximum value
+     */
+    maxValue?: number;
+    /**
+     * For scale questions, labels for the scale points
+     */
+    scaleLabels?: Record<number, string>;
+    /**
+     * Whether the question is required
+     */
+    required: boolean;
+    /**
+     * Risk level associated with this question
+     */
+    riskLevel?: 'low' | 'medium' | 'high';
+    /**
+     * Whether this question triggers additional questions based on the answer
+     */
+    hasDependentQuestions?: boolean;
+    /**
+     * Conditions that determine when this question should be shown
+     */
+    showWhen?: Array<{
+        questionId: string;
+        operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan';
+        value: any;
+    }>;
+}
+/**
+ * Represents a section in the DPIA questionnaire
+ */
+export interface DPIASection {
+    /**
+     * Unique identifier for the section
+     */
+    id: string;
+    /**
+     * Title of the section
+     */
+    title: string;
+    /**
+     * Description of the section
+     */
+    description?: string;
+    /**
+     * Questions in this section
+     */
+    questions: DPIAQuestion[];
+    /**
+     * Order of the section in the questionnaire
+     */
+    order: number;
+}
+/**
+ * Represents a risk identified in the DPIA
+ */
+export interface DPIARisk {
+    /**
+     * Unique identifier for the risk
+     */
+    id: string;
+    /**
+     * Description of the risk
+     */
+    description: string;
+    /**
+     * Likelihood of the risk occurring (1-5)
+     */
+    likelihood: number;
+    /**
+     * Impact if the risk occurs (1-5)
+     */
+    impact: number;
+    /**
+     * Overall risk score (likelihood * impact)
+     */
+    score: number;
+    /**
+     * Risk level based on the score
+     */
+    level: 'low' | 'medium' | 'high' | 'critical';
+    /**
+     * Measures to mitigate the risk
+     */
+    mitigationMeasures?: string[];
+    /**
+     * Whether the risk has been mitigated
+     */
+    mitigated: boolean;
+    /**
+     * Residual risk score after mitigation
+     */
+    residualScore?: number;
+    /**
+     * Questions that identified this risk
+     */
+    relatedQuestionIds: string[];
+}
+/**
+ * Represents the result of a completed DPIA
+ */
+export interface DPIAResult {
+    /**
+     * Unique identifier for the DPIA
+     */
+    id: string;
+    /**
+     * Title of the DPIA
+     */
+    title: string;
+    /**
+     * Description of the processing activity being assessed
+     */
+    processingDescription: string;
+    /**
+     * Timestamp when the DPIA was started
+     */
+    startedAt: number;
+    /**
+     * Timestamp when the DPIA was completed
+     */
+    completedAt?: number;
+    /**
+     * Person responsible for conducting the DPIA
+     */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /**
+     * Answers to all questions in the DPIA
+     */
+    answers: Record<string, any>;
+    /**
+     * Risks identified in the DPIA
+     */
+    risks: DPIARisk[];
+    /**
+     * Overall risk level of the processing activity
+     */
+    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /**
+     * Whether the DPIA concluded that the processing can proceed
+     */
+    canProceed: boolean;
+    /**
+     * Reasons why the processing can or cannot proceed
+     */
+    conclusion: string;
+    /**
+     * Recommendations for the processing activity
+     */
+    recommendations?: string[];
+    /**
+     * Next review date for the DPIA
+     */
+    reviewDate?: number;
+    /**
+     * Version of the DPIA questionnaire used
+     */
+    version: string;
+}

package/dist/types/dsr.d.ts

@@ -0,0 +1,162 @@
+/**
+ * Represents a type of data subject request
+ */
+export type DSRType = 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection';
+/**
+ * Status of a data subject request
+ */
+export type DSRStatus = 'pending' | 'awaitingVerification' | 'inProgress' | 'completed' | 'rejected';
+/**
+ * Represents a type of data subject request (detailed configuration)
+ */
+export interface RequestType {
+    /**
+     * Unique identifier for the request type
+     */
+    id: string;
+    /**
+     * Display name for the request type
+     */
+    name: string;
+    /**
+     * Description of what this request type entails
+     */
+    description: string;
+    /**
+     * Estimated time to fulfill this type of request (in days)
+     */
+    estimatedCompletionTime: number;
+    /**
+     * Whether additional information is required for this request type
+     */
+    requiresAdditionalInfo: boolean;
+    /**
+     * Custom fields required for this request type
+     */
+    additionalFields?: Array<{
+        id: string;
+        label: string;
+        type: 'text' | 'textarea' | 'select' | 'checkbox' | 'file';
+        options?: string[];
+        required: boolean;
+        placeholder?: string;
+    }>;
+}
+/**
+ * Legacy status of a data subject request
+ * @deprecated Use DSRStatus instead
+ */
+export type RequestStatus = 'pending' | 'verifying' | 'processing' | 'completed' | 'rejected';
+/**
+ * Represents a data subject request
+ */
+export interface DSRRequest {
+    /**
+     * Unique identifier for the request
+     */
+    id: string;
+    /**
+     * Type of request
+     */
+    type: DSRType;
+    /**
+     * Current status of the request
+     */
+    status: DSRStatus;
+    /**
+     * Timestamp when the request was submitted
+     */
+    createdAt: number;
+    /**
+     * Timestamp when the request was last updated
+     */
+    updatedAt: number;
+    /**
+     * Timestamp when the request was completed (if applicable)
+     */
+    completedAt?: number;
+    /**
+     * Timestamp when the identity was verified (if applicable)
+     */
+    verifiedAt?: number;
+    /**
+     * Due date for responding to the request (timestamp)
+     */
+    dueDate?: number;
+    /**
+     * Description or details of the request
+     */
+    description?: string;
+    /**
+     * Data subject information
+     */
+    subject: {
+        /**
+         * Name of the data subject
+         */
+        name: string;
+        /**
+         * Email address of the data subject
+         */
+        email: string;
+        /**
+         * Phone number of the data subject (optional)
+         */
+        phone?: string;
+        /**
+         * Identifier used to verify the data subject's identity (optional)
+         */
+        identifierValue?: string;
+        /**
+         * Type of identifier used (e.g., "email", "account", "customer_id") (optional)
+         */
+        identifierType?: string;
+    };
+    /**
+     * Additional information provided by the data subject
+     */
+    additionalInfo?: Record<string, any>;
+    /**
+     * Notes added by staff processing the request
+     */
+    internalNotes?: Array<{
+        timestamp: number;
+        author: string;
+        note: string;
+    }>;
+    /**
+     * Verification status
+     */
+    verification?: {
+        /**
+         * Whether the identity has been verified
+         */
+        verified: boolean;
+        /**
+         * Method used for verification
+         */
+        method?: string;
+        /**
+         * Timestamp when verification was completed
+         */
+        verifiedAt?: number;
+        /**
+         * Staff member who performed the verification
+         */
+        verifiedBy?: string;
+    };
+    /**
+     * Reason for rejection (if status is 'rejected')
+     */
+    rejectionReason?: string;
+    /**
+     * Files attached to the request (e.g., exported data, verification documents)
+     */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+        addedAt: number;
+    }>;
+}