@tantainnovative/ndpr-toolkit 2.4.1 → 3.2.0

package/README.md

@@ -7,336 +7,311 @@
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.0%2B-3178C6.svg)](https://www.typescriptlang.org/)
 [![Bundle Size](https://img.shields.io/bundlephobia/minzip/@tantainnovative/ndpr-toolkit)](https://bundlephobia.com/package/@tantainnovative/ndpr-toolkit)
 
-Eight production-ready modules covering consent, data subject rights, DPIA, breach notification, privacy policies, lawful basis tracking, cross-border transfers, and ROPA -- everything a data controller or processor needs under the NDPA.
+v3 ships **zero-config presets**, **pluggable storage adapters**, **compound components**, and a **compliance score engine** — eight production-ready modules covering consent, data subject rights, DPIA, breach notification, privacy policies, lawful basis, cross-border transfers, and ROPA.
 
 **[Documentation](https://ndprtoolkit.com.ng)** | **[Live Demos](https://ndprtoolkit.com.ng/ndpr-demos)** | **[npm](https://www.npmjs.com/package/@tantainnovative/ndpr-toolkit)**
 
 ---
 
-## Install
+## The 3-File Quickstart
 
-```bash
-pnpm add @tantainnovative/ndpr-toolkit
-```
+Three files. Full NDPA consent compliance.
 
----
-
-## Choose Your Import Style
-
-v2.0 ships modular entry points. Pick the layer you need -- the rest stays out of your bundle.
+**`app/layout.tsx`**
+```tsx
+import { NDPRConsent } from '@tantainnovative/ndpr-toolkit/presets';
+
+export default function RootLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <html>
+      <body>
+        {children}
+        <NDPRConsent />
+      </body>
+    </html>
+  );
+}
+```
 
-### Lightweight (zero UI dependencies)
+**`app/api/consent/route.ts`**
+```ts
+import { NextRequest, NextResponse } from 'next/server';
 
-Types, validators, and utility functions. Works in any JS/TS environment -- Node, Deno, edge functions, or the browser.
+let store: unknown = null;
 
-```typescript
-import { validateConsent, getLawfulBasisDescription } from '@tantainnovative/ndpr-toolkit/core';
+export async function GET() { return NextResponse.json(store ?? {}); }
+export async function POST(req: NextRequest) {
+  store = await req.json();
+  return NextResponse.json({ ok: true });
+}
 ```
 
-### React Hooks
-
-Stateful hooks for every module. Requires `react` only -- no Radix, no Tailwind.
+**Persist to your API instead of localStorage:**
+```tsx
+import { NDPRConsent } from '@tantainnovative/ndpr-toolkit/presets';
+import { apiAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 
-```typescript
-import { useConsent, useLawfulBasis } from '@tantainnovative/ndpr-toolkit/hooks';
+<NDPRConsent adapter={apiAdapter('/api/consent')} />
 ```
 
-### Full UI Components
+That's it. NDPA-compliant consent with server-side persistence in under 20 lines.
 
-Pre-built, styled components. Requires Tailwind CSS plus a handful of Radix primitives.
+---
 
-```typescript
-import { ConsentBanner, LawfulBasisTracker } from '@tantainnovative/ndpr-toolkit';
+## Install
+
+```bash
+pnpm add @tantainnovative/ndpr-toolkit
 ```
 
-Install the UI peer dependencies:
+Install UI peer dependencies (only needed for styled components):
 
 ```bash
 pnpm add @radix-ui/react-switch @radix-ui/react-tabs @radix-ui/react-label @radix-ui/react-slot lucide-react tailwind-merge clsx class-variance-authority
 ```
 
-### Per-Module Imports
+Or scaffold instantly with the CLI:
 
-Need just one module? Import it directly to keep your bundle minimal.
-
-```typescript
-import { ConsentBanner, useConsent } from '@tantainnovative/ndpr-toolkit/consent';
-import { BreachReportForm, useBreach } from '@tantainnovative/ndpr-toolkit/breach';
+```bash
+npx @tantainnovative/create-ndpr
 ```
 
 ---
 
-## Quick Start
-
-A consent banner in under 10 lines:
+## Choose Your Layer
 
-```tsx
-import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
-
-function App() {
-  const { hasConsent, acceptAll, rejectAll, shouldShowBanner } = useConsent({
-    options: [
-      { id: 'essential', label: 'Essential', description: 'Required for the site to function', required: true, purpose: 'Site operation' },
-      { id: 'analytics', label: 'Analytics', description: 'Help us improve', required: false, purpose: 'Usage analytics' },
-    ],
-  });
-
-  if (shouldShowBanner) {
-    return (
-      <div>
-        <p>We use cookies to improve your experience.</p>
-        <button onClick={acceptAll}>Accept All</button>
-        <button onClick={rejectAll}>Reject Optional</button>
-      </div>
-    );
-  }
-
-  return <main>{hasConsent('analytics') && <AnalyticsScript />}</main>;
-}
-```
-
----
+Pick exactly what your project needs.
 
-## Styling & Customization
+### Presets — zero-config
 
-Every component supports three styling modes:
-
-**Default (Tailwind CSS built-in):**
+Drop-in components with sensible defaults. No configuration required.
 
 ```tsx
-<ConsentBanner options={options} onSave={handleSave} />
+import {
+  NDPRConsent,           // Consent banner — works with zero props
+  NDPRSubjectRights,     // DSR request form
+  NDPRBreachReport,      // Breach report form
+  NDPRPrivacyPolicy,     // Policy generator wizard
+  NDPRDPIA,              // DPIA questionnaire
+  NDPRComplianceDashboard, // Visual compliance dashboard
+} from '@tantainnovative/ndpr-toolkit/presets';
 ```
 
-**Override specific sections:**
+### Components — compound pattern
 
-```tsx
-import { ConsentBanner } from '@tantainnovative/ndpr-toolkit/consent';
+Full control over layout without rebuilding logic.
 
-<ConsentBanner
-  options={options}
-  onSave={handleSave}
-  classNames={{
-    root: "fixed bottom-0 inset-x-0 bg-white shadow-xl p-6 z-50",
-    title: "text-xl font-serif text-gray-900",
-    acceptButton: "bg-green-600 text-white px-6 py-2 rounded-full",
-    rejectButton: "border border-gray-300 px-6 py-2 rounded-full",
-  }}
-/>
+```tsx
+import { Consent } from '@tantainnovative/ndpr-toolkit/consent';
+
+<Consent.Provider options={options} onSave={handleSave}>
+  <div className="my-layout">
+    <Consent.OptionList />
+    <div className="flex gap-2">
+      <Consent.AcceptButton />
+      <Consent.RejectButton />
+    </div>
+  </div>
+</Consent.Provider>
 ```
 
-**Fully unstyled (BYO CSS -- works with Bootstrap, CSS Modules, vanilla CSS):**
+### Hooks — headless
+
+Stateful hooks for every module. Bring your own UI entirely.
 
 ```tsx
-<ConsentBanner
-  options={options}
-  onSave={handleSave}
-  unstyled
-  classNames={{
-    root: "my-consent-banner",
-    acceptButton: "btn btn-primary",
-    rejectButton: "btn btn-outline-secondary",
-  }}
-/>
-```
+import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
 
-### classNames Reference
-
-| Component | Keys | All classNames |
-|-----------|------|----------------|
-| ConsentBanner | 14 | root, container, title, description, optionsList, optionItem, optionCheckbox, optionLabel, optionDescription, buttonGroup, acceptButton, rejectButton, customizeButton, saveButton |
-| ConsentManager | 9 | root, header, title, description, optionsList, optionItem, toggle, saveButton, resetButton |
-| ConsentStorage | 1 | root |
-| DSRRequestForm | 11 | root, title, description, form, fieldGroup, label, input, select, textarea, submitButton, successMessage |
-| DSRDashboard | 8 | root, header, title, filters, requestList, requestItem, statusBadge, detailPanel |
-| DSRTracker | 9 | root, header, title, stats, statCard, table, tableHeader, tableRow, statusBadge |
-| DPIAQuestionnaire | 15 | root, header, title, section, sectionTitle, question, questionText, guidance, input, radioGroup, radioOption, navigation, nextButton, prevButton, progressBar |
-| DPIAReport | 10 | root, header, title, summary, riskBadge, riskTable, riskRow, recommendation, conclusion, printButton |
-| StepIndicator | 7 | root, step, stepActive, stepCompleted, stepPending, connector, label |
-| BreachReportForm | 10 | root, title, form, fieldGroup, label, input, select, textarea, submitButton, notice |
-| BreachRiskAssessment | 8 | root, header, title, slider, riskBadge, riskScore, notificationStatus, submitButton |
-| BreachNotificationManager | 9 | root, header, title, breachList, breachItem, statusBadge, timeline, timelineStep, detailPanel |
-| RegulatoryReportGenerator | 9 | root, header, title, reportPreview, field, fieldLabel, fieldValue, generateButton, downloadButton |
-| PolicyGenerator | 10 | root, header, title, description, sectionList, sectionItem, form, input, generateButton, complianceNotice |
-| PolicyPreview | 9 | root, header, title, description, content, section, sectionTitle, sectionContent, complianceNotice |
-| PolicyExporter | 9 | root, header, title, description, formatSelector, formatOption, exportButton, complianceNotice, preview |
-| LawfulBasisTracker | 15 | root, header, title, summary, summaryCard, table, tableHeader, tableRow, form, input, select, submitButton, statusBadge, complianceScore, gapAlert |
-| CrossBorderTransferManager | 15 | root, header, title, summary, summaryCard, transferList, transferItem, form, input, select, submitButton, riskBadge, statusBadge, detailPanel, approvalStatus |
-| ROPAManager | 16 | root, header, title, orgInfo, summary, summaryCard, table, tableHeader, tableRow, form, input, select, submitButton, statusBadge, exportButton, complianceGap |
-| **All 19 components** | **169** | |
-
-Every component follows the same pattern. Pass `classNames` to override specific sections, or set `unstyled` to strip all default styles. Each component exports its ClassNames TypeScript interface for autocomplete support.
+const { hasConsent, acceptAll, rejectAll, shouldShowBanner } = useConsent({ options });
+```
 
----
+### Core — no React
 
-## Modules
+Pure TypeScript utilities and validators. Works anywhere — Node, edge functions, Deno.
 
-### 1. Consent Management
+```ts
+import { validateConsent, getComplianceScore } from '@tantainnovative/ndpr-toolkit/core';
+```
 
-**NDPA Sections 25-26** -- Freely given, specific, informed, and unambiguous consent.
+### Adapters — pluggable storage
 
-```typescript
-import { ConsentBanner, ConsentManager, useConsent, validateConsent } from '@tantainnovative/ndpr-toolkit/consent';
-```
+Swap where consent (and other state) is stored without changing any component code.
 
-```tsx
-<ConsentManager
-  options={[
-    { id: 'essential', label: 'Essential', description: 'Required for the site to function', required: true, purpose: 'Site operation' },
-    { id: 'analytics', label: 'Analytics', description: 'Help us improve', required: false, purpose: 'Usage analytics' },
-  ]}
-  onSave={(settings) => {
-    if (settings.consents.analytics) loadAnalytics();
-  }}
-/>
+```ts
+import { apiAdapter, localStorageAdapter, cookieAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 ```
 
-**Key exports:** `ConsentBanner`, `ConsentManager`, `ConsentStorage`, `useConsent`, `validateConsent`, `validateConsentOptions`
-
 ---
 
-### 2. Data Subject Rights (DSR)
+## Pluggable Storage
 
-**NDPA Part IV, Sections 29-36** -- All 8 rights: information, access, rectification, erasure, restriction, portability, objection, and automated decision-making.
+Every stateful component accepts an `adapter` prop. Built-in adapters ship out of the box.
 
-```typescript
-import { DSRRequestForm, DSRDashboard, useDSR, formatDSRRequest } from '@tantainnovative/ndpr-toolkit/dsr';
+```ts
+import {
+  localStorageAdapter,    // default for browsers
+  sessionStorageAdapter,  // cleared on tab close
+  cookieAdapter,          // server-readable cookies
+  apiAdapter,             // HTTP endpoint (any backend)
+  memoryAdapter,          // in-process, good for SSR / tests
+  composeAdapters,        // fan-out writes to multiple stores
+} from '@tantainnovative/ndpr-toolkit/adapters';
 ```
 
+**localStorage (default browser behaviour):**
 ```tsx
-const { submitRequest, requests } = useDSR({
-  requestTypes: [
-    { id: 'access', name: 'Access Request', description: 'Right of access (Section 30)', estimatedCompletionTime: 30, requiresAdditionalInfo: false },
-  ],
-});
+<NDPRConsent adapter={localStorageAdapter('ndpr_consent')} />
 ```
 
-**Key exports:** `DSRRequestForm`, `DSRDashboard`, `DSRTracker`, `useDSR`, `formatDSRRequest`
-
----
-
-### 3. Data Protection Impact Assessment (DPIA)
+**API endpoint:**
+```tsx
+<NDPRConsent adapter={apiAdapter('/api/consent', {
+  headers: { Authorization: `Bearer ${token}` },
+})} />
+```
 
-**NDPA Section 38-39** -- Mandatory risk assessment for high-risk processing activities.
+**Write to API + keep a local cache:**
+```tsx
+import { composeAdapters, apiAdapter, localStorageAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 
-```typescript
-import { DPIAQuestionnaire, DPIAReport, useDPIA, assessDPIARisk } from '@tantainnovative/ndpr-toolkit/dpia';
+<NDPRConsent adapter={composeAdapters(
+  apiAdapter('/api/consent'),
+  localStorageAdapter('ndpr_consent'),
+)} />
 ```
 
+**Cookie (server-readable, for SSR consent gating):**
 ```tsx
-const { currentSection, answers, nextSection, completeDPIA } = useDPIA({
-  sections: dpiaSections,
-  onComplete: (result) => saveAssessment(result),
-});
+<NDPRConsent adapter={cookieAdapter({ name: 'ndpr_consent', maxAge: 365 * 24 * 60 * 60 })} />
 ```
 
-**Key exports:** `DPIAQuestionnaire`, `DPIAReport`, `StepIndicator`, `useDPIA`, `assessDPIARisk`
-
 ---
 
-### 4. Breach Notification
-
-**NDPA Section 40** -- 72-hour notification to the NDPC, plus data subject notification.
+## Compliance Score
+
+`getComplianceScore()` evaluates your posture across all 8 NDPA modules and returns a 0–100 score with rated gaps and prioritised recommendations.
+
+```ts
+import { getComplianceScore } from '@tantainnovative/ndpr-toolkit/core';
+
+const report = getComplianceScore({
+  consent: {
+    hasConsentMechanism: true,
+    hasPurposeSpecification: true,
+    hasWithdrawalMechanism: true,
+    hasMinorProtection: false,
+    consentRecordsRetained: true,
+  },
+  dsr: {
+    hasRequestMechanism: true,
+    supportsAccess: true,
+    supportsRectification: false,
+    supportsErasure: false,
+    supportsPortability: false,
+    supportsObjection: false,
+    maxResponseDays: 30,
+  },
+  // ... other modules
+});
 
-```typescript
-import { BreachReportForm, BreachNotificationManager, useBreach, calculateBreachSeverity } from '@tantainnovative/ndpr-toolkit/breach';
+console.log(report.score);         // e.g. 74
+console.log(report.rating);        // "good" | "excellent" | "needs-work" | "critical"
+console.log(report.recommendations[0].priority); // "critical"
 ```
 
+Render a live dashboard:
+
 ```tsx
-const { reportBreach, reports, assessRisk } = useBreach({
-  categories: breachCategories,
-  onReport: (report) => notifyNDPC(report),
-});
-```
+import { NDPRComplianceDashboard } from '@tantainnovative/ndpr-toolkit/presets';
 
-**Key exports:** `BreachReportForm`, `BreachRiskAssessment`, `BreachNotificationManager`, `RegulatoryReportGenerator`, `useBreach`, `calculateBreachSeverity`
+<NDPRComplianceDashboard
+  input={complianceInput}
+  showRecommendations
+  maxRecommendations={5}
+/>
+```
 
 ---
 
-### 5. Privacy Policy Generator
+## Backend Integration
 
-**NDPA Sections 27-28** -- Multi-step wizard producing NDPA-compliant privacy policies with PDF/DOCX export.
+### CLI scaffolder
 
-```typescript
-import { PolicyGenerator, PolicyPreview, usePrivacyPolicy, generatePolicyText } from '@tantainnovative/ndpr-toolkit/policy';
-```
+Scaffold a complete wiring for your stack in seconds:
 
-```tsx
-<PolicyGenerator
-  sections={policySections}
-  variables={policyVariables}
-  onGenerate={({ content }) => console.log(content)}
-/>
+```bash
+npx @tantainnovative/create-ndpr
 ```
 
-The wizard covers organization info, data collection practices, data sharing, custom sections, and a preview with export.
+Detects Next.js (App Router or Pages Router) or Express, prompts for your ORM (Prisma / Drizzle / none), and generates API routes, schema, and layout files — no manual copy-pasting.
 
-**Key exports:** `PolicyGenerator`, `PolicyPreview`, `PolicyExporter`, `usePrivacyPolicy`, `generatePolicyText`
+### Backend recipes
 
----
+`@tantainnovative/ndpr-recipes` is a reference implementation with production-ready patterns:
 
-### 6. Lawful Basis Tracker
+| Recipe | What you get |
+|--------|-------------|
+| `prisma/schema.prisma` | All 5 NDPA compliance tables |
+| `src/adapters/prisma-consent.ts` | Prisma `StorageAdapter<ConsentSettings>` |
+| `src/adapters/drizzle-consent.ts` | Drizzle `StorageAdapter<ConsentSettings>` |
+| `src/nextjs/app-router/` | Consent, DSR, Breach, ROPA, compliance route handlers |
+| `src/express/` | Full NDPR router with consent, DSR, breach, ROPA routes |
+| `src/nextjs/app-router/middleware.ts` | Next.js consent gate middleware |
 
-**NDPA Section 25** -- Document and manage the lawful basis for every processing activity. Covers all six bases: consent, contract, legal obligation, vital interests, public interest, and legitimate interests.
+Copy the files you need into your project. [Browse the recipes →](https://github.com/tantainnovative/ndpr-toolkit/tree/main/packages/ndpr-recipes)
 
-```typescript
-import { LawfulBasisTracker, useLawfulBasis, validateProcessingActivity, getLawfulBasisDescription } from '@tantainnovative/ndpr-toolkit/lawful-basis';
-```
+---
 
-```tsx
-const { activities, addActivity, getSummary } = useLawfulBasis();
-
-addActivity({
-  name: 'Email marketing',
-  description: 'Send promotional emails',
-  lawfulBasis: 'consent',
-  lawfulBasisJustification: 'Explicit opt-in at signup',
-  dataCategories: ['email', 'name'],
-  involvesSensitiveData: false,
-  dataSubjectCategories: ['customers'],
-  purposes: ['marketing'],
-  retentionPeriod: '2 years',
-  crossBorderTransfer: false,
-  status: 'active',
-});
-```
+## All 8 Modules
 
-**Key exports:** `LawfulBasisTracker`, `useLawfulBasis`, `validateProcessingActivity`, `getLawfulBasisDescription`, `assessComplianceGaps`, `generateLawfulBasisSummary`
+| Module | Import path | NDPA reference | Key exports |
+|--------|-------------|----------------|-------------|
+| Consent Management | `/consent` | Sections 25–26 | `ConsentBanner`, `ConsentManager`, `Consent.*`, `useConsent` |
+| Data Subject Rights | `/dsr` | Part IV §29–36 | `DSRRequestForm`, `DSRDashboard`, `useDSR` |
+| DPIA | `/dpia` | Sections 38–39 | `DPIAQuestionnaire`, `DPIAReport`, `useDPIA` |
+| Breach Notification | `/breach` | Section 40 | `BreachReportForm`, `BreachRiskAssessment`, `useBreach` |
+| Privacy Policy | `/policy` | Sections 27–28 | `PolicyGenerator`, `PolicyPreview`, `PolicyExporter` |
+| Lawful Basis | `/lawful-basis` | Section 25 | `LawfulBasisTracker`, `useLawfulBasis` |
+| Cross-Border Transfers | `/cross-border` | Part VI §41–45 | `CrossBorderTransferManager`, `useCrossBorderTransfer` |
+| ROPA | `/ropa` | Section 28(2) | `ROPAManager`, `useROPA`, `exportROPAToCSV` |
 
 ---
 
-### 7. Cross-Border Transfer Assessment
-
-**NDPA Part VI, Sections 41-45** -- Evaluate adequacy decisions, standard contractual clauses, binding corporate rules, and derogations for international data transfers.
+## Styling & Customization
 
-```typescript
-import { CrossBorderTransferManager, useCrossBorderTransfer, validateTransfer, assessTransferRisk } from '@tantainnovative/ndpr-toolkit/cross-border';
-```
+Every component supports three modes:
 
+**Default (Tailwind CSS):**
 ```tsx
-const { transfers, addTransfer, getSummary } = useCrossBorderTransfer({
-  onAdd: (transfer) => logTransfer(transfer),
-});
+<ConsentBanner options={options} onSave={handleSave} />
 ```
 
-**Key exports:** `CrossBorderTransferManager`, `useCrossBorderTransfer`, `validateTransfer`, `getTransferMechanismDescription`, `assessTransferRisk`, `isNDPCApprovalRequired`
-
----
-
-### 8. Record of Processing Activities (ROPA)
-
-**NDPA Section 28(2) & NDPC Regulatory Guidance** -- Maintain comprehensive records of all processing activities for audit readiness and regulatory accountability.
-
-```typescript
-import { ROPAManager, useROPA, generateROPASummary, exportROPAToCSV } from '@tantainnovative/ndpr-toolkit/ropa';
+**Override specific sections:**
+```tsx
+<ConsentBanner
+  options={options}
+  onSave={handleSave}
+  classNames={{
+    root: "fixed bottom-0 inset-x-0 bg-white shadow-xl p-6",
+    acceptButton: "bg-green-600 text-white px-6 py-2 rounded-full",
+  }}
+/>
 ```
 
+**Fully unstyled (BYO CSS — Bootstrap, CSS Modules, vanilla):**
 ```tsx
-const { ropa, addRecord, getSummary } = useROPA({
-  initialData: { id: 'ropa-1', organizationName: 'Acme Ltd', organizationContact: 'dpo@acme.ng', organizationAddress: 'Lagos, Nigeria', records: [], lastUpdated: Date.now(), version: '1.0' },
-});
+<ConsentBanner
+  options={options}
+  onSave={handleSave}
+  unstyled
+  classNames={{
+    root: "my-consent-banner",
+    acceptButton: "btn btn-primary",
+  }}
+/>
 ```
 
-**Key exports:** `ROPAManager`, `useROPA`, `validateProcessingRecord`, `generateROPASummary`, `exportROPAToCSV`, `identifyComplianceGaps`
+Each component exports its `ClassNames` TypeScript interface for autocomplete. Full reference in the [docs](https://ndprtoolkit.com.ng/docs/styling).
 
 ---
 
@@ -344,18 +319,20 @@ const { ropa, addRecord, getSummary } = useROPA({
 
 | Path | What you get | Dependencies |
 |------|-------------|--------------|
+| `.` (default) | Everything | All peer deps |
 | `/core` | Types + utility functions | `tslib` |
 | `/hooks` | React hooks for all 8 modules | `react` |
-| `/consent` | Consent components + hook + utils | `react`, Radix, Tailwind |
-| `/dsr` | DSR components + hook + utils | `react`, Radix, Tailwind |
-| `/dpia` | DPIA components + hook + utils | `react`, Radix, Tailwind |
-| `/breach` | Breach components + hook + utils | `react`, Radix, Tailwind |
-| `/policy` | Policy components + hook + utils | `react`, Radix, Tailwind, `jspdf` |
-| `/lawful-basis` | Lawful basis component + hook + utils | `react`, Radix, Tailwind |
-| `/cross-border` | Cross-border component + hook + utils | `react`, Radix, Tailwind |
-| `/ropa` | ROPA component + hook + utils | `react`, Radix, Tailwind |
+| `/presets` | Zero-config preset components | `react`, Radix, Tailwind |
+| `/adapters` | Storage adapters | none |
+| `/consent` | Consent components + `Consent.*` compound API | `react`, Radix, Tailwind |
+| `/dsr` | DSR components + hook | `react`, Radix, Tailwind |
+| `/dpia` | DPIA components + hook | `react`, Radix, Tailwind |
+| `/breach` | Breach components + hook | `react`, Radix, Tailwind |
+| `/policy` | Policy components + hook | `react`, Radix, Tailwind, `jspdf` |
+| `/lawful-basis` | Lawful basis component + hook | `react`, Radix, Tailwind |
+| `/cross-border` | Cross-border component + hook | `react`, Radix, Tailwind |
+| `/ropa` | ROPA component + hook | `react`, Radix, Tailwind |
 | `/unstyled` | Unstyled consent primitives | `react` |
-| `.` (default) | Everything | All peer deps |
 
 ---
 
@@ -367,7 +344,6 @@ The **Nigeria Data Protection Act (NDPA) 2023** replaced the NDPR 2019 and estab
 |--------|-------------|-------------|
 | Legal status | NITDA regulation | Act of the National Assembly |
 | Regulator | NITDA | NDPC (independent commission) |
-| Scope | Organizations processing data in Nigeria | Broader territorial + extraterritorial application |
 | Enforcement | Limited | Independent investigation and penalty powers |
 | Data subject rights | 6 rights | 8 rights (added information + automated decision-making) |
 | Cross-border transfers | Basic provisions | Comprehensive framework with adequacy decisions |
@@ -378,26 +354,30 @@ The **Nigeria Data Protection Act (NDPA) 2023** replaced the NDPR 2019 and estab
 
 ## TypeScript
 
-The toolkit is written in TypeScript and exports all types:
+Written in TypeScript. All types are exported:
 
 ```typescript
 import type {
   // Consent
-  ConsentOption, ConsentSettings, LawfulBasisType,
+  ConsentOption, ConsentSettings,
   // DSR
-  DSRRequest, DSRType, DSRStatus, RequestType,
+  DSRRequest, DSRType, DSRStatus,
   // DPIA
-  DPIAQuestion, DPIASection, DPIAResult, DPIARisk,
+  DPIAQuestion, DPIASection, DPIAResult,
   // Breach
   BreachReport, BreachCategory, RiskAssessment,
   // Policy
-  PolicySection, PolicyTemplate, OrganizationInfo, PrivacyPolicy,
+  PolicySection, PolicyTemplate, PrivacyPolicy,
   // Lawful Basis
-  LawfulBasis, ProcessingActivity, LawfulBasisSummary,
+  LawfulBasis, ProcessingActivity,
   // Cross-Border
-  CrossBorderTransfer, TransferMechanism, AdequacyStatus,
+  CrossBorderTransfer, TransferMechanism,
   // ROPA
-  ProcessingRecord, RecordOfProcessingActivities, ROPASummary,
+  ProcessingRecord, RecordOfProcessingActivities,
+  // Compliance score
+  ComplianceInput, ComplianceReport, ComplianceRating,
+  // Storage
+  StorageAdapter,
 } from '@tantainnovative/ndpr-toolkit/core';
 ```