@tantainnovative/ndpr-toolkit 3.5.5 → 3.6.0

package/CHANGELOG.md

@@ -2,6 +2,31 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [3.6.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.5.5...v3.6.0) (2026-05-24)
+
+### Features (developer feedback)
+
+This release lands changes flagged by integrating teams using the toolkit in production. All additions are backward-compatible — 3.5.x consumers can upgrade without changes.
+
+* **`apiAdapter` is now production-ready.** Adds `credentials` (defaults to `'same-origin'`, set `'include'` for cross-origin), dynamic `headers` (function form for runtime CSRF token lookup), `loadMethod`/`saveMethod` overrides (e.g. `PUT` for upsert APIs), `unwrap` (transform `{ data: ... }` envelopes), configurable `retry` with exponential backoff and a `shouldRetry` predicate (default: retry on network errors + 5xx, skip 4xx), and `onError`/`onSuccess` hooks for telemetry. The pre-3.6.0 `console.warn` behavior is preserved when no `onError` is configured.
+* **`NDPRConsent` exposes a `copy` prop.** Override `title` / `description` / `acceptAll` / `rejectAll` / `customize` / `save` strings without dropping to the lower-level `<ConsentBanner>` API.
+* **`NDPRSubjectRights` adds public-form `submitTo` mode.** Public sites can POST to their backend instead of being state-managed by an adapter. Pairs with `submitOptions` (credentials, headers) and `onSubmitError`. The state-managed `adapter` mode is unchanged.
+* **Per-preset subpath entries** for bundle-size-sensitive consumers:
+  - `@tantainnovative/ndpr-toolkit/presets/consent` — just `NDPRConsent` (~4KB vs ~8KB for the full barrel)
+  - `@tantainnovative/ndpr-toolkit/presets/dsr` — just `NDPRSubjectRights`
+  - `@tantainnovative/ndpr-toolkit/presets/policy` — just `NDPRPrivacyPolicy`
+  The full `/presets` barrel is unchanged. These are additive narrower entries.
+
+### Docs
+
+* README install block now shows Bun, npm, and Yarn alongside pnpm.
+
+### Coming next (3.6.1+)
+
+- Recipe pages for ecommerce / newsletter / contact-form / careers / admin DSR patterns
+- Org-specific privacy policy templates (SaaS, ecommerce, school, healthcare, procurement)
+- Continued bundle reduction
+
 ## [3.5.5](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.5.4...v3.5.5) (2026-05-24)
 
 ### Features (tests + types)

package/README.md

@@ -74,14 +74,26 @@ That's it. NDPA-compliant consent with server-side persistence in under 20 lines
 
 ## Install
 
+Pick your package manager:
+
 ```bash
+# pnpm
 pnpm add @tantainnovative/ndpr-toolkit
+
+# Bun
+bun add @tantainnovative/ndpr-toolkit
+
+# npm
+npm install @tantainnovative/ndpr-toolkit
+
+# Yarn
+yarn add @tantainnovative/ndpr-toolkit
 ```
 
 Add the stylesheet import once in your app entry so components render with default styles:
 
 ```ts
-// app/layout.tsx (Next.js App Router) or src/main.tsx (Vite/CRA)
+// app/layout.tsx (Next.js App Router) or src/main.tsx (Vite/CRA/Bun)
 import "@tantainnovative/ndpr-toolkit/styles";
 ```
 
@@ -90,7 +102,11 @@ The stylesheet is opinionated but token-driven — override any `--ndpr-*` CSS c
 Install UI peer dependencies (only needed if you use the higher-level Radix-based components from `/presets`):
 
 ```bash
+# pnpm
 pnpm add @radix-ui/react-switch @radix-ui/react-tabs @radix-ui/react-label @radix-ui/react-slot lucide-react tailwind-merge clsx class-variance-authority
+
+# Bun
+bun add @radix-ui/react-switch @radix-ui/react-tabs @radix-ui/react-label @radix-ui/react-slot lucide-react tailwind-merge clsx class-variance-authority
 ```
 
 Or scaffold instantly with the CLI:

package/dist/adapters.d.mts

@@ -1,7 +1,141 @@
-export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions): StorageAdapter<T>;
+/**
+ * Production-ready API storage adapter.
+ *
+ * Backward-compatible with the 3.5.x signature — `apiAdapter('/api/x')`
+ * still works exactly as before. New options are all opt-in.
+ *
+ * @example basic
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent');
+ *
+ * @example with credentials and CSRF
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     credentials: 'include',
+ *     headers: () => ({
+ *       'X-CSRF-Token': document.querySelector<HTMLMetaElement>(
+ *         'meta[name="csrf-token"]'
+ *       )?.content ?? '',
+ *     }),
+ *   });
+ *
+ * @example with retry + telemetry
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     retry: { attempts: 2, baseDelayMs: 300 },
+ *     onError: (ctx) => Sentry.captureException(ctx.error, { extra: ctx }),
+ *     onSuccess: (ctx) => analytics.track('consent_saved', { method: ctx.method }),
+ *   });
+ *
+ * @example with response unwrap
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     // API returns { data: ConsentSettings, ok: true }
+ *     unwrap: (raw) => (raw as { data: ConsentSettings }).data,
+ *   });
+ */
+export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions<T>): StorageAdapter<T>;
 
-export declare interface ApiAdapterOptions {
-    headers?: Record<string, string>;
+declare interface ApiAdapterErrorContext<T = unknown> {
+    /** Which adapter operation triggered this — `load`, `save`, or `remove`. */
+    method: ApiAdapterMethod;
+    /** The endpoint URL that failed. */
+    endpoint: string;
+    /** Underlying error (for network failures / parse errors). */
+    error?: unknown;
+    /** Response object, if a response was received. */
+    response?: Response;
+    /** HTTP status code, if available. */
+    status?: number;
+    /** For `save`, the payload that failed to send. */
+    payload?: T;
+    /** Which retry attempt this is (0 = first try). Capped at `retry.attempts`. */
+    attempt: number;
+}
+
+declare type ApiAdapterMethod = 'load' | 'save' | 'remove';
+
+export declare interface ApiAdapterOptions<T = unknown> {
+    /**
+     * Extra HTTP headers to send with every request. Useful for `Authorization`,
+     * `X-CSRF-Token`, `X-Requested-With`, etc.
+     *
+     * Can also be a function that returns headers, which lets you read a CSRF
+     * token from the DOM/cookie at request time rather than at adapter
+     * construction time.
+     */
+    headers?: Record<string, string> | (() => Record<string, string>);
+    /**
+     * Forwarded to fetch's `credentials` option. Defaults to `'same-origin'`
+     * (the browser default). Set to `'include'` for cross-origin endpoints
+     * that need cookies / auth.
+     */
+    credentials?: RequestCredentials;
+    /**
+     * HTTP method override for the load operation. Defaults to `'GET'`.
+     */
+    loadMethod?: 'GET' | 'POST';
+    /**
+     * HTTP method override for the save operation. Defaults to `'POST'`. Some
+     * REST APIs prefer `'PUT'` for upsert semantics.
+     */
+    saveMethod?: 'POST' | 'PUT' | 'PATCH';
+    /**
+     * Transform the raw JSON response into the expected `T`. Useful for APIs
+     * that wrap responses in `{ data: ... }` or similar envelopes. Called
+     * after `res.json()`. If omitted, the parsed JSON is used as-is.
+     */
+    unwrap?: (raw: unknown) => T | null;
+    /**
+     * Retry policy for failed requests. Defaults to no retries (preserves the
+     * pre-3.6.0 behaviour). When configured, applies to all three operations.
+     */
+    retry?: ApiAdapterRetryConfig;
+    /**
+     * Called when a request fails (after all retries exhausted). The adapter
+     * still returns a graceful null/void result so the consuming hook
+     * doesn't crash — this hook is for telemetry, toasts, or audit logging.
+     */
+    onError?: (ctx: ApiAdapterErrorContext<T>) => void;
+    /**
+     * Called when a request succeeds. Useful for cache invalidation,
+     * analytics, or syncing other state.
+     */
+    onSuccess?: (ctx: ApiAdapterSuccessContext<T>) => void;
+    /**
+     * Per-request fetch options to merge into every request. Use this for
+     * things `fetch` itself supports that aren't directly modelled above —
+     * `signal`, `mode`, `cache`, `redirect`, etc.
+     */
+    fetchInit?: Omit<RequestInit, 'method' | 'headers' | 'body' | 'credentials'>;
+}
+
+declare interface ApiAdapterRetryConfig {
+    /**
+     * Number of additional attempts after the initial request. Defaults to 0
+     * (no retries). e.g. `attempts: 2` means up to 3 total requests.
+     */
+    attempts?: number;
+    /**
+     * Base delay in ms between attempts. Defaults to 250ms. The actual delay
+     * uses exponential backoff: `baseDelayMs * 2^attempt`.
+     */
+    baseDelayMs?: number;
+    /**
+     * Predicate that decides whether to retry given the failure context. By
+     * default we retry on network errors and 5xx responses, but not on 4xx
+     * (those are client errors that won't fix themselves).
+     */
+    shouldRetry?: (ctx: ApiAdapterErrorContext<unknown>) => boolean;
+}
+
+declare interface ApiAdapterSuccessContext<T = unknown> {
+    /** Which adapter operation succeeded — `load`, `save`, or `remove`. */
+    method: ApiAdapterMethod;
+    /** The endpoint URL. */
+    endpoint: string;
+    /** Response object. */
+    response: Response;
+    /** For `load` operations, the parsed (and optionally unwrapped) data. */
+    data?: T;
+    /** For `save` operations, the payload that was sent. */
+    payload?: T;
 }
 
 export declare function composeAdapters<T = unknown>(primary: StorageAdapter<T>, ...secondaries: StorageAdapter<T>[]): StorageAdapter<T>;

package/dist/adapters.d.ts

@@ -1,7 +1,141 @@
-export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions): StorageAdapter<T>;
+/**
+ * Production-ready API storage adapter.
+ *
+ * Backward-compatible with the 3.5.x signature — `apiAdapter('/api/x')`
+ * still works exactly as before. New options are all opt-in.
+ *
+ * @example basic
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent');
+ *
+ * @example with credentials and CSRF
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     credentials: 'include',
+ *     headers: () => ({
+ *       'X-CSRF-Token': document.querySelector<HTMLMetaElement>(
+ *         'meta[name="csrf-token"]'
+ *       )?.content ?? '',
+ *     }),
+ *   });
+ *
+ * @example with retry + telemetry
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     retry: { attempts: 2, baseDelayMs: 300 },
+ *     onError: (ctx) => Sentry.captureException(ctx.error, { extra: ctx }),
+ *     onSuccess: (ctx) => analytics.track('consent_saved', { method: ctx.method }),
+ *   });
+ *
+ * @example with response unwrap
+ *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
+ *     // API returns { data: ConsentSettings, ok: true }
+ *     unwrap: (raw) => (raw as { data: ConsentSettings }).data,
+ *   });
+ */
+export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions<T>): StorageAdapter<T>;
 
-export declare interface ApiAdapterOptions {
-    headers?: Record<string, string>;
+declare interface ApiAdapterErrorContext<T = unknown> {
+    /** Which adapter operation triggered this — `load`, `save`, or `remove`. */
+    method: ApiAdapterMethod;
+    /** The endpoint URL that failed. */
+    endpoint: string;
+    /** Underlying error (for network failures / parse errors). */
+    error?: unknown;
+    /** Response object, if a response was received. */
+    response?: Response;
+    /** HTTP status code, if available. */
+    status?: number;
+    /** For `save`, the payload that failed to send. */
+    payload?: T;
+    /** Which retry attempt this is (0 = first try). Capped at `retry.attempts`. */
+    attempt: number;
+}
+
+declare type ApiAdapterMethod = 'load' | 'save' | 'remove';
+
+export declare interface ApiAdapterOptions<T = unknown> {
+    /**
+     * Extra HTTP headers to send with every request. Useful for `Authorization`,
+     * `X-CSRF-Token`, `X-Requested-With`, etc.
+     *
+     * Can also be a function that returns headers, which lets you read a CSRF
+     * token from the DOM/cookie at request time rather than at adapter
+     * construction time.
+     */
+    headers?: Record<string, string> | (() => Record<string, string>);
+    /**
+     * Forwarded to fetch's `credentials` option. Defaults to `'same-origin'`
+     * (the browser default). Set to `'include'` for cross-origin endpoints
+     * that need cookies / auth.
+     */
+    credentials?: RequestCredentials;
+    /**
+     * HTTP method override for the load operation. Defaults to `'GET'`.
+     */
+    loadMethod?: 'GET' | 'POST';
+    /**
+     * HTTP method override for the save operation. Defaults to `'POST'`. Some
+     * REST APIs prefer `'PUT'` for upsert semantics.
+     */
+    saveMethod?: 'POST' | 'PUT' | 'PATCH';
+    /**
+     * Transform the raw JSON response into the expected `T`. Useful for APIs
+     * that wrap responses in `{ data: ... }` or similar envelopes. Called
+     * after `res.json()`. If omitted, the parsed JSON is used as-is.
+     */
+    unwrap?: (raw: unknown) => T | null;
+    /**
+     * Retry policy for failed requests. Defaults to no retries (preserves the
+     * pre-3.6.0 behaviour). When configured, applies to all three operations.
+     */
+    retry?: ApiAdapterRetryConfig;
+    /**
+     * Called when a request fails (after all retries exhausted). The adapter
+     * still returns a graceful null/void result so the consuming hook
+     * doesn't crash — this hook is for telemetry, toasts, or audit logging.
+     */
+    onError?: (ctx: ApiAdapterErrorContext<T>) => void;
+    /**
+     * Called when a request succeeds. Useful for cache invalidation,
+     * analytics, or syncing other state.
+     */
+    onSuccess?: (ctx: ApiAdapterSuccessContext<T>) => void;
+    /**
+     * Per-request fetch options to merge into every request. Use this for
+     * things `fetch` itself supports that aren't directly modelled above —
+     * `signal`, `mode`, `cache`, `redirect`, etc.
+     */
+    fetchInit?: Omit<RequestInit, 'method' | 'headers' | 'body' | 'credentials'>;
+}
+
+declare interface ApiAdapterRetryConfig {
+    /**
+     * Number of additional attempts after the initial request. Defaults to 0
+     * (no retries). e.g. `attempts: 2` means up to 3 total requests.
+     */
+    attempts?: number;
+    /**
+     * Base delay in ms between attempts. Defaults to 250ms. The actual delay
+     * uses exponential backoff: `baseDelayMs * 2^attempt`.
+     */
+    baseDelayMs?: number;
+    /**
+     * Predicate that decides whether to retry given the failure context. By
+     * default we retry on network errors and 5xx responses, but not on 4xx
+     * (those are client errors that won't fix themselves).
+     */
+    shouldRetry?: (ctx: ApiAdapterErrorContext<unknown>) => boolean;
+}
+
+declare interface ApiAdapterSuccessContext<T = unknown> {
+    /** Which adapter operation succeeded — `load`, `save`, or `remove`. */
+    method: ApiAdapterMethod;
+    /** The endpoint URL. */
+    endpoint: string;
+    /** Response object. */
+    response: Response;
+    /** For `load` operations, the parsed (and optionally unwrapped) data. */
+    data?: T;
+    /** For `save` operations, the payload that was sent. */
+    payload?: T;
 }
 
 export declare function composeAdapters<T = unknown>(primary: StorageAdapter<T>, ...secondaries: StorageAdapter<T>[]): StorageAdapter<T>;

package/dist/adapters.js

@@ -1 +1 @@
-'use strict';var chunk6NXXQYQL_js=require('./chunk-6NXXQYQL.js'),chunk7ZZO7GVB_js=require('./chunk-7ZZO7GVB.js'),chunkVWED6UTN_js=require('./chunk-VWED6UTN.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"apiAdapter",{enumerable:true,get:function(){return chunk6NXXQYQL_js.a}});Object.defineProperty(exports,"composeAdapters",{enumerable:true,get:function(){return chunk6NXXQYQL_js.c}});Object.defineProperty(exports,"memoryAdapter",{enumerable:true,get:function(){return chunk6NXXQYQL_js.b}});Object.defineProperty(exports,"cookieAdapter",{enumerable:true,get:function(){return chunk7ZZO7GVB_js.b}});Object.defineProperty(exports,"sessionStorageAdapter",{enumerable:true,get:function(){return chunk7ZZO7GVB_js.a}});Object.defineProperty(exports,"localStorageAdapter",{enumerable:true,get:function(){return chunkVWED6UTN_js.a}});
+'use strict';var chunkROTLSZMV_js=require('./chunk-ROTLSZMV.js'),chunk7ZZO7GVB_js=require('./chunk-7ZZO7GVB.js'),chunkVWED6UTN_js=require('./chunk-VWED6UTN.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"apiAdapter",{enumerable:true,get:function(){return chunkROTLSZMV_js.a}});Object.defineProperty(exports,"composeAdapters",{enumerable:true,get:function(){return chunkROTLSZMV_js.c}});Object.defineProperty(exports,"memoryAdapter",{enumerable:true,get:function(){return chunkROTLSZMV_js.b}});Object.defineProperty(exports,"cookieAdapter",{enumerable:true,get:function(){return chunk7ZZO7GVB_js.b}});Object.defineProperty(exports,"sessionStorageAdapter",{enumerable:true,get:function(){return chunk7ZZO7GVB_js.a}});Object.defineProperty(exports,"localStorageAdapter",{enumerable:true,get:function(){return chunkVWED6UTN_js.a}});

package/dist/adapters.mjs

@@ -1 +1 @@
-export{a as apiAdapter,c as composeAdapters,b as memoryAdapter}from'./chunk-NBZUZYTB.mjs';export{b as cookieAdapter,a as sessionStorageAdapter}from'./chunk-UASG46LP.mjs';export{a as localStorageAdapter}from'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';
+export{a as apiAdapter,c as composeAdapters,b as memoryAdapter}from'./chunk-PL4XNCQA.mjs';export{b as cookieAdapter,a as sessionStorageAdapter}from'./chunk-UASG46LP.mjs';export{a as localStorageAdapter}from'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/chunk-LTPSN2SU.mjs

@@ -0,0 +1 @@
+import {a}from'./chunk-BFAX7JQA.mjs';import {jsx}from'react/jsx-runtime';var p=[{id:"essential",label:"Essential Cookies",description:"Required for basic site functionality. Cannot be disabled.",required:true,purpose:"Site operation"},{id:"analytics",label:"Analytics",description:"Help us understand how visitors use our site to improve the experience.",required:false,purpose:"Usage analytics"},{id:"marketing",label:"Marketing",description:"Used to deliver relevant advertisements and track campaign effectiveness.",required:false,purpose:"Targeted advertising"},{id:"preferences",label:"Preferences",description:"Remember your settings and preferences for a personalised experience.",required:false,purpose:"Personalisation"}],f=({extraOptions:a$1=[],options:t,adapter:n,position:o="bottom",classNames:l,unstyled:d,onSave:s,copy:e})=>{let m=t!=null?t:[...p,...a$1];return jsx(a,{options:m,onSave:i=>{n&&n.save(i),s==null||s(i);},position:o,classNames:l,unstyled:d,manageStorage:!n,title:e==null?void 0:e.title,description:e==null?void 0:e.description,acceptAllButtonText:e==null?void 0:e.acceptAll,rejectAllButtonText:e==null?void 0:e.rejectAll,customizeButtonText:e==null?void 0:e.customize,saveButtonText:e==null?void 0:e.save})};export{f as a};

package/dist/chunk-PL4XNCQA.mjs

@@ -0,0 +1 @@
+import {d,b,a}from'./chunk-ZJYULEER.mjs';function M(e){return e.response?e.response.status>=500:true}function O(e){return new Promise(r=>setTimeout(r,e))}function $(e){return e?typeof e=="function"?e():e:{}}function q(e,r={}){var w,k,g;let{headers:n,credentials:d$1="same-origin",loadMethod:p="GET",saveMethod:l="POST",unwrap:A,retry:s,onError:h,onSuccess:i,fetchInit:x}=r,T=(w=s==null?void 0:s.attempts)!=null?w:0,C=(k=s==null?void 0:s.baseDelayMs)!=null?k:250,E=(g=s==null?void 0:s.shouldRetry)!=null?g:M,y=h!=null?h:(t=>{t.method!=="load"&&(t.response?console.warn(`[ndpr-toolkit] Failed to ${t.method==="save"?"save to":"delete from"} ${t.endpoint}: ${t.response.status}`):console.warn(`[ndpr-toolkit] Failed to ${t.method==="save"?"save to":"delete from"} ${t.endpoint}`));});function v(t,o,u){return d(this,null,function*(){for(let c=0;c<=T;c++){let a$1,S;try{a$1=yield fetch(e,b(a(a({},x),o),{headers:a(a({},$(n)),o.headers),credentials:d$1}));}catch(b){S=b;}if(a$1&&a$1.ok)return {ok:true,response:a$1};let R={method:t,endpoint:e,error:S,response:a$1,status:a$1==null?void 0:a$1.status,payload:u,attempt:c};if(c===T||!E(R))return y(R),{ok:false};yield O(C*Math.pow(2,c));}return {ok:false}})}return {load(){return d(this,null,function*(){let t=yield v("load",{method:p,headers:{}});if(!t.ok)return null;try{let o=yield t.response.json(),u=A?A(o):o;return i&&i({method:"load",endpoint:e,response:t.response,data:u!=null?u:void 0}),u}catch(o){return y({method:"load",endpoint:e,error:o,response:t.response,status:t.response.status,attempt:T}),null}})},save(t){return d(this,null,function*(){let o=yield v("save",{method:l,headers:{"Content-Type":"application/json"},body:JSON.stringify(t)},t);o.ok&&i&&i({method:"save",endpoint:e,response:o.response,payload:t});})},remove(){return d(this,null,function*(){let t=yield v("remove",{method:"DELETE",headers:{}});t.ok&&i&&i({method:"remove",endpoint:e,response:t.response});})}}}function F(e){let r=e!=null?e:null;return {load(){return r},save(n){r=n;},remove(){r=null;}}}function H(e,...r){return {load(){return e.load()},save(n){let d=e.save(n),p=()=>{for(let l of r)try{l.save(n);}catch(A){console.warn("[ndpr-toolkit] Secondary adapter save failed:",A);}};if(d instanceof Promise)return d.then(()=>p());p();},remove(){let n=e.remove(),d=()=>{for(let p of r)try{p.remove();}catch(l){console.warn("[ndpr-toolkit] Secondary adapter remove failed:",l);}};if(n instanceof Promise)return n.then(()=>d());d();}}}export{q as a,F as b,H as c};

package/dist/chunk-ROTLSZMV.js

@@ -0,0 +1 @@
+'use strict';var chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js');function M(e){return e.response?e.response.status>=500:true}function O(e){return new Promise(r=>setTimeout(r,e))}function $(e){return e?typeof e=="function"?e():e:{}}function q(e,r={}){var w,k,g;let{headers:n,credentials:d="same-origin",loadMethod:p="GET",saveMethod:l="POST",unwrap:A,retry:s,onError:h,onSuccess:i,fetchInit:x}=r,T=(w=s==null?void 0:s.attempts)!=null?w:0,C=(k=s==null?void 0:s.baseDelayMs)!=null?k:250,E=(g=s==null?void 0:s.shouldRetry)!=null?g:M,y=h!=null?h:(t=>{t.method!=="load"&&(t.response?console.warn(`[ndpr-toolkit] Failed to ${t.method==="save"?"save to":"delete from"} ${t.endpoint}: ${t.response.status}`):console.warn(`[ndpr-toolkit] Failed to ${t.method==="save"?"save to":"delete from"} ${t.endpoint}`));});function v(t,o,u){return chunkRFPLZDIO_js.d(this,null,function*(){for(let c=0;c<=T;c++){let a,S;try{a=yield fetch(e,chunkRFPLZDIO_js.b(chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},x),o),{headers:chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},$(n)),o.headers),credentials:d}));}catch(b){S=b;}if(a&&a.ok)return {ok:true,response:a};let R={method:t,endpoint:e,error:S,response:a,status:a==null?void 0:a.status,payload:u,attempt:c};if(c===T||!E(R))return y(R),{ok:false};yield O(C*Math.pow(2,c));}return {ok:false}})}return {load(){return chunkRFPLZDIO_js.d(this,null,function*(){let t=yield v("load",{method:p,headers:{}});if(!t.ok)return null;try{let o=yield t.response.json(),u=A?A(o):o;return i&&i({method:"load",endpoint:e,response:t.response,data:u!=null?u:void 0}),u}catch(o){return y({method:"load",endpoint:e,error:o,response:t.response,status:t.response.status,attempt:T}),null}})},save(t){return chunkRFPLZDIO_js.d(this,null,function*(){let o=yield v("save",{method:l,headers:{"Content-Type":"application/json"},body:JSON.stringify(t)},t);o.ok&&i&&i({method:"save",endpoint:e,response:o.response,payload:t});})},remove(){return chunkRFPLZDIO_js.d(this,null,function*(){let t=yield v("remove",{method:"DELETE",headers:{}});t.ok&&i&&i({method:"remove",endpoint:e,response:t.response});})}}}function F(e){let r=e!=null?e:null;return {load(){return r},save(n){r=n;},remove(){r=null;}}}function H(e,...r){return {load(){return e.load()},save(n){let d=e.save(n),p=()=>{for(let l of r)try{l.save(n);}catch(A){console.warn("[ndpr-toolkit] Secondary adapter save failed:",A);}};if(d instanceof Promise)return d.then(()=>p());p();},remove(){let n=e.remove(),d=()=>{for(let p of r)try{p.remove();}catch(l){console.warn("[ndpr-toolkit] Secondary adapter remove failed:",l);}};if(n instanceof Promise)return n.then(()=>d());d();}}}exports.a=q;exports.b=F;exports.c=H;

package/dist/chunk-RV2VMWZJ.mjs

@@ -0,0 +1 @@
+import {a}from'./chunk-BNHQFZHL.mjs';import {a as a$1}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';var p=t=>jsx(a,a$1({},t));export{p as a};

package/dist/chunk-RXZFYBUJ.js

@@ -0,0 +1 @@
+'use strict';var chunkW47OSMT6_js=require('./chunk-W47OSMT6.js'),chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime');var S=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 34(1)(a)\u2013(b)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 34(1)(c)",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 34(1)(d), Section 34(2)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 38",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 34(1)(e)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 36",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"withdraw_consent",name:"Withdraw My Consent",description:"Withdraw consent previously given for processing",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],g=({requestTypes:p=S,adapter:i,classNames:m,unstyled:f,onSubmit:R=()=>{},submitTo:s,submitOptions:e,onSubmitError:t})=>jsxRuntime.jsx(chunkW47OSMT6_js.a,{requestTypes:p,onSubmit:o=>chunkRFPLZDIO_js.d(null,null,function*(){var n,r;if(s){let y=typeof(e==null?void 0:e.headers)=="function"?e.headers():(n=e==null?void 0:e.headers)!=null?n:{};try{let a=yield fetch(s,{method:"POST",headers:chunkRFPLZDIO_js.a({"Content-Type":"application/json"},y),credentials:(r=e==null?void 0:e.credentials)!=null?r:"same-origin",body:JSON.stringify(o)});a.ok||t==null||t({response:a});}catch(a){t==null||t({error:a});}}else i&&i.save(o);R(o);}),classNames:m,unstyled:f});exports.a=g;

package/dist/chunk-SJRIOZ4K.mjs

@@ -0,0 +1 @@
+import {a}from'./chunk-XJO4DH3L.mjs';import {d,a as a$1}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';var S=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 34(1)(a)\u2013(b)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 34(1)(c)",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 34(1)(d), Section 34(2)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 38",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 34(1)(e)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 36",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"withdraw_consent",name:"Withdraw My Consent",description:"Withdraw consent previously given for processing",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],g=({requestTypes:p=S,adapter:i,classNames:m,unstyled:f,onSubmit:R=()=>{},submitTo:s,submitOptions:e,onSubmitError:t})=>jsx(a,{requestTypes:p,onSubmit:o=>d(null,null,function*(){var n,r;if(s){let y=typeof(e==null?void 0:e.headers)=="function"?e.headers():(n=e==null?void 0:e.headers)!=null?n:{};try{let a=yield fetch(s,{method:"POST",headers:a$1({"Content-Type":"application/json"},y),credentials:(r=e==null?void 0:e.credentials)!=null?r:"same-origin",body:JSON.stringify(o)});a.ok||t==null||t({response:a});}catch(a){t==null||t({error:a});}}else i&&i.save(o);R(o);}),classNames:m,unstyled:f});export{g as a};

package/dist/chunk-V3RYHNHN.js

@@ -0,0 +1 @@
+'use strict';var chunk732C2EVN_js=require('./chunk-732C2EVN.js'),jsxRuntime=require('react/jsx-runtime');var p=[{id:"essential",label:"Essential Cookies",description:"Required for basic site functionality. Cannot be disabled.",required:true,purpose:"Site operation"},{id:"analytics",label:"Analytics",description:"Help us understand how visitors use our site to improve the experience.",required:false,purpose:"Usage analytics"},{id:"marketing",label:"Marketing",description:"Used to deliver relevant advertisements and track campaign effectiveness.",required:false,purpose:"Targeted advertising"},{id:"preferences",label:"Preferences",description:"Remember your settings and preferences for a personalised experience.",required:false,purpose:"Personalisation"}],f=({extraOptions:a=[],options:t,adapter:n,position:o="bottom",classNames:l,unstyled:d,onSave:s,copy:e})=>{let m=t!=null?t:[...p,...a];return jsxRuntime.jsx(chunk732C2EVN_js.a,{options:m,onSave:i=>{n&&n.save(i),s==null||s(i);},position:o,classNames:l,unstyled:d,manageStorage:!n,title:e==null?void 0:e.title,description:e==null?void 0:e.description,acceptAllButtonText:e==null?void 0:e.acceptAll,rejectAllButtonText:e==null?void 0:e.rejectAll,customizeButtonText:e==null?void 0:e.customize,saveButtonText:e==null?void 0:e.save})};exports.a=f;

package/dist/chunk-W7RBGZCC.js

@@ -0,0 +1 @@
+'use strict';var chunkI2LMQWK3_js=require('./chunk-I2LMQWK3.js'),chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime');var p=t=>jsxRuntime.jsx(chunkI2LMQWK3_js.a,chunkRFPLZDIO_js.a({},t));exports.a=p;

package/dist/presets-consent.d.mts

@@ -0,0 +1,139 @@
+import React__default from 'react';
+
+declare interface ConsentBannerClassNames {
+    root?: string;
+    container?: string;
+    title?: string;
+    description?: string;
+    optionsList?: string;
+    optionItem?: string;
+    optionCheckbox?: string;
+    optionLabel?: string;
+    optionDescription?: string;
+    buttonGroup?: string;
+    acceptButton?: string;
+    rejectButton?: string;
+    customizeButton?: string;
+    saveButton?: string;
+    customizePanel?: string;
+    selectAllButton?: string;
+    /** Alias for acceptButton */
+    primaryButton?: string;
+    /** Alias for rejectButton */
+    secondaryButton?: string;
+}
+
+/**
+ * Consent types aligned with NDPA 2023 Section 25-26
+ * Consent must be freely given, specific, informed, and unambiguous
+ */
+/**
+ * Represents a consent option that can be presented to users
+ */
+declare interface ConsentOption {
+    /** Unique identifier for the consent option */
+    id: string;
+    /** Display label for the consent option */
+    label: string;
+    /** Detailed description of what this consent option covers */
+    description: string;
+    /** Whether this consent option is required (cannot be declined) */
+    required: boolean;
+    /**
+     * The specific purpose for which data will be processed
+     * NDPA Section 25(2) requires consent to be specific to each purpose
+     */
+    purpose: string;
+    /**
+     * Default state of the consent option
+     * @default false
+     */
+    defaultValue?: boolean;
+    /**
+     * Categories of personal data covered by this consent option
+     */
+    dataCategories?: string[];
+}
+
+/**
+ * Represents the user's consent settings
+ */
+declare interface ConsentSettings {
+    /** Map of consent option IDs to boolean values indicating consent status */
+    consents: Record<string, boolean>;
+    /** Timestamp when consent was last updated */
+    timestamp: number;
+    /** Version of the consent form that was accepted */
+    version: string;
+    /** Method used to collect consent (e.g., "banner", "settings", "api") */
+    method: string;
+    /** Whether the user has actively made a choice (as opposed to default settings) */
+    hasInteracted: boolean;
+    /**
+     * The lawful basis under which processing is conducted
+     * Required by NDPA Section 25(1)
+     */
+    lawfulBasis?: LawfulBasisType;
+}
+
+/**
+ * Lawful basis for processing personal data per NDPA Section 25(1)
+ */
+declare type LawfulBasisType = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests';
+
+export declare const NDPRConsent: React__default.FC<NDPRConsentProps>;
+
+/**
+ * UX copy overrides for the NDPRConsent preset. Pass any subset to
+ * replace the default text without dropping to the lower-level
+ * `<ConsentBanner>` API. Strings you omit fall back to the toolkit
+ * defaults (which already cite NDPA Section 26).
+ *
+ * @example
+ *   <NDPRConsent copy={{
+ *     title: 'Cookie preferences',
+ *     description: 'Acme uses cookies to keep you signed in and improve our store.',
+ *     acceptAll: 'Allow all',
+ *     rejectAll: 'Only essentials',
+ *   }} />
+ */
+export declare interface NDPRConsentCopy {
+    /** Banner heading. Default: "We Value Your Privacy" */
+    title?: string;
+    /** Body paragraph under the heading. Default cites NDPA Section 26. */
+    description?: string;
+    /** Primary CTA — accepts all categories. Default: "Accept All" */
+    acceptAll?: string;
+    /** Secondary CTA — rejects all non-essential categories. Default: "Reject All" */
+    rejectAll?: string;
+    /** Tertiary CTA — opens the per-category controls. Default: "Customize" */
+    customize?: string;
+    /** Submit button on the per-category panel. Default: "Save Preferences" */
+    save?: string;
+}
+
+export declare interface NDPRConsentProps {
+    extraOptions?: ConsentOption[];
+    options?: ConsentOption[];
+    adapter?: StorageAdapter<ConsentSettings>;
+    position?: 'top' | 'bottom' | 'center' | 'inline';
+    classNames?: ConsentBannerClassNames;
+    unstyled?: boolean;
+    onSave?: (settings: ConsentSettings) => void;
+    /**
+     * UX copy overrides — see {@link NDPRConsentCopy}. Lets you brand the
+     * banner without dropping to the lower-level `<ConsentBanner>` API.
+     */
+    copy?: NDPRConsentCopy;
+}
+
+declare interface StorageAdapter<T = unknown> {
+    /** Load persisted data. Called once on hook mount. */
+    load(): T | null | Promise<T | null>;
+    /** Persist data. Called on every state change. */
+    save(data: T): void | Promise<void>;
+    /** Clear persisted data. Called on reset. */
+    remove(): void | Promise<void>;
+}
+
+export { }