@tantainnovative/ndpr-toolkit 3.7.0 → 3.10.1

package/CHANGELOG.md

@@ -2,6 +2,206 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [3.10.1](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.10.0...v3.10.1) (2026-05-25)
+
+Hotfix release. Code and runtime are identical to 3.10.0 — this patch fixes the build/publish pipeline that silently failed every release from 3.8.0 onward, so 3.10.1 is the first version since 3.7.0 to actually reach npm.
+
+### Root cause
+
+The dts-rollup post-build step (`scripts/rollup-dts.mjs`) deletes "leftover" hash-suffixed declaration files that tsup emits alongside each rolled-up entry. The 3.8.0 release added new entry names with two hyphens (`lawful-basis-lite`, `cross-border-lite`) — and the hash-suffix regex `/-[A-Za-z0-9_-]{8,}\.d\.m?ts$/` matched those legitimate entries because the trailing `basis-lite` / `border-lite` segments fall inside the 8-char dash-inclusive window. The sweep then deleted `dist/lawful-basis-lite.d.ts` and `dist/cross-border-lite.d.ts` right after rollup, the workflow's entry-points check then failed, and `npm publish` never ran. The git tags / GitHub releases for 3.8.0, 3.8.1, 3.9.0, and 3.10.0 existed; only npm was stuck on 3.7.0.
+
+### Fix
+
+- Replaced the regex-based sweep with an explicit allowlist (`new Set([...ENTRIES, 'styles'])`). Any `.d.ts` / `.d.mts` whose basename isn't in the allowed entries gets swept. No more pattern matching against names.
+- Wired the 3.10.0 `/headless` entry into the root `tsup.config.ts` (it had only been wired in `packages/ndpr-toolkit/tsup.config.ts`, which the publish workflow doesn't use) and added it to `CLIENT_ENTRIES` so the `"use client"` banner is injected.
+- Workflow's `Verify entry points` step now covers 22 entries (was 21) — added `headless`.
+
+### Recovery
+
+After this patch lands and 3.10.1 publishes successfully, the failed tags (v3.8.0, v3.8.1, v3.9.0, v3.10.0) will be backfilled to npm by cherry-picking this fix onto each tagged commit and re-running the workflow.
+
+## [3.10.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.9.0...v3.10.0) (2026-05-25)
+
+Phase J of the feedback work — new API surface (theme provider + headless alias) and a production-grade DSR backend reference. Fully additive — no breaking changes.
+
+### `NDPRThemeProvider` — typed theme object → CSS variables
+
+A small React Context provider that takes a TypeScript theme object and injects matching `--ndpr-*` CSS custom properties on a wrapping `div`. Syntactic sugar over the existing CSS-variable theming model — unset fields fall through to stylesheet defaults.
+
+```tsx
+import { NDPRThemeProvider, type NDPRTheme } from '@tantainnovative/ndpr-toolkit';
+
+const theme: NDPRTheme = {
+  colors: { primary: '22 163 74', primaryHover: '21 128 61' },  // RGB triplets
+  radius: { base: '0.75rem' },
+  font: { sans: '"Inter", system-ui, sans-serif' },
+};
+
+<NDPRThemeProvider theme={theme}>
+  <App />
+</NDPRThemeProvider>
+```
+
+The `NDPRTheme` interface keys are derived 1:1 from the variables actually defined in `styles.css` — no inventing tokens. Setting `mode: 'dark'` stamps `data-theme="dark"` on the wrapper to activate the stylesheet's dark-mode block. **6 new tests** cover variable injection, key isolation, dark-mode wiring, and className passthrough. Exported from the default entry only (not `/core`) to keep the RSC-safe surface clean.
+
+### `/headless` subpath — alias of `/hooks` for discoverability
+
+A pure rename of the existing `/hooks` entry under a more discoverable name. Same exports, same source, same identifiers — `export *` from `hooks-entry.ts`. Useful when consumers grep for "headless" looking for a hooks-only API.
+
+```tsx
+import { useConsent, useDSR, useFocusTrap } from '@tantainnovative/ndpr-toolkit/headless';
+```
+
+**12 new tests** verify that `/headless` and `/hooks` export identical keys and identity-equal values (so the alias can never silently drift). Wired into `package.json` exports, `typesVersions`, and `tsup.config.ts`.
+
+### `examples/dsr-backend-prod/` — production-grade DSR backend
+
+A 14-file Next.js 15 / React 19 reference implementation that wires `NDPRSubjectRights` to a real backend pipeline:
+
+1. **Validate** via `validateDsrSubmission` from `/server` — 400 with `{ error, fields }` on invalid payloads.
+2. **Defense-in-depth** disposable-email blocklist (configurable via `DSR_BLOCKED_EMAIL_DOMAINS`).
+3. **Persist** to a Prisma `DSRRequest` model with a 30-day `estimatedCompletionAt` (NDPA Part IV §29-36).
+4. **Confirm** by sending a Resend transactional email — best-effort: the request still succeeds if email fails.
+
+Both Prisma and Resend are wrapped in **dual-mode shims**: real clients when `DATABASE_URL` / `RESEND_API_KEY` are set, otherwise a Map-backed mock and a stdout logger. The example runs out of the box with no infrastructure.
+
+The 201 response is exactly `{ referenceId, status, estimatedCompletionAt }` — the shape `NDPRSubjectRights.onSubmitSuccess` consumers read from `body` per the 3.8.1 contract.
+
+### Three new docs guides
+
+Wired into the Implementation Guides sidebar:
+
+- `/docs/guides/theming` — `NDPRThemeProvider`, the full `NDPRTheme` reference, RGB-triplet convention, dark mode, when not to use the provider
+- `/docs/guides/headless` — `/headless` quickstart, the 10 hooks it exposes, adapter wiring, bundle-size note, the relationship to `/hooks`
+- `/docs/guides/production-dsr-backend` — walks through the `examples/dsr-backend-prod` pipeline, response contract, and how to swap in your own database/email stack
+
+### Verification
+
+- `tsc --noEmit` clean for the docs site
+- **Full Jest suite: 1192/1192 passing** (was 1173 — +19: 6 ThemeProvider + 12 headless-parity + 1 default-entry exports check)
+- No changes to existing prop types, hook signatures, or storage adapters
+
+## [3.9.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.8.1...v3.9.0) (2026-05-25)
+
+Examples expansion + Bun quickstart + SSR-safe storage docs. Fully additive — no breaking changes.
+
+### Runnable example apps
+
+- **`examples/ecommerce-starter`** — multi-page Next.js 15 / React 19 storefront ("Zuri Market") wiring the toolkit into a realistic Nigerian ecommerce flow: home page, checkout, privacy notice, data-subject rights portal (with `submitTo` + `onSubmitSuccess` rendering a server-issued reference), and an editable cookie preferences page using `useConsent`. Demonstrates the `/presets/consent`, `/presets/dsr`, `/presets/policy`, and `/hooks` subpaths together.
+- **`examples/ssr/nextjs-app-router`** — SSR-safe consent on Next.js 15. Layout reads the consent cookie via `next/headers`, parses it with a small typed helper, and passes the result to a client `ConsentRoot` so the banner hydrates already-resolved (no flash, no hydration warning).
+- **`examples/ssr/remix`** — the same cookie-bridge pattern wired from a Remix `loader` and Vite's `?url` asset import for the stylesheet.
+- **`examples/ssr/astro`** — `Astro.cookies.get` in the page frontmatter, then `<ConsentRoot client:load>` as a React island.
+
+Each example is self-contained (own `package.json`, `tsconfig.json`, `next.config.mjs` / `vite.config.ts` / `astro.config.mjs`) so you can copy a directory and `bun install && bun dev` to run it.
+
+### Bun quickstart in the README
+
+Root README now includes copy-pasteable Bun + Vite + React and Bun + Next.js 15 (App Router) recipes that go from zero to a working banner in three commands. The npm-published README also gets a one-line Bun install command alongside pnpm/npm.
+
+### SSR-safe storage guide
+
+New docs page at **`/docs/guides/server-side-storage`** documenting the cookie-bridge pattern in detail: why `localStorageAdapter` flashes on SSR, how `cookieAdapter` solves it, and worked examples for Next.js App Router, Remix, Astro, and SvelteKit. Wired into the docs sidebar under Implementation Guides.
+
+### npm-published README brought current (3.4.0 → 3.9.0)
+
+The README that ships to npm was stale at the 3.4.0 highlights. It now leads with a 3.9.0 "what's new", references back to 3.8.1 (`onSubmitSuccess`), 3.8.0 (Lite Manager variants), 3.6.0 (`onSubmitError`), and 3.5.x (focus management + reduced motion). Adds a "Runnable Examples" section, a typed DSR callbacks snippet in the Presets section, and a Bun install command. Screenshot URLs bumped from `v3.5.2` → `v3.9.0`. Tests badge bumped to 1173.
+
+### Verification
+
+- `tsc --noEmit` clean for the docs site
+- **Full Jest suite: 1173/1173 passing** (unchanged from 3.8.1 — no logic changes in the published package)
+- No changes to runtime exports, prop types, or storage adapters
+
+## [3.8.1](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.8.0...v3.8.1) (2026-05-25)
+
+Documentation + small API addition patch. Fully additive — no breaking changes.
+
+### `NDPRSubjectRights` — typed `onSubmitSuccess` callback
+
+Counterpart to the existing `onSubmitError`. Fires when the `submitTo` POST returns a 2xx response. Receives the `Response`, the submitted `DSRFormSubmission` payload, and the parsed JSON body (or `undefined` if the response had no body or was not valid JSON).
+
+```tsx
+<NDPRSubjectRights
+  submitTo="/api/dsr"
+  onSubmitSuccess={({ response, data, body }) => {
+    const ref = (body as { referenceId?: string })?.referenceId;
+    if (ref) router.push(`/dsr-confirmation?ref=${ref}`);
+  }}
+  onSubmitError={({ error, response }) => {
+    console.error('DSR submit failed', error, response?.status);
+  }}
+/>
+```
+
+The `body` field is `unknown` to force consumers to narrow it themselves before reading fields. **4 new tests** cover both success and failure paths.
+
+### Documentation
+
+- **DSR submission payload contract** documented on the Data Subject Rights component page (`/docs/components/data-subject-rights#submission-payload`). Includes the canonical `DSRFormSubmission` TypeScript interface, a concrete JSON example, the recommended response shape, and a working Next.js App Router backend handler.
+- **Accessibility sections** added to ConsentBanner and DSRRequestForm docs pages. Each lists CONCRETE a11y features verified against the source — `useFocusTrap`, escape-to-dismiss, `prefers-reduced-motion` block in the BEM stylesheet, `role="alert"` on errors, `aria-required` + `aria-invalid` wiring on form fields, etc. Features that aren't implemented (e.g. auto-focusing the first invalid field) are NOT claimed — they're suggested as consumer-side recipes instead.
+- **Migration guide 3.5 → 3.8** at `/docs/guides/migrating-3-5-to-3-8`. Covers every minor and patch from 3.5.4 through 3.8.1 with a "what changed / action required" breakdown, a net migration diff for the most common upgrade path (adapter → submitTo + onSubmitSuccess), and a verify checklist. Sidebar entry added under Implementation Guides.
+
+### Verification
+
+- `tsc --noEmit` clean for both the library and the docs site
+- **Full Jest suite: 1173/1173 passing** (was 1169 — +4 new submit-callback tests)
+- No changes to the existing `onSubmitError`, `submitTo`, or `submitOptions` props (backward compatible)
+
+## [3.8.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.6.2...v3.8.0) (2026-05-24)
+
+### Lite (read-only) variants of the heavy Manager components
+
+Three new components — `LawfulBasisTrackerLite`, `ROPAManagerLite`, `CrossBorderTransferManagerLite` — that render the same list-and-summary view as their Full counterparts without the form, validation, write callbacks, or CSV-export utilities. Built for dashboards, audit pages, embedded compliance widgets, and customer-facing transparency pages where users only need to *see* the records.
+
+Exposed at new subpath entries:
+
+```ts
+import { LawfulBasisTrackerLite } from '@tantainnovative/ndpr-toolkit/lawful-basis/lite';
+import { ROPAManagerLite } from '@tantainnovative/ndpr-toolkit/ropa/lite';
+import { CrossBorderTransferManagerLite } from '@tantainnovative/ndpr-toolkit/cross-border/lite';
+```
+
+Bundle deltas (minified + tree-shaken, pre-gzip; **transitive closure** of each subpath):
+
+| Module | Full | Lite | Saved |
+|---|---|---|---|
+| `/lawful-basis` → `/lawful-basis/lite` | 36.7 KB | 12.7 KB | **65%** |
+| `/cross-border` → `/cross-border/lite` | 53.3 KB | 5.6 KB | **89%** |
+| `/ropa` → `/ropa/lite` | 36.9 KB | 13.2 KB | **64%** |
+
+The cross-border Lite saves the most because it does NOT import the 624-row country-adequacy dataset — Lite displays `adequacyStatus` from each transfer record directly instead of recomputing it.
+
+Each Lite component accepts an optional `onActivityClick` / `onRecordClick` / `onTransferClick` callback so consumers can render their own detail view on row click. All other props (`title`, `description`, `unstyled`, `classNames`, `showSummary`, `showComplianceGaps`/`showRiskAlerts`) carry the same names and semantics as the Full versions.
+
+Existing `/lawful-basis`, `/cross-border`, and `/ropa` entries are unchanged. This release is fully additive — no consumers need to migrate.
+
+See the new guide: [Lite vs Full managers](https://ndprtoolkit.com.ng/docs/guides/lite-vs-full).
+
+### Other
+
+- Added `lawful-basis-lite`, `cross-border-lite`, `ropa-lite` to the publish workflow's entry-point verification loop. Total verified entries: 21.
+
+## [3.6.2](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.7.0...v3.6.2) (2026-05-24)
+
+Compressed Phase D + E + F patch — companion-CLI templates, per-module StackBlitz scaffolds, and a real backend for the `/score` lead-magnet. Main `@tantainnovative/ndpr-toolkit` library has no code changes; the bump is for changelog alignment.
+
+### Companion packages
+
+- **`@tantainnovative/create-ndpr@0.3.0`** — the 9 remaining route templates now support all three ORM choices via `{{#if ORM=prisma|drizzle|none}}` conditional blocks. Picking `ORM=none` now scaffolds a fully working in-memory app for every endpoint, not just consent:
+  - Next.js routes: dsr, breach, dpia, lawful-basis, cross-border
+  - Express routes: consent, dpia, lawful-basis, cross-border
+- **`create-ndpr@1.0.0` (unscoped alias)** — `packages/create-ndpr-unscoped/PUBLISHING.md` documents the one-time manual publish + Trusted Publisher setup so future updates flow through CI.
+
+### Docs
+
+- **8 per-module StackBlitz scaffolds** under `examples/stackblitz/{consent,dsr,dpia,breach,policy,lawful-basis,cross-border,ropa}/`. Each is a minimal Next.js 15 + React 19 app that demonstrates ONE preset. Boot any of them in StackBlitz / CodeSandbox with one click — no clone, no install. README has a per-module badge table.
+- **Each recipe page** (`/docs/recipes/*`) now has "Open in StackBlitz" + "Open in CodeSandbox" badges pointing at the matching module's scaffold.
+- **`/score` email capture** now uses a real backend (Web3Forms) when `NEXT_PUBLIC_WEB3FORMS_KEY` is set, with the mailto: path preserved as a graceful fallback when the env var is missing or the request fails. Lead emails arrive as structured fields (name, email, org, score, top recommendations) instead of free-form mail-client output.
+
+### No library code changes
+
+`@tantainnovative/ndpr-toolkit` package is unchanged; consumers don't need to upgrade. The version bump keeps the repo, npm, and CHANGELOG in lockstep so the next library feature (3.8.0 with manager-component bundle splitting) lands cleanly.
+
 ## [3.7.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v3.6.1...v3.7.0) (2026-05-24)
 
 Phase B — Template + Recipe Library. Closes the dev-feedback content gap (feedback items #7 and #9). New API additions are all backward-compatible — 3.6.x consumers upgrade without changes.

package/README.md

@@ -127,6 +127,101 @@ bun create ndpr
 
 ---
 
+## Bun quickstart
+
+Bun is a first-class runtime for the toolkit. Both common React app shapes work without extra config.
+
+### Bun + Vite + React
+
+```bash
+bun create vite@latest my-ndpr-app --template react-ts
+cd my-ndpr-app
+bun install
+bun add @tantainnovative/ndpr-toolkit
+```
+
+```tsx
+// src/App.tsx
+import { NDPRConsent } from '@tantainnovative/ndpr-toolkit/presets/consent';
+import '@tantainnovative/ndpr-toolkit/styles';
+
+export default function App() {
+  return (
+    <>
+      <NDPRConsent
+        options={[
+          { id: 'essential', label: 'Essential', description: 'Required for the site to function', required: true, purpose: 'Site operation' },
+          { id: 'analytics', label: 'Analytics', description: 'Anonymous usage measurement', required: false, purpose: 'Product analytics' },
+          { id: 'marketing', label: 'Marketing', description: 'Personalised offers and ads', required: false, purpose: 'Marketing communications' },
+        ]}
+      />
+      <main className="p-6">
+        <h1 className="text-3xl font-semibold">My NDPA-compliant app</h1>
+      </main>
+    </>
+  );
+}
+```
+
+```bash
+bun dev
+```
+
+Vite is client-only by default — no extra wiring needed. The toolkit's preset components ship with the `"use client"` directive already injected.
+
+### Bun + Next.js 15 (App Router)
+
+```bash
+bun create next-app@latest my-ndpr-app --typescript --app --tailwind
+cd my-ndpr-app
+bun add @tantainnovative/ndpr-toolkit
+```
+
+The consent banner is a stateful client component. Mount it from a small client wrapper so the rest of your layout can stay in RSC:
+
+```tsx
+// app/ConsentRoot.tsx
+'use client';
+import { NDPRConsent } from '@tantainnovative/ndpr-toolkit/presets/consent';
+
+export function ConsentRoot() {
+  return (
+    <NDPRConsent
+      options={[
+        { id: 'essential', label: 'Essential', description: 'Required for the site to function', required: true, purpose: 'Site operation' },
+        { id: 'analytics', label: 'Analytics', description: 'Anonymous usage measurement', required: false, purpose: 'Product analytics' },
+        { id: 'marketing', label: 'Marketing', description: 'Personalised offers and ads', required: false, purpose: 'Marketing communications' },
+      ]}
+    />
+  );
+}
+```
+
+```tsx
+// app/layout.tsx
+import '@tantainnovative/ndpr-toolkit/styles';
+import { ConsentRoot } from './ConsentRoot';
+
+export default function RootLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <html lang="en">
+      <body>
+        <ConsentRoot />
+        {children}
+      </body>
+    </html>
+  );
+}
+```
+
+```bash
+bun dev
+```
+
+You don't need to manually mark the import with `"use client"` from `app/layout.tsx` — the preset module already ships the directive in its bundled output, so React Server Components import it cleanly via the client wrapper. For RSC-safe, zero-React imports use `/server` or `/core` instead.
+
+---
+
 ## Choose Your Layer
 
 Pick exactly what your project needs.
@@ -350,6 +445,34 @@ Every module has an interactive demo. No signup, no setup — try them instantly
   <em>Left: Data Subject Rights portal with 8 NDPA rights. Right: Breach notification with 72-hour NDPC deadline countdown.</em>
 </p>
 
+### Open any module in your browser (zero install)
+
+Each module ships a minimal Next.js scaffold you can fork in StackBlitz or CodeSandbox. One click → working app demonstrating just that module:
+
+| Module | NDPA | Open in StackBlitz | Open in CodeSandbox |
+|---|---|---|---|
+| **Ecommerce starter (full app)** | §25–27, §34–38 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/ecommerce-starter) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/ecommerce-starter) |
+| Consent | §26 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/consent) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/consent) |
+| DSR | §34 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/dsr) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/dsr) |
+| DPIA | §28 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/dpia) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/dpia) |
+| Breach | §40 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/breach) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/breach) |
+| Policy | §27 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/policy) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/policy) |
+| Lawful Basis | §25 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/lawful-basis) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/lawful-basis) |
+| Cross-Border | §41–43 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/cross-border) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/cross-border) |
+| RoPA | §29 | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/stackblitz/ropa) | [![Open](https://codesandbox.io/static/img/play-codesandbox.svg)](https://codesandbox.io/p/github/mr-tanta/ndpr-toolkit/main/examples/stackblitz/ropa) |
+
+Or open the [all-in-one example](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/nextjs-app) that demos every module in a single app.
+
+### SSR-safe consent scaffolds
+
+Cookie-bridged consent that hydrates without a flash. Each scaffold reads the `ndpr-consent` cookie on the server, seeds the banner's `show` prop, then lets the browser `cookieAdapter` take over. See the [Server-Side Storage guide](https://ndprtoolkit.com.ng/docs/guides/server-side-storage) for the pattern.
+
+| Framework | Path | Open in StackBlitz |
+|---|---|---|
+| Next.js App Router | [`examples/ssr/nextjs-app-router`](./examples/ssr/nextjs-app-router) | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/ssr/nextjs-app-router) |
+| Remix | [`examples/ssr/remix`](./examples/ssr/remix) | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/ssr/remix) |
+| Astro | [`examples/ssr/astro`](./examples/ssr/astro) | [![Open](https://developer.stackblitz.com/img/open_in_stackblitz.svg)](https://stackblitz.com/github/mr-tanta/ndpr-toolkit/tree/main/examples/ssr/astro) |
+
 ---
 
 ## All 8 Modules
@@ -390,7 +513,23 @@ import "@tantainnovative/ndpr-toolkit/styles";
 }
 ```
 
-Light + dark mode auto-switch via `prefers-color-scheme`, plus an explicit opt-in via `data-theme="dark"` or `.dark` on any ancestor.
+**Theme via typed JS object — `NDPRThemeProvider` (new in 3.10.0):**
+```tsx
+import { NDPRThemeProvider, type NDPRTheme } from '@tantainnovative/ndpr-toolkit';
+
+const theme: NDPRTheme = {
+  colors: { primary: '22 163 74', primaryHover: '21 128 61' },
+  radius: { base: '0.75rem' },
+  font: { sans: '"Inter", system-ui, sans-serif' },
+};
+
+<NDPRThemeProvider theme={theme}>
+  <App />
+</NDPRThemeProvider>
+```
+The provider wraps children in a single `div` with the `--ndpr-*` variables set inline. Every `NDPRTheme` field is optional and maps 1:1 to a CSS variable defined in the stylesheet — unset fields fall through to defaults. Same end result as raw CSS overrides; pick what fits your codebase. Full reference in [the theming guide](https://ndprtoolkit.com.ng/docs/guides/theming).
+
+Light + dark mode auto-switch via `prefers-color-scheme`, plus an explicit opt-in via `data-theme="dark"` or `.dark` on any ancestor (or `mode: 'dark'` on `NDPRThemeProvider`).
 
 **Per-instance override via slot map:**
 ```tsx
@@ -425,6 +564,7 @@ Each component exports its `ClassNames` TypeScript interface for autocomplete. F
 | `/server` | **Pure validators, generators, scoring, locales, adapters, types — zero React** | `tslib` | **Yes** |
 | `/core` | Types, utility functions, NDPRProvider | `react`[^core] | Partial |
 | `/hooks` | React hooks for all 8 modules | `react` | No |
+| `/headless` | **Alias of `/hooks`** — identical exports under a more discoverable name (3.10.0) | `react` | No |
 | `/presets` | All zero-config preset components (barrel) | `react`, Radix peers | No |
 | `/presets/consent` | **Just `NDPRConsent`** — narrower barrel for bundle size | `react`, Radix peers | No |
 | `/presets/dsr` | **Just `NDPRSubjectRights`** | `react`, Radix peers | No |
@@ -436,8 +576,11 @@ Each component exports its `ClassNames` TypeScript interface for autocomplete. F
 | `/breach` | Breach components + hook | `react` | No |
 | `/policy` | Policy components + hook | `react`, `jspdf`, `docx` (optional) | No |
 | `/lawful-basis` | Lawful basis component + hook | `react` | No |
+| `/lawful-basis/lite` | Read-only `LawfulBasisTrackerLite` — ~65% smaller than `/lawful-basis` | `react` | No |
 | `/cross-border` | Cross-border component + hook | `react` | No |
+| `/cross-border/lite` | Read-only `CrossBorderTransferManagerLite` — ~89% smaller (skips the 624-row adequacy dataset) | `react` | No |
 | `/ropa` | ROPA component + hook | `react` | No |
+| `/ropa/lite` | Read-only `ROPAManagerLite` — ~64% smaller than `/ropa` | `react` | No |
 | `/unstyled` | All published components with `unstyled` defaulted to `true` | `react` | No |
 | `/styles` | Default CSS stylesheet — `import "@tantainnovative/ndpr-toolkit/styles"` once in your app entry | none | N/A |
 
@@ -458,6 +601,8 @@ The toolkit is published with `sideEffects: ["*.css"]`, so a modern bundler (Vit
 
    If your app only needs the hook (e.g. you're rendering ROPA records inside your own admin UI), import from `/hooks` instead of the feature subpath — the hook chunk doesn't drag the manager component into your bundle.
 
+   If your page only needs to *display* records (no Add / Edit / Archive / CSV export), reach for the new **Lite** variants from `/lawful-basis/lite`, `/cross-border/lite`, and `/ropa/lite` instead — they save ~65%, 89%, and 64% respectively. See [Lite vs Full managers](https://ndprtoolkit.com.ng/docs/guides/lite-vs-full).
+
 4. **`/server` carries zero React.** For Server Actions, Route Handlers, scheduled jobs, or compliance-score computation in CI, prefer `/server` and you'll pay no React-tree cost.
 
 ---

package/dist/{chunk-SJRIOZ4K.mjs → chunk-EFIWANHF.mjs}

@@ -1 +1 @@
-import {a}from'./chunk-XJO4DH3L.mjs';import {d,a as a$1}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';var S=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 34(1)(a)\u2013(b)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 34(1)(c)",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 34(1)(d), Section 34(2)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 38",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 34(1)(e)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 36",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"withdraw_consent",name:"Withdraw My Consent",description:"Withdraw consent previously given for processing",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],g=({requestTypes:p=S,adapter:i,classNames:m,unstyled:f,onSubmit:R=()=>{},submitTo:s,submitOptions:e,onSubmitError:t})=>jsx(a,{requestTypes:p,onSubmit:o=>d(null,null,function*(){var n,r;if(s){let y=typeof(e==null?void 0:e.headers)=="function"?e.headers():(n=e==null?void 0:e.headers)!=null?n:{};try{let a=yield fetch(s,{method:"POST",headers:a$1({"Content-Type":"application/json"},y),credentials:(r=e==null?void 0:e.credentials)!=null?r:"same-origin",body:JSON.stringify(o)});a.ok||t==null||t({response:a});}catch(a){t==null||t({error:a});}}else i&&i.save(o);R(o);}),classNames:m,unstyled:f});export{g as a};
+import {a}from'./chunk-XJO4DH3L.mjs';import {d,a as a$1}from'./chunk-ZJYULEER.mjs';import {jsx}from'react/jsx-runtime';var q=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 34(1)(a)\u2013(b)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 34(1)(c)",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 34(1)(d), Section 34(2)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 38",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 34(1)(e)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 36",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"withdraw_consent",name:"Withdraw My Consent",description:"Withdraw consent previously given for processing",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],C=({requestTypes:R=q,adapter:s,classNames:y,unstyled:S,onSubmit:u=()=>{},submitTo:n,submitOptions:e,onSubmitError:t,onSubmitSuccess:r})=>jsx(a,{requestTypes:R,onSubmit:a=>d(null,null,function*(){var d,c;if(n){let h=typeof(e==null?void 0:e.headers)=="function"?e.headers():(d=e==null?void 0:e.headers)!=null?d:{};try{let o=yield fetch(n,{method:"POST",headers:a$1({"Content-Type":"application/json"},h),credentials:(c=e==null?void 0:e.credentials)!=null?c:"same-origin",body:JSON.stringify(a)});if(!o.ok)t==null||t({response:o});else if(r){let l;try{let i=yield o.clone().text();i&&(l=JSON.parse(i));}catch(i){}r({response:o,data:a,body:l});}}catch(o){t==null||t({error:o});}}else s&&s.save(a);u(a);}),classNames:y,unstyled:S});export{C as a};

package/dist/chunk-OZCNFB5C.js

@@ -0,0 +1 @@
+'use strict';

package/dist/{chunk-RXZFYBUJ.js → chunk-XS3Z4UT7.js}

@@ -1 +1 @@
-'use strict';var chunkW47OSMT6_js=require('./chunk-W47OSMT6.js'),chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime');var S=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 34(1)(a)\u2013(b)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 34(1)(c)",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 34(1)(d), Section 34(2)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 38",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 34(1)(e)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 36",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"withdraw_consent",name:"Withdraw My Consent",description:"Withdraw consent previously given for processing",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],g=({requestTypes:p=S,adapter:i,classNames:m,unstyled:f,onSubmit:R=()=>{},submitTo:s,submitOptions:e,onSubmitError:t})=>jsxRuntime.jsx(chunkW47OSMT6_js.a,{requestTypes:p,onSubmit:o=>chunkRFPLZDIO_js.d(null,null,function*(){var n,r;if(s){let y=typeof(e==null?void 0:e.headers)=="function"?e.headers():(n=e==null?void 0:e.headers)!=null?n:{};try{let a=yield fetch(s,{method:"POST",headers:chunkRFPLZDIO_js.a({"Content-Type":"application/json"},y),credentials:(r=e==null?void 0:e.credentials)!=null?r:"same-origin",body:JSON.stringify(o)});a.ok||t==null||t({response:a});}catch(a){t==null||t({error:a});}}else i&&i.save(o);R(o);}),classNames:m,unstyled:f});exports.a=g;
+'use strict';var chunkW47OSMT6_js=require('./chunk-W47OSMT6.js'),chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js'),jsxRuntime=require('react/jsx-runtime');var q=[{id:"access",name:"Access My Data",description:"Request a copy of your personal data held by us",ndpaSection:"Section 34(1)(a)\u2013(b)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"rectification",name:"Correct My Data",description:"Request corrections to inaccurate personal data",ndpaSection:"Section 34(1)(c)",estimatedCompletionTime:30,requiresAdditionalInfo:true,additionalFields:[{id:"correction_details",label:"What data needs to be corrected?",type:"textarea",required:true,placeholder:"Please describe the inaccurate data and what the correct information should be"}]},{id:"erasure",name:"Delete My Data",description:"Request deletion of your personal data",ndpaSection:"Section 34(1)(d), Section 34(2)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"portability",name:"Export My Data",description:"Receive your data in a portable format",ndpaSection:"Section 38",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"restrict",name:"Restrict Processing",description:"Request restriction of data processing",ndpaSection:"Section 34(1)(e)",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"object",name:"Object to Processing",description:"Object to processing of your personal data",ndpaSection:"Section 36",estimatedCompletionTime:30,requiresAdditionalInfo:false},{id:"withdraw_consent",name:"Withdraw My Consent",description:"Withdraw consent previously given for processing",ndpaSection:"Section 35",estimatedCompletionTime:30,requiresAdditionalInfo:false}],C=({requestTypes:R=q,adapter:s,classNames:y,unstyled:S,onSubmit:u=()=>{},submitTo:n,submitOptions:e,onSubmitError:t,onSubmitSuccess:r})=>jsxRuntime.jsx(chunkW47OSMT6_js.a,{requestTypes:R,onSubmit:a=>chunkRFPLZDIO_js.d(null,null,function*(){var d,c;if(n){let h=typeof(e==null?void 0:e.headers)=="function"?e.headers():(d=e==null?void 0:e.headers)!=null?d:{};try{let o=yield fetch(n,{method:"POST",headers:chunkRFPLZDIO_js.a({"Content-Type":"application/json"},h),credentials:(c=e==null?void 0:e.credentials)!=null?c:"same-origin",body:JSON.stringify(a)});if(!o.ok)t==null||t({response:o});else if(r){let l;try{let i=yield o.clone().text();i&&(l=JSON.parse(i));}catch(i){}r({response:o,data:a,body:l});}}catch(o){t==null||t({error:o});}}else s&&s.save(a);u(a);}),classNames:y,unstyled:S});exports.a=C;

package/dist/core.js

@@ -1 +1 @@
-'use strict';var chunkUAV7V4EM_js=require('./chunk-UAV7V4EM.js'),chunk4QXTB3L6_js=require('./chunk-4QXTB3L6.js'),chunk3GRGYT3P_js=require('./chunk-3GRGYT3P.js'),chunk7IFSWCQP_js=require('./chunk-7IFSWCQP.js'),chunkLVGT3DLT_js=require('./chunk-LVGT3DLT.js'),chunkQPRYXVH2_js=require('./chunk-QPRYXVH2.js'),chunkQ64735OC_js=require('./chunk-Q64735OC.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkB46SJB5V_js=require('./chunk-B46SJB5V.js'),chunkL2BRFMVS_js=require('./chunk-L2BRFMVS.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkUAV7V4EM_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkUAV7V4EM_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkUAV7V4EM_js.c}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunk3GRGYT3P_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunk3GRGYT3P_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunk3GRGYT3P_js.b}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunk7IFSWCQP_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunk7IFSWCQP_js.b}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkLVGT3DLT_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkLVGT3DLT_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkLVGT3DLT_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkLVGT3DLT_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkLVGT3DLT_js.b}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunkQPRYXVH2_js.a}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunkQ64735OC_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunkQ64735OC_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunkQ64735OC_js.f}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsent",{enumerable:true,get:function(){return chunkB46SJB5V_js.a}});Object.defineProperty(exports,"validateConsentOptions",{enumerable:true,get:function(){return chunkB46SJB5V_js.b}});Object.defineProperty(exports,"formatDSRRequest",{enumerable:true,get:function(){return chunkL2BRFMVS_js.b}});Object.defineProperty(exports,"validateDsrSubmission",{enumerable:true,get:function(){return chunkL2BRFMVS_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});
+'use strict';var chunkUAV7V4EM_js=require('./chunk-UAV7V4EM.js'),chunk4QXTB3L6_js=require('./chunk-4QXTB3L6.js'),chunk3GRGYT3P_js=require('./chunk-3GRGYT3P.js'),chunk7IFSWCQP_js=require('./chunk-7IFSWCQP.js'),chunkQPRYXVH2_js=require('./chunk-QPRYXVH2.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkLVGT3DLT_js=require('./chunk-LVGT3DLT.js'),chunkQ64735OC_js=require('./chunk-Q64735OC.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkB46SJB5V_js=require('./chunk-B46SJB5V.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkL2BRFMVS_js=require('./chunk-L2BRFMVS.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkUAV7V4EM_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkUAV7V4EM_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkUAV7V4EM_js.c}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunk4QXTB3L6_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunk3GRGYT3P_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunk3GRGYT3P_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunk3GRGYT3P_js.b}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunk7IFSWCQP_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunk7IFSWCQP_js.b}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunkQPRYXVH2_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkLVGT3DLT_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkLVGT3DLT_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkLVGT3DLT_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkLVGT3DLT_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkLVGT3DLT_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunkQ64735OC_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunkQ64735OC_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunkQ64735OC_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsent",{enumerable:true,get:function(){return chunkB46SJB5V_js.a}});Object.defineProperty(exports,"validateConsentOptions",{enumerable:true,get:function(){return chunkB46SJB5V_js.b}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequest",{enumerable:true,get:function(){return chunkL2BRFMVS_js.b}});Object.defineProperty(exports,"validateDsrSubmission",{enumerable:true,get:function(){return chunkL2BRFMVS_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});

package/dist/core.mjs

@@ -1 +1 @@
-export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-EEQALYOY.mjs';export{c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-LQTARVPU.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-UKLU6BQF.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-HWHBINVN.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-Y3MKMAFQ.mjs';export{a as getComplianceScore}from'./chunk-EFIBHKQE.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-RMQ7OLNY.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{a as validateConsent,b as validateConsentOptions}from'./chunk-PJNKQPQP.mjs';export{b as formatDSRRequest,a as validateDsrSubmission}from'./chunk-RZ6GC6WN.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';import'./chunk-ZJYULEER.mjs';
+export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-EEQALYOY.mjs';export{c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-LQTARVPU.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-UKLU6BQF.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-HWHBINVN.mjs';export{a as getComplianceScore}from'./chunk-EFIBHKQE.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-Y3MKMAFQ.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-RMQ7OLNY.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{a as validateConsent,b as validateConsentOptions}from'./chunk-PJNKQPQP.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequest,a as validateDsrSubmission}from'./chunk-RZ6GC6WN.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/cross-border-lite.d.mts

@@ -0,0 +1,141 @@
+import React__default from 'react';
+
+/**
+ * Adequacy status of a destination country
+ */
+export declare type AdequacyStatus = 'adequate' | 'inadequate' | 'pending_review' | 'unknown';
+
+/**
+ * Summary of cross-border transfer compliance
+ */
+export declare interface CrossBorderSummary {
+    /** Total number of active transfers */
+    totalActiveTransfers: number;
+    /** Breakdown by transfer mechanism */
+    byMechanism: Record<TransferMechanism, number>;
+    /** Breakdown by adequacy status */
+    byAdequacy: Record<AdequacyStatus, number>;
+    /** Transfers pending NDPC approval */
+    pendingApproval: CrossBorderTransfer[];
+    /** Transfers due for review */
+    dueForReview: CrossBorderTransfer[];
+    /** Transfers missing TIA */
+    missingTIA: CrossBorderTransfer[];
+    /** High-risk transfers */
+    highRiskTransfers: CrossBorderTransfer[];
+    /** Last updated timestamp */
+    lastUpdated: number;
+}
+
+/**
+ * Represents a cross-border data transfer record
+ */
+export declare interface CrossBorderTransfer {
+    /** Unique identifier */
+    id: string;
+    /** Destination country or territory */
+    destinationCountry: string;
+    /** ISO country code */
+    destinationCountryCode?: string;
+    /** Adequacy status of the destination */
+    adequacyStatus: AdequacyStatus;
+    /** The transfer mechanism being relied upon */
+    transferMechanism: TransferMechanism;
+    /** Categories of personal data being transferred */
+    dataCategories: string[];
+    /** Whether sensitive personal data is included */
+    includesSensitiveData: boolean;
+    /** Estimated number of data subjects whose data is transferred */
+    estimatedDataSubjects?: number;
+    /** Name of the recipient organization */
+    recipientOrganization: string;
+    /** Contact details of the recipient */
+    recipientContact: {
+        name: string;
+        email: string;
+        phone?: string;
+        address?: string;
+    };
+    /** Purpose of the data transfer */
+    purpose: string;
+    /** Safeguards in place to protect the data */
+    safeguards: string[];
+    /** Risk assessment summary */
+    riskAssessment: string;
+    /** Risk level of the transfer */
+    riskLevel: 'low' | 'medium' | 'high';
+    /** NDPC approval details (required for some transfer mechanisms) */
+    ndpcApproval?: {
+        required: boolean;
+        applied: boolean;
+        approved?: boolean;
+        referenceNumber?: string;
+        appliedAt?: number;
+        approvedAt?: number;
+    };
+    /** Whether a Transfer Impact Assessment has been conducted */
+    tiaCompleted: boolean;
+    /** Reference to the TIA document */
+    tiaReference?: string;
+    /** Frequency of the transfer */
+    frequency: 'one_time' | 'periodic' | 'continuous';
+    /** Start date of the transfer */
+    startDate: number;
+    /** End date of the transfer (if applicable) */
+    endDate?: number;
+    /** Status of the transfer */
+    status: 'active' | 'suspended' | 'terminated' | 'pending_approval';
+    /** Timestamp when the record was created */
+    createdAt: number;
+    /** Timestamp when the record was last updated */
+    updatedAt: number;
+    /** Next review date */
+    reviewDate?: number;
+}
+
+/**
+ * Read-only, lightweight variant of {@link CrossBorderTransferManager}. Renders the
+ * list + summary view without pulling in the full adequacy dataset, and exposes
+ * no add/edit/delete affordances.
+ */
+export declare const CrossBorderTransferManagerLite: React__default.FC<CrossBorderTransferManagerLiteProps>;
+
+export declare interface CrossBorderTransferManagerLiteClassNames {
+    root?: string;
+    header?: string;
+    title?: string;
+    summary?: string;
+    summaryCard?: string;
+    table?: string;
+    tableHeader?: string;
+    tableRow?: string;
+    statusBadge?: string;
+    riskBadge?: string;
+    riskAlert?: string;
+}
+
+export declare interface CrossBorderTransferManagerLiteProps {
+    transfers: CrossBorderTransfer[];
+    title?: string;
+    description?: string;
+    className?: string;
+    classNames?: CrossBorderTransferManagerLiteClassNames;
+    unstyled?: boolean;
+    showSummary?: boolean;
+    showRiskAlerts?: boolean;
+    onTransferClick?: (transfer: CrossBorderTransfer) => void;
+}
+
+/**
+ * Cross-Border Data Transfer types aligned with NDPA 2023 Part VIII (Sections 41-43).
+ * Personal data may only be transferred outside Nigeria under the bases listed in
+ * Section 41(1), where Section 42 defines adequacy and Section 43 lists derogations.
+ *
+ * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
+ */
+/**
+ * Transfer mechanisms recognized under the NDPA
+ */
+export declare type TransferMechanism = 'adequacy_decision' | 'standard_clauses' | 'binding_corporate_rules' | 'ndpc_authorization' | 'explicit_consent' | 'contract_performance' | 'public_interest' | 'legal_claims' | 'vital_interests';
+
+export { }