@tantainnovative/ndpr-toolkit 4.1.0 → 5.0.1

package/dist/core.d.ts

@@ -815,7 +815,7 @@ export declare type DSRStatus = 'pending' | 'awaitingVerification' | 'inProgress
 /**
  * Validated DSR submission shape — matches what `<DSRRequestForm onSubmit>`
  * emits client-side. Use this as the typed parameter for your server-side
- * handler after `validateDsrSubmission` returns `valid: true`.
+ * handler after `validateDsrSubmissionStructured` returns `valid: true`.
  */
 export declare interface DsrSubmissionPayload {
     requestType: string;
@@ -830,16 +830,6 @@ export declare interface DsrSubmissionPayload {
     submittedAt: number;
 }
 
-/** Result of validating a raw DSR submission payload. */
-export declare interface DsrSubmissionValidationResult {
-    /** True when the payload conforms to the DSR submission contract. */
-    valid: boolean;
-    /** Field-keyed error messages. Empty when `valid` is true. */
-    errors: Record<string, string>;
-    /** The narrowed, typed payload — only populated when `valid` is true. */
-    data?: DsrSubmissionPayload;
-}
-
 /**
  * Data Subject Rights types aligned with NDPA 2023 Part VI (Sections 34-38)
  * and the related provisions in Part V (Section 27 — information to the data subject)
@@ -936,16 +926,29 @@ export declare function exportROPAToCSV(ropa: RecordOfProcessingActivities): str
 export declare function findUnfilledTokens(rendered: string): string[];
 
 /**
- * Formats a DSR request for display or submission
- * @param request The DSR request to format
- * @returns Formatted request data
- * @deprecated Use `formatDSRRequestStructured()` for typed `{ field, code, message }[]` errors. The legacy string-returning shape will be removed in 5.0.
- */
-export declare function formatDSRRequest(request: DSRRequest): {
+ * Format a DSR request for display or submission. Returns the formatted
+ * payload plus a typed `errors` array of `{ field, code, message }` for any
+ * required fields missing from the source request.
+ *
+ * Codes emitted:
+ * - `request_id_required`
+ * - `request_type_required`
+ * - `request_status_required`
+ * - `created_at_required`
+ * - `subject_name_required`
+ * - `subject_email_required`
+ */
+export declare function formatDSRRequestStructured(request: DSRRequest): FormatDSRRequestStructuredResult;
+
+/** Result of {@link formatDSRRequestStructured}. */
+export declare interface FormatDSRRequestStructuredResult {
+    valid: boolean;
+    errors: StructuredValidationError[];
+    /** Formatted request payload — always populated regardless of `valid`. */
     formattedRequest: Record<string, unknown>;
-    isValid: boolean;
-    validationErrors: string[];
-};
+    /** Narrowed input — populated only on `valid: true`. */
+    data?: DSRRequest;
+}
 
 export declare const frenchLocale: Required<{
     [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
@@ -2016,6 +2019,30 @@ export declare interface StorageAdapter<T = unknown> {
     remove(): void | Promise<void>;
 }
 
+/**
+ * Single structured validation error with a stable, locale-independent
+ * `code` consumers can switch on programmatically.
+ */
+export declare interface StructuredValidationError {
+    /** Dot-path of the offending field (e.g. `'timestamp'`, `'dataSubject.email'`, `'options[0].purpose'`). */
+    field: string;
+    /** Stable, snake_case error code — safe to switch on across locales. */
+    code: string;
+    /** Human-readable English message — informational only; do not regex-match. */
+    message: string;
+}
+
+/**
+ * Result of a structured validator. `errors` is an array (one entry per
+ * failed rule). `data` is the narrowed, typed payload, only populated on
+ * `valid: true`.
+ */
+export declare interface StructuredValidationResult<T> {
+    valid: boolean;
+    errors: StructuredValidationError[];
+    data?: T;
+}
+
 /** Full context used to generate an adaptive privacy policy. */
 export declare interface TemplateContext {
     /** Organisation details, extended with industry and size. */
@@ -2155,70 +2182,43 @@ export declare function useNDPRConfig(): NDPRConfig;
 export declare function useNDPRLocale(): typeof defaultLocale;
 
 /**
- * Validates consent settings to ensure they meet NDPA requirements
- * @param settings The consent settings to validate
- * @returns An object containing validation result and any error messages
- * @deprecated Use `validateConsentStructured()` for typed `{ field, code, message }[]` errors. The legacy string-returning shape will be removed in 5.0.
+ * Validates consent options against NDPA Section 26 requirements. Each option
+ * is checked for a non-empty `purpose`. Failing options are reported with
+ * `field: 'options[i].purpose'` so consumers can map errors back to the
+ * originating option index.
+ *
+ * Codes emitted:
+ * - `options_required` — empty / missing options array
+ * - `purpose_required` — single option missing a purpose
  */
-export declare function validateConsent(settings: ConsentSettings): {
-    valid: boolean;
-    errors: string[];
-};
+export declare function validateConsentOptionsStructured(options: ConsentOption[]): StructuredValidationResult<ConsentOption[]>;
 
 /**
- * Validates that consent options meet NDPA Section 26 requirements.
- * Each consent option must specify a purpose for which data will be processed,
- * as consent must be specific and informed per the Nigeria Data Protection Act.
- * @param options The consent options to validate
- * @returns An object containing validation result and any error messages
- * @deprecated Use `validateConsentOptionsStructured()` for typed `{ field, code, message }[]` errors. The legacy string-returning shape will be removed in 5.0.
- */
-export declare function validateConsentOptions(options: ConsentOption[]): {
-    valid: boolean;
-    errors: string[];
-};
-
-/**
- * Validate a raw DSR submission payload against the same rules
- * `<DSRRequestForm />` enforces client-side. Designed to be called from a
- * server-side handler (Next.js Route Handler, NestJS controller, Express
- * middleware, Cloudflare Worker) so client and server stay in sync without
- * the consumer hand-rolling zod / class-validator schemas.
+ * Validates consent settings against NDPA requirements. Returns structured
+ * `{ field, code, message }[]` errors so consumers can switch on `code`
+ * across locales without regex-matching English strings.
  *
- * Defensive — accepts `unknown` and narrows. Safe to call directly on
- * `await request.json()`.
+ * Codes emitted:
+ * - `consents_required`
+ * - `timestamp_required`
+ * - `timestamp_invalid`
+ * - `version_required`
+ * - `method_required`
+ * - `has_interacted_required`
+ * - `consent_stale`
  *
- * @example **Next.js Route Handler**
+ * @example
  * ```ts
- * // app/api/dsr/route.ts
- * import { validateDsrSubmission } from '@tantainnovative/ndpr-toolkit/server';
- *
- * export async function POST(req: Request) {
- *   const { valid, errors, data } = validateDsrSubmission(await req.json());
- *   if (!valid) return Response.json({ errors }, { status: 422 });
- *   // `data` is the typed DsrSubmissionPayload
- *   await dsrStore.create(data);
- *   return Response.json({ ok: true }, { status: 201 });
+ * const { valid, errors, data } = validateConsentStructured(settings);
+ * if (!valid) {
+ *   const stale = errors.find((e) => e.code === 'consent_stale');
+ *   if (stale) showRefreshBanner();
  * }
  * ```
- *
- * @example **Lock to specific request types**
- * ```ts
- * validateDsrSubmission(payload, {
- *   allowedRequestTypes: ['access', 'erasure', 'rectification'],
- * });
- * ```
- *
- * @example **Skip identity verification (e.g. authenticated session)**
- * ```ts
- * validateDsrSubmission(payload, { requireIdentityVerification: false });
- * ```
- *
- * @deprecated Use `validateDsrSubmissionStructured()` for typed `{ field, code, message }[]` errors. The legacy string-returning shape will be removed in 5.0.
  */
-export declare function validateDsrSubmission(payload: unknown, options?: ValidateDsrSubmissionOptions): DsrSubmissionValidationResult;
+export declare function validateConsentStructured(settings: ConsentSettings): StructuredValidationResult<ConsentSettings>;
 
-/** Options for {@link validateDsrSubmission}. */
+/** Options for {@link validateDsrSubmissionStructured}. */
 export declare interface ValidateDsrSubmissionOptions {
     /**
      * Whether the data subject is required to provide an identifier
@@ -2235,6 +2235,48 @@ export declare interface ValidateDsrSubmissionOptions {
     allowedRequestTypes?: string[];
 }
 
+/**
+ * Validate a raw DSR submission payload against the same rules
+ * `<DSRRequestForm />` enforces client-side. Designed to be called from a
+ * server-side handler (Next.js Route Handler, NestJS controller, Express
+ * middleware, Cloudflare Worker) so client and server stay in sync without
+ * the consumer hand-rolling zod / class-validator schemas.
+ *
+ * Defensive — accepts `unknown` and narrows. Safe to call directly on
+ * `await request.json()`. Returns `{ field, code, message }[]` errors so
+ * callers can switch on `code` programmatically across locales.
+ *
+ * Codes emitted:
+ * - `payload_not_object`
+ * - `request_type_required`
+ * - `request_type_not_allowed`
+ * - `data_subject_required`
+ * - `full_name_required`
+ * - `email_required`
+ * - `email_invalid_format`
+ * - `phone_invalid_type`
+ * - `identifier_type_required`
+ * - `identifier_value_required`
+ * - `submitted_at_invalid`
+ * - `additional_info_invalid_type`
+ * - `payload_final_narrowing_failed`
+ *
+ * @example **Next.js Route Handler**
+ * ```ts
+ * import { validateDsrSubmissionStructured } from '@tantainnovative/ndpr-toolkit/server';
+ *
+ * export async function POST(req: Request) {
+ *   const { valid, errors, data } = validateDsrSubmissionStructured(await req.json());
+ *   if (!valid) {
+ *     return Response.json({ errors }, { status: 422 });
+ *   }
+ *   await dsrStore.create(data);
+ *   return Response.json({ ok: true }, { status: 201 });
+ * }
+ * ```
+ */
+export declare function validateDsrSubmissionStructured(payload: unknown, options?: ValidateDsrSubmissionOptions): StructuredValidationResult<DsrSubmissionPayload>;
+
 /**
  * Validates that all required fields are present on a processing activity
  * and that the lawful basis is properly documented.

package/dist/core.js

@@ -1 +1 @@
-'use strict';var chunk6YFPDGNB_js=require('./chunk-6YFPDGNB.js'),chunkNUOHT3LO_js=require('./chunk-NUOHT3LO.js'),chunkRDALAH3Y_js=require('./chunk-RDALAH3Y.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkD2ZKDQVL_js=require('./chunk-D2ZKDQVL.js'),chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkD3HHDWBR_js=require('./chunk-D3HHDWBR.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunk45D7AMB3_js=require('./chunk-45D7AMB3.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js'),chunkYDKWD6MQ_js=require('./chunk-YDKWD6MQ.js'),chunkTTMGFC6C_js=require('./chunk-TTMGFC6C.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"arabicLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.e}});Object.defineProperty(exports,"frenchLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.f}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunkNUOHT3LO_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunkRDALAH3Y_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunk6LJHLE6G_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunk6LJHLE6G_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunk6LJHLE6G_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsent",{enumerable:true,get:function(){return chunkD3HHDWBR_js.a}});Object.defineProperty(exports,"validateConsentOptions",{enumerable:true,get:function(){return chunkD3HHDWBR_js.c}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequest",{enumerable:true,get:function(){return chunk45D7AMB3_js.b}});Object.defineProperty(exports,"validateDsrSubmission",{enumerable:true,get:function(){return chunk45D7AMB3_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkYDKWD6MQ_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkYDKWD6MQ_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkYDKWD6MQ_js.c}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunkTTMGFC6C_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunkTTMGFC6C_js.b}});
+'use strict';var chunk6YFPDGNB_js=require('./chunk-6YFPDGNB.js'),chunkNUOHT3LO_js=require('./chunk-NUOHT3LO.js'),chunkRDALAH3Y_js=require('./chunk-RDALAH3Y.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkD2ZKDQVL_js=require('./chunk-D2ZKDQVL.js'),chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkDKLJ5DYN_js=require('./chunk-DKLJ5DYN.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkR2ZZMATR_js=require('./chunk-R2ZZMATR.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js'),chunkYDKWD6MQ_js=require('./chunk-YDKWD6MQ.js'),chunkTTMGFC6C_js=require('./chunk-TTMGFC6C.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"arabicLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.e}});Object.defineProperty(exports,"frenchLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.f}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunk6YFPDGNB_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunkNUOHT3LO_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunkRDALAH3Y_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunk6LJHLE6G_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunk6LJHLE6G_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunk6LJHLE6G_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsentOptionsStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.b}});Object.defineProperty(exports,"validateConsentStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.a}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequestStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.b}});Object.defineProperty(exports,"validateDsrSubmissionStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkYDKWD6MQ_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkYDKWD6MQ_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkYDKWD6MQ_js.c}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunkTTMGFC6C_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunkTTMGFC6C_js.b}});

package/dist/core.mjs

@@ -1 +1 @@
-export{e as arabicLocale,f as frenchLocale,c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-PSPYIRIF.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-CWY2FMIC.mjs';export{a as getComplianceScore}from'./chunk-7RBO42IW.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-NBQQ2GN3.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-BIJSMSUU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{a as validateConsent,c as validateConsentOptions}from'./chunk-NI54X543.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequest,a as validateDsrSubmission}from'./chunk-3APT25XO.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-FRQFU44F.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-V5TZJJWU.mjs';import'./chunk-ZJYULEER.mjs';
+export{e as arabicLocale,f as frenchLocale,c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-PSPYIRIF.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-CWY2FMIC.mjs';export{a as getComplianceScore}from'./chunk-7RBO42IW.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-NBQQ2GN3.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-BIJSMSUU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{b as validateConsentOptionsStructured,a as validateConsentStructured}from'./chunk-R3ZKV2J7.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequestStructured,a as validateDsrSubmissionStructured}from'./chunk-RRVML7CU.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-FRQFU44F.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-V5TZJJWU.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/cross-border.d.mts

@@ -215,39 +215,16 @@ declare interface CrossBorderTransferManagerProps {
      */
     transfers: CrossBorderTransfer[];
     /**
-     * Callback when a new transfer is added
-     * @deprecated Renamed to `onAdd` in 4.1. The legacy name still fires
-     * for backward compatibility and will be removed in 5.0.
-     */
-    onAddTransfer?: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => void;
-    /**
-     * Callback when a transfer is updated
-     * @deprecated Renamed to `onUpdate` in 4.1. The legacy name still fires
-     * for backward compatibility and will be removed in 5.0.
-     */
-    onUpdateTransfer?: (id: string, updates: Partial<CrossBorderTransfer>) => void;
-    /**
-     * Callback when a transfer is removed
-     * @deprecated Renamed to `onArchive` in 4.1 (NDPA prefers soft-delete
-     * over hard delete). The legacy name still fires for backward
-     * compatibility and will be removed in 5.0.
-     */
-    onRemoveTransfer?: (id: string) => void;
-    /**
-     * Callback when a new transfer is added (uniform 4.1+ name).
-     * Takes precedence over `onAddTransfer` when both are provided.
+     * Callback when a new transfer is added.
      */
     onAdd?: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => void;
     /**
-     * Callback when a transfer is updated (uniform 4.1+ name).
-     * Takes precedence over `onUpdateTransfer` when both are provided.
+     * Callback when a transfer is updated.
      */
     onUpdate?: (id: string, updates: Partial<CrossBorderTransfer>) => void;
     /**
-     * Callback when a transfer is archived (uniform 4.1+ name). NDPA
-     * preference is soft-delete over hard-delete; consumers should treat
-     * this as an archive signal. Takes precedence over `onRemoveTransfer`
-     * when both are provided.
+     * Callback when a transfer is archived. NDPA preference is soft-delete
+     * over hard-delete; consumers should treat this as an archive signal.
      */
     onArchive?: (id: string) => void;
     /**

package/dist/cross-border.d.ts

@@ -215,39 +215,16 @@ declare interface CrossBorderTransferManagerProps {
      */
     transfers: CrossBorderTransfer[];
     /**
-     * Callback when a new transfer is added
-     * @deprecated Renamed to `onAdd` in 4.1. The legacy name still fires
-     * for backward compatibility and will be removed in 5.0.
-     */
-    onAddTransfer?: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => void;
-    /**
-     * Callback when a transfer is updated
-     * @deprecated Renamed to `onUpdate` in 4.1. The legacy name still fires
-     * for backward compatibility and will be removed in 5.0.
-     */
-    onUpdateTransfer?: (id: string, updates: Partial<CrossBorderTransfer>) => void;
-    /**
-     * Callback when a transfer is removed
-     * @deprecated Renamed to `onArchive` in 4.1 (NDPA prefers soft-delete
-     * over hard delete). The legacy name still fires for backward
-     * compatibility and will be removed in 5.0.
-     */
-    onRemoveTransfer?: (id: string) => void;
-    /**
-     * Callback when a new transfer is added (uniform 4.1+ name).
-     * Takes precedence over `onAddTransfer` when both are provided.
+     * Callback when a new transfer is added.
      */
     onAdd?: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => void;
     /**
-     * Callback when a transfer is updated (uniform 4.1+ name).
-     * Takes precedence over `onUpdateTransfer` when both are provided.
+     * Callback when a transfer is updated.
      */
     onUpdate?: (id: string, updates: Partial<CrossBorderTransfer>) => void;
     /**
-     * Callback when a transfer is archived (uniform 4.1+ name). NDPA
-     * preference is soft-delete over hard-delete; consumers should treat
-     * this as an archive signal. Takes precedence over `onRemoveTransfer`
-     * when both are provided.
+     * Callback when a transfer is archived. NDPA preference is soft-delete
+     * over hard-delete; consumers should treat this as an archive signal.
      */
     onArchive?: (id: string) => void;
     /**

package/dist/cross-border.js

@@ -1,2 +1,2 @@
 "use client";
-'use strict';var chunkH2FDWK4F_js=require('./chunk-H2FDWK4F.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js');require('./chunk-AME4HJR4.js'),require('./chunk-YDKWD6MQ.js'),require('./chunk-TTMGFC6C.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');var react=require('react'),jsxRuntime=require('react/jsx-runtime');var s=react.createContext(null);function A(){let r=react.useContext(s);if(!r)throw new Error("CrossBorder compound components must be wrapped in <CrossBorder.Provider>. Example: <CrossBorder.Provider><CrossBorder.Manager /></CrossBorder.Provider>");return r}var t=({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f,children:i})=>{let m=chunkHHK5LHEG_js.a({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f});return jsxRuntime.jsx(s.Provider,{value:m,children:i})};var q={Provider:t,Manager:chunkH2FDWK4F_js.a};Object.defineProperty(exports,"CrossBorderTransferManager",{enumerable:true,get:function(){return chunkH2FDWK4F_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"COUNTRY_ADEQUACY_MAP",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.a}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getAdequateCountries",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.c}});Object.defineProperty(exports,"getCountryAdequacy",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.b}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"requiresNDPCApproval",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.d}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});exports.CrossBorder=q;exports.CrossBorderProvider=t;exports.useCrossBorderCompound=A;
+'use strict';var chunkCSE36REY_js=require('./chunk-CSE36REY.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js');require('./chunk-AME4HJR4.js'),require('./chunk-YDKWD6MQ.js'),require('./chunk-TTMGFC6C.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');var react=require('react'),jsxRuntime=require('react/jsx-runtime');var s=react.createContext(null);function A(){let r=react.useContext(s);if(!r)throw new Error("CrossBorder compound components must be wrapped in <CrossBorder.Provider>. Example: <CrossBorder.Provider><CrossBorder.Manager /></CrossBorder.Provider>");return r}var t=({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f,children:i})=>{let m=chunkHHK5LHEG_js.a({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f});return jsxRuntime.jsx(s.Provider,{value:m,children:i})};var q={Provider:t,Manager:chunkCSE36REY_js.a};Object.defineProperty(exports,"CrossBorderTransferManager",{enumerable:true,get:function(){return chunkCSE36REY_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"COUNTRY_ADEQUACY_MAP",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.a}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getAdequateCountries",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.c}});Object.defineProperty(exports,"getCountryAdequacy",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.b}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"requiresNDPCApproval",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.d}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});exports.CrossBorder=q;exports.CrossBorderProvider=t;exports.useCrossBorderCompound=A;

package/dist/cross-border.mjs

@@ -1,2 +1,2 @@
 "use client";
-import {a}from'./chunk-UTXDZDYF.mjs';export{a as CrossBorderTransferManager}from'./chunk-UTXDZDYF.mjs';import {a as a$1}from'./chunk-KDAZQO3N.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as COUNTRY_ADEQUACY_MAP,h as assessTransferRisk,c as getAdequateCountries,b as getCountryAdequacy,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,d as requiresNDPCApproval,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-FRQFU44F.mjs';import'./chunk-V5TZJJWU.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';import {createContext,useContext}from'react';import {jsx}from'react/jsx-runtime';var s=createContext(null);function A(){let r=useContext(s);if(!r)throw new Error("CrossBorder compound components must be wrapped in <CrossBorder.Provider>. Example: <CrossBorder.Provider><CrossBorder.Manager /></CrossBorder.Provider>");return r}var t=({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f,children:i})=>{let m=a$1({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f});return jsx(s.Provider,{value:m,children:i})};var q={Provider:t,Manager:a};export{q as CrossBorder,t as CrossBorderProvider,A as useCrossBorderCompound};
+import {a}from'./chunk-WPH6CJDL.mjs';export{a as CrossBorderTransferManager}from'./chunk-WPH6CJDL.mjs';import {a as a$1}from'./chunk-KDAZQO3N.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as COUNTRY_ADEQUACY_MAP,h as assessTransferRisk,c as getAdequateCountries,b as getCountryAdequacy,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,d as requiresNDPCApproval,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-FRQFU44F.mjs';import'./chunk-V5TZJJWU.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';import {createContext,useContext}from'react';import {jsx}from'react/jsx-runtime';var s=createContext(null);function A(){let r=useContext(s);if(!r)throw new Error("CrossBorder compound components must be wrapped in <CrossBorder.Provider>. Example: <CrossBorder.Provider><CrossBorder.Manager /></CrossBorder.Provider>");return r}var t=({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f,children:i})=>{let m=a$1({adapter:r,storageKey:d,useLocalStorage:a,initialTransfers:n,onAdd:p,onUpdate:C,onRemove:f});return jsx(s.Provider,{value:m,children:i})};var q={Provider:t,Manager:a};export{q as CrossBorder,t as CrossBorderProvider,A as useCrossBorderCompound};

package/dist/dsr.d.mts

@@ -331,7 +331,7 @@ export declare type DSRStatus = 'pending' | 'awaitingVerification' | 'inProgress
 /**
  * Validated DSR submission shape — matches what `<DSRRequestForm onSubmit>`
  * emits client-side. Use this as the typed parameter for your server-side
- * handler after `validateDsrSubmission` returns `valid: true`.
+ * handler after `validateDsrSubmissionStructured` returns `valid: true`.
  */
 export declare interface DsrSubmissionPayload {
     requestType: string;
@@ -346,16 +346,6 @@ export declare interface DsrSubmissionPayload {
     submittedAt: number;
 }
 
-/** Result of validating a raw DSR submission payload. */
-export declare interface DsrSubmissionValidationResult {
-    /** True when the payload conforms to the DSR submission contract. */
-    valid: boolean;
-    /** Field-keyed error messages. Empty when `valid` is true. */
-    errors: Record<string, string>;
-    /** The narrowed, typed payload — only populated when `valid` is true. */
-    data?: DsrSubmissionPayload;
-}
-
 /**
  * DSR tracking and analytics component. Supports compliance with NDPA Part IV,
  * providing summary statistics, deadline tracking, and compliance metrics for data subject requests.
@@ -459,16 +449,29 @@ declare interface DSRTrackerProps {
 export declare type DSRType = 'information' | 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision_making' | 'withdraw_consent';
 
 /**
- * Formats a DSR request for display or submission
- * @param request The DSR request to format
- * @returns Formatted request data
- * @deprecated Use `formatDSRRequestStructured()` for typed `{ field, code, message }[]` errors. The legacy string-returning shape will be removed in 5.0.
+ * Format a DSR request for display or submission. Returns the formatted
+ * payload plus a typed `errors` array of `{ field, code, message }` for any
+ * required fields missing from the source request.
+ *
+ * Codes emitted:
+ * - `request_id_required`
+ * - `request_type_required`
+ * - `request_status_required`
+ * - `created_at_required`
+ * - `subject_name_required`
+ * - `subject_email_required`
  */
-export declare function formatDSRRequest(request: DSRRequest): {
+export declare function formatDSRRequestStructured(request: DSRRequest): FormatDSRRequestStructuredResult;
+
+/** Result of {@link formatDSRRequestStructured}. */
+export declare interface FormatDSRRequestStructuredResult {
+    valid: boolean;
+    errors: StructuredValidationError[];
+    /** Formatted request payload — always populated regardless of `valid`. */
     formattedRequest: Record<string, unknown>;
-    isValid: boolean;
-    validationErrors: string[];
-};
+    /** Narrowed input — populated only on `valid: true`. */
+    data?: DSRRequest;
+}
 
 /**
  * Legacy status of a data subject request
@@ -519,6 +522,30 @@ export declare interface StorageAdapter<T = unknown> {
     remove(): void | Promise<void>;
 }
 
+/**
+ * Single structured validation error with a stable, locale-independent
+ * `code` consumers can switch on programmatically.
+ */
+declare interface StructuredValidationError {
+    /** Dot-path of the offending field (e.g. `'timestamp'`, `'dataSubject.email'`, `'options[0].purpose'`). */
+    field: string;
+    /** Stable, snake_case error code — safe to switch on across locales. */
+    code: string;
+    /** Human-readable English message — informational only; do not regex-match. */
+    message: string;
+}
+
+/**
+ * Result of a structured validator. `errors` is an array (one entry per
+ * failed rule). `data` is the narrowed, typed payload, only populated on
+ * `valid: true`.
+ */
+declare interface StructuredValidationResult<T> {
+    valid: boolean;
+    errors: StructuredValidationError[];
+    data?: T;
+}
+
 /**
  * Hook for managing Data Subject Requests in compliance with the NDPA.
  *
@@ -639,6 +666,23 @@ declare interface UseDSRReturn {
     isLoading: boolean;
 }
 
+/** Options for {@link validateDsrSubmissionStructured}. */
+export declare interface ValidateDsrSubmissionOptions {
+    /**
+     * Whether the data subject is required to provide an identifier
+     * (NDPC's recommended verification step). Mirror whatever you set on
+     * the client-side `<DSRRequestForm requireIdentityVerification>`.
+     * @default true
+     */
+    requireIdentityVerification?: boolean;
+    /**
+     * Allowed request types. When provided, the payload's `requestType`
+     * must be one of these — useful for locking the server to a specific
+     * set of supported NDPA Part VI §34-38 (plus §35, §36, §37) data-subject rights.
+     */
+    allowedRequestTypes?: string[];
+}
+
 /**
  * Validate a raw DSR submission payload against the same rules
  * `<DSRRequestForm />` enforces client-side. Designed to be called from a
@@ -647,53 +691,38 @@ declare interface UseDSRReturn {
  * the consumer hand-rolling zod / class-validator schemas.
  *
  * Defensive — accepts `unknown` and narrows. Safe to call directly on
- * `await request.json()`.
+ * `await request.json()`. Returns `{ field, code, message }[]` errors so
+ * callers can switch on `code` programmatically across locales.
+ *
+ * Codes emitted:
+ * - `payload_not_object`
+ * - `request_type_required`
+ * - `request_type_not_allowed`
+ * - `data_subject_required`
+ * - `full_name_required`
+ * - `email_required`
+ * - `email_invalid_format`
+ * - `phone_invalid_type`
+ * - `identifier_type_required`
+ * - `identifier_value_required`
+ * - `submitted_at_invalid`
+ * - `additional_info_invalid_type`
+ * - `payload_final_narrowing_failed`
  *
  * @example **Next.js Route Handler**
  * ```ts
- * // app/api/dsr/route.ts
- * import { validateDsrSubmission } from '@tantainnovative/ndpr-toolkit/server';
+ * import { validateDsrSubmissionStructured } from '@tantainnovative/ndpr-toolkit/server';
  *
  * export async function POST(req: Request) {
- *   const { valid, errors, data } = validateDsrSubmission(await req.json());
- *   if (!valid) return Response.json({ errors }, { status: 422 });
- *   // `data` is the typed DsrSubmissionPayload
+ *   const { valid, errors, data } = validateDsrSubmissionStructured(await req.json());
+ *   if (!valid) {
+ *     return Response.json({ errors }, { status: 422 });
+ *   }
  *   await dsrStore.create(data);
  *   return Response.json({ ok: true }, { status: 201 });
  * }
  * ```
- *
- * @example **Lock to specific request types**
- * ```ts
- * validateDsrSubmission(payload, {
- *   allowedRequestTypes: ['access', 'erasure', 'rectification'],
- * });
- * ```
- *
- * @example **Skip identity verification (e.g. authenticated session)**
- * ```ts
- * validateDsrSubmission(payload, { requireIdentityVerification: false });
- * ```
- *
- * @deprecated Use `validateDsrSubmissionStructured()` for typed `{ field, code, message }[]` errors. The legacy string-returning shape will be removed in 5.0.
  */
-export declare function validateDsrSubmission(payload: unknown, options?: ValidateDsrSubmissionOptions): DsrSubmissionValidationResult;
-
-/** Options for {@link validateDsrSubmission}. */
-export declare interface ValidateDsrSubmissionOptions {
-    /**
-     * Whether the data subject is required to provide an identifier
-     * (NDPC's recommended verification step). Mirror whatever you set on
-     * the client-side `<DSRRequestForm requireIdentityVerification>`.
-     * @default true
-     */
-    requireIdentityVerification?: boolean;
-    /**
-     * Allowed request types. When provided, the payload's `requestType`
-     * must be one of these — useful for locking the server to a specific
-     * set of supported NDPA Part VI §34-38 (plus §35, §36, §37) data-subject rights.
-     */
-    allowedRequestTypes?: string[];
-}
+export declare function validateDsrSubmissionStructured(payload: unknown, options?: ValidateDsrSubmissionOptions): StructuredValidationResult<DsrSubmissionPayload>;
 
 export { }