npm - @tantainnovative/ndpr-toolkit - Versions diffs - 5.1.4 → 5.3.0 - Mend

@tantainnovative/ndpr-toolkit 5.1.4 → 5.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/CHANGELOG.md +30 -0
package/README.md +85 -0
package/dist/{chunk-YX7DEHPA.mjs → chunk-6A7M4CGJ.mjs} +1 -1
package/dist/{chunk-JVMHWM3I.js → chunk-7TTXS7JX.js} +1 -1
package/dist/chunk-GYLUTVKB.js +1 -0
package/dist/chunk-KOHFQIV4.mjs +1 -0
package/dist/chunk-NKFTLFPD.mjs +1 -0
package/dist/chunk-OXFULQTE.js +1 -0
package/dist/core.d.mts +250 -0
package/dist/core.d.ts +250 -0
package/dist/core.js +1 -1
package/dist/core.mjs +1 -1
package/dist/headless.d.mts +658 -5
package/dist/headless.d.ts +658 -5
package/dist/headless.js +1 -1
package/dist/headless.mjs +1 -1
package/dist/hooks.d.mts +249 -0
package/dist/hooks.d.ts +249 -0
package/dist/hooks.js +1 -1
package/dist/hooks.mjs +1 -1
package/dist/index.d.mts +272 -0
package/dist/index.d.ts +272 -0
package/dist/index.js +1 -1
package/dist/index.mjs +1 -1
package/dist/presets.js +1 -1
package/dist/presets.mjs +1 -1
package/dist/server.js +1 -1
package/dist/server.mjs +1 -1
package/package.json +6 -3
package/dist/chunk-BHUJWWCO.js +0 -1
package/dist/chunk-XAB5C2JG.mjs +0 -1
/package/dist/{chunk-OZCNFB5C.js → chunk-OVW5ASY3.js} +0 -0
/package/dist/{chunk-GQYBS3A7.mjs → chunk-YQTZWPOS.mjs} +0 -0

package/dist/headless.js CHANGED Viewed

@@ -1,2 +1,2 @@
 "use client";
-'use strict';require('./chunk-OZCNFB5C.js');var chunkBHUJWWCO_js=require('./chunk-BHUJWWCO.js'),chunkEHQVTFYO_js=require('./chunk-EHQVTFYO.js'),chunkRC3XFXTJ_js=require('./chunk-RC3XFXTJ.js'),chunkQHW4UKGJ_js=require('./chunk-QHW4UKGJ.js'),chunkIRRUYR6M_js=require('./chunk-IRRUYR6M.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkTLIHFGIJ_js=require('./chunk-TLIHFGIJ.js');require('./chunk-JS7SYL5P.js'),require('./chunk-JVMHWM3I.js'),require('./chunk-3YTAOT5O.js'),require('./chunk-D2ZKDQVL.js'),require('./chunk-6LJHLE6G.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js');var chunkQKXGVT2Q_js=require('./chunk-QKXGVT2Q.js'),chunkL2VO3MEJ_js=require('./chunk-L2VO3MEJ.js');require('./chunk-C2KEXHRX.js'),require('./chunk-DKLJ5DYN.js');var chunkTVA6D6S4_js=require('./chunk-TVA6D6S4.js');require('./chunk-R2ZZMATR.js');var chunkJLQT3W3E_js=require('./chunk-JLQT3W3E.js');require('./chunk-TQZWJGJ2.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"useComplianceScore",{enumerable:true,get:function(){return chunkBHUJWWCO_js.a}});Object.defineProperty(exports,"useBreach",{enumerable:true,get:function(){return chunkEHQVTFYO_js.a}});Object.defineProperty(exports,"useDefaultPrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.b}});Object.defineProperty(exports,"usePrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.a}});Object.defineProperty(exports,"useAdaptivePolicyWizard",{enumerable:true,get:function(){return chunkQHW4UKGJ_js.a}});Object.defineProperty(exports,"useLawfulBasis",{enumerable:true,get:function(){return chunkIRRUYR6M_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkTLIHFGIJ_js.a}});Object.defineProperty(exports,"useConsent",{enumerable:true,get:function(){return chunkQKXGVT2Q_js.a}});Object.defineProperty(exports,"useFocusTrap",{enumerable:true,get:function(){return chunkL2VO3MEJ_js.a}});Object.defineProperty(exports,"useDSR",{enumerable:true,get:function(){return chunkTVA6D6S4_js.a}});Object.defineProperty(exports,"useDPIA",{enumerable:true,get:function(){return chunkJLQT3W3E_js.a}});
+'use strict';require('./chunk-OVW5ASY3.js');var chunkGYLUTVKB_js=require('./chunk-GYLUTVKB.js'),chunkEHQVTFYO_js=require('./chunk-EHQVTFYO.js'),chunkRC3XFXTJ_js=require('./chunk-RC3XFXTJ.js'),chunkQHW4UKGJ_js=require('./chunk-QHW4UKGJ.js'),chunkIRRUYR6M_js=require('./chunk-IRRUYR6M.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkTLIHFGIJ_js=require('./chunk-TLIHFGIJ.js');require('./chunk-OXFULQTE.js'),require('./chunk-JS7SYL5P.js'),require('./chunk-7TTXS7JX.js'),require('./chunk-3YTAOT5O.js'),require('./chunk-D2ZKDQVL.js'),require('./chunk-6LJHLE6G.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js');var chunkQKXGVT2Q_js=require('./chunk-QKXGVT2Q.js'),chunkL2VO3MEJ_js=require('./chunk-L2VO3MEJ.js');require('./chunk-C2KEXHRX.js'),require('./chunk-DKLJ5DYN.js');var chunkTVA6D6S4_js=require('./chunk-TVA6D6S4.js');require('./chunk-R2ZZMATR.js');var chunkJLQT3W3E_js=require('./chunk-JLQT3W3E.js');require('./chunk-TQZWJGJ2.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"useBreachNotificationAssessment",{enumerable:true,get:function(){return chunkGYLUTVKB_js.a}});Object.defineProperty(exports,"useComplianceAuditReturn",{enumerable:true,get:function(){return chunkGYLUTVKB_js.d}});Object.defineProperty(exports,"useComplianceScore",{enumerable:true,get:function(){return chunkGYLUTVKB_js.b}});Object.defineProperty(exports,"useDCPMI",{enumerable:true,get:function(){return chunkGYLUTVKB_js.c}});Object.defineProperty(exports,"useBreach",{enumerable:true,get:function(){return chunkEHQVTFYO_js.a}});Object.defineProperty(exports,"useDefaultPrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.b}});Object.defineProperty(exports,"usePrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.a}});Object.defineProperty(exports,"useAdaptivePolicyWizard",{enumerable:true,get:function(){return chunkQHW4UKGJ_js.a}});Object.defineProperty(exports,"useLawfulBasis",{enumerable:true,get:function(){return chunkIRRUYR6M_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkTLIHFGIJ_js.a}});Object.defineProperty(exports,"useConsent",{enumerable:true,get:function(){return chunkQKXGVT2Q_js.a}});Object.defineProperty(exports,"useFocusTrap",{enumerable:true,get:function(){return chunkL2VO3MEJ_js.a}});Object.defineProperty(exports,"useDSR",{enumerable:true,get:function(){return chunkTVA6D6S4_js.a}});Object.defineProperty(exports,"useDPIA",{enumerable:true,get:function(){return chunkJLQT3W3E_js.a}});

package/dist/headless.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
 "use client";
-import'./chunk-GQYBS3A7.mjs';export{a as useComplianceScore}from'./chunk-XAB5C2JG.mjs';export{a as useBreach}from'./chunk-RFXGD5NE.mjs';export{b as useDefaultPrivacyPolicy,a as usePrivacyPolicy}from'./chunk-UVXS7KRV.mjs';export{a as useAdaptivePolicyWizard}from'./chunk-KE2FZH2V.mjs';export{a as useLawfulBasis}from'./chunk-B6BRD5SL.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as useROPA}from'./chunk-FRMVSG4N.mjs';import'./chunk-IVSNHT24.mjs';import'./chunk-YX7DEHPA.mjs';import'./chunk-WTGKZX7J.mjs';import'./chunk-NBQQ2GN3.mjs';import'./chunk-BIJSMSUU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';export{a as useConsent}from'./chunk-PQ5IPUJN.mjs';export{a as useFocusTrap}from'./chunk-YTU4FNM2.mjs';import'./chunk-XC3DLYEG.mjs';import'./chunk-R3ZKV2J7.mjs';export{a as useDSR}from'./chunk-ZSRO4L3C.mjs';import'./chunk-RRVML7CU.mjs';export{a as useDPIA}from'./chunk-I3V3ITN7.mjs';import'./chunk-LRRENTT5.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';
+import'./chunk-YQTZWPOS.mjs';export{a as useBreachNotificationAssessment,d as useComplianceAuditReturn,b as useComplianceScore,c as useDCPMI}from'./chunk-NKFTLFPD.mjs';export{a as useBreach}from'./chunk-RFXGD5NE.mjs';export{b as useDefaultPrivacyPolicy,a as usePrivacyPolicy}from'./chunk-UVXS7KRV.mjs';export{a as useAdaptivePolicyWizard}from'./chunk-KE2FZH2V.mjs';export{a as useLawfulBasis}from'./chunk-B6BRD5SL.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as useROPA}from'./chunk-FRMVSG4N.mjs';import'./chunk-KOHFQIV4.mjs';import'./chunk-IVSNHT24.mjs';import'./chunk-6A7M4CGJ.mjs';import'./chunk-WTGKZX7J.mjs';import'./chunk-NBQQ2GN3.mjs';import'./chunk-BIJSMSUU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';export{a as useConsent}from'./chunk-PQ5IPUJN.mjs';export{a as useFocusTrap}from'./chunk-YTU4FNM2.mjs';import'./chunk-XC3DLYEG.mjs';import'./chunk-R3ZKV2J7.mjs';export{a as useDSR}from'./chunk-ZSRO4L3C.mjs';import'./chunk-RRVML7CU.mjs';export{a as useDPIA}from'./chunk-I3V3ITN7.mjs';import'./chunk-LRRENTT5.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/hooks.d.mts CHANGED Viewed

@@ -30,6 +30,93 @@ declare type BreachCompositeState = {
     notifications: RegulatoryNotification[];
 };
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
 /**
  * Represents a data breach report
  */
@@ -118,6 +205,68 @@ export declare interface BreachReport {
     }>;
 }
+/**
+ * Compliance Audit Returns (CAR) scheduling under the NDPC General Application
+ * and Implementation Directive (GAID) 2025.
+ *
+ * A Data Controller/Processor of Major Importance (DCPMI) must conduct an
+ * initial compliance audit within 15 months of commencing data processing, and
+ * thereafter file a Compliance Audit Return with the NDPC annually (default
+ * deadline 31 March, filed through the NDPC Information Management Portal/NIMP).
+ *
+ * This computes the schedule (initial-audit due date, the next annual filing
+ * deadline relative to a reference date) and a light status. NDPC deadlines
+ * shift (the 2026 filing was extended to 30 May), so the annual deadline is
+ * configurable and per-year overrides are supported. The audit *content* itself
+ * is the organisation's compliance posture — pair this with `getComplianceScore`.
+ *
+ * @see NDPC General Application and Implementation Directive (GAID) 2025
+ */
+export declare interface CARInput {
+    /** ISO date (YYYY-MM-DD) the organisation commenced data processing. */
+    commencementDate: string;
+    /** Reference date to evaluate against (YYYY-MM-DD). Defaults to today. */
+    asOf?: string;
+    /** DCPMI tier; CAR applies to DCPMIs only. Omit to assume applicable. */
+    tier?: DCPMITier;
+}
+export declare interface CAROptions {
+    /** Default annual filing deadline (month is 1-12). Defaults to 31 March. */
+    annualDeadline?: {
+        month: number;
+        day: number;
+    };
+    /** Per-year overrides for the annual deadline, e.g. `{ 2026: '2026-05-30' }`. */
+    deadlineOverrides?: Record<number, string>;
+    /** Months after commencement the initial audit is due. Defaults to 15. */
+    initialAuditWithinMonths?: number;
+}
+export declare interface ComplianceAuditReturn {
+    /** Whether CAR applies (false for non-DCPMI organisations). */
+    applicable: boolean;
+    schedule: {
+        commencementDate: string;
+        initialAuditWithinMonths: number;
+        /** Commencement date + the initial-audit window. */
+        initialAuditDueDate: string;
+        /** The next annual filing deadline on or after `asOf`. */
+        nextFilingDeadline: string;
+        /** The year the next filing deadline falls in. */
+        filingYear: number;
+    };
+    status: {
+        /** Whether the initial-audit obligation has arisen (asOf ≥ due date). */
+        initialAuditDue: boolean;
+        /** Whole days from `asOf` to the next filing deadline. */
+        daysUntilNextDeadline: number;
+    };
+    notes: string[];
+    asOf: string;
+}
 /** A single gap found during NDPA compliance evaluation. */
 declare interface ComplianceGap {
     /** Machine-readable requirement identifier. */
@@ -440,6 +589,84 @@ declare interface DataCategory {
     selected: boolean;
 }
+export declare interface DCPMIClassification {
+    /** Registration tier (or `'none'` when not a DCPMI). */
+    tier: DCPMITier;
+    /** Whether the organisation is a Data Controller/Processor of Major Importance. */
+    isDCPMI: boolean;
+    /** Annual registration fee in Nigerian Naira (0 when not a volume-tiered DCPMI). */
+    annualFeeNGN: number;
+    registration: {
+        /** Whether NDPC registration is required. */
+        required: boolean;
+        /** OHL renews registration annually; UHL/EHL register once and file CAR annually. */
+        renewsAnnually: boolean;
+    };
+    compliance: {
+        /** Whether the organisation must file annual Compliance Audit Returns (CAR). */
+        auditReturnsAnnual: boolean;
+        /** Initial compliance audit is due within this many months of commencing processing. */
+        initialAuditWithinMonths: number;
+    };
+    /** Human-readable caveats and next steps. */
+    notes: string[];
+    /** The count actually used for classification, after defensive normalisation. */
+    dataSubjectsConsidered: number;
+}
+export declare interface DCPMIClassificationOptions {
+    thresholds?: Partial<DCPMIThresholds>;
+    fees?: Partial<DCPMIFees>;
+}
+declare interface DCPMIFees {
+    UHL: number;
+    EHL: number;
+    OHL: number;
+}
+export declare interface DCPMIInput {
+    /** Distinct data subjects whose data was processed in the relevant six-month window. */
+    dataSubjectsInSixMonths?: number;
+    /** True if the Commission has separately designated/listed the organisation as a DCPMI. */
+    isDesignated?: boolean;
+}
+declare interface DCPMIThresholds {
+    /** Lower bound (inclusive) for OHL. */
+    ohl: number;
+    /** Lower bound (inclusive) for EHL. */
+    ehl: number;
+    /** A count strictly greater than this is UHL. */
+    uhl: number;
+}
+/**
+ * Data Controller/Processor of Major Importance (DCPMI) classification under the
+ * NDPC General Application and Implementation Directive (GAID) 2025.
+ *
+ * Volume-based tiers — data subjects processed within a six-month window:
+ *   - UHL (Ultra High Level):    more than 5,000  → ₦250,000 / year
+ *   - EHL (Extra High Level):    1,000 – 5,000    → ₦100,000 / year
+ *   - OHL (Ordinary High Level): 200 – 999        → ₦10,000  / year
+ *   - below 200:                 not a DCPMI by volume
+ *
+ * Boundaries: the 1,000 mark resolves to EHL (so OHL is 200–999); UHL is
+ * strictly greater than 5,000 (so 5,000 itself is EHL). The NDPC has revised
+ * classification metrics before and shifts filing deadlines, so thresholds and
+ * fees are configurable — treat the defaults as the September 2025 GAID
+ * baseline, not a constant.
+ *
+ * `isDesignated` marks an organisation the Commission has otherwise listed as a
+ * DCPMI; it is then a DCPMI regardless of volume. Below the volume tiers such an
+ * organisation is reported as `'listed'` with the fee left at 0 and a note to
+ * confirm the applicable tier/fee with the NDPC.
+ *
+ * @see NDPC General Application and Implementation Directive (GAID) 2025
+ * @see NDPC Guidance Notice on the Registration of Data Controllers and Processors of Major Importance
+ */
+declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
 /** Options for DOCX export of the finalised policy. */
 declare interface DOCXExportOptions {
     includeTOC?: boolean;
@@ -1511,6 +1738,14 @@ export declare interface UseAdaptivePolicyWizardReturn {
  */
 export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn;
+/**
+ * React hook that memoises the `assessBreachNotification` utility — checks a
+ * breach report's completeness against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements (mandated content, the 72-hour window, and any
+ * data-subject communication owed on high risk).
+ */
+export declare function useBreachNotificationAssessment(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;
 export declare interface UseBreachOptions {
     /**
      * Available breach categories
@@ -1614,6 +1849,13 @@ export declare interface UseBreachReturn {
     isLoading: boolean;
 }
+/**
+ * React hook that memoises the `generateComplianceAuditReturn` utility — derives
+ * a DCPMI's Compliance Audit Returns schedule (initial-audit due date, next
+ * annual filing deadline) and status under NDPC GAID 2025.
+ */
+export declare function useComplianceAuditReturn(input: CARInput, options?: CAROptions): ComplianceAuditReturn;
 /**
  * Computes an NDPA compliance score and returns a structured report
  * (score, rating, per-module breakdown, recommendations).
@@ -1831,6 +2073,13 @@ export declare interface UseCrossBorderTransferReturn {
     isLoading: boolean;
 }
+/**
+ * React hook that memoises the `classifyDCPMI` utility — derives an organisation's
+ * Data Controller/Processor of Major Importance tier, annual registration fee,
+ * and Compliance Audit Returns obligations under NDPC GAID 2025.
+ */
+export declare function useDCPMI(input: DCPMIInput, options?: DCPMIClassificationOptions): DCPMIClassification;
 /**
  * Convenience wrapper around `usePrivacyPolicy`. With `orgInfo` provided
  * and `autoGenerate` enabled (default), `policy` is non-null on the first

package/dist/hooks.d.ts CHANGED Viewed

@@ -30,6 +30,93 @@ declare type BreachCompositeState = {
     notifications: RegulatoryNotification[];
 };
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
 /**
  * Represents a data breach report
  */
@@ -118,6 +205,68 @@ export declare interface BreachReport {
     }>;
 }
+/**
+ * Compliance Audit Returns (CAR) scheduling under the NDPC General Application
+ * and Implementation Directive (GAID) 2025.
+ *
+ * A Data Controller/Processor of Major Importance (DCPMI) must conduct an
+ * initial compliance audit within 15 months of commencing data processing, and
+ * thereafter file a Compliance Audit Return with the NDPC annually (default
+ * deadline 31 March, filed through the NDPC Information Management Portal/NIMP).
+ *
+ * This computes the schedule (initial-audit due date, the next annual filing
+ * deadline relative to a reference date) and a light status. NDPC deadlines
+ * shift (the 2026 filing was extended to 30 May), so the annual deadline is
+ * configurable and per-year overrides are supported. The audit *content* itself
+ * is the organisation's compliance posture — pair this with `getComplianceScore`.
+ *
+ * @see NDPC General Application and Implementation Directive (GAID) 2025
+ */
+export declare interface CARInput {
+    /** ISO date (YYYY-MM-DD) the organisation commenced data processing. */
+    commencementDate: string;
+    /** Reference date to evaluate against (YYYY-MM-DD). Defaults to today. */
+    asOf?: string;
+    /** DCPMI tier; CAR applies to DCPMIs only. Omit to assume applicable. */
+    tier?: DCPMITier;
+}
+export declare interface CAROptions {
+    /** Default annual filing deadline (month is 1-12). Defaults to 31 March. */
+    annualDeadline?: {
+        month: number;
+        day: number;
+    };
+    /** Per-year overrides for the annual deadline, e.g. `{ 2026: '2026-05-30' }`. */
+    deadlineOverrides?: Record<number, string>;
+    /** Months after commencement the initial audit is due. Defaults to 15. */
+    initialAuditWithinMonths?: number;
+}
+export declare interface ComplianceAuditReturn {
+    /** Whether CAR applies (false for non-DCPMI organisations). */
+    applicable: boolean;
+    schedule: {
+        commencementDate: string;
+        initialAuditWithinMonths: number;
+        /** Commencement date + the initial-audit window. */
+        initialAuditDueDate: string;
+        /** The next annual filing deadline on or after `asOf`. */
+        nextFilingDeadline: string;
+        /** The year the next filing deadline falls in. */
+        filingYear: number;
+    };
+    status: {
+        /** Whether the initial-audit obligation has arisen (asOf ≥ due date). */
+        initialAuditDue: boolean;
+        /** Whole days from `asOf` to the next filing deadline. */
+        daysUntilNextDeadline: number;
+    };
+    notes: string[];
+    asOf: string;
+}
 /** A single gap found during NDPA compliance evaluation. */
 declare interface ComplianceGap {
     /** Machine-readable requirement identifier. */
@@ -440,6 +589,84 @@ declare interface DataCategory {
     selected: boolean;
 }
+export declare interface DCPMIClassification {
+    /** Registration tier (or `'none'` when not a DCPMI). */
+    tier: DCPMITier;
+    /** Whether the organisation is a Data Controller/Processor of Major Importance. */
+    isDCPMI: boolean;
+    /** Annual registration fee in Nigerian Naira (0 when not a volume-tiered DCPMI). */
+    annualFeeNGN: number;
+    registration: {
+        /** Whether NDPC registration is required. */
+        required: boolean;
+        /** OHL renews registration annually; UHL/EHL register once and file CAR annually. */
+        renewsAnnually: boolean;
+    };
+    compliance: {
+        /** Whether the organisation must file annual Compliance Audit Returns (CAR). */
+        auditReturnsAnnual: boolean;
+        /** Initial compliance audit is due within this many months of commencing processing. */
+        initialAuditWithinMonths: number;
+    };
+    /** Human-readable caveats and next steps. */
+    notes: string[];
+    /** The count actually used for classification, after defensive normalisation. */
+    dataSubjectsConsidered: number;
+}
+export declare interface DCPMIClassificationOptions {
+    thresholds?: Partial<DCPMIThresholds>;
+    fees?: Partial<DCPMIFees>;
+}
+declare interface DCPMIFees {
+    UHL: number;
+    EHL: number;
+    OHL: number;
+}
+export declare interface DCPMIInput {
+    /** Distinct data subjects whose data was processed in the relevant six-month window. */
+    dataSubjectsInSixMonths?: number;
+    /** True if the Commission has separately designated/listed the organisation as a DCPMI. */
+    isDesignated?: boolean;
+}
+declare interface DCPMIThresholds {
+    /** Lower bound (inclusive) for OHL. */
+    ohl: number;
+    /** Lower bound (inclusive) for EHL. */
+    ehl: number;
+    /** A count strictly greater than this is UHL. */
+    uhl: number;
+}
+/**
+ * Data Controller/Processor of Major Importance (DCPMI) classification under the
+ * NDPC General Application and Implementation Directive (GAID) 2025.
+ *
+ * Volume-based tiers — data subjects processed within a six-month window:
+ *   - UHL (Ultra High Level):    more than 5,000  → ₦250,000 / year
+ *   - EHL (Extra High Level):    1,000 – 5,000    → ₦100,000 / year
+ *   - OHL (Ordinary High Level): 200 – 999        → ₦10,000  / year
+ *   - below 200:                 not a DCPMI by volume
+ *
+ * Boundaries: the 1,000 mark resolves to EHL (so OHL is 200–999); UHL is
+ * strictly greater than 5,000 (so 5,000 itself is EHL). The NDPC has revised
+ * classification metrics before and shifts filing deadlines, so thresholds and
+ * fees are configurable — treat the defaults as the September 2025 GAID
+ * baseline, not a constant.
+ *
+ * `isDesignated` marks an organisation the Commission has otherwise listed as a
+ * DCPMI; it is then a DCPMI regardless of volume. Below the volume tiers such an
+ * organisation is reported as `'listed'` with the fee left at 0 and a note to
+ * confirm the applicable tier/fee with the NDPC.
+ *
+ * @see NDPC General Application and Implementation Directive (GAID) 2025
+ * @see NDPC Guidance Notice on the Registration of Data Controllers and Processors of Major Importance
+ */
+declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
 /** Options for DOCX export of the finalised policy. */
 declare interface DOCXExportOptions {
     includeTOC?: boolean;
@@ -1511,6 +1738,14 @@ export declare interface UseAdaptivePolicyWizardReturn {
  */
 export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn;
+/**
+ * React hook that memoises the `assessBreachNotification` utility — checks a
+ * breach report's completeness against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements (mandated content, the 72-hour window, and any
+ * data-subject communication owed on high risk).
+ */
+export declare function useBreachNotificationAssessment(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;
 export declare interface UseBreachOptions {
     /**
      * Available breach categories
@@ -1614,6 +1849,13 @@ export declare interface UseBreachReturn {
     isLoading: boolean;
 }
+/**
+ * React hook that memoises the `generateComplianceAuditReturn` utility — derives
+ * a DCPMI's Compliance Audit Returns schedule (initial-audit due date, next
+ * annual filing deadline) and status under NDPC GAID 2025.
+ */
+export declare function useComplianceAuditReturn(input: CARInput, options?: CAROptions): ComplianceAuditReturn;
 /**
  * Computes an NDPA compliance score and returns a structured report
  * (score, rating, per-module breakdown, recommendations).
@@ -1831,6 +2073,13 @@ export declare interface UseCrossBorderTransferReturn {
     isLoading: boolean;
 }
+/**
+ * React hook that memoises the `classifyDCPMI` utility — derives an organisation's
+ * Data Controller/Processor of Major Importance tier, annual registration fee,
+ * and Compliance Audit Returns obligations under NDPC GAID 2025.
+ */
+export declare function useDCPMI(input: DCPMIInput, options?: DCPMIClassificationOptions): DCPMIClassification;
 /**
  * Convenience wrapper around `usePrivacyPolicy`. With `orgInfo` provided
  * and `autoGenerate` enabled (default), `policy` is non-null on the first

package/dist/hooks.js CHANGED Viewed

@@ -1,2 +1,2 @@
 "use client";
-'use strict';require('./chunk-OZCNFB5C.js');var chunkBHUJWWCO_js=require('./chunk-BHUJWWCO.js'),chunkEHQVTFYO_js=require('./chunk-EHQVTFYO.js'),chunkRC3XFXTJ_js=require('./chunk-RC3XFXTJ.js'),chunkQHW4UKGJ_js=require('./chunk-QHW4UKGJ.js'),chunkIRRUYR6M_js=require('./chunk-IRRUYR6M.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkTLIHFGIJ_js=require('./chunk-TLIHFGIJ.js');require('./chunk-JS7SYL5P.js'),require('./chunk-JVMHWM3I.js'),require('./chunk-3YTAOT5O.js'),require('./chunk-D2ZKDQVL.js'),require('./chunk-6LJHLE6G.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js');var chunkQKXGVT2Q_js=require('./chunk-QKXGVT2Q.js'),chunkL2VO3MEJ_js=require('./chunk-L2VO3MEJ.js');require('./chunk-C2KEXHRX.js'),require('./chunk-DKLJ5DYN.js');var chunkTVA6D6S4_js=require('./chunk-TVA6D6S4.js');require('./chunk-R2ZZMATR.js');var chunkJLQT3W3E_js=require('./chunk-JLQT3W3E.js');require('./chunk-TQZWJGJ2.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"useComplianceScore",{enumerable:true,get:function(){return chunkBHUJWWCO_js.a}});Object.defineProperty(exports,"useBreach",{enumerable:true,get:function(){return chunkEHQVTFYO_js.a}});Object.defineProperty(exports,"useDefaultPrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.b}});Object.defineProperty(exports,"usePrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.a}});Object.defineProperty(exports,"useAdaptivePolicyWizard",{enumerable:true,get:function(){return chunkQHW4UKGJ_js.a}});Object.defineProperty(exports,"useLawfulBasis",{enumerable:true,get:function(){return chunkIRRUYR6M_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkTLIHFGIJ_js.a}});Object.defineProperty(exports,"useConsent",{enumerable:true,get:function(){return chunkQKXGVT2Q_js.a}});Object.defineProperty(exports,"useFocusTrap",{enumerable:true,get:function(){return chunkL2VO3MEJ_js.a}});Object.defineProperty(exports,"useDSR",{enumerable:true,get:function(){return chunkTVA6D6S4_js.a}});Object.defineProperty(exports,"useDPIA",{enumerable:true,get:function(){return chunkJLQT3W3E_js.a}});
+'use strict';require('./chunk-OVW5ASY3.js');var chunkGYLUTVKB_js=require('./chunk-GYLUTVKB.js'),chunkEHQVTFYO_js=require('./chunk-EHQVTFYO.js'),chunkRC3XFXTJ_js=require('./chunk-RC3XFXTJ.js'),chunkQHW4UKGJ_js=require('./chunk-QHW4UKGJ.js'),chunkIRRUYR6M_js=require('./chunk-IRRUYR6M.js'),chunkHHK5LHEG_js=require('./chunk-HHK5LHEG.js'),chunkTLIHFGIJ_js=require('./chunk-TLIHFGIJ.js');require('./chunk-OXFULQTE.js'),require('./chunk-JS7SYL5P.js'),require('./chunk-7TTXS7JX.js'),require('./chunk-3YTAOT5O.js'),require('./chunk-D2ZKDQVL.js'),require('./chunk-6LJHLE6G.js'),require('./chunk-YFBDJ4FH.js'),require('./chunk-WZYCBW2R.js'),require('./chunk-4CVBQC66.js');var chunkQKXGVT2Q_js=require('./chunk-QKXGVT2Q.js'),chunkL2VO3MEJ_js=require('./chunk-L2VO3MEJ.js');require('./chunk-C2KEXHRX.js'),require('./chunk-DKLJ5DYN.js');var chunkTVA6D6S4_js=require('./chunk-TVA6D6S4.js');require('./chunk-R2ZZMATR.js');var chunkJLQT3W3E_js=require('./chunk-JLQT3W3E.js');require('./chunk-TQZWJGJ2.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"useBreachNotificationAssessment",{enumerable:true,get:function(){return chunkGYLUTVKB_js.a}});Object.defineProperty(exports,"useComplianceAuditReturn",{enumerable:true,get:function(){return chunkGYLUTVKB_js.d}});Object.defineProperty(exports,"useComplianceScore",{enumerable:true,get:function(){return chunkGYLUTVKB_js.b}});Object.defineProperty(exports,"useDCPMI",{enumerable:true,get:function(){return chunkGYLUTVKB_js.c}});Object.defineProperty(exports,"useBreach",{enumerable:true,get:function(){return chunkEHQVTFYO_js.a}});Object.defineProperty(exports,"useDefaultPrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.b}});Object.defineProperty(exports,"usePrivacyPolicy",{enumerable:true,get:function(){return chunkRC3XFXTJ_js.a}});Object.defineProperty(exports,"useAdaptivePolicyWizard",{enumerable:true,get:function(){return chunkQHW4UKGJ_js.a}});Object.defineProperty(exports,"useLawfulBasis",{enumerable:true,get:function(){return chunkIRRUYR6M_js.a}});Object.defineProperty(exports,"useCrossBorderTransfer",{enumerable:true,get:function(){return chunkHHK5LHEG_js.a}});Object.defineProperty(exports,"useROPA",{enumerable:true,get:function(){return chunkTLIHFGIJ_js.a}});Object.defineProperty(exports,"useConsent",{enumerable:true,get:function(){return chunkQKXGVT2Q_js.a}});Object.defineProperty(exports,"useFocusTrap",{enumerable:true,get:function(){return chunkL2VO3MEJ_js.a}});Object.defineProperty(exports,"useDSR",{enumerable:true,get:function(){return chunkTVA6D6S4_js.a}});Object.defineProperty(exports,"useDPIA",{enumerable:true,get:function(){return chunkJLQT3W3E_js.a}});

package/dist/hooks.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
 "use client";
-import'./chunk-GQYBS3A7.mjs';export{a as useComplianceScore}from'./chunk-XAB5C2JG.mjs';export{a as useBreach}from'./chunk-RFXGD5NE.mjs';export{b as useDefaultPrivacyPolicy,a as usePrivacyPolicy}from'./chunk-UVXS7KRV.mjs';export{a as useAdaptivePolicyWizard}from'./chunk-KE2FZH2V.mjs';export{a as useLawfulBasis}from'./chunk-B6BRD5SL.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as useROPA}from'./chunk-FRMVSG4N.mjs';import'./chunk-IVSNHT24.mjs';import'./chunk-YX7DEHPA.mjs';import'./chunk-WTGKZX7J.mjs';import'./chunk-NBQQ2GN3.mjs';import'./chunk-BIJSMSUU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';export{a as useConsent}from'./chunk-PQ5IPUJN.mjs';export{a as useFocusTrap}from'./chunk-YTU4FNM2.mjs';import'./chunk-XC3DLYEG.mjs';import'./chunk-R3ZKV2J7.mjs';export{a as useDSR}from'./chunk-ZSRO4L3C.mjs';import'./chunk-RRVML7CU.mjs';export{a as useDPIA}from'./chunk-I3V3ITN7.mjs';import'./chunk-LRRENTT5.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';
+import'./chunk-YQTZWPOS.mjs';export{a as useBreachNotificationAssessment,d as useComplianceAuditReturn,b as useComplianceScore,c as useDCPMI}from'./chunk-NKFTLFPD.mjs';export{a as useBreach}from'./chunk-RFXGD5NE.mjs';export{b as useDefaultPrivacyPolicy,a as usePrivacyPolicy}from'./chunk-UVXS7KRV.mjs';export{a as useAdaptivePolicyWizard}from'./chunk-KE2FZH2V.mjs';export{a as useLawfulBasis}from'./chunk-B6BRD5SL.mjs';export{a as useCrossBorderTransfer}from'./chunk-KDAZQO3N.mjs';export{a as useROPA}from'./chunk-FRMVSG4N.mjs';import'./chunk-KOHFQIV4.mjs';import'./chunk-IVSNHT24.mjs';import'./chunk-6A7M4CGJ.mjs';import'./chunk-WTGKZX7J.mjs';import'./chunk-NBQQ2GN3.mjs';import'./chunk-BIJSMSUU.mjs';import'./chunk-7BJXI2HI.mjs';import'./chunk-LWIKDDSU.mjs';import'./chunk-XP5PL6K7.mjs';export{a as useConsent}from'./chunk-PQ5IPUJN.mjs';export{a as useFocusTrap}from'./chunk-YTU4FNM2.mjs';import'./chunk-XC3DLYEG.mjs';import'./chunk-R3ZKV2J7.mjs';export{a as useDSR}from'./chunk-ZSRO4L3C.mjs';import'./chunk-RRVML7CU.mjs';export{a as useDPIA}from'./chunk-I3V3ITN7.mjs';import'./chunk-LRRENTT5.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';