npm - @tantainnovative/ndpr-toolkit - Versions diffs - 5.5.1 → 5.7.0 - Mend

@tantainnovative/ndpr-toolkit 5.5.1 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/CHANGELOG.md +28 -0
package/README.md +36 -0
package/dist/{chunk-C77CRJLD.mjs → chunk-2T5MY2Q6.mjs} +1 -1
package/dist/chunk-7PV64WEZ.js +1 -0
package/dist/{chunk-VTBHDHYK.js → chunk-NTEYQLYM.js} +1 -1
package/dist/chunk-PEUAA5EC.js +1 -0
package/dist/chunk-PYSYBUIV.mjs +1 -0
package/dist/chunk-QNXLY5EJ.mjs +1 -0
package/dist/chunk-YMKN3YQL.js +1 -0
package/dist/chunk-ZY4RCV5C.mjs +1 -0
package/dist/consent.d.mts +114 -0
package/dist/consent.d.ts +114 -0
package/dist/consent.js +1 -1
package/dist/consent.mjs +1 -1
package/dist/core.d.mts +88 -0
package/dist/core.d.ts +88 -0
package/dist/core.js +1 -1
package/dist/core.mjs +1 -1
package/dist/headless.d.mts +163 -0
package/dist/headless.d.ts +163 -0
package/dist/headless.js +1 -1
package/dist/headless.mjs +1 -1
package/dist/hooks.d.mts +90 -0
package/dist/hooks.d.ts +90 -0
package/dist/hooks.js +1 -1
package/dist/hooks.mjs +1 -1
package/dist/index.d.mts +131 -0
package/dist/index.d.ts +131 -0
package/dist/index.js +1 -1
package/dist/index.mjs +1 -1
package/dist/presets-consent.d.mts +2 -0
package/dist/presets-consent.d.ts +2 -0
package/dist/presets-consent.js +1 -1
package/dist/presets-consent.mjs +1 -1
package/dist/presets.d.mts +2 -0
package/dist/presets.d.ts +2 -0
package/dist/presets.js +1 -1
package/dist/presets.mjs +1 -1
package/dist/server.d.mts +88 -0
package/dist/server.d.ts +88 -0
package/dist/server.js +1 -1
package/dist/server.mjs +1 -1
package/dist/unstyled.d.mts +64 -0
package/dist/unstyled.d.ts +64 -0
package/dist/unstyled.js +1 -1
package/dist/unstyled.mjs +1 -1
package/package.json +1 -1
package/dist/chunk-HMKXK23C.mjs +0 -1
package/dist/chunk-L2VO3MEJ.js +0 -1
package/dist/chunk-PXUX4FYM.js +0 -1
package/dist/chunk-YTU4FNM2.mjs +0 -1
/package/dist/{chunk-YQTZWPOS.mjs → chunk-23CULZBM.mjs} +0 -0
/package/dist/{chunk-OVW5ASY3.js → chunk-VKDW2IHV.js} +0 -0

package/dist/core.d.mts CHANGED Viewed

@@ -615,6 +615,44 @@ export declare interface ConsentStorageOptions {
     };
 }
+/** How a present cookie was classified. */
+export declare type CookieMatchSource = 'declared' | 'known' | 'none';
+export declare interface CookieScanOptions {
+    /**
+     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
+     * Defaults to `document.cookie` in the browser, or `''` on the server.
+     */
+    cookieString?: string;
+    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Extra known cookies, checked before the built-in registry (so they can override it). */
+    knownCookies?: DeclaredCookie[];
+    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
+    useKnownRegistry?: boolean;
+}
+export declare interface CookieScanResult {
+    /** When the scan ran (epoch ms). */
+    scannedAt: number;
+    /** Number of cookies present. */
+    total: number;
+    /** Every present cookie, classified. */
+    cookies: ScannedCookie[];
+    /** Cookies that matched one of your declared cookies. */
+    declared: ScannedCookie[];
+    /** Cookies present but NOT in your declaration — the compliance gap. */
+    undeclared: ScannedCookie[];
+    /** Undeclared cookies the built-in registry could still identify. */
+    identified: ScannedCookie[];
+    /** Undeclared cookies that could not be identified at all. */
+    unknown: ScannedCookie[];
+    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
+    byCategory: Record<string, ScannedCookie[]>;
+    /** True when there are no undeclared cookies. */
+    complete: boolean;
+}
 /**
  * Creates a new audit entry from consent settings. If `previousSettings` is
  * provided, the action is automatically determined by comparing old and new
@@ -828,6 +866,30 @@ export declare interface DCPMIThresholds {
  */
 export declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
+/**
+ * Cookie scanner — audits the cookies actually present in the browser against
+ * the cookies you have declared, surfacing undeclared cookies that put you out
+ * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
+ * specific, informed consent).
+ *
+ * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
+ * `Cookie:` header on the server, a test fixture), or call it in the browser
+ * and it reads `document.cookie`. Safe to import from a server bundle.
+ */
+/** A cookie you declare against a consent category. */
+export declare interface DeclaredCookie {
+    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
+    name: string | RegExp;
+    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
+    category: string;
+    /** Who sets the cookie (e.g. 'Google Analytics'). */
+    provider?: string;
+    /** What the cookie is used for — surfaced in your cookie policy. */
+    purpose?: string;
+    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
+    prefix?: boolean;
+}
 /** September 2025 GAID baseline annual fees (NGN). */
 export declare const DEFAULT_DCPMI_FEES_NGN: DCPMIFees;
@@ -1323,6 +1385,14 @@ declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'educa
  */
 export declare function isNDPCApprovalRequired(mechanism: TransferMechanism): boolean;
+/**
+ * Built-in registry of widely deployed third-party cookies, so an undeclared
+ * cookie can often still be identified (provider + likely category). Override
+ * or extend via {@link CookieScanOptions.knownCookies}; categories follow the
+ * common necessary / functional / analytics / marketing taxonomy.
+ */
+export declare const KNOWN_COOKIES: DeclaredCookie[];
 /**
  * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28)
  * Every processing activity must have a documented lawful basis
@@ -2330,6 +2400,24 @@ export declare function runNdprAudit(input: NdprAuditInput, options?: NdprAuditO
  */
 export declare function sanitizeInput(input: string): string;
+/**
+ * Scan the cookies present against your declared cookies and a registry of
+ * well-known third-party cookies. Returns which cookies are declared, which are
+ * undeclared (and whether they can still be identified), and a per-category view.
+ */
+export declare function scanCookies(declared?: DeclaredCookie[], options?: CookieScanOptions): CookieScanResult;
+export declare interface ScannedCookie {
+    /** The cookie name as found in the cookie string. */
+    name: string;
+    /** Resolved consent category, or `null` when it could not be classified. */
+    category: string | null;
+    /** Whether it matched your declaration, only the known registry, or nothing. */
+    matchedBy: CookieMatchSource;
+    provider?: string;
+    purpose?: string;
+}
 /**
  * Additional conditions required for processing sensitive personal data
  * per NDPA Section 30

package/dist/core.d.ts CHANGED Viewed

@@ -615,6 +615,44 @@ export declare interface ConsentStorageOptions {
     };
 }
+/** How a present cookie was classified. */
+export declare type CookieMatchSource = 'declared' | 'known' | 'none';
+export declare interface CookieScanOptions {
+    /**
+     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
+     * Defaults to `document.cookie` in the browser, or `''` on the server.
+     */
+    cookieString?: string;
+    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Extra known cookies, checked before the built-in registry (so they can override it). */
+    knownCookies?: DeclaredCookie[];
+    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
+    useKnownRegistry?: boolean;
+}
+export declare interface CookieScanResult {
+    /** When the scan ran (epoch ms). */
+    scannedAt: number;
+    /** Number of cookies present. */
+    total: number;
+    /** Every present cookie, classified. */
+    cookies: ScannedCookie[];
+    /** Cookies that matched one of your declared cookies. */
+    declared: ScannedCookie[];
+    /** Cookies present but NOT in your declaration — the compliance gap. */
+    undeclared: ScannedCookie[];
+    /** Undeclared cookies the built-in registry could still identify. */
+    identified: ScannedCookie[];
+    /** Undeclared cookies that could not be identified at all. */
+    unknown: ScannedCookie[];
+    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
+    byCategory: Record<string, ScannedCookie[]>;
+    /** True when there are no undeclared cookies. */
+    complete: boolean;
+}
 /**
  * Creates a new audit entry from consent settings. If `previousSettings` is
  * provided, the action is automatically determined by comparing old and new
@@ -828,6 +866,30 @@ export declare interface DCPMIThresholds {
  */
 export declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
+/**
+ * Cookie scanner — audits the cookies actually present in the browser against
+ * the cookies you have declared, surfacing undeclared cookies that put you out
+ * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
+ * specific, informed consent).
+ *
+ * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
+ * `Cookie:` header on the server, a test fixture), or call it in the browser
+ * and it reads `document.cookie`. Safe to import from a server bundle.
+ */
+/** A cookie you declare against a consent category. */
+export declare interface DeclaredCookie {
+    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
+    name: string | RegExp;
+    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
+    category: string;
+    /** Who sets the cookie (e.g. 'Google Analytics'). */
+    provider?: string;
+    /** What the cookie is used for — surfaced in your cookie policy. */
+    purpose?: string;
+    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
+    prefix?: boolean;
+}
 /** September 2025 GAID baseline annual fees (NGN). */
 export declare const DEFAULT_DCPMI_FEES_NGN: DCPMIFees;
@@ -1323,6 +1385,14 @@ declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'educa
  */
 export declare function isNDPCApprovalRequired(mechanism: TransferMechanism): boolean;
+/**
+ * Built-in registry of widely deployed third-party cookies, so an undeclared
+ * cookie can often still be identified (provider + likely category). Override
+ * or extend via {@link CookieScanOptions.knownCookies}; categories follow the
+ * common necessary / functional / analytics / marketing taxonomy.
+ */
+export declare const KNOWN_COOKIES: DeclaredCookie[];
 /**
  * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28)
  * Every processing activity must have a documented lawful basis
@@ -2330,6 +2400,24 @@ export declare function runNdprAudit(input: NdprAuditInput, options?: NdprAuditO
  */
 export declare function sanitizeInput(input: string): string;
+/**
+ * Scan the cookies present against your declared cookies and a registry of
+ * well-known third-party cookies. Returns which cookies are declared, which are
+ * undeclared (and whether they can still be identified), and a per-category view.
+ */
+export declare function scanCookies(declared?: DeclaredCookie[], options?: CookieScanOptions): CookieScanResult;
+export declare interface ScannedCookie {
+    /** The cookie name as found in the cookie string. */
+    name: string;
+    /** Resolved consent category, or `null` when it could not be classified. */
+    category: string | null;
+    /** Whether it matched your declaration, only the known registry, or nothing. */
+    matchedBy: CookieMatchSource;
+    provider?: string;
+    purpose?: string;
+}
 /**
  * Additional conditions required for processing sensitive personal data
  * per NDPA Section 30

package/dist/core.js CHANGED Viewed

	@@ -1 +1 @@
1	- 'use strict';var chunkLP5KXMBY_js=require('./chunk-LP5KXMBY.js'),chunkNUOHT3LO_js=require('./chunk-NUOHT3LO.js'),chunkHCZDQWHY_js=require('./chunk-HCZDQWHY.js'),chunkVFRGCBJY_js=require('./chunk-VFRGCBJY.js'),chunk7TTXS7JX_js=require('./chunk-7TTXS7JX.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkY346CURW_js=require('./chunk-Y346CURW.js'),chunkD2ZKDQVL_js=require('./chunk-D2ZKDQVL.js'),chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkDKLJ5DYN_js=require('./chunk-DKLJ5DYN.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkR2ZZMATR_js=require('./chunk-R2ZZMATR.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js'),chunkI5ZDNSX5_js=require('./chunk-I5ZDNSX5.js'),chunk7563FVMY_js=require('./chunk-7563FVMY.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"arabicLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.e}});Object.defineProperty(exports,"frenchLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.f}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunkNUOHT3LO_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"formatNdprAuditReport",{enumerable:true,get:function(){return chunkHCZDQWHY_js.b}});Object.defineProperty(exports,"runNdprAudit",{enumerable:true,get:function(){return chunkHCZDQWHY_js.a}});Object.defineProperty(exports,"DEFAULT_DCPMI_FEES_NGN",{enumerable:true,get:function(){return chunkVFRGCBJY_js.b}});Object.defineProperty(exports,"DEFAULT_DCPMI_THRESHOLDS",{enumerable:true,get:function(){return chunkVFRGCBJY_js.a}});Object.defineProperty(exports,"classifyDCPMI",{enumerable:true,get:function(){return chunkVFRGCBJY_js.c}});Object.defineProperty(exports,"generateComplianceAuditReturn",{enumerable:true,get:function(){return chunkVFRGCBJY_js.d}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunk7TTXS7JX_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"assessBreachNotification",{enumerable:true,get:function(){return chunkY346CURW_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunk6LJHLE6G_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunk6LJHLE6G_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunk6LJHLE6G_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsentOptionsStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.b}});Object.defineProperty(exports,"validateConsentStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.a}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequestStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.b}});Object.defineProperty(exports,"validateDsrSubmissionStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.c}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.b}});
1	+ 'use strict';var chunkLP5KXMBY_js=require('./chunk-LP5KXMBY.js'),chunkNUOHT3LO_js=require('./chunk-NUOHT3LO.js'),chunkHCZDQWHY_js=require('./chunk-HCZDQWHY.js'),chunkVFRGCBJY_js=require('./chunk-VFRGCBJY.js'),chunk7TTXS7JX_js=require('./chunk-7TTXS7JX.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkY346CURW_js=require('./chunk-Y346CURW.js'),chunkD2ZKDQVL_js=require('./chunk-D2ZKDQVL.js'),chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkDKLJ5DYN_js=require('./chunk-DKLJ5DYN.js'),chunkPEUAA5EC_js=require('./chunk-PEUAA5EC.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkR2ZZMATR_js=require('./chunk-R2ZZMATR.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js'),chunkI5ZDNSX5_js=require('./chunk-I5ZDNSX5.js'),chunk7563FVMY_js=require('./chunk-7563FVMY.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"arabicLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.e}});Object.defineProperty(exports,"frenchLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.f}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunkNUOHT3LO_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"formatNdprAuditReport",{enumerable:true,get:function(){return chunkHCZDQWHY_js.b}});Object.defineProperty(exports,"runNdprAudit",{enumerable:true,get:function(){return chunkHCZDQWHY_js.a}});Object.defineProperty(exports,"DEFAULT_DCPMI_FEES_NGN",{enumerable:true,get:function(){return chunkVFRGCBJY_js.b}});Object.defineProperty(exports,"DEFAULT_DCPMI_THRESHOLDS",{enumerable:true,get:function(){return chunkVFRGCBJY_js.a}});Object.defineProperty(exports,"classifyDCPMI",{enumerable:true,get:function(){return chunkVFRGCBJY_js.c}});Object.defineProperty(exports,"generateComplianceAuditReturn",{enumerable:true,get:function(){return chunkVFRGCBJY_js.d}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunk7TTXS7JX_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"assessBreachNotification",{enumerable:true,get:function(){return chunkY346CURW_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunk6LJHLE6G_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunk6LJHLE6G_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunk6LJHLE6G_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsentOptionsStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.b}});Object.defineProperty(exports,"validateConsentStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.a}});Object.defineProperty(exports,"KNOWN_COOKIES",{enumerable:true,get:function(){return chunkPEUAA5EC_js.a}});Object.defineProperty(exports,"scanCookies",{enumerable:true,get:function(){return chunkPEUAA5EC_js.b}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequestStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.b}});Object.defineProperty(exports,"validateDsrSubmissionStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.c}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.b}});

package/dist/core.mjs CHANGED Viewed

	@@ -1 +1 @@
1	- export{e as arabicLocale,f as frenchLocale,c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-KUI5W44P.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-CWY2FMIC.mjs';export{b as formatNdprAuditReport,a as runNdprAudit}from'./chunk-ME77GU4Q.mjs';export{b as DEFAULT_DCPMI_FEES_NGN,a as DEFAULT_DCPMI_THRESHOLDS,c as classifyDCPMI,d as generateComplianceAuditReturn}from'./chunk-MGXWQW5I.mjs';export{a as getComplianceScore}from'./chunk-6A7M4CGJ.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{a as assessBreachNotification}from'./chunk-WJSUVPYX.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-NBQQ2GN3.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-BIJSMSUU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{b as validateConsentOptionsStructured,a as validateConsentStructured}from'./chunk-R3ZKV2J7.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequestStructured,a as validateDsrSubmissionStructured}from'./chunk-RRVML7CU.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-PHA3YMFO.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-5LJ652AH.mjs';import'./chunk-ZJYULEER.mjs';
1	+ export{e as arabicLocale,f as frenchLocale,c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-KUI5W44P.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-CWY2FMIC.mjs';export{b as formatNdprAuditReport,a as runNdprAudit}from'./chunk-ME77GU4Q.mjs';export{b as DEFAULT_DCPMI_FEES_NGN,a as DEFAULT_DCPMI_THRESHOLDS,c as classifyDCPMI,d as generateComplianceAuditReturn}from'./chunk-MGXWQW5I.mjs';export{a as getComplianceScore}from'./chunk-6A7M4CGJ.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{a as assessBreachNotification}from'./chunk-WJSUVPYX.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-NBQQ2GN3.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-BIJSMSUU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{b as validateConsentOptionsStructured,a as validateConsentStructured}from'./chunk-R3ZKV2J7.mjs';export{a as KNOWN_COOKIES,b as scanCookies}from'./chunk-ZY4RCV5C.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequestStructured,a as validateDsrSubmissionStructured}from'./chunk-RRVML7CU.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-PHA3YMFO.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-5LJ652AH.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/headless.d.mts CHANGED Viewed

@@ -794,6 +794,82 @@ export declare interface ConsentStorageOptions {
     };
 }
+/** How a present cookie was classified. */
+export declare type CookieMatchSource = 'declared' | 'known' | 'none';
+/** How a present cookie was classified. */
+declare type CookieMatchSource_2 = 'declared' | 'known' | 'none';
+export declare interface CookieScanOptions {
+    /**
+     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
+     * Defaults to `document.cookie` in the browser, or `''` on the server.
+     */
+    cookieString?: string;
+    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Extra known cookies, checked before the built-in registry (so they can override it). */
+    knownCookies?: DeclaredCookie[];
+    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
+    useKnownRegistry?: boolean;
+}
+declare interface CookieScanOptions_2 {
+    /**
+     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
+     * Defaults to `document.cookie` in the browser, or `''` on the server.
+     */
+    cookieString?: string;
+    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Extra known cookies, checked before the built-in registry (so they can override it). */
+    knownCookies?: DeclaredCookie_2[];
+    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
+    useKnownRegistry?: boolean;
+}
+export declare interface CookieScanResult {
+    /** When the scan ran (epoch ms). */
+    scannedAt: number;
+    /** Number of cookies present. */
+    total: number;
+    /** Every present cookie, classified. */
+    cookies: ScannedCookie[];
+    /** Cookies that matched one of your declared cookies. */
+    declared: ScannedCookie[];
+    /** Cookies present but NOT in your declaration — the compliance gap. */
+    undeclared: ScannedCookie[];
+    /** Undeclared cookies the built-in registry could still identify. */
+    identified: ScannedCookie[];
+    /** Undeclared cookies that could not be identified at all. */
+    unknown: ScannedCookie[];
+    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
+    byCategory: Record<string, ScannedCookie[]>;
+    /** True when there are no undeclared cookies. */
+    complete: boolean;
+}
+declare interface CookieScanResult_2 {
+    /** When the scan ran (epoch ms). */
+    scannedAt: number;
+    /** Number of cookies present. */
+    total: number;
+    /** Every present cookie, classified. */
+    cookies: ScannedCookie_2[];
+    /** Cookies that matched one of your declared cookies. */
+    declared: ScannedCookie_2[];
+    /** Cookies present but NOT in your declaration — the compliance gap. */
+    undeclared: ScannedCookie_2[];
+    /** Undeclared cookies the built-in registry could still identify. */
+    identified: ScannedCookie_2[];
+    /** Undeclared cookies that could not be identified at all. */
+    unknown: ScannedCookie_2[];
+    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
+    byCategory: Record<string, ScannedCookie_2[]>;
+    /** True when there are no undeclared cookies. */
+    complete: boolean;
+}
 /**
  * Summary of cross-border transfer compliance
  */
@@ -1061,6 +1137,54 @@ declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
  */
 declare type DCPMITier_2 = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
+/**
+ * Cookie scanner — audits the cookies actually present in the browser against
+ * the cookies you have declared, surfacing undeclared cookies that put you out
+ * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
+ * specific, informed consent).
+ *
+ * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
+ * `Cookie:` header on the server, a test fixture), or call it in the browser
+ * and it reads `document.cookie`. Safe to import from a server bundle.
+ */
+/** A cookie you declare against a consent category. */
+export declare interface DeclaredCookie {
+    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
+    name: string | RegExp;
+    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
+    category: string;
+    /** Who sets the cookie (e.g. 'Google Analytics'). */
+    provider?: string;
+    /** What the cookie is used for — surfaced in your cookie policy. */
+    purpose?: string;
+    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
+    prefix?: boolean;
+}
+/**
+ * Cookie scanner — audits the cookies actually present in the browser against
+ * the cookies you have declared, surfacing undeclared cookies that put you out
+ * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
+ * specific, informed consent).
+ *
+ * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
+ * `Cookie:` header on the server, a test fixture), or call it in the browser
+ * and it reads `document.cookie`. Safe to import from a server bundle.
+ */
+/** A cookie you declare against a consent category. */
+declare interface DeclaredCookie_2 {
+    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
+    name: string | RegExp;
+    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
+    category: string;
+    /** Who sets the cookie (e.g. 'Google Analytics'). */
+    provider?: string;
+    /** What the cookie is used for — surfaced in your cookie policy. */
+    purpose?: string;
+    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
+    prefix?: boolean;
+}
 /** Options for DOCX export of the finalised policy. */
 declare interface DOCXExportOptions {
     includeTOC?: boolean;
@@ -2073,6 +2197,28 @@ export declare interface ROPASummary {
     lastUpdated: number;
 }
+export declare interface ScannedCookie {
+    /** The cookie name as found in the cookie string. */
+    name: string;
+    /** Resolved consent category, or `null` when it could not be classified. */
+    category: string | null;
+    /** Whether it matched your declaration, only the known registry, or nothing. */
+    matchedBy: CookieMatchSource;
+    provider?: string;
+    purpose?: string;
+}
+declare interface ScannedCookie_2 {
+    /** The cookie name as found in the cookie string. */
+    name: string;
+    /** Resolved consent category, or `null` when it could not be classified. */
+    category: string | null;
+    /** Whether it matched your declaration, only the known registry, or nothing. */
+    matchedBy: CookieMatchSource_2;
+    provider?: string;
+    purpose?: string;
+}
 /**
  * Additional conditions required for processing sensitive personal data
  * per NDPA Section 30
@@ -2505,6 +2651,23 @@ export declare interface UseConsentReturn {
     isLoading: boolean;
 }
+/**
+ * React hook that scans `document.cookie` against your declared cookies on
+ * mount and exposes a `rescan()` to re-run after you set or clear cookies.
+ *
+ * `result` is `null` until the first client-side scan, so server and first
+ * client render agree (no hydration mismatch). `rescan` is stable and always
+ * reads the latest `declared`/`options` — callers don't need to memoise them.
+ */
+export declare function useCookieScan(declared?: DeclaredCookie_2[], options?: CookieScanOptions_2): UseCookieScanReturn;
+export declare interface UseCookieScanReturn {
+    /** The latest scan, or `null` before the first client-side scan (e.g. during SSR). */
+    result: CookieScanResult_2 | null;
+    /** Re-read the cookies and recompute the scan with the current arguments. */
+    rescan: () => void;
+}
 /**
  * Hook for managing cross-border data transfers in compliance with NDPA Part VIII (Sections 41-43).
  *

package/dist/headless.d.ts CHANGED Viewed

@@ -794,6 +794,82 @@ export declare interface ConsentStorageOptions {
     };
 }
+/** How a present cookie was classified. */
+export declare type CookieMatchSource = 'declared' | 'known' | 'none';
+/** How a present cookie was classified. */
+declare type CookieMatchSource_2 = 'declared' | 'known' | 'none';
+export declare interface CookieScanOptions {
+    /**
+     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
+     * Defaults to `document.cookie` in the browser, or `''` on the server.
+     */
+    cookieString?: string;
+    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Extra known cookies, checked before the built-in registry (so they can override it). */
+    knownCookies?: DeclaredCookie[];
+    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
+    useKnownRegistry?: boolean;
+}
+declare interface CookieScanOptions_2 {
+    /**
+     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
+     * Defaults to `document.cookie` in the browser, or `''` on the server.
+     */
+    cookieString?: string;
+    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Extra known cookies, checked before the built-in registry (so they can override it). */
+    knownCookies?: DeclaredCookie_2[];
+    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
+    useKnownRegistry?: boolean;
+}
+export declare interface CookieScanResult {
+    /** When the scan ran (epoch ms). */
+    scannedAt: number;
+    /** Number of cookies present. */
+    total: number;
+    /** Every present cookie, classified. */
+    cookies: ScannedCookie[];
+    /** Cookies that matched one of your declared cookies. */
+    declared: ScannedCookie[];
+    /** Cookies present but NOT in your declaration — the compliance gap. */
+    undeclared: ScannedCookie[];
+    /** Undeclared cookies the built-in registry could still identify. */
+    identified: ScannedCookie[];
+    /** Undeclared cookies that could not be identified at all. */
+    unknown: ScannedCookie[];
+    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
+    byCategory: Record<string, ScannedCookie[]>;
+    /** True when there are no undeclared cookies. */
+    complete: boolean;
+}
+declare interface CookieScanResult_2 {
+    /** When the scan ran (epoch ms). */
+    scannedAt: number;
+    /** Number of cookies present. */
+    total: number;
+    /** Every present cookie, classified. */
+    cookies: ScannedCookie_2[];
+    /** Cookies that matched one of your declared cookies. */
+    declared: ScannedCookie_2[];
+    /** Cookies present but NOT in your declaration — the compliance gap. */
+    undeclared: ScannedCookie_2[];
+    /** Undeclared cookies the built-in registry could still identify. */
+    identified: ScannedCookie_2[];
+    /** Undeclared cookies that could not be identified at all. */
+    unknown: ScannedCookie_2[];
+    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
+    byCategory: Record<string, ScannedCookie_2[]>;
+    /** True when there are no undeclared cookies. */
+    complete: boolean;
+}
 /**
  * Summary of cross-border transfer compliance
  */
@@ -1061,6 +1137,54 @@ declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
  */
 declare type DCPMITier_2 = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';
+/**
+ * Cookie scanner — audits the cookies actually present in the browser against
+ * the cookies you have declared, surfacing undeclared cookies that put you out
+ * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
+ * specific, informed consent).
+ *
+ * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
+ * `Cookie:` header on the server, a test fixture), or call it in the browser
+ * and it reads `document.cookie`. Safe to import from a server bundle.
+ */
+/** A cookie you declare against a consent category. */
+export declare interface DeclaredCookie {
+    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
+    name: string | RegExp;
+    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
+    category: string;
+    /** Who sets the cookie (e.g. 'Google Analytics'). */
+    provider?: string;
+    /** What the cookie is used for — surfaced in your cookie policy. */
+    purpose?: string;
+    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
+    prefix?: boolean;
+}
+/**
+ * Cookie scanner — audits the cookies actually present in the browser against
+ * the cookies you have declared, surfacing undeclared cookies that put you out
+ * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
+ * specific, informed consent).
+ *
+ * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
+ * `Cookie:` header on the server, a test fixture), or call it in the browser
+ * and it reads `document.cookie`. Safe to import from a server bundle.
+ */
+/** A cookie you declare against a consent category. */
+declare interface DeclaredCookie_2 {
+    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
+    name: string | RegExp;
+    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
+    category: string;
+    /** Who sets the cookie (e.g. 'Google Analytics'). */
+    provider?: string;
+    /** What the cookie is used for — surfaced in your cookie policy. */
+    purpose?: string;
+    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
+    prefix?: boolean;
+}
 /** Options for DOCX export of the finalised policy. */
 declare interface DOCXExportOptions {
     includeTOC?: boolean;
@@ -2073,6 +2197,28 @@ export declare interface ROPASummary {
     lastUpdated: number;
 }
+export declare interface ScannedCookie {
+    /** The cookie name as found in the cookie string. */
+    name: string;
+    /** Resolved consent category, or `null` when it could not be classified. */
+    category: string | null;
+    /** Whether it matched your declaration, only the known registry, or nothing. */
+    matchedBy: CookieMatchSource;
+    provider?: string;
+    purpose?: string;
+}
+declare interface ScannedCookie_2 {
+    /** The cookie name as found in the cookie string. */
+    name: string;
+    /** Resolved consent category, or `null` when it could not be classified. */
+    category: string | null;
+    /** Whether it matched your declaration, only the known registry, or nothing. */
+    matchedBy: CookieMatchSource_2;
+    provider?: string;
+    purpose?: string;
+}
 /**
  * Additional conditions required for processing sensitive personal data
  * per NDPA Section 30
@@ -2505,6 +2651,23 @@ export declare interface UseConsentReturn {
     isLoading: boolean;
 }
+/**
+ * React hook that scans `document.cookie` against your declared cookies on
+ * mount and exposes a `rescan()` to re-run after you set or clear cookies.
+ *
+ * `result` is `null` until the first client-side scan, so server and first
+ * client render agree (no hydration mismatch). `rescan` is stable and always
+ * reads the latest `declared`/`options` — callers don't need to memoise them.
+ */
+export declare function useCookieScan(declared?: DeclaredCookie_2[], options?: CookieScanOptions_2): UseCookieScanReturn;
+export declare interface UseCookieScanReturn {
+    /** The latest scan, or `null` before the first client-side scan (e.g. during SSR). */
+    result: CookieScanResult_2 | null;
+    /** Re-read the cookies and recompute the scan with the current arguments. */
+    rescan: () => void;
+}
 /**
  * Hook for managing cross-border data transfers in compliance with NDPA Part VIII (Sections 41-43).
  *