Danijel Martinek
cc2bf44fd2
Adds scripts/compliance/emit-data-map.mjs which walks Payload collection configs (packages/*/integrations/cms/collections/*.ts), applies PAYLOAD_AUTH_PII_DEFAULTS + custom.authPii overrides, and emits a deterministic YAML PII inventory at compliance/data-map.yml. Supports --print (stdout) and --check (diff vs committed, exit 1 on mismatch) modes. Ships with 26 unit tests covering happy path, auth defaults, authPii overrides, --check match/mismatch, and empty collections. Wired as `compliance:data-map` root package script. Adds @typescript-eslint/parser to root devDependencies (already in workspace via core-eslint, now made explicit for scripts/ usage). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
36 lines
846 B
YAML
36 lines
846 B
YAML
# compliance/data-map.yml — PII field inventory
|
|
# Generated by scripts/compliance/emit-data-map.mjs — do not edit manually.
|
|
# Run `pnpm compliance:data-map` to regenerate.
|
|
collections:
|
|
articles:
|
|
auth: false
|
|
piiFields: []
|
|
slug: articles
|
|
media:
|
|
auth: false
|
|
piiFields: []
|
|
slug: media
|
|
pages:
|
|
auth: false
|
|
piiFields: []
|
|
slug: pages
|
|
users:
|
|
auth: true
|
|
piiFields:
|
|
- category: identification-username
|
|
exportable: true
|
|
field: displayName
|
|
purpose:
|
|
- service-delivery
|
|
restrictable: true
|
|
source: field-tag
|
|
- category: contact-email
|
|
exportable: true
|
|
field: email
|
|
purpose:
|
|
- account-authentication
|
|
- transactional-notifications
|
|
restrictable: true
|
|
source: auth-default
|
|
slug: users
|