feat(scripts): add emit-all orchestrator + initial compliance artifacts

Adds scripts/compliance/emit-all.mjs which runs all three compliance emitters in --check mode and exits non-zero if any artifact is stale. Adds compliance:emit-all root package script. Generates initial compliance/retention-policy.yml and compliance/sub-processors.yml from the template collections. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 20:05:46 +00:00
parent 3ec30507d3
commit c333d41a5b
4 changed files with 86 additions and 0 deletions
--- a/compliance/retention-policy.yml
+++ b/compliance/retention-policy.yml
@@ -0,0 +1,32 @@
+# compliance/retention-policy.yml — Collection retention schedules
+# Generated by scripts/compliance/emit-retention-policy.mjs — do not edit manually.
+# Run `pnpm compliance:retention-policy` to regenerate.
+collections:
+  articles:
+    postDeletion:
+      action: hard-delete
+      duration: P90D
+      trigger: after-deletion
+    purgeSchedule: monthly
+    slug: articles
+  media:
+    postDeletion:
+      action: hard-delete
+      duration: P90D
+      trigger: after-deletion
+    purgeSchedule: monthly
+    slug: media
+  pages:
+    postDeletion:
+      action: hard-delete
+      duration: P90D
+      trigger: after-deletion
+    purgeSchedule: monthly
+    slug: pages
+  users:
+    postDeletion:
+      action: hard-delete
+      duration: P30D
+      trigger: after-deletion
+    purgeSchedule: daily
+    slug: users
--- a/compliance/sub-processors.yml
+++ b/compliance/sub-processors.yml
@@ -0,0 +1,4 @@
+# compliance/sub-processors.yml — Third-party sub-processor inventory
+# Generated by scripts/compliance/emit-sub-processors.mjs — do not edit manually.
+# Run `pnpm compliance:sub-processors` to regenerate.
+sub-processors: []
--- a/package.json
+++ b/package.json
@@ -24,6 +24,7 @@
    "compliance:data-map": "node scripts/compliance/emit-data-map.mjs",
    "compliance:retention-policy": "node scripts/compliance/emit-retention-policy.mjs",
    "compliance:sub-processors": "node scripts/compliance/emit-sub-processors.mjs",
+    "compliance:emit-all": "node scripts/compliance/emit-all.mjs",
    "work": "node scripts/work/cli.mjs",
    "format": "prettier --write \"**/*.{ts,tsx,js,jsx,json,md}\"",
    "format:check": "prettier --check \"**/*.{ts,tsx,js,jsx,json,md}\"",
--- a/scripts/compliance/emit-all.mjs
+++ b/scripts/compliance/emit-all.mjs
@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+/**
+ * emit-all.mjs — Compliance artifact orchestrator.
+ *
+ * Runs all three compliance emitters in --check mode and exits non-zero
+ * if any generator reports a mismatch or validation failure.
+ *
+ * Usage:
+ *   node scripts/compliance/emit-all.mjs
+ *   pnpm compliance:emit-all
+ */
+
+import { spawnSync } from "node:child_process";
+import { fileURLToPath } from "node:url";
+import path from "node:path";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+const SCRIPTS = [
+  "emit-data-map.mjs",
+  "emit-retention-policy.mjs",
+  "emit-sub-processors.mjs",
+];
+
+let anyFailed = false;
+
+for (const script of SCRIPTS) {
+  const scriptPath = path.join(__dirname, script);
+  const result = spawnSync(process.execPath, [scriptPath, "--check"], {
+    stdio: "inherit",
+  });
+
+  if (result.status !== 0) {
+    anyFailed = true;
+  }
+}
+
+if (anyFailed) {
+  process.stderr.write(
+    "\n✗ compliance:emit-all — one or more artifacts are out of date.\n" +
+      "  Run each generator to regenerate:\n" +
+      "    pnpm compliance:data-map\n" +
+      "    pnpm compliance:retention-policy\n" +
+      "    pnpm compliance:sub-processors\n",
+  );
+  process.exit(1);
+}
+
+console.log("✓ compliance:emit-all — all artifacts are up to date");