From c333d41a5b3dfb893ebae0f2b64effe76697e15f Mon Sep 17 00:00:00 2001
From: Danijel Martinek <danijel@fraqtal.xyz>
Date: Mon, 18 May 2026 20:05:46 +0000
Subject: [PATCH] feat(scripts): add emit-all orchestrator + initial compliance
 artifacts

Adds scripts/compliance/emit-all.mjs which runs all three compliance
emitters in --check mode and exits non-zero if any artifact is stale.
Adds compliance:emit-all root package script.

Generates initial compliance/retention-policy.yml and
compliance/sub-processors.yml from the template collections.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 compliance/retention-policy.yml | 32 +++++++++++++++++++++
 compliance/sub-processors.yml   |  4 +++
 package.json                    |  1 +
 scripts/compliance/emit-all.mjs | 49 +++++++++++++++++++++++++++++++++
 4 files changed, 86 insertions(+)
 create mode 100644 compliance/retention-policy.yml
 create mode 100644 compliance/sub-processors.yml
 create mode 100644 scripts/compliance/emit-all.mjs

diff --git a/compliance/retention-policy.yml b/compliance/retention-policy.yml
new file mode 100644
index 0000000..5327be2
--- /dev/null
+++ b/compliance/retention-policy.yml
@@ -0,0 +1,32 @@
+# compliance/retention-policy.yml — Collection retention schedules
+# Generated by scripts/compliance/emit-retention-policy.mjs — do not edit manually.
+# Run `pnpm compliance:retention-policy` to regenerate.
+collections:
+  articles:
+    postDeletion:
+      action: hard-delete
+      duration: P90D
+      trigger: after-deletion
+    purgeSchedule: monthly
+    slug: articles
+  media:
+    postDeletion:
+      action: hard-delete
+      duration: P90D
+      trigger: after-deletion
+    purgeSchedule: monthly
+    slug: media
+  pages:
+    postDeletion:
+      action: hard-delete
+      duration: P90D
+      trigger: after-deletion
+    purgeSchedule: monthly
+    slug: pages
+  users:
+    postDeletion:
+      action: hard-delete
+      duration: P30D
+      trigger: after-deletion
+    purgeSchedule: daily
+    slug: users
diff --git a/compliance/sub-processors.yml b/compliance/sub-processors.yml
new file mode 100644
index 0000000..f49979b
--- /dev/null
+++ b/compliance/sub-processors.yml
@@ -0,0 +1,4 @@
+# compliance/sub-processors.yml — Third-party sub-processor inventory
+# Generated by scripts/compliance/emit-sub-processors.mjs — do not edit manually.
+# Run `pnpm compliance:sub-processors` to regenerate.
+sub-processors: []
diff --git a/package.json b/package.json
index ee8f17a..b0de71b 100644
--- a/package.json
+++ b/package.json
@@ -24,6 +24,7 @@
     "compliance:data-map": "node scripts/compliance/emit-data-map.mjs",
     "compliance:retention-policy": "node scripts/compliance/emit-retention-policy.mjs",
     "compliance:sub-processors": "node scripts/compliance/emit-sub-processors.mjs",
+    "compliance:emit-all": "node scripts/compliance/emit-all.mjs",
     "work": "node scripts/work/cli.mjs",
     "format": "prettier --write \"**/*.{ts,tsx,js,jsx,json,md}\"",
     "format:check": "prettier --check \"**/*.{ts,tsx,js,jsx,json,md}\"",
diff --git a/scripts/compliance/emit-all.mjs b/scripts/compliance/emit-all.mjs
new file mode 100644
index 0000000..46711e8
--- /dev/null
+++ b/scripts/compliance/emit-all.mjs
@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+/**
+ * emit-all.mjs — Compliance artifact orchestrator.
+ *
+ * Runs all three compliance emitters in --check mode and exits non-zero
+ * if any generator reports a mismatch or validation failure.
+ *
+ * Usage:
+ *   node scripts/compliance/emit-all.mjs
+ *   pnpm compliance:emit-all
+ */
+
+import { spawnSync } from "node:child_process";
+import { fileURLToPath } from "node:url";
+import path from "node:path";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+const SCRIPTS = [
+  "emit-data-map.mjs",
+  "emit-retention-policy.mjs",
+  "emit-sub-processors.mjs",
+];
+
+let anyFailed = false;
+
+for (const script of SCRIPTS) {
+  const scriptPath = path.join(__dirname, script);
+  const result = spawnSync(process.execPath, [scriptPath, "--check"], {
+    stdio: "inherit",
+  });
+
+  if (result.status !== 0) {
+    anyFailed = true;
+  }
+}
+
+if (anyFailed) {
+  process.stderr.write(
+    "\n✗ compliance:emit-all — one or more artifacts are out of date.\n" +
+      "  Run each generator to regenerate:\n" +
+      "    pnpm compliance:data-map\n" +
+      "    pnpm compliance:retention-policy\n" +
+      "    pnpm compliance:sub-processors\n",
+  );
+  process.exit(1);
+}
+
+console.log("✓ compliance:emit-all — all artifacts are up to date");