feat(scripts): add emit-data-map compliance script + tests

Adds scripts/compliance/emit-data-map.mjs which walks Payload collection configs (packages/*/integrations/cms/collections/*.ts), applies PAYLOAD_AUTH_PII_DEFAULTS + custom.authPii overrides, and emits a deterministic YAML PII inventory at compliance/data-map.yml. Supports --print (stdout) and --check (diff vs committed, exit 1 on mismatch) modes. Ships with 26 unit tests covering happy path, auth defaults, authPii overrides, --check match/mismatch, and empty collections. Wired as `compliance:data-map` root package script. Adds @typescript-eslint/parser to root devDependencies (already in workspace via core-eslint, now made explicit for scripts/ usage). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 19:44:55 +00:00
parent 3a73634d71
commit cc2bf44fd2
5 changed files with 817 additions and 14 deletions
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
    "mutate": "node scripts/coverage/mutate.mjs",
    "fallow": "fallow",
    "fallow:audit": "fallow audit --base main",
+    "compliance:data-map": "node scripts/compliance/emit-data-map.mjs",
    "work": "node scripts/work/cli.mjs",
    "format": "prettier --write \"**/*.{ts,tsx,js,jsx,json,md}\"",
    "format:check": "prettier --check \"**/*.{ts,tsx,js,jsx,json,md}\"",
@@ -28,6 +29,7 @@
  },
  "devDependencies": {
    "@ai-hero/sandcastle": "*",
+    "@typescript-eslint/parser": "^8.25.0",
    "zod": "^3.25.0",
    "@playwright/test": "^1.49.0",
    "@stryker-mutator/core": "^8.7.0",