Danijel Martinek
1eb32ab23b
Adds the `conformance/pii-declaration-must-be-complete` ESLint rule at
warn severity. The rule detects `custom: { pii: { ... } }` blocks in
Payload config files and warns when any of the four required sub-fields
(`category`, `purpose`, `exportable`, `restrictable`) is missing.
Incomplete PII declarations can produce incorrect audit reports —
sub-second editor feedback catches the gap before it reaches
compliance/data-map.yml.
- Rule + 7 RuleTester fixtures (complete passes, each missing field
warns, non-pii custom block is no-op, malformed custom.pii is no-op)
- Registered in plugin.js + base.js at "warn"
- Conformance rule count bumped 7 → 8 in CLAUDE.md +
conformance-quickref.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
164 lines
3.8 KiB
JavaScript
164 lines
3.8 KiB
JavaScript
import { describe, it } from "vitest";
|
|
import { RuleTester } from "eslint";
|
|
import rule from "./pii-declaration-must-be-complete.js";
|
|
|
|
const tester = new RuleTester({
|
|
languageOptions: {
|
|
parser: await import("@typescript-eslint/parser"),
|
|
ecmaVersion: "latest",
|
|
sourceType: "module",
|
|
},
|
|
});
|
|
|
|
describe("pii-declaration-must-be-complete", () => {
|
|
it("passes when custom.pii has all required fields", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
slug: "email",
|
|
type: "email",
|
|
custom: {
|
|
pii: {
|
|
category: "contact",
|
|
purpose: "authentication",
|
|
exportable: false,
|
|
restrictable: true,
|
|
},
|
|
},
|
|
};
|
|
`,
|
|
},
|
|
],
|
|
invalid: [],
|
|
});
|
|
});
|
|
|
|
it("fires when category is missing", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [],
|
|
invalid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
custom: {
|
|
pii: {
|
|
purpose: "authentication",
|
|
exportable: false,
|
|
restrictable: true,
|
|
},
|
|
},
|
|
};
|
|
`,
|
|
errors: [{ messageId: "missingField", data: { field: "category" } }],
|
|
},
|
|
],
|
|
});
|
|
});
|
|
|
|
it("fires when purpose is missing", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [],
|
|
invalid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
custom: {
|
|
pii: {
|
|
category: "contact",
|
|
exportable: false,
|
|
restrictable: true,
|
|
},
|
|
},
|
|
};
|
|
`,
|
|
errors: [{ messageId: "missingField", data: { field: "purpose" } }],
|
|
},
|
|
],
|
|
});
|
|
});
|
|
|
|
it("fires when exportable is missing", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [],
|
|
invalid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
custom: {
|
|
pii: {
|
|
category: "contact",
|
|
purpose: "authentication",
|
|
restrictable: true,
|
|
},
|
|
},
|
|
};
|
|
`,
|
|
errors: [
|
|
{ messageId: "missingField", data: { field: "exportable" } },
|
|
],
|
|
},
|
|
],
|
|
});
|
|
});
|
|
|
|
it("fires when restrictable is missing", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [],
|
|
invalid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
custom: {
|
|
pii: {
|
|
category: "contact",
|
|
purpose: "authentication",
|
|
exportable: false,
|
|
},
|
|
},
|
|
};
|
|
`,
|
|
errors: [
|
|
{ messageId: "missingField", data: { field: "restrictable" } },
|
|
],
|
|
},
|
|
],
|
|
});
|
|
});
|
|
|
|
it("is a no-op when custom has no pii property", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
custom: {
|
|
someOtherProperty: "value",
|
|
},
|
|
};
|
|
`,
|
|
},
|
|
],
|
|
invalid: [],
|
|
});
|
|
});
|
|
|
|
it("is a no-op when custom.pii is not an object", () => {
|
|
tester.run("pii-declaration-must-be-complete", rule, {
|
|
valid: [
|
|
{
|
|
code: `
|
|
const field = {
|
|
custom: {
|
|
pii: true,
|
|
},
|
|
};
|
|
`,
|
|
},
|
|
],
|
|
invalid: [],
|
|
});
|
|
});
|
|
});
|