UNPKG

@openpolicy/sdk

Version:

Public API for defining privacy policies with OpenPolicy

github.com/jamiedavenport/openpolicy

jamiedavenport/openpolicy

244 lines (189 loc) 6.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
--- name: getting-started description: > End-to-end setup for OpenPolicy: install @openpolicy/sdk, @openpolicy/react, and @openpolicy/vite-auto-collect; create openpolicy.ts with defineConfig(); wire autoCollect() into vite.config.ts; wrap the React app with <OpenPolicy>; render <PrivacyPolicy>. type: lifecycle library: openpolicy library_version: "0.0.19" sources: - jamiedavenport/openpolicy:packages/sdk/README.md - jamiedavenport/openpolicy:packages/react/src/context.tsx - jamiedavenport/openpolicy:packages/vite-auto-collect/src/index.ts --- ## Setup Install packages: ```sh bun add @openpolicy/sdk @openpolicy/react @openpolicy/vite-auto-collect ``` Create `openpolicy.ts` at the project root: ```ts import { defineConfig, dataCollected, thirdParties } from "@openpolicy/sdk"; export default defineConfig({ company: { name: "Acme", legalName: "Acme, Inc.", address: "123 Main St, San Francisco, CA 94105", contact: "privacy@acme.com", }, effectiveDate: "2026-01-01", dataCollected: { ...dataCollected, "Account Information": ["Email address", "Display name"], }, thirdParties: [...thirdParties], }); ``` Add `autoCollect()` to `vite.config.ts` — it must appear before any React plugin: ```ts import { defineConfig } from "vite"; import react from "@vitejs/plugin-react"; import { autoCollect } from "@openpolicy/vite-auto-collect"; export default defineConfig({ plugins: [ autoCollect({ thirdParties: { usePackageJson: true } }), react(), ], }); ``` Wrap the application root with `<OpenPolicy>`: ```tsx // main.tsx or _app.tsx or layout.tsx import { OpenPolicy } from "@openpolicy/react"; import config from "./openpolicy"; export function App({ children }: { children: React.ReactNode }) { return <OpenPolicy config={config}>{children}</OpenPolicy>; } ``` Render a policy page: ```tsx import { PrivacyPolicy } from "@openpolicy/react"; import "@openpolicy/react/styles.css"; export default function PrivacyPage() { return <PrivacyPolicy />; } ``` ## Core Patterns ### Mark data collection inline with `collecting()` ```ts import { collecting } from "@openpolicy/sdk"; // Call next to the point of collection; autoCollect() scans for these at build time export async function createUser(name: string, email: string) { const user = collecting( "Account Information", { name, email }, { name: "Display name", email: "Email address" }, ); return db.users.create(user); } ``` The category and label arguments must be string literals — dynamic variables are silently skipped by the static scanner. ### Mark third-party integrations with `thirdParty()` ```ts import { thirdParty } from "@openpolicy/sdk"; // Place next to the integration's initialisation thirdParty("Stripe", "Payment processing", "https://stripe.com/privacy"); ``` The `autoCollect({ thirdParties: { usePackageJson: true } })` option also auto-detects ~30 known packages (Stripe, Sentry, PostHog, etc.) from `package.json`. ### Spread both sentinels in `openpolicy.ts` ```ts import { defineConfig, dataCollected, thirdParties } from "@openpolicy/sdk"; export default defineConfig({ company: { name: "Acme", legalName: "Acme, Inc.", address: "123 Main St, San Francisco, CA 94105", contact: "privacy@acme.com", }, effectiveDate: "2026-01-01", dataCollected: { ...dataCollected, // populated by autoCollect() at build time "Manual Category": ["Manually added field"], // additional hand-declared entries }, thirdParties: [...thirdParties], // populated by autoCollect() at build time }); ``` Both `dataCollected` and `thirdParties` are placeholder objects in `@openpolicy/sdk`; `autoCollect()` replaces them via virtual module injection during the Vite build. ## Common Mistakes ### CRITICAL: Using `openPolicy()` from `@openpolicy/vite` instead of `autoCollect()` Wrong: ```ts // vite.config.ts import { openPolicy } from "@openpolicy/vite"; export default defineConfig({ plugins: [openPolicy({ formats: ["markdown"], outDir: "public/policies" })], }); ``` Correct: ```ts // vite.config.ts import { autoCollect } from "@openpolicy/vite-auto-collect"; export default defineConfig({ plugins: [autoCollect()], }); ``` `openPolicy()` generates static files at build time that React components never read; `autoCollect()` populates the `dataCollected` and `thirdParties` sentinels that feed the React runtime rendering path. Source: maintainer interview --- ### HIGH: Rendering policy components without `<OpenPolicy>` provider Wrong: ```tsx // privacy-page.tsx import { PrivacyPolicy } from "@openpolicy/react"; export default function PrivacyPage() { return <PrivacyPolicy />; } ``` Correct: ```tsx // layout.tsx — wrap at the root import { OpenPolicy } from "@openpolicy/react"; import config from "./openpolicy"; export default function RootLayout({ children }: { children: React.ReactNode }) { return <OpenPolicy config={config}>{children}</OpenPolicy>; } // privacy-page.tsx — component reads from context import { PrivacyPolicy } from "@openpolicy/react"; export default function PrivacyPage() { return <PrivacyPolicy />; } ``` `PrivacyPolicy` and `CookiePolicy` read config from React context; without the provider they silently render `null` with no visible error. Source: packages/react/src/context.tsx --- ### HIGH: Not spreading `dataCollected` and `thirdParties` sentinels into config Wrong: ```ts // openpolicy.ts import { defineConfig } from "@openpolicy/sdk"; export default defineConfig({ company: { name: "Acme", legalName: "Acme, Inc.", address: "123 Main St, San Francisco, CA 94105", contact: "privacy@acme.com", }, effectiveDate: "2026-01-01", dataCollected: { "Account Information": ["Email address"] }, thirdParties: [], }); ``` Correct: ```ts // openpolicy.ts import { defineConfig, dataCollected, thirdParties } from "@openpolicy/sdk"; export default defineConfig({ company: { name: "Acme", legalName: "Acme, Inc.", address: "123 Main St, San Francisco, CA 94105", contact: "privacy@acme.com", }, effectiveDate: "2026-01-01", dataCollected: { ...dataCollected, "Account Information": ["Email address"] }, thirdParties: [...thirdParties], }); ``` Without spreading the sentinels, `autoCollect()` plugin output is discarded and the policy compiles with only the hand-declared entries — all `collecting()` and `thirdParty()` call annotations are silently ignored. Source: packages/sdk/src/auto-collected.ts