@chrono-os/consent-lgpd
v0.5.0
Published
LGPD compliance reutilizável (CookieBanner 3-cat, ConditionalScript, ConsentLog backend, DPO inbox, páginas legais) para projetos Chrono/Naírio
Readme
@chrono-os/consent-lgpd
LGPD compliance reutilizável: CookieBanner 3-cat (necessarios/analiticos/marketing) + ConditionalScript gated por consent + ConsentLog backend com hash de IP + DPO request inbox + páginas legais (Política de Privacidade, Cookies, Termos, DPO).
Status atual: Fase 1 ✅ ·
0.2.0(entrypoints React/Fastify/Pages implementados) · plano em Naírio/Plan/2026-05-24_modulo-consent-lgpd.md🔴 Deadline legal: 2026-07-12 — Fase 2 deste pacote precisa estar consumida pela calculadora Naírio (Lei 13.709/2018 + janela de adequação).
Install
Pacote público no npmjs.org — sem necessidade de .npmrc ou token.
yarn add @chrono-os/consent-lgpdAplicar migration template:
cat node_modules/@chrono-os/consent-lgpd/prisma/schema.template.prisma >> prisma/schema.prisma
yarn prisma migrate dev --name add_consent_lgpdUso
Frontend — banner + script condicional
// app/layout.tsx
import { CookieBanner, ConditionalScript } from "@chrono-os/consent-lgpd/react";
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
<html>
<body>
{children}
<CookieBanner
cookiePolicyHref="/politica-de-cookies"
onConsentChange={async ({ state, action, sessionId }) => {
await fetch("/api/consent", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({
sessionId,
categories: {
necessarios: state.necessarios,
analiticos: state.analiticos,
marketing: state.marketing,
version: state.version,
},
action,
}),
});
}}
/>
{/* Google Analytics 4 — só carrega após consent "analiticos" */}
<ConditionalScript
category="analiticos"
src="https://www.googletagmanager.com/gtag/js?id=G-XXXX"
async
/>
</body>
</html>
);
}Frontend — botão revogar consent
// app/politica-de-cookies/page.tsx
import { RevokeButton } from "@chrono-os/consent-lgpd/react";
export default function PoliticaCookiesPage() {
return (
<main>
<h1>Política de Cookies</h1>
<RevokeButton
onConsentChange={async ({ state, action, sessionId }) => {
await fetch("/api/consent", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({ sessionId, categories: state, action }),
});
}}
/>
</main>
);
}Backend (Fastify)
import Fastify from "fastify";
import { PrismaClient } from "@prisma/client";
import { consentPlugin } from "@chrono-os/consent-lgpd/fastify";
const app = Fastify();
const prisma = new PrismaClient();
await app.register(consentPlugin, {
prisma,
ipHashSalt: process.env.CONSENT_IP_HASH_SALT!, // 32+ chars
// prefix: "/api", // opcional
// routes: { consent: true, dpo: true }, // opcional
// dpoRateLimit: { max: 5, timeWindow: "1 minute" },
});Expõe:
POST /consent— gravaConsentLog(IP hashed server-side, body validado com Zod)POST /webhooks/dpo— recebe solicitação LGPD art. 18, rate-limited
Páginas legais
import { POLITICA_PRIVACIDADE_MD, renderTemplate } from "@chrono-os/consent-lgpd/pages";
const html = renderTemplate(POLITICA_PRIVACIDADE_MD, {
razaoSocial: "Naírio Augusto Advogados",
cnpj: "28.373.650/0001-00",
dpoNome: "Dr. Naírio Augusto",
contatoHref: "/contato",
dpoHref: "/dpo",
privacidadeHref: "/politica-de-privacidade",
cookiesHref: "/politica-de-cookies",
termosHref: "/termos-de-uso",
ultimaAtualizacao: "2026-05-24",
versao: "1.0",
foroComarca: "Porto Alegre/RS",
operadoresMd: "- Coolify (hospedagem)\n- ClickUp (CRM)\n- Z-API (validação WhatsApp)",
analyticsScriptsMd: "Google Analytics 4 com IP anonimizado",
marketingScriptsMd: "Meta Pixel + Google Ads Conversions",
});
// Renderize `html` (markdown) via MDX, react-markdown, etc.API
| Entrypoint | Exporta |
|---|---|
| /react | CookieBanner, ConditionalScript, RevokeButton, useConsent, readConsent/writeConsent/clearConsent/hasConsented/getSessionId, constantes |
| /fastify | consentPlugin, hashIp, recordConsent, createDpoRequest, purgeOldConsents |
| /schema | consentStateSchema, consentLogPayloadSchema, dpoRequestPayloadSchema, types Zod, constantes |
| /pages | POLITICA_PRIVACIDADE_MD, POLITICA_COOKIES_MD, TERMOS_USO_MD, PAGINA_DPO_MD, renderTemplate, LegalPageVars |
Roadmap
| Fase | Conteúdo | ETA | |---|---|---| | 0 | Estrutura + CI + 0.1.0 stub + schema Zod | 2026-05-31 ✅ | | 1 | Banner + ConditionalScript + ConsentLog + DPO + páginas legais (0.2.0) | 2026-06-28 ✅ | | 2 | Calculadora Naírio adota o pacote (🔴 deadline legal) | 2026-07-12 | | 3 | Release 1.0 + auditoria LGPD nos 2 consumers | 2026-09-06 |
Versionamento
SemVer. Releases via tag vX.Y.Z no main. Ver CHANGELOG.md.