Guides

Examples and Deployment

Getting Started

Package build metrics

Request Lifecycle

Architecture

Architecture Docs

Adapter Contracts (T15 Foundation)

API Contract Surface (T06)

DSAR Auth Model

Backend Runtime Core (`dsarInstance`)

Contracts and Versioning

Error Code Architecture

Monorepo Packages and Conventions

Policy Pack Specification

Policy Versioning and Upgrades

Tenant-Safe Persistence (T07)

Workspace Validation

Integrations

Inbound

Outbound

Outbound Resend (`@dsar/outbound-resend`)

Storage

Storage Filesystem Adapter Integration

Storage S3 Adapter Integration

Storage Vercel Blob Adapter Integration

Rate Limit

Redis Integration

Upstash Integration

Auth

Unkey Integration

Reference

API

Core Request API

Retention Policy API

Verification API

Developer

SDK and Runtime Modes

TSDoc Authoring Standard

Persistence

Storage

Filesystem Storage

Vercel Blob Storage

Testing

Acceptance And Parity Readiness

Errors

DSAR-BE-1001: AUTH_ACTOR_CONTEXT_MISSING

DSAR-BE-1002: AUTH_APPROVER_ROLE_FORBIDDEN

DSAR-BE-1003: AUTH_REQUEST_ACCESS_FORBIDDEN

DSAR-BE-1101: REQUEST_BODY_INVALID_JSON

DSAR-BE-1102: REQUEST_ROUTE_PARAM_MISSING

DSAR-BE-1103: REQUEST_BASE_PATH_INVALID

DSAR-BE-1199: REQUEST_VALIDATION_FAILED

DSAR-BE-1200: REQUEST_RATE_LIMITED

DSAR-BE-1201: REQUEST_ROUTE_NOT_FOUND

DSAR-BE-1202: POLICY_ACTIVATION_NOT_FOUND

DSAR-BE-1203: POLICY_UPGRADE_PROPOSAL_NOT_FOUND

DSAR-BE-1204: DELIVERY_ARTIFACT_NOT_FOUND

DSAR-BE-1205: DELIVERY_TOKEN_INVALID

DSAR-BE-1206: MANIFEST_ARTIFACT_UPLOAD_FAILED

DSAR-BE-1207: MANIFEST_ARTIFACT_DOWNLOAD_FAILED

DSAR-BE-1208: MANIFEST_ARTIFACT_REPLACE_FAILED

DSAR-BE-1209: FULFILMENT_MANIFEST_NOT_APPROVED

DSAR-BE-1210: FULFILMENT_NO_ARTIFACTS

DSAR-BE-1301: POLICY_JURISDICTION_UNMAPPED

DSAR-BE-1302: POLICY_ENFORCEMENT_REFUSAL_BLOCKED

DSAR-BE-1303: POLICY_UPGRADE_APPROVAL_REQUIRED

DSAR-BE-1304: RETENTION_CLASS_INVALID

DSAR-BE-1401: LIFECYCLE_TRANSITION_DISALLOWED

DSAR-BE-1402: LIFECYCLE_STATUS_UNKNOWN

DSAR-BE-1403: LIFECYCLE_RATIONALE_MISSING

DSAR-BE-1410: PERSISTENCE_TENANT_SCOPE_MISSING

DSAR-BE-1411: PERSISTENCE_ENTITY_NOT_FOUND

DSAR-BE-1412: PERSISTENCE_OPERATION_UNSUPPORTED

DSAR-BE-1413: PERSISTENCE_INVALID_RECORD

DSAR-BE-1414: PERSISTENCE_SQL_ERROR

DSAR-BE-1500: INTERNAL_RUNTIME_ERROR

DSAR-BE-1599: INTERNAL_UNCATALOGED_ERROR

DSAR-CLI-1500: CLI_RUNTIME_ERROR

DSAR-CLI-1599: CLI_UNCATALOGED_ERROR

DSAR-CORE-1500: CORE_RUNTIME_ERROR

DSAR-CORE-1599: CORE_UNCATALOGED_ERROR

DSAR-FS-1001: STORAGE_FILESYSTEM_RETRY_EXHAUSTED

DSAR-FS-1500: STORAGE_FILESYSTEM_RUNTIME_ERROR

DSAR-FS-1599: STORAGE_FILESYSTEM_UNCATALOGED_ERROR

DSAR-GRD-1500: GUARDS_RUNTIME_ERROR

DSAR-GRD-1599: GUARDS_UNCATALOGED_ERROR

DSAR-IN-1001: INBOUND_RESEND_CONTENT_FETCH_FAILED

DSAR-IN-1500: INBOUND_RESEND_RUNTIME_ERROR

DSAR-IN-1599: INBOUND_RESEND_UNCATALOGED_ERROR

DSAR-OUT-1001: OUTBOUND_RESEND_CONFIG_INVALID

DSAR-OUT-1500: OUTBOUND_RESEND_RUNTIME_ERROR

DSAR-OUT-1599: OUTBOUND_RESEND_UNCATALOGED_ERROR

DSAR-PE-1500: POLICY_ENGINE_RUNTIME_ERROR

DSAR-PE-1599: POLICY_ENGINE_UNCATALOGED_ERROR

DSAR-PG-1500: PERSISTENCE_PG_RUNTIME_ERROR

DSAR-PG-1599: PERSISTENCE_PG_UNCATALOGED_ERROR

DSAR-PP-1001: POLICY_PACKS_CHECKSUM_FAILED

DSAR-PP-1500: POLICY_PACKS_RUNTIME_ERROR

DSAR-PP-1599: POLICY_PACKS_UNCATALOGED_ERROR

DSAR-PS-1001: PERSISTENCE_TENANT_SCOPE_MISSING

DSAR-PS-1002: PERSISTENCE_ENTITY_NOT_FOUND

DSAR-PS-1003: PERSISTENCE_OPERATION_UNSUPPORTED

DSAR-PS-1004: PERSISTENCE_INVALID_RECORD

DSAR-PS-1500: PERSISTENCE_RUNTIME_ERROR

DSAR-PS-1599: PERSISTENCE_UNCATALOGED_ERROR

DSAR-S3-1500: STORAGE_S3_RUNTIME_ERROR

DSAR-S3-1599: STORAGE_S3_UNCATALOGED_ERROR

DSAR-SCH-1500: SCHEMA_RUNTIME_ERROR

DSAR-SCH-1599: SCHEMA_UNCATALOGED_ERROR

DSAR-SDK-1101: SDK_NETWORK_ERROR

DSAR-SDK-1102: SDK_TIMEOUT

DSAR-SDK-1201: SDK_HTTP_ERROR

DSAR-SDK-1301: SDK_INVALID_ENVELOPE

DSAR-SDK-1500: SDK_RETRY_FAILED

DSAR-SDK-1599: SDK_UNCATALOGED_ERROR

DSAR-SQL-1500: PERSISTENCE_SQLITE_RUNTIME_ERROR

DSAR-SQL-1599: PERSISTENCE_SQLITE_UNCATALOGED_ERROR

DSAR-VB-1001: STORAGE_VERCEL_BLOB_FETCH_FAILED

DSAR-VB-1002: STORAGE_VERCEL_BLOB_RETRY_EXHAUSTED

DSAR-VB-1500: STORAGE_VERCEL_BLOB_RUNTIME_ERROR

DSAR-VB-1599: STORAGE_VERCEL_BLOB_UNCATALOGED_ERROR

Architecture

DSAR Auth Model

Alpha

DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.

DSAR now treats authentication as two separate runtime lanes:

API-Key Access

Use bearer auth for machine-to-machine traffic:

CLI
Node SDK
backend services
dashboard-to-DSAR calls
automation and partner integrations

This lane is configured with:

staticBearerTokens for local development and simple self-hosting
resolveBearerToken for hosted or dynamic key verification

Trusted Host Identity

Use resolveTrustedRequestIdentity for user-facing portals where the host app already owns the login session.

The host authenticates the subject or operator.
The host normalizes that session into DSAR's request identity shape.
DSAR applies tenant scoping plus route authorization.

This keeps DSAR out of the business of owning dashboard or subject login flows.

Authorization Rules

Authentication only proves who is calling. Authorization decides what they may do.

operator and service principals can use staff-only routes.
subject principals may only use subject-owned routes.
Subject-owned routes now enforce request ownership in the backend.
Protected routes fail closed when tenantId is missing.

Deployment Defaults

Hosted managed:

host-owned dashboard login
host-owned subject portal login
DSAR API keys for machine access
optional @dsar/auth-unkey for hosted bearer verification

Simple self-hosted:

one tenant-scoped DSAR_API_TOKEN
optional extra demo tokens for local dashboard/subject examples

Advanced self-hosted:

custom resolveBearerToken
optional resolveTrustedRequestIdentity

On this page

Overview API-Key Access Trusted Host Identity Authorization Rules Deployment Defaults

Scale your cookie banners with Inth

Deliver Global consent storage, with zero ops.

API Contract Surface (T06)

Backend Runtime Core (`dsarInstance`)

DSAR

Privacy request automation: handle data subject access requests with confidence.

Docs

Getting started
Request lifecycle

Reference

API
Developer

Project

GitHub