luplo.core.checks.rules.undated_retention

Flag policy items about data retention that have no expiry signal.

A policy item mentioning PII, retention, or personal data without either an expires_at timestamp or a retention_days tag is a policy that exists on paper but has no audit handle. The check is a prompt to add one, not a claim that the policy is wrong.

The keyword set is deliberately small. Growing it is a rule change and a new decision — it should not happen silently.

Attributes

NAME
DEFAULT_SEVERITY
DESCRIPTION
KEYWORDS
RULE

Functions

check(→ list[luplo.core.checks.types.Finding])

Module Contents

luplo.core.checks.rules.undated_retention.NAME = 'undated_retention'

luplo.core.checks.rules.undated_retention.DEFAULT_SEVERITY = 'warn'

luplo.core.checks.rules.undated_retention.DESCRIPTION = 'Policy items that mention PII or retention must carry an expires_at or a retention_days tag.'

luplo.core.checks.rules.undated_retention.KEYWORDS = ('PII', 'retention', 'personal data', 'personally identifiable')

async luplo.core.checks.rules.undated_retention.check(conn: psycopg.AsyncConnection[Any], project_id: str) → list[luplo.core.checks.types.Finding]

luplo.core.checks.rules.undated_retention.RULE