Add enterprise vendor DPA review guard

[ethanmillerinvestments-code]

/claim #19

Summary

• Adds a self-contained enterprise-vendor-dpa-review-guard slice for Enterprise Tooling.
• Evaluates synthetic third-party vendor enablement requests for active DPA status, BAA/DUA/SCC coverage, approved subprocessors, region fit, breach-notice SLA, security-review freshness, and owner accountability.
• Emits deterministic hold/review/approve decisions, admin remediation actions, webhook event envelopes, audit digests, JSON/Markdown/SVG reviewer artifacts, and a short MP4 demo.

Non-overlap audit

This targets the withdrawn vendor DPA/subprocessor review slice. It is separate from the existing #19 dashboard/export/webhook replay/compliance/identity/retention/data-residency/SLA/secret-rotation/quota/API-change/connector-certification/incident/funder/AI-model/dashboard-attribution/initiative-tag/policy-exception/IRB/data-export/SCIM/deposit-reconciliation/admin-notification/cost-allocation/LMS/payload-redaction/cohort-privacy submissions.

Scope boundaries

• Synthetic data only.
• No live vendor, legal, institutional, webhook, dashboard, payment, or external API calls.
• No credentials, secrets, private institutional data, or payout details.

Validation

• npm --prefix enterprise-vendor-dpa-review-guard run check
• npm --prefix enterprise-vendor-dpa-review-guard test
• npm --prefix enterprise-vendor-dpa-review-guard run demo
• ffprobe -v error -select_streams v:0 -show_entries stream=codec_name,width,height,duration,avg_frame_rate -show_entries format=size,duration -of default=noprint_wrappers=1 enterprise-vendor-dpa-review-guard/reports/demo.mp4 -> H.264, 960x540, 4s, 15 fps
• git diff --check
• private/payment disclosure scan over enterprise-vendor-dpa-review-guard

AI-assisted with Codex; I reviewed and locally verified the diff before submission.