# @repo/core-dsr Optional core package providing GDPR Data Subject Rights (DSR) interfaces and implementations. Scaffold via `pnpm turbo gen core-package dsr`. ## Structure ``` src/ data-export.interface.ts # IDataExport — exportSubjectData data-delete.interface.ts # IDataDelete — deleteSubjectData data-rectify.interface.ts # IDataRectify — updateSubjectField processing-restriction.interface.ts # IProcessingRestriction — setRestriction, isRestricted dsr-types.ts # UserDataBundle, DeletionCertificate, DSR value types contexts/ user-data.jsonld # schema.org JSON-LD @context index.ts # Barrel export ``` ## Design Four interfaces map directly to GDPR Articles 15–18 + 20: - `IDataExport` (Art. 15/20) — export a subject's data as `UserDataBundle` - `IDataDelete` (Art. 17) — soft-delete or cascade-hard-delete subject data; returns `DeletionCertificate` - `IDataRectify` (Art. 16) — update a specific field for a subject - `IProcessingRestriction` (Art. 18) — toggle and read the processing restriction flag Implementations walk `custom.pii`-tagged fields and `custom.subject`-linked collections. Row semantics: - `kind: "self" | "owner"` → directly owned by the subject (export full; delete hard or soft) - `kind: "reference"` → references the subject from another entity (export redacted; redact link on delete) See `docs/architecture/agent-first-workflow-and-conformance.md` for the DI conventions.