Danijel Martinek
e378c950a9
- Add pnpm turbo gen core-package dsr generator template and register dsr in CORE_PACKAGE_GENERATORS / choices list - Run generator to produce packages/core-dsr/ shell - Define IDataExport (Art. 15/20), IDataDelete (Art. 17), IDataRectify (Art. 16), IProcessingRestriction (Art. 18) interfaces - Add UserDataBundle and DeletionCertificate types in dsr-types.ts - Ship core-dsr/contexts/user-data.jsonld schema.org JSON-LD @context - Wire @repo/core-dsr into transpilePackages (web-next) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.5 KiB
1.5 KiB
@repo/core-dsr
Optional core package providing GDPR Data Subject Rights (DSR) interfaces and implementations. Scaffold via pnpm turbo gen core-package dsr.
Structure
src/
data-export.interface.ts # IDataExport — exportSubjectData
data-delete.interface.ts # IDataDelete — deleteSubjectData
data-rectify.interface.ts # IDataRectify — updateSubjectField
processing-restriction.interface.ts # IProcessingRestriction — setRestriction, isRestricted
dsr-types.ts # UserDataBundle, DeletionCertificate, DSR value types
contexts/
user-data.jsonld # schema.org JSON-LD @context
index.ts # Barrel export
Design
Four interfaces map directly to GDPR Articles 15–18 + 20:
IDataExport(Art. 15/20) — export a subject's data asUserDataBundleIDataDelete(Art. 17) — soft-delete or cascade-hard-delete subject data; returnsDeletionCertificateIDataRectify(Art. 16) — update a specific field for a subjectIProcessingRestriction(Art. 18) — toggle and read the processing restriction flag
Implementations walk custom.pii-tagged fields and custom.subject-linked collections. Row semantics:
kind: "self" | "owner"→ directly owned by the subject (export full; delete hard or soft)kind: "reference"→ references the subject from another entity (export redacted; redact link on delete)
See docs/architecture/agent-first-workflow-and-conformance.md for the DI conventions.