dpdp-erasure-cli 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -0
- package/package.json +1 -1
package/README.md
ADDED
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# DPDP Erasure Engine CLI (`dpdp-erasure-cli`)
|
|
2
|
+
|
|
3
|
+
[](https://badge.fury.io/js/dpdp-erasure-cli)
|
|
4
|
+
|
|
5
|
+
The **DPDP Erasure Engine Operator CLI** is an enterprise-grade utility designed to help data fiduciaries comply with modern privacy laws like the **Digital Personal Data Protection (DPDP) Act, 2023**.
|
|
6
|
+
|
|
7
|
+
This CLI orchestrates the Data Plane, enabling you to inspect databases for Personally Identifiable Information (PII), generate privacy compliance manifests, sign them cryptographically, and execute safe erasure operations.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## 🚀 Installation
|
|
12
|
+
|
|
13
|
+
This CLI relies on [Bun](https://bun.sh/) for native SQLite and cryptographic bindings. Ensure you have Bun installed, then install the package globally:
|
|
14
|
+
|
|
15
|
+
```bash
|
|
16
|
+
npm install -g dpdp-erasure-cli
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
## 🛠️ Usage
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
dpdp-cli [command] [options]
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
### Core Commands
|
|
28
|
+
|
|
29
|
+
* `scan`: Run a metadata-only schema scan across your database to detect potential PII columns based on column names.
|
|
30
|
+
* `introspect`: Safely analyze your database's Foreign Key (FK) DAG offline and draft a comprehensive PII mapping manifest (`compliance.worker.yml`).
|
|
31
|
+
* `keygen`: Provision secure Ed25519 cryptographic keys required for configuration signing.
|
|
32
|
+
* `sign`: Cryptographically sign your `compliance.worker.yml` manifest to lock in your legal attestation hash.
|
|
33
|
+
* `verify`: Perform deep integrity checks to compute mandatory schema hashes and ensure nothing has drifted.
|
|
34
|
+
* `check-integrity`: A CI/CD gate that fails closed unless the schema hash and compiled DAG match your live production database.
|
|
35
|
+
* `verify-schema`: Similar to check-integrity, designed specifically to verify that the live schema matches the legal attestation hash.
|
|
36
|
+
* `dry-run`: Simulate a full PII vault operation without mutating any production data.
|
|
37
|
+
* `graph`: Visualize recursive table dependencies (FK DAG) for a specific root table.
|
|
38
|
+
* `inspect`: Inspect an existing worker manifest and summarize the legal/configuration coverage.
|
|
39
|
+
* `init`: Interactively provision a fresh legal compliance manifest for a new project.
|
|
40
|
+
|
|
41
|
+
### Example Workflow
|
|
42
|
+
|
|
43
|
+
**1. Introspect your database to detect PII:**
|
|
44
|
+
```bash
|
|
45
|
+
dpdp-cli introspect -u postgres://user:pass@localhost:5432/app_db -r public.users -s public -o ./compliance.worker.yml
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
**2. Generate a secure keypair:**
|
|
49
|
+
```bash
|
|
50
|
+
dpdp-cli keygen
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
**3. Cryptographically sign your manifest:**
|
|
54
|
+
```bash
|
|
55
|
+
dpdp-cli sign -c ./compliance.worker.yml -k ./coe-private.key
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
**4. Perform a dry-run to ensure safety:**
|
|
59
|
+
```bash
|
|
60
|
+
dpdp-cli dry-run -u postgres://user:pass@localhost:5432/app_db -c ./compliance.worker.yml
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## 📖 Complete Documentation
|
|
66
|
+
|
|
67
|
+
For comprehensive instructions on how the entire Engine operates, including the Control Plane API and architectural overviews, please refer to the **[Official GitHub Repository](https://github.com/devxdh/dpdp-erasure-engine)**.
|