diff --git a/AGENTS.md b/AGENTS.md
index 030a9dc6..404b71f2 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -10,6 +10,74 @@
 - Before every `commit` and `push`, always check first whether local branch needs to pull/rebase from remote.
 - To upload to IBL, run `bash scripts/upload_ibl_committed_files.sh`. Only run this when the user explicitly asks to upload to IBL. Do not run automatically after commit/push.
 
+## PDP Encryption & BIRT Report
+
+UU PDP No. 27/2022 mengharuskan enkripsi PII pasien. `M_PatientDOB`, `M_PatientName`, dll
+di-mask NULL di kolom plain, nilai asli ada di kolom `_enc` (AES-256-GCM).
+
+### Pola wajib: PHP Proxy Stream
+
+BIRT membaca dari tabel `patient_print_cache`. Cache harus di-populate PHP sebelum BIRT
+dipanggil, dan dihapus segera setelah PDF di-stream.
+
+```
+FE → PHP proxy → populate cache → fetch BIRT → delete cache → stream PDF
+```
+
+**Jangan pernah** buat FE langsung build URL `/birt/frameset?...` lalu set ke iframe/window.open
+tanpa lewat PHP proxy — cache tidak akan pernah terisi, data pasien kosong di report.
+
+### Endpoint proxy yang tersedia
+
+```
+GET /one-api-lab/tools/birt_proxy/stream_by_code
+Params: token, report_code (print_transaction code), PT_OrderHeaderID
+Return: binary PDF
+```
+
+Untuk BE yang perlu return URL ke FE, gunakan `Reporturl` library:
+```php
+$this->load->library('reporturl');
+[$ok, $url] = $this->reporturl->get_report_url_by_code($report_code, [
+    'PT_OrderHeaderID' => $order_id,
+    'PUsername'        => $username,
+]);
+// $url sudah mengarah ke stream_by_code — tidak perlu populate/delete cache manual
+```
+
+### Daftar print_transaction code
+
+| Group | Print siap | Print belum siap | Email |
+|-------|-----------|-----------------|-------|
+| LAB | `LAB-RESULT-P-01` | `LAB-RESULT-NP-01` | `LAB-RESULT-P-02` |
+| LAB (Inggris) | `LABEN-RESULT-P-01` | `LABEN-RESULT-NP-01` | `LABEN-RESULT-P-02` |
+| Mikro (terlampir) | `MIKRO-RESULT-P-01` | `MIKRO-RESULT-NP-01` | `MIKRO-RESULT-P-02` |
+| Mikro (tidak terlampir) | `LAB-RESULT-P-01` | `LAB-RESULT-NP-01` | `LAB-RESULT-P-02` |
+| Mikro (Inggris) | `MIKROEN-RESULT-P-01` | `MIKROEN-RESULT-NP-01` | `MIKROEN-RESULT-P-02` |
+| FNA | `FNA-RESULT-P-01` | `FNA-RESULT-NP-01` | `FNA-RESULT-P-02` |
+| Patologi Anatomi | `PA-RESULT-P-01` | `PA-RESULT-NP-01` | `PA-RESULT-P-02` |
+| Papsmear | `PAP-RESULT-P-01` | `PAP-RESULT-NP-01` | `PAP-RESULT-P-02` |
+| Pap Smear LCP | `PAPLCP-RESULT-P-01` | `PAPLCP-RESULT-NP-01` | `PAPLCP-RESULT-P-02` |
+| Pap Smear LCP (Inggris) | `PAPLEN-RESULT-P-01` | `PAPLEN-RESULT-NP-01` | `PAPLEN-RESULT-P-02` |
+| Preparasi Sperma | `PS-RESULT-P-01` | `PS-RESULT-NP-01` | `PS-RESULT-P-02` |
+| DFI | `DFI-RESULT-P-01` | `DFI-RESULT-NP-01` | `DFI-RESULT-P-02` |
+| Cytologi | `CT-RESULT-P-01` | `CT-RESULT-NP-01` | `CT-RESULT-P-02` |
+
+### Deteksi modul yang belum difix
+
+Cari pola ini di FE:
+```
+/birt/frameset?__report=
+```
+Kalau ditemukan di JS/Vue yang langsung set ke iframe/object/window.open tanpa lewat PHP
+proxy, itu harus diganti ke `stream_by_code`.
+
+### Library terkait
+
+- `application/libraries/Ibl_patient_decrypt.php` — populate/delete `patient_print_cache`
+- `application/libraries/Ibl_sampling_normal.php` — pengganti `fn_sampling_get_normal` MySQL function (semua `Re_px.php` sudah diupdate)
+- `application/controllers/tools/Birt_proxy.php` — proxy stream handler
+
 ## graphify
 
 This project has a graphify knowledge graph at graphify-out/.
diff --git a/CLAUDE.md b/CLAUDE.md
index fe2d6887..dc52d180 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -19,6 +19,74 @@
 - SSH command: `ssh -i /Users/fajrihardhitamurti/id_rsa -o BatchMode=yes -o StrictHostKeyChecking=accept-new one@10.9.20.31`
 - BIRT reports path: `/home/one/project/birt/onelab/reports/`
 
+## PDP Encryption & BIRT Report
+
+UU PDP No. 27/2022 mengharuskan enkripsi PII pasien. `M_PatientDOB`, `M_PatientName`, dll
+di-mask NULL di kolom plain, nilai asli ada di kolom `_enc` (AES-256-GCM).
+
+### Pola wajib: PHP Proxy Stream
+
+BIRT membaca dari tabel `patient_print_cache`. Cache harus di-populate PHP sebelum BIRT
+dipanggil, dan dihapus segera setelah PDF di-stream.
+
+```
+FE → PHP proxy → populate cache → fetch BIRT → delete cache → stream PDF
+```
+
+**Jangan pernah** buat FE langsung build URL `/birt/frameset?...` lalu set ke iframe/window.open
+tanpa lewat PHP proxy — cache tidak akan pernah terisi, data pasien kosong di report.
+
+### Endpoint proxy yang tersedia
+
+```
+GET /one-api-lab/tools/birt_proxy/stream_by_code
+Params: token, report_code (print_transaction code), PT_OrderHeaderID
+Return: binary PDF
+```
+
+Untuk BE yang perlu return URL ke FE, gunakan `Reporturl` library:
+```php
+$this->load->library('reporturl');
+[$ok, $url] = $this->reporturl->get_report_url_by_code($report_code, [
+    'PT_OrderHeaderID' => $order_id,
+    'PUsername'        => $username,
+]);
+// $url sudah mengarah ke stream_by_code — tidak perlu populate/delete cache manual
+```
+
+### Daftar print_transaction code
+
+| Group | Print siap | Print belum siap | Email |
+|-------|-----------|-----------------|-------|
+| LAB | `LAB-RESULT-P-01` | `LAB-RESULT-NP-01` | `LAB-RESULT-P-02` |
+| LAB (Inggris) | `LABEN-RESULT-P-01` | `LABEN-RESULT-NP-01` | `LABEN-RESULT-P-02` |
+| Mikro (terlampir) | `MIKRO-RESULT-P-01` | `MIKRO-RESULT-NP-01` | `MIKRO-RESULT-P-02` |
+| Mikro (tidak terlampir) | `LAB-RESULT-P-01` | `LAB-RESULT-NP-01` | `LAB-RESULT-P-02` |
+| Mikro (Inggris) | `MIKROEN-RESULT-P-01` | `MIKROEN-RESULT-NP-01` | `MIKROEN-RESULT-P-02` |
+| FNA | `FNA-RESULT-P-01` | `FNA-RESULT-NP-01` | `FNA-RESULT-P-02` |
+| Patologi Anatomi | `PA-RESULT-P-01` | `PA-RESULT-NP-01` | `PA-RESULT-P-02` |
+| Papsmear | `PAP-RESULT-P-01` | `PAP-RESULT-NP-01` | `PAP-RESULT-P-02` |
+| Pap Smear LCP | `PAPLCP-RESULT-P-01` | `PAPLCP-RESULT-NP-01` | `PAPLCP-RESULT-P-02` |
+| Pap Smear LCP (Inggris) | `PAPLEN-RESULT-P-01` | `PAPLEN-RESULT-NP-01` | `PAPLEN-RESULT-P-02` |
+| Preparasi Sperma | `PS-RESULT-P-01` | `PS-RESULT-NP-01` | `PS-RESULT-P-02` |
+| DFI | `DFI-RESULT-P-01` | `DFI-RESULT-NP-01` | `DFI-RESULT-P-02` |
+| Cytologi | `CT-RESULT-P-01` | `CT-RESULT-NP-01` | `CT-RESULT-P-02` |
+
+### Deteksi modul yang belum difix
+
+Cari pola ini di FE:
+```
+/birt/frameset?__report=
+```
+Kalau ditemukan di JS/Vue yang langsung set ke iframe/object/window.open tanpa lewat PHP
+proxy, itu harus diganti ke `stream_by_code`.
+
+### Library terkait
+
+- `application/libraries/Ibl_patient_decrypt.php` — populate/delete `patient_print_cache`
+- `application/libraries/Ibl_sampling_normal.php` — pengganti `fn_sampling_get_normal` MySQL function (semua `Re_px.php` sudah diupdate)
+- `application/controllers/tools/Birt_proxy.php` — proxy stream handler
+
 ## graphify
 
 This project has a graphify knowledge graph at graphify-out/.