fajri/BE_IBL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
065e3ebb344ed8b096bc511d86349665b0c4adf8
BE_IBL/docs/pdp-implementation-prompt.md
sas.fajri 8c49b3356f FHM31052601IBL - tambah prompt dan checklist implementasi ke IBL production server 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 18:19:49 +07:00

4.5 KiB
Raw Blame History

Prompt Implementasi UU PDP — IBL Production Server

Gunakan prompt ini untuk menginstruksikan agent/Claude saat implementasi di IBL server produksi. Branch: main | Repo: BE_IBL/one-api-lab

Prompt untuk Agent

Kamu akan mengimplementasikan enkripsi PII pasien (UU PDP) ke IBL production server.

PENTING: Baca seluruh runbook di `docs/pdp-encryption-runbook.md` sebelum memulai.

KONTEKS:
- Server IBL: SSH config "devibl" (atau sesuai config SSH yang tersedia)
- Project path di server: /home/one/project/one/one-api-lab/ (atau sesuai deployment IBL)
- Database: one_lab, one_lab_log
- Enkripsi: AES-256-GCM, key dari .env (passphrase, bukan hex)
- PHP: 7.2 (hindari syntax fn() arrow function)

LANGKAH WAJIB SEBELUM APAPUN:
1. Cek disk space: minimal 10GB free
   - Jika kurang, hapus file lama di /home/one/ (bukan backup PDP, bukan MySQL data)
   - Journal logs butuh sudo: sudo journalctl --vacuum-size=300M

2. BACKUP DATABASE DULU:
   bash scripts/backup_pdp_tables.sh
   Verifikasi backup ada dan tidak kosong sebelum lanjut.

3. Buat .env di server (isi passphrase dari password manager IBL):
   IBL_ENCRYPT_KEY=<passphrase-dari-password-manager>
   IBL_ENCRYPT_SEARCH_KEY=<passphrase-search-dari-password-manager>
   chmod 600 .env

URUTAN EKSEKUSI (ikuti runbook):
1. Backup database
2. Buat .env
3. Jalankan SQL migration:
   - sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
   - sql/manual_changes/2026-05-31-pdp-update-triggers-enc.sql
   - sql/manual_changes/2026-05-31-pdp-birt-sp-cache-join.sql (buat patient_print_cache)
4. DROP triggers sebelum migration data:
   mysql one_lab -e 'DROP TRIGGER IF EXISTS vm_patient_ai; DROP TRIGGER IF EXISTS vm_patient_bu; DROP TRIGGER IF EXISTS m_patient_au; DROP TRIGGER IF EXISTS m_patientaddress_ai; DROP TRIGGER IF EXISTS m_patientaddress_bu;'
5. Encrypt m_patient: php scripts/migrate_encrypt_patient.php
6. Populate NIK bidx: php scripts/migrate_nik_bidx.php
7. Encrypt address: php scripts/migrate_address_enc.php
8. Encrypt orderdelivery: php scripts/migrate_encrypt_orderdelivery.php
9. Masking plaintext (setelah encrypt selesai):
   php scripts/mask_patient_plaintext.php
   php scripts/remask_patient_name.php
10. Recreate triggers:
    mysql one_lab < sql/manual_changes/2026-05-31-pdp-update-triggers-enc.sql
11. Truncate log lama: mysql one_lab_log -e 'TRUNCATE TABLE log_patient; TRUNCATE TABLE order_log;'
12. Verifikasi: cek sample data, cek disk, cek MySQL

PERHATIAN DISK:
- Setiap kali masking banyak baris, log_patient bisa penuh
- Jika disk penuh: sudo systemctl start mariadb (setelah hapus file), truncate log_patient, drop trigger, lanjut
- Selalu DROP trigger sebelum masking, recreate sesudahnya
- Jangan hapus: backup_pdp_*, one_lab_tables.sql

VERIFIKASI SETIAP STEP:
- Setelah encrypt: SELECT COUNT(*), COUNT(M_PatientName_enc) FROM m_patient;
- Setelah masking: SELECT M_PatientName, M_PatientHP FROM m_patient LIMIT 5; (harus tampil "NAMA A***", "0812***")
- Cek disk: df -h /
- Test search patient: pastikan search by nama (3+ karakter) masih bekerja via API

JANGAN LAKUKAN:
- Jangan hapus backup_pdp_* files
- Jangan delete MySQL data files (/var/lib/mysql/ibdata*)
- Jangan commit .env ke git
- Jangan lanjut kalau disk < 2GB free
- Jangan skip backup

File referensi lengkap: docs/pdp-encryption-runbook.md

Checklist Pre-Implementasi

Sebelum mulai, pastikan:

  • SSH ke IBL server bisa
  • Disk minimal 10GB free
  • Passphrase key sudah disiapkan (dari password manager)
  • Ada window maintenance (user tidak aktif)
  • Backup terverifikasi sebelum lanjut ke step berikutnya
  • Tim tahu ada maintenance (beri tahu jika ada downtime)

File Penting

File Fungsi
docs/pdp-encryption-runbook.md Runbook lengkap step by step
.env Key enkripsi (buat manual di server, JANGAN commit)
scripts/backup_pdp_tables.sh Script backup sebelum migration
sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql Tambah kolom _enc + _bidx
sql/manual_changes/2026-05-31-pdp-update-triggers-enc.sql Update trigger pakai _enc
sql/manual_changes/2026-05-31-pdp-birt-sp-cache-join.sql patient_print_cache + update 6 SP BIRT
scripts/migrate_encrypt_patient.php Encrypt 178K patient rows
scripts/migrate_nik_bidx.php Populate NIK search index
scripts/migrate_address_enc.php Encrypt address rows
scripts/migrate_encrypt_orderdelivery.php Encrypt delivery destination
scripts/mask_patient_plaintext.php Masking HP/email/POB/NIK/alamat
scripts/remask_patient_name.php Remask nama format "NAMA A***"
Reference in New Issue View Git Blame Copy Permalink