fajri/BE_IBL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
77a595eba434c0373eb91d02c4c203c9cfac8bf4
BE_IBL/docs/pdp-implementation-prompt.md
sas.fajri 9d224ffabf FHM08062601IBL - update fo birt cache sp
2026-06-08 11:18:01 +07:00

110 lines
4.8 KiB
Markdown
Raw Blame History

# Prompt Implementasi UU PDP — IBL Production Server
> Gunakan prompt ini untuk menginstruksikan agent/Claude saat implementasi di IBL server produksi.
> Branch: `main` | Repo: `BE_IBL/one-api-lab`
---
## Prompt untuk Agent
```
Kamu akan mengimplementasikan enkripsi PII pasien (UU PDP) ke IBL production server.
PENTING: Baca seluruh runbook di `docs/pdp-encryption-runbook.md` sebelum memulai.
KONTEKS:
- Server IBL: SSH config "devibl" (atau sesuai config SSH yang tersedia)
- Project path di server: /home/one/project/one/one-api-lab/ (atau sesuai deployment IBL)
- Database: one_lab, one_lab_log
- Enkripsi: AES-256-GCM, key dari .env (passphrase, bukan hex)
- PHP: 7.2 (hindari syntax fn() arrow function)
LANGKAH WAJIB SEBELUM APAPUN:
1. Cek disk space: minimal 10GB free
- Jika kurang, hapus file lama di /home/one/ (bukan backup PDP, bukan MySQL data)
- Journal logs butuh sudo: sudo journalctl --vacuum-size=300M
2. BACKUP DATABASE DULU:
bash scripts/backup_pdp_tables.sh
Verifikasi backup ada dan tidak kosong sebelum lanjut.
3. Buat .env di server (isi passphrase dari password manager IBL):
IBL_ENCRYPT_KEY=<passphrase-dari-password-manager>
IBL_ENCRYPT_SEARCH_KEY=<passphrase-search-dari-password-manager>
chmod 600 .env
URUTAN EKSEKUSI (ikuti runbook):
1. Backup database
2. Buat .env
3. Jalankan SQL migration:
- sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
- sql/manual_changes/2026-05-31-pdp-update-triggers-enc.sql
- sql/manual_changes/2026-05-31-pdp-birt-sp-cache-join.sql (buat patient_print_cache)
- sql/manual_changes/2026-06-08-pdp-fo-birt-sp-patient-print-cache.sql (update keluarga SP report FO lama: invoice, kwitansi, nota, billing)
4. DROP triggers sebelum migration data:
mysql one_lab -e 'DROP TRIGGER IF EXISTS vm_patient_ai; DROP TRIGGER IF EXISTS vm_patient_bu; DROP TRIGGER IF EXISTS m_patient_au; DROP TRIGGER IF EXISTS m_patientaddress_ai; DROP TRIGGER IF EXISTS m_patientaddress_bu;'
5. Encrypt m_patient: php scripts/migrate_encrypt_patient.php
6. Populate NIK bidx: php scripts/migrate_nik_bidx.php
7. Encrypt address: php scripts/migrate_address_enc.php
8. Encrypt orderdelivery: php scripts/migrate_encrypt_orderdelivery.php
9. Masking plaintext (setelah encrypt selesai):
php scripts/mask_patient_plaintext.php
php scripts/remask_patient_name.php
10. Recreate triggers:
mysql one_lab < sql/manual_changes/2026-05-31-pdp-update-triggers-enc.sql
11. Truncate log lama: mysql one_lab_log -e 'TRUNCATE TABLE log_patient; TRUNCATE TABLE order_log;'
12. Verifikasi: cek sample data, cek disk, cek MySQL
PERHATIAN DISK:
- Setiap kali masking banyak baris, log_patient bisa penuh
- Jika disk penuh: sudo systemctl start mariadb (setelah hapus file), truncate log_patient, drop trigger, lanjut
- Selalu DROP trigger sebelum masking, recreate sesudahnya
- Jangan hapus: backup_pdp_*, one_lab_tables.sql
VERIFIKASI SETIAP STEP:
- Setelah encrypt: SELECT COUNT(*), COUNT(M_PatientName_enc) FROM m_patient;
- Setelah masking: SELECT M_PatientName, M_PatientHP FROM m_patient LIMIT 5; (harus tampil "NAMA A***", "0812***")
- Cek disk: df -h /
- Test search patient: pastikan search by nama (3+ karakter) masih bekerja via API
JANGAN LAKUKAN:
- Jangan hapus backup_pdp_* files
- Jangan delete MySQL data files (/var/lib/mysql/ibdata*)
- Jangan commit .env ke git
- Jangan lanjut kalau disk < 2GB free
- Jangan skip backup
File referensi lengkap: docs/pdp-encryption-runbook.md
```
---
## Checklist Pre-Implementasi
Sebelum mulai, pastikan:
- [ ] SSH ke IBL server bisa
- [ ] Disk minimal 10GB free
- [ ] Passphrase key sudah disiapkan (dari password manager)
- [ ] Ada window maintenance (user tidak aktif)
- [ ] Backup terverifikasi sebelum lanjut ke step berikutnya
- [ ] Tim tahu ada maintenance (beri tahu jika ada downtime)
## File Penting
| File | Fungsi |
|------|--------|
| `docs/pdp-encryption-runbook.md` | Runbook lengkap step by step |
| `.env` | Key enkripsi (buat manual di server, JANGAN commit) |
| `scripts/backup_pdp_tables.sh` | Script backup sebelum migration |
| `sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql` | Tambah kolom _enc + _bidx |
| `sql/manual_changes/2026-05-31-pdp-update-triggers-enc.sql` | Update trigger pakai _enc |
| `sql/manual_changes/2026-05-31-pdp-birt-sp-cache-join.sql` | patient_print_cache + update 6 SP BIRT |
| `sql/manual_changes/2026-06-08-pdp-fo-birt-sp-patient-print-cache.sql` | Update keluarga SP report FO lama agar baca `patient_print_cache` |
| `scripts/migrate_encrypt_patient.php` | Encrypt 178K patient rows |
| `scripts/migrate_nik_bidx.php` | Populate NIK search index |
| `scripts/migrate_address_enc.php` | Encrypt address rows |
| `scripts/migrate_encrypt_orderdelivery.php` | Encrypt delivery destination |
| `scripts/mask_patient_plaintext.php` | Masking HP/email/POB/NIK/alamat |
| `scripts/remask_patient_name.php` | Remask nama format "NAMA A***" |
Reference in New Issue View Git Blame Copy Permalink