返回 Skill 列表
extension
分类: 开发与工程无需 API Key

Data Retention

数据保留是数据治理的一个关键组成部分,确保

person作者: jakexiaohubgithub

Data Retention

Skill Profile

(Select at least one profile to enable specific modules)

  • [ ] DevOps
  • [x] Backend
  • [ ] Frontend
  • [ ] AI-RAG
  • [ ] Security Critical

Overview

Data retention is a critical component of data governance, ensuring that data is kept only as long as necessary for legal, business, or regulatory purposes. This skill provides comprehensive patterns for implementing retention policies, automated deletion, archival strategies, and compliance with various regulations.

Why This Matters

Data retention is essential for:

  • Legal Compliance: Meeting GDPR, SOX, HIPAA, PCI DSS requirements
  • Cost Management: Reducing storage costs by deleting unnecessary data
  • Risk Mitigation: Reducing data breach exposure
  • Operational Efficiency: Maintaining optimal database performance
  • Audit Readiness: Providing evidence for compliance audits

Core Concepts & Rules

1. Core Principles

  • Follow established patterns and conventions
  • Maintain consistency across codebase
  • Document decisions and trade-offs

2. Implementation Guidelines

  • Start with the simplest viable solution
  • Iterate based on feedback and requirements
  • Test thoroughly before deployment

Inputs / Outputs / Contracts

  • Inputs:
    • <e.g., env vars, request payload, file paths, schema>
  • Entry Conditions:
    • <Pre-requisites: e.g., Repo initialized, DB running, specific branch checked out>
  • Outputs:
    • <e.g., artifacts (PR diff, docs, tests, dashboard JSON)>
  • Artifacts Required (Deliverables):
    • <e.g., Code Diff, Unit Tests, Migration Script, API Docs>
  • Acceptance Evidence:
    • <e.g., Test Report (screenshot/log), Benchmark Result, Security Scan Report>
  • Success Criteria:
    • <e.g., p95 < 300ms, coverage ≥ 80%>

Skill Composition

  • Depends on: None
  • Compatible with: None
  • Conflicts with: None
  • Related Skills: None

Quick Start / Implementation Example

  1. Review requirements and constraints
  2. Set up development environment
  3. Implement core functionality following patterns
  4. Write tests for critical paths
  5. Run tests and fix issues
  6. Document any deviations or decisions
# Example implementation following best practices
def example_function():
    # Your implementation here
    pass

Assumptions

  • Retention policies are documented and approved
  • Legal requirements are understood
  • Database supports soft delete operations
  • Legal holds can be tracked and enforced

Compatibility

  • GDPR Article 5(1)(e) compliant
  • SOX Section 404 compliant
  • HIPAA Security Rule compliant
  • PCI DSS Requirement 3 compliant

Test Scenario Matrix

| Scenario | Input | Expected Output | Priority | |----------|-------|-----------------|----------| | Create retention policy | Policy details | Policy created with ID | P0 | | Delete expired data | Data type | Count of deleted records | P0 | | Archive old data | Data type | Count of archived records | P1 | | Create legal hold | Case details | Hold created with ID | P0 | | Release legal hold | Hold ID | Hold marked as released | P0 | | Check compliance | Data type, retention period | Compliance status | P0 | | Soft delete record | Table name, record ID | Record marked as deleted | P0 | | Hard delete record | Table name, record ID | Record permanently deleted | P0 |


Technical Guardrails & Security Threat Model

1. Security & Privacy (Threat Model)

  • Top Threats: Injection attacks, authentication bypass, data exposure
  • [ ] Data Handling: Sanitize all user inputs to prevent Injection attacks. Never log raw PII
  • [ ] Secrets Management: No hardcoded API keys. Use Env Vars/Secrets Manager
  • [ ] Authorization: Validate user permissions before state changes

2. Performance & Resources

  • [ ] Execution Efficiency: Consider time complexity for algorithms
  • [ ] Memory Management: Use streams/pagination for large data
  • [ ] Resource Cleanup: Close DB connections/file handlers in finally blocks

3. Architecture & Scalability

  • [ ] Design Pattern: Follow SOLID principles, use Dependency Injection
  • [ ] Modularity: Decouple logic from UI/Frameworks

4. Observability & Reliability

  • [ ] Logging Standards: Structured JSON, include trace IDs request_id
  • [ ] Metrics: Track error_rate, latency, queue_depth
  • [ ] Error Handling: Standardized error codes, no bare except
  • [ ] Observability Artifacts:
    • Log Fields: timestamp, level, message, request_id
    • Metrics: request_count, error_count, response_time
    • Dashboards/Alerts: High Error Rate > 5%

Agent Directives & Error Recovery

(ข้อกำหนดสำหรับ AI Agent ในการคิดและแก้ปัญหาเมื่อเกิดข้อผิดพลาด)

  • Thinking Process: Analyze root cause before fixing. Do not brute-force.
  • Fallback Strategy: Stop after 3 failed test attempts. Output root cause and ask for human intervention/clarification.
  • Self-Review: Check against Guardrails & Anti-patterns before finalizing.
  • Output Constraints: Output ONLY the modified code block. Do not explain unless asked.

Definition of Done (DoD) Checklist

  • [ ] Tests passed + coverage met
  • [ ] Lint/Typecheck passed
  • [ ] Logging/Metrics/Trace implemented
  • [ ] Security checks passed
  • [ ] Documentation/Changelog updated
  • [ ] Accessibility/Performance requirements met (if frontend)

Anti-patterns

  • Indefinite Retention: Keeping data forever without justification
  • Premature Deletion: Deleting data before retention period expires
  • Ignoring Legal Holds: Deleting data under legal hold
  • No Audit Trail: Not logging deletion operations
  • Manual Deletion: Relying on manual deletion processes

Reference Links & Examples

  • Internal documentation and examples
  • Official documentation and best practices
  • Community resources and discussions

Versioning & Changelog

  • Version: 1.0.0
  • Changelog:
    • 2026-02-22: Initial version with complete template structure