返回 Skill 列表
extension
分类: 开发与工程无需 API Key

vastai-data-handling

实现Vast.ai的个人身份信息处理、数据保留以及GDPR/CCPA合规模式。在处理敏感数据、实施数据脱敏、配置保留策略或确保Vast.ai集成符合隐私法规时使用。触发词包括“vastai数据”、“vastai PII”、“vastai GDPR”、“vastai数据保留”、“vastai隐私”、“vastai CCPA”。

person作者: jakexiaohubgithub

Vast.ai Data Handling

Overview

Handle sensitive data correctly when integrating with Vast.ai.

Prerequisites

  • Understanding of GDPR/CCPA requirements
  • Vast.ai SDK with data export capabilities
  • Database for audit logging
  • Scheduled job infrastructure for cleanup

Data Classification

| Category | Examples | Handling | |----------|----------|----------| | PII | Email, name, phone | Encrypt, minimize | | Sensitive | API keys, tokens | Never log, rotate | | Business | Usage metrics | Aggregate when possible | | Public | Product names | Standard handling |

PII Detection

const PII_PATTERNS = [
  { type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
  { type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
  { type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
  { type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];

function detectPII(text: string): { type: string; match: string }[] {
  const findings: { type: string; match: string }[] = [];

  for (const pattern of PII_PATTERNS) {
    const matches = text.matchAll(pattern.regex);
    for (const match of matches) {
      findings.push({ type: pattern.type, match: match[0] });
    }
  }

  return findings;
}

Data Redaction

function redactPII(data: Record<string, any>): Record<string, any> {
  const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
  const redacted = { ...data };

  for (const field of sensitiveFields) {
    if (redacted[field]) {
      redacted[field] = '[REDACTED]';
    }
  }

  return redacted;
}

// Use in logging
console.log('Vast.ai request:', redactPII(requestData));

Data Retention Policy

Retention Periods

| Data Type | Retention | Reason | |-----------|-----------|--------| | API logs | 30 days | Debugging | | Error logs | 90 days | Root cause analysis | | Audit logs | 7 years | Compliance | | PII | Until deletion request | GDPR/CCPA |

Automatic Cleanup

async function cleanupVast.aiData(retentionDays: number): Promise<void> {
  const cutoff = new Date();
  cutoff.setDate(cutoff.getDate() - retentionDays);

  await db.vastaiLogs.deleteMany({
    createdAt: { $lt: cutoff },
    type: { $nin: ['audit', 'compliance'] },
  });
}

// Schedule daily cleanup
cron.schedule('0 3 * * *', () => cleanupVast.aiData(30));

GDPR/CCPA Compliance

Data Subject Access Request (DSAR)

async function exportUserData(userId: string): Promise<DataExport> {
  const vastaiData = await vastaiClient.getUserData(userId);

  return {
    source: 'Vast.ai',
    exportedAt: new Date().toISOString(),
    data: {
      profile: vastaiData.profile,
      activities: vastaiData.activities,
      // Include all user-related data
    },
  };
}

Right to Deletion

async function deleteUserData(userId: string): Promise<DeletionResult> {
  // 1. Delete from Vast.ai
  await vastaiClient.deleteUser(userId);

  // 2. Delete local copies
  await db.vastaiUserCache.deleteMany({ userId });

  // 3. Audit log (required to keep)
  await auditLog.record({
    action: 'GDPR_DELETION',
    userId,
    service: 'vastai',
    timestamp: new Date(),
  });

  return { success: true, deletedAt: new Date() };
}

Data Minimization

// Only request needed fields
const user = await vastaiClient.getUser(userId, {
  fields: ['id', 'name'], // Not email, phone, address
});

// Don't store unnecessary data
const cacheData = {
  id: user.id,
  name: user.name,
  // Omit sensitive fields
};

Instructions

Step 1: Classify Data

Categorize all Vast.ai data by sensitivity level.

Step 2: Implement PII Detection

Add regex patterns to detect sensitive data in logs.

Step 3: Configure Redaction

Apply redaction to sensitive fields before logging.

Step 4: Set Up Retention

Configure automatic cleanup with appropriate retention periods.

Output

  • Data classification documented
  • PII detection implemented
  • Redaction in logging active
  • Retention policy enforced

Error Handling

| Issue | Cause | Solution | |-------|-------|----------| | PII in logs | Missing redaction | Wrap logging with redact | | Deletion failed | Data locked | Check dependencies | | Export incomplete | Timeout | Increase batch size | | Audit gap | Missing entries | Review log pipeline |

Examples

Quick PII Scan

const findings = detectPII(JSON.stringify(userData));
if (findings.length > 0) {
  console.warn(`PII detected: ${findings.map(f => f.type).join(', ')}`);
}

Redact Before Logging

const safeData = redactPII(apiResponse);
logger.info('Vast.ai response:', safeData);

GDPR Data Export

const userExport = await exportUserData('user-123');
await sendToUser(userExport);

Resources

Next Steps

For enterprise access control, see vastai-enterprise-rbac.